Great Circle Associates List-Managers
(October 1995)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Mailinglist spamming countermeasures
From: Olle Jarnefors <ojarnef @ admin . kth . se>
Date: Mon, 23 Oct 95 21:21:22 +0100
To: list-managers @ greatcircle . com
Cc: Olle Jarnefors <ojarnef @ admin . kth . se>

Mailinglist spamming is less frequent than newsgroup spamming
but also more difficult to counteract. After being hit by
several spammers this summer the ISO10646 list in September was
changed to only accept contributions from subscribers. This
seems to have been an effective measure. I'm afraid that this
will not be enough, though, when spammers get more
sophisticated.

I have sent the following message to the owner of the ISO10646
list. Do you agree with my analysis or have I overlooked
something? Would my "solution 2" be the end of mailinglist
spamming, if widely implemented for open mailing-lists?

/Olle

--
Olle Jarnefors, Royal Institute of Technology, Stockholm <ojarnef @
 admin .
 kth .
 se>

(I'm not myself a list manager, only a concerned mailing
list user.)


--- Start of included message

Date: Fri, 8 Sep 95 16:25:16 +0200
Message-Id: <9509081425 .
 AA13264 @
 mercutio .
 admin .
 kth .
 se>
From: Olle Jarnefors <ojarnef @
 admin .
 kth .
 se>
To: "Hart, Edwin F." <HartEF1 @
 bisdpo1 .
 bisdnet .
 jhuapl .
 edu>
Subject: Re: change in ISO10646 LISTPROC options

Hello Ed,

You wrote:

> To avoid a few of the SPAM messages, I am changing the listproc options for 
> ISO10646 to require that a person subscribe to the list before the ISO10646 
> listproc will accept any messages from the person.  I hope that this is 
> enough to stop some of these people, but it may not be.

I'm afraid that the cleverer spammers quickly will learn how to
subscribe to the list, _before_ trying to send their garbage to
it. And all the malicious activity is automated. The new
solution will soon be sold to naive marketing people by some of
the Internet saboteurs.

Once they have come across the address of a mailing list, which
is now the case with ISO10646, the rate of spamming attempts
will probably only increase. Also addresses are sold to people
who want to "exploit this exciting new advertising medium".

I can see two different solutions of this problem, both requiring
support by the mailing list management program. I don't
know if listproc has such funtionality. If not, the author of
listproc perhaps would be interested in adding it.

Feel free to forward my ideas to anyone who is on the right side
in the struggle against spammers.

SOLUTION 1: New subscribers will not get any messages they send
to the list distributed, unless they have been subscribed for
30 days or so. After this period probably all new subscribers that
are spammers will have lost the account they subscribed from,
because of complaints to their service provider from other
mailing list or Usenet administrators who have been hit by their
spamming.

Unfortunately this solution will become less efficient the more
mailing list administrators that apply it. When all lists has a
30 day "maturity period", the spammers will subscribe to
thousands of mailing lists, sit and wait for a month and then
start their dirty activity.

To overcome this probable future consequence, manual inspection
of messages before they are distributed to the list subscribers
can't be avoided, I'm afraid.

SOLUTION 2: The first several messages that a new subscriber
sends to the list are looked at by the list administrator or
another person he/she has chosen. A spam message is very easy to
detect, and that subscriber can immediately be removed from the
subscribers. Some spammers might try to counteract this by first
sending a couple of short innocent-looking messages before they
start the real spamming. For a person with at least some
knowledge about the subject of the mailing list, even these
messages will be easy to spot, because of their lack of subject
relevance. Such a message may of course come from an innocent
newbee, not a malignant spammer. Therefore, it should only lead
to the subscriber getting a "read-only" status for 30 days, not
being removed from the list.

I don't think this solution will become too burdensome:

1) Most messages to most lists are sent by old subscribers. The
   list management program will take care of them automatically,
   like today.

2) The scanning of messages from new subscribers doesn't have to
   be performed by the list owner or list administrator but can
   be delegated to other persons.

3) It's acceptable with some delay before a message from a new
   subscriber is processed.

I haven't yet been able to come up with a method for spammers to
defeat this second solution, so I hope it's watertight.

--- End of included message

Indexed By Date Previous: Spam from Johnson-Grace Co.?
From: Lazlo Nibble <lazlo @ swcp . com>
Next: Mailinglist spamming countermeasures
From: arielle @ taronga . com (Stephanie da Silva)
Indexed By Thread Previous: Cyber-Promo...
From: Wes Morgan <morgan @ engr . uky . edu>
Next: Mailinglist spamming countermeasures
From: arielle @ taronga . com (Stephanie da Silva)

Google
 
Search Internet Search www.greatcircle.com