Re: [gnu.org #1231740] gnu-misc-discuss broken?

[John Sullivan via RT]

The spammers have ruined many nice things. Messages informing you that
you need to subscribe to a list for your post to go through are one of
them. It is basically Backscatter, about which Wikipedia says:

> Recipients of such messages see them as a form of unsolicited bulk email
> or spam, because they were not solicited by the recipients, are
> substantially similar to each other, and are delivered in bulk
> quantities. Systems that generate email backscatter may be listed on
> various email blacklists and may be in violation of internet service
> providers' Terms of Service.

> Backscatter occurs because worms and spam messages often forge their
> sender addresses. Instead of simply rejecting a spam message, a
> misconfigured mail server sends a bounce message to such a forged
> address. This normally happens when a mail server is configured to relay
> a message to an after-queue processing step, for example, an antivirus
> scan or spam check, which then fails, and at the time the antivirus scan
> or spam check is done, the client already has disconnected. In those
> cases, it is normally not possible to reject the SMTP transaction, since
> a client would time out while waiting for the antivirus scan or spam
> check to finish. The best thing to do in this case, is to silently drop
> the message, rather than risk creating backscatter.

> Measures to reduce the problem include avoiding the need for a bounce
> message by doing most rejections at the initial SMTP connection stage;
> and for other cases, sending bounce messages only to addresses which can
> be reliably judged not to have been forged, and in those cases the
> sender cannot be verified, thus ignoring the message (i.e., dropping
> it).

The listhelper volunteer documentation addresses this
(http://listhelper.nongnu.org/mailmanconf.html#backscatter):

> Backscatter

> “Backscatter” is one common name for what happens when a spammer forges
> a sender address and a mail server bounces the mail back to that (real)
> address. Example: spammer sends junk mail to a bogus address, with a
> From: address of address@hidden Result: karl receives the bounce,
> including the original spam message, as if he had actually sent it.

> In general, this can happen with any kind of automated reply, such as
> vacation messages. Therefore we recommend (with regret) against ever
> using such things. For mailman, this means setting
> respond_to_post_requests to No, keeping reject_these_nonmembers empty,
> and never using Reject for generic_nonmember_action.

We have a lot of trouble as it is staying on the right side of spam
filters. The more lists we have sending rejection/failure notices
automatically, the more trouble we will have.

I don't know how others are doing it, but there aren't all that many
people who run as many mailing lists or spool out as much mail as we do,
or receive as much spam as we do.

-john

-- 
John Sullivan | Executive Director, Free Software Foundation
GPG Key: A462 6CBA FF37 6039 D2D7 5544 97BA 9CE7 61A0 963B
https://status.fsf.org/johns | https://fsf.org/blogs/RSS

Do you use free software? Donate to join the FSF and support freedom at
<https://my.fsf.org/join>.