diff options
| -rw-r--r-- | docs/glossary.md | 28 | ||||
| -rw-r--r-- | docs/running/admin_manual.md | 50 |
2 files changed, 77 insertions, 1 deletions
diff --git a/docs/glossary.md b/docs/glossary.md index 441222d04..ce4986b2d 100644 --- a/docs/glossary.md +++ b/docs/glossary.md @@ -46,6 +46,7 @@ Definitions <li><a href="#response">response</a></li> <li><a href="#rails">Ruby on Rails</a></li> <li><a href="#sass">Sass</a></li> + <li><a href="#spam-address-list">spam address list</a></li> <li><a href="#staging">staging site</a></li> <li><a href="#state">state</a></li> <li><a href="#super">superuser</a></li> @@ -867,6 +868,33 @@ Definitions </dd> <dt> + <a name="spam-address-list">spam address list</a> + </dt> + <dd> + Alaveteli maintains a <strong>spam address list</strong>. Any incoming message to an email + address on that list will be rejected and won't appear in the admin. + <p> + This is mainly for email addresses whose messages are ending up + in the <a href="#holding_pen" class="glossary__link">holding pen</a>, because + those are typically addresses that can be safely ignored as they do not + relate to an active <a href="#request" class="glossary__link">request</a>. + </p> + <div class="more-info"> + <p>More information:</p> + <ul> + <li> + To add addresses to the spam address list , see + <a href="{{ site.baseurl }}docs/running/admin_manual/#rejecting-spam-that-arrives-in-the-holding-pen">Rejecting + spam that arrives in the holding pen</a>. + </li> + <li> + The spam address list is available on your site at <code>/admin/spam_addresses</code>. + </li> + </ul> + </div> + </dd> + + <dt> <a name="staging">staging server</a> (also: staging site) </dt> <dd> diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index d18c1c8f9..47055d0a7 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -31,6 +31,7 @@ In this guide: <ul> <li><a href="#administrator-privileges-and-accessing-the-admin-interface">Administrator privileges and accessing the admin interface</a></li> <li><a href="#removing-a-message-from-the-holding-pen">Removing a message from the 'Holding Pen'</a></li> + <li><a href="#rejecting-spam-that-arrives-in-the-holding-pen">Rejecting spam that arrives in the holding pen</a></li> <li><a href="#creating-changing-and-uploading-public-authority-data">Creating, changing and uploading public authority data</a></li> <li><a href="#banning-a-user">Banning a user</a></li> <li><a href="#deleting-a-request">Deleting a request</a></li> @@ -403,6 +404,54 @@ another request** button. The message will now be associated with the correct request. It is no longer in the holding pen, and is shown instead on the public request page. +### Rejecting spam that arrives in the holding pen + +Alaveteli maintains a +<a href="{{ site.baseurl }}docs/glossary/#spam-address-list" class="glossary__link">spam address list</a>. +Any incoming message to an email address on that list will be rejected and +won't appear in the admin. + +If you see spam messages in the +<a href="{{ site.baseurl }}docs/glossary/#holding_pen" class="glossary__link">holding pen</a>, +check if they are being sent to a *specific* email address. If they are, that +email address has become a "spam-target" and you should add it to the spam +address list. Thereafter, Alaveteli will automatically reject any messages that +come into that address. + +An email address that is not associated with a request (that is, one whose +messages end up in the holding pen) becomes a spam-target once it's been +harvested by spammers. It may no longer be valid because the request to which +it belonged has closed, or it may have been mis-spelled in a manual reply. +Our experience from running +<a href="{{ site.baseurl }}docs/glossary/#wdtk" class="glossary__link">WhatDoTheyKnow</a> +is that you can safely dismiss incoming email to such addresses once they have +been targetted in this way. Legitimate emails that arrive in the holding pen +tend to be unique errors (for example, missing the last character of the email +address due to a cut-and-paste mistake) and the nature of the lifecycle of +requests means they don't typically get used for spam until they are +effectively dead. + +The easiest way to add such an email address to the spam address list is to do +so from the incoming message itself. In the admin interface, go to the holding +pen (click on **Requests** and then **Holding pen**). Under *Incoming Messages* +click on the message that is spam. Under *Actions*, click on the **Mark as +spam** button that appears by the `To:` email address. + +You can see the spam address list (that is, all known spam-target email +addresses) by going to the admin interface at `/admin/spam_addresses`. As an +alternative to using the **Mark as spam** button on the message itself, you can +manually add any email address there and click **Add spam address**. + +You can remove any address from the list by clicking the **Remove** button +next to it. Of course, this won't restore any messages that have been +rejected, but Alaveteli will not reject any new messages that are sent to +this address. + +Note that if you are seeing consistent spam email in your holding pen, you +should also consider implementing (or increasing) the anti-spam measures +running in your +<a href="{{ site.baseurl }}docs/glossary/#mta" class="glossary__link">MTA</a>. + ### Creating, changing and uploading public authority data There are three ways to change public authority data on your site: @@ -719,4 +768,3 @@ text you wish to replace it with e.g. '[personal information has been hidden]', and a comment letting other admins know why you have hidden the information. - |