Fri, 5 Apr 2002 22:38:08 -0800
Jeffrey Kay writes:
> Since we're starting to get a preponderance of spam on this list, why not think about
> using a whitelist scheme to prevent it? Take all of the e-mail addresses of registered
> users as your base whitelist. On the bottom of the posts where the URL is added, put in a
> message about a token to be added to the subject line (e.g. "[anti-spam token]") so anyone
> who wanted to be on the list but wasn't could post without subscribing and automatically
> be added to the whitelist? That should do a great deal to prevent spam on this list.
> I think this solution would satisfy the criterion of stopping spam while allowing anyone
> who wants to post without subscribing.
Ideally, the token could appear anywhere in the message.
The note describing the spam-override need only be a single line, e.g.:
# Nonsubscribers, keep this line or include "fXzyDef56j" in you message
Also, another option could be added to the online subscription form:
[ ] Individual Messages
[ ] Digest
[ ] I'll read via the web archives; send me nothing
...with the third option being essentially a self-serve whitelisting
However, most of the posts that we want to receive from nonsubscribers
are the result of responses to cross-posts and multiple "To"s. These
people aren't getting the original messages via the FoRK list, so they
won't see this in-message notice, so their first send will bounce, and
they may not follow-up.
Several potential solutions to that are:
- allow through any messages "in-reply-to" previous
- allow through any messages which include a whitelisted
address on the "To" or "CC" line. (We could even prepopulate
the whitelist with some of the other list addresses that
commonly generate cross-postings.)
I think these policies would allow through 100% of traffic from any
number of dedicated senders (subscribers and those who take
intentional action to whitelist themselves), and 99% of
the other traffic we might want to get, from people following-up
other cross-posted messages -- while stopping 99%+ of automated,
They also seem of general use to other Mailman users and
straightforward to implement -- although, who has the time?
Of course, spammers could get sneaky. But they're not that smart
and that industrious, and they're not paying specific attention
to us. We don't have to be impervious, just beyond the marginal
effort they're likely to expend.