Mailing List Spam Filtering

There are a bunch of ways you can configure your mailing list to minimize the spam that gets sent to it (or the administrative overhead of dealing with that spam). Which ones are appropriate for any particular list will depend on the specifics of the list and its purpose for instance, if you run an announcements-only list, where you're the only person who ever legitimately posts to the list, and you always post from the same email address (or from a couple email addresses), you can probably safely have the list completely discard any post that doesn't come from your address. On the other hand, if members of your group are on a mailing list that serves as a support/help email address for some piece of software you wrote, that list may get legitimate email from any random person on the Internet using your software (who are not likely to be on the list themselves), and there's not going to be much you can do to automatically block spam without also blocking legitimate messages. (Most mailing lists fall somewhere between those two extremes.)

Many of the spam-mitigating options are under "Privacy options" on your list's administrative interface (at https://lists.csail.mit.edu/mailman/admin/your_list_name). When you click "Privacy options" you'll see links to the four sub-pages of options underneath it (and the "Subscription rules" page will be shown):
A few of the options on the "General Options" page may also be of interest.

Filtering senders

Lists can be configured such that only list members are permitted to post. That way, the lists are still open to everybody, and spam won't get through (unless the spammer happens to use a forged return address that matches a subscriber's address). To restrict posting to list members only, click "Privacy Options" on the admin page, and then click "Sender filters" below it. In the resulting page, find "Action to take for postings from non-members for which no explicit action is defined." and set that to Hold (to hold messages from non-members for moderation) or "Discard" (to just delete postings from non-members but also from members who happen to be posting from addresses other than the one they're subscribed under, which might be a problem for your list).

(Setting "Reject" is never advisable, because spammers typically use innocent bystanders' return addresses, so the rejection which quotes some of the spam will usually end up going to some person who probably had nothing to do with it, and your list will in effect be sending spam.)

You can also define some lists of addresses whose posts should be treated specially on the "Sender filters" page. For instance, in the 'List of non-member addresses whose postings should be automatically accepted.", you could add something like

^.*@mit\.edu
^.*@.*\.mit\.edu

a(nd set the "Action to take for postings from non-members for which no explicit action is defined." to either "hold" or "discard") to allow any MIT affiliate posting from their MIT address to send messages to the list, while not opening it up to outside addresses.

There are two problems with that approach: One is that spammers often forge sender addresses, and they often forge them to be similar to or the same as the recipient address, so spam to CSAIL mailing lists will often have a forged MIT sender address. The other one is that this list will apply regardless of the reason a message would otherwise be held or rejected for instance, it might cause a message to be accepted even if it's over the size limit for the list, or even if it includes a .EXE attachment that otherwise would be blocked. But depending on your list filters like this might be a useful part of your arsenal.

You can also add to the "List of non-member addresses whose postings will be automatically discarded.", so if you have a persistent spammer sending from the same address all the time, you can block their postings. (There are also ways to use regular expressions in that list, so if you're getting spam from random addresses that all look like YourFriend@9154123.hk, YourPartner@212947.hk, ForYou@1129433.hk, and so forth, you can block them. Contact TIG at help@csail.mit.edu? if you need help writing regular expressions for sender filters. Note that regular expressions have to start with ^ to avoid being treated as static email addresses.)

Filtering based on "spam score"

There are some other bits you can set to combat the spam that involve content filtering, rather than sender filtering:
  • Check the 'spam filters' section of 'privacy options'.
  • In the first box there, entitled 'Filter rules to match against the headers of a message.', add X-Spam-Flag: YES and set the action to discard.

Mail to lists is examined by spamassassin. By default, mail is completely rejected if it gets a spam score of 15 or greater; it never even reaches the list management software. But if it gets a score between 5 and 15, it merely gets the X-Spam-Flag header attached. You can filter your list based on that header if you choose.

We strongly recommend against setting the action to anything other than discard when configuring spam filtering on a mailing list. Other options will cause Mailman to send email to the sender of the held or rejected message. Since 99.9% of spam is sent with a forged return address, nearly all of Mailman's messages will either bounce or reach some innocent bystander who had nothing to do with the original message.
Topic attachments
I Attachment Action Size Date Who Comment
Privacy_options.pngpng Privacy_options.png manage 23.2 K 11 May 2015 - 18:07 JaySekora Screenshot excerpt showing "Privacy options..." expanded.
Topic revision: 11 May 2015, JaySekora
 

MIT Computer Science and Artificial Intelligence Laboratory

 

  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology