-- On Monday, April 14, 2008 2:11 PM -0700 Ned Freed
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote regarding Re: IESG Statement on
Spam
Control on IETF Mailing Lists --
+1 to Henrik's comments. I don't think the two MUSTs
that he comments on are algorithmically possible.
These two MUSTs (the ability to whitelist specific posters
without them having to receive list mail and spam rejection) are
both completely trivial to implement with our software. The
latter is normally done (and definitely should be done) at the
SMTP level, minimizing blowback.
To be fair, and I know Ned that you know this, it depends on where
and how you implement specific controls. Some software makes this
easier than other software. In general, the more integrated the
components the finer granularity one gets in what you can do.
Specifically, the whitelisting has to occur either before or within
the SPAM filtering. If a source is whitelisted it has to bypass
all other checks.
The IETF setup uses SpamAssassin for tagging purposes. This is
done outside of the SMTP service and outside of Mailman, which
supports the mailing lists. The whitelisting is done with TMDA,
which is also outside of SpamAssassin and outside of Mailman.
Getting all three of these things to work together is not trivial.
I don't mean to suggest it's rocket science, but you have to sit
down and think about how each of them provide the various services
they provide and get them to cooperate. Changes in any one require
a re-evaluation of the entire setup, just to make sure there are no
unintended consequences.
The fact that TMDA does whitelisting means that Mailman does not
have to do it. This reduces the SPAM load on Mailman but it does
not change the fact that you have to be a subscriber to get a
message through. If you're not a subscriber you're still going to
get "moderated".
For Mailman to do the whitelisting it means that every mailing list
would have to have the same database that TMDA has, which has
40,000 entries in it. Yes, that's right, there are 40,000 unique
email addresses across all IETF mailing lists. This is how Mailman
works.
My point here is that there are choices to be made, and those
choices have implications. Obviously the IETF could make different
choices, but I do think it's important to understand the advantages
and disadvantages of different choices.
Jim
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf