[Mailman-Developers] Interesting study -- spam on postedaddresses...

Chuq Von Rospach chuqui@plaidworks.com
Mon, 25 Feb 2002 10:26:21 -0800 

On 2/25/02 10:03 AM, "Jay R. Ashworth" <jra@baylink.com> wrote:

>> spam attacks a day now. I woke up to 27 pieces of spam in my personal
>> mailbox, and that's just one address, and since midnight.
> 
> Eek.

Yeah, but that's still a small percentage compared to legitimate mail.

> It's all over my weblog, too; not obfucsated there, either.

I don't obfuscate either. <digression> I decided long ago not to let the
spammers get to my head. I'm just not that sensitive to it. I realize,
though, that others feel differently -- I just don't see that the amount of
time some folks put into dealing with spam is worth the investment. Part of
the reason I get so much spam is that "chuqui" (I own chuqui.com) is the
nickname of the largest open pit copper mine in the world, down in chile. So
I get a lot of spanish language spam misdirected at that place...

I'm of the opinion "when you start spending more time fighting spam than you
do simply deleting it, the spammers are winning". Spam doesn't cost me money
(please, let's not get into the bandwidth-wars -- I'm on a fixed-price
network with spare capacity), it costs me time. And time, in my life, is my
most precious commodity. I've also found you don't stop spam, you maybe slow
it down for a while, so it's a war of attrition. I decided a while back it
was less hassle to just blow through it, since most spam you can delete just
from the subject line.

But if you'll note, that's not the policy I propose for Mailman. I feel my
approach works for me -- but is too laissez-faire for Mailman. A public tool
like that needs to be more protective, even if I personally feel I can do
with less. </digression>

Barry's overview this morning of what he's doing seems fine to me. I might
quibble with some details, but I think it's reasonable. I especially agree
with him about list admins needing some public face, not an anonymous voice
from behind the curtain. That's explicitly why I admin from my address, not
a generic postmaster box. And even though I now have a 2nd helping out and
we use a shared mailbox, I still respond as me, not as A Generic Apple
Postmaster. 

Frankly, sometimes it causes problems, because some folks see you as a
target. But I find humanizing it generally solves more problems than it
causes. It's a lot easier to throw pitchforks at the abuse@ address, since
you don't know who that is...

> And my pain level *still* hasn't climbed high enough to merit automated
> methods (read: higher than the pain level of learning procmail.  ;-)

Oh, heck. Procmail is the hard part, IMHO. What a bizarre, bogus syntax.

I really, really like Barry's idea of an API for integrating into things
like SpamAssassin and auto-adminning based on the returned score. That's the
sort of thinking we ought to be looking at. Not implementing it all
ourselves, but finding ways to take advantage of what others are doing as
well. 


-- 
Chuq Von Rospach, Architech
chuqui@plaidworks.com -- http://www.chuqui.com/

No! No! Dead girl, OFF the table!