Re: [Mailman-Users] Expressions to reduce spam
On Nov 13, 2016, at 8:04 PM, Mark Sapiro <mark@msapiro.net> wrote:
On 11/13/2016 07:55 PM, Mark Sapiro wrote:
Or to get more than one tld with one regexp
*.*\.(site|win|othertop)$
Ooops. Should be
^.*\.(site|win|othertop)$
Thanks to everyone who replied!
I want to clarify that I don’t own or run the server. My ISP (sonic.net) has Mailman installed for customers to use. I can not configure it and I can’t affect what emails reach the Mailman software. Sonic is pretty good at walking that line between getting rid of spam and not having false positives, but there’s a lot that still gets through.
As for "everyone should learn regular expressions”... Sure, maybe. But I think it’s overkill. I mean I don’t require all my soap customers to learn the chemistry of saponification.
Doing it all from scratch every time also leads to mistakes. Example: Mark’s simple typo above. If even an expert can mess it up...
I mean, when I started making websites back in the mid-1990's, I hand-coded in HTML. I could switch to my browser to see where I messed up (cause you will always mess up), go back, fix, try again. Now I use Dreamweaver. I can still go into the code whenever I want to tweak things, but I don’t have to for the day to day stuff (thank God) and I can do things that are a lot more complex because of it.
I don't know what percentage of Mailman list owners are those who have this skillset. I’m going to guess a fairly low percentage because when someone takes the time to install it on their own server, they often invite friends, family, and people they work with (orgs, etc) to make lists. Then there are all the list owners using it from an ISP or a server they don’t have a personal connection with. It would be nice to be able to reduce the amount of spam that comes in for moderation without having to learn a brand new skill or bother the root access person each time.
Anyway, I know you have a lot on your plate, just putting it out there.
Cyndi
Cyndi Norwitz writes:
As for "everyone should learn regular expressions”...
Not everyone. Just *some* list admins whose security professionals are unresponsive, or who are their own security admins.
Sure, maybe. But I think it’s overkill. I mean I don’t require all my soap customers to learn the chemistry of saponification. I mean, when I started making websites back in the mid-1990's, I hand-coded in HTML. I could switch to my browser to see where I messed up (cause you will always mess up), go back, fix, try again. Now I use Dreamweaver.
Your metaphors are not valid. Selling soap and creating HTML are cooperative activities. Both of you *want* simple, and the combination of soap and customer's skin, or you with Dreamweaver and a reader with a reasonably modern browser, gives a win-win outcome. But spamming is a zero-sum game, and spammers are intelligent opponents, not reducible to counting the number of electrons in the outermost orbit. There *may* be ways to simplify, but they will be rare, and spammer- and list-specific.
The most important point is that, while human beings can reliably recognize spam before they have time to think about why they think it's spam, computers can't do that at all. They have to specifically apply heuristic rules, all of which frequently fail very badly. Each rule frequently allows whole streams of spam through, and sometimes identifies whole streams of authentic mail as spam. That's why the effective applications like SpamAssassin and SpamBayes use scoring of many rules, and site-specific tweaks to scores, rather than using litmus tests that trigger a discard on one feature as Mailman does.
There is a clear and present danger that each simple litmus test will throw away authentic posts without stopping enough spam to make that risk worthwhile. It is that danger that leads us to prefer consulting for each admin who needs an apparently simple rule, and setting a high bar (regexps) for DIY spam-fighting. Providing a way to configure simple rules would most likely be an attractive nuisance. But people who have the knowledge and experience to use regexps not only can write more sophisticated (though still risky) rules, but also have experienced the limits of automated filters.
We could make it easier, but it's not at all clear to me that we should.
Steve
participants (2)
-
Cyndi Norwitz -
Stephen J. Turnbull