|
Grex > Coop13 > #376: The problems with Grex, e-mail and spam | |
|
| Author |
Message |
| 25 new of 480 responses total. |
gull
|
|
response 147 of 480:
| 
Dec 7 22:24 UTC 2006 |
Re resp:139: Well, for starters, remember when Grex's mail was blocked
by some sites because SpamCop had labelled us a spammer? Imagine how
much worse it would have been if SpamCop had instead launched some kind
of active attack against us to try to saturate our network connection
or shut us down. That's the sort of thing that can happen.
Lycos tried a screensaver that would bombard spam websites with
requests, but pulled it after a few days:
http://www.eweek.com/article2/0,1759,1735539,00.asp
|
mcnally
|
|
response 148 of 480:
|
Dec 7 22:51 UTC 2006 |
I think the idea of sending a system-wide e-mail to users asking them
to opt-in to e-mail before a certain deadline or be opted out has
potential but needs some further thought put in to how it will be
implemented.
But it would greatly reduce the strain on Grex's e-mail system if we
could eliminate the thousands of e-mail boxes that aren't being used.
I might recommend starting out small with this change -- for example,
identify a batch of, say, 200 users with large mail spool files but
who haven't logged in regularly and try it out with them. If the
approach proves workable, then start working one's way through the
password file. This should be implemented in conjunction with a new
opt-in system for e-mail and changes to newuser that give users the
option to decline e-mail on Grex or to set up automatic forwarding
to another site.
|
cross
|
|
response 149 of 480:
|
Dec 7 23:08 UTC 2006 |
Regarding #146; Well, for starters, the vast majority of grex users never
use BBS. At least not regularly. I don't think there's an intention to
delete the mailboxes of active users. I don't know that sending an email is
going to be a particularly efficient use of resources, either. I'd modify
the system login procedure to force a check on login for pre-existing users
and non-members. Or just make it the default for new accounts and run
expire for most of the old, stale accounts.
Regarding #148; I think you could grandfather existing users and use the
normal account expiration mechanism to weed out most of the idle accounts.
I wonder when the last time a reap was run....
One thing that I think is important is that, for users creating their own
accounts via logging in as newuser or using webnewuser, opting into email
should be a *separate process* that can only be done once they've created an
account on grex. It shouldn't be a part of newuser (though it should be a
part of the process by which members can sponsor other accounts). The only
two options when creating a new account should be forwarding mail offsite or
discarding email sent to that user, with instructions on how to opt into
mail after the account has been created.
I don't think any of this is particularly hard to implement; it just needs
to be done. It doesn't require an army of volunteers to process manual
requests, either; most of it could be automated.
|
keesan
|
|
response 150 of 480:
|
Dec 8 00:23 UTC 2006 |
Would a reap today keep incoming mail from bouncing for a while?
|
keesan
|
|
response 151 of 480:
|
Dec 8 01:17 UTC 2006 |
6 spams in 10 minutes x 6 x 24 is about 900/day.
|
rcurl
|
|
response 152 of 480:
|
Dec 8 06:23 UTC 2006 |
I suppose my problem is very much in the minority. I represent a non-profit
that has its e-mail address and website here, and is also a paying Grex
member (in part on the basis of nonprofits helping nonprofits). On behalf of
this nonprofit I would like Grex to keep email but operate a spam filter.
If they can't do this, then I'm afraid this nonprofit will seek email
support elsewhere. For myself, I can move my email off Grex, as I use it for
only one mailinglist membership at this point.
|
mcnally
|
|
response 153 of 480:
|
Dec 8 06:25 UTC 2006 |
Any number of people will be willing to tell you how to set up
spam filtering for the non-profit group you represent.
Continuing to provide reliable e-mail service, though, is a hard
problems and it's only going to get harder from here.
|
keesan
|
|
response 154 of 480:
|
Dec 8 15:11 UTC 2006 |
Rane, don't expect staff to do everything for you. Copy my .forward, which
forwards to procmail, and copy my procmail.simple or procmail.sample to
.procmailrc and change keesan to rcurl, and if you like change /*/*/*/*/* to
/*/*/* and you will have a spam filter that gets most of the spam. I got no
spam in my inbox or folders since yesterday, but 56 spams got dumped in 15
hours (they seem to be less dense at night). The *** has never given a false
positive. Spamassassin assigns points based on things like being on the
spamcop blacklist, having only HTML message, forged receive, etc. I have had
PINE mail from grex show up with a negative amount of points. You can also
set it to put anything blacklisted that made it through the filter into a spam
folder.
|
nharmon
|
|
response 155 of 480:
|
Dec 8 15:54 UTC 2006 |
> Rane, don't expect staff to do everything for you.
*PFFFFFFT* (the sound of coca cola streaming from my mouth)
BWAHAHAA!
|
rcurl
|
|
response 156 of 480:
|
Dec 8 18:08 UTC 2006 |
I've tried diy spam filters, and they require regular maintenance, as well
as a lot of thought on what to filter on. I'm not interested in spending that
time on it, especially as I consider it a system problem more than a personal
problem.
|
jep
|
|
response 157 of 480:
|
Dec 8 18:12 UTC 2006 |
I forward all my e-mail here to my Comcast address. The spam filters
there are good enough I almost never see any unwanted messages at all.
I understand other e-mail providers can do that, too. Spam at work is
so rare I can't remember when I got one the last time. Let companies
other than Grex, with the resources to handle the problem, take care of
it. It works for me.
|
cmcgee
|
|
response 158 of 480:
|
Dec 8 19:03 UTC 2006 |
Technical question: If var/mail/ is full, will emails sent to a Grex account
with email forwarding be forwarded or bounced?
|
cross
|
|
response 159 of 480:
|
Dec 8 19:51 UTC 2006 |
Regarding #158; No.
|
krj
|
|
response 160 of 480:
|
Dec 8 22:31 UTC 2006 |
Here's an article from the computer trade press about the current
explosion in spam:
http://www.informationweek.com/hardware/showArticle.jhtml?articleID=1966024
63
Some highlight quotes:
> Spam volume is up 73% in the last three months, Postini reported,
> thanks to a one-two-three punch of a huge increase in the number
> of spam botnets and a major jump in the use of both image- and
> document-based spam. For the year, spam quantity is up 143%.
...
> "The combination of the [high] volume and the type of spam now
> coming in is what's causing companies' defenses to melt down,"
> Druker says. "They just can't keep up with the rising tide."
...
> While the war against spam may not be lost, as other experts have
> claimed, Druker paints an ugly picture for 2007. "The more high-speed
> connections and the more Windows PCs there are gives spammers that
> much more raw material," he says. "Until home PCs get locked down,
> I don't see attacks going down. Only when [consumers] start
> locking down their computers will we see a big difference."
|
gull
|
|
response 161 of 480:
|
Dec 8 23:31 UTC 2006 |
Re resp:152: If Grex isn't meeting your needs, it may indeed be time to
move to another provider. No hard feelings.
Re resp:158: I believe mail that's forwarded without being stored
locally will still go through. I don't think Exim checks for disk
space in the mailbox directory unless it actually has to do a local
delivery.
|
keesan
|
|
response 162 of 480:
|
Dec 9 00:29 UTC 2006 |
Rane, spamassassin does not need any maintenance, and you don't even need to
keep a log in case it is too much trouble to look at a few pages a day listing
where your mail went (/dev/null, a spam folder, or inbox). Without adding
a few other filters that change once in a while, 10% of spam might slip
through.
|
cyklone
|
|
response 163 of 480:
|
Dec 9 05:03 UTC 2006 |
Listen to keesan, rane. If you don't want to change email addresses then
you should put in the effort, not expect grex staff to do it for you.
|
rcurl
|
|
response 164 of 480:
|
Dec 9 06:03 UTC 2006 |
Applied to everyone, it is an enormous total waste of time. It should be
as much of an ISP service as maintaining all the other aspects of the
system.
I guess my days on Grex are numbered, if that is the best Grex can do.
|
cmcgee
|
|
response 165 of 480:
|
Dec 9 12:39 UTC 2006 |
Rane, I have used my grex account as my email address for over 10 years. I
have nowhere near the spam rate that you do, and it's certainly not from
"hiding" that address.
Perhaps your personal experience is different, but "applied to everyone" is
a gross overstatement. I actually have 3 grex accounts, one of which is my
give-it-freely address, and none of them are having the level of problems
you're reporting.
Yes, I routinely get spam and I just as routinely spend the
less-than-thirty-seconds it takes to delete it before I read the rest. Sindi
is correct that a smart spam filter would probably take care of most of it,
since it's pretty obvious from the subject line that it's spam.
She prefers to fiddle with a spam filter several times a day, I simply delete
the unwanted mail. Take your pick. Or quit using Grex for email. As a
retired professor, Grex is certainly not your only "free" option.
Or, you could make it a retirement project. Sounds like you don't think it's
worth your time, or anyone elses, to delete the stuff. So, perhaps you could
perfect personal spam filters and share them as Sindi does. Perhaps this is
another service you could perform for your not-for-profit.
In any case, all of us are coping, using various strategies, with the overall
spam problem. Some of us have higher thresholds than others for the nuisances
that come with belonging to a community. If Grex email is the most important
part of your membership here, then perhaps it IS time for you to start using
your UM account instead, and quit participating in the bbs. Somehow, from your
activities, I doubt that Grex = email for you.
|
remmers
|
|
response 166 of 480:
|
Dec 9 14:59 UTC 2006 |
I'm still working on a simple interface that will make enabling of spam
filtering simpler for users. I think that *is* a reasonable thing for the
staff to try to provide. But as I stated in an earlier response, I'm a
little pessimistic about how effective Grex-based spam filtering will be,
given the huge volume of spam nowadays. I'll take a look at Sindi's
sample procmailrc files, which employ some additional strategies.
By the way, my spam volume is, I suspect, comparable to Rane's -- well
over a hundred per day on Grex, plus several times more than that on my
primary mail server. The latter offers SpamAssassin-based spam filtering,
and nowadays it's pretty ineffective, despite being hosted at Pair
Networks, a major hosting service.
|
denise
|
|
response 167 of 480:
|
Dec 9 15:43 UTC 2006 |
Since I've learned how to delete spam easily [by using the dx-y instead of
each piece of mail individually], I'm finding the smam to be considerly less
annoying than it was before. Not to excuse the spam, though.
|
keesan
|
|
response 168 of 480:
|
Dec 9 17:29 UTC 2006 |
Rane, you don't need to fiddle with or maintain a very simple spam filter
based only on spamassassin, if you don't mind maybe 20% of the spams slipping
through it,. Set to three stars, it gives me no false positives (I don't lose
any real mail), set to two stars it gets an occasional mail from friends who
you could put on a whitelist. If most of your wanted mail comes from just
a few people, you could whitelist them and have their mail go to a separate
folder to be read first, along with mail from grex. I can set this up for
you if you like, and then you just copy it to .procmailrc. All John would
do is let you type 'change' to select to use this filter, and maybe give you
the opportunity to add the whitelist at the same time, unless he has other
ideas. I am sure you can manage it without him.
|
gull
|
|
response 169 of 480:
|
Dec 10 00:07 UTC 2006 |
Re resp:164: Grex isn't an ISP.
Personally, I find I don't see much spam in email addresses that I
don't list on a webpage or use as domain name contacts. Addresses that
I do one of those two things with quickly become spam magnets.
|
cross
|
|
response 170 of 480:
|
Dec 10 00:23 UTC 2006 |
Regarding #165; Suggesting that someone move on from grex becasue they have
a legitimate complaint is not very productive.
Look. I've been a sysadmin before; I'm qualified to say when I feel that
we're doing a substandard job. And we're doing a substandard job here. Part
of that is because the job is so hard, but part is because staff just doesn't
want to make any changes. Rane is right: each person doing spam filtering
*by themselves* is a huge waste of resources. Really, staff ought to get off
their duffs and do a better job, or let someone who is willing to do a better
job, and is capable, do it for them.
|
spooked
|
|
response 171 of 480:
|
Dec 10 02:48 UTC 2006 |
Dan is spot on with his comments about the status quo of individual user
responsibility for spam management being a huge waste of resources**, and
staff being slack here (and equally or more bad unwilling to change).
That's primarily why I resigned from staff. It is also a big reason why I
have informed staff I'm willing to rejoin staff - I want to change the
poor/apathetic/slack culture of Grex staff.
**FOOTNOTE: TO be fair to remmers, he is working on an opt-in
spam-filter solution which will be a lot better than the current no
solution default. I'm also happy to improve the opt-in solution where
possible if staff can agree to take me back on board (however, like most
things concerning staff on Grex, they are taking their time...)
|