[Python-Dev] Re: c.l.p.a -- what needs to be done ?

[Thomas Wouters]

On Sat, Aug 26, 2000 at 10:31:05AM +0200, M.-A. Lemburg wrote:
> Markus Fleck wrote:
> > > I've had a look at the c.l.p.a postings and the only special
> > > header they include is the "Approved: fleck@informatik.uni-bonn.de"
> > > header.

> > Basically, that's all it takes to post to a "moderated" newsgroup.
> > (Talking about a case of "security by obscurity" here... :-/)
> > Actually, the string following the "Approved: " may even be random...

Yes, it can be completely random. We're talking about USENET here, it wasn't
designed for complicated procedures :-)

> Wow, so much for spam protection.

Well, we have a couple of 'moderated' lists locally, and I haven't, in 5
years, seen anyone fake an Approved: header. Of course, the penalty of doing
so would be severe, but we haven't even had to warn anyone, either, so how
could they know that ? :)

I also think most news-administrators are quite uhm, strict, in that kind of
thing. If any of our clients were found faking Approved: headers, they'd get
a not-very-friendly warning. If they do it a second time, they lose their
account. The news administrators I talked with at SANE2000 (sysadmin
conference) definately shared the same attitude. This isn't email, with
arbitrary headers and open relays and such, this is usenet, where you have
to have a fair bit of clue to keep your newsserver up and running :)

And up to now, spammers have been either too dumb or too smart to figure out
how to post to moderated newsgroups... I hope that if anyone ever does, the
punishment will be severe enough to scare away the rest ;P

-- 
Thomas Wouters <thomas@xs4all.net>

Hi! I'm a .signature virus! copy me into your .signature file to help me spread!