Re: [vps-mail] update

[Abigail Marshall <webmaster@xxxxxxxxxxxx>]

SW> At least three of you on the list reported vps-mail@xxxxxxxxxxxx to
SW> spamcop.net, which promptly blacklisted my server. I have no way of
SW> knowing who did it, but I'm guessing it was an automated submission of
SW> some kind. I don't think anyone here would knowingly submit this list
SW> as a spammer.

Scott, I checked spamcop, and the email that was submitted
as spam was indeed a mortgage lender spam that apparently
came through this list. (I didn't see it, but most likely it
was caught by another filter used by one of my ISPs).

I realize that automated submission may be frustrating, but
these are NOT spams being reported by someone who forgot
they subscribed to the list. The Spamcop sample shows:

(1) From: "melissa" <bactusites@xxxxxxxxx>
NOTE: Probably NOT a vps-mail subscriber

(2) Subject: [vps-mail] sit up and pay attention to your home mortgage!       ds89

This is very obvious spam. In fact, someone doing hand
submission rather than automated submission might see the
above 2 lines and not even be aware that it came via the
vps-mail list, depending on how their email reader or logs
are set up.

(3) Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: base64

NOTE: The base64 encoding is an indication of likely spam,
and could potentially be stopped by a filter

(4) X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on blade1
X-Spam-Level: **************
X-Spam-Status: hits=14.4 tests=FORGED_IMS_HTML,FORGED_MUA_IMS,HTML_60_70,
        HTML_FONTCOLOR_UNKNOWN,HTML_IMAGE_ONLY_04,HTML_MESSAGE,
        HTML_TITLE_UNTITLED,LINES_OF_YELLING,MIME_BASE64_LATIN,
        MIME_BASE64_TEXT,MIME_HTML_ONLY,SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID,
        TO_ADDRESS_EQ_REAL,USERPASS version=2.60

A 14.4 hit level for Spamassassin is almost certainly spam.
I've never seen a false positive at that level, so it is
reasonable for automated reporting to be set at that level.

(I don't do automated reporting myself - so this certainly
didn't come from me -- but without automated reporting,
services like Spamcop or Razor would quickly become useless.
So I don't think you should condemn those who are doing
their part to help stop the flow of spam to the rest of us).

SW> 1) automated submission of spam to spamcop or any RBL is dangerous and
SW>    can result in inadvertent blacklisting of legitimate or harmless IP
SW>    ranges.

As noted, the email that was reported WAS spam. It wasn't a
mistake, any more than it would be a mistake if I had an
open relay on my system which allowed spam to get through.
Or, in other words - it WAS a mistake, but it was YOUR
mistake in list configuration rather than the mistake of the
people reporting the spam. I don't mean to come down hard on
you -- I personally was horrified at myself a few months ago
when I realized that my majordomo list configuration was an
open door to any spammer who had the brains to send email to
the default broadcast alias rather than the list itself. I'm
lucky that my own stupidity wasn't exploited on a public
list with thousands of subscribers.

We all very much appreciate the hard work you put into
maintaining this email list, but part of the responsibility
of maintenance of such a list is taking appropriate
precautions to close up email security holes and prevent
spam like this from getting through. Since many of us are
doing the same thing - managing email servers and mailing
lists - we are sympathetic to the extra work that
responsibility creates.  But I don't think there is any way
around it -- if you run an email list, you have to take
responsibility for making sure that there is a system in
place that will stop most spam from being redistributed
through the list.


SW> 2) I had configured my list to allow non-list postings; I know that
SW>    for myself I have many "personalities" or email addresses that I
SW>    use (I've got three work addresses that my client sends alone, and
SW>    probably a dozen personal addresses I use for different
SW>    audiences).

This is NEVER a safe configuration for an email list - it's
simply an open door waiting to be abused.

Mailman 2.1.2 has a feature that allows the moderator to
permanently approve postings from additional email
addresses, even if they are not members. So if I get a post
from a non-member, the first time around I will have to take
some sort of action. But if I see that it is clearly a legit
post using an alternate, unsubscribed email, I have the
ability to choose add the email to an approved list for
posting. Similarly, my administrative/moderator options
allow me to add a new email to a permanent ban list - this
will prevent repeat instances of me having to deal with spam
emanating from the same source.

Mailman 2.1.2 also has some built in content filtering
options that could be used to prevent some spam from coming
through the list.

SW> Does anyone have any strong feelings about these changes to the list?
SW> What should our stance be when a list is spammed (as it was with this
SW> list)? I hate to lock the list down to members-only posts, since it
SW> causes delays (I have to now approve a bunch of bounces and repost
SW> them) and lost mail, but I don't know of another way to stop
SW> it.

I do think that despite potential delays, members-only
posting is absolutely necessary. If you have to "repost"
anything, then you probably need to change the software
driving this list, because the process of
approving/rejecting/discarding held email should be a
fairly simple check-the-box process via a web interface.

-Abigail

======================================================================
Technical questions regarding this list may be sent to
<vps-mail-owner@xxxxxxxxxxxx>. You may request an automated help
response by sending an email with the word 'help' (w/o quotes) in the
BODY of the message (subject is ignored) to <vps-mail-request@xxxxxxxxxxxx>.
======================================================================