Anti-Spam Idea

Gordon Mohr
Fri, 5 Apr 2002 22:38:08 -0800

Jeffrey Kay writes:
> Since we're starting to get a preponderance of spam on this list, why not think about
> using a whitelist scheme to prevent it?  Take all of the e-mail addresses of registered
> users as your base whitelist.  On the bottom of the posts where the URL is added, put in a
> message about a token to be added to the subject line (e.g. "[anti-spam token]") so anyone
> who wanted to be on the list but wasn't could post without subscribing and automatically
> be added to the whitelist?  That should do a great deal to prevent spam on this list.
> I think this solution would satisfy the criterion of stopping spam while allowing anyone
> who wants to post without subscribing.
> Thoughts?

Great idea!

Ideally, the token could appear anywhere in the message. 

The note describing the spam-override need only be a single line, e.g.:

# Nonsubscribers, keep this line or include "fXzyDef56j" in you message

Also, another option could be added to the online subscription form:
  [ ] Individual Messages
  [ ] Digest
  [ ] I'll read via the web archives; send me nothing

...with the third option being essentially a self-serve whitelisting

However, most of the posts that we want to receive from nonsubscribers
are the result of responses to cross-posts and multiple "To"s. These 
people aren't getting the original messages via the FoRK list, so they 
won't see this in-message notice, so their first send will bounce, and 
they may not follow-up.

Several potential solutions to that are:
  - allow through any messages "in-reply-to" previous
    passed-through message-ids
  - allow through any messages which include a whitelisted
    address on the "To" or "CC" line. (We could even prepopulate
    the whitelist with some of the other list addresses that
    commonly generate cross-postings.)

I think these policies would allow through 100% of traffic from any 
number of dedicated senders (subscribers and those who take
intentional action to whitelist themselves), and 99% of
the other traffic we might want to get, from people following-up
other cross-posted messages -- while stopping 99%+ of automated,
thoughtless spam.

They also seem of general use to other Mailman users and 
straightforward to implement -- although, who has the time?

Of course, spammers could get sneaky. But they're not that smart
and that industrious, and they're not paying specific attention
to us. We don't have to be impervious, just beyond the marginal
effort they're likely to expend.  

- Gordon