This is the proposal I sent to the administrators at sunsite.dk yesterday. I haven't received a response from the admins yet.
The mailing list <[EMAIL PROTECTED]> has been receiving inordinate amounts of spam. Even I, who am used to receiving (and dismissing) a lot of spam, am dismayed at and annoyed by its sheer quantity. Some subscribers of the mailing list are ready to lynch me, and many are leaving for this reason. I would like to implement a solution to the spam problem as soon as possible, preferrably during the weekend. I will need your help to make it work, though. The "standard" solution for the spam problem is to make the mailing list accept only postings from subscribers, but I do not want to choose that option for several different reasons: * The address <[EMAIL PROTECTED]> is redirected to the list. * I would like people to be able to post to the list and ask for help without having to subscribe first. I know I hate when a list requires subscription just so I can post. * It allows external people to be Cc'ed in a list discussion; they can join the thread without having to subscribe. * It allows one not to worry about posting from a different mail address. I know several lists that implement the open-posting policy without having much spam, so I know it can be made to work. Here is how I envision it: 1. Postings from list members are automatically forwarded to the list; 2. All other postings are run through a filter that determines whether they are likely to be spam. If the posting passes the filter, it is forwarded without delay. Otherwise, it is kept for moderation. The moderators are informed about each message that awaits moderation; that alert would contain a URL they can visit and approve or reject the mail, at their discretion. Rejected mails are silently discarded; there is no reason to inform the spammer about anything. NOTE: the filter could, for example, check whether the body contains the word `wget'. It could also check whether the subject contains keywords such as "money", etc. This would catch 90% of the spam, and the rare false positives would be caught by the moderators. 3. (optional) The addresses of the users whose postings have successfully made it to the mailing list should make it to a whitelist. Postings from people on the whitelist are treated like those of the subscribers. Writing a filter script is not hard; I can do that. But the real problem is how how to integrate such a script with the mailing list software. Also, it would be nice not to have to write the web interface from scratch. Here is a suggestion how to go about it: 1. Switch from ezmlm to Mailman. Karsten has convinced me to resist the switch so far, but I simply don't see how to avoid it. The big win for Mailman is that it already have a web interface for moderation. If there is a similar thing for ezmlm, we can reconsider this step. 2. Plug the "filter" script between the local mail delivery agent and Mailman. The filter can add an `X-Moderate-Me-Please' header to the mails that fail the filtering rules. I can implement the filter. 3. Modify Mailman so that it treats messages marked with `X-Moderate-Me-Please' as those that need moderation. I am not familiar with Mailman's internals, but I cannot imagine this to be hard. I can implement that part. 4. (optional) Add the "whitelist" feature to Mailman's moderation interface. Have the filter check the whitelist before doing anything else. I will need all the help I can get. Please review this plan and let me know what you think are the flaws. Sunsite people, please let me know if it is feasible for you to make the required modifications, such as plugging in a "filter" before Mailman. If someone wishes to help me implement parts of this, I'd be grateful for that too. Help stamp out spam. Thank you.
