response 143 of 480:

Dec 7 21:00 UTC 2006

This is yet another reason for grex to adopt an ``opt-in'' email strategy.

The fact of the matter is that most grex users don't use grex email (and by
users, I'm referring to the vast, vast majority who never touch the BBS or
party).  So their mailboxes just get full and sit on the disk, taking up
space, but full of useless spam.

A far better solution is to, by default, not to premit users to send *or
receive* email unless they specifically request it.  Then set up an automatic,
and verifiable, way to determine who gets access (or allow some group of
people to ``sponsor'' email access).

The model could be this:

You login via newuser, create an account, and have no network or email access.
Say you want email access.  You run some program that tells you to submit a
$1 one-time donation via PayPal; then you get access.  If you cannot do that,
you can be told to ask a member to sponsor email access somewhow.  E.g., send
a write message, run another program to request access that sends a message
on your behalf, etc.

There should be a program called ``sponsor'' that allows members to set up
accounts and email access for new users.  So when Sindi donates some obsolete
computer to some random person, she can beforehand create that person an
account on grex.  Then, once they get said computer, they can just dial in
as normal and be shown how to use, e.g., mutt for email access.  *They* don't
need a PayPal account since we trust Sindi to vouch for them.

International users are by and large looking for Unix access, not email.  They
can either use PayPal to verify their identity, or use ask someone to sponsor
them.

For that handful of users who *do* actually use email, a mixture of an
aggressive spam and virus filter coupled with subscribing to the various spam
detection services and blacklists would greatly reduce the amount of incoming
spam.  Anyone who wanted to go further could do something like use Sindi's
filter.

response 145 of 480:

Dec 7 21:33 UTC 2006

How about emailing everyone asking if they want to keep their email account,
and if they don't reply and have not accessed the account for amonth, delete
it except for the 40 paying members.  Limit everyone to 1MB and they can
forward mail some place else if they go on vacation away from a computer. 
Make the spam filter optional, for people who like 1MB of spam in their box.

response 147 of 480:

Dec 7 22:24 UTC 2006

Re resp:139: Well, for starters, remember when Grex's mail was blocked 
by some sites because SpamCop had labelled us a spammer?  Imagine how 
much worse it would have been if SpamCop had instead launched some kind 
of active attack against us to try to saturate our network connection 
or shut us down.  That's the sort of thing that can happen.

Lycos tried a screensaver that would bombard spam websites with 
requests, but pulled it after a few days:
http://www.eweek.com/article2/0,1759,1735539,00.asp

response 149 of 480:

Dec 7 23:08 UTC 2006

Regarding #146; Well, for starters, the vast majority of grex users never
use BBS.  At least not regularly.  I don't think there's an intention to
delete the mailboxes of active users.  I don't know that sending an email is
going to be a particularly efficient use of resources, either.  I'd modify
the system login procedure to force a check on login for pre-existing users
and non-members.  Or just make it the default for new accounts and run
expire for most of the old, stale accounts.

Regarding #148; I think you could grandfather existing users and use the
normal account expiration mechanism to weed out most of the idle accounts.
I wonder when the last time a reap was run....

One thing that I think is important is that, for users creating their own
accounts via logging in as newuser or using webnewuser, opting into email
should be a *separate process* that can only be done once they've created an
account on grex.  It shouldn't be a part of newuser (though it should be a
part of the process by which members can sponsor other accounts).  The only
two options when creating a new account should be forwarding mail offsite or
discarding email sent to that user, with instructions on how to opt into
mail after the account has been created.

I don't think any of this is particularly hard to implement; it just needs
to be done.  It doesn't require an army of volunteers to process manual
requests, either; most of it could be automated.

response 151 of 480:

Dec 8 01:17 UTC 2006

6 spams in 10 minutes x 6 x 24 is about 900/day.

response 153 of 480:

Dec 8 06:25 UTC 2006

 Any number of people will be willing to tell you how to set up
 spam filtering for the non-profit group you represent.

 Continuing to provide reliable e-mail service, though, is a hard
 problems and it's only going to get harder from here.

response 155 of 480:

Dec 8 15:54 UTC 2006

> Rane, don't expect staff to do everything for you.

*PFFFFFFT* (the sound of coca cola streaming from my mouth)


BWAHAHAA!

response 157 of 480:

Dec 8 18:12 UTC 2006

I forward all my e-mail here to my Comcast address.  The spam filters
there are good enough I almost never see any unwanted messages at all. 
I understand other e-mail providers can do that, too.  Spam at work is
so rare I can't remember when I got one the last time.  Let companies
other than Grex, with the resources to handle the problem, take care of
it.  It works for me.

response 159 of 480:

Dec 8 19:51 UTC 2006

Regarding #158; No.

response 161 of 480:

Dec 8 23:31 UTC 2006

Re resp:152: If Grex isn't meeting your needs, it may indeed be time to 
move to another provider.  No hard feelings.


Re resp:158: I believe mail that's forwarded without being stored 
locally will still go through.  I don't think Exim checks for disk 
space in the mailbox directory unless it actually has to do a local 
delivery.

response 163 of 480:

Dec 9 05:03 UTC 2006

Listen to keesan, rane. If you don't want to change email addresses then 
you should put in the effort, not expect grex staff to do it for you.

response 165 of 480:

Dec 9 12:39 UTC 2006

Rane, I have used my grex account as my email address for over 10 years.  I
have nowhere near the spam rate that you do, and it's certainly not from
"hiding" that address.  

Perhaps your personal experience is different, but "applied to everyone" is
a gross overstatement.  I actually have 3 grex accounts, one of which is my
give-it-freely address, and none of them are having the level of problems
you're reporting.  

Yes, I routinely get spam and I just as routinely spend the
less-than-thirty-seconds it takes to delete it before I read the rest.  Sindi
is correct that a smart spam filter would probably take care of most of it,
since it's pretty obvious from the subject line that it's spam. 

She prefers to fiddle with a spam filter several times a day, I simply delete
the unwanted mail.  Take your pick.    Or quit using Grex for email.  As a
retired professor, Grex is certainly not your only "free" option.  

Or, you could make it a retirement project.  Sounds like you don't think it's
worth your time, or anyone elses, to delete the stuff. So, perhaps you could
perfect personal spam filters and share them as Sindi does.  Perhaps this is
another service you could perform for your not-for-profit.  

In any case, all of us are coping, using various strategies, with the overall
spam problem.  Some of us have higher thresholds than others for the nuisances
that come with belonging to a community.  If Grex email is the most important
part of your membership here, then perhaps it IS time for you to start using
your UM account instead, and quit participating in the bbs. Somehow, from your
activities, I doubt that Grex = email for you.