Date   

locked Re: Proposal: All groups must be moderated or new user moderated

christopher hallsworth <challsworth2@...>
 

There is really, general chat forums for example should not need moderating by default.

On 5 Oct 2016, at 04:51, Mark Fletcher <markf@corp.groups.io> wrote:

Hi All,

One of the things I'm seeing with the spammer is that they'll subscribe to an existing group and post their spam. If a group is moderated or has NuM set, the group members never see the spam and it's not a problem (and no incentive for the spammer to continue). But for open groups, it's not a good experience for anyone involved. So I propose to make it so that all groups must be either moderated or have new users be moderated. I have not yet thought through whether this should apply to sub-groups as well. But I wanted to get everyone's take on this proposal first. Is there a good reason to allow open groups at all?

Thanks,
Mark


locked Re: Proposal: All groups must be moderated or new user moderated

 

On Tue, Oct 4, 2016 at 8:53 PM, Ro <recarlton@...> wrote:

What would the time frame be for taking people off New User Moderated?   as soon as Owner is sure its not a spammer?  any time?  if so, I have no object.  I dont currently moderate either of my groups...

I wouldn't enforce any time frame. It'd either be after the set number of approved messages for NuM (if there is one specified), or by action of the moderator. 

Thanks,
Mark


locked Re: Proposal: All groups must be moderated or new user moderated

Ro
 

What would the time frame be for taking people off New User Moderated?   as soon as Owner is sure its not a spammer?  any time?  if so, I have no object.  I dont currently moderate either of my groups...


Ro

with Sally and Silk waiting at their feed dishes, and Handy, Feliz &  Police Kitty patrolling in the Great Beyond.





From: beta@groups.io <beta@groups.io> on behalf of Mark Fletcher <markf@corp.groups.io>
Sent: Tuesday, October 4, 2016 8:51 PM
To: beta@groups.io
Subject: [beta] Proposal: All groups must be moderated or new user moderated
 
Hi All,

One of the things I'm seeing with the spammer is that they'll subscribe to an existing group and post their spam. If a group is moderated or has NuM set, the group members never see the spam and it's not a problem (and no incentive for the spammer to continue). But for open groups, it's not a good experience for anyone involved. So I propose to make it so that all groups must be either moderated or have new users be moderated.  I have not yet thought through whether this should apply to sub-groups as well. But I wanted to get everyone's take on this proposal first. Is there a good reason to allow open groups at all?

Thanks,
Mark


locked Proposal: All groups must be moderated or new user moderated

 

Hi All,

One of the things I'm seeing with the spammer is that they'll subscribe to an existing group and post their spam. If a group is moderated or has NuM set, the group members never see the spam and it's not a problem (and no incentive for the spammer to continue). But for open groups, it's not a good experience for anyone involved. So I propose to make it so that all groups must be either moderated or have new users be moderated.  I have not yet thought through whether this should apply to sub-groups as well. But I wanted to get everyone's take on this proposal first. Is there a good reason to allow open groups at all?

Thanks,
Mark


locked Re: Spam filter

 

It's quite possible the addresses are all from yahoo.com because they're part of the big Yahoo password compromise, so let's assume the spammer has cracked the passwords of thousands of legitimate, years-old Yahoo accounts.

One thing you can do is use a CAPTCHA to create a group. That would at least put a damper in an automated process creating groups. Blind users won't like it, but you can add an alternate approval method by Groups.io support if the group looks legitimate.

I can think of ideas, but I'm not going to post them here, because you say the spammer is reading this group. Every idea I can think of, I can also think of a way around. If you find patterns to the spam group contents or the method in which they're created, you can try adjusting to those, but the spammer will work to try to get around them.

Some people do not have credit cards, and I would be wary of providing credit information to create a free group. Bad guys probably have lots of stolen credit card information, or could go get a prepaid card and use that.

Look into SpamAssassin if you want spam detection. It's pretty good. Though obviously not perfect.

It sounds like human moderation of newly created groups is the only real way out of this.

JohnF


locked Re: Spam filter

monamouroui
 

On Oct 4, 2016 12:36 PM, "Mark Fletcher" <markf@corp.groups.io> wrote:
>
> On Mon, Oct 3, 2016 at 6:45 PM, Shal Farley <shals2nd@...> wrote:
>>
>>
>> > ... (each using a unique Yahoo email as owner).
>>
>> That's intriguing. Is he using the disposable address feature to create them, and can you automatically detect the hyphenated syntax of disposable Y!mail address for blocking? They would all have the same base name, a hyphen, then a variable part.
>>
>
> He's not using the disposable address feature. They're just plain-jane Yahoo accounts. He clearly has access to as many Y! accounts as he wants.
>
>

Are the addresses hacked or is someone at Yahoo terrorizing you in order to shut you down? Is this something you can report to the FBI or FCC?

Sara


locked Re: Spam filter

 

I agree. You would typically create a slew of them at once. So perhaps make weekly and monthly limits?

Sent from my iPhone

On Oct 4, 2016, at 11:42 AM, toki <toki.kantoor@gmail.com> wrote:

On 04/10/2016 17:18, David P. Dillard wrote:

Hence one new list per week per owner would be adequate as a means of really good control
The issue I see with one list per week, is when creating groups for
similar, but related things.

By way of example:
* Software-program-users: General list, for all users;
* Software-program-developers: List where developers discuss things;
* Software-program-a11y: List discussing a11y requirements, and more
importantly, solutions;
* Software-program-L10n: List discussing localazation and
internationalization issues;
* Software-program-Linux: List specifically for Linux issues/users;
* Software-program-iOS: List specifically for iPhone/iPad/iPod issues/users;
* Software-program-Windows: List specifically for Windows issues/users;
* Software-program-Android: List specifically for Android issues/users;
* Software-program-MacOS-X: List specifically for Mac OS X issues/users;
* Software-program-BSD: List specifically for BSD issues/users;

Or, for organizations:

* Organization-PR: News releases and other positive things about the
organization;
* Organization-BOD: List for the Board of Directors;
* Organization-Stakeholders: List for all stakeholders of the organization;
* Organization-Finance: List discussing the financial affairs of the
organization;
* Organization-Committee1: List for the first committee of the organization;

On the flipside, lists of that type are probably going to have a
sponsoring organization, and as such the owner would probably fall into
either _Groups.IO Premium_, or more likely _Groups.Io Enterprise_.

Maybe include "instant", on-demand list creation as _Groups.Io
Enterprise_ feature.

###

In these examples, I am ignoring HIPPA, S-Ox, and similar legislation,
where email data can't be made public.

jonathon


--
J

Messages are the sole opinion of the author. 

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


locked Re: Spam filter

toki
 

On 04/10/2016 17:18, David P. Dillard wrote:

Hence one new list per week per owner would be adequate as a means of really good control
The issue I see with one list per week, is when creating groups for
similar, but related things.

By way of example:
* Software-program-users: General list, for all users;
* Software-program-developers: List where developers discuss things;
* Software-program-a11y: List discussing a11y requirements, and more
importantly, solutions;
* Software-program-L10n: List discussing localazation and
internationalization issues;
* Software-program-Linux: List specifically for Linux issues/users;
* Software-program-iOS: List specifically for iPhone/iPad/iPod issues/users;
* Software-program-Windows: List specifically for Windows issues/users;
* Software-program-Android: List specifically for Android issues/users;
* Software-program-MacOS-X: List specifically for Mac OS X issues/users;
* Software-program-BSD: List specifically for BSD issues/users;

Or, for organizations:

* Organization-PR: News releases and other positive things about the
organization;
* Organization-BOD: List for the Board of Directors;
* Organization-Stakeholders: List for all stakeholders of the organization;
* Organization-Finance: List discussing the financial affairs of the
organization;
* Organization-Committee1: List for the first committee of the organization;

On the flipside, lists of that type are probably going to have a
sponsoring organization, and as such the owner would probably fall into
either _Groups.IO Premium_, or more likely _Groups.Io Enterprise_.

Maybe include "instant", on-demand list creation as _Groups.Io
Enterprise_ feature.

###

In these examples, I am ignoring HIPPA, S-Ox, and similar legislation,
where email data can't be made public.

jonathon


locked Re: Spam filter

Maria
 

And maybe a control could be added for addition of subgroups within a list in case that's a potential loophole if limits were to be placed and found to be helpful.


locked Re: Spam filter

Maria
 

Totally agree! 

Maria 


locked Re: Spam filter

David P. Dillard
 

I may stand corrected by other list owners, but a discussion group is a lot of work and serious non-spamming owners put lots of hard work into running lists. I, therefore doubt that legitimate lists are a frequent starting activity. Hence one new list per week per owner would be adequite as a means of really good control on this mass list creation activity. The fly in this ointment, however, is that these spammers are probably creating lists under multiple email identities, in which such a restriction is probably of little or no value.





Sincerely,
David Dillard
Temple University
(215) 204 - 4584
jwne@temple.edu

On Tue, 4 Oct 2016, Carol Good wrote:

On Mon, Oct 3, 2016 at 04:25 pm, Mark Fletcher wrote:

Can I firstly say I appreciate how difficult you must find this.

Regardless of ARC, I feel like something needs to be done to address what's
happening right now. The same guy is creating group after group (~50 so far
today; hundreds since this started last week) of spam lists (each using a
unique Yahoo email as owner). I don't want to host this junk and I don't
I'm probably talking out of the top of my head (or another part of my anatomy) but is there some way of restricting group creation based on IP address? It sounds as though some automation is being used if that many groups are being created in such a short space of time. A genuine group owner is highly unlikely to be setting up a) that many groups or b) groups that quickly (even if an owner wants sub-groups, I would think they would create one and go through the set-ups before moving to the next).

If the spammer is restricted to creating one group an hour (say) it would at least put a big dent in their efforts, while a genuine owner probably wouldn't have any problem waiting for an hour, particularly if there's an explanatory message.

Carol



locked Re: Spam filter

Steph Mathews <smathews@...>
 

I suggest that we use IP addresses.  Me and a friend of mine has had a bad experience with someone who joins groups with just 2 words followed by numbers and uses every email address with these 2 words till they get into a group.
 
Please note everyone I'm not trying to attack anyone, I'm just trying to help here.  Steph

Sent: Tuesday, October 04, 2016 11:36 AM
Subject: Re: [beta] Spam filter

On Mon, Oct 3, 2016 at 6:45 PM, Shal Farley <shals2nd@...> wrote:

> ... (each using a unique Yahoo email as owner).

That's intriguing. Is he using the disposable address feature to create them, and can you automatically detect the hyphenated syntax of disposable Y!mail address for blocking? They would all have the same base name, a hyphen, then a variable part.


He's not using the disposable address feature. They're just plain-jane Yahoo accounts. He clearly has access to as many Y! accounts as he wants.

He has also started joining existing groups and sending spam to those. This makes me wonder if I should set the default for new groups to be New User Moderated with an unmoderate after # of something like 2 messages. Thoughts?

Someone else suggested looking at IP addresses. Since I'm still blocking Morocco, he's been VPNing using a variety of services based in the USA.

A motivated individual... On the bright side, this exercise will definitely make us better.


Mark


locked Re: Spam filter

 

On Mon, Oct 3, 2016 at 6:45 PM, Shal Farley <shals2nd@...> wrote:

> ... (each using a unique Yahoo email as owner).

That's intriguing. Is he using the disposable address feature to create them, and can you automatically detect the hyphenated syntax of disposable Y!mail address for blocking? They would all have the same base name, a hyphen, then a variable part.


He's not using the disposable address feature. They're just plain-jane Yahoo accounts. He clearly has access to as many Y! accounts as he wants.

He has also started joining existing groups and sending spam to those. This makes me wonder if I should set the default for new groups to be New User Moderated with an unmoderate after # of something like 2 messages. Thoughts?

Someone else suggested looking at IP addresses. Since I'm still blocking Morocco, he's been VPNing using a variety of services based in the USA.

A motivated individual... On the bright side, this exercise will definitely make us better.


Mark


locked Re: Spam filter

Carol Good
 

On Mon, Oct 3, 2016 at 04:25 pm, Mark Fletcher wrote:

Can I firstly say I appreciate how difficult you must find this.

Regardless of ARC, I feel like something needs to be done to address what's
happening right now. The same guy is creating group after group (~50 so far
today; hundreds since this started last week) of spam lists (each using a
unique Yahoo email as owner). I don't want to host this junk and I don't
I'm probably talking out of the top of my head (or another part of my anatomy) but is there some way of restricting group creation based on IP address? It sounds as though some automation is being used if that many groups are being created in such a short space of time. A genuine group owner is highly unlikely to be setting up a) that many groups or b) groups that quickly (even if an owner wants sub-groups, I would think they would create one and go through the set-ups before moving to the next).

If the spammer is restricted to creating one group an hour (say) it would at least put a big dent in their efforts, while a genuine owner probably wouldn't have any problem waiting for an hour, particularly if there's an explanatory message.

Carol


locked Image preview for links in database? #suggestion

Maria
 

Is there any way for links added to a database to generate a visual preview? 

having a visual preview for a link would make for a very visually attractive database.

thank you!

Maria 


locked Re: Spam filter

Carol Good
 

On Tue, Oct 4, 2016 at 06:30 am, J_Catlady wrote:

Yahoo requires a phone number (even just to open an account), but (a) a lot of
good that evidently does (sarcasm), and (b) the spammers could just use
throwaway cell phones. So, forget phone numbers.
I've had my yahoomail for 17-odd years - Yahoo can go whistle for my phone number no matter how often they ask... :)

Facebook requires driver's licenses (or did, last time I checked) but that
presents difficulties. I don't know what they're doing now (and frankly don't
want to know - I have no interest in Facebook).
Which is just one reason why I wouldn't go near FB with a 60' bargepole...
(How, then, does a 13 yo get a FB account without a driving licence? Or indeed, anyone below 13 because despite what their T&C say, we all know it happens...)

Of course all(?) of us here would be willing to give Mark our credit card
numbers, because we know him and we know Groups.io. But would I give it out to
an unknown mailing-list service? I don't know. I can't get back to that
mindset. I probably would not give it out just to be able to open an account,
but to create a group, I think I might, if that was required.
I'm afraid that I'd be highly suspicious of an unknown service wanting my cc details. I've been online for 20-odd years but find it very easy to find that mindset :)

Carol


locked Re: Spam filter

Carol Good
 

On Tue, Oct 4, 2016 at 06:24 am, HR Tech wrote:

Hi Maria,

That's interesting feedback. Maybe you could share what you would feel OK with
in terms of verification methods? Phone #? Address verification? uploading an
ID? It might be helpful to get the perspective of someone who wouldn't be OK
with a credit card.
I signed up to Yahoo and Google before they started demanding phone numbers and they've been trying to get me to part with my phone number - for my convenience, of course - for years. They haven't succeeded yet :)

To clarify, I am not saying that it shouldn't be free (the credit card idea
doesn't have to actually charge someone - it can be used for internal
address/identity verification only)  just trying to think of ways in which
those who hope to abuse the platform can be squashed away. It seems like a
verification of some kind may be necessary?
I appreciated what you were saying; a $1 'set-up' fee (presumably some sort of charge has to be made for the cc to be verified?) rather than a charge for the groups. (Whether these would go through is another matter; I don't know about other countries but in the UK quite often £1 charges are made against accounts in order to see if the fraudsters are going to get away with using stolen card details and our institutions are quite hot on blocking them.)

I did say I don't have an answer. I recognise how difficult this is, and I also recognise that I'm being awkward in my view. While I don't quite have a tinfoil hat, I'm not far off when it comes to anything relating to my finances.

I find it difficult to know what I would consider submitting to a site in order to be able to use it. A scan of something official like a driving licence or bank statement certainly wouldn't happen (not least because not everyone has access to scanners!) and if it isn't anything official, then how good is it for verification?

The other thing which strikes me is that somehow, Mark has to find the time to look at all this verification. I assume places like FB rely on special software for these things.

Just for the record, I trust Mark and all the above comments are made in the spirit of "if I were an outsider coming new to .io".

Then again, I forgot about that time a spammer offered Mark money :) So maybe
a dual level system?
If you take the point I made above, you could find spammers using stolen cc details, so it leaves you no better off... :)

Carol


locked Re: Spam filter

toki
 

On 04/10/2016 01:45, Shal Farley wrote:

Or has he found a way around Yahoo's onerous new-account creation process?
Yahoo's process is onerous only for those that play by the rules.

jonathon


locked Re: Spam filter

 

Yahoo requires a phone number (even just to open an account), but (a) a lot of good that evidently does (sarcasm), and (b) the spammers could just use throwaway cell phones. So, forget phone numbers.

Facebook requires driver's licenses (or did, last time I checked) but that presents difficulties. I don't know what they're doing now (and frankly don't want to know - I have no interest in Facebook).

Of course all(?) of us here would be willing to give Mark our credit card numbers, because we know him and we know Groups.io. But would I give it out to an unknown mailing-list service? I don't know. I can't get back to that mindset. I probably would not give it out just to be able to open an account, but to create a group, I think I might, if that was required.

--
J

Messages are the sole opinion of the author. 

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


locked Re: Spam filter

Maria
 

On Tue, Oct 4, 2016 at 01:29 am, Carol Good wrote:
I don't have an answer to the problem, but for me demanding what I consider to be highly sensitive information isn't the answer.

That's interesting feedback. Maybe you could share what you would feel OK with in terms of verification methods? Phone #? Address verification? uploading an ID? It might be helpful to get the perspective of someone who wouldn't be OK with a credit card.

It seems like so many successful services request verification of some kind, so I wonder if finding effective options to match comfort levels would be something to think about.

To clarify, I am not saying that it shouldn't be free (the credit card idea doesn't have to actually charge someone - it can be used for internal address/identity verification only)  just trying to think of ways in which those who hope to abuse the platform can be squashed away. It seems like a verification of some kind may be necessary?


Then again, I forgot about that time a spammer offered Mark money :) So maybe a dual level system?

What does Google do for their groups?

Maria

17341 - 17360 of 28395