[A thread for discussing tips, and sharing how-to. Updates should be made (by anyone confident) to https://meta.wikimedia.org/wiki/Mailing_lists/Administration *Non-private questions should be asked at the talkpage there.* Mute this thread if you don't want to see it and you use an email program that enables that... :-) ]
Re: SpamAssassin's X-Spam-Score - There was a bugzilla/phab task related to spam, at https://phabricator.wikimedia.org/T58525 ("Improve spam filtering for Mailman mailing lists") I've asked for an update and details about what we should use, at https://meta.wikimedia.org/wiki/Talk:Mailing_lists/Administration#Spam.21 - Reply THERE please!
I've detailed my daily process at another new section just below that. If there's something better, please let us know, there!
... (Probably nothing private in here, but I haven't had enough coffee yet, so instead of asking at the talkpage...)
I just learned about the option to Not send me a copy of every bounce. So that will be nice! (bottom radio-button in this screenshot: http://i.imgur.com/hu5SR8h.png) Is that a good setting to recommend to all admins on the wiki page?
Is there a way to get useful regex out of our current lists of "auto-discard"? (my grep-fu and regex-fu are lacking). Here are the addresses that I've moderated spam from, on 2 lists: https://dpaste.de/CgxV/raw
Perhaps the mailinglists that get large quantities of spam, could somehow share (automatically, or manually a few times a year) their auto-discard-listings?
Hope that helps. /me goes back to his weekend, and wishes you a good one.
On 29/08/15 20:14, Nick Wilson (Quiddity) wrote:
[A thread for discussing tips, and sharing how-to. Updates should be made (by anyone confident) to https://meta.wikimedia.org/wiki/Mailing_lists/Administration *Non-private questions should be asked at the talkpage there.* Mute this thread if you don't want to see it and you use an email program that enables that... :-) ]
Good idea Nick :)
I just learned about the option to Not send me a copy of every bounce. So that will be nice! (bottom radio-button in this screenshot: http://i.imgur.com/hu5SR8h.png)
I see you have whitelisted anything ending in wikimedia.org¹, but I have seen spam with a spoofed from header pretending to be another list or even a list-owner², so I would put such generic whitelists with care.
¹ regex note: ^.*[.@]wikimedia.org$ would have been preferable, since someone registering evilwikimedia.org wouldn't have his email go thorugh.
² any reason the spf record for lists.wikimedia.org is set to neutral instead of being a (hard) fail?
Is that a good setting to recommend to all admins on the wiki page?
It probably depends on how confident on your rules you are. Sending a copy leaves a security layer so the moderator can still look at them. OTOH, for small lists where everyone is a moderator, I think it's worth to actually avoid the other moderators the trouble of seeing them.
The vast majority of the ArbCom lists related spam (and there's quite a bit) comes from these domains: .faith .review .win .date .br
But I haven't a clue what to do about them.
Doug
On Sun, Aug 30, 2015 at 9:52 PM, Platonides platonides@gmail.com wrote:
On 29/08/15 20:14, Nick Wilson (Quiddity) wrote:
[A thread for discussing tips, and sharing how-to. Updates should be made (by anyone confident) to https://meta.wikimedia.org/wiki/Mailing_lists/Administration *Non-private questions should be asked at the talkpage there.* Mute this thread if you don't want to see it and you use an email program that enables that... :-) ]
Good idea Nick :)
I just learned about the option to Not send me a copy of every bounce.
So that will be nice! (bottom radio-button in this screenshot: http://i.imgur.com/hu5SR8h.png)
I see you have whitelisted anything ending in wikimedia.org¹, but I have seen spam with a spoofed from header pretending to be another list or even a list-owner², so I would put such generic whitelists with care.
¹ regex note: ^.*[.@]wikimedia.org$ would have been preferable, since someone registering evilwikimedia.org wouldn't have his email go thorugh.
² any reason the spf record for lists.wikimedia.org is set to neutral instead of being a (hard) fail?
Is that a good setting to recommend to all admins on the wiki page?
It probably depends on how confident on your rules you are. Sending a copy leaves a security layer so the moderator can still look at them. OTOH, for small lists where everyone is a moderator, I think it's worth to actually avoid the other moderators the trouble of seeing them.
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
On 31/08/15 12:59, Doug Weller wrote:
The vast majority of the ArbCom lists related spam (and there's quite a bit) comes from these domains: .faith .review .win .date .br
But I haven't a clue what to do about them.
Doug
I have also seen a spike of these new-gltd domain for spam purposes. Which is not strange given the promotions they have: Currently you can get a .date/.faith/.review for $1/1€
https://www.gandi.net/news/en/2015-08-06/5051-only_1.00_for_a_.date_.faith_o... (not sure about .win, but it probably has similar promotions that spammers are taking advantage of)
You could automatically reject email from domains on those tlds, but I find it unfair, even though they are all likely spam. I would keep a blacklist of domains.
listadmins@lists.wikimedia.org