idiot reponse

Rich Kulawiec rsk at gsp.org
Thu Feb 27 09:09:44 UTC 2020


On Thu, Feb 27, 2020 at 12:25:27AM +0000, Mark Rousell wrote:
> This (or what it appears to be) is happening on an increasing number of
> mail lists. It's not many but it's there I don't know who is behind it
> or why, but it's an increasing annoyance.

There is a partial fix for this, at least for anyone using Mailman to run
their lists (e.g., nanog):

Set Mailman so that all new subscribers are moderated by default.

Either new subscriber X will one day send real content to the list
or they won't.   If it's the latter, then it is very simple to use
Mailman's interface to simultaneously (a) approve the message for
distribution and (b) clear their moderation flag.  If it's the
former, then the message will only be seen by the list-owners and
won't bother everyone on the list. [1]

This doesn't help with copies that are sent directly to list-members,
however.  The fix for that is for responsible list owners (a) to
be available at the -owner address (per RFC 2142 and decades of best
practices) so that they can field problem reports and (b) to use Mailman
to (a) unsubscribe the errant address and (b) ban it.  I'd also recommend
that they (c) publicly announce such actions with an "administrivia" Subject
line on-list so that list members can take corresponding actions in their
own mail systems.

If nanog-owner isn't responding then that's a serious lapse and
needs to be corrected immediately.  Doing so is a fundamental part
of basic mailing list administration.

I'd also strongly recommend that list-owners have Mailman configured
to notify them of all subscribe/unsubscribe events and/or to require
manual list-owner approval for subscriptions.  Interposing human
beings in the process doesn't solve this problem but it provides
the opportunity to detect and quash it early on.

---rsk

[1] Note that this is also a partial defense against accounts which
are hijacked and turned into bots.  Given that -- on most mailing lists
and especially on large ones -- the overwhelming majority of subscribers
will *never* send any traffic, nothing is lost by doing this.  But on
the day when an account is hijacked and suddenly starts sending large
amounts of traffic, none of of it will get through to the mailing list.



More information about the NANOG mailing list