[vps-mail] update

[Scott Wiersdorf <scott@xxxxxxxxxxxx>]

At least three of you on the list reported vps-mail@xxxxxxxxxxxx to
spamcop.net, which promptly blacklisted my server. I have no way of
knowing who did it, but I'm guessing it was an automated submission of
some kind. I don't think anyone here would knowingly submit this list
as a spammer.

This raises at least three concerns I have, perhaps you all can
comment on this if you have feelings one way or another:

1) automated submission of spam to spamcop or any RBL is dangerous and
   can result in inadvertent blacklisting of legitimate or harmless IP
   ranges. Consider the case where you're doing some testing of your
   own and bounce spams to yourself to see how effective your filters
   are. Your automated spamcop reporter kicks in and you blacklist
   yourself. Fortunately spamcop.net has an auto-delisting feature (in
   48 hours you are removed), but some RBLs don't.

2) I had configured my list to allow non-list postings; I know that
   for myself I have many "personalities" or email addresses that I
   use (I've got three work addresses that my client sends alone, and
   probably a dozen personal addresses I use for different
   audiences). When the spam hit the list, I turned off non-list
   postings immediately. Since then, I've had a couple of people who
   are subscribed, but under different email addresses (Tim Gorter's
   cross-post to vps2 was the most recent example of this) whose
   messages were blocked on vps-mail because they were posting from a
   non-list address.

3) I had also configured my list to strip incoming headers for privacy
   reasons. By striping these, you as list members are protected to a
   degree because none of your relays or other sensitive data are
   posted publicly to the list archives. Perhaps this isn't vital,
   since the archiver program I use obfuscates list addresses
   anyway. Anyway, I have disabled the stripping after realizing that
   it also hides incoming spam details necessary for correct spam
   reporting.

Does anyone have any strong feelings about these changes to the list?
What should our stance be when a list is spammed (as it was with this
list)? I hate to lock the list down to members-only posts, since it
causes delays (I have to now approve a bunch of bounces and repost
them) and lost mail, but I don't know of another way to stop
it.

Perhaps now that the stripping has been disabled, we should allow
non-list postings again? We will be susceptible to incoming spams, but
at least they will be correctly marked as such (and I could run some
filters on the list). Thots?

I know some of you don't care about this, but since this is a list
related to mail and spam issues, this isn't just a dirty-laundry
airing.

Scott
-- 
Scott Wiersdorf
scott@xxxxxxxxxxxx
======================================================================
Technical questions regarding this list may be sent to
<vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
response by sending an email with the word 'help' (w/o quotes) in the
BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
======================================================================