Re: [Savannah-hackers] How to fight spam on GNU mailing lists

[Mathieu Roy]

> I don't have much time to write now, but I wanted to add my two cents
> to the SPAM issue.
>
> I think it is very important for GNU to not turn to blacklists, nor to
> treat certain domains as second-class citizens.  I also think it is
> important not to make most of our mailing lists moderated.
>
> Let's please consider a whitelist-based solution.  More specifically,
> I think we should maintain a system-wide whitelist, which treats
> everyone equally.  The first time anyone emails any domain local to
> fencepost, their message will be frozen, pending a confirmation note
> sent to them which they must reply to, to verify their authenticity.
> If the verification note is replied to correctly, they are added to
> the whitelist and all pending emails are thawed.
>
> I suspect that this simple, non-discriminatory method will get rid of
> most of our SPAM.
>
> If this becomes a widely used practice, we will eventually need to
> make the verification note hard to reply to without human intelligence
> -- some kind of simple question to answer, which a program could not
> do reliably.
>
> I'll write more later, and I may also volunteer to implement this
> method.

This seems fine too.
The two solutions have advantages and problems.

I prefer the blacklist since it doesnt require that normal user do 
something (and there's no problems with automated system as cvs ci > 
mail). The blacklist put in trouble only people that :
        - use an adress use for spam
        - use an open relay SMTP
but the whitelist can be fine.

We only just need to do something soon, since there's spam everyday.


--
Mathieu Roy

* http://savannah.gnu.org/users/yeupou
* http://yeupou.coleumes.org
* http://gpg.coleumes.org (GPG Key)