On Tue, 2006-01-24 at 14:00 +0000, Paul Howarth wrote: > This list already uses a confirmation step. I know. I didn't sign up by magic. ;-) I went through the process. My comment was about the idea of doing it more than once, and with more than just the lists "from" address (since some might think to whitelist the list based simply on the from address, which will change when contributors post, rather than some other details). It occurs to me that some sort of honeypot approach might be worth it, too. A few bogus members that if they ever receive spam, are used in some way to blacklist a member. I did that with my mail server, it worked a treat for identifying spam. Also, random, challenge/response spot checks on members. Combined with a honeypot source address, perhaps, that could send unique messages to each member to identify the real sources of problems. It also occurs to me that this person mightn't be just stupidly sending crud to people, but be doing so as an address harvesting technique. Though the most obvious solution to me is to stop trying to be a news group on a mailing list, and actually be a news group. You don't need to provide any e-mail address when you post to usenet. Nobody can spam my mailbox from any data in my usenet posts. News servers can wipe out spam, too. And you get the added bonus of being able to get prior messages, not just the ones that come through after you join. Not to mention all of the other things that news clients do so much better than mail clients. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
