Spam

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Spam

Scott Neugroschl-2

Can the spam filters on the listserv be updated?   Got two today in Spanish and Portuguese for monetary scams.  Anyone else getting these?

 

---

Scott Neugroschl | XYPRO Technology Corporation

4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

 

 

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Spam

Oliver Niebuhr
Am 20.04.2016 um 01:05 schrieb Scott Neugroschl:

> Can the spam filters on the listserv be updated?   Got two today in
> Spanish and Portuguese for monetary scams.  Anyone else getting these?
>
>  
>
> ---
>
> Scott Neugroschl | XYPRO Technology Corporation
>
> 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
> 583-2874|Fax 805 583-0124 |
Morning.

Yeah I got those too. I think like everyone else who subscribed to that
List and has no specific Filters set up :)

I am an Admin for some Mailman Lists myself - there is no way to block
everything with 100 Percent efficency - except if you disallow
non-members to send Message to $List.

It always depends on the local Mailing List Policy.

Greetings
Oliver



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (902 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Spam

Johann v. Preußen
i have posted my thoughts on unacceptable list access previously and it sank to the level of a frequent poster denigrating other users since they took exception to his self-professed role of protecting list admins in order "to avoid the list admins following bad advice from people" who might have differing opinions from his own. hopefully, that will not happen here.

in re the recent Brazilian Portuguese (note the 'R$' symbol for ISO BRL rather than Euro) spam: what was wrong with that posting that should have been caught:
  • the IP of origin 52.165.41.104 is an MS delegation without rDNS and -- obviously -- no SPF/TXT RR and
  • the claimed domain 'cloudapp.net' does not exist in whois (not a 100% indication of non-existence) or DNS (a 100% 'reject' indicator).
i have not used mailman for some time, but these two (2) simple errors would have been blocked by normal 'postscreen' checks and should never have gotten as far as mailman in any case. checking the EHLO format is in the µs range and a DNS check should take < 100ms. thus, these types of errors could be quickly and easily eliminated with a '521' without any RBL or list-serve processing at all.

the wider problem case is how non-subscribers are given two-way access to the list that exposes so much subscriber info (name, professional affiliation, email addr, ...) to whomever. i cannot fathom why the list does not make use of aliases so that each subscriber can control what they want to make public via their alias profile.

Thank you,

Johann v. Preußen


On 2016.Apr.19 16:40, Oliver Niebuhr wrote:
Am 20.04.2016 um 01:05 schrieb Scott Neugroschl:
Can the spam filters on the listserv be updated?   Got two today in
Spanish and Portuguese for monetary scams.  Anyone else getting these?

 

---

Scott Neugroschl | XYPRO Technology Corporation

4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
583-2874|Fax 805 583-0124 |
Morning.

Yeah I got those too. I think like everyone else who subscribed to that
List and has no specific Filters set up :)

I am an Admin for some Mailman Lists myself - there is no way to block
everything with 100 Percent efficency - except if you disallow
non-members to send Message to $List.

It always depends on the local Mailing List Policy.

Greetings
Oliver






--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

THREAD CLOSED: (was: Spam)

Viktor Dukhovni
Folks, we're here to discuss using OpenSSL, not email list management.
Junk mail is a a negligible issue for this list.  Discussion of junk
mail causes a lot more distraction that the junk mail itself.

Therefore, unless the list becomes substantially dominated by junk
mail, please keep your thoughts about junk email off this list.

Thanks.

--
        Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Spam

Salz, Rich
In reply to this post by Johann v. Preußen

> the wider problem case is how non-subscribers are given two-way access to the list that exposes so much subscriber info (name, professional affiliation, email addr, ...) to whomever. i cannot fathom why the list does not make use of aliases so that each subscriber can control what they want to make public via their alias profile.

List membership is not public .  Only members can post to the list.  Not sure what else you think we are doing wrong.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Spam and posting controls

Johann v. Preußen
Mr. Salz:

despite mr dukhovni's assertion that spam is not a problem and that people that are concerned about it are a problem, i contend that the seeming laxness of list controls is the core problem and spam is just an indicating vector. to wit:

'List membership is not public' which may be true until someone busts into the list and become privy to all of the personal data of posters. such intrusions will continue until someone addresses these breeches for what they are: security lapses.

'Only members can post to the list' is obviously not true when the same party which has prompted this thread posted to the list twice in a short time-frame (and this has happened before) from IP's without rDNS, from a bogus email/domain, and via an unknown MTA. these glitches can be easily caught in postfix when it is set up with a pretty minimalist approach to security.

my comment re aliases goes to the concern that a list that is all about HTTP/SMTP security and identity surety is freely dispersing so much personally identifiable subscriber information (PII) that is of such a high order of sensitivity that it is protected under U.S. Title XIII with parallel Canadian codes, even more stringent EU reg's such as 'Directive 95/46/EC' and the newly-enacted 'General Data Protection Regulation' ('GDPR'), and some EU Member regulations with stronger protections than those embodied in 95/46/EC (such as Nederland 'Wet bescherming persoonsgegevens' and UK 'Data Protection Act' amongst others).

in reality, openssl has no choice but to eventually comply with GDPR which would prohibit what is currently being done. so, it would be best to just get on with adapting all openssl systems to meet higher ethical and regulatory standards before they are embarrassingly imposed or, much worse, be shown to have operated in such a way that system breeches at subscriber firms could be traced back to openssl.


Thank you,

Johann v. Preußen


On 2016.Apr.19 19:03, Salz, Rich wrote:

      
the wider problem case is how non-subscribers are given two-way access to the list that exposes so much subscriber info (name, professional affiliation, email addr, ...) to whomever. i cannot fathom why the list does not make use of aliases so that each subscriber can control what they want to make public via their alias profile.
List membership is not public .  Only members can post to the list.  Not sure what else you think we are doing wrong.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment