Well, in fact the _most_ annoying thing are not the massmailings itself, but the repeated discussion that starts _everytime_ when _one_ such thing touches the list. Sometimes I feel like on Groundhog Day...
FULL ACK!!! And in addition to that, I would state that those discussion cause more than quadruple the traffic the worms do.
Perhaps that is because nothing is ever done. Virus/Spam gets post, people whine, nothing happens, people stop. Rinse/Repeat.
As far as I am aware, this is a security list. Security of the list would, I believe, be covered as a valid discussion. I don't care much about the vagaries of SuSE's iptables wrapper, but it is discussed ceaselessly on the list. I recognize that as valid. Why is our own discussion any less valid? I am, at least, talking about something constructive. Whining about other people's posts is hypocritical at the very least.
I rather like the idea of simply requiring a specific string somewhere in
There is no lack in security from such post, because the mailserver cuts them of (or my mailserver filters them out). The problem is it consumes me time to delete the posts and filter them from the more important ones. If there are more spam-mails, than real mails on the list I loose interest, because I want to read security related stuff and no /dev/tele-tubby texts (no I not 68 and need aging pills ... or anything other). the
message to prevent spam. Would it be such a burden to end a subject line with "#"? Does anyone know if there is a technical problem in checking for such a subject before sending out to the list?
Any "FULL ACK!!!" or "That makes more traffic" posts don't _REALLY_ help solving that issue. At our local admingroup's mailinglist we had simillar problems with posts not belonging to the list. Now we got this under control. If this list makes a key-exchange-party and only mails were allows with the right signature, there would be no spam here at all. If then somebody is on the list spamming, he/she/it can easily be unsuscribed (small amount of work). Example with pgp signature: -----BEGIN PGP SIGNATURE----- YOUR KEY [...] -----END PGP SIGNATURE----- The next point is, the content of the list is presented on webpages, which webspiders can easily grep. It's no problem getting this information with e.g. google - there is much knowledge behind the posts - , but if malicious third party fetch the E-Mail addresses of the users and do their unprofessional business. So if we use a signed list this signatures should not be posted there. It is better, if we can find a zero spam solution and can come back to more important threads. Philippe