Summer Tea writes: > I am unsure what the current configuration is; however, I believe > Mailman supports holding messages from non-members for moderator > approval. > > https://www.gnu.org/software/mailman/mailman-admin/sender-filters.html The current configuration is that incoming mail is run through SpamAssassin, then passed on to Mailman. Any message marked as spam by SpamAssassin is held by Mailman for review, as is any message containing an HTML part, because those are much more likely to be spam. I use the default SpamAssassin rules, plus the ones that come with public-inbox. When a spam message makes it through, I run it through public-inbox-learn spam to remove it from the archive and train SpamAssassin. I don't want to require subscription to post to the list, because as a contributor to other projects I find that quite unfriendly, particularly when I'm not intending to become a recurring contributor and so have no need to receive messages from the list. With that of course comes the inability to 100% prevent spam, but I don't think we quite need 100%. This is how the kernel lists work as well, for example. The spam we've been receiving most recently doesn't look suspicious at all to SpamAssassin: nothing weird about the headers; no obviously problematic phrases. One obvious thing that we could do for this type of message in particular would be to hold messages written in languages other than English. I'll do that as the next step, but also open to further suggestions.