META: Fix the signup procedure?

META: Fix the signup procedure?

[Russell VT]

List Admins -

Can one of you powerful folks, please, fix the signup approvals and make it
a bit more difficult to signup and account that is "allowed" to post on
this list?

Generally, it's at least an email verification loop. But, maybe it's time
to induce an "age" as well? That said, I will concede that it unfairly
targets those folks who need legitimate help, for a current or new problem
that may have escaped regression checks, or general tool obscurity.

Regards,
Russell VT
grey beard

-- 
Russell M. Van Tassell <russellvt@gmail.com>

Re: META: Fix the signup procedure?

[Brian S. Wilson]

[-- Attachment #1: Type: text/plain, Size: 952 bytes --]

------------------------------------------------------------------------
> Can one of you powerful folks, please, fix the signup approvals and make it
> a bit more difficult to signup and account that is "allowed" to post on
> this list?
>
> Generally, it's at least an email verification loop. But, maybe it's time
> to induce an "age" as well?
As a long time user I would oppose an "age" related test to invalidate 
emails.  Long time users are less likely to be spammers than new email 
sign ups.  That said, it does seem that we are getting quite a bit of 
spam from the Cygwin email list and it would be nice if something along 
the lines of email verification could be done to prevent this.
> That said, I will concede that it unfairly
> targets those folks who need legitimate help, for a current or new problem
> that may have escaped regression checks, or general tool obscurity.
>
> Regards,
> Russell VT
> grey beard
>

[-- Attachment #2: wilson96.vcf --]
[-- Type: text/x-vcard, Size: 431 bytes --]

BEGIN:VCARD
VERSION:4.0
EMAIL;PREF=1:wilson@ds.net
EMAIL:wilson96@xfinity.com
FN:Brian Wilson
ORG:The Home Depot;Dev. Tools
TITLE:Senior Systems Engineer
N:Wilson;Brian;;;
ADR:;;2250 Newmarket Pkwy SE;Marietta;GA;30067;United States of America
TEL;TYPE=home;VALUE=TEXT:+1 (678) 376-9258
TEL;TYPE=cell;VALUE=TEXT:+1 (678) 232-9357
URL;VALUE=URL:https://homedepot.com
UID:6d506c0e-6284-4e39-9c45-df7a649c804c
END:VCARD

Re: META: Fix the signup procedure?

[Russell VT]

Holy over-quote, batman!

On Wed, Aug 11, 2021 at 4:37 AM Brian S. Wilson via Cygwin <
cygwin@cygwin.com> wrote:

> As a long time user I would oppose an "age" related test to invalidate
>
emails.  Long time users are less likely to be spammers than new email
> sign ups.


That's kind of... the point??? Extending the required account age increases
the "cost" of trying to use that account for spam by several magnitudes of
"cost." If they have to create a new account, and wait a week prior to
posting... that's going to decrease the number of spambots.

It's detrimental, in that any one "worthy" of decidedly running Cygwin on
any platform, likely has the wherewithal to have done their initial
research, prior to checking with the list. So, it naturally increases their
overall time. prior to being able to seek an adequate solution.

Either that, or you turn on every-post-moderation ... or, "only approved
senders" - but that is an enormous request/offload to the mod team, here.

That said, it does seem that we are getting quite a bit of
> spam from the Cygwin email list and it would be nice if something along
> the lines of email verification could be done to prevent this.
>

And, *that's what I originally said*... /sighs

Currently the list is running Mailman version 2.1.29 (2018-07-24)
<https://launchpad.net/mailman/+milestone/2.1.29> ... that's "eons" in
Internet Time (tm). The latest in the 2.1 timeline is v.2.1.34 (2020-06-27)
<https://launchpad.net/mailman/+milestone/2.1.34> with 2.1.35 receiving
active maintenance commits. There's a new major release (3.0), though like
most-things GNU, it's still not in stable-release mode... that said,
there's already a Version 3.1
<https://launchpad.net/mailman/+milestone/3.1> branch,
in alpha/pre-alpha).

Point being, there are plenty of things that can be done to "fix" this sort
of thing... but, we are at the mercy of the list admins, or listserv owners
for those sorts of fixes.

But, IIRC, email verification has been in the mailman configuration
options, pretty much since Majordomo owned the vast majority of public
mailing lists. ;-)

Cheers -
RVT

-- 
Russell M. Van Tassell <russellvt@gmail.com>

Re: META: Fix the signup procedure?

[Christopher Faylor]

On Wed, Aug 11, 2021 at 04:26:18AM -0700, Russell VT wrote:
>List Admins -
>
>Can one of you powerful folks, please, fix the signup approvals and
>make it a bit more difficult to signup and account that is "allowed" to
>post on this list?

The cygwin list has been open for around 23 years or so.  Making the
list subscriber-only (which seems to be what you're asking for) raises
the barrier to asking questions and impedes the purpose of a "help"
mailing list.  Moderation is an option but I doubt anyone really wants
to moderate every message here.

cgf
-- cygwin.com/sourceware.org administrator

Re: META: Fix the signup procedure?

[Russell VT]

On Wed, Aug 11, 2021 at 10:24 PM Christopher Faylor <
cgf-use-the-mailinglist-please@cygwin.com> wrote:

> On Wed, Aug 11, 2021 at 04:26:18AM -0700, Russell VT wrote:
> >Can one of you powerful folks, please, fix the signup approvals and
> >make it a bit more difficult to signup and account that is "allowed" to
> >post on this list?
>
> The cygwin list has been open for around 23 years or so.


Indeed... this is a crucial point, actually.


> Making the
> list subscriber-only (which seems to be what you're asking for) raises
> the barrier to asking questions and impedes the purpose of a "help"
> mailing list.


I was actually talking maybe "one-step-over" subscriber-only (going back to
the general Majordomo premise of "anyone can subscribe/unsubscribe anyone,
with enough ingenuity and desire. So, being "on" the list isn't really a
factor, in that it's trivial to spoof all the "important" sides of the
conversation.

That said, GIVEN the age of this mailing list, with "a well-known name and
a long history," there's probably not a single public advertised email
address, at such an old and well-known domain, that isn't literally
pummeled with SPAM, daily. It's already remarkable how little spam we see
here... so, there's clearly *more* happening here.

In short, spammers scripts are likely "figuring out" how to bypass the
signup features on the older Mailman Python scripts, and are getting around
the captchas or whatever else is in-place on this "not-too-terribly-old"
version.

FWIW, I've also been noticing more form-spam, lately, that's managed to get
through a couple of my own sites. So, time to make things session based,
and multiple interlaced pages (also, those are amusing logs to monitor...
but, I digress).



> Moderation is an option but I doubt anyone really wants
> to moderate every message here.
>

Can't say I would disagree, though back it the time, I've seen teams easily
handle higher traffic lists with a pretty small moderation team.


>
> cgf
> -- cygwin.com/sourceware.org administrator
>
>

-- 
Russell M. Van Tassell <russellvt@gmail.com>

Re: META: Fix the signup procedure?

[Sam Edge]

On 12/08/2021 08:18, Russell VT via Cygwin wrote:

 >
 >> Moderation is an option but I doubt anyone really wants
 >> to moderate every message here.
 >>
 >
 > Can't say I would disagree, though back it the time, I've seen teams
easily
 > handle higher traffic lists with a pretty small moderation team.

Sounds like an offer to me. Thanks Russell. ;-)

--
Sam Edge

Re: META: Fix the signup procedure?

[Russell VT]

On Thu, Aug 12, 2021 at 12:43 AM Sam Edge via Cygwin <cygwin@cygwin.com>
wrote:

> On 12/08/2021 08:18, Russell VT via Cygwin wrote:
>
>  > I've seen teamseasily
>  > handle higher traffic lists with a pretty small moderation team.
>
> Sounds like an offer to me. Thanks Russell. ;-)
>

LMAO...  Sorry, ummm... /gulp.  No, thank you? LOL

I think you also "missed" (/s) the quote where I said I couldn't blame our
awesome hosts, here, for NOT wanting to spend their entire lives fiddling
around with a stupid-but-necessary mailing list.

That said, this place is STILL more-helpful than Reddit. ;-)

Cheers!
RVT

-- 
Russell M. Van Tassell <russellvt@gmail.com>

Re: META: Fix the signup procedure?

[Valerio Messina]

On 8/11/21 1:26 PM, Russell VT via Cygwin wrote:
> Can one of you powerful folks, please, fix the signup approvals and make it
> a bit more difficult to signup and account that is "allowed" to post on
> this list?

as now the subscribe procedure is a simple:
0) open the web page: https://cygwin.com/mailman/listinfo/cygwin/
1) fill form with name, email and pass
2) press the Subscribe button
3) receive a confirmation mail
4) follow the link in the mail
5) press the subscribe button in the new web page
all steps are easily script-able with 'curl'
So in my opinion first thing to do is to add a CAPTCHA [1] in the step 1


I tried to contact the list admin sent from IP: 8.43.85.97
that is <noc@redhat.com> asking for removal of spammers once we received 
every spam, but spamming continue.


I also noted a big increase in spam directed to my email, once I made a 
post to the list. This is probably related to the fact the list archive 
is freely available to web spiders at:
https://cygwin.com/pipermail/cygwin/
with email sender visible as first line once you open an mail.
So second action to do is report the 'name' of sender but not the email 
in those pages, or at least blacken the domain part @domain.tld


[1] https://en.wikipedia.org/wiki/CAPTCHA

thank you,
-- 
Valerio

Re: META: Fix the signup procedure?

[Christopher Faylor]

On Thu, Aug 12, 2021 at 12:36:12PM +0200, Valerio Messina wrote:
>On 8/11/21 1:26 PM, Russell VT via Cygwin wrote:
>>Can one of you powerful folks, please, fix the signup approvals and make it
>>a bit more difficult to signup and account that is "allowed" to post on
>>this list?
>
>as now the subscribe procedure is a simple:
>0) open the web page: https://cygwin.com/mailman/listinfo/cygwin/
>1) fill form with name, email and pass
>2) press the Subscribe button
>3) receive a confirmation mail
>4) follow the link in the mail
>5) press the subscribe button in the new web page
>all steps are easily script-able with 'curl'
>So in my opinion first thing to do is to add a CAPTCHA [1] in the step 1

You can post to this list without subscribing so this wouldn't
accomplish anything besides annoying people who want to subscribe.

>I tried to contact the list admin sent from IP: 8.43.85.97
>that is <noc@redhat.com> asking for removal of spammers once we
>received every spam, but spamming continue.

That email address has nothing (or at least very little) to do with
cygwin.com / sourceware.org.  The right address is "postmaster", which
is monitored by me.  That said, I sure do not want to hear from
"helpful" people pointing out spam.  I monitor multiple lists for spam,
block offending parties, and generate rules for spamassassin to stop
similar messages from coming through.  I see a lot more spam than anyone
here and there's no reason to have someone add to the load by pointlesly
showing me more.

>I also noted a big increase in spam directed to my email, once I made
>a post to the list. This is probably related to the fact the list
>archive is freely available to web spiders at:
>https://cygwin.com/pipermail/cygwin/
>with email sender visible as first line once you open an mail.
>So second action to do is report the 'name' of sender but not the
>email in those pages, or at least blacken the domain part @domain.tld

We used to munge email addresses in a previous version of the mailing
list but it was decided to stop doing so a couple of years ago when we
moved to a new server / new mailing list software.

The bottom line is that we're all volunteers here.  It's unlikely that
anyone is going to offer up more of their time to customize the
tried-and-true mailing list software used by sourceware.org / cygwin.com /
gcc.gnu.org.

If the small amount of spam seen here bothers you then please don't
contribute to it by publicly remarking on it.  Unsubscribing is the
best way to not see any more spam from the cygwin mailing list.