ietf
[Top] [All Lists]

Re: Guidance for spam-control on IETF mailing lists

2002-03-16 22:50:03
Patrick R. McManus wrote:
[Joe Touch: Sat, Mar 16, 2002 at 02:03:22PM -0800]

Patrick R. McManus wrote:
...
The e2e-interest blacklist is new. It appears to be a reaction to the
embarrassing amount of spam that that list has redistributed over the
last couple of years

It's a little over a year since we converted from full-open to spam-limited.


I guess I'm referring to the recent blacklist changes I remember you
writing about.. They stuck in my head because there was a big flurry
of messages about a February spam on that list.

Yeah - because Mailman's filter field is limited, and it took a little time to determine how to combine procmail's capability with Mailman at our site.

http://www.postel.org/pipermail/end2end-interest/2002-February/001760.html
http://www.postel.org/pipermail/end2end-interest/2002-March/001902.html

Indeed I only see 2 spam in feb's archive - not exactly an
overwhelmingly large number,

We didn't have enough of a problem then to warrant dealing with it. March was a different issue.

Nonetheless, the necessary recent adjustment alone
is clear evidence the system needs constant administrative attention

The filter switch was prompted by the event of March's flurry; the spam filter went from nonexistant (actually, only filtering certain kinds of prohibited posts, rather than spam per se), to existant (using a procmail keyword list that has been in use for other lists for several years, without substantial tweaking).

The blacklist you refer to involved the yahoogroups.com list; this was needed because the list WAS subscribed to our list, and DID NOT contain any typical spam key words. This is a fall-through that breaks both our default assumptions, so simply is always going to require attention.

Additionally, I just checked the February archives of three other must
be registered to post mailing lists I'm on and they had 0 spams for
that period.

They might have had filters. We didn't then.

Or had 'user only' posts, in which case what you did not see were the users who had trouble posting or decided not to bother due to the complexity.

I.e., this information can't be used to form a substantive conclusion.

I believe that spam should be filtered out because of WHAT it is, not because of WHO it comes from.

And frankly, that's going to constantly mean you live on the
censorship line.

We both do; pity you do not yet see that.

(vs. registration)
...
Under this scenario if you crossposted to a new IETF list (say in
response to a last call) you'd get back (more or less) immediately a
message that says "Hey, you're new to this list and I need to verify
that all new people aren't really spammers before I can post your
message. Are you really a person? If so you can reply to this message
with authcode XYZA in the body

I looked at that solution too. It works, but again raises the bar higher for posters than I think is reasonable for an open list. There are times when I want to let people post, even if they don't have a valid reply mailing list. All I care about is content.

I support a system that allows spam if the user subscribes (an issue you have not yet addressed).

I assume that's a typo and you mean you don't support a system that
allows spam if the user subscribes. (At least that's consistent with
your message).

Typo. I mean "you support...". I.e., you cannot handle spam from real users. Yes, yahoogroups.com 'registered' as a user. I can unsubscribe it, but automatic subscription is too easy to be useful as a deterrent.

        - to you, spam is defined by user
        and assumes a correlation between user and content

I think this is a little unfair. It implies that some people have less
right to post than others because they are suspected spammers. When
the issue isn't about people at all, it's about forged From:'s and
automated spam bots (i.e. addresses, not users).

There are users who still send spam (antivirus messages from automated scanners and vacation messages come to mind).

I'm not saying they shouldn't post, but their spam shouldn't make it through.

Anybody that will
verify that they really are able to interpret responses sent back to
the address they post from should be allowed to post - heck, even
anonymous remailers are supported this way.

Yes, but they will post their antiviruses and vacation info as well too. Again, the only way to filter spam is to filter spam.

I think you're implying a scenario where user X sends 9 on topic
messages and for the 10th one sends a "CHEAP LASER TONER REFILLS"
missive before returning to his thoughtful analysis. That just doesn't
happen often[1].

It was, in fact, the reason we even installed filters (for antivirus in particular) about a year ago (before we put in spam filters. FWIW, before you bother to use the current spam rate as a metric, I only put a test one in so far. the full one, based on a static list of keywords that has been in use for several years, goes in next week).

[1] Obviously spammers could forge real-subscribee's names as Keith
has said he has seen.

An issue which your solution does not address.

Personally, I'm shocked..

Yes, but just goes to show that your solution may become less useful.

Joe



<Prev in Thread] Current Thread [Next in Thread>