automake
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: excessive bounces


From: Lars Hecking
Subject: Re: excessive bounces
Date: Thu, 27 May 2004 10:12:19 +0100
User-agent: Mutt/1.5.6i

> Unfortunately, SPAMmers quickly learn how to break through automated 
> defenses so that they can simply subscribe to lists.  One way or 
> another, list servers are simply overwelmed.  There seems to be no 
> reasonable solution.

 The problem here is not that spammers subscribe to lists; these lists are
 open. 

 I believe that a large number of email addresses are being harvested off
 the web, and there are still a lot of list archives out there that don't
 obscure email addresses in any way (this must be the single biggest reason
 why I receive about 15k spam emails a month). Widely published and easily
 available addresses like those of (most) GNU mailing lists, that have been
 around for years, are a prime target.

> I believe that all of the SourceForge lists are also open.   They used 
> to support blocking non-subscribers but that became a nightmare for 
> maintainers so the capability was removed.
 
 SourceForge uses SpamAssassin. Just for comparison, out of the 1600 spam
 emails I have archived since last September, 211 came from SF. 635 from
 the autoconf and automake lists. These are spam emails that made it through
 the primary defences on the mail gateway. I am subscribed to 2 gnu.org lists,
 and probably about 10 SF lists, on and off.

 I have received email on the issue by Paul Fisher of the FSF, but I don't
 want to repost it here w/o his permission (and because it's off-topic). In
 my reply, I have outlined a few things that could be done:

 o gnu.org has a prohibitively high volume of email, and SA/Bayes require
   massive resources. Therefore, the volume of mail going through SA or
   any other tool must be limited.

 o Excessive whitelisting: all current gnu.org subscribers should be white-
   listed, so that their email bypasses anti-spam. Yes, that'll still leave
   the problem of subscribed spammers, but I believe there won't be too many.

 o SMTP from hosts not in the gnu.org domain, but HELO'ing as gnu.org or
   the associated IP addresses must be refused flat out. That cuts out
   many viruses/worms, and a good bit of spam, too.

 o Ruthless use of DNS blacklists before mails reach anti-spam. Most of
   spam on GNU lists originates from "known bad boys" - Korea, China,
   dialup/dyn-ip hosts, Comcast, *bell etc. Recommended reading:
   http://makeashorterlink.com/?D20312968.
   sbl-xbl.spamhaus.org alone would probably work wonders.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]