UOL spam issue
Paul Howarth
paul at city-fan.org
Tue Jan 24 16:55:02 UTC 2006
Arthur Pemberton wrote:
> On 1/24/06, *Tim* <ignored_mailbox at yahoo.com.au
> <mailto:ignored_mailbox at yahoo.com.au>> wrote:
>
> On Tue, 2006-01-24 at 14:00 +0000, Paul Howarth wrote:
> > This list already uses a confirmation step.
>
> I know. I didn't sign up by magic. ;-) I went through the process.
> My comment was about the idea of doing it more than once, and with more
> than just the lists "from" address (since some might think to whitelist
> the list based simply on the from address, which will change when
> contributors post, rather than some other details).
>
> It occurs to me that some sort of honeypot approach might be worth it,
> too. A few bogus members that if they ever receive spam, are used in
> some way to blacklist a member. I did that with my mail server, it
> worked a treat for identifying spam.
>
> Also, random, challenge/response spot checks on members. Combined with
> a honeypot source address, perhaps, that could send unique messages to
> each member to identify the real sources of problems. It also occurs to
> me that this person mightn't be just stupidly sending crud to people,
> but be doing so as an address harvesting technique.
>
> Though the most obvious solution to me is to stop trying to be a news
> group on a mailing list, and actually be a news group. You don't need
> to provide any e-mail address when you post to usenet. Nobody can spam
> my mailbox from any data in my usenet posts. News servers can wipe out
> spam, too. And you get the added bonus of being able to get prior
> messages, not just the ones that come through after you join. Not to
> mention all of the other things that news clients do so much better than
> mail clients.
>
>
> Umm, why don't we just black list these guy's mail server?
Where "we" = every list member of course.
I've done my bit, and I don't see any old.br spam.
Paul.
More information about the fedora-list
mailing list