J C Lawrence <claw@kanga.nu> writes:
No more problems with posters from non-subscribed addresses. They have a subscription to _GET_ mail and to define an allowed posting address. They can (trivially) define additional allowed posting addresses by just posting from them and confirming the post to get on the whitelist.
Yup. One thing I also do is share an auto-whitelist among all the lists on my server. So, if claw@kanga.nu confirms his post to tmda-users, he'll instantly be able to post to tmda-workers as well. This makes things even more transparent for the end-user, particularly at sites hosting many lists.
You're now essentially back in the old days of the 1980s when we could safely run open lists.
Once in a blue moon, a spammer will actually confirm his spam to a list, which then requires a bit of intervention to remove the address from the auto-whitelist, and blacklist it. But, you'll also now have a verifiable address to use to track him down and fry his ass <wink>.
However, this is rare. It hasn't happened on any of my lists in the five months since I implemented this setup.
-- (http://tmda.net/)