Re: filtering of mailing lists and NATs
In die Tue, 22 May 2001 20:49:51 -0400 Eric Rosen <[EMAIL PROTECTED]> scripsit: > I do this for the mailing list of the MPLS working group, so I'm aware of > what a nuisance it is. But as far as mailing list management goes, it's not > nearly as big a nuisance as trying to figure out which of the error messages > to owner-mpls are bogus and which are real. (The mailing list has 3000 > members and each message to it results in 100 error messages.) mailman seems to have an automated way to put subscribers whose email bounces out of the list, but I must confess I prefer to look at the errors and decide case per case. Luckily, my lists have at most 400 users. ciao, .mau.
Re: perspective
what needs filtering is all this pointless commentary on SPAM. i assure you all that somebody, somewhere...probably several somebodies...are working on the problem. until then, do what i do: delete it i get 250+ emails a day, and only about 5 of them are spam. that tells me my filter works pretty good. if i can suffer through the other 245, and not get worked up about deleting the 5, then noone else should be uptight about it either. my next point is that today i recieved approx 35 emails from IETF members and list subscribers, complaining about spam. that's 30 MORE than the spam i got today. so i'll ask the same question James did: "what needs filtering?" rgmc AIM __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: filtering of mailing lists and NATs
Keith, Why do you keep pretending that sending mail to the main submission address is the only way to get a message out on a mailing list and that there isn't immense harm done by spam? What about months of work wasted because a WG didn't get the input of those driven away by spam? If you have trouble submitting mail to a WG maiiling list, or even think you might, why not just send mail to the chair and ask them to post it? Wouldn't it be their job to do so if it was at all relevant? Limitations on absolutely free direct immediate posting have negative effects and *positive* effects. The right balance is different for different mailing lists. Donald From: Keith Moore <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> To: grenville armitage <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED] In-reply-to: Your message of "Mon, 21 May 2001 22:24:27 PDT." <[EMAIL PROTECTED]> Date: Tue, 22 May 2001 11:49:44 -0400 >> > however, I have seen a couple of occasions where I believe that >> > a 'moderator' acted inappropriately in filtering messages that >> > came from non-subscribers but were arguably on-topic for the lists. >> >> So the non-subscriber subscribed, and their posts went through okay, >> right? > >no. the WG was badly in need of a clue from folks outside of the WG - >because the WG was failing to understand how its work would interact >with and/or affect other applications or protocols outside of its purview. > >the would-be contributor did not want to subscribe to the list because >he/she had no desire to participate in the day-to-day conversations of >the working group. after all, the contributor normally worked at >layer X while the WG was working at layer Y. > >still, the WG needed the contribution. it would have benefited from >knowing that what it was doing was inherently flawed, and that its >poorly-informed design decisions would do harm and/or cause its work >to be less useful than anticipated. > >but the capriciousness of the mailing list maintainer prevented this >from happening, and many months of hard work were wasted. > >> (If not, and the moderator was in fact filtering all posts >> to the mailing list in question, then this example is a red-herring.) > >seems like you've left a big hole in your case analysis. > > >> Gas tanks explode - we ban cars? > >if the gas tanks explode under normal or even occasional use, we do in >fact recall the car. > >you seem to believe that non-subscribers are inherently illegimiate, >and that any barriers we erect to make it more difficult for them to >post are therefore justified. looks like circular reasoning to me. > >Keith >
focus Re: filtering of mailing lists and NATs
Vernon Schryver wrote: [..] > IETF lists have sufficient reasons to be just as open. All of the > proposals for filtering the IETF's lists would have false postive rates > far worse than 1/month, where delays of more than 24 hours count as a > false positive. I think you're exaggerating a few things. First, the main proposal in this thread is subscribe-before-post, which suffers no false positives if you... ummm... subscribe before you post. Second, since when has the IETF's activities been so urgent that a 24hr delay on a "I forgot to subscribe before posting" email would be mind-blowingly critical? (IMO, never. But hey, I take walks in the sun every so often...) I don't recall this thread seriously focusing on content filtering (*being* filtered, sure ;) [..] > There is only one thing that prevents those who want a spam-free IETF list > from having it. Since I don't recall seeing absolute 'spam-free'-ness being a design goal, I'm not sure who "those" people are. But then again, I take walks cheers, gja Grenville Armitagehttp://members.home.net/garmitage/
perspective
It took a few seconds to ignore the spurts of spam that started the recent mailing list policy threads, but I am now dozens of messages behind, trying to read and carefully consider all of the resulting insightful and witty comments. What needs filtering, again? Cheers, James
Re: filtering of mailing lists and NATs
> From: grenville armitage <[EMAIL PROTECTED]> > > Besides, mailing list traffic tends to be > > "white listed" and so bypass individual spam filters. > > Which is why some of us would encourage the use of > techniques that make mailing lists less attractive > to opportunistic spammers. > > I feel dizzy. I've run spam filters for a big commercial outfit, where people reasonably preferred to deal with spam than to fail to communicate with customers or prospects. In such situations, unless your false positive rate rejects fewer than 1 legitimate message per month, you should be castigated and your filters turned off. IETF lists have sufficient reasons to be just as open. All of the proposals for filtering the IETF's lists would have false postive rates far worse than 1/month, where delays of more than 24 hours count as a false positive. Because of the nature of the traffic on the main IETF list, I suspect the false positive rate would be approach 10% (except in threads like this where the false negative rate be about 100%, because we're all subscribers making this noise). In other words, there are reasons why I only suggested that the IETF-filtered list use the DCC body filtering. There is something else about the proposals to impose additional filters on this list that really bugs me. I suspect that many of those demanding that this list be filtered did not bother to do anything about the recent spam, while those of us opposed all did do something. There is only one thing that prevents those who want a spam-free IETF list from having it. In theory, someone could subscribe a reflector to the main list or the overseas filtered list, and then run it like an ordinary moderated list. Others who want such filtering could subscribe to it. In theory, everyone would be happy. Unfortunately, there is that one thing preventing global contentment. At least one of those who want such filtering would have to do some extra work. This obviously would not implement or run itself with the demands that someone else take care of it. Vernon Schryver[EMAIL PROTECTED]
Re: filtering of mailing lists and NATs
Maurizio> but this means Maurizio> - that there is a person who has the right to decide whether the Maurizio> message is spam or not Maurizio> - that this person is willing to bear the burden for the sake of the Maurizio> whole community. Maurizio> I happen to do this for some lists, but it's a nuisance, I may Maurizio> assure you. I do this for the mailing list of the MPLS working group, so I'm aware of what a nuisance it is. But as far as mailing list management goes, it's not nearly as big a nuisance as trying to figure out which of the error messages to owner-mpls are bogus and which are real. (The mailing list has 3000 members and each message to it results in 100 error messages.) It's not hard to decide whether a particular message is unsolicited commercial email or not, that's not something that people disagree about.
Re: filtering of mailing lists and NATs
Vernon Schryver wrote: [..] > Besides, mailing list traffic tends to be > "white listed" and so bypass individual spam filters. Which is why some of us would encourage the use of techniques that make mailing lists less attractive to opportunistic spammers. I feel dizzy. cheers, gja
Re: since drums is closed...
At 12:00 PM -0500 5/22/01, Chip Rosenthal wrote: >On Tue, May 22, 2001 at 05:00:49PM +0200, Maurizio Codogno wrote: > > I hope someone may give me an answer here, even if the topic is > > not quite in topic for the list. > >Don't have an answer to your question, but thought I'd point out >that most of the DRUMS participants have moved over to the ietf-822 >mailing list hosted at imc.org. The folks who want to talk about message formats have moved there. The folks who want to talk about message transport have moved to ietf-smtp. DRUMS was covering two different topics. >IIRC [EMAIL PROTECTED] should work. Yup, and [EMAIL PROTECTED] will get you the companion list. --Paul Hoffman, Director --Internet Mail Consortium
Re: filtering of mailing lists and NATs
> From: grenville armitage <[EMAIL PROTECTED]> > ... > Who knows. I suspect it would be a *vastly* long time before the > ratio of 'blocked mailing list' to 'personal email addresses' becomes > so high that spammers will special-case their code just to target > mailing lists. Today mailing lists are accidental inclusions on spammer > master target lists. That last is clearly false for much of the spam that hits IETF lists. At least some spammers evidently already understand that one message through a working and large list will hit a lot of valid addresses, often very well "targeted" addresses. Besides, mailing list traffic tends to be "white listed" and so bypass individual spam filters. > They already deal with email addresses that get > stale and bounce, Serious spammer do not care about stale or bouncing addresses. That's demonstrated by the "dictionary attack" spammers who have lists of 100's to 1000's of user names that they try at every domain they hit. If you have a vanity domain, then watching for dictionary attack bounces and they wiring those addresses to automated body filters can be very effective measured in low false positives and false negatives. > the trick is to convince them our mailing list address > is similarly 'stale'. This *is* social engineering, by us, of them, > using technology. That assumes that that spammers prune their lists. However, they clearly do not. My best body spam trap address today is a misspelling of my username that first started getting hit several years ago, and that has *never* been valid, and bounced for years until I recently wired it to body filters. The mispelling was apparently a harvesting software bug, because many other people reported seeing equivalent bad addreses. Vernon Schryver[EMAIL PROTECTED]
Re: filtering of mailing lists and NATs
John Stracke <[EMAIL PROTECTED]> writes: [Randomly selected moderators.] > Then you have to educate the subscribers on how to approve messages. Include a short explanation in the message of why it is sent, and offer to follow a URL to approve the message. One of the randomly choosen subscribers presumably knows how to follow a link. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ This message is designed to be viewed at 600 mph.
RE: filtering of mailing lists and NATs
My mail filters must be very effective. The > 20 messages on this thread in the last 2 days constitute over a months worth of spam I have been aware of. Now if I could only figure out how to construct an automated filter for: if list = IETF and content = 'personal inconvenience rant' then permanently delete Tony FWIW: I agree with Keith's original tenant that technology applied without my express awareness & consent (like NAT in the general case) is inappropriate. I also agree with KRE that spam is a social rather than technical problem, and any centralized technical approach will be worked around. Rather than complain that someone else is not doing the work, maybe those who don't want to take the time to construct their own filters should ask the list if anyone else might be running their favorite mail tool and is willing to share an existing rule set. If you want to make sure I never see your message just include the strings '$' or 'subscribe' in the subject, or send with any of these strings anywhere in the header: @none 163.net 163.com 21cn.edu.cn 263.net 263.com 363.net 363.com auxaux.com china.com sina.com cn99.com com.cn cpri.net dicult.co.jp dta.net.cn elong.com f9.mail.ru fj.cn fj.fz.cn jx.cn Kysi Ferul kyungin-c.ac.kr mediforums.com nbzh.com netease.com xxx@
Re: filtering of mailing lists
--- Keith Moore <[EMAIL PROTECTED]> wrote: > Suresh, > > I don't mind having WG lists moderate contributions from non-subscribers, > provided the moderator can act in a timely fashion (say within a day or > so) and the moderator allows any post that is even arguably on-topic for > the list. > Having a separate subscribe-to-post requirement alleviates the burden on the list administartor, at the cost of minor one-time additional inconvenience to the poster. This, in no way, violates the principle of open participation and being open to good ideas from all sources. If a responsible poster still chooses to send a message without subscribing-to-post, then it is not unreasonable if the message posting is delayed by more than a day or is dropped at the discrition of the list moderator(s). On the other hand, if spam is sent automagically to a bunch of lists, the spam will automagically get dropped, unless the spam sender subscribes to each of the lists and violates the posting law. > for reasons already stated, I doubt that a single moderator could be > found for the main ietf list. but I would like to see an experiment > with the 'multiple per-message moderators chosen at random from the > subcriber list' proposals. I am OK with the idea of multiple moderators. Many lists already have multiple moderators. The IESG members, for example, could be the moderators for the IETF list. Unless the moderators group is pre-selected, attempting to select a moderator at random from the subscriber list for each new mailing thread can be at best difficult and at worst a box of pandora. The random selection process in itself can become very hard to manage and will become a giant meta problem in itself. <.. stuff deleted> Thanks. Have a nie day. cheers, suresh __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
A modest proposal
Here's an experiment: - Create a read-only list, "[EMAIL PROTECTED]" - People send email to [EMAIL PROTECTED] as usual - If the from: address is a subscriber to [EMAIL PROTECTED], majordomo sends it to the members of [EMAIL PROTECTED] and [EMAIL PROTECTED] - If the from: address is NOT a subscriber to [EMAIL PROTECTED], majordomo sends it only to the people subscribed to [EMAIL PROTECTED] - Archive posts that end up on [EMAIL PROTECTED] People who want the complete, unadulterated feed of posts to [EMAIL PROTECTED] can subscribe to [EMAIL PROTECTED] and see everying that is sent to [EMAIL PROTECTED] The rest can (remain) subscribe(d) to [EMAIL PROTECTED] cheers, gja (who honestly doesn't know enough majordomo to say if this is a 5 min job, or 5 hours hacking)
Social solutions mean lawyers... Re: filtering of mailing lists and NATs
Robert Elz wrote: [..] > This is not a technological problem - it is a social problem. We cannot > fix spam by technological means - it has to be fixed by social means. If you remove technological means you're left with "Bad spammer, please don't send email to our list". The non-technical escalation path (aka 'social means') then leads to lawyers and politicians thinking they know what's best. Then you'd really see what it feels like to have the wrong weapon brought to bear on a problem. I shudder at the thought. cheers, gja
Re: filtering of mailing lists and NATs
Robert Elz wrote: > | Most spammers strike me as opportunistic and not overly interested > | in special-case-handling a couple of subscribe-to-send lists, > > Of course, and as long as they can get to the vast majority of their > target, it will probably remain that way. Good enough for me. It is said that to avoid a bear, you don't need to be faster than the bear, just faster than someone else in your group ;) [..] > how long do you > think it will be before the spammer's lists of names contain not only the > destination address, but the From: address they should use to send to that > address? Who knows. I suspect it would be a *vastly* long time before the ratio of 'blocked mailing list' to 'personal email addresses' becomes so high that spammers will special-case their code just to target mailing lists. Today mailing lists are accidental inclusions on spammer master target lists. They already deal with email addresses that get stale and bounce, the trick is to convince them our mailing list address is similarly 'stale'. This *is* social engineering, by us, of them, using technology. cheers, gja
RE: filtering of mailing lists and NATs
> Christian> I would much rather receive and delete another > annoying > Christian> proposition to get rich quick or see lurid pictures than > tolerate > Christian> any form of censorship. > > As has been pointed out, the non-member messages can be moderated. It > takes > about one second to look at a message and tell whether it is > unsolicited > commercial or not. So the downside is that the non-member message may > be > delayed for a bit until the moderator gets to it. This is one of many possible implementations. As Keith pointed out, it is much better than any form of automated action, such as closed membership list. The downside is that it is a heavy work on the single "censor"; there are indeed ways to spread the load to multiple editors. > I wouldn't call that > censorship. (I think one has to be very privileged indeed to confuse > a small inconvenience with censorship.) All form of filtering have the potential to drift into censorship. We have seen it with the anti-porn web site filters, and we are indeed seeing accusation of censorship floated against the RBL. For the IETF, we must go to extreme to ensure openness and remove any hint of possible censorship. -- Christian Huitema
Re: filtering of mailing lists and NATs
James Aviani wrote: > I know this is fairly low-tech, but it seemed like a reasonable and practical > solution to spamming. This is a interesting if not good idea. Some of the details may need to be worked out (like perhaps certain people opt in or opt out of being a moderator), but the technical implementation is probably the easy part. If you've given the IETF a solution without causing a theological debate over the 'technical purity' of it, you've left your mark for posterity. John
Re: filtering of mailing lists and NATs
I think I might set a filter to look for this thread in the subject line of my email and dump it. It only takes a minute to set it up. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: since drums is closed...
On Tue, May 22, 2001 at 05:00:49PM +0200, Maurizio Codogno wrote: > I hope someone may give me an answer here, even if the topic is > not quite in topic for the list. Don't have an answer to your question, but thought I'd point out that most of the DRUMS participants have moved over to the ietf-822 mailing list hosted at imc.org. IIRC [EMAIL PROTECTED] should work. -- Chip Rosenthal <[EMAIL PROTECTED]> http://www.unicom.com/ Protect your mail server against spam.http://mail-abuse.org/ Junk email is theft. There ought to be a law.http://www.cauce.org/ "That's not communication. That's gargling." -Geoffrey Nunberg
Re: filtering of mailing lists and NATs
James Aviani wrote: > So here is the idea: For email that comes from non-subscribers, forward it to > N subscribers randomly selected from the current subscribers. (Maybe pick > from the most recent posters, since they are most likely to be active.) If > one of subscribers thinks the mail is useful, he forwards it to the group. If > more than one approves, still only one copy goes forward. (Software somewhere > would prevent duplicates.) Then you have to educate the subscribers on how to approve messages. -- /===\ |John Stracke| http://www.ecal.com |My opinions are my own. | |Chief Scientist |==| |eCal Corp. |All your problems can be solved by not caring!| |[EMAIL PROTECTED]| | \===/
Re: filtering of mailing lists and NATs
In die Tue, 22 May 2001 12:26:40 -0400 Eric Rosen <[EMAIL PROTECTED]> scripsit: > As has been pointed out, the non-member messages can be moderated. It takes > about one second to look at a message and tell whether it is unsolicited > commercial or not. but this means - that there is a person who has the right to decide whether the message is spam or not - that this person is willing to bear the burden for the sake of the whole community. I happen to do this for some lists, but it's a nuisance, I may assure you. ciao, .mau.
Re: filtering of mailing lists
Suresh, I don't mind having WG lists moderate contributions from non-subscribers, provided the moderator can act in a timely fashion (say within a day or so) and the moderator allows any post that is even arguably on-topic for the list. for reasons already stated, I doubt that a single moderator could be found for the main ietf list. but I would like to see an experiment with the 'multiple per-message moderators chosen at random from the subcriber list' proposals. the problem with the NAT list was that posts from non-susbcribers were, apparently, simply discarded. as you point out, this has since been fixed. Keith p.s. I don't think the question of whether we inconvience the legitimate poster or the spammer more is the relevant one. a better question is which filtering policy allows our organization to function more effectively - given that 'effectiveness' includes honoring our principle of open participation and being open to good ideas from all sources. > Date: Tue, 22 May 2001 10:16:37 -0700 (PDT) > From: Pyda Srisuresh <[EMAIL PROTECTED]> > Subject: Re: filtering of mailing lists > > --- Keith Moore <[EMAIL PROTECTED]> wrote: > > > Here is a suggestion. > > > > > Require people to subscribe to a list to post to the list. > > > > worked great for the NAT WG list, which successfully used this technique > > to discourage input from people harmed by NAT. > > NAT WG never had a separate subscribe-to-post requirement, FYI. > > The previous list as well as the current list (hosted by the IETF) > required a single subscription to receive as well as to post. > > With the current list, messages sent by folks not subscribed to the > list would be directed to list administrator to permit posting to > the list. List administrator would have to manually approve the posting. > > Now, do you object to a separate subscribe-to-post requirement? > Would this discourage or inconvenience you (the occassional non-spam > contributor to a non-subscribed-to-receive-list) or the spammer more? > > If the answer is debatable (or) the frequent spammer is likely to be > discouraged at least 50% of the time, the approach is worth a try.
Re: filtering of mailing lists and NATs
> > > So, here are the choices: > > > > 1. Save thousands of people from having to deal with multiple spams per day, > > >at the cost of presenting a minor inconvenience to a few, or > > > > 2. Require thousands of people to receive and deal with spam (or to learn > > >all about mail filtering), in order to avoid inconveniencing a few. > > > you have it backwards. all subscribers of the list are 'inconvenienced' > > if we discourage legitimate contributions from folks who are not willing > > to jump through arbitrary and time-consuming hoops that we impose on them > > just because a few people insisted (even in the face of evidence to the > > contrary) that they knew what was best for everyone else. > > This assumes that list filtering cannot be done sensibly. This assumption is > false; it can be done sensibly and is done sensibly all the time. And when it > is done sensibly the amount of inconvenience is unnoticeable. Sure, there are > plenty of lists that don't do filtering sensibly (including, alas, some IETF WG > lists), but there are many others that do. I also think that list filtering can be done sensibly, and I agree that this is mostly (though not entirely) a matter of resources. what I am objecting to is the notion that 'sensible filtering' (particularly on the IETF list) equates to 'filtering postings from non-subscribers'. > > calling those hoops a 'minor inconvenience' is also misleading. > > Only if the lists aren't managed correctly. which is, in my experience, all too often the case. and the knowledge required to 'correctly' manage a list seems to be in short supply. it would be useful to collect such knowledge into an RFC. > Keith, I have to say that you are becoming your own worst enemy in this > discussion. By insisting on an absolute policy of no filtering at all your > ability to influence the policy that eventually is adopted is being > compromised. but I have never insisted on such a policy. I have only insisted that it's not appropriate to expect people to subscribe to the list in order to contribute to the discussion. in fact I use various kinds of filtering on the lists that I maintain (different degrees depending on the nature of the list), so I agree that filtering can be useful and appropriate. > As a result we are increasingly likely to end up with a list > policy imposed that doesn't accomodate some aspect of real world behavior that > could have been dealt with. as you might imagine I am also frustrated by the tendency of this kind of debate to polarize people around extreme positions, rather than to encourage brainstorming about solutions that would address the entire spectrum of interests and concerns that are expressed. at the same time, I feel that it's important to argue against proposals for quick fixes that seem shortsighted. we have too many of those already. we need to understand the problem from a variety of perspectives before insisting that our proposed solutions are appropriate to impose on everybody. > I also find the comparisons with NAT to be strained at best. I'm sure we can all come up with examples of 'solutions' that served one interest while harming others, or that served short term goals while doing harm in the long term. NATs aren't an especially unusual example of this, they're just an example that can be understood by most of the list. Keith
Re: filtering of mailing lists and NATs
Lloyd Wood wrote: > > On Mon, 21 May 2001, grenville armitage wrote: > > > It is a fragile universe one inhabits where asking people to subscribe > > to the community of interest before posting is equated to censorship. > > Be liberal in what you accept. I am not a protocol. I am a human being. cheers, gja Grenville Armitagehttp://members.home.net/garmitage/
Re: filtering of mailing lists
--- Keith Moore <[EMAIL PROTECTED]> wrote: > > Here is a suggestion. > > > Require people to subscribe to a list to post to the list. > > worked great for the NAT WG list, which successfully used this technique > to discourage input from people harmed by NAT. NAT WG never had a separate subscribe-to-post requirement, FYI. The previous list as well as the current list (hosted by the IETF) required a single subscription to receive as well as to post. With the current list, messages sent by folks not subscribed to the list would be directed to list administrator to permit posting to the list. List administrator would have to manually approve the posting. Now, do you object to a separate subscribe-to-post requirement? Would this discourage or inconvenience you (the occassional non-spam contributor to a non-subscribed-to-receive-list) or the spammer more? If the answer is debatable (or) the frequent spammer is likely to be discouraged at least 50% of the time, the approach is worth a try. > > Keith cheers, suresh = __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
RE: filtering of mailing lists and NATs
> > So, here are the choices: > > > > 1. Save thousands of people from having to deal with multiple spams per > day, > >at the cost of presenting a minor inconvenience to a few, or > > > > 2. Require thousands of people to receive and deal with spam (or to > learn > >all about mail filtering), in order to avoid inconveniencing a few. > > you have it backwards. all subscribers of the list are 'inconvenienced' > if we discourage legitimate contributions from folks who are not willing > to jump through arbitrary and time-consuming hoops that we impose on them > just because a few people insisted (even in the face of evidence to the > contrary) that they knew what was best for everyone else. There is a fine line between "anti-spam" and "censorship." I would much rather receive and delete another annoying proposition to get rich quick or see lurid pictures than tolerate any form of censorship. This translates into an engineering requirement. Anti-spam filters, like all filters generate false positive, i.e. declare as spam something that is in fact legitimate, and false negative, i.e. declare as legitimate a message that in fact is spam. The openness requirement of the IETF translates in a requirement to eliminate "false negative." This is the IETF, we ought to be able to engineer that. -- Christian Huitema
Re: filtering of mailing lists and NATs
> > So, here are the choices: > > 1. Save thousands of people from having to deal with multiple spams per day, > >at the cost of presenting a minor inconvenience to a few, or > > 2. Require thousands of people to receive and deal with spam (or to learn > >all about mail filtering), in order to avoid inconveniencing a few. > you have it backwards. all subscribers of the list are 'inconvenienced' > if we discourage legitimate contributions from folks who are not willing > to jump through arbitrary and time-consuming hoops that we impose on them > just because a few people insisted (even in the face of evidence to the > contrary) that they knew what was best for everyone else. This assumes that list filtering cannot be done sensibly. This assumption is false; it can be done sensibly and is done sensibly all the time. And when it is done sensibly the amount of inconvenience is unnoticeable. Sure, there are plenty of lists that don't do filtering sensibly (including, alas, some IETF WG lists), but there are many others that do. Whether or not list filtering can be sensibly applied to a list with the characteristics of the main IETF list is just a matter of resources. The necessary technologies exist to cope with all the trickiness the IETF list presents and more. All we have to do is agree to apply them and find the resources to make it happen. > calling those hoops a 'minor inconvenience' is also misleading. Only if the lists aren't managed correctly. Keith, I have to say that you are becoming your own worst enemy in this discussion. By insisting on an absolute policy of no filtering at all your ability to influence the policy that eventually is adopted is being compromised. As a result we are increasingly likely to end up with a list policy imposed that doesn't accomodate some aspect of real world behavior that could have been dealt with. I also find the comparisons with NAT to be strained at best. Ned
Re: filtering of mailing lists and NATs
> Here is a suggestion. > Require people to subscribe to a list to post to the list. worked great for the NAT WG list, which successfully used this technique to discourage input from people harmed by NAT. Keith
closing list posting won't help us much
A lot of the unwanted, off topic postings we get on the ietf list, seem to be specifically directed at us. For example, the political diatribes from "kysi feryl" (did I spell that right?). People who want to advertise to or spam on the ietf list specifically, will obviously not be turned away by any requirement to pre-register your From: line before posting. Closed posting is fine for small private lists that want to stay private, but this list is too large, public, and visible for it to be appropriate or useful here. -- -- Cos [EMAIL PROTECTED]-- accessline: 781-273-2380 -- (Ofer Inbar) [EMAIL PROTECTED]-- pager: 800-351-9387
Re: filtering of mailing lists and NATs
> As has been pointed out, the non-member messages can be moderated. yes they can. but this requires a moderator who has the time to do it, who can consistently do it in a timely manner, who acts as a spam filter rather censoring content with which he/she does not agree, and who is trusted by everyone (or very nearly everyone) who wants to participate on the list. and yes this is much better than insisting that people subscribe to a list in order to post. and it has worked fairly well for a number of the lists that I run. but I think it would be difficult to find a moderator for the ietf list that meets the above criteria. Keith
RE: Mailing list policy
Perhaps you might consider this issue from another angle. When you consider the number of person-hours spent dealing with SPAM, you could see that, cumulatively, there are many hours wasted on unsolicited and undesired emails. And, while each instance may be a matter of seconds or minutes, over a year's time, SPAM from all sources constitutes a significant waste of people's time and, thus, the SPAMer is a thief. It is a social problem but it can be resolved with a technical solution. Don't make me come over there, Scott.. :-) "Hey, what do we need this IP stuff for? We got 300 character/second teletype. Who's ever going to need more than that?..." - Sparky, the 30 year two-wire man. -Original Message- From: Willis, Scott L [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 10:27 AM To: [EMAIL PROTECTED] Subject: RE: Mailing list policy Which is the lesser of the two evils: * Receiving an occasional SPAM Message * Being Bombarded continually with complaints about SPAM Messages The request has been issued to stop spamming on this address. Why don't we return to normal IETF business at hand and just let this issue pass. I'm sure there are others out there who is as fatigued as I am about this moot point. Have a nice day -Original Message- From: John Stracke [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 9:46 AM To: [EMAIL PROTECTED] Subject:Re: Mailing list policy Kevin Farley wrote: > --- John Stracke <[EMAIL PROTECTED]> wrote: > > Today, if you want to > > spam all of > > them, you have to subscribe to all of them, which is impractical. (I spoke sloppily, by the way. For "today", read "with separate filters on every list".) > Impractical, but through software, not impossible. Could readily be > automated. If that's so, then subscriber filters won't work; as soon as it becomes profitable to do so, the spamware vendors will include automated subscription features. -- /===\ |John Stracke| http://www.ecal.com |My opinions are my own. | |Chief Scientist |==| |eCal Corp. |Whose cruel idea was it for the word "lisp" to| |[EMAIL PROTECTED]|have an "S" in it? | \===/
Re: filtering of mailing lists and NATs
Forgive me here, but I was pondering the problem of mailing lists filtering last night, and want to float an idea. The problem as I understand it is that non-subscribers to a given mailing list may contribute good ideas or may be spammers. And short of human-directed analysis it's impossible to know whether the email should be forwarded or not. Further, by having only one person decide on what's appropriate, there is the possibility for intentional or inadvertent censorship. Also, it's a significant burden for someone to have to manually filter all of the email from non-subscribers. So here is the idea: For email that comes from non-subscribers, forward it to N subscribers randomly selected from the current subscribers. (Maybe pick from the most recent posters, since they are most likely to be active.) If one of subscribers thinks the mail is useful, he forwards it to the group. If more than one approves, still only one copy goes forward. (Software somewhere would prevent duplicates.) As long N is large enough and picked at random each time it would reduce dramatically the possibility for censorship, fairly share the load, and protect the email list from spammers, yet still allow for non-subscribing folks to contribute. I know this is fairly low-tech, but it seemed like a reasonable and practical solution to spamming. James
Re: filtering of mailing lists and NATs
Here is a suggestion. Require people to subscribe to a list to post to the list. This is in addition to requiring subscription to receive posts mailed to the list. Nanog adopts this approach and has been fairly successful in avoiding spam, I believe. Subscription to Post can be made contingent on the subscriber not agreeing to post material that is out of scope for the list and willing to abide by the list administrator's decision to moderate inappropriate postings. Free-for-all type of lists are inherently prone to spam. Thanks. cheers, suresh --- Keith Moore <[EMAIL PROTECTED]> wrote: > > > however, I have seen a couple of occasions where I believe that > > > a 'moderator' acted inappropriately in filtering messages that > > > came from non-subscribers but were arguably on-topic for the lists. > > > > So the non-subscriber subscribed, and their posts went through okay, > > right? > > no. the WG was badly in need of a clue from folks outside of the WG - > because the WG was failing to understand how its work would interact > with and/or affect other applications or protocols outside of its purview. > > the would-be contributor did not want to subscribe to the list because > he/she had no desire to participate in the day-to-day conversations of > the working group. after all, the contributor normally worked at > layer X while the WG was working at layer Y. > > still, the WG needed the contribution. it would have benefited from > knowing that what it was doing was inherently flawed, and that its > poorly-informed design decisions would do harm and/or cause its work > to be less useful than anticipated. > > but the capriciousness of the mailing list maintainer prevented this > from happening, and many months of hard work were wasted. > > > (If not, and the moderator was in fact filtering all posts > > to the mailing list in question, then this example is a red-herring.) > > seems like you've left a big hole in your case analysis. > > > > Gas tanks explode - we ban cars? > > if the gas tanks explode under normal or even occasional use, we do in > fact recall the car. > > you seem to believe that non-subscribers are inherently illegimiate, > and that any barriers we erect to make it more difficult for them to > post are therefore justified. looks like circular reasoning to me. > > Keith > = __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Re: filtering of mailing lists and NATs
Christian> I would much rather receive and delete another annoying Christian> proposition to get rich quick or see lurid pictures than tolerate Christian> any form of censorship. As has been pointed out, the non-member messages can be moderated. It takes about one second to look at a message and tell whether it is unsolicited commercial or not. So the downside is that the non-member message may be delayed for a bit until the moderator gets to it. I wouldn't call that censorship. (I think one has to be very privileged indeed to confuse a small inconvenience with censorship.) Unless, of course, you think that people have a RIGHT to send unsolicited commercial email to IETF mailing lists.
Re: filtering of mailing lists and NATs
> > however, I have seen a couple of occasions where I believe that > > a 'moderator' acted inappropriately in filtering messages that > > came from non-subscribers but were arguably on-topic for the lists. > > So the non-subscriber subscribed, and their posts went through okay, > right? no. the WG was badly in need of a clue from folks outside of the WG - because the WG was failing to understand how its work would interact with and/or affect other applications or protocols outside of its purview. the would-be contributor did not want to subscribe to the list because he/she had no desire to participate in the day-to-day conversations of the working group. after all, the contributor normally worked at layer X while the WG was working at layer Y. still, the WG needed the contribution. it would have benefited from knowing that what it was doing was inherently flawed, and that its poorly-informed design decisions would do harm and/or cause its work to be less useful than anticipated. but the capriciousness of the mailing list maintainer prevented this from happening, and many months of hard work were wasted. > (If not, and the moderator was in fact filtering all posts > to the mailing list in question, then this example is a red-herring.) seems like you've left a big hole in your case analysis. > Gas tanks explode - we ban cars? if the gas tanks explode under normal or even occasional use, we do in fact recall the car. you seem to believe that non-subscribers are inherently illegimiate, and that any barriers we erect to make it more difficult for them to post are therefore justified. looks like circular reasoning to me. Keith
Re: filtering of mailing lists and NATs
> So, here are the choices: > > 1. Save thousands of people from having to deal with multiple spams per day, >at the cost of presenting a minor inconvenience to a few, or > > 2. Require thousands of people to receive and deal with spam (or to learn >all about mail filtering), in order to avoid inconveniencing a few. you have it backwards. all subscribers of the list are 'inconvenienced' if we discourage legitimate contributions from folks who are not willing to jump through arbitrary and time-consuming hoops that we impose on them just because a few people insisted (even in the face of evidence to the contrary) that they knew what was best for everyone else. calling those hoops a 'minor inconvenience' is also misleading. > Indeed, this is a lot like the arguments re NAT. There are the thousands of > people it helps, vs. the few who are yelling that the sky will fall if it is > not stamped out. the people who are helped by NAT are also hurt by NAT. but they might not realize that NAT is the reason that they cannot deploy IP telephony. they'll blame the new application rather than the NAT because they've been brainwashed into thinking that NAT is the right thing to do, and also because the guy who bought the NATs in the first place is not going to admit that he was wrong. Keith
since drums is closed...
I hope someone may give me an answer here, even if the topic is not quite in topic for the list. I was asked to find some information about the email traffic today (number of messages per day, how much of the net traffic is email - is it true that it is still more than web-based traffic?, various oddities) Does anybody have some pointer? thanks and ciao, .mau.
Re: Mailing list policy
--- John Stracke <[EMAIL PROTECTED]> wrote: > Kevin Farley wrote: > > > --- John Stracke <[EMAIL PROTECTED]> wrote: > > > Today, if you want to > > > spam all of > > > them, you have to subscribe to all of them, which is impractical. > > (I spoke sloppily, by the way. For "today", read "with separate > filters > on every list".) > > > Impractical, but through software, not impossible. Could readily be > > automated. > > If that's so, then subscriber filters won't work; as soon as it > becomes > profitable to do so, the spamware vendors will include automated > subscription features. > Exactly. Someone will realize how to make a profit of both sides of the issue. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
RE: Mailing list policy
Which is the lesser of the two evils: * Receiving an occasional SPAM Message * Being Bombarded continually with complaints about SPAM Messages The request has been issued to stop spamming on this address. Why don't we return to normal IETF business at hand and just let this issue pass. I'm sure there are others out there who is as fatigued as I am about this moot point. Have a nice day -Original Message- From: John Stracke [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 22, 2001 9:46 AM To: [EMAIL PROTECTED] Subject:Re: Mailing list policy Kevin Farley wrote: > --- John Stracke <[EMAIL PROTECTED]> wrote: > > Today, if you want to > > spam all of > > them, you have to subscribe to all of them, which is impractical. (I spoke sloppily, by the way. For "today", read "with separate filters on every list".) > Impractical, but through software, not impossible. Could readily be > automated. If that's so, then subscriber filters won't work; as soon as it becomes profitable to do so, the spamware vendors will include automated subscription features. -- /===\ |John Stracke| http://www.ecal.com |My opinions are my own. | |Chief Scientist |==| |eCal Corp. |Whose cruel idea was it for the word "lisp" to| |[EMAIL PROTECTED]|have an "S" in it? | \===/
Re: Mailing list policy
Kevin Farley wrote: > --- John Stracke <[EMAIL PROTECTED]> wrote: > > Today, if you want to > > spam all of > > them, you have to subscribe to all of them, which is impractical. (I spoke sloppily, by the way. For "today", read "with separate filters on every list".) > Impractical, but through software, not impossible. Could readily be > automated. If that's so, then subscriber filters won't work; as soon as it becomes profitable to do so, the spamware vendors will include automated subscription features. -- /===\ |John Stracke| http://www.ecal.com |My opinions are my own. | |Chief Scientist |==| |eCal Corp. |Whose cruel idea was it for the word "lisp" to| |[EMAIL PROTECTED]|have an "S" in it?| \===/
Re: filtering of mailing lists and NATs
> Date:Mon, 21 May 2001 20:21:10 -0700 > From:grenville armitage <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > | Most spammers strike me as opportunistic and not overly interested > | in special-case-handling a couple of subscribe-to-send lists, > Of course, and as long as they can get to the vast majority of their > target, it will probably remain that way. > But as soon as the spammers need to go to some extra effort to reach > their audience, you can be sure they will. > ... > Now we're having suggested that only "known" e-mail addresses be allowed > to send to certain destinations. Assuming that becomes really popular > (rather than just used on a small set of irrelevant lists) how long do you > think it will be before the spammer's lists of names contain not only the > destination address, but the From: address they should use to send to that > address? A long time, actually. While it is true that spammers will work around anything that seriously impedes the flow of spam, you have not shown that spam sent to lists is at all important to spammers. Every indication I see is that lists are primarily useful to spammers as a source of addresses to send spam to directly, and less as a target for spamming lots of people indirectly. Indeed, most spammers that send to lists seem totally uninterested in the fact that they are sending to a list; it is simply another address they have culled from some sort of scan. And while there have been some isolated reports of subscribe-then-send and send-using-a-subscriber strategies used by spammers, the frequency of their use appears to be way out of porportion to the number of lists that have successfully fended off spam by using various subscriber-only techniques. > I mean, how hard do you think it is to stick From: [EMAIL PROTECTED] > in the heading of the mail? Actually, maintaining an additional per-list address and keeping that address up to date is pretty difficult. It is much easier -- and quite effective -- to simply prowl for addresses that reach users directly. > This is not a technological problem - it is a social problem. We cannot > fix spam by technological means - it has to be fixed by social means. In general, I agree with this assessment. But that doesn't mean that some point fixes don't help in some cases. Ned
Re: filtering of mailing lists and NATs
You wrote: > So, here are the choices: > > 1. Save thousands of people from having to deal with multiple spams per day, >at the cost of presenting a minor inconvenience to a few, or > > 2. Require thousands of people to receive and deal with spam (or to learn >all about mail filtering), in order to avoid inconveniencing a few. Another similarity to NATs is that you don't know how many people are behind a single (subscribed) address. For instance, I read your message via a local news server. Of course, this means that any attempt to work out the utility value of a filtering system must fail. I'm perfectly happy to filter messages to this list locally. To be frank, it takes a very small amount of my time. Surely people who want to subscribe to this list are capable of setting up local filters? Regards, -leo
Re: filtering of mailing lists and NATs
In your previous mail you wrote: This is not a technological problem - it is a social problem. We cannot fix spam by technological means - it has to be fixed by social means. => thanks for this nice summary about the spam problem! [EMAIL PROTECTED]
Re: filtering of mailing lists and NATs
Date:Mon, 21 May 2001 20:21:10 -0700 From:grenville armitage <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> | Most spammers strike me as opportunistic and not overly interested | in special-case-handling a couple of subscribe-to-send lists, Of course, and as long as they can get to the vast majority of their target, it will probably remain that way. But as soon as the spammers need to go to some extra effort to reach their audience, you can be sure they will. Remember, once, they sent from any random invented host name - then everyone started having their mailers reject mail from unknown domains - now all the spam comes from perfectly valid domains, which not only makes the checks for invalid domains a waste of time (the check spends time achieving nothing at all) but also results in all the failed spam (the bounces - and the abuse from people who received it) being dumped on whichever unfortunate site they picked to use as the domain name. A supposed technological fix to a non-technological problem that just made things worse, not better. Now we're having suggested that only "known" e-mail addresses be allowed to send to certain destinations. Assuming that becomes really popular (rather than just used on a small set of irrelevant lists) how long do you think it will be before the spammer's lists of names contain not only the destination address, but the From: address they should use to send to that address? I mean, how hard do you think it is to stick From: [EMAIL PROTECTED] in the heading of the mail? One more technological fix that won't work. And again, it will make things worse, since then we won't be able to tell easily what is traffic from people we expect to send to the lists, and what is not. This is not a technological problem - it is a social problem. We cannot fix spam by technological means - it has to be fixed by social means. And not only are technological "fixes" making things actually worse as illustrated above, they're also suggesting to people that perhaps there may be a technological fix that will actually finally solve the problem, which lessens the demand for real social fixes instead. Give up, let the spam through, deluge everyone with it - then the opposition to it will rise quickly enough, and become urgent enough, that the correct kind of remedies can be put in place. kre
Re: filtering of mailing lists and NATs
So, here are the choices: 1. Save thousands of people from having to deal with multiple spams per day, at the cost of presenting a minor inconvenience to a few, or 2. Require thousands of people to receive and deal with spam (or to learn all about mail filtering), in order to avoid inconveniencing a few. Easy decision to make. For every bit of whining by the usual suspects, there are thousands of folks that are very happy to have the spam kept out of their mailbox automatically. (Every mailing list manager knows that the whining by Keith and Lloyd is nothing compared to the whining by the list members as they get spammed multiple times per day.) Indeed, this is a lot like the arguments re NAT. There are the thousands of people it helps, vs. the few who are yelling that the sky will fall if it is not stamped out.