>>>>> "Rik" == Rik van Riel <riel@xxxxxxxxxxx> writes: Rik> On Wed, 30 Mar 2005, Hubert Chan wrote: >> What I'm proposing is that messages that meet any of the following >> criteria are accepted: >> >> - messages from subscribers >> - messages from whitelisted people Rik> Would it be acceptable to have a "self whitelisting" system here - Rik> ie. a "mailing list" that people can subscribe to, but not post to, Rik> and subscribers from that silent list would be allowed to post to Rik> the linux-crypto list ? That would be fine with me. I guess if nobody complains about this, we can go ahead with this. Rik> Something like that can be implemented in minutes, using the Rik> software that is already installed. >> - PGP/GPG-signed messages (if spammers start signing their messages, >> this can be made more strict -- e.g. signed messages with public key >> on a keyserver, etc.) >> - replies to messages that already got through (checked via the >> References/In-Reply-To header) Rik> These two will be a bit harder, since ecartis only has a Rik> blacklisting mechanism, but not a whitelisting one. That's unfortunate. I guess we can try it out without these, and see how annoying it is to new people, although my guess is that it should be mostly fine. >> - messages with a low SpamAssassin (or other spam filtering software) >> score Rik> This would let through a lot of the 419 mails, which seem to be the Rik> bulk of the spam making it through the filters currently. Rik> Are you sure you want this ? In that case, probably not. I don't know if there's any easy way to get stats on this, but is there any reasonable cut-off point that would stop most of the 419 mails, but let in a reasonable amount of real mail? (Reasonable, so that it's useful to actually implement it.) I'm thinking of something like the -1.0 or -2.0 range. >> Everything else is either rejected, or held for further approval by >> the administrators (depending on how much work this would create for >> the administrators). Rik> Any volunteers ? I wouldn't mind helping out. Although I probably wouldn't be able to take it all on (e.g. I may be out of town at some points). The amount of spam that actually does get through doesn't seem to be that much (and after we close the list, that should get rid of the guy who's using the list address to sign up for various things), so my guess is that this should only require a couple other people. -- Hubert Chan <hubert@xxxxxxxxx> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/