William Allen Simpson wrote:
The spammers have figured out how to bypass the NANOG members-only posting, in this case by pretending to be John Fraizer and sending directly to trapdoor.
On our public list servers we now require admin approval of all new subscriptions as well as email verification. It takes time, but it is worth it. Additionally, the admins occassionally reply to new subscribers with "questionable" addresses and ask them for a bit more info (who/what/why/etc). Finally all new subscribers are automatically moderated until their first post proves them to in fact be legit and on topic. Finally, we crawled the archives of the big lists and have come up with a list of subscribers who haven't posted in over 9 months, we plan to set the mod bit on them too very soon. These are necessary steps simply because we see at least 30 requests each week for what amounts to invalid subscriptions, if those subscriptions went through unfettered then users would be upset. Even if one bogus subscription slips through, the auto-mod provides a second chance to stop them. Perhaps these are some ideas for the NANOG mailinglist admins to implement. -Jim P.