Subject: Re: SPAM: Y2K and FEMA Compliant Project Management Solutions (fwd)
To: None <port-mac68k@netbsd.org, port-sparc@netbsd.org>
From: Michael Maciolek <mikem@leftbank.com>
List: port-sparc
Date: 10/28/1998 10:25:55
Sorry to continue this thread, or propagate it across lists, but I think
I have something new to say that would be of interest to list members...
a proposal to impede the use of the BSD lists for sending spam.

On Tue, 27 Oct 1998, Joshua E Hope wrote to port-mac68k:
  >
  >Yes, for all of us who received this, it was spam thrown through the
  >NetBSD list... :/
  >
  >Definately do NOT reply, as this will just give the senders your definite
  >e-mail address. :) Most of us know that, but others may not...
  >
  >Anyway to stop this type of posting?

There's a general desire to keep the NetBSD lists "open" to non-members,
that is, you don't have to be a member of the list in order to post to
the list.  This policy is warm and fuzzy, and it even makes sense to the
many people who read from one account but may post from a different
account, myself included.  I *don't* recommend changing it.

One possible mechanism to thwart would-be spammers is to filter messages
based on a keyword in the Subject: line.  What if the every message sent
to the list had to contain some short, easily remembered string in the
subject line? ("netbsd" comes to mind)  A message sent to the list which
lacked the key word would be returned to sender with a note explaining
what to do in order to get the message posted.  Something like:

   'Your message to port-$ARCH has been returned to you because it
    does not have the key "$keyword" in the Subject: line.  Please
    resubmit your message, inserting "$keyword" in your Subject.'

This would eliminate *most* spam-related uses of this list, because most
spammers use a false return address so they don't get pummeled with
bounce messages or angry replies.  They'll never see the auto-response
that tells them how to successfully send to the list.

The auto-response should also contain a declaration of purpose for the
list which explicitely excludes unsolicited commercial Email.

Implementation would be simple with a freely available mail filter tool
(procmail could do it easily, and I assume most others.)

Opinions are welcome, but I don't want to provoke a noisy open forum on
either BSD list.  Please reply to me, I'll digest the replies tomorrow,

	regards,

	Michael Maciolek