Replies to spam
David I Noel
david.i.noel at gmail.com
Wed Dec 28 03:02:17 UTC 2016
On 12/22/16, Adam Vande More <amvandemore at gmail.com> wrote:
> On Sat, Dec 17, 2016 at 2:51 PM, Ralf Mardorf via freebsd-questions <
> freebsd-questions at freebsd.org> wrote:
>> >On 12/15/16, David I Noel <david.i.noel at gmail.com> wrote:
>> >> I'm currently in the process of creating a few hundred new email
>> >> addresses from which I will +1 this reply.
>> That reminds me of
> In response to this overall thread, it seems it's time for this again:
What does that list have to do with the conversation at hand?
We're talking about the problem of spam, solutions to it, and why
those solutions are never implemented--such as simply requiring people
to register to the list, rather than having an open list that allows
spammers to launch their spam attacks against the list server and have
it auto-reflected and amplified, by having list-serve auto-forwarded
to everyone subscribed.
The only points of substance I could come up with from that meme-y
check-list is that:
1. Users will be affected.
As far as #1:
Yes, of course they will be affected.
- New users will have to register (oh no!).
- Already registered users will no longer have to endure the onslaught
of spam (hooray!).
- ...and the number of conversations on this list about spam will
decrease if not disappear entirely (woo hoo!).
To #2, the answer is: yes, of course asshats exist. Assuming this is
the line of argument you would go down: if they want to spam the list
then yes, of course, they can write software to register their spam
bots to the list and continue spamming. Then a CAPTCHA can be thrown
up, if it comes down to it. In reality though, you can subscribe
yourself to dozens of other open source project mailing lists (ones
requiring registration) and you will receive hardly any spam at all
(if any), so that one extra step keeps spammers from doing it most
everywhere else (to this absurd degree).
As far as I could tell, nothing else really applies to this
conversation other than maybe "whitelists suck", which I don't think
really even needs a response.
There are plenty of other reasons to close the list than the ones that
have been mentioned: reducing the amount of spam, reducing the amount
of clutter in everyone's spam folder making it harder to find and "ok"
valid email threads from it (FreeBSD-related or not), reducing the
amount of discussions about spam on the list, and on.
Does the forum receive spam? If not, why not? (Because it requires
users to register, and likely includes a CAPTCHA, I would imagine).
What purpose does spam serve?
What other purposes could it serve?
Who sends spam?
Where does it come from? Servers purchased to send spam, or by and
large hacked servers?
The obvious answer is that spam could be sent trying to spear, phish
(and there are all types of phishing), sell things, or generate clicks
to website or on ads, but the majority is filtered by decently
configured spam filters (gmail does fine, but seems a bit too
aggressive in some cases).
So why else would it be sent? The spam could also be a "hello" or
keep-alive notice to bot-masters and or their friends, and this open
list could serve as a place for the rooted servers to check in.
Subscribe to this list, check your inbox or spam folder, and find out
where "our" latest owned servers are. Public lists are just asking for
that sort of thing, and with spam filters catching most of it, it's
probably a decent way to build a sizeable botnet, either hide the
hello/keep-alive notices, share the info with whomever it's intended,
and keep it undetected for some time.
As much as "there's a strong culture here among core that's resistant
to change" gets thrown around, with every release new features get
added and new improvements are made. This makes me wonder whether it's
really a matter of resistance to change or more of the issue not being
positioned properly, along with the lack of engagement by anyone on
core with the "non-cool kids lists" about the matter.
More information about the freebsd-questions