[Mailman-Users] Our list serv host is threatening to shut us down for spam abuse
james at dorydesign.com
Fri Jun 17 13:44:40 EDT 2016
Thank you Rich,
I do not subscribe anyone without making them first go through the
subscribe process. The problem we're having lately is the ISP's are not
passing on the confirmation email, so in a couple cases lately, after
confirming the user tried the process (by their word is all I got) I do
Unfortunately I don't have access to the logs nor VERP settings.
On Fri, Jun 17, 2016 at 9:02 AM, Rich Kulawiec <rsk at gsp.org> wrote:
> I'll second the suggestion that you split the list. I'll also suggest
> that you do *not* subscribe anyone to the split-off instance: you should
> make them go through a COI (confirmed opt-in) process AND you should
> make certain that you retain all records of that as long as the list
> exists. ("records" being the Mailman logs and copies of any
> But let me make a general comment about this problem -- which stems
> from companies like AOL and Yahoo delegating control of part of the
> anti-spam process to their users.
> That's incredibly stupid. It's off-the-scale idiotic. It flies in
> the face of everything we've learned about spam in the past several
> Consider: if users, en masse, could reliably distinguish spam from
> non-spam, would the spam problem be as bad as it is?
> No. It would not. It would only be a tiny fraction of its current scale.
> But users have spent the past several decade proving, beyond any
> possible argument, that they are absolutely horrible at this task.
> So delegating it to them is not only lazy, it's insane.
> To be clear: yes, users should be able to *report* suspected spam.
> That's why everyone should have an abuse@ address per RFC 2142
> and decades of best practices. A user who's capable of remembering
> that, and who's capable of forwarding spam to it with full headers,
> is a user at least worth paying attention to. (And of course the
> local admin/postmaster/abuse/whatever team should read and analyze
> every such message: that's mail system admin 101.) But a user who
> blindly hits the spam button for any message they don't like or
> don't find useful or don't agree with or anything else is worse
> than useless: they're actively degrading the process.
> Dave Crocker put it quite well when he said:
> The best model to invoke, with respect to the idea of recruiting
> end users to be active participants in abuse detection or
> prevention is mostly:
> Unfortunately, the AOLs and Yahoos of the world are deaf to this.
> And as a result of that, I have no doubt whatsoever that many of your
> non-spam messages are being flagged as spam by users at those operations
> (and elsewhere) despite the fact that they're on-topic for a mailing list
> that they signed up for.
> I've found it necessary to use VERP and similar techniques to identify
> the specific individuals responsible for this abuse and to either
> (a) unsubscribe them and/or (b) ban them. This isn't a panacea, but
> it does help cut down on the complaint rate and thus the spurious
> Mailman-Users mailing list Mailman-Users at python.org
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
More information about the Mailman-Users