Mailing List Spam Filtering
There are a bunch of ways you can configure your mailing list to minimize the spam that gets sent to it (or the administrative overhead of dealing with that spam). Which ones are appropriate for any particular list will depend on the specifics of the list and its purpose — for instance, if you run an announcements-only list, where you’re the only person who ever legitimately posts to the list, and you always post from the same email address (or from a couple email addresses), you can probably safely have the list completely discard any post that doesn’t come from your address. On the other hand, if members of your group are on a mailing list that serves as a support/help email address for some piece of software you wrote, that list may get legitimate email from any random person on the Internet using your software (who are not likely to be on the list themselves), and there’s not going to be much you can do to automatically block spam without also blocking legitimate messages. (Most mailing lists fall somewhere between those two extremes.)
Many of the spam-mitigating options are under “Privacy options” on your
list’s administrative interface (at
https://lists.csail.mit.edu/mailman/admin/your_list_name).
When you click “Privacy options” you’ll see links to the four sub-pages of
options underneath it (and the “Subscription rules” page will be shown):
Filtering senders
Lists can be configured such that only list members are permitted to post. That way, the lists are still open to everybody, and spam won’t get through (unless the spammer happens to use a forged sender address that matches a subscriber’s address). To restrict posting to list members only, click “Privacy Options” on the admin page, and then click “Sender filters” below it. In the resulting page, find “Action to take for postings from non-members for which no explicit action is defined.” and set that to Hold (to hold messages from non-members for moderation) or “Discard” (to just delete postings from non-members — but also from members who happen to be posting from addresses other than the one they’re subscribed under, which might be a problem for your list).
(Setting “Reject” is never advisable, because spammers often use innocent bystanders’ return addresses, so the rejection — which quotes some of the spam — will usually end up going to some person who probably had nothing to do with it, and your list will in effect be sending spam.)
You can also define some lists of addresses whose posts should be treated specially on the “Sender filters” page. For instance, in the ‘List of non-member addresses whose postings should be automatically accepted.", you could add something like
^.*@mit\.edu
^.*@.*\.mit\.edu
and set the “Action to take for postings from non-members for which no explicit action is defined.” to either “hold” or “discard”) to allow any MIT affiliate posting from their MIT address to send messages to the list, while not opening it up to outside addresses.
There are two problems with that approach: One is that spammers often
forge sender addresses, and they often forge them to be similar to or
the same as the recipient address, so spam to CSAIL mailing lists will
often have a forged MIT sender address. The other one is that this list
will apply regardless of the reason a message would otherwise be held or
rejected — for instance, it might cause a message to be accepted even
if it’s over the size limit for the list, or even if it includes a .EXE
attachment that otherwise would be blocked. But depending on your list,
filters like this might be a useful part of your arsenal.
You can also add to the “List of non-member addresses whose postings will
be automatically discarded.", so if you have a persistent spammer sending
from the same address all the time, you can block their postings.
(There are also ways to use regular expressions in that list,
so if you’re getting spam from random addresses that all look like
YourFriend@9154123.hk, YourPartner@212947.hk, ForYou@1129433.hk,
and so forth, you can block them. Contact TIG at help@csail.mit.edu
if you need help writing regular expressions for sender filters.
Note that regular expressions have to start with ^ to avoid being
treated as static email addresses.)
Filtering based on “spam score”
There are some other things you can set to combat the spam that involve content filtering, rather than sender filtering.
Discarding messages flagged as spam by SpamAssassin
(You probably don’t need to add this rule; it’s added by default when you create a list at CSAIL. But if a lot of spam seems to be getting through to your list you might want to check and make sure the rule hasn’t been deleted.)
- Check the “Spam filters” section of “Privacy options”. There’s
probably already a filter rule that mentions
X-Spam-Flag: YES. If so, your list is already discarding mail our spam filtering flags as spam, and you don’t need to add it. (It’s automatically added when new lists are created at CSAIL.) - If not, in the first box there, entitled “Filter rules to match against
the headers of a message.", add
X-Spam-Flag: YESand set the action to “discard”.
Mail to lists is examined by spamassassin. By default, mail is completely rejected if it gets a spam score of 8 or greater; it never even reaches the list management software. But if it gets a score between 5 and 8, it merely gets the X-Spam-Flag header attached. You can filter your list based on that header if you choose.
We strongly recommend against setting the action to anything other than “discard” when configuring spam filtering on a mailing list. Other options will cause Mailman to send email to the sender of the held or rejected message. Since much spam is sent with a forged return address, many of Mailman’s messages will either bounce or reach some innocent bystander who had nothing to do with the original message.
Discarding (or moderating) messages with moderate spam scores
If you want to be significantly stricter about how high a spam score your list will accept (e.g. only accepting messages with a score of 3 or lower, rather than 5), send mail to help@csail.mit.edu and we can give you some advice about how to do that. Note that discarding mail with a score of 4 or 5 is quite likely to affect legitimate mail as well as spam. Depending on the purpose and configuration of your list, though, that might be acceptable. Also, if your list generally lets through mail from non-members without moderator approval, it may be valuable to hold messages that aren’t obviously legitimate (don’t have a very low spam score) for moderator approval.