Re: in case you missed this from ponik

[Richard Cobbe]

Lo, on Wednesday, June 5, Jeronimo Pellegrini did write:

> > > To me, the best solution to this would be to customize the tagline on
> > > each outgoing message, so that it would read something like "you are
> > > subscribed as [EMAIL PROTECTED], to remove send a message _from that
> > > address_ to [EMAIL PROTECTED] with the magic word."  That way, the
> > > clueless would have a fighting chance at getting off the list.
> > > If they are still incapable, perhaps they will include the tagline in 
> > > their
> > > quoted reply so that others can take the appropriate action.
> 
> Agreed. Absolutely a good thing! Wishlist bug against lists.debian.org?
> 
> > > I don't know how hard or easy this would be to implement, but it sounds
> > > nontrivial.  I suppose there are some privacy / archival issues, such as
> > > the desire to scrub mailing list archives of email addresses to foil
> > > spambots.
> 
> But since the e-mail would be set to a different string for every copy
> that is sent, it would make more sense if the software sent it to the archives
> before inserting an address.

...except for the archives at http://www.mail-archive.com/.

Richard


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Karl E. Jorgensen]

On Wed, Jun 05, 2002 at 07:38:39AM -0700, Walter Reed wrote:
> > I would just like to point out the legal saying that "big cases make bad
> > law."  We're all irritated by one moron's behavior; that's not necessarily
> > an argument for significant technical or policy changes.  By all
> > indications he's gone, and in any case by the end of the day no fewer than
> > four distinct solutions to his violations were posted.  Is there evidence
> > that this is a more general problem?
> 
> Actually, yes. It's one of the worst cases of a problem.
> I also get a couple spams a day from the list. We also have the cases of 
> Windows
> users posting questions to the list because the barrier to post is zero.

The "close-the-list-to-nonsubscribers" discussion has been reiterated a
few times already.

One of Debian's strengths is openess. Complete transparancy. If we start
building barriers to block incoming ideas (sometimes bad ones, sometimes
spam), Debian becomes less open. On grounds of principle, I hope that
this list stays open.

> > Frankly, from my own observation, the more general problem is people who
> > can't grasp the concept of a listmaster, so send messages with
> > "unsubscribe" to the list. That seems easily soluble with a simple script.
> 
> This is true, a script can help. Search for a very short message with
> "unsubscribe". This is a different type of problem.

And some people misspell "unsubscribe"... Some people post off-topic
messages. Sometimes there is spam. Sometimes people ask questions I
can't answer. But most of the time the list is very useful.

-- 
Karl E. Jørgensen
[EMAIL PROTECTED]
www.karl.jorgensen.com
Please study http://www.rfc855.org


pgpWisGkwuAAx.pgp
Description: PGP signature

Re: in case you missed this from ponik

[Derrick 'dman' Hudson]

On Wed, Jun 05, 2002 at 12:13:37PM -0500, Jamin W. Collins wrote:
| On Wed, 5 Jun 2002 10:51:33 -0500
| "Derrick 'dman' Hudson" <[EMAIL PROTECTED]> wrote:
| 
| > Actually, it's really easy to blackhole their messages on your end.
| > From your POV it's basically the same thing (apart from bandwidth
| > usage).
| 
| Yes, blackholing the messages is easy.  As for bandwidth being the only
| difference, not quite.  The messages still make it to the archives (thus
| flooding them).  The increased message traffic to the list can bog the
| list server resulting in increasing delivery delays. 

Err, yeah, of course.  I mostly just view the list with mutt so I tend
to not notice some of that (though serious delays (ie 1+hours) are
rather noticeable).

| As with any problem the closer to the source you can deal with the
| problem the better.

Very true.  OTOH some of use don't have any control near the source
and thus must resort to band-aids at the end.  It is easy to blackhole
those messages, though it's not the Right solution.
 
-D

-- 

Whoever loves discipline loves knowledge,
but he who hates correction is stupid.
Proverbs 12:1
 
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg



pgpvaoR7b0YeB.pgp
Description: PGP signature

Re: in case you missed this from ponik

[Jamin W . Collins]

On Wed, 5 Jun 2002 10:51:33 -0500
"Derrick 'dman' Hudson" <[EMAIL PROTECTED]> wrote:

> Actually, it's really easy to blackhole their messages on your end.
> From your POV it's basically the same thing (apart from bandwidth
> usage).

Yes, blackholing the messages is easy.  As for bandwidth being the only
difference, not quite.  The messages still make it to the archives (thus
flooding them).  The increased message traffic to the list can bog the
list server resulting in increasing delivery delays.  As with any problem
the closer to the source you can deal with the problem the better.

-- 
Jamin W. Collins


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Derrick 'dman' Hudson]

On Wed, Jun 05, 2002 at 08:34:27AM -0300, Jeronimo Pellegrini wrote:
 
| > In any case, idiots who auto-reply to every list mail they receive until 
| > they get their way are not easily defeated by any technological solution.
| 
| He he... Indeed!

Actually, it's really easy to blackhole their messages on your end.
From your POV it's basically the same thing (apart from bandwidth
usage).

-D

-- 

"...In the UNIX world, people tend to interpret `non-technical user' as
meaning someone who's only ever written one device driver."
--Daniel Pead
 
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg



pgp7lrQW1chhu.pgp
Description: PGP signature

Re: in case you missed this from ponik

[Derrick 'dman' Hudson]

On Tue, Jun 04, 2002 at 10:39:02PM -0700, Brian Dessent wrote:
| Jeronimo Pellegrini wrote:
| 
| > Blocking his posts to the list while the listmaster tries to help
| > him could help -- if the listmaster has the time to do that, of course!
| > That would save a lot of bandwidth (the offending posts *and* the
| > discussion about them would at least not last too long), but this can't
| > be easily done automatically [1].
 
| To me, the best solution to this would be to customize the tagline on
| each outgoing message, so that it would read something like "you are
| subscribed as [EMAIL PROTECTED], to remove send a message _from that
| address_ to [EMAIL PROTECTED] with the magic word."

| I don't know how hard or easy this would be to implement, but it sounds
| nontrivial.

IMO this is a bad choice.  This will increase the load on the mail
server (murphy.debian.org) by several orders of magnitude because all
messages will then contain unique content.  The ability to connect to
a server and use multiple RCPT TO: commands to eliminate duplicate
transfers of the message contents depends on the recipients all
receiving the same content.

| I suppose there are some privacy / archival issues, such as
| the desire to scrub mailing list archives of email addresses to foil
| spambots.

Who cares about that?  Use SA to reject the spam mails and get removed
from the lists.  I think it really works because SA rejects less spam
now than it did when I first set it up (and I'm not getting those
high-scoring messages delivered).

-D

-- 

Microsoft: "Windows NT 4.0 now has the same user-interface as Windows 95"
Windows 95: "Press CTRL-ALT-DEL to reboot"
Windows NT 4.0: "Press CTRL-ALT-DEL to login"
 
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg



pgpjVY6eUe52E.pgp
Description: PGP signature

Re: in case you missed this from ponik

[Walter Reed]

> I would just like to point out the legal saying that "big cases make bad
> law."  We're all irritated by one moron's behavior; that's not necessarily
> an argument for significant technical or policy changes.  By all
> indications he's gone, and in any case by the end of the day no fewer than
> four distinct solutions to his violations were posted.  Is there evidence
> that this is a more general problem?

Actually, yes. It's one of the worst cases of a problem.
I also get a couple spams a day from the list. We also have the cases of Windows
users posting questions to the list because the barrier to post is zero.
 
> Frankly, from my own observation, the more general problem is people who
> can't grasp the concept of a listmaster, so send messages with
> "unsubscribe" to the list. That seems easily soluble with a simple script.

This is true, a script can help. Search for a very short message with
"unsubscribe". This is a different type of problem.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Dragón]

  Bad idea!

  There are thousand web mail services out there. And with any normal mail
service you can play with headers.

  Do you really want me to change my email habits?

  Cheers.



 --- Tom Allison <[EMAIL PROTECTED]> escribió: > Oleg wrote:
> 
> > On Tuesday 04 June 2002 07:37 pm, David Wright wrote:
> > 
> >>1) Create an account and subscribe it to debian-user.
> >>2) Set it to forward to [EMAIL PROTECTED]
> >>3) Leave
> >>
> >>No list managemenent system can protect against this.
> >>
> > 
> > I don't know what the state of the art of list management software is, but
> it 
> > must be possible to 
> > 
> > a) limit the number of messages from any user to say 50 a day;
> > 
> > b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED] wasn't 
> > subscribed, how could he post?
> > 
> > c) detect "lameness" like Slashcode sites, and Google Groups (identical 
> > repeated messages, malformatted messages, etc.)
> > 
> > Just my $.02
> > 
> > Oleg
> > 
> > 
> > 
> 
> I've always been a big fan of banning web-based email addresses from 
> the lists, all of them.  With the web-based email addresses 
> (hotmail, yahoo, et al) it's way too easy for someone to really 
> abuse the system in so many ways by setting up alias'.
> 
> Politically, it can be very damaging.
> 
> In a local User Group, we had a political elections process get 
> derailed because the same person was making motions and seconding 
> them on the email lists and then started real lawsuits against the 
> administrator when he, the administrator, started trying to clean 
> out the malicious email accounts.
> It was a real mess.  The email Admin quit overnight, the a$$ got 
> banned and nearly beaten, and the User Group is in a shambles as a 
> result of all this.
> 
> Say, now that I think of it...  Is there some easy was to use some 
> kind of intelligent filtering process that could handle removing 
> some of these web-centric email accounts?  I'm not very good with 
> email...
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>  

___
Copa del Mundo de la FIFA 2002
El único lugar de Internet con vídeos de los 64 partidos. 
¡Apúntante ya! en http://fifaworldcup.yahoo.com/fc/es/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Andrew Perrin]

On Tue, 4 Jun 2002, Walter Reed wrote:

> On Wed, Jun 05, 2002 at 03:05:46AM +0200, Joris wrote:
> > > On Tuesday 04 June 2002 07:37 pm, David Wright wrote:
> > > b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED]
> > > wasn't subscribed, how could he post?
> > 


I would just like to point out the legal saying that "big cases make bad
law."  We're all irritated by one moron's behavior; that's not necessarily
an argument for significant technical or policy changes.  By all
indications he's gone, and in any case by the end of the day no fewer than
four distinct solutions to his violations were posted.  Is there evidence
that this is a more general problem?

Frankly, from my own observation, the more general problem is people who
can't grasp the concept of a listmaster, so send messages with
"unsubscribe" to the list. That seems easily soluble with a simple script.

ap

--
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
[EMAIL PROTECTED] * andrew_perrin (at) unc.edu





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Jeronimo Pellegrini]

> > To me, the best solution to this would be to customize the tagline on
> > each outgoing message, so that it would read something like "you are
> > subscribed as [EMAIL PROTECTED], to remove send a message _from that
> > address_ to [EMAIL PROTECTED] with the magic word."  That way, the
> > clueless would have a fighting chance at getting off the list.
> > If they are still incapable, perhaps they will include the tagline in their
> > quoted reply so that others can take the appropriate action.

Agreed. Absolutely a good thing! Wishlist bug against lists.debian.org?

> > I don't know how hard or easy this would be to implement, but it sounds
> > nontrivial.  I suppose there are some privacy / archival issues, such as
> > the desire to scrub mailing list archives of email addresses to foil
> > spambots.

But since the e-mail would be set to a different string for every copy
that is sent, it would make more sense if the software sent it to the archives
before inserting an address.
 
> But that information is available within the list emails, albeit hidden
> away in the "full" headers.   Maybe better education on how to find and
> examine email headers in these sort of situations is in order. 

I woulg agree, except that I don't believe we can educate all users that
get mails forwarded to them this way. They may not even know what "mail
headers" are at all.
If you refer to educating the list subscribers, then I agree.

But yet -- if we blcok the guy from posting tho the list wen he start
abusing, that at least helps keping the list peaceful (and saves
bandwidth). In the meantime, the listmaster (or some volunteer) can help 
the person with the mail headers and finally unsubscribe him/her.

> In any case, idiots who auto-reply to every list mail they receive until 
> they get their way are not easily defeated by any technological solution.

He he... Indeed!

J.

-- 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Chris Kenrick]

On Tue, Jun 04, 2002 at 10:39:02PM -0700, Brian Dessent wrote:
> Jeronimo Pellegrini wrote:
> 
> > Blocking his posts to the list while the listmaster tries to help
> > him could help -- if the listmaster has the time to do that, of course!
> > That would save a lot of bandwidth (the offending posts *and* the
> > discussion about them would at least not last too long), but this can't
> > be easily done automatically [1].
> 
> It seems to me that the most common problem with mailing lists occurs
> when someone receives messages to an address of which they are unaware. 
> The incident with Declan McCullagh/Politech/well.com and
> Fleishman-Hillard is a good example (see
>  for details.)
> 
> To me, the best solution to this would be to customize the tagline on
> each outgoing message, so that it would read something like "you are
> subscribed as [EMAIL PROTECTED], to remove send a message _from that
> address_ to [EMAIL PROTECTED] with the magic word."  That way, the
> clueless would have a fighting chance at getting off the list.  If they
> are still incapable, perhaps they will include the tagline in their
> quoted reply so that others can take the appropriate action.
> 
> I don't know how hard or easy this would be to implement, but it sounds
> nontrivial.  I suppose there are some privacy / archival issues, such as
> the desire to scrub mailing list archives of email addresses to foil
> spambots.
>

But that information is available within the list emails, albeit hidden
away in the "full" headers.   Maybe better education on how to find and
examine email headers in these sort of situations is in order.  In any
case, idiots who auto-reply to every list mail they receive until they 
get their way are not easily defeated by any technological solution.

- Chris


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Brian Dessent]

Jeronimo Pellegrini wrote:

> Blocking his posts to the list while the listmaster tries to help
> him could help -- if the listmaster has the time to do that, of course!
> That would save a lot of bandwidth (the offending posts *and* the
> discussion about them would at least not last too long), but this can't
> be easily done automatically [1].

It seems to me that the most common problem with mailing lists occurs
when someone receives messages to an address of which they are unaware. 
The incident with Declan McCullagh/Politech/well.com and
Fleishman-Hillard is a good example (see
 for details.)

To me, the best solution to this would be to customize the tagline on
each outgoing message, so that it would read something like "you are
subscribed as [EMAIL PROTECTED], to remove send a message _from that
address_ to [EMAIL PROTECTED] with the magic word."  That way, the
clueless would have a fighting chance at getting off the list.  If they
are still incapable, perhaps they will include the tagline in their
quoted reply so that others can take the appropriate action.

I don't know how hard or easy this would be to implement, but it sounds
nontrivial.  I suppose there are some privacy / archival issues, such as
the desire to scrub mailing list archives of email addresses to foil
spambots.

Brian


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[grante]

>> this would prevent many people who read this list as a newsgroup to
>> contribute
> 
> I don't see how...everyone here's got an MTA installed.

What's having an MTA have to do with it?  I don't subscribe
because I find it more convenient to read the list as a
newsgroup via muc.lists.debain.user.  If I can't post because
I'm not subscribed, then how does having an MTA matter?

Offering non-receiving subscriptions would be fine...

-- 
Grant Edwards   grante Yow!  Yow! Did something
  at   bad happen or am I in a
   visi.comdrive-in movie??


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[grante]

> b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED] wasn't 
> subscribed, how could he post?

Hey! What about those of use who read via muc.lists.debian.user?

-- 
Grant Edwards   grante Yow!  .. are the STEWED
  at   PRUNES still in the HAIR
   visi.comDRYER?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Paul Johnson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Jun 05, 2002 at 03:05:46AM +0200, Joris wrote:

> this would prevent many people who read this list as a newsgroup to
> contribute

I don't see how...everyone here's got an MTA installed.

- -- 
Baloo


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE8/Xj5NtWkM9Ny9xURAvUDAJ0ffxKkxWAOWpfzLD5Mi/ReTUT7igCeOV+j
G936kcAP5ciAiXDVtRcWhuE=
=lxZB
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Paul Johnson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Jun 04, 2002 at 04:15:27PM -0700, ben wrote:

> while his response to the situation was obviously ridiculous, if this 
> statement above is true, it seems that there's some kinda bug in the list 
> management. something similar happened in debian-kde just recently. in the 
> interest of preventing anymore of the same in the future, anybody want to 
> offer conjecture on how this could happen?

1) Malicious user.  Someone I nailed for spamming recently set up a
bunch of forwarding accounts that pointed here and did nothing but spam
me with them.  I wonder if they realised that's brutally easy to filter
and makes it harder for ISPs to listwash me and ignore spam.  I consider
it a double-win.

2) Luser error.  Luser sets up forwarding account, forgets about it. 
Subscribes to list forgetting email address set up on that account is
forwarding someplace else.

- -- 
Baloo


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE8/XgcNtWkM9Ny9xURAmeoAJ9zlmg14ancJ6uDA1YI2My3c66jQgCdGr+C
6Xf9wHSSN0hHbUp0GsoSYi4=
=9uz9
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Walter Reed]

On Wed, Jun 05, 2002 at 03:05:46AM +0200, Joris wrote:
> > On Tuesday 04 June 2002 07:37 pm, David Wright wrote:
> > b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED]
> > wasn't subscribed, how could he post?
> 
> this would prevent many people who read this list as a newsgroup to
> contribute

Some list management software allows "post only" subscriptions by subscribing 
and
turning off reception. This would solve that problem.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Joris]

> On Tuesday 04 June 2002 07:37 pm, David Wright wrote:
>> 1) Create an account and subscribe it to debian-user. 2) Set it to
>> forward to [EMAIL PROTECTED] 3) Leave
>>
>> No list managemenent system can protect against this.
> 
> I don't know what the state of the art of list management software is,
> but it must be possible to
> 
> a) limit the number of messages from any user to say 50 a day;
> 
> b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED]
> wasn't subscribed, how could he post?

this would prevent many people who read this list as a newsgroup to
contribute

> c) detect "lameness" like Slashcode sites, and Google Groups (identical
> repeated messages, malformatted messages, etc.)

I agree with the rest of your arguments. By the way, are ponik's (and
other spam) messages going to be removed from the archives?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Tom Allison]

Oleg wrote:


On Tuesday 04 June 2002 07:37 pm, David Wright wrote:


1) Create an account and subscribe it to debian-user.
2) Set it to forward to [EMAIL PROTECTED]
3) Leave

No list managemenent system can protect against this.



I don't know what the state of the art of list management software is, but it 
must be possible to 


a) limit the number of messages from any user to say 50 a day;

b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED] wasn't 
subscribed, how could he post?


c) detect "lameness" like Slashcode sites, and Google Groups (identical 
repeated messages, malformatted messages, etc.)


Just my $.02

Oleg





I've always been a big fan of banning web-based email addresses from 
the lists, all of them.  With the web-based email addresses 
(hotmail, yahoo, et al) it's way too easy for someone to really 
abuse the system in so many ways by setting up alias'.


Politically, it can be very damaging.

In a local User Group, we had a political elections process get 
derailed because the same person was making motions and seconding 
them on the email lists and then started real lawsuits against the 
administrator when he, the administrator, started trying to clean 
out the malicious email accounts.
It was a real mess.  The email Admin quit overnight, the a$$ got 
banned and nearly beaten, and the User Group is in a shambles as a 
result of all this.


Say, now that I think of it...  Is there some easy was to use some 
kind of intelligent filtering process that could handle removing 
some of these web-centric email accounts?  I'm not very good with 
email...



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Jeronimo Pellegrini]

> It's not clear what can be done about this at Debian's end other than to
> encourage people to post full headers whenever anything goes wrong.

Blocking his posts to the list while the listmaster tries to help
him could help -- if the listmaster has the time to do that, of course!
That would save a lot of bandwidth (the offending posts *and* the
discussion about them would at least not last too long), but this can't 
be easily done automatically [1].

Just my 2 centavos.

J.

[1] Maybe with a number of votes from *subscribed* address, some 
automated mechanism could do that -- but sounds clumsy, abuse-prone
and still not fully automatic.

-- 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Karl E. Jorgensen]

On Tue, Jun 04, 2002 at 11:59:21PM +, Pollywog wrote:
> I don't know how it happened, but just yesterday I was subscribed to
> a mailing list by someone else.  I certainly did not subscribe, and
> somehow the list managing software for that list received the
> subscription confirmation allegedly sent by me.  I received the
> "Welcome to the list" message and some info on how to manage my
> subscription.  I immediately used the information there to
> unsubscribe from the list (it was one of the KDE lists).
> 
> I know it can happen, so perhaps this "ponik" individual was
> truthful.

The debian mailing lists work on a "confirmed opt-in" principle which
prevents subscribing somebody else's email address  (but not malicious
forwarding...)


-- 
Karl E. Jørgensen
[EMAIL PROTECTED]
www.karl.jorgensen.com
 Today's fortune:
MSDOS didn't get as bad as it is overnight -- it took over ten years
of careful development.
-- [EMAIL PROTECTED]


pgpJARvIVVA6S.pgp
Description: PGP signature

Re: in case you missed this from ponik

[Oleg]

On Tuesday 04 June 2002 07:37 pm, David Wright wrote:
> 1) Create an account and subscribe it to debian-user.
> 2) Set it to forward to [EMAIL PROTECTED]
> 3) Leave
>
> No list managemenent system can protect against this.

I don't know what the state of the art of list management software is, but it 
must be possible to 

a) limit the number of messages from any user to say 50 a day;

b) disallow posting from unconfirmed addresses; if [EMAIL PROTECTED] wasn't 
subscribed, how could he post?

c) detect "lameness" like Slashcode sites, and Google Groups (identical 
repeated messages, malformatted messages, etc.)

Just my $.02

Oleg


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Pollywog]

On Tue, 4 Jun 2002 16:15:27 -0700
"ben" <[EMAIL PROTECTED]> wrote:

> while his response to the situation was obviously ridiculous, if
> this statement above is true, it seems that there's some kinda bug
> in the list management. something similar happened in debian-kde
> just recently. in the interest of preventing anymore of the same
> in the future, anybody want to offer conjecture on how this could
> happen?

I don't know how it happened, but just yesterday I was subscribed to
a mailing list by someone else.  I certainly did not subscribe, and
somehow the list managing software for that list received the
subscription confirmation allegedly sent by me.  I received the
"Welcome to the list" message and some info on how to manage my
subscription.  I immediately used the information there to
unsubscribe from the list (it was one of the KDE lists).

I know it can happen, so perhaps this "ponik" individual was
truthful.

--
Andrew


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[ben]

On Tuesday 04 June 2002 04:25 pm, Colin Watson wrote:
> On Tue, Jun 04, 2002 at 04:15:27PM -0700, ben wrote:
> > while his response to the situation was obviously ridiculous, if this
> > statement above is true, it seems that there's some kinda bug in the list
> > management. something similar happened in debian-kde just recently. in
> > the interest of preventing anymore of the same in the future, anybody
> > want to offer conjecture on how this could happen?
>
> There was some discussion about it on IRC, and somebody pointed out that
> toughguy.net is an e-mail forwarding service. If that's the case, then
> it's possible to point the forwarder at yourself, subscribe to a few
> mailing lists, and then maliciously alter the forwarding address.
>
> It's not clear what can be done about this at Debian's end other than to
> encourage people to post full headers whenever anything goes wrong.

does this mean any cretin with a grudge could bring the web to a painfully 
slow grind at will? it seems like a massive flaw in the greater system. with 
today's event in mind, and apart from forwarding headers to the listmaster 
and abuse@, is there anything else that can be done? any 
other means of redress or complaint?

ben


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[David Wright]

> while his response to the situation was obviously ridiculous, if this
> statement above is true, it seems that there's some kinda bug in the list
> management. something similar happened in debian-kde just recently. in the
> interest of preventing anymore of the same in the future, anybody want to
> offer conjecture on how this could happen?

1) Create an account and subscribe it to debian-user.
2) Set it to forward to [EMAIL PROTECTED]
3) Leave

No list managemenent system can protect against this.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Chris Kenrick]

On Wed, Jun 05, 2002 at 12:25:14AM +0100, Colin Watson wrote:
> On Tue, Jun 04, 2002 at 04:15:27PM -0700, ben wrote:
> > while his response to the situation was obviously ridiculous, if this 
> > statement above is true, it seems that there's some kinda bug in the list 
> > management. something similar happened in debian-kde just recently. in the 
> > interest of preventing anymore of the same in the future, anybody want to 
> > offer conjecture on how this could happen?
> 
> There was some discussion about it on IRC, and somebody pointed out that
> toughguy.net is an e-mail forwarding service. If that's the case, then
> it's possible to point the forwarder at yourself, subscribe to a few
> mailing lists, and then maliciously alter the forwarding address.
> 
> It's not clear what can be done about this at Debian's end other than to
> encourage people to post full headers whenever anything goes wrong.

Has anyone contacted the abuse department of the provider of
toughguy.net?  According to their web site, they are anti spam, and
therefore might consider action...

- Chris


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Chris Kenrick]

On Tue, Jun 04, 2002 at 04:15:27PM -0700, ben wrote:
> 
> allegedly the last email from ponik the slovakian bofh
> 
> It is my last mail for you.
> 
> Thank everybody for help. 
> (Problem was with forwarding every mails from debian-user@lists.debian.org to 
> my mail with anonymous man or woman through mail [EMAIL PROTECTED] I don't 
> know, who it is.)
> 
> One more, excuse me for troubles.
> 
> Lot of luck.
> 
> Good bye.
> 
>                  pono
> 
> 
> while his response to the situation was obviously ridiculous, if this 
> statement above is true, it seems that there's some kinda bug in the list 
> management. something similar happened in debian-kde just recently. in the 
> interest of preventing anymore of the same in the future, anybody want to 
> offer conjecture on how this could happen?

Technically speaking, someone could subscribe to debian-user as
[EMAIL PROTECTED], THEN activate forwarding from [EMAIL PROTECTED] to
the real address.  Most email services don't confirm that a person
owns the address that they're forwarding to (although some now do).  As
to why someone would do it .. I dunno, grudge, sick practical joke,
whatever...

- Chris


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Colin Watson]

On Tue, Jun 04, 2002 at 04:15:27PM -0700, ben wrote:
> while his response to the situation was obviously ridiculous, if this 
> statement above is true, it seems that there's some kinda bug in the list 
> management. something similar happened in debian-kde just recently. in the 
> interest of preventing anymore of the same in the future, anybody want to 
> offer conjecture on how this could happen?

There was some discussion about it on IRC, and somebody pointed out that
toughguy.net is an e-mail forwarding service. If that's the case, then
it's possible to point the forwarder at yourself, subscribe to a few
mailing lists, and then maliciously alter the forwarding address.

It's not clear what can be done about this at Debian's end other than to
encourage people to post full headers whenever anything goes wrong.

-- 
Colin Watson  [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: in case you missed this from ponik

[Robert Webb]

This would be easy to do. If I create an account on my domain and 
honestly subscribe to the
list and then set all the email to  that address to be fowarded to a 
second address everything

for any list server would look to be ok.

If I were the one that did it in this case I would register the email 
address of  [EMAIL PROTECTED]
Then through the proper steps I would subscribe to the 
[EMAIL PROTECTED]
Then I would pick ponik's real email address [EMAIL PROTECTED] and foward 
all the email from

my [EMAIL PROTECTED] account to that email addy.

This could be done real easy whith any type of free email account. 
Espicially if I had a bone to pick

and owned my own server...


Robert

ben wrote:



allegedly the last email from ponik the slovakian bofh

It is my last mail for you.

Thank everybody for help. 
(Problem was with forwarding every mails from debian-user@lists.debian.org to 
my mail with anonymous man or woman through mail [EMAIL PROTECTED] I don't 
know, who it is.)


One more, excuse me for troubles.

Lot of luck.

Good bye.

pono


while his response to the situation was obviously ridiculous, if this 
statement above is true, it seems that there's some kinda bug in the list 
management. something similar happened in debian-kde just recently. in the 
interest of preventing anymore of the same in the future, anybody want to 
offer conjecture on how this could happen?


ben



 





--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]