At 2:03 PM -0500 6/27/2000, David W. Tamkin wrote:
>You probably won't like my answer, but you should make transfers and all
>other listowner-originated additions opt-in. If the victim, er, potential
>subscriber wants to join, he or she needs to reply; no response means no
>subscription and no further mail.
That's a good idea, but there's a bit of a twist here. The problem
with the listbot stuff is that the list owner can make the transfer
and post to it immediately. To circumvent that problem, Listbot could
allow an admin to bulk-load addresses, but they'd have to send out a
standard opt-in message with very (VERY!) limited customization
capbilities, and users wouldn't get any e-mail from the list until
they opted in. Right now, the spam coming out of listbot is being
sent as part of the "welcome to listbot, your olist has been moved"
message, so you can't let the admin customize it that much.
Basically, a "welcome/opt-in" message that tells people what the list
name is, what the previous address is, who the admin (and admin
e-mail) are, would circumvent this problem as well, but even allowing
something like 256 characters of explanation would allow the spammers
to tweak the system. But if the opt-in message was strictly limited
and not under the control of the admin, it'd work.
>in the same mailbox, even to a list that I want? As anyone on list-managers
>can see, those three addresses of mine were on a very old spam target list,
>and this listowner was just adding every address it had ever heard of.
that's another thing they could do, of course, which is track known
"bunny" bogus addresses that end up in all of the spamholes, and if
they appear in the bulk-load, freeze the list for further
investigation. Ditto if the bulk-load is bigger than some number --
there are any number of heuristics that could be used to sniff-test a
list of addresses, whether it's "50,000 addresses" or "10,000
addresses from a hotmail address" or "yet another subscription to
[EMAIL PROTECTED]"... Build some kind of scoring system, and
refer anything with a score above "foo" to a person for evaluation.
I'd start with, say, any bulk load > 100 addresses that comes from a
free e-mail address....
There are lots of way to intelligently limit the risk. I think you
need opt-in for discussion lists in any event, but any time you have
insecure or untrusted data, you have to protect yourself and the
people your site might affect. That means either spending the time to
trust the data, or use a system like opt-in to limit the impact.
Frankly, whenever a list is moved, I think it's usually a good idea
to referesh the list anyway, help everyone get their addresses
updated, etc, etc. So opt-ins are a good idea, since it also gives
people who just aren't that interested but haven't gotten around to
leaving an easy out. The people who want to be on the list will join
the new list; the rest, if they don't want to be there, why force
them onto it?
--
Chuq Von Rospach - Plaidworks Consulting (mailto:[EMAIL PROTECTED])
Apple Mail List Gnome (mailto:[EMAIL PROTECTED])
And they sit at the bar and put bread in my jar
and say 'Man, what are you doing here?'"
