[Gllug] They worked brilliantly

James de Lurker jtl2nospamMUNGIEjump at hotmail.com
Sat Mar 1 18:41:28 UTC 2003 

-------- Original Message --------
Subject: Re: [Gllug] They worked brilliantly
Date: 01 Mar 2003 14:25:52 +0000
From: Mark Lowes <hamster at korenwolf.net>

Mark Lowes wrote:
> On Sat, 2003-03-01 at 10:16, Adam Bower wrote:
> 
>>On Fri, Feb 28, 2003 at 03:38:03PM +0000, Mark Lowes wrote: 

>>>Been round this loop (please read the archives), I think the last time
>>>this came up the view amongst those who responded was that the list
>>>should remain open.

>>one possible addition to this is to add +2 onto the spam-status for postings
>>from unsubscribed addresses, so that most list mail will come through as normal

> Non-trivial.

And undesirable. That would prevent my postings making the list. I use the
same UseNet profile to make it easier to carry an interesting topic across
from UseNet to list or vice-versa, and remain clearly identifiable.



>>but the increased value in spam assassin should get pretty much everything.
>>Although on the other side you may still get the occaisional spam so it can
>>never be perfect.

As long as false positives are effectively attacked in return, and remain a 
small percentage of traffic - there is no problem.

I'm confident that there are enough skilled and moral people here able to 
keep ahead of any technical arms race with spammers, and punish them when 
they have the temerity to abuse the list address.

-------- Original Message --------
Subject: Re: [Gllug] They worked brilliantly
Date: Sat, 1 Mar 2003 16:05:44 +0000
From: Jim Bailey <jim at freesolutions.net>

 >>Been discussed before. Many times. Please read the archives. I
 >>completely agree with you though -- the list _should_ be subscribers
 >>only.

Absolutely Not.

 > I disagree entirely we are a LUG the Linux community for Greater London
 > as such we should be an open door.  Occasionally something nasty get by
 > the doorman but for fscks sake it only a few a week, take a chill pill.
 > :)

My sentiments exactly. If just one of the ten posters took all the time
the others made to post and used it to cause maximum pain for the
spamvertised business, they pretty soon get the message. They went to an
awful lot of trouble and effort to concoct a message that would fit under
the bar[1]. The least that _we_ can do is to repay that compliment :-]

My posts make it obvious that spam is unwelcome, in the address itself.
The last clown that ignored that brought the US IRS and Customs down on
the business that he was advertising.

I quit using another LUG list in disgust when my own UseNet profile ID
was being directed to /dev/null as policy, because I choose to raise the
bar to abusers in a potentially hostile open list environment. I am *not*
going to set up special profiles, or posting arrangements just to cater
for one persons whitelist, or a group's subscription preferences.

Maybe when email header forgery actually becomes illegal, and enforced
( as did FAX tsi forgery or omission in the US and Canada ) I'll be a good
boy and no longer forge my own postings. But don't hold your breath.

I have already suggested a compromise offlist: If we really cannot keep the
bar high enough without generating false positives that deter cautious
genuine posters, then offer a pseudo-anonymous web form to manually create
a posting to the list that has the necessary safeguards. If it ever becomes
policy here to reject all non subscribed addresses, and there is no 
provision of alternative posting means (web form), I'm outta here too!

Remember: The ability to post privately to a list contributer is at the
discretion of that poster. It is _their_ time that is burned in processing
offlist email. Do you openly publish your home or mobile telephone number?


[1] Offlist, I have already expressed concerns that anti-spam apps should
on no account offer any assistance to bad guys intent on reverse 
engineering. Anything that can be synthesised, tested, and analysed. If it 
_must_ post back information about how well you are doing with the various 
thresholds, for pity's sake - make it LIE a little <*grin*> That
small effort in obscurity can make all the difference in escalating costs
to a spammer that likes beating technical puzzles. Some of them hang out
in various Linux groups, too, in all probability. The bigger the list, the
more worthwhile it becomes spending time cracking the defences.

-- 

   -- James

 From and Reply To are INVALID.

All public postings use munged headers[1]- To contact me off list:
   1) Remove "M U N G I E j u m p" ONLY: leave that "nospam" in there!
   2) change "hotmail" 2 "myrealbox" after the @




-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list