Thank you Rich,
I do not subscribe anyone without making them first go through the subscribe process. The problem we're having lately is the ISP's are not passing on the confirmation email, so in a couple cases lately, after confirming the user tried the process (by their word is all I got) I do subscribe them.
Unfortunately I don't have access to the logs nor VERP settings.
thx, Jim
On Fri, Jun 17, 2016 at 9:02 AM, Rich Kulawiec <rsk@gsp.org> wrote:
I'll second the suggestion that you split the list. I'll also suggest that you do *not* subscribe anyone to the split-off instance: you should make them go through a COI (confirmed opt-in) process AND you should make certain that you retain all records of that as long as the list exists. ("records" being the Mailman logs and copies of any correspondence.)
But let me make a general comment about this problem -- which stems from companies like AOL and Yahoo delegating control of part of the anti-spam process to their users.
That's incredibly stupid. It's off-the-scale idiotic. It flies in the face of everything we've learned about spam in the past several decades.
Consider: if users, en masse, could reliably distinguish spam from non-spam, would the spam problem be as bad as it is?
No. It would not. It would only be a tiny fraction of its current scale.
But users have spent the past several decade proving, beyond any possible argument, that they are absolutely horrible at this task. So delegating it to them is not only lazy, it's insane.
To be clear: yes, users should be able to *report* suspected spam. That's why everyone should have an abuse@ address per RFC 2142 and decades of best practices. A user who's capable of remembering that, and who's capable of forwarding spam to it with full headers, is a user at least worth paying attention to. (And of course the local admin/postmaster/abuse/whatever team should read and analyze every such message: that's mail system admin 101.) But a user who blindly hits the spam button for any message they don't like or don't find useful or don't agree with or anything else is worse than useless: they're actively degrading the process.
Dave Crocker put it quite well when he said:
The best model to invoke, with respect to the idea of recruiting end users to be active participants in abuse detection or prevention is mostly: Don't.Unfortunately, the AOLs and Yahoos of the world are deaf to this.
And as a result of that, I have no doubt whatsoever that many of your non-spam messages are being flagged as spam by users at those operations (and elsewhere) despite the fact that they're on-topic for a mailing list that they signed up for.
I've found it necessary to use VERP and similar techniques to identify the specific individuals responsible for this abuse and to either (a) unsubscribe them and/or (b) ban them. This isn't a panacea, but it does help cut down on the complaint rate and thus the spurious blacklisting.
---rsk
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/james%40dorydesign.com