On Sat, 9 Dec 2000, Bernie Cosell wrote:
> > a possible answer -- new subscribers automatically go into "hold for
> > approval" mode.
>
> That won't help --- if the spammer just uses the
> on-list-account to harvest addresses [perhaps even using the
> archives to get a *bunch* in a hurry] and then just uses
> suitable forgery to make the spam seem to come from a legit
> account, you have a hard time figuring out who the actual
> perp is...
If the problem gets really bad, you can use the next level of
subscription security, require an application. Ask a few simple
questions that show the subscriber has a legitimate interest in
the list's topic... This is not practical to automate. If that
doesn't stop them, you can always use full moderation, approving
every post.
Address harvesting can not be stopped by any of these methods.
On the other hand, the harvester would only see a small
percentage of the subscribers' addresses. In a pinch, you could
set up the list for anonymous posting. The more security you add
to a list, the more difficult it is for subscribers to use. The
bottom line is that you can't prevent a determined spammer from
at least collecting some address data from most mailing lists.
You can prevent them from posting but this may require a lot of
effort... I can't recall a successful "drive by spamming" on any
of my lists for the past five years or so. I've seen no credible
evidence of address harvesting.
- murr -
