how to filter advertisers from joining the list

Polytropon freebsd at edvax.de
Sat Apr 20 19:20:01 UTC 2019 

On Fri, 19 Apr 2019 21:11:22 -0700, Frank Fenderbender wrote:
> Since BSD is based in security and a history of being older than
> most all surviving OSs, I
> My question is whether we can imagine reducing overt email from
> the list that send "questions" about dating, or about buying a
> service/product... as a captive audience.

I don't know about you, but in _my_ opinion, the spam on this
list (and the side-noise it generates) is still beyond what's
accepted as "normal" on other lists. Sure, this is an _open_
list (no subscription needed for posting), but the amount of
spam that arrives in my inbox is so low that I'm even too lazy
to set up a deletion rule - I simply press DEL a few times,
and the thing is done. That's why I currently (!) consider
this a "no problem".



> It seems ironic that a list membership about a secure OS
> exhibits insecurity in who can access our mailboxes and
> detour our attention-spans with misrepresentation of purpose.

That's not fully correct.

By subscribing to the list you accept _all_ content sent by
the list per default, and it's up to your MTA / MDA / MUA to
take a filter action if you desire. This is not a security
problem per se.

Furthermore, those who read this list do not use things like
"Outlook" instead of a MUA, and are well aware of security
considerations regarding "strange links" embedded in HTML
messages. As the FreeBSD list system strips non-text attachments
in general, and people tend to read mail as text (and not as
HTML, which is untypical to be sent by legit list members),
I'd say this is not a big problem.

<a href="http://badguy.example.com/fakelogin.php">My Bank Account</a>

This won't work. People here aren't stupid enough to fall
for that. :-)



> So, I thought that others so-captured might want to seek some
> proactive revenge if we can decipher the problem, the tasks,
> and access.

You can easily examine the message headers and find out where
the spam originates from. You'll often find corporate networks
with infected "Windows" machines, or "Windows" PCs of clueless
home users that send the messages. You will typically _not_ find
out _who_ initiated it; sender != initiator. And those who cause
spam will always find sources to send it. There are enough
insecure, unpatched, unmaintained or intendedly left-open
systems around the world which they can gain access to. It's
not magic.



> If it's an "open" list then it's up to use to fend off invaders,
> right? It's not in anyone's "job description" unless it's in all
> of our membership implications?

The list maintainers tend to add known sources of spam to
the blacklists, but new sources will open from time to time,
causing a "spam blast" that typically lasts a few days, and
then ends.

You _could_ do some postprocessing of the messages before
they arrive in your inbox (in in your inbox before they
gain your attention).

Just a few comments:

> Examples of everyday improvements we all have made, or could make:
> 	Problem: 	In this day-and-age, 80% of all US phone calls
> are robocalls, esp. between 7-9am and 6-8pm..
> 	Workaround:  we've used the wildcard features of CPR CallBlocker
> and Ooma to pre-delete junk calls and callers.
> 
> 	Problem: 	We send about 30% of what Amazon sells back as
> misrepresented, faulty, or incorrect.
> 	Workaround: we avoid Jeff Bezos whenever possible.

This is something "average people" don't do, either because
it is a technical skill they don't have, or because it does
not reflect as loss of money. Generally speaking, eople are
able to tolerate an impressive amount of annoying things as
long as it doesn't feel (!) like losing money.



> 	Problem: 	We screened fake-people from a Yahoo Group
> mail-list I used to have; it was tough, because you had to screen
> for real people.
> 	Workaround: We did not admit to membership anyone who did
> not issue a self-statement , semi-divulging that they were not
> going to lob ads at us.
> 
> 	Problem: 	quantities of fake-people assault forums.
> 	Workaround: on our SMF forum, we use email verification,
> BOT lists, and essentially block all eAddresses with alphanumeric
> name-fields since that indicates a spammer more often than a
> lazy person.

Again, this solution might lead to exclusion of users who
intendedly use a "non-natural address", either because they
prefer to do so, or because they don't have any alternative.
If you add a subscription process that involves a certain
amount of interaction that exceeds the skills of the common
skript kiddie, you should be fine. But as I said, the FreeBSD
lists do not use subscription as a requirement for sending
messages. This is the first thing you should address if you
want a change.



> So, maybe we can get some info about the system running the
> list so we can try to make some improvements in proactively
> blocking spammers at the membership level?

In one of my earlier messages, I pointed out that you should
address the list maintainers directly (or use an appropriate
conversation list). Doing this on the user questions list is
not a good idea, and will probably not lead to anything.




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list