mike.lifeguard+bugs wrote:

Product -> MediaWiki extensions
Component -> Spam blacklist

pgrawehr wrote:

Also (didn't test whether this is already so) non-autoconfirmed users should probably need to enter the captcha to send the Mail.

Background: There have been some users harassing others by sending them spam mails to become a member of some extreme-right-nazi-wiki on dewiki.

syrcro wrote:

Please don not change it: 1. the Spam-blackmail guys are using wikimail to review and discuss spam-black- and white-list issues. 2. There is some kind of a newsletter about suspicion of crosswiki spam which refers to both lists. 3. Users ask frequently about ''their'' blacklisted URL or about whitelisting exceptions. 4. Tinyurl etc are blacklisted, I use them often to send links to wiyki-friends. 5. It will not prefent spaming. blacklists don not block URL without application layer protocol (de.wikipedia.org without http://).

syrcro wrote:

PS: 6. I don not feel well, knowing someone will scan my email for some strings.

mike.lifeguard+bugs wrote:

(In reply to comment #3)

Please don not change it: 1. the Spam-blackmail guys are using wikimail to
review and discuss spam-black- and white-list issues.

They should consider emailing each other directly; most discussion should certainly remain on-wiki.

2. There is some kind of

a newsletter about suspicion of crosswiki spam which refers to both lists.

I am missing the significance of this statement. Mailing lists do not email through the wiki.

Users ask frequently about ''their'' blacklisted URL or about whitelisting
exceptions.

Yes, they should mention the domain instead of linking. Better yet would be undertaking these reviews on-wiki.

4. Tinyurl etc are blacklisted, I use them often to send links to

wiyki-friends.

Trivial; use the full URL or leave off http://

5. It will not prefent spaming. blacklists don not block URL

without application layer protocol (de.wikipedia.org without http://).

Nothing will stop spamming. The perfect is the enemy of the good.

mike.lifeguard+bugs wrote:

(In reply to comment #4)

PS: 6. I don not feel well, knowing someone will scan my email for some
strings.

The system doesn't record what's in the email. We take privacy seriously; see the privacy policy please.

mike.lifeguard+bugs wrote:

(In reply to comment #0)

At the moment, the Wikimail function isn't sensitive to the spam blacklist.
This should be changed, so that it won't be possible to send Wikimails
containing weblinks on the blacklist anymore.

This may be a candidate for AbuseFilter, though ideally the whole extension would simply be rewritten.

Imho the scanning of mails would cause more walls than spam defense.
Spam actually is the mail itself not any link inside. However, if there would be a warning for newbies like: "Just omit http://, then you can place any link!", then of course spammer could use this information, too.
As I take care of the de-sbl I sometimes get e-mails from very unexperienced users, who don't find or don't know how to use the sbl talk page. How should they cope with such an additional filter?

mike.lifeguard+bugs wrote:

I agree this should not be a high priority, though we do know that spammers use Special:EmailUser on occasion. Normally it is very easy to track down, and gets them a swift block with email disabled, proving spammers are not the brightest folk you've ever met.

At the very least, $wgSpamRegex should probably be checked against emails, if it isn't already.

mike.lifeguard+bugs wrote:

Another confirmed case of spamming through the wiki email interface... several hundred emails sent at once, then rotating to a new IP and/or account. It'd be nice to stop them from spamming our users by blacklisting the domain.