[conspire] Mailing list servers and the spam problem

[Rick Moen]

I meant to add:

> You as a subscriber will have seen that latter bit for yourself.  So,
> that's where I'm trying to set your expectations.  The _listadmins_ 
> of a Mailman installation get some spam and awareness of other spam 
> aging out of admin queues.  Everyone else, no spam.
                                             ^^^^^^^

Except for the edge case that happens on typical public mailing lists
maybe once or two a year.  You've probably seen it:

A webmail user (usually Yahoo Mail, but sometimes one of the others)
suddenly and inexplicably sends out spam, _or_ sends out a claim that
he/she is stranded as a traveler and in some foreign country and needs
his/her friends to wire money to get out of trouble.  Close examination
reveals that this is not _forged_, i.e., it really does come from the
user's webmail account, but it seems incredibly out of character and not
the person's writing style.  

This is the result of the user's webmail credentials having been
compromised, often through a Windows malware infestation, which gave
total control over the legitimate user's webmail account to spammers
and/or Nigerian-style 419-scam artists.  Who immediately send out
unwanted, fraudulent mail _as_ that user to everyone in the user's
webmail address book, including the mailing list.

Because this mail doesn't have forged headers, unlike regular spam that
rains onto all IPs all the time, it tends to be accepted as genuine by
the MLM and sent out to subscribers.  This would be the (rare) case of
spam likely to be encountered by ordinary subscribers to mailing lists.
There's nothing to do about it other than set the moderated flag on the
user (or unsubscribe him/her) while the user takes care of his/her
security problem.

And, of course, commercial mailing list services such as Google Groups,
Yahoo Groups, Mailchimp, Mailgun, etc. are equally subject to that
problem.