[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: excessive bounces
Re: excessive bounces
Thu, 27 May 2004 10:12:19 +0100
> Unfortunately, SPAMmers quickly learn how to break through automated
> defenses so that they can simply subscribe to lists. One way or
> another, list servers are simply overwelmed. There seems to be no
> reasonable solution.
The problem here is not that spammers subscribe to lists; these lists are
I believe that a large number of email addresses are being harvested off
the web, and there are still a lot of list archives out there that don't
obscure email addresses in any way (this must be the single biggest reason
why I receive about 15k spam emails a month). Widely published and easily
available addresses like those of (most) GNU mailing lists, that have been
around for years, are a prime target.
> I believe that all of the SourceForge lists are also open. They used
> to support blocking non-subscribers but that became a nightmare for
> maintainers so the capability was removed.
SourceForge uses SpamAssassin. Just for comparison, out of the 1600 spam
emails I have archived since last September, 211 came from SF. 635 from
the autoconf and automake lists. These are spam emails that made it through
the primary defences on the mail gateway. I am subscribed to 2 gnu.org lists,
and probably about 10 SF lists, on and off.
I have received email on the issue by Paul Fisher of the FSF, but I don't
want to repost it here w/o his permission (and because it's off-topic). In
my reply, I have outlined a few things that could be done:
o gnu.org has a prohibitively high volume of email, and SA/Bayes require
massive resources. Therefore, the volume of mail going through SA or
any other tool must be limited.
o Excessive whitelisting: all current gnu.org subscribers should be white-
listed, so that their email bypasses anti-spam. Yes, that'll still leave
the problem of subscribed spammers, but I believe there won't be too many.
o SMTP from hosts not in the gnu.org domain, but HELO'ing as gnu.org or
the associated IP addresses must be refused flat out. That cuts out
many viruses/worms, and a good bit of spam, too.
o Ruthless use of DNS blacklists before mails reach anti-spam. Most of
spam on GNU lists originates from "known bad boys" - Korea, China,
dialup/dyn-ip hosts, Comcast, *bell etc. Recommended reading:
sbl-xbl.spamhaus.org alone would probably work wonders.
Re: excessive bounces, Ben Pfaff, 2004/05/29
- excessive bounces, Alien999999999, 2004/05/24
- Re: excessive bounces, Jay West, 2004/05/24
- Re: excessive bounces, Lars Hecking, 2004/05/25
- Re: excessive bounces, Bob Proulx, 2004/05/26
- Re: excessive bounces, Ralf Corsepius, 2004/05/26
- Re: excessive bounces, Earnie Boyd, 2004/05/26
- Re: excessive bounces, Bob Friesenhahn, 2004/05/26
- Re: excessive bounces,
Lars Hecking <=
- Re: excessive bounces, Andrew Suffield, 2004/05/27
- Re: excessive bounces, Bob Friesenhahn, 2004/05/29
- Re: excessive bounces, Ralf Corsepius, 2004/05/29
- Re: excessive bounces, Earnie Boyd, 2004/05/27