Date: Sat, 20 Apr 2019 21:14:33 +0200 From: Polytropon <freebsd@edvax.de> To: Frank Fenderbender <frankfenderbender@council124.org> Cc: freebsd-questions@freebsd.org Subject: Re: how to filter advertisers from joining the list Message-ID: <20190420211433.a4b0098e.freebsd@edvax.de> In-Reply-To: <E2153FD1-AF25-4F29-9647-C517E3EDAD4D@council124.org> References: <CAGBmCT7sQN0Jgxq8px-q-0YkWkVpA9emW0UPCKE_t2eptq0QQg@mail.gmail.com> <D946A379-D7DA-431B-A2BD-84CB629CC770@council124.org> <CACNAnaH%2BmAUkQSRAeqxMo1BM%2BGqeAcvhJKz=u%2BS6b9uxgpKg-g@mail.gmail.com> <E2153FD1-AF25-4F29-9647-C517E3EDAD4D@council124.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Apr 2019 21:11:22 -0700, Frank Fenderbender wrote: > Since BSD is based in security and a history of being older than > most all surviving OSs, I > My question is whether we can imagine reducing overt email from > the list that send "questions" about dating, or about buying a > service/product... as a captive audience. I don't know about you, but in _my_ opinion, the spam on this list (and the side-noise it generates) is still beyond what's accepted as "normal" on other lists. Sure, this is an _open_ list (no subscription needed for posting), but the amount of spam that arrives in my inbox is so low that I'm even too lazy to set up a deletion rule - I simply press DEL a few times, and the thing is done. That's why I currently (!) consider this a "no problem". > It seems ironic that a list membership about a secure OS > exhibits insecurity in who can access our mailboxes and > detour our attention-spans with misrepresentation of purpose. That's not fully correct. By subscribing to the list you accept _all_ content sent by the list per default, and it's up to your MTA / MDA / MUA to take a filter action if you desire. This is not a security problem per se. Furthermore, those who read this list do not use things like "Outlook" instead of a MUA, and are well aware of security considerations regarding "strange links" embedded in HTML messages. As the FreeBSD list system strips non-text attachments in general, and people tend to read mail as text (and not as HTML, which is untypical to be sent by legit list members), I'd say this is not a big problem. <a href="http://badguy.example.com/fakelogin.php">My Bank Account</a> This won't work. People here aren't stupid enough to fall for that. :-) > So, I thought that others so-captured might want to seek some > proactive revenge if we can decipher the problem, the tasks, > and access. You can easily examine the message headers and find out where the spam originates from. You'll often find corporate networks with infected "Windows" machines, or "Windows" PCs of clueless home users that send the messages. You will typically _not_ find out _who_ initiated it; sender != initiator. And those who cause spam will always find sources to send it. There are enough insecure, unpatched, unmaintained or intendedly left-open systems around the world which they can gain access to. It's not magic. > If it's an "open" list then it's up to use to fend off invaders, > right? It's not in anyone's "job description" unless it's in all > of our membership implications? The list maintainers tend to add known sources of spam to the blacklists, but new sources will open from time to time, causing a "spam blast" that typically lasts a few days, and then ends. You _could_ do some postprocessing of the messages before they arrive in your inbox (in in your inbox before they gain your attention). Just a few comments: > Examples of everyday improvements we all have made, or could make: > Problem: In this day-and-age, 80% of all US phone calls > are robocalls, esp. between 7-9am and 6-8pm.. > Workaround: we've used the wildcard features of CPR CallBlocker > and Ooma to pre-delete junk calls and callers. > > Problem: We send about 30% of what Amazon sells back as > misrepresented, faulty, or incorrect. > Workaround: we avoid Jeff Bezos whenever possible. This is something "average people" don't do, either because it is a technical skill they don't have, or because it does not reflect as loss of money. Generally speaking, eople are able to tolerate an impressive amount of annoying things as long as it doesn't feel (!) like losing money. > Problem: We screened fake-people from a Yahoo Group > mail-list I used to have; it was tough, because you had to screen > for real people. > Workaround: We did not admit to membership anyone who did > not issue a self-statement , semi-divulging that they were not > going to lob ads at us. > > Problem: quantities of fake-people assault forums. > Workaround: on our SMF forum, we use email verification, > BOT lists, and essentially block all eAddresses with alphanumeric > name-fields since that indicates a spammer more often than a > lazy person. Again, this solution might lead to exclusion of users who intendedly use a "non-natural address", either because they prefer to do so, or because they don't have any alternative. If you add a subscription process that involves a certain amount of interaction that exceeds the skills of the common skript kiddie, you should be fine. But as I said, the FreeBSD lists do not use subscription as a requirement for sending messages. This is the first thing you should address if you want a change. > So, maybe we can get some info about the system running the > list so we can try to make some improvements in proactively > blocking spammers at the membership level? In one of my earlier messages, I pointed out that you should address the list maintainers directly (or use an appropriate conversation list). Doing this on the user questions list is not a good idea, and will probably not lead to anything. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190420211433.a4b0098e.freebsd>