Preventing spammers from infiltrating the Red Hat mailing lists

William M. Quarles walrus at
Wed Apr 13 16:36:27 UTC 2005

Hi all,

I sent what I thought was a very important request to one of the Fedora
lists which was quickly beaten down, and I did not receive anything back
on subsequent replies.  I would appreciate your help in making sure that
the lists are safe for all of us.  I'm actually going to the trouble of
subscribing to nearly all of the Red Hat mailing lists just to get the
word out.

One thing that I have done recently was to search for my e-mail
addresses on the Internet web pages to find all of the places that list
them.  Why bother doing this?  Just like how Google has spiders that
crawl the Internet to gather general information, spammers have spiders
that crawl the Internet to gather e-mail addresses to spam people.  I
have contacted all of the websites who did not modify my e-mail
addresses (mostly on mailing lists) in such that they cannot be
collected.  Red Hat has done at least one thing right in that they have
modified everyone's e-mail address in their web archive, such that it
reads something like <walrus> for mine.

However Red Hat has left one big gaping whole that the spam spiders can
still crawl into.  There is a complete active mirror of these lists as
postable newsgroups kept on a service called Gmane <>.
I'm using Gmane to write this message to you now.  It's a pretty
sophisticated setup, has safeguards to prevent spam getting posted, and
they use Spam Assassin to clean up stuff that still ends up on the list
(except you have to filter it yourself on the newsgroup interface).  The
only problem is that spam spiders crawl the newsgroups to collect e-mail

Gmane has a safeguard to prevent this, but it has to be turned on by the
list administrator.  Gmane can encrypt the e-mail addresses on the list
such that any mail sent to them is routed through Gmane first, and then
the sender must under go a challenge-response before the message gets
routed to the actual recipient.  Of all of the Red Hat lists I've only
found two newsgroup mirrors that use address encryption: <fedora-java-list>, and
gmane.redhat.taroon <taroon-beta-list>.

If you would like to see the Red Hat newsgroup mirrors have encrypted
e-mail addresses, please reply to this topic and discuss.  If you are
even more brave (important since some of these lists are high-volume and
not everything gets read), please contact your list administrator
directly at <listname-admin at>.  If someone knows how to get
the word out on the international lists or to their administrators
(since I don't speak multiple tongues), please do so.  If someone knows
who to contact who can make all of the newsgroups have encrypted e-mail
addresses going above all of the list administrators (maybe the person
who decided to obfuscate them all on the web archive?) please contact
him or her and let us know how to contact that person.

Thanks so much,

More information about the desktop mailing list