[offtopic] Re: Recent spam surge...

Stuart Henderson stu at spacehopper.org
Thu Apr 9 05:13:19 PDT 2015

Reluctant to add to this (I didn't even see the original messages,
filters caught them, the only "spam surge" was on this thread ;) but
I think on this list there may be some less technical people around
who might benefit from it.

On 2015/04/09 10:16, Jim web wrote:
> Well, my experience is also that almost all the email lists I use do
> require the posters to register and be approved as a block against
> spamming, etc.

"block" is the wrong word. "mild deterrent" perhaps. With the amount of
spam recently being sent by complex methods such as stolen or guessed
webmail or smtp-authentication credentials, requiring a sign-up to post
to a mailing list (which can be accepted automatically *very* easily)
is hardly going to get in the way.

> I've no idea if people are happy with the above being mentioned. But until
> I decided to comment anyway on the 'OT' matter I wasn't going to bother
> *because the exposed nature of this list does make me want to post as
> infrequently as possible*.

<public service notice>

Assume that any email address posted publically, or guessable, or used
on a website, or given to anybody else will get abused at some point.
Online shops; dozens have leaked my addresses. People with hacked
webmail with me listed in address books. I've had spam to a unique
address given only in writing to a local company. Spam to a unique
address given only to a *bank*.

If you want to avoid seeing spam at an address, don't hand it around!
Personal, private address? *only* give it to personal, private friends!
For anything else, hand out low value addresses (webmail, time-limited,
unique-per-sender and cancellable) instead.

</public service notice>

Otherwise you need to filter, if you have good ways to do that,
but that's a much harder (and constantly changing) problem.

Requiring sign-up before posting (and moderating new posters) is
good to prevent very technical lists from degenerating.
I don't see how it does much else that isn't better handled with
tighter controls on mail content (funnily enough I have some
recollection that this list used to be a bit tighter on this, but
removed some restrictions after user whining?) and protocol compliance.
And like some others (including I think the list owner), I very often
find that requiring signups to post gets in the way and does little
to avoid either spam or some of the other (far more time-draining)
worthless posts.

More information about the get_iplayer mailing list