Re: IMPORTANT: your message to html-tidy
On Mon, Sep 22, 2003 at 05:09:30PM -0500, david nicol wrote: | Shamless plug: sign up for totally spam-free forwarding address | at http://pay2send.com Ewww! *recoils in disgust* You don't pay to send, we make others pay to send to you. - if this system become widespread, then you surely /would/ have to pay to send to others. In terms of spam prevention, this has no advantages over TMDA that I can think of, but it seems like a bloody good way to piss off people sending you sending you unsolicited but nevertheless legitimate email[1]. Also, like TMDA and similar systems, it does nothing to help spam that comes from e.g. Debian mailing lists. Cameron. [1] Where the definition of legitimate email may vary from person to person.
Re: IMPORTANT: your message to html-tidy
On Wed, 2003-09-10 at 04:02, Craig Sanders wrote: sorry, a system that only works sometimes (or even most of the time) is a broken system. i prefer to know that my system's behaviour will be consistent and correct. Shamless plug: sign up for totally spam-free forwarding address at http://pay2send.com
Re: IMPORTANT: your message to html-tidy
On Mon, Sep 22, 2003 at 05:09:30PM -0500, david nicol wrote: On Wed, 2003-09-10 at 04:02, Craig Sanders wrote: sorry, a system that only works sometimes (or even most of the time) is a broken system. i prefer to know that my system's behaviour will be consistent and correct. Shamless plug: sign up for totally spam-free forwarding address at http://pay2send.com would this message be blocked? -- gram signature.asc Description: Digital signature
Re: IMPORTANT: your message to html-tidy
on Tue, Sep 09, 2003 at 11:07:39AM +1000, Craig Sanders ([EMAIL PROTECTED]) wrote: On Sun, Sep 07, 2003 at 11:09:57PM -0700, Steve Lamb wrote: On Mon, 8 Sep 2003 15:40:15 +1000 Matthew Palmer [EMAIL PROTECTED] wrote: On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: I'm coming to the view that we're approaching the era where all mail is going to have to be subject to filtering, at the MTA level. Depends on how useful you want your e-mail box to be. g It has been my experience that filtering at the MTA level has increased the usefulness of my mailbox considerably. aol me too /aol stats from last week's mail.log (from my home mail server which handles mail for about half a dozen people): 1 Bad HELO 10 RBL proxies.relays.monkeys.com 11 Recipient Domain Not Found 22 RBL relays.ordb.org 25 strict 7-bit headers 31 Relay access denied 32 RBL taiwan.blackholes.us 34 Sobig.F Virus 42 body checks 49 RBL spamdomains.blackholes.easynet.nl 56 header checks 61 RBL dnsbl.sorbs.net 182 IP Address in HELO 193 RBL brazil.blackholes.us 218 RBL blackholes.easynet.nl 271 Local access rule: Helo command rejected 342 RBL hongkong.blackholes.us 492 RBL dynablock.easynet.nl 924 RBL sbl.spamhaus.org 1080 Local address forgery 1099 Recipient address rejected 1133 Sender Domain Not Found 1771 RBL list.dsbl.org 1825 Dynamic IP Trespass 1902 RBL cn-kr.blackholes.us 2471 Local access rule: Client host rejected 3005 Need FQDN address 3581 Local access rule: Sender address rejected 4267 User unknown 25130 TOTAL Spamassassin stats: 382 spam 4093 clean 4475 TOTAL Percentages: spam:non-spam (25512/29605) 86.17% accepted spam (382/4475) 8.54% rejected spam (25130/25512) 98.50% i'm reasonably happy with that. 98.5% of all spam was rejected outright. only 382 spams (1.5%) made it through my postfix access lists, RBLs, etc to be tagged by spamassassin. I'd argue that differently. You've blocked a total of 6016 mails of 55,117 attempted deliveries, based on the IP address of the sending MTA's IP address. That's a broad rejection policy. As many people have noted, for pretty much _any_ given IP, your odds are good that most of the mail received from it is spam. It doesn't do much for the legit mail that comes through. Given that we now _do_ have good content/context based filters for assessing spam likelihood for a given mail item, blind use of RBLs should be discouraged. It's the same sort of thinking that's causing no end of trouble for people trying to communicate with AOL users: http://z.iwethey.org/forums/render/content/show?contentid=96264 http://yro.slashdot.org/yro/03/04/13/2215207.shtml?tid=120 I'd recommend alternative approaches -- using RBLs as weighted indicators, denying first-receipt of mail from such hosts (backing up their mail queues), these stats also demonstrate just how bad the spam problem has become. 86% of all attempts to deliver mail to my server were spam, ~25500 spams and ~4100 legit messages. No doubt. if i wasn't blocking spam at the MTA, then at least half of those spams would have ended up in MY personal mailbox (or, more likely, tagged by spamassassin and saved into my spam.incoming folder)about 13000 more spams than i currently receive. The difference between what I'm advocating and what you're doing: run SpamAssassin _at_ _SMTP_ _receipt_, not after accepting the message for delivery. Exim4 allows this readily. Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? Charming man, he said. I wish I had a daughter so I could forbid her to marry one ... -- HHGTG pgphCKMNqeC3H.pgp Description: PGP signature
RE: IMPORTANT: your message to html-tidy
Karsten M. Self kmself@ix.netcom.com wrote: [Using DNS RBLs to block spam is bad.] As many people have noted, for pretty much _any_ given IP, your odds are good that most of the mail received from it is spam. It doesn't do much for the legit mail that comes through. Given that we now _do_ have good content/context based filters for assessing spam likelihood for a given mail item, blind use of RBLs should be discouraged. It's the same sort of thinking that's causing no end of trouble for people trying to communicate with AOL users: http://z.iwethey.org/forums/render/content/show?contentid=96264 http://yro.slashdot.org/yro/03/04/13/2215207.shtml?tid=120 No, you can't make such a general statement that using content-based filters is better than using DNS RBLs. It wholly depends on the listing policy of the RBL, and in most cases, content-based filters will be the far worse option, because it only drives spammers to make their spam stick out from the general mail noise less and less! I.e. after prolonged, widespread use of content-based filters, spam won't be easily distinguishable from your normal mail traffic anymore from a machine's point of view. Maybe in 50 years, when machines will be able to (almost) fully understand the content of a mail message, this will be a good solution. But until then, I consider a well-designed DNS RBL like bl.spamcop.net to be far superior, even if it causes a few (0.02% for me, in the SpamCop case) false positives now and then (the SpamCop list even puts up with these by design). If configured correctly, false positives, like all positives, get bounced in the SMTP dialog, so the sender knows that the message wasn't delivered. The difference between what I'm advocating and what you're doing: run SpamAssassin _at_ _SMTP_ _receipt_, not after accepting the message for delivery. Exim4 allows this readily. Indeed. Bouncing in the SMTP dialog is by far preferrable to bouncing after accepting the message. In fact, the latter method is inacceptable in 95% of all cases (except for when the delivery failure could not have been determined at the time the message was accepted). And even in the remaining cases, it might be better to silently drop the message.
Re: IMPORTANT: your message to html-tidy
On Tue, 9 Sep 2003 07:49:36 +0100 It's the same sort of thinking that's causing no end of trouble for people trying to communicate with AOL users: http://z.iwethey.org/forums/render/content/show?contentid=96264 http://yro.slashdot.org/yro/03/04/13/2215207.shtml?tid=120 I've got an even better example if not as well publicized. When SoBig first hit my address was one that was being spoofed. I had tracked it to RoadRunner (rr.com). I forwarded them an example piece to tell the guy to cut it out. I was not yet aware of SoBig. Anyway they rejected at SMTP because I am in DSLExtreme's residential block. Fine, I'll call. I get the number for abuse from the whois database. I get a recording that tells me under no uncertain terms will they accept phone calls and I must email them directly. I call into the corporate headquarters and complain to a CCR. He tells me he cannot forward my call but is willing to walk over and talk to them directly if I provide him with the appropriate information. After fuming and learning what SoBig was I just let it drop. A friend asked if they had postmaster blocked as well. They did. I just found it mildly amusing that I, someone who's ran an SMTP server in residential space (with blessing from my ISP) for over two years now without a single complaint, was prevented from complaining about one of *THIER* residential customers who couldn't figure out he was spewing 100k attachments as fast as his little cable router could chug them out. End result: I blacklisted him at the firewall, had my secondary do the same. *shrug* The difference between what I'm advocating and what you're doing: run SpamAssassin _at_ _SMTP_ _receipt_, not after accepting the message for delivery. Exim4 allows this readily. Hell, it has two different methods of doing it. Exiscan-ACL and SA-Exim. Exiscan-ACL was just recently added to exim4-daemon-heavy so for all intents and purposes anyone running Exim4 on a dedicated host already has the capability for SA filtering at SMTP. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgpStrMQhHnri.pgp Description: PGP signature
Re: IMPORTANT: your message to html-tidy
On Tue, 9 Sep 2003 12:50:51 +0200 Julian Mehnle [EMAIL PROTECTED] wrote: No, you can't make such a general statement that using content-based filters is better than using DNS RBLs. It wholly depends on the listing policy of the RBL, and in most cases, content-based filters will be the far worse option, because it only drives spammers to make their spam stick out from the general mail noise less and less! I.e. after prolonged, widespread use of content-based filters, spam won't be easily distinguishable from your normal mail traffic anymore from a machine's point of view. I beg to differ. I do not see this happening any time soon. I've seen some ingenious ways for spam to get through SA's blocks but the Bayesian classifier has caught them. Like it or not unless the spam is somehow related to the normal topics of conversation that the individual regularly engages in and is from places he or she normally gets mail from the classifier is going to catch it. The most recent example are the spams now that have maybe 3-4 random words in them and have the actual ad in an attached or linked image. SA passes it since it hits maybe 2-3 of SA's markers. However the Bayesian classifier tags it at 95% or higher. IE, it is being caught by the BC, SA's default configuration doesn't give enough weight to the BC for that alone to cause it catch it. Finally there's the issue that SA is using the RBLs in the manner Karsten stated, as a weight to determine whether or not the mail is spam and not an absolute marker that it is or is not spam. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgp2yatj97kLY.pgp Description: PGP signature
Re: IMPORTANT: your message to html-tidy
On Sat, Sep 06, 2003 at 04:26:57PM -0700, Joshua Kwan wrote: On Sat, Sep 06, 2003 at 06:40:46PM -0400, W3C List Manager wrote: This is a response to a message apparently sent from your address to [EMAIL PROTECTED]: Subject: Re: Thank you! From:debian-devel@lists.debian.org Date:Sat, 6 Sep 2003 18:40:45 --0400 Your message has NOT been distributed to the list; before we distribute it, we need your permission to include your message in our Web archive of all messages distributed to this list. How ironic... C-R system at work :) This one's a bit different. It's only asking for permission to archive posts to the list - I guess W3C's just trying, as hard as possible, to avoid any possible legal problems. The best way for this would be that the e-mail sent goes immediately to the list, and lives in a holding pen for archiving. Future e-mails just get sent straight to the holding pen until OK'd for archival, without bothering the sender. That way, if you don't want your messages archived, you just ignore the first e-mail and continue on your way. Of course, if it's not done this way (eg you send a please OK to archive for each message) then sending a message to one of these lists, purporting to be from another similarly configured list, would cause quite a stir... g Still, if you don't want it put on the web, don't send it. *Especially* to a mailing list of (potentially) thousands of people. - Matt
Re: IMPORTANT: your message to html-tidy
on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer ([EMAIL PROTECTED]) wrote: On Sat, Sep 06, 2003 at 04:26:57PM -0700, Joshua Kwan wrote: On Sat, Sep 06, 2003 at 06:40:46PM -0400, W3C List Manager wrote: This is a response to a message apparently sent from your address to [EMAIL PROTECTED]: Subject: Re: Thank you! From:debian-devel@lists.debian.org Date:Sat, 6 Sep 2003 18:40:45 --0400 Your message has NOT been distributed to the list; before we distribute it, we need your permission to include your message in our Web archive of all messages distributed to this list. How ironic... C-R system at work :) This one's a bit different. It's only asking for permission to archive posts to the list - I guess W3C's just trying, as hard as possible, to avoid any possible legal problems. It's still an instance in which the autoresponse would not have been triggered had any half-decent AV/AS system been used to filter out spam and viruses. This was a response to the SoBig.F worm. I'm coming to the view that we're approaching the era where all mail is going to have to be subject to filtering, at the MTA level. Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? In his dream he was walking late at night along the East Side, beside the river which had become so extravagantly polluted that new lifeforms were now emerging from it spontaneously, demanding welfare and voting rights. -- HHGTG pgpA3Jo4khB6Y.pgp Description: PGP signature
Re: IMPORTANT: your message to html-tidy
On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer ([EMAIL PROTECTED]) wrote: [W3C's autoresponder] This one's a bit different. It's only asking for permission to archive posts to the list - I guess W3C's just trying, as hard as possible, to avoid any possible legal problems. It's still an instance in which the autoresponse would not have been triggered had any half-decent AV/AS system been used to filter out spam and viruses. This was a response to the SoBig.F worm. Sorry, I didn't make my position sufficiently clear. This system is as broken as every other Challenge-Response, in that it has the potential to annoy the shit out of a lot of people very easily, and become a nice anonymous harassing agent. I was just making the point that it isn't the same as a regular C-R system, in that the intent wasn't so much to say I want to make sure you're not a spammer and more I want to make sure you agree to your posts being publically archived - at the very least it's a little less offensive than normal (it's not saying You're a spammer - prove me wrong!). I'm coming to the view that we're approaching the era where all mail is going to have to be subject to filtering, at the MTA level. Depends on how useful you want your e-mail box to be. g - Matt
Re: IMPORTANT: your message to html-tidy
On Mon, 8 Sep 2003 15:40:15 +1000 Matthew Palmer [EMAIL PROTECTED] wrote: On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: I'm coming to the view that we're approaching the era where all mail is going to have to be subject to filtering, at the MTA level. Depends on how useful you want your e-mail box to be. g It has been my experience that filtering at the MTA level has increased the usefulness of my mailbox considerably. Something that C-R will never be able to claim. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgpLIChFdsqlH.pgp Description: PGP signature
Re: IMPORTANT: your message to html-tidy
on Mon, Sep 08, 2003 at 03:40:15PM +1000, Matthew Palmer ([EMAIL PROTECTED]) wrote: On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: on Mon, Sep 08, 2003 at 01:57:54PM +1000, Matthew Palmer ([EMAIL PROTECTED]) wrote: [W3C's autoresponder] This one's a bit different. It's only asking for permission to archive posts to the list - I guess W3C's just trying, as hard as possible, to avoid any possible legal problems. It's still an instance in which the autoresponse would not have been triggered had any half-decent AV/AS system been used to filter out spam and viruses. This was a response to the SoBig.F worm. Sorry, I didn't make my position sufficiently clear. This system is as broken as every other Challenge-Response, in that it has the potential to annoy the shit out of a lot of people very easily, and become a nice anonymous harassing agent. I was just making the point that it isn't the same as a regular C-R system, in that the intent wasn't so much to say I want to make sure you're not a spammer and more I want to make sure you agree to your posts being publically archived - at the very least it's a little less offensive than normal (it's not saying You're a spammer - prove me wrong!). Agreed. This is the difference between broken-by-configuration, and broken-by-design. I wasn't saying that the problem was identical to that of C-R, only that _any_ autoresponder should make reasonable efforts not to do Joe-Jobs. MTA behavior can be fixed (or at least greatly remedied) by filtering. C-R cannot as it assumes the solution to the problem is to offload the authentication on a third party, itself unverified, unknown, unauthenticated, and untrusted. Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? The truth behind the H-1B IT indentured servant scam: http://heather.cs.ucdavis.edu/itaa.real.html pgpWSd5psg75u.pgp Description: PGP signature
Re: IMPORTANT: your message to html-tidy
On Sun, Sep 07, 2003 at 11:09:57PM -0700, Steve Lamb wrote: On Mon, 8 Sep 2003 15:40:15 +1000 Matthew Palmer [EMAIL PROTECTED] wrote: On Mon, Sep 08, 2003 at 06:04:39AM +0100, Karsten M. Self wrote: I'm coming to the view that we're approaching the era where all mail is going to have to be subject to filtering, at the MTA level. Depends on how useful you want your e-mail box to be. g It has been my experience that filtering at the MTA level has increased the usefulness of my mailbox considerably. aol me too /aol stats from last week's mail.log (from my home mail server which handles mail for about half a dozen people): 1 Bad HELO 10 RBL proxies.relays.monkeys.com 11 Recipient Domain Not Found 22 RBL relays.ordb.org 25 strict 7-bit headers 31 Relay access denied 32 RBL taiwan.blackholes.us 34 Sobig.F Virus 42 body checks 49 RBL spamdomains.blackholes.easynet.nl 56 header checks 61 RBL dnsbl.sorbs.net 182 IP Address in HELO 193 RBL brazil.blackholes.us 218 RBL blackholes.easynet.nl 271 Local access rule: Helo command rejected 342 RBL hongkong.blackholes.us 492 RBL dynablock.easynet.nl 924 RBL sbl.spamhaus.org 1080 Local address forgery 1099 Recipient address rejected 1133 Sender Domain Not Found 1771 RBL list.dsbl.org 1825 Dynamic IP Trespass 1902 RBL cn-kr.blackholes.us 2471 Local access rule: Client host rejected 3005 Need FQDN address 3581 Local access rule: Sender address rejected 4267 User unknown 25130 TOTAL Spamassassin stats: 382 spam 4093 clean 4475 TOTAL Percentages: spam:non-spam (25512/29605) 86.17% accepted spam (382/4475) 8.54% rejected spam (25130/25512) 98.50% i'm reasonably happy with that. 98.5% of all spam was rejected outright. only 382 spams (1.5%) made it through my postfix access lists, RBLs, etc to be tagged by spamassassin. these stats also demonstrate just how bad the spam problem has become. 86% of all attempts to deliver mail to my server were spam, ~25500 spams and ~4100 legit messages. if i wasn't blocking spam at the MTA, then at least half of those spams would have ended up in MY personal mailbox (or, more likely, tagged by spamassassin and saved into my spam.incoming folder)about 13000 more spams than i currently receive. craig ps: i love postfix. it has the best anti-spam features of any MTA. pps: anyone who wants my simple spam-stats.pl script can get it from http://taz.net.au/postfix/scripts/
Re: IMPORTANT: your message to html-tidy
On Sat, Sep 06, 2003 at 06:40:46PM -0400, W3C List Manager wrote: This is a response to a message apparently sent from your address to [EMAIL PROTECTED]: Subject: Re: Thank you! From:debian-devel@lists.debian.org Date:Sat, 6 Sep 2003 18:40:45 --0400 Your message has NOT been distributed to the list; before we distribute it, we need your permission to include your message in our Web archive of all messages distributed to this list. How ironic... C-R system at work :) -- Joshua Kwan pgpYa4RsufjbC.pgp Description: PGP signature