From: "Keith F. Lynch" <kfl at KeithLynch.net>
To: WSFA members <WSFAlist at KeithLynch.net>
Subject: [WSFA] It finally happened
Date: Mon, 16 Aug 2010 21:34:38 -0400 (EDT)
Reply-To: WSFA members <WSFAlist at KeithLynch.net>

After more than eight and a half years and more than fourteen thousand
messages, it finally happened:  A single spam succeeded in evading all
my filters and making it to the list.

It succeeded because it was sent to the list address, happened to
forge the name and address of former WSFA member, was not in HTML
format, and the web page it mentioned had never been mentioned in
any spam before.

The list address has never appeared on any website (except with the
word "at" in places of the " at ," making it effectively impossible for
an automated process to harvest it), so I don't know how any spammer
got it.  Maybe from a virus on some WSFA member's computer, I don't
know.  Anyhow, spammers found it and started pounding it a couple
years ago.

Blocking HTML email stopped most spams.  Unfortunately, spammers have
learned that HTML email tends to be blocked, and more and more of them
are sending plain text.

I don't know whether the fact that it forged the name and address
of a former WSFA member is just a remarkable coincidence, or whether
the spammer harvested her address and the list address from the same
compromised machine.  It wouldn't actually be all that astonishing a
coincidence, given how many many spams are sent but blocked.  Far more
spams have been sent to the list than legitimate messages, but until
now all of them have been blocked.

Ivy Yap hasn't actually posted to the list in nearly six years.
And she unsubscribed four years ago.  As far as I know, she hasn't
attended a WSFA meeting in nearly six years, though it's impossible
for me to be sure since someone kept writing her name in on the
sign-in sheet, and appears to still be doing so unless she really
has returned.

Everyone who has ever attended three or more WSFA meetings is
whitelisted on the list, whether or not they ever subscribed to
the list.  I could change that.  Perhaps I could hold messages for
approval if they're from anyone who is not currently a subscriber,
hasn't posted in some number of years, and hasn't attended a WSFA
meeting in some number of years.  What, if anything, would be
plausible numbers?  Three years?  Five?  Or should I leave it alone,
and just put up with one or two spams per decade?  Since they'd all
be in plain text, they cannot harm your computer.

The web page mentioned in the spam is harmless.  It touts a Canadian
pharmacy.

I will not be adding the offending message to the list archives.
(It will remain in my personal archives.)