-- On Monday, April 14, 2008 2:11 PM -0700 Ned Freed <ned.freed@xxxxxxxxxxx> wrote regarding Re: IESG Statement on Spam Control on IETF Mailing Lists -- > > +1 to Henrik's comments. I don't think the two MUSTs > > that he comments on are algorithmically possible. > > These two MUSTs (the ability to whitelist specific posters > without them having to receive list mail and spam rejection) are > both completely trivial to implement with our software. The > latter is normally done (and definitely should be done) at the > SMTP level, minimizing blowback. To be fair, and I know Ned that you know this, it depends on where and how you implement specific controls. Some software makes this easier than other software. In general, the more integrated the components the finer granularity one gets in what you can do. Specifically, the whitelisting has to occur either before or within the SPAM filtering. If a source is whitelisted it has to bypass all other checks. The IETF setup uses SpamAssassin for tagging purposes. This is done outside of the SMTP service and outside of Mailman, which supports the mailing lists. The whitelisting is done with TMDA, which is also outside of SpamAssassin and outside of Mailman. Getting all three of these things to work together is not trivial. I don't mean to suggest it's rocket science, but you have to sit down and think about how each of them provide the various services they provide and get them to cooperate. Changes in any one require a re-evaluation of the entire setup, just to make sure there are no unintended consequences. The fact that TMDA does whitelisting means that Mailman does not have to do it. This reduces the SPAM load on Mailman but it does not change the fact that you have to be a subscriber to get a message through. If you're not a subscriber you're still going to get "moderated". For Mailman to do the whitelisting it means that every mailing list would have to have the same database that TMDA has, which has 40,000 entries in it. Yes, that's right, there are 40,000 unique email addresses across all IETF mailing lists. This is how Mailman works. My point here is that there are choices to be made, and those choices have implications. Obviously the IETF could make different choices, but I do think it's important to understand the advantages and disadvantages of different choices. Jim _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf