On Tue, 2011-07-19 at 13:25 -0500, Ace... wrote: > hmmm! > > okay martin... > ... but can you suggest something, > Both. Some sort of spammer discouragement or a spam filter is needed on forum posts. At first glance putting a spam filter between the forum and the mailing list seems a good idea, but it ain't that easy because all senders have an address of the form "forum-poster@xxxxxxxxxxxxxxxxx", so all you have to go on is phrases and URLs in the body of the post. I have wondered if a more complex *and intentionally time-consuming* sign-up procedure for the forum would help. This could be something like: - sign-up requires a valid e-mail address, as well as a handle and passphrase. - the address + passphrase would be required to login to the forum - the 'handle' would be all that appears on forum posts and as the sender address in the linked mailing list - sign-up involves the new user replying to a confirmatory e-mail sent to the login address, thus capturing a valid e-mail address for every user who completes sign-up - wait a few hours before the confirmatory request e-mail is sent. All this may upset a few legit. posters but hopefully would positively discourage spammers (both human and robotic) who are trying to maximise their output rate and generally only have a short window for spamming before the blacklists and Bayesian spam recognisers start rejecting their rubbish. > or, are you primarily alerting us to the fact that, > for want of a better word, the wine email sys has been hacked, > and has therefore, as an entity, gained a bad reputation? > The volume of spam coming from the Codeweavers forum has grown a lot recently while what little used to come from Nabble has now pretty much vanished and I don't recall ever seeing much from the WineHQ forum. I'm reading this to mean that Nabble has improved its game and that the WineHQ forum has some sort of filtering or maybe a sign-up procedure that discourages spammers, but that Codeweavers don't seem concerned about being a spam conduit. I'll make a better effort to track where winelist spam is coming from in future. Currently, if I see messages that are obviously spam pushing a URL I just snarl and add the URL to a private Spamassassin rule that fires on Wine messages that contain listed URLs and/or product names accompanied by sales terms. Martin
