IETF Logo Mail Archive

Re: IESG Statement on Spam Control on IETF Mailing Lists

James Galvin <galvin+ietf@elistx.com> Tue, 15 April 2008 15:27 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E261C3A695B; Tue, 15 Apr 2008 08:27:21 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 28B243A6768 for <ietf@core3.amsl.com>; Tue, 15 Apr 2008 08:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.265
X-Spam-Level:
X-Spam-Status: No, score=-2.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F2yIde2v2HZM for <ietf@core3.amsl.com>; Tue, 15 Apr 2008 08:27:17 -0700 (PDT)
Received: from ee01.elistx.com (ee01.elistx.com [67.155.182.182]) by core3.amsl.com (Postfix) with ESMTP id DB3BA3A695B for <ietf@ietf.org>; Tue, 15 Apr 2008 08:27:16 -0700 (PDT)
Received: from CONVERSION-DAEMON.elistx.com by elistx.com (PMDF V6.3-2x2 #31546) id <0JZD00A01HJ9LI@elistx.com> for ietf@ietf.org; Tue, 15 Apr 2008 11:25:57 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by elistx.com (PMDF V6.3-2x2 #31546) with ESMTP id <0JZD00JJYHJ8XF@elistx.com>; Tue, 15 Apr 2008 11:25:57 -0400 (EDT)
Date: Tue, 15 Apr 2008 11:27:30 -0400
From: James Galvin <galvin+ietf@elistx.com>
Subject: Re: IESG Statement on Spam Control on IETF Mailing Lists
In-reply-to: <01MTM8WCXSZK00007A@mauve.mrochek.com>
To: Ned Freed <ned.freed@mrochek.com>
Message-id: <D93C61749B6D241FBED95071@[192.168.1.2]>
MIME-version: 1.0
X-Mailer: Mulberry/4.0.7 (Win32)
Content-disposition: inline
References: <20080414153938.0A5153A6D4D@core3.amsl.com> <4803BDB1.4030005@levkowetz.com> <4803C5D7.7020900@gmail.com> <01MTM8WCXSZK00007A@mauve.mrochek.com>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org


-- On Monday, April 14, 2008 2:11 PM -0700 Ned Freed 
<ned.freed@mrochek.com> wrote regarding Re: IESG Statement on Spam 
Control on IETF Mailing Lists --

> > +1 to Henrik's comments. I don't think the two MUSTs
> > that he comments on are algorithmically possible.
>
> These two MUSTs (the ability to whitelist specific posters
> without them having to receive list mail and spam rejection) are
> both completely trivial to implement with our software. The
> latter is normally done (and definitely should be done) at the
> SMTP level, minimizing blowback.

To be fair, and I know Ned that you know this, it depends on where 
and how you implement specific controls.  Some software makes this 
easier than other software.  In general, the more integrated the 
components the finer granularity one gets in what you can do.

Specifically, the whitelisting has to occur either before or within 
the SPAM filtering.  If a source is whitelisted it has to bypass 
all other checks.

The IETF setup uses SpamAssassin for tagging purposes.  This is 
done outside of the SMTP service and outside of Mailman, which 
supports the mailing lists.  The whitelisting is done with TMDA, 
which is also outside of SpamAssassin and outside of Mailman.

Getting all three of these things to work together is not trivial. 
I don't mean to suggest it's rocket science, but you have to sit 
down and think about how each of them provide the various services 
they provide and get them to cooperate.  Changes in any one require 
a re-evaluation of the entire setup, just to make sure there are no 
unintended consequences.

The fact that TMDA does whitelisting means that Mailman does not 
have to do it.  This reduces the SPAM load on Mailman but it does 
not change the fact that you have to be a subscriber to get a 
message through.  If you're not a subscriber you're still going to 
get "moderated".

For Mailman to do the whitelisting it means that every mailing list 
would have to have the same database that TMDA has, which has 
40,000 entries in it.  Yes, that's right, there are 40,000 unique 
email addresses across all IETF mailing lists.  This is how Mailman 
works.

My point here is that there are choices to be made, and those 
choices have implications.  Obviously the IETF could make different 
choices, but I do think it's important to understand the advantages 
and disadvantages of different choices.

Jim

_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email