Peter Rundle wrote:
Sluggers,
Whilst I know that this subject has been vocally debated in the past I
think it is time to re-visit the issue of how the slug mailing list
works.
In spite of the use of tools like spam assassin at the back-end, the
list is seeing a continuous increase in the amount of spam. Since
subscribing to Slug I'm also seeing a lot more spam directly to the
e-mail address that is subscribed.
The issues which I think should be (re)debated are;
1. Should slug be a subscribers only list?
How many people send mail to slug but aren't subscribed. Is this
really something that *has* to be supported?
2. The originators e-mail should not be in the header of the message.
Harvesting e-mail addresses from slug is very simple. Just subscribe
to the list, never post and watch the e-mail addresses flow in. Every
person who posts to slug has their e-mail address publicly exposed.
To avoid this the e-mail from the list shouldn't reveal the original
posters address. This would mean of course that replying to an e-mail
would have to be a reply to the list. In my view though if you reply
to a public post you should and are replying in public. Protecting
those that tend to fly off the handle with rude remarks be damned. If
the poster wishes to be contacted "off-list" then they can discretely
include their e-mail address in the message body. If the poster
becomes rude then the list-moderator can block them from posting.
I realise that some will defend the current arrangement with something
approaching religious vigor but can we have a reasoned calm discussion
about what is so wrong with a mailing list that;
a) requires you to be subscribed,
b) "reply-to" always goes back to the whole list.
A few years ago I was subscribed via another e-mail address to a
sporting list. One day the list was "discovered" by spammers and the
list was inundated. Un-subscribing from the list barely reduced the
flow and that e-mail address became unusable.
I fear that the day is not very far off when slug will suffer the same
fate.
I realise that some supposed advantages of the current arrangment may
be lost, but the state of spam is such that unless slug takes some
more positive steps to prevent it, the list is at risk.
Furthermore it's my belief that before too long internet e-mail will
become a white-list environment. I've already seen examples of this
whereby e-mail servers will only accept mail from known
from-address/ip combinations. Such a white list would be happy with
[email protected]:202.177.212.193 for example but
wouldn't accept e-mail from the current floating population of e-mail
addresses
that constitute slug mails.
Stay cool, and please a rational debate, lets not get emotive huh?
A simple solution:
Just add one activity for the poster to do, i.e., to every posting
SLUG-list
server will elicit a confirmation from the poster whereby this
confirmation is
identified by a unique-key.
The SLUG list server generates this unique-key and sent along with the
request to the poster to confirm his/her post. If it is not confirmed within
a specified time, the posting will be purged and hence not sent out to the
list.
Hope this helps.
O Plameras
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
