List-Managers: Re: Mailinglist spamming countermeasures

List-Managers
(October 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Mailinglist spamming countermeasures
From:	Roy Rapoport <rsr @ ide . com>
Date:	Tue, 24 Oct 1995 13:00:54 -0700
To:	list-managers @ GreatCircle . COM


On October 24, 1995, Lazlo Nibble <lazlo@swcp.com> said:

>One other anti-spam approach to add to the pile would be:
>
>  * When someone tries to subscribe to a list, the list sends them a "what
>    this list is about" message with a unique key at the end, and the note,
>    "if you still want to subscribe to the list, send a subscribe request
>    with this key".  With this, all posters have a known valid email
>    address (something that's rapidly becoming unheard of for spammers).
>
>Problem: they can get on the list from a "safe" address and then forge spam
>to the list so it looks like it's coming from a known "good subscriber" 
>address.

Perhaps I'm missing something here, but it seems to me there's an equation
we might be ignoring here.

Take UNIX security, for example: You can make a site very very very very
safe, and very very very very unusable.  In the end, you have to choose
some sort of balance between ease/openness of use and security.  When it
comes to security, my general concern would be to work on security
to the point where my work on security takes less time/money than the
likelihood of loss of data/productivity * cost of loss of data/productivity.

In other words, it's something like
Work I'm willing to do = chance of loss * magnitude of loss.
Now, of course, what you want to do is minimize work :) but as long as
it's at most equal, I seem to be ahead of the game; if I'm spending
more work/effort/time/money than the chance of loss * magnitude of loss,
then it seems like I could be spending my time better, no?

So, if we look at spammers, is it possible that we might be discussing
measures that in the end would be more hassle than the spammers themselves?
How horrid is this problem anyway? I'm afraid I don't have a representative
exposure to mailing lists -- I'm only on, say, 5-10 of them at any given
time -- but personally, the two letters from Olga were far less annoying
than the clueless newbies subscribing on mailing lists, and we're
certainly not going to stop *them* with anti-spamming measures ...

-roy


 
---------------------------------------------------------------------------
Roy S. Rapoport                               UNIX/Mac System Administrator
rsr@ide.com                              I do not, of course, speak for IDE
Phone: 415-543-1314 ext. 280                              Fax: 415-543-0145

Follow-Ups:

Re: Mailinglist spamming countermeasures
From: Elizabeth Thomsen <et@clsn1102.noble.mass.edu>

Indexed By Date	Previous:	Majordomo 1.93 advertise bug on Solaris 2.4/Perl 5.0 From: mcrae@santacruz.k12.ca.us (Christopher McRae)
Indexed By Date	Next:	Re: Date problems From: Christopher Davis <ckd@loiosh.kei.com>
Indexed By Thread	Previous:	Re: Mailinglist spamming countermeasures From: scs@lokkur.dexter.mi.us (Steve Simmons)
Indexed By Thread	Next:	Re: Mailinglist spamming countermeasures From: Elizabeth Thomsen <et@clsn1102.noble.mass.edu>