Hi Rik, It looks like the list has reached some sort of consensus on decreasing spam. Or at least nobody has complained about these suggestions. Thanks to everyone who contributed their own suggestions. What I'm proposing is that messages that meet any of the following criteria are accepted: - messages from subscribers - messages from whitelisted people - PGP/GPG-signed messages (if spammers start signing their messages, this can be made more strict -- e.g. signed messages with public key on a keyserver, etc.) - replies to messages that already got through (checked via the References/In-Reply-To header) - messages with a low SpamAssassin (or other spam filtering software) score Everything else is either rejected, or held for further approval by the administrators (depending on how much work this would create for the administrators). The administrators can also use greylisting [1] on the messages that don't fit the acceptance criteria to pare down the number of messages that require manual approval. (I don't think messages should be automatically approved if they pass the greylisting test, since there is still a lot of spam that would pass.) [1] e.g. http://projects.puremagic.com/greylisting/ Another way to pare down the number of messages for manual approval is the re-check spam at a future time (say 30 min or 1 hour), and see if it has a higher score. (e.g. if it gets flagged by razor, etc.) If so, it gets dropped. Obviously, some of the above suggestions are harder to implement than others. I'll leave it up to the administrators to decide which ones are worth implementing. The next issue is how to get addresses onto the whitelist. The purpose of a whitelist is to make it easy for people to send real messages without too much interference. Some possibilities are: - obviously, we should initialize the whitelist with people who already post frequently, if they aren't already subscribers. Obviously, this includes people like Jari. Someone also suggested that HVR (who used to be very active on this list, but hasn't shown up recently) should be added. A good criterion is to look through the archives and find all people who posted a message (or at least N messages) in the last, say, year. - web-based signup -- enter your email address in a form, and it gets added to the whitelist - any mail that gets held triggers a confirmation message to be sent to the original sender. If the sender replies within some fixed time (say, one week), the message is accepted, and the sender is added to the whitelist. Otherwise the message is dropped. - messages that fit the above acceptance criteria get their senders automatically added to the whitelist. Maybe require N messages to be accepted before the address is whitelisted. e.g., if I the magic number is 3, and I send 2 replies, and 1 message that has a SpamAssassin score of -2, then my email address gets whitelisted. - the administrators could look over the held messages periodically, and accept the real messages and whitelist their senders. Again, some of these are easier to implement than others, and it is up to the administrators to decide which ones are worth implementing. There should also be some way for list members to get an address removed From the whitelist, if some spammer address somehow gets added. This probably won't happen that often (hopefully), so this can probably be done mostly manually. Hopefully, this proposal strikes a good balance between eliminating spam and other junk from the list, while keeping the list open to everyone who wants to participate. Thanks, Rik, for your work in running this list, and other lists as well. -- Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
Attachment:
pgpXJzl4eUKMI.pgp
Description: PGP signature
