On Thu, Feb 27, 2020 at 12:25:27AM +0000, Mark Rousell wrote: > This (or what it appears to be) is happening on an increasing number of > mail lists. It's not many but it's there I don't know who is behind it > or why, but it's an increasing annoyance.
There is a partial fix for this, at least for anyone using Mailman to run their lists (e.g., nanog): Set Mailman so that all new subscribers are moderated by default. Either new subscriber X will one day send real content to the list or they won't. If it's the latter, then it is very simple to use Mailman's interface to simultaneously (a) approve the message for distribution and (b) clear their moderation flag. If it's the former, then the message will only be seen by the list-owners and won't bother everyone on the list. [1] This doesn't help with copies that are sent directly to list-members, however. The fix for that is for responsible list owners (a) to be available at the -owner address (per RFC 2142 and decades of best practices) so that they can field problem reports and (b) to use Mailman to (a) unsubscribe the errant address and (b) ban it. I'd also recommend that they (c) publicly announce such actions with an "administrivia" Subject line on-list so that list members can take corresponding actions in their own mail systems. If nanog-owner isn't responding then that's a serious lapse and needs to be corrected immediately. Doing so is a fundamental part of basic mailing list administration. I'd also strongly recommend that list-owners have Mailman configured to notify them of all subscribe/unsubscribe events and/or to require manual list-owner approval for subscriptions. Interposing human beings in the process doesn't solve this problem but it provides the opportunity to detect and quash it early on. ---rsk [1] Note that this is also a partial defense against accounts which are hijacked and turned into bots. Given that -- on most mailing lists and especially on large ones -- the overwhelming majority of subscribers will *never* send any traffic, nothing is lost by doing this. But on the day when an account is hijacked and suddenly starts sending large amounts of traffic, none of of it will get through to the mailing list.
