SCN: Why so much spam?

[J. Johnson]

A question I seem to be hearing more in recent months is:  "why am I
getting so much spam?"  Roughly speaking, there are two answers.

First, spam is being sent directly to various SCN lists because they
were posted on a web page, and subsequently harvested by spammers.
There is not much we can do about that now, except fighting spam
generally.

The second answer is:  because the systems that constitute the Internet
still have holes the spammers can exploit to hide their identities.
And unfortunately, until two days ago SCN was part of the problem:  we
had a CGI script (FormMail.pl) with a widely known vulnerability,
which was being used to pump spam into the Internet.  We have disabled
that script, but it is still available on many other systems.  

There has been a long running contention in SCN that we should
maximize services, regardless of cost or consequence, that security
and other allegedly specious considerations should always yield to
maximizing services and user friendliness.  Well, one of the
consequences of slack security is--spam.

Fortunately, it does not have to be all or nothing.  It is possible to
provide a reasonable suite of user services without egregious security
blunders.  However, it does take a lot of work (yikes!), and a certain
amount of discipline (a quality not heretofore notable here).  And we
are making progress.  But there is a lot of work to be done, so relief
from spam is going to take a while.

=== JJ =============================================================

* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *