[geeklog-devtalk] geeklog-devel digest, Vol 1 #276 - 2 msgs

[geeklog-devel-request at lists.geeklog.net]

Send geeklog-devel mailing list submissions to
	geeklog-devel at lists.geeklog.net

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.geeklog.net/listinfo/geeklog-devel
or, via email, send a message with subject or body 'help' to
	geeklog-devel-request at lists.geeklog.net

You can reach the person managing the list at
	geeklog-devel-admin at lists.geeklog.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geeklog-devel digest..."


Today's Topics:

   1. Spam to members of lists (Tony Bibbs)
   2. Re: Spam to members of lists (Vincent Furia)

--__--__--

Message: 1
Date: Fri, 20 Feb 2004 08:15:03 -0600
From: Tony Bibbs <tony at tonybibbs.com>
To: Geeklog <geeklog-devel at lists.geeklog.net>
Subject: [geeklog-devel] Spam to members of lists
Reply-To: geeklog-devel at lists.geeklog.net

I got this complaint today:

<snip>
Tony,

I joined geeklog-users a little more than a week ago using newly created 
email
addresses and posted only twice, and already I received two spam emails 
today
to the new addresses (one of the addresses appears only in the Received 
header
).

Either the spammer is a member of the list and receives emails with the full
headers, or a list member's computer is infected and collects addresses.

I know how seriously you and the development team of Geeklog think about
security. I would like to ask your help to consider what could be done 
to stop
spammers from collecting email addresses from geeklog lists. Right now I'm
having second thoughts about publicly contributing to the development 
(at least
not without stripping some mail headers).

FYI below are transcripts of the blocked SPAM going to these two email
addresses. They were received 1 second apart from two different IP 
addresses.

sincerely,
Drago Goricanec
</snip>

I then reviewed the privacy options and the only thing I see that we can 
do to fix this is set the very last option, "Hide the sender of a 
message, replacing it with the list address (Removes From, Sender and 
Reply-To fields)" to 'yes'.

I think spam is enough of a problem where we should simply turn this off 
but I wanted to make sure I wasn't forgetting something because all this 
rings a bell with a situation way back when we were addressing this last.

...which reminds me I should probably upgrade mailman to see if we don't 
get some new anti-spam features (i.e. baysian filters, etc)

Thoughts?

--Tony

--__--__--

Message: 2
Date: Fri, 20 Feb 2004 10:31:04 -0500
From: Vincent Furia <vmf at abtech.org>
To: geeklog-devel at lists.geeklog.net
Subject: Re: [geeklog-devel] Spam to members of lists
Reply-To: geeklog-devel at lists.geeklog.net

Tony,

We have gone through this before.  Last time we switched many people 
(including myself) complained that not having the email addresses of the 
people sending emails to the list was a major PITA when it came to 
keeping track of who said what.  This is especially true since many 
people don't sign their email.

I'd rather put up with a bit of SPAM (which SPAM filters can catch) then 
have to figure out from context who was sending a message to the mailing 
list.  Also I like to be able to email people directly (especially for 
some of the questions that pop-up on geeklog-users).

Note that the SPAMers could have gotten his email by scouring the 
archive.  Some people do a reply-to that includes something like:

	joe at some.email.com said:

Which doesn't get filtered and an email address winds up on the lists 
archive web pages to be grabbed by SPAM bots.  Maybe there is a way to 
filter email addresses out of the body of messages before they posted to 
the archive?

-Vinny

Tony Bibbs wrote:

> I got this complaint today:

> 

> <snip>

> Tony,

> 

> I joined geeklog-users a little more than a week ago using newly created 

> email

> addresses and posted only twice, and already I received two spam emails 

> today

> to the new addresses (one of the addresses appears only in the Received 

> header

> ).

> 

> Either the spammer is a member of the list and receives emails with the 

> full

> headers, or a list member's computer is infected and collects addresses.

> 

> I know how seriously you and the development team of Geeklog think about

> security. I would like to ask your help to consider what could be done 

> to stop

> spammers from collecting email addresses from geeklog lists. Right now I'm

> having second thoughts about publicly contributing to the development 

> (at least

> not without stripping some mail headers).

> 

> FYI below are transcripts of the blocked SPAM going to these two email

> addresses. They were received 1 second apart from two different IP 

> addresses.

> 

> sincerely,

> Drago Goricanec

> </snip>

> 

> I then reviewed the privacy options and the only thing I see that we can 

> do to fix this is set the very last option, "Hide the sender of a 

> message, replacing it with the list address (Removes From, Sender and 

> Reply-To fields)" to 'yes'.

> 

> I think spam is enough of a problem where we should simply turn this off 

> but I wanted to make sure I wasn't forgetting something because all this 

> rings a bell with a situation way back when we were addressing this last.

> 

> ...which reminds me I should probably upgrade mailman to see if we don't 

> get some new anti-spam features (i.e. baysian filters, etc)

> 

> Thoughts?

> 

> --Tony

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devel

> 



--__--__--

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devel


End of geeklog-devel Digest