ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IESG Statement on Spam Control on IETF Mailing Lists

2008-04-15 08:28:43
from [James Galvin] [Permanent Link] 


-- On Monday, April 14, 2008 2:11 PM -0700 Ned Freed 
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote regarding Re: IESG Statement on 
Spam 
Control on IETF Mailing Lists --


+1 to Henrik's comments. I don't think the two MUSTs
that he comments on are algorithmically possible.


These two MUSTs (the ability to whitelist specific posters
without them having to receive list mail and spam rejection) are
both completely trivial to implement with our software. The
latter is normally done (and definitely should be done) at the
SMTP level, minimizing blowback.


To be fair, and I know Ned that you know this, it depends on where 
and how you implement specific controls.  Some software makes this 
easier than other software.  In general, the more integrated the 
components the finer granularity one gets in what you can do.

Specifically, the whitelisting has to occur either before or within 
the SPAM filtering.  If a source is whitelisted it has to bypass 
all other checks.

The IETF setup uses SpamAssassin for tagging purposes.  This is 
done outside of the SMTP service and outside of Mailman, which 
supports the mailing lists.  The whitelisting is done with TMDA, 
which is also outside of SpamAssassin and outside of Mailman.

Getting all three of these things to work together is not trivial. 
I don't mean to suggest it's rocket science, but you have to sit 
down and think about how each of them provide the various services 
they provide and get them to cooperate.  Changes in any one require 
a re-evaluation of the entire setup, just to make sure there are no 
unintended consequences.

The fact that TMDA does whitelisting means that Mailman does not 
have to do it.  This reduces the SPAM load on Mailman but it does 
not change the fact that you have to be a subscriber to get a 
message through.  If you're not a subscriber you're still going to 
get "moderated".

For Mailman to do the whitelisting it means that every mailing list 
would have to have the same database that TMDA has, which has 
40,000 entries in it.  Yes, that's right, there are 40,000 unique 
email addresses across all IETF mailing lists.  This is how Mailman 
works.

My point here is that there are choices to be made, and those 
choices have implications.  Obviously the IETF could make different 
choices, but I do think it's important to understand the advantages 
and disadvantages of different choices.

Jim

_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IESG Statement on Spam Control on IETF Mailing Lists, James Galvin
Next by Date:  Re: IESG Statement on Spam Control on IETF Mailing Lists, Rich Kulawiec
Previous by Thread:  Re: IESG Statement on Spam Control on IETF Mailing Lists, Henrik Levkowetz
Next by Thread:  Re: IESG Statement on Spam Control on IETF Mailing Lists, James Galvin
Indexes:  [Date] [Thread] [Top] [All Lists]