Preventing spammers from infiltrating the Red Hat mailing lists

Joe Desbonnet jdesbonnet at gmail.com
Wed Apr 13 17:42:37 UTC 2005 

I noticed that my spam levels (the stuff that got through the gmail
filter) shot up within days of my first post to the fedora developers
list. Coincidence? I suspect not.

Joe.


On 4/13/05, William M. Quarles <walrus at bellsouth.net> wrote:
> Hi all,
> 
> I sent what I thought was a very important request to one of the Fedora
> lists which was quickly beaten down, and I did not receive anything back
> on subsequent replies.  I would appreciate your help in making sure that
> the lists are safe for all of us.  I'm actually going to the trouble of
> subscribing to nearly all of the Red Hat mailing lists just to get the
> word out.
> 
> One thing that I have done recently was to search for my e-mail
> addresses on the Internet web pages to find all of the places that list
> them.  Why bother doing this?  Just like how Google has spiders that
> crawl the Internet to gather general information, spammers have spiders
> that crawl the Internet to gather e-mail addresses to spam people.  I
> have contacted all of the websites who did not modify my e-mail
> addresses (mostly on mailing lists) in such that they cannot be
> collected.  Red Hat has done at least one thing right in that they have
> modified everyone's e-mail address in their web archive, such that it
> reads something like <walrus bellsouth.net> for mine.
> 
> However Red Hat has left one big gaping whole that the spam spiders can
> still crawl into.  There is a complete active mirror of these lists as
> postable newsgroups kept on a service called Gmane <http://gmane.org>.
> I'm using Gmane to write this message to you now.  It's a pretty
> sophisticated setup, has safeguards to prevent spam getting posted, and
> they use Spam Assassin to clean up stuff that still ends up on the list
> (except you have to filter it yourself on the newsgroup interface).  The
> only problem is that spam spiders crawl the newsgroups to collect e-mail
> addresses.
> 
> Gmane has a safeguard to prevent this, but it has to be turned on by the
> list administrator.  Gmane can encrypt the e-mail addresses on the list
> such that any mail sent to them is routed through Gmane first, and then
> the sender must under go a challenge-response before the message gets
> routed to the actual recipient.  Of all of the Red Hat lists I've only
> found two newsgroup mirrors that use address encryption:
> gmane.linux.redhat.fedora.java <fedora-java-list>, and
> gmane.redhat.taroon <taroon-beta-list>.
> 
> If you would like to see the Red Hat newsgroup mirrors have encrypted
> e-mail addresses, please reply to this topic and discuss.  If you are
> even more brave (important since some of these lists are high-volume and
> not everything gets read), please contact your list administrator
> directly at <listname-admin at redhat.com>.  If someone knows how to get
> the word out on the international lists or to their administrators
> (since I don't speak multiple tongues), please do so.  If someone knows
> who to contact who can make all of the newsgroups have encrypted e-mail
> addresses going above all of the list administrators (maybe the person
> who decided to obfuscate them all on the web archive?) please contact
> him or her and let us know how to contact that person.
> 
> Thanks so much,
> William
> 
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-devel-list
>

More information about the devel mailing list