From Newsgroup: news.admin.peering

Presently are nntp-related threads in the Windows & (free) newserver
related newsgroups, along with separate software-related threads in the Thunderbird & newsreader newsgroups, folks are discussing how the moderated newsgroup process really works from both the user and nntp server
perspective.

My summary below (likely wrong) is my attempt at describing for those teams
how the moderation process works, particularly in this specific case for
the two (free) news servers hosted by Jesse & Ivo respectively, although
this is no slight on them as we're simply using their servers as common testable examples of servers we are familiar with that we also trust.

Privacy is a key component of this question as privacy is pervasive
(e.g., privacy is why I wrote my own newsreader decades ago on Solaris).

One specific question we have is whether a user can "email" directly to a moderated newsgroup (when privacy is involved), so let's call that Q1,
while another question we have is if they can, how are the headers
structured (since they're different from normal smtp email headers) which
we'll call Q2 and yet another question we have is how does the moderation
flow work from user to moderator when a newsreader speaking only nntp is
used, which is Q3.

Summarized, with privacy in mind, may we ask the peering group:

Q1: Can users email a post to a moderated newsgroup with email privacy?
Q2: If using throwaway mail servers, what additional headers are required?
Q3: How does "typical" moderation work when the nntp header email is bogus?

Note that my attempt at answering some of those questions is below,
but it is just a paste of a recent post so it's not all the answers above.

Carlos E.R. wrote:

Like you, I have never subscribed to a moderated group, so I have never thought about it, in decades. I simply thought that the news protocol
would know about it and handle it "somehow".

Thanks for discussing this topic which it seems most of us haven't thought much about as we rarely post to moderated newsgroups, and, for the most
part, when we did, it just worked. So we didn't think much about 'how'.

I think, based on my tests, that the normal process is that the news server admin decides which moderated groups he wants to peer and then he figures
out how each moderated group wants to be notified, where, it seems, as John Gilliver noted, "in some cases there's a sort of central clearinghouse".

I think that address might be <name-of-ng>-moderated@moderators.isc.org
based on these tests with distinctly different results in that regard.

This news server apparently does not carry the moderated tax newsgroup.
But notice that it uses the "clearing house" above, plus some others.
Taskbar > Runbox > cmd

telnet news.blueworldhosting.com 119

200 nnrp.usenet.blueworldhosting.com InterNetNews NNRP server INN
2.8.0 (20250329 snapshot) ready (posting ok)
MODE READER
LIST ACTIVE misc.taxes
215 Newsgroups in form "group high low status"
misc.taxes 0000060117 0000000001 y
.
LIST ACTIVE misc.taxes.moderated
215 Newsgroups in form "group high low status"
.
LIST MODERATORS
215 Newsgroup moderators in form "group-pattern:submission-template"
aioe.*:%s-newsgroup@aioe.org
fido7.*:%s@fido7.org
ffm.*:%s@moderators.arcornews.de
fj.*:%s@moderators.fj-news.org
medlux.*:%s@news.medlux.ru
nl.*:%s@nl.news-admin.org
perl.*:news-moderator-%s@perl.org
relcom.*:%s@moderators.relcom.ru
si.*:%s@arnes.si
ukr.*:%s@sita.kiev.ua
*:%s@moderators.isc.org
.
QUIT

This news server apparently does carry the moderated tax related newsgroup.
And notice that it also uses the "clearing house" above, plus some others.
Taskbar > Runbox > cmd

telnet paganini.bofh.team 119

200 paganini.bofh.team InterNetNews NNRP server INN 2.6.4 ready
(posting ok)
MODE READER
LIST ACTIVE misc.taxes
215 Newsgroups in form "group high low status"
misc.taxes 0000060041 0000059279 y
.
LIST ACTIVE misc.taxes.moderated
215 Newsgroups in form "group high low status"
misc.taxes.moderated 0000061574 0000002149 m
.
LIST MODERATORS
215 Newsgroup moderators in form "group-pattern:submission-template"
fido7.*:%s@fido7.ru
ffm.*:%s@moderators.arcornews.de
fj.*:%s@moderators.fj-news.org
medlux.*:%s@news.medlux.ru
nl.*:%s@nl.news-admin.org
perl.*:news-moderator-%s@perl.org
relcom.*:%s@moderators.relcom.ru
si.*:%s@arnes.si
ukr.*:%s@sita.kiev.ua
*:%s@moderators.isc.org
.
QUIT

Note that sending the article to the first server failed, but sending it to the second server seems to have not failed, but it still needs acceptance.

I had no idea of this process as I've never set up a news server myself.
Frank might be able to impart some insight as he was an admin in the past.
--
Usenet allows old friends to discuss unique topics of mutual interest.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

On 31.01.2026 12:51 Uhr Maria Sophia wrote:

My summary below (likely wrong) is my attempt at describing for those
teams how the moderation process works, particularly in this specific
case for the two (free) news servers hosted by Jesse & Ivo
respectively, although this is no slight on them as we're simply
using their servers as common testable examples of servers we are
familiar with that we also trust.

Currently (I dunno if that was handled different in the 80s/90s), the
servers replace the dots with dashed and add @moderators.isc.org (or moderators.uu.net, as this existed first) to it, add relevant SMTP
headers and send it out.

Privacy is a key component of this question as privacy is pervasive
(e.g., privacy is why I wrote my own newsreader decades ago on
Solaris).

One specific question we have is whether a user can "email" directly
to a moderated newsgroup (when privacy is involved), so let's call
that Q1, while another question we have is if they can, how are the
headers structured (since they're different from normal smtp email
headers) which we'll call Q2 and yet another question we have is how
does the moderation flow work from user to moderator when a
newsreader speaking only nntp is used, which is Q3.

Summarized, with privacy in mind, may we ask the peering group:

Q1: Can users email a post to a moderated newsgroup with email
privacy? Q2: If using throwaway mail servers, what additional headers
are required? Q3: How does "typical" moderation work when the nntp
header email is bogus?

Yes, people can directly mail that address if you really want. The
moderators then approve it (or not) and post it, some use a software
that handles this automatically, this is called webstump.

You can test with misc.test.moderated, as this is a moderated test
group with a software that replies back to you and posts your message
to the group.

I now sent an email directly to the moderation address, I got back the
robomod reply, but the message does not yet appear on the group.

I think, based on my tests, that the normal process is that the news
server admin decides which moderated groups he wants to peer and then
he figures out how each moderated group wants to be notified, where,
it seems, as John Gilliver noted, "in some cases there's a sort of
central clearinghouse".

Most nntp server operators carry all groups of certain hierarchies,
although more precise selections are possible, like for unmoderated
groups.

The server admins don't need to case about the addresses. The software
replaces dots with dashed and adds @moderators.isc.org, then the mail
goes out to the machines in the MX record (now called moderation
relays).

Those moderation relays have a current list of the moderator's
addresses that is being managed and distributed by ISC.

If an address changes, ISC will be notified and they send out an
updated list.

Note that sending the article to the first server failed, but sending
it to the second server seems to have not failed, but it still needs acceptance.

There is a chance that either the mod silently rejected your message,
it never reached the mod due to technical faults (or spam filters) or
the mod didn't read it. As the sender will be rewritten to a domain of
the NNTP server in most cases, you will not receive the bounces.

Use misc.test.moderated to test - you should receive an email back and
your message should be posted on the group too.
--
kind regards
Marco

Send spam to 1769860291muell@stinkedores.dorfdsl.de

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Maria Sophia <pusvul@getTjewytR4so+mqe2.invalid> wrote:

Summarized, with privacy in mind, may we ask the peering group:

Q1: Can users email a post to a moderated newsgroup with email privacy?

You MUST NOT use an invalid email address on From. MUST NOT. With email,
you are obligated to receive error messages, so at least ENVELOPE FROM
must be a mailbox you read even if From isn't.

Why do you believe, if you write your own client, that standards do not
apply to you and you don't have to learn what they are in the first
place?

Why do you waste everybody's time asking questions to solve problems
that simply do not exist in the first place? In moderated Usenet, the newsreader hands off the proto article to the News server like
unmoderated Usenet. The servers sends the proto article to the
submission address, something the newsreader does not keep track of and
has never had a need to in all these decades.

There is no problem for you to solve. Furthermore, you didn't send an
email message so you don't need to receive an error message, if any.

Where do you falsely believe your privacy got violated?

Q2: If using throwaway mail servers, what additional headers are required?

I'm not going to guess. It's the moderator's gateway back to Usenet,
after approving the proto article, that injects the article and adds originating NNTP headers.

It's not a Usenet article till that happens. Don't preload NNTP headers.
Never do that. Just don't. How do you not understand this?

Everything about you screams that you want to preload Path and Injection headers which you MUST NOT do. These are not headers added by the
client, not ever. They are added at injection.

In moderated Usenet, the only one authorized to inject is... the
moderator.

Q3: How does "typical" moderation work when the nntp header email is bogus?

If the News server submits the proto article to the submission address,
the user's address on From may be invalid. The News server, not having
injected the proto article, adds no NNTP headers. If the user submits
the article as an email message to the submission address, then the
address on From must be valid and the user must be able to receive error messages. Again, NNTP headers MUST NOT be preloaded.

If the moderator receives a submission with preloaded NNTP headers,
he should say to himself, Who the hell is this Usenet abuser preloading
headers trying to bypass moderation? The proto article should be rejected
with extreme prejudice and the user reported to every News site on which
he has an account for AUP violation and TOSsed.

Don't preload NNTP headers. Just don't. Stop asking how you can get away
with it.

. . .

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Adam H. Kerman wrote:

It's not a Usenet article till that happens. Don't preload NNTP headers. Never do that. Just don't. How do you not understand this?

If you mail your article to the moderator, you should add the same headers
you would add if you'd post the article to a moderated group, i.e. at
least a Newsgroups: header. There's nothing wrong with that.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Thomas Hochstein wrote:

Adam H. Kerman wrote:

It's not a Usenet article till that happens. Don't preload NNTP headers.
Never do that. Just don't. How do you not understand this?

If you mail your article to the moderator, you should add the same headers you would add if you'd post the article to a moderated group, i.e. at
least a Newsgroups: header. There's nothing wrong with that.

Thanks for that information, and I thank Marco Moock for all his help, particularly in how the isc email address is munged to fit smtp format.

If I may, I'd like to propose the following process as a preliminary
attempt at describing what happens when we post to a moderated newsgroup.

Since I wrote my own newsreader, I can add the necessary email branch that Thomas Hochstein kindly explained is appropriate, only if I understand it.

Please pick this apart if there are technical flaws in this writeup!

1. We post our article from our newsreader to our NNTP server. The
server receives it using the NNTP POST command. The server checks
the group flags and sees that misc.test.moderated is moderated, so
it does not inject the article directly into the group.

2. Our NNTP server forwards the post to the moderator. The server sends
the submission as email to the moderator's address for that group.
The address is normally formed by replacing periods with hyphens and
appending @moderators.isc.org. Note that a bogus or nonworking
"From" address is common on Usenet and is normally acceptable.
The domain can be real but the address is designed to not be real.

3. The moderator reviews the submission. They read the post in their
moderation queue and check that it is on topic, that it follows the
group's rules, and that it is not spam or abusive. A real email
address is usually not required. A bogus address only matters if the
moderator needs to contact us or if the group has rules requiring
real identities.

4. If the moderator approves the post, they reinject it into Usenet.
The moderator or their software adds an Approved header during this
reinjection, for example...
Approved: moderator@example.org
This header tells Usenet servers that the article is authorized for
the moderated group. The moderator's system posts from a trusted
host or authenticated account, so servers accept the Approved
article.

5. Usenet servers distribute the approved article. Because it contains
a valid Approved header and comes from a trusted injection point,
servers propagate it normally. Our original From header, even if it
is bogus, is usually preserved unless the moderator changes it.

For a direct email... as far as I can tell... (which may be wrong)...

1. We compose our article in our MUA. Instead of posting through NNTP,
we prepare to send it as email directly to the moderator or to the
ISC moderation relay. This method is allowed for moderated groups as
long as we supply the correct Usenet headers.

2. We set the To address to the group's submission address. For Big-8
groups the standard form is the group name with periods changed to
hyphens, plus @moderators.isc.org. Example:
misc.test.moderated -> misc-test-moderated@moderators.isc.org

3. We include all required Usenet headers in the email body. These
headers must appear exactly as they would in a normal Usenet post.
At minimum we include:
From:
Newsgroups:
Subject:
Date:
Message-ID:
References: (optional)
Organization: (optional)
User-Agent: (optional)
We do not include a spoofed Approved header.
That is frowned upon as it is added only by the moderator.

4. We place a blank line after the headers. After that blank line we
write the body of our article. The email now contains a complete
Usenet article wrapped inside an email envelope.

5. We send the email. Our MUA hands it to our SMTP server, which
delivers it to the ISC moderation relay or directly to the
moderator, depending on the address we used.

6. The moderator receives our submission in their moderation queue. The
moderator checks that the article is on topic, follows the group's
rules, and is not spam or abusive. A bogus From address is normally
acceptable unless the moderator needs to contact us.

7. If the moderator approves the article, they reinject it into Usenet.
Their system adds an Approved header and posts the article from a
trusted host. Example:
Approved: moderator@example.org

8. Usenet servers accept the Approved article and propagate it normally
across the network. Our original From header is usually preserved
unless the moderator edits it.

9. Our NNTP server eventually receives the approved article from its
peers. It appears in the moderated group as if we had posted it
through NNTP, even though we submitted it by email.
--
Had I known how it works, I would have written up a tutorial instead since
I'm a rare breed of person who delights in edifying everyone around me.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Thomas Hochstein <thh@thh.name> wrote:

Adam H. Kerman wrote:

It's not a Usenet article till that happens. Don't preload NNTP headers. >>Never do that. Just don't. How do you not understand this?

If you mail your article to the moderator, you should add the same headers >you would add if you'd post the article to a moderated group, i.e. at
least a Newsgroups: header. There's nothing wrong with that.

I don't see a technical reason for that unless there is crossposting. If
not crossposted, surely the gateway would do it. But yes, Newsgroups is
a header that MUST be added by the newsreader, so there's nothing wrong
with adding it in the email client when mailed to the submission
address.

"Maria Sophia" appeared to be talking about Path and Injection headers
that are expected to be added by the News server at injection.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Maria Sophia <pusvul@getTjewytR4so+mqe2.invalid> wrote:

. . .

Please pick this apart if there are technical flaws in this writeup!

2. Our NNTP server forwards the post to the moderator. The server sends
the submission as email to the moderator's address for that group.

"proto article"

The address is normally formed by replacing periods with hyphens and
appending @moderators.isc.org.

No. That's what the moderators file is for, which is used by the server
and not the newsreader. As I told you elsewhere, they maintain a central moderators file for Big 8, alt, and a few other hierarchies. Several
language and larger regional hierarchies maintain their own.

Tbere are plenty of reasons not to do this at the newsreader level. This
is one of the more important reasons, but it starts out by getting your
head straight around the fact that there is no problem to solve by
writing a newsreader that would mail the proto article to the submission address instead of sending it to the usual News server for further
handling.

Note that a bogus or nonworking
"From" address is common on Usenet and is normally acceptable.

"Invalid"

The domain can be real but the address is designed to not be real.

The hell the domain of an invalid address can be someone else's that
you have no permission to use. Don't use anything that appears to be a
domain as you have no control over whether it may be used in future. Don't
use "example.com" nor "example.org", whose use is limited to technical documentation and not for use on From. If the address is invalid, then
use a top-level domain of .invalid.

If you have permission to use a domain, then any address is "real" with
respect to use in Usenet, but not email, regardless of whether there is
an associated inbox or whether a user reads messages in its inbox.

3. The moderator reviews the submission. They read the post in their
moderation queue and check that it is on topic, that it follows the
group's rules, and that it is not spam or abusive. A real email
address is usually not required. A bogus address only matters if the
moderator needs to contact us or if the group has rules requiring
real identities.

Use "invalid", not "bogus"

4. If the moderator approves the post, they reinject it into Usenet.

It's not being re-injected for it hadn't been injected earlier.

The moderator or their software adds an Approved header during this
reinjection, for example...
Approved: moderator@example.org
This header tells Usenet servers that the article is authorized for
the moderated group. The moderator's system posts from a trusted
host or authenticated account, so servers accept the Approved
article.

Sigh

It doesn't tell the server that the article was approved by the moderator.
It simply meets syntax that an Approved header is required. The article
with Approved header was received from a peer, not a user.

skirv used to run PGPMoose to mitigate against abuse with unapproved use
of Approved headers. I don't think he does that any longer.

We also have moderated newsgroups in which self approval is required and
the header is added by the user in the newsreader.

5. Usenet servers distribute the approved article. Because it contains
a valid Approved header and comes from a trusted injection point,
servers propagate it normally.

Unless peering directly with the moderator's server, how would they
know? If there's large scale abuse taking place, someone might analyze
headers to see what may be accepted or to issue NoCeMs, but normally,
the moderator is expected to watch the group for one-off forged approvals
and issue cancel messages accordingly.

Our original From header, even if it
is bogus, is usually preserved unless the moderator changes it.

Wrong.

From MUST NOT be changed by the moderator. The moderator is limited to
accept or reject.

For a direct email... as far as I can tell... (which may be wrong)...

1. We compose our article in our MUA. Instead of posting through NNTP,
we prepare to send it as email directly to the moderator or to the
ISC moderation relay. This method is allowed for moderated groups as
long as we supply the correct Usenet headers.

There is one and only one Usenet header to provide: Newsgroups. Headers
are otherwise those required for a Mail message.

3. We include all required Usenet headers in the email body.

No. The headers are in the headers block.

These

headers must appear exactly as they would in a normal Usenet post.
At minimum we include:
From:
Newsgroups:
Subject:
Date:
Message-ID:
References: (optional)

Are you going to do this manually? A few newer email clients
may know how to create one useful for threading. Older email clients
wouldn't add one.

You're getting it wrong anyway. References is part of the syntax for a
followup article but MUST NOT be present in a root article,

Organization: (optional)
User-Agent: (optional)
We do not include a spoofed Approved header.

Forged, not spoofed. Spoofed has a specific meaning on Usenet. If an
Approved header is present in the proto article, that's abuse.

That is frowned upon as it is added only by the moderator.

Wrong. It's abuse.

4. We place a blank line after the headers. After that blank line we
write the body of our article. The email now contains a complete
Usenet article wrapped inside an email envelope.

It's not complete. It's a proto article till injected. The sentence
seemingly implying SMTP ENVELOPE doesn't belong here. Why state hints of
syntax at all? You are expected to send a standard email message.

Much of what follows is redundant.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Adam H. Kerman wrote:

"Maria Sophia" appeared to be talking about Path and Injection headers
that are expected to be added by the News server at injection.

Hi Adam H. Kerman,

I very much appreciate your technical help, but I disavow your accusations. There's a tenet in logic called "Occam's Razor" which I suggest you learn.

It requires TWO things, neither of which fits the errant assumption above.
1. The statement must take into account all known data points, and,
2. The simplest logical assessment taking them into account likely fits.

Never in my life, nor in my history of posting to Usenet, have I said I
wish to change those two headers, so your guess instantly violates tenet 1.

In over two decades of posting to Usenet using my own newsreader, which
started in my SunOS/Solaris days when newsreader GUIs were primitive, I've
only discussed the PATH header once, and that was with Frank Slootweg who incorrectly argued that all the headers NOT INJECTED by the news server
could be written by my own home-grown personal newsreader that I wrote.

We both concluded, at that time, that the PATH header "could" be modified,
but only to the extent that it wasn't injected by the nntp news server.

That was a theoretical discussion, probably, oh, five or more years ago.
So it's unlikely this Adam H. Kerman fellow is even aware of that.

Since I've NEVER even once discussed Injection headers, again, I must emphatically assume this Adam H. Kerman fellow is impugning my motives out
of his own psychological fears/wants/desires, as I also noticed this Adam
H. Kerman fellow, while knowledgeable for sure, composes entire rants with tirades against anyone who wishes to maintain their own right of privacy.

having said that bluntly, so as to put as stop to Adam's wildly
inappropriate assumptions based on his own psychological needs, I will
THANK Adam and others for the expert advice on how moderation works.

When you don't write your own newsreader, most of this doesn't matter.
When you do write your own newsreader, it still won't matter.

It's only when you wish to compose emails from your own newsreader that it matters, and for the technical answers from Marco & Thomas &Adam, I think I
now know what I'd need to add to identify a moderated newsgroup in the
telnet session and then to switch from telnet to smtp to send the post.

Much appreciated all the kind help, as the goal is simply to understand the process well enough to be able to write my own newsreader to perform it.
--
On Usenet, if you ask questions that nobody else has ever asked before,
people who psychologically enjoy conspiracy theories invent accusations.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Maria Sophia <pusvul@getTjewytR4so+mqe2.invalid> wrote:

Adam H. Kerman wrote:

"Maria Sophia" appeared to be talking about Path and Injection headers
that are expected to be added by the News server at injection.

I very much appreciate your technical help, but I disavow your accusations.

Thomas Hochstein, whom you failed to quote even though it's required
for context, corrected me that you were thinking of adding the Newsgroups header, singular, to the email message you would send to the submission
address of a moderated newsgroup.

That's one Usenet header, singular. The other headers, while common to
both News and Mail, are email headers for the purpose of sending that
message.

You keep referring to "headers", plural. Since you are doing, uh,
unusual things in trying to solve problems that you believe exist but
were solved long ago, I made the assumption that you intended to preload headers that the News server adds at injection.

You've done certain things that come off as "Teach me to be a better
technical troll." That's the impression I've had of you throughout parts
of the discussion.

I admit that I could be completely off base on this. It matters not if
you forgive me for getting you so completely wrong.

All the largely off-topic crossposting to groups and changing groups and
your unusual privacy concerns also raised hackles.

. . .

having said that bluntly, so as to put as stop to Adam's wildly
inappropriate assumptions based on his own psychological needs, I will
THANK Adam and others for the expert advice on how moderation works.

Hehehehe

I may need to put that in a sigfile.

. . .

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Maria Sophia wrote:

1. We post our article from our newsreader to our NNTP server. The
server receives it using the NNTP POST command. The server checks
the group flags and sees that misc.test.moderated is moderated, so
it does not inject the article directly into the group.

2. Our NNTP server forwards the post to the moderator. The server sends
the submission as email to the moderator's address for that group.
The address is normally formed by replacing periods with hyphens and
appending @moderators.isc.org. Note that a bogus or nonworking
"From" address is common on Usenet and is normally acceptable.
The domain can be real but the address is designed to not be real.

3. The moderator reviews the submission. They read the post in their
moderation queue and check that it is on topic, that it follows the
group's rules, and that it is not spam or abusive. A real email
address is usually not required.

That's up to the moderator's policy, but yes, there's no technical need to
have a "real" mail address.

A bogus address only matters if the
moderator needs to contact us or if the group has rules requiring
real identities.

4. If the moderator approves the post, they reinject it into Usenet.
The moderator or their software adds an Approved header during this
reinjection, for example...
Approved: moderator@example.org
This header tells Usenet servers that the article is authorized for
the moderated group. The moderator's system posts from a trusted
host or authenticated account, so servers accept the Approved
article.

Yes. In principle anyone can add an Approved: header, but due to abuse,
most servers today only allow known moderators to add that header.

5. Usenet servers distribute the approved article. Because it contains
a valid Approved header and comes from a trusted injection point,
servers propagate it normally.

Yes, but they mostly just propagate it as it has an Approved: header.
Usenet mostly has no concept of a trusted injection point.

Our original From header, even if it
is bogus, is usually preserved unless the moderator changes it.

AFAIS all the above is correct (as far at it is relevant).

For a direct email... as far as I can tell... (which may be wrong)...

1. We compose our article in our MUA. Instead of posting through NNTP,
we prepare to send it as email directly to the moderator or to the
ISC moderation relay. This method is allowed for moderated groups as
long as we supply the correct Usenet headers.

2. We set the To address to the group's submission address. For Big-8
groups the standard form is the group name with periods changed to
hyphens, plus @moderators.isc.org. Example:
misc.test.moderated -> misc-test-moderated@moderators.isc.org

Yes.

3. We include all required Usenet headers in the email body.

No. Those headers must appear in the header, together with the mail
headers. As a mail and a Usenet article mostly have identical headers,
there's not much to do.

Moderation software - or the moderator - will drop "mail-only" headers and preserve the rest.

It's probably not strictly necessary to add a Newsgroups: header as long
as you want your article to appear only in that moderated group. You'll
need one if you want to post to more than one group, though.

These
headers must appear exactly as they would in a normal Usenet post.
At minimum we include:
From:
Newsgroups:
Subject:
Date:
Message-ID:
References: (optional)
Organization: (optional)
User-Agent: (optional)

All headers except Newsgroups: should be present in the mail anyway (you
can compose it as a mail reply to a post, so you just have to change the recipient address (To:) to the moderation address and perhaps add a
Newsgroups: header (to the headers).

(I'm not sure why you'd want to send mail instead of posting to the
moderated group - as long as you are participate in other, unmoderated - groups.)

4. We place a blank line after the headers. After that blank line we
write the body of our article. The email now contains a complete
Usenet article wrapped inside an email envelope.

No, that's not the way to do it.

The mail should be a complete Usenet article in itself, with some
mail-specific headers the moderator will drop.

--------------------------------------------------------------------------------

As I've been testing modration software this weekend, let's just look at
an example.

1)
You post to misc.test.moderated. Your proto article - the thing your
newsreader sends to the server - may l%ok like that:

| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 20:00:28 +0100
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| User-Agent: ForteAgent/8.00.32.1272
|
| Test.

2)
If you post that to an unmoderated group, the server will add some headers
and inject it into Usenet. As misc.test.moderated is a moderated group, it
will be sent as a mail to the moderator and may look like that when it
arrives:

[snip more Received: headers]
| Received: from relay1.zedat.fu-berlin.de ([130.133.4.67])
| by outpost.zedat.fu-berlin.de (Exim 4.99)
| for misc-test-moderated@moderators.isc.org with esmtps (TLS1.3)
| tls TLS_AES_256_GCM_SHA384
| (envelope-from <news@ancalagon.de>)
| id 1vmHoY-00000003Wh2-2hnO; Sun, 01 Feb 2026 20:00:30 +0100
| Received: from thangorodrim.ancalagon.de ([1.2.3.4])
| by relay1.zedat.fu-berlin.de (Exim 4.99)
| for misc-test-moderated@moderators.isc.org with esmtps (TLS1.3)
| tls TLS_AES_256_GCM_SHA384
| (envelope-from <news@ancalagon.de>)
| id 1vmHoY-00000002ZzN-2OtA; Sun, 01 Feb 2026 20:00:30 +0100
| Received: from news by thangorodrim.ancalagon.de with local (Exim 4.89)
| (envelope-from <news@ancalagon.de>)
| id 1vmHoW-0000sA-7t
| for misc-test-moderated@moderators.isc.org; Sun, 01 Feb 2026 20:00:28 +0100
| To: misc-test-moderated@moderators.dana.de
| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 20:00:28 +0100
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| User-Agent: ForteAgent/8.00.32.1272
[snip some other mail headers]
|
| Test.

Ignoring Received: headers, there is just one header added:
| To: misc-test-moderated@moderators.dana.de

That transforms a posting into a valid mail (with a Newsgroups: header
that is not defined for mail, but does not hurt, either).

If you want to send a mail, you just have to add a Newsgroups: header to
that mail.

The moderator will drop the Received: headers (and all the other things
that are added in transfer) and the To: header. Now the former mail is a
Usenet posting again. He'll add "Approved:" and a perhaps a Path: and post
it. The post may then look like this:

| Path: thangorodrim.ancalagon.de!news.szaf.org!.POSTED!not-for-mail
| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 21:06:00 +0100
| Approved: moderator-of-misc-test-moderated@host.example
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Injection-Date: Sun, 01 Feb 2026 20:06:00 +0100 -0000 (UTC)
| Injection-Info: news.szaf.org; logging-data="123456"; mail-complaints-to="abuse@szaf.org"
| User-Agent: ForteAgent/8.00.32.1272
| X-Huhu-Submission-Date: Sun, 01 Feb 2026 20:00:30 +0100

--------------------------------------------------------------------------------

Had I known how it works, I would have written up a tutorial instead since I'm a rare breed of person who delights in edifying everyone around me.

The Big8 Management Board has published a FAQ about moderated groups with
links to other sources. See
<https://www.big-8.org/wiki/Moderated_Newsgroups>.

I hope that helps a bit.

Best regards,
-thh
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Maria Sophia wrote:

1. We post our article from our newsreader to our NNTP server. The
server receives it using the NNTP POST command. The server checks
the group flags and sees that misc.test.moderated is moderated, so
it does not inject the article directly into the group.

2. Our NNTP server forwards the post to the moderator. The server sends
the submission as email to the moderator's address for that group.
The address is normally formed by replacing periods with hyphens and
appending @moderators.isc.org. Note that a bogus or nonworking
"From" address is common on Usenet and is normally acceptable.
The domain can be real but the address is designed to not be real.

3. The moderator reviews the submission. They read the post in their
moderation queue and check that it is on topic, that it follows the
group's rules, and that it is not spam or abusive. A real email
address is usually not required.

That's up to the moderator's policy, but yes, there's no technical need to
have a "real" mail address.

A bogus address only matters if the
moderator needs to contact us or if the group has rules requiring
real identities.

4. If the moderator approves the post, they reinject it into Usenet.
The moderator or their software adds an Approved header during this
reinjection, for example...
Approved: moderator@example.org
This header tells Usenet servers that the article is authorized for
the moderated group. The moderator's system posts from a trusted
host or authenticated account, so servers accept the Approved
article.

Yes. In principle anyone can add an Approved: header, but due to abuse,
most servers today only allow known moderators to add that header.

5. Usenet servers distribute the approved article. Because it contains
a valid Approved header and comes from a trusted injection point,
servers propagate it normally.

Yes, but they mostly just propagate it as it has an Approved: header.
Usenet mostly has no concept of a trusted injection point.

Our original From header, even if it
is bogus, is usually preserved unless the moderator changes it.

AFAIS all the above is correct (as far at it is relevant).

For a direct email... as far as I can tell... (which may be wrong)...

1. We compose our article in our MUA. Instead of posting through NNTP,
we prepare to send it as email directly to the moderator or to the
ISC moderation relay. This method is allowed for moderated groups as
long as we supply the correct Usenet headers.

2. We set the To address to the group's submission address. For Big-8
groups the standard form is the group name with periods changed to
hyphens, plus @moderators.isc.org. Example:
misc.test.moderated -> misc-test-moderated@moderators.isc.org

Yes.

3. We include all required Usenet headers in the email body.

No. Those headers must appear in the header, together with the mail
headers. As a mail and a Usenet article mostly have identical headers,
there's not much to do.

Moderation software - or the moderator - will drop "mail-only" headers and preserve the rest.

It's probably not strictly necessary to add a Newsgroups: header as long
as you want your article to appear only in that moderated group. You'll
need one if you want to post to more than one group, though.

These
headers must appear exactly as they would in a normal Usenet post.
At minimum we include:
From:
Newsgroups:
Subject:
Date:
Message-ID:
References: (optional)
Organization: (optional)
User-Agent: (optional)

All headers except Newsgroups: should be present in the mail anyway (you
can compose it as a mail reply to a post, so you just have to change the recipient address (To:) to the moderation address and perhaps add a
Newsgroups: header (to the headers).

(I'm not sure why you'd want to send mail instead of posting to the
moderated group - as long as you are participate in other, unmoderated - groups.)

4. We place a blank line after the headers. After that blank line we
write the body of our article. The email now contains a complete
Usenet article wrapped inside an email envelope.

No, that's not the way to do it.

The mail should be a complete Usenet article in itself, with some
mail-specific headers the moderator will drop.

--------------------------------------------------------------------------------

As I've been testing modration software this weekend, let's just look at
an example.

1)
You post to misc.test.moderated. Your proto article - the thing your
newsreader sends to the server - may l%ok like that:

| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 20:00:28 +0100
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| User-Agent: ForteAgent/8.00.32.1272
|
| Test.

2)
If you post that to an unmoderated group, the server will add some headers
and inject it into Usenet. As misc.test.moderated is a moderated group, it
will be sent as a mail to the moderator and may look like that when it
arrives:

[snip more Received: headers]
| Received: from relay1.zedat.fu-berlin.de ([130.133.4.67])
| by outpost.zedat.fu-berlin.de (Exim 4.99)
| for misc-test-moderated@moderators.isc.org with esmtps (TLS1.3)
| tls TLS_AES_256_GCM_SHA384
| (envelope-from <news@ancalagon.de>)
| id 1vmHoY-00000003Wh2-2hnO; Sun, 01 Feb 2026 20:00:30 +0100
| Received: from thangorodrim.ancalagon.de ([1.2.3.4])
| by relay1.zedat.fu-berlin.de (Exim 4.99)
| for misc-test-moderated@moderators.isc.org with esmtps (TLS1.3)
| tls TLS_AES_256_GCM_SHA384
| (envelope-from <news@ancalagon.de>)
| id 1vmHoY-00000002ZzN-2OtA; Sun, 01 Feb 2026 20:00:30 +0100
| Received: from news by thangorodrim.ancalagon.de with local (Exim 4.89)
| (envelope-from <news@ancalagon.de>)
| id 1vmHoW-0000sA-7t
| for misc-test-moderated@moderators.isc.org; Sun, 01 Feb 2026 20:00:28 +0100
| To: misc-test-moderated@moderators.isc.org
| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 20:00:28 +0100
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| User-Agent: ForteAgent/8.00.32.1272
[snip some other mail headers]
|
| Test.

Ignoring Received: headers, there is just one header added:
| To: misc-test-moderated@moderators.dana.de

That transforms a posting into a valid mail (with a Newsgroups: header
that is not defined for mail, but does not hurt, either).

If you want to send a mail, you just have to add a Newsgroups: header to
that mail.

3)
The moderator will drop the Received: headers (and all the other things
that are added in transfer) and the To: header. Now the former mail is a
Usenet posting again. He'll add "Approved:" and a perhaps a Path: and post
it. The post may then look like this:

| Path: thangorodrim.ancalagon.de!news.szaf.org!.POSTED!not-for-mail
| From: Thomas Hochstein <thh@thh.name>
| Newsgroups: misc.test.moderated
| Subject: test ignore
| Date: Sun, 01 Feb 2026 21:06:00 +0100
| Approved: moderator@example.org
| Message-ID: <e9ksnkp1c8menvhq4un5fubtukgmo3d1ih@your.host.example>
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Injection-Date: Sun, 01 Feb 2026 20:06:00 +0100 -0000 (UTC)
| Injection-Info: news.szaf.org; logging-data="123456"; mail-complaints-to="abuse@szaf.org"
| User-Agent: ForteAgent/8.00.32.1272
| X-Huhu-Submission-Date: Sun, 01 Feb 2026 20:00:30 +0100

--------------------------------------------------------------------------------

Had I known how it works, I would have written up a tutorial instead since I'm a rare breed of person who delights in edifying everyone around me.

The Big8 Management Board has published a FAQ about moderated groups with
links to other sources. See
<https://www.big-8.org/wiki/Moderated_Newsgroups>.

I hope that helps a bit.

Best regards,
-thh
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: news.admin.peering

Hi Maria Sophia,

If I may, I'd like to propose the following process as a preliminary
attempt at describing what happens when we post to a moderated newsgroup.

FWIW, you may have a look at RFC 5537
https://www.rfc-editor.org/rfc/rfc5537.html

Especially:

3.5.1. Forwarding Messages to a Moderator
3.9. Duties of a Moderator

Search for "moderat" in the RFC to see where it speaks about moderation.

1. We post our article from our newsreader to our NNTP server. The
-a server receives it using the NNTP POST command. The server checks
-a the group flags and sees that misc.test.moderated is moderated, so
-a it does not inject the article directly into the group.

The news server also checks that the article does not contain an
Approved header field.

2. Our NNTP server forwards the post to the moderator. The server sends
-a the submission as email to the moderator's address for that group.
-a The address is normally formed by replacing periods with hyphens and
-a appending @moderators.isc.org.

Unless there is a better specific address configured in the news server.

4. If the moderator approves the post, they reinject it into Usenet.
-a The moderator or their software adds an Approved header during this
-a reinjection, for example... -a-a-a-a Approved: moderator@example.org
-a This header tells Usenet servers that the article is authorized for
-a the moderated group. The moderator's system posts from a trusted
-a host or authenticated account, so servers accept the Approved
-a article.

Another good practice would be to sign the article, for instance with pgpmoose:
https://wiki.killfile.org/projects/usenet/pgpmoose/

5. Usenet servers distribute the approved article. Because it contains
-a a valid Approved header and comes from a trusted injection point,
-a servers propagate it normally.

I don't think the "trusted injection point" part is actually required to propagate articles "normally". Most news servers will only check the
presence of the Approved header field and won't be looking at a list of trusted injection points.
--
Julien |eLIE

-2-aAvez-vous remarqu|- qu'|a table les mets que l'on vous sert vous mettent
les mots |a la bouche-a?-a-+ (Raymond Devos)

--- Synchronet 3.21b-Linux NewsLink 1.2