mailing list politics

[richb at pioneer.ci.net (Rich Braun)]

What to do about spam?  For now, get SpamAssassin and install the ancillary
utilities (Razor2, dcc, pyzor).  You need all three of the spam-database
thingies to get it up to 99% effectiveness.

It really *does* work quite well now.  I still get 70 spams a day but fewer
than 1% get through without getting tagged (and summarily circular-filed).

The next thing I did was automate my whitelist by tying SpamAssassin into the
SQL database that holds my addressbook.  That way I can make the filter pretty
aggressive, but still accept email from new correspondents without having to
add them into a whitelist first (or have them go through the
challenge-response hoops people commented on here).

The other thing that *needs* to happen, and will someday I predict, is a
do-not-email database run by the US government along the lines of the
do-not-call database.  Also a $5000 penalty per unsolicited email (the way the
do-not-fax law currently works).  True, people in China or someplace like that
will continue to try to spam us here in the USA, but they won't get far once
those penalties are in place:  shields will go up on port-25 on a national
level against any country which doesn't play ball with similar penalties.

It's a little more complicated to do a do-not-email list than a do-not-spam
list, but I think the concept of setting up a central registry is sound.  It's
clearly impractical to have multiple registries; spammers are hoping the
government allows creation of 10,000 separate do-not-email lists, so they can
hop from one to another with confidence that no one can get onto all of them.

-rich