[Aavso-photometry] Spam on the Lists...

Richard "Doc" Kinne rkinne at aavso.org
Wed May 6 13:46:13 EDT 2009 

Folks:

Anybody wanna buy a watch?

Well, you might, but you don't want that sales person coming here to  
do it!  Welcome to the wonderful world of spam. The arms race is not  
over, its just changed paradigms.

I'm sure folks have noticed that we have gotten a bit of spam on the  
lists of late. I wanted to say a few words about it.

What we do (what everyone does) on email lists to combat spam is to  
restrict posting to the list to verified members. If your email is on  
the list as a member, you get to post to the list. If not, you don't.  
By and large the SysAdmin community has found this to be rather  
effective. Every so often - perhaps once a week or less so far - spam  
leaks into the email lists. What you don't see is that the lists are  
actually spammed more than 250 times per day and the "only members can  
post" filter manages to effectively block 99.7% of them.

What has happened in the last couple of weeks is that a spammer has  
managed to "spoof" Aaron Price's email address here at the AAVSO. Now,  
while we know that Aaron is a doctoral grad student in addition to the  
work he does at HQ his economy has not gotten bad enough so that he's  
selling watches on the Internet. We all know that Aaron is not sending  
these emails.

An "email harvester," however, has gotten ahold of Aaron's email and  
since Aaron is a member of our lists, if a spammer can put Aaron's  
email in the From: field of an email list serve software will say,  
"Hey, this email is a member. They can post to the list" and this is  
how the spammer gets around our little wall.

How did the email harvester get Aaron's email address? There are a  
number of ways, of course, but what probably happened is that  
someone's computer was infected somehow and that infection read an  
address book that sent Aaron's address (as well as everyone elses)  
back to the spammer. This is one way that spammers get what they see  
as "good" email addresses.

At this point, in order to combat this situation, with Aaron's  
permission we've placed his postings on "moderate." Because Aaron is  
still an administrator on these lists, should he need to, he'll be  
able to approve his own postings and still take part in discussions,  
but a spammer trying to post as Aaron will be blocked.

Spam is a touchy issue on the email lists, as well it should be. I  
just wanted to let you folks know what was going on and what was being  
tried regarding the situation.
---
Richard 'Doc' Kinne, [KQR]
American Association of Variable Star Observers
<rkinne @ aavso.org>

More information about the Aavso-photometry mailing list