BerkeleyLUG - list: "New member posts are moderated" - should I/we change that?

[Michael Paoli]

In checking over the BerkeleyLUG list
https://groups.google.com/forum/#!forum/berkeleylug
a bit, I noticed the current setting:
New member posts are moderated
Should I/we change that to:
No posting restrictions for new members.

Bit 'o information/background.
The "list" (Google group) is publicly archived, and currently has
132 "members".
All but one "member" is set so they can post without being
moderated (Posting:Allowed).
The one member that is Moderated is, I presume, so moderated
due to inappropriate posting(s) or attempts thereof (the
domain name is itself quite expletive, and seems improbable
to be a source of reasonably legitimate postings).

For any unmoderated (Posting:Allowed) we can do (about?) nothing
to prevent inappropriate posting(s) - at least prior to,
though we can remove inappropriate posting(s) from the archive - but
that does nothing to prevent such postings from being mailed to all
members.

So ... should we change to:
No posting restrictions for new members
That may be significantly more inviting for new members.
That may also risk some spam / inappropriate posting(s) - though we
can, after the fact, add moderation to the offending member
and remove the posting from the archive.
And of course we could always again set:
New member posts are moderated

Also, not fully sure on:
New member posts are moderated
if that "New member" setting sticks for some fixed period of time,
or until "New member" posts (attempts to), and that's
approved by moderator(s) ... or what precisely the algorithm is on that.

Anyway, we could always try it ... and if it's problematic or
otherwise undesired, switch it back.

Anyone can sign themselves (their email address) up as a member
(with negligible exception - there's a small "banned" list - but
those email addresses were likely banned for good reason - and looks
like they're probably all bot driven spam generating email
addresses (so, banning 'em probably also is likely relatively
useless, as they likely just generate new email addresses to sign
up as members)).

[goossbears]

On Tuesday, September 10, 2019 at 7:14:09 AM UTC-7, Michael Paoli wrote:

In checking over the BerkeleyLUG list
https://groups.google.com/forum/#!forum/berkeleylug
a bit, I noticed the current setting:
New member posts are moderated
Should I/we change that to:
No posting restrictions for new members.

One response on this that I'm thinking of hinges on the weighing-in of whether you/we

are encouraging new members to post valid messages at the decided expense of

cases of False Negatives when "new members" (spammers, etc) are able to

game the system and effectively get their usually invalid/spammy messages posted.

An applicable depiction of this weighing-in, IMO, is the review of a variation of the

"wolf-prediction" model of https://developers.google.com/machine-learning/crash-course/classification/true-false-positive-negative

that uses a 2x2 confusion matrix depicting four possible outcomes.

In our case of new member moderation or not, the positive class is "Spammer" and the negative class is "Valid List Subscriber".

So as an appropriate tweak of this model...
-----------------------------------------
True Positive (TP):
* Reality: Spammer tries to access
BerkeleyLUG mailing-list and/or its
members
* List admin said: "Moderation-on by
default for new members; Spammer!"
* Outcome: List admin is a hero
------------------------------------------

------------------------------------------
False Negative (FN):
* Reality: Spammer tries to access
BerkeleyLUG mailing-list and/or its
members
* List admin said: "NO moderation-on by
default for new members; Valid List
Subscriber!"
* Outcome: Spammer keeps getting their
messages posted on the list until
finally caught and banned
------------------------------------------

------------------------------------------
False Positive (FP):
* Reality: Valid List Subscriber
subscribes to mailing-list
* List admin said: "Moderation-on by
default for new members; Spammer!"
* Outcome: New list-members get confused
or annoyed at list admins over why they
cannot post legitimate messages
------------------------------------------

------------------------------------------
True Negative (TN):
* Reality: Valid List Subscriber
subscribes to mailing-list
* List admin said: "NO moderation-on by
default for new members; Valid List
Subscriber!"
* Outcome: New list-members can post

their valid messages and are as fine and

dandy as they can be

------------------------------------------

Of course we'd all probably want to optimize both the TP's and TN's here through
whatever new member moderation-level (or absence) is agreed-upon, but then by doing
so, this will probably also directly affect the undesirable FN's and FP's to one degree
or another.

-A

[Rick Moen]

Quoting Michael Paoli (Michae...@cal.berkeley.edu):

> In checking over the BerkeleyLUG list
> https://groups.google.com/forum/#!forum/berkeleylug
> a bit, I noticed the current setting:
> New member posts are moderated
> Should I/we change that to:
> No posting restrictions for new members.

Depends. IMO, admin setting of this toggle is a tactical concern.

New members being unmoderated results in minimum listadmin bother, which
under normal circumstances is desirable. However, in the exceptional
case, a mailing list (or Google Group) is plagued by one or more
problematic participant seeking to evade being banned or put on
moderated status by also joining from additional throwaway subscription
addresses. In that exceptional case, in my experience toggling on the
'New member posts are moderated' setting is an effective countermeasure.
(If possible, make sure posters are _not_ notified when postings are
held for listadmin review, so that your administrative tactics are
rendered more difficult to figure out.)

When I've used that setting in Mailman (temporarily) during a deluge of
abusive behaviour, I most often uncheck the 'moderated' tickbox for a
poster when manually approving roughly the first or second post from
that address, as the poster has then given sufficient evidence of not
being just another sockpuppet of a banned/restricted participant -- but,
again, it's in your interest to not have your patterns in this area of
mailing list administration publicly known or 100% consistent, so as to
make it more difficult for The Inevitable Ones to work around you.

In my experience...

> That may also risk some spam / inappropriate posting(s)

...spammers don't join mailing lists. There are reasons (omitted here)
why they are reluctant to navigate the required three-way handshake
confirmation.

Semi-exception: A subscriber who is careless with webmail security
(e.g., MS-Windows malware or falling for a phishing scam) may well have
his/her webmail account compromised by criminal interests that then
broadcast-out UCE to all the webmail account's established
correspondents including mailing lists. Call it the GMail syndrome, if
you wish. The spam goes through because it genuinely came from a
subscribed poster's address. If this sort of mishap (rare) is
unacceptable to a listadmin, the listadmin's only solution is widespread
use of moderated status. But personally I don't agree, and merely (if I
see that has happened) slam the subcription with a 'moderated' flag to
stop the bleeding.

[Rick Moen]

Quoting Michael Paoli (Michae...@cal.berkeley.edu):

> In checking over the BerkeleyLUG list
> https://groups.google.com/forum/#!forum/berkeleylug
> a bit, I noticed the current setting:
> New member posts are moderated
> Should I/we change that to:
> No posting restrictions for new members.

To expand on what I said:

The more widely you deploy the 'moderated' flag on subscribed senders,
the more one of two things must then ensue: Either the listadmins
work incrementally harder monitoring the held-messages queue frequently,
or legitimate posters encounter delay in their postings going out -- or
some combination. Both of those things are (differently) bad.

For legit posters, unexplained and mysterious transmission delays are a
turn-off. For listadmins, more scutwork is a turnoff.

For those reasons, the moderated flag should be used only to the minimum
feasible degree.

[goossbears]

 Rick M wrote:

The more widely you deploy the 'moderated' flag on subscribed senders,
the more one of two things must then ensue:  Either the listadmins
work incrementally harder monitoring the held-messages queue frequently,
or legitimate posters encounter delay in their postings going out -- or
some combination.  Both of those things are (differently) bad.

 

To turn this around, though, I would rather suggest that at the extreme,

completely deploying the 'moderated' flag on subscribed senders puts

the major burden of "working incrementally harder" on subscribers and

rather eases the burden a bit on listadmins for the latter to continually

have to review, filter-out as necessary, and reject illegitimate posters,

by default.
OTOH, completely eliminating the 'moderated' flag on subscribed senders
rather puts the major burden of "working incrementally harder" on listadmins

instead, and rather significantly eases the burden on both legitimate and

illegitimate posters to get out their postings. At some point or another on a

fairly continuous basis, listadmins could (or even should) keep on top of

completely unmoderated mailing-lists for the clear benefit of other

subscribers to ensure both that the Volume of messages is at a

manageable level and that the Content of threads is at least

reasonably appropriate for the list (e.g., no spam-type messages,

no drivel, no excessive or at all advertisements, ...etc.)

 

For listadmins, more scutwork is a turnoff.

Hence the SysAdmin adage that "A Good Systems Administrator is a Lazy One"

(see sources [1],[2],[3]) can and probably does apply for mailing-list admins as well.

For those reasons, the moderated flag should be used only to the minimum
feasible degree.

 

And the moderated flag could be used, IMO, as a possible warning to those

posters who get way out of hand in the high Volume or very questionable

Content within their posts.

Sources, references, etc.
[1]https://www.linuxjournal.com/content/how-be-good-and-lazy-system-administrator
[2]https://www.thegeekstuff.com/2011/07/lazy-sysadmin/

[3]https://www.reddit.com/r/sysadmin/comments/b4y05u/best_thing_about_a_system_administrator_job/

---------------------------------------

[Rick Moen]

Quoting goossbears (acoh...@gmail.com):

> To turn this around, though, I would rather suggest that at the extreme,
> completely deploying the 'moderated' flag on subscribed senders puts
> the major burden of "working incrementally harder" on subscribers and
> rather eases the burden a bit on listadmins for the latter to continually
> have to review, filter-out as necessary, and reject illegitimate posters,
> by default.

*scratches head*

Aaron, I have to apologise if I'm being dense, but I really have no idea
how this could possibly be the case. It's basically just not.

A listadmin's action concerning illegitimate posters[1], which 99% of
the time means spam from a non-subscribed address, should in every case
I'm aware of be: do nothing at all. The mailing list should be
configured to automatically expire messages out of queue (delete them)
after a certain number of days. On my Mailman lists I administer, I
keep the hold period to 3 days[2], so that I'll have time to act on any
(very, very rare) legit mail that ends up in queue before it expires,
even if it arrives at the beginning of a holiday weekend. If skittish
about this matter for starters, set the hold period to 5 days (and
you'll soon see that 3 will be fine and lose the spam sooner).

If you are doing any ongoing work concerning reviewing and disposing of
held spam, you're doing mailing list administration wrong.

> OTOH, completely eliminating the 'moderated' flag on subscribed
> senders rather puts the major burden of "working incrementally harder"
> on listadmins instead, and rather significantly eases the burden on
> both legitimate and illegitimate posters to get out their postings.

*scratches head*

Again, I cannot see how this could possibly be true. The opposite is
the case. Somehow, one of us either doesn't understand mailing list
administration, or is communicating very badly.

> At some point or another on a fairly continuous basis, listadmins
> could (or even should) keep on top of completely unmoderated
> mailing-lists for the clear benefit of other subscribers to ensure
> both that the Volume of messages is at a manageable level and that the
> Content of threads is at least reasonably appropriate for the list
> (e.g., no spam-type messages, no drivel, no excessive or at all
> advertisements, ...etc.)

*scratches head*

I don't actually know what the above passage means.

Aaron, you know I respect you, but somehow our communication on this
subject has gone deeply wonky.


In case it will help, let me describe routine Mailman administration for
three of the (considerable number of) lists I admin. Each has a
distinct configuration on account of very different needs. The first
two are the rare use-cases:

1 of 3: SVLUG 'Jobs' list, a fully moderated forum. For historical
reasons that would require a lot of time to explain, all subscribers get
the moderated flag at subscription and it's never cleared. Listadmins
review any non-spam post to verify that it meets the four simple rules
on http://lists.svlug.org/lists/listinfo/jobs . Postings that fall
short of compliance but seem worthy of explanation get a manually
written reject notice like 'Advertised jobs must be within 75 miles of
San Jose, see http://lists.svlug.org/lists/listinfo/jobs' or 'No
job-seeker inquiries, only jobs offered, see
http://lists.svlug.org/lists/listinfo/jobs' . Spam/scam/malware mail gets
no action and expires out authomatically.

2 of 3: svlug-announce, an announce-only forum. Again, all subscribers
get the moderated flag at subscription and it's never cleared, but the
intent is slightly different. The intent here is to permit only very
infrequent posts by SVLUG volunteers to announce upcoming SVLUG
meetings, and to disallow all other traffic -- so that people seeking
SVLUG official announcements only and zero chatter can benefit. After
an SVLUG volunteers sends a post, a listadmin approves it in the admin
queue. Usually, these are the same person. A listadmin could clear
his/her own 'moderated' flag to streamline the process, but this runs
the risk that you might accidentally reply to someone who CC'd
svlug-announce on a talk thread and see to your embarrassment your
off-topic post sail right through without listadmin vetting. (I've done
this, and then I re-set my own 'moderated' flag so I wouldn't
accidentally do it twice.) Again, inppropriate mail, typically
spam/scam/malware mail, is simply ignored and expires out automatically.
If a listadmin is feeling generous, he/she might manually reject a post
by a subscriber who group-replied to a meeting announcement, saying
'svlug-announce is for meeting announcements only. Try the svlug list
for discussion.'

3 of 3: conspire, CABAL's regular discussion mailing list. Normally,
zero subscribers get the moderated flag at subscription, and almost
never get slapped with it thereafter. Only severe misbehaviour earns
it, and I follow a policy of giving the nutcase in question a
pre-specified timeout, typically two weeks, with an e-mail to advise
that he/she will have adult supervision for two weeks, and another to
advise that he/she is now out of the doghouse. Spam/scam/malware mail
gets no action and expires out authomatically.


For each mailing list, Mailman sends listadmins a useful daily summary
of the current admin queue contents, stating sender and Subject header.
After you've been a listadmin for about a day, you can speed-read that
mail and tell to 99.99% that the queue had only Spam/scam/malware mail
and you needn't bother to look closer.


[1] I'm discussing GNU Mailman rather than Google Groups for the simple
reason that I don't administer any of the latter. But I'd be surprised
if the latter are substantially different.

[2] Mailman's default setting is zero days, meaning hold mail in queue
indefinitely until its fate is decided by a listadmin. This is a
particularly bad default, and IMO should always be overriden.

[Michael Paoli]

Okay, based on various discussion on the list, and evidence
thus far that I'm aware of,
changed the setting to:

No posting restrictions for new members