Preventing spammers from infiltrating the Red Hat mailing lists

William M. Quarles walrus at bellsouth.net
Thu Apr 14 01:29:58 UTC 2005


Thanks for the input.  Contact the list administrator if you would like 
to see address encryption turned on for Gmane to safeguard against that.

Thanks,
William

Joe Desbonnet wrote:

> I noticed that my spam levels (the stuff that got through the gmail
> filter) shot up within days of my first post to the fedora developers
> list. Coincidence? I suspect not.
> 
> Joe.
> 
> 
> On 4/13/05, William M. Quarles <walrus at bellsouth.net> wrote:
> 
>>Hi all,
>>
>>I sent what I thought was a very important request to one of the Fedora
>>lists which was quickly beaten down, and I did not receive anything back
>>on subsequent replies.  I would appreciate your help in making sure that
>>the lists are safe for all of us.  I'm actually going to the trouble of
>>subscribing to nearly all of the Red Hat mailing lists just to get the
>>word out.
>>
>>One thing that I have done recently was to search for my e-mail
>>addresses on the Internet web pages to find all of the places that list
>>them.  Why bother doing this?  Just like how Google has spiders that
>>crawl the Internet to gather general information, spammers have spiders
>>that crawl the Internet to gather e-mail addresses to spam people.  I
>>have contacted all of the websites who did not modify my e-mail
>>addresses (mostly on mailing lists) in such that they cannot be
>>collected.  Red Hat has done at least one thing right in that they have
>>modified everyone's e-mail address in their web archive, such that it
>>reads something like <walrus bellsouth.net> for mine.
>>
>>However Red Hat has left one big gaping whole that the spam spiders can
>>still crawl into.  There is a complete active mirror of these lists as
>>postable newsgroups kept on a service called Gmane <http://gmane.org>.
>>I'm using Gmane to write this message to you now.  It's a pretty
>>sophisticated setup, has safeguards to prevent spam getting posted, and
>>they use Spam Assassin to clean up stuff that still ends up on the list
>>(except you have to filter it yourself on the newsgroup interface).  The
>>only problem is that spam spiders crawl the newsgroups to collect e-mail
>>addresses.
>>
>>Gmane has a safeguard to prevent this, but it has to be turned on by the
>>list administrator.  Gmane can encrypt the e-mail addresses on the list
>>such that any mail sent to them is routed through Gmane first, and then
>>the sender must under go a challenge-response before the message gets
>>routed to the actual recipient.  Of all of the Red Hat lists I've only
>>found two newsgroup mirrors that use address encryption:
>>gmane.linux.redhat.fedora.java <fedora-java-list>, and
>>gmane.redhat.taroon <taroon-beta-list>.
>>
>>If you would like to see the Red Hat newsgroup mirrors have encrypted
>>e-mail addresses, please reply to this topic and discuss.  If you are
>>even more brave (important since some of these lists are high-volume and
>>not everything gets read), please contact your list administrator
>>directly at <listname-admin at redhat.com>.  If someone knows how to get
>>the word out on the international lists or to their administrators
>>(since I don't speak multiple tongues), please do so.  If someone knows
>>who to contact who can make all of the newsgroups have encrypted e-mail
>>addresses going above all of the list administrators (maybe the person
>>who decided to obfuscate them all on the web archive?) please contact
>>him or her and let us know how to contact that person.
>>
>>Thanks so much,
>>William
>>
>>--
>>fedora-devel-list mailing list
>>fedora-devel-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-devel-list
>>
> 
> 




More information about the fedora-devel-list mailing list