Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Mon, 12 Jan 2004, Mike S wrote: > At 09:58 PM 1/12/2004, Dean Anderson wrote... > >On Mon, 12 Jan 2004, Mike S wrote: > >1) privacy - routing via my ISP's outbound SMTP gives them > >> the right to intercept and read my email, according the ECPA; > > > >Err, Just the opposite is more freqently the case.The ECPA > >specifically prohibits the ISP from exceeding its limited authority. > > Cite, please. I've got one: > > "(2)(a)(i) It shall not be unlawful under this chapter for an ... > agent of a provider of wire or electronic communication service, whose > facilities are used in the transmission of a wire or electronic > communication, to intercept, disclose, or use that communication in > the normal course of his employment..." "Normal course of employment" is the operative phrase. Exceeding authorization is not part of the normal course of employment. The section you quote also goes on to prohibit service monitoring except for random quality control checks. Reading email in excess of the limited authorization to block spam isn't a quality control check, either. Also, the section you quote is the wiretap act, which covers communications on the wire. The ECPA extends this and provides coverage of stored and temporarilly stored communications, ie, when they are on a mail server or in the memory of a router or server. > >2) control - sending from my own system allows me to control retry > >> attempts and times, instead of being forced to wait 4 days for my ISP > >> to bounce an undelivered back to me, assuming they don't just silently > >> lose it. > > > >If your contract allows you to run your own system, then the ISP would not > >be allowed to prevent you from doing that. This could be made into an > >ECPA issue---some people think it is merely and only a contract > >non-performance issue and said contract excludes liability for failure to > >perform. Like the Sherman Anti-Trust Act, the ECPA is a criminal statute > >with civil actions permitted, and carries its own civil and criminal > >penalties. > > My ISP's support of the MAPS DUL, and the use of the MAPS system by > others, is a violation of 18 U.S.C. 1030. Email me for details, but > I've covered this on this list recently. I missed your statements on this, but I'll look back in the archives. MAPS has been successfully sued for anti-trust violations in Exactis V MAPS. That case was settled after the MAPS defense (First Amendment) was rejected, and its attorney's chastised. Reportedly, MAPS agreed never to block Exactis, and agreed to specific monetary damages if it did. Exactis continued to do what it was doing, single opt-out advertising. > >Of course, if your contract does not allow you to run your own system, > >then you don't have a complaint about blacklists blocking it. > > There is nothing to prohibit direct routing of email. Point taken. Some mail clients route directly. But they probably shouldn't do that for other reasons having to do with lack of information about mail routing. But, I suppose one can say they are allowed to anyway. --Dean
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Tue, 13 Jan 2004 10:46:17 PST, Paul Hoffman / IMC <[EMAIL PROTECTED]> said: > At 12:48 PM -0500 1/13/04, [EMAIL PROTECTED] wrote: > >On Tue, 13 Jan 2004 07:21:53 EST, [EMAIL PROTECTED] (Mike S) said: > > > > > As I said, fascist. > > > >Godwin. > > Valdis, you have confused two protocols that produced similar results > but used different underlying transports and different signalling. Call it a pre-emptive first strike. Rate we're going here, it'll be Godwin time soon enough ;) pgp0.pgp Description: PGP signature
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 12:48 PM -0500 1/13/04, [EMAIL PROTECTED] wrote: On Tue, 13 Jan 2004 07:21:53 EST, [EMAIL PROTECTED] (Mike S) said: > As I said, fascist. Godwin. Valdis, you have confused two protocols that produced similar results but used different underlying transports and different signalling. --Paul Hoffman, Director --Internet Mail Consortium
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Tue, 13 Jan 2004 07:21:53 EST, [EMAIL PROTECTED] (Mike S) said: > As I said, fascist. Godwin. pgp0.pgp Description: PGP signature
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Nathaniel Borenstein <[EMAIL PROTECTED]> > > You might be ignorant instead of dishonest. > > How very kind of you to consider two possibilities, thank you. My original words that you felt labelled you dishonest explicitly included that possibility. Most people have strong opinions about spam, but have not really looked at it, and are quite wrong about it. > ... > (And, by the way, I consider *any* false positives unacceptable if > there's no suitable mechanism for detecting and correcting them.) That wisdom applies to a lot more than spam defenses. However, it is worth noting that many and perhaps most email users value avoiding false negatives more than avoiding false positives in their spam defenses. That is one reason why the blunt, high false positive blacklists are popular. One also must not try to reduce false positives from spam filters much below the error rate of SMTP in the real world (e.g. not just bounces but blackholes). > This discussion is going nowhere, so I'm going back to more serious > work on comprehensive spam control. That's fine, but it would be wise to recognize the overall situation while developing those comprehensive controls. Railing against the evil conspiracy of big monopolistic ISPs using blacklists against themselves isn't productive. Except for organizations that run their own private blacklists, public anti-spam blacklists will remain quite popular. MAPS used to claim 45% of the Internet used the RBL. I suspect that at least that much uses the RBL+, CRL, XBL, SBL, and/or SPEWS. Public blacklists are here to stay, because they work. The only likely tactic for reducing the use of blunt blacklists such as those listing dynamic IP addresses is to convince ISPs to take network abuse seriously. As long as big ISPs make listing their own IP adddresses "dynamic" lists their main response to their own bad customers, those blunt, high false positive blacklists will remain popular. Talk about transition plans to IPv6, comprehensive spam controls, the evils of NAT, the evils of blacklists, media conglomerate ISPs distributing NAT boxes to break VoIP, and monopolisitic ISPs using blacklists is one thing. Actually doing something is something else. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 10:45 PM 1/12/2004, Vernon Schryver wrote... >Mr. Sauve could rent an IP address that is not on dial-up or dynamic >blacklists and run his systems there. Proven wrong, Vernon now changes his tack to one of trying to rationalize interference with legitimate email and attempting to place the burden on those who wish to use the Internet as designed, not as damaged by his beloved blacklists. As I said, fascist. He has learned to use whois and Google, though, and seems very self-impressed at his ability to learn such simple things. He has apparently not, however, discovered dictionary.com. "In the design of ... software tools, 'the fascist alternative' is the most restrictive and structured way of capturing a particular function;"
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 10:45 PM 1/12/2004, Vernon Schryver wrote... >Mr. Sauve could rent an IP address that is not on dial-up or dynamic >blacklists and run his systems there. Proven wrong, you now change your argument to one of trying to rationalize interference with legitimate email, and attempting to place the burden on those who wish to use the Internet as designed, not as damaged by your beloved blacklists. As I said, fascist.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:50 PM 1/12/2004, Vernon Schryver wrote... >Instead of paying the extra cost to hire an ISP that cares >enough to not have spamming customers, people complain about the evils >of blacklists. Feh. Once again with the incorrect assumptions. I don't spam. I would preferentially route email direct for two main reasons: 1) privacy - routing via my ISP's outbound SMTP gives them the right to intercept and read my email, according the ECPA; 2) control - sending from my own system allows me to control retry attempts and times, instead of being forced to wait 4 days for my ISP to bounce an undelivered back to me, assuming they don't just silently lose it. I can't do so because my IP address is on a blacklist. I have cable modem, but the world thinks I'm a dial-up. For that reason alone, having nothing whatsoever to do with spam, I'm forced to give up privacy and control of my communications. "Anti-spam" initiatives that are based on such blacklists are quite simply the failed results of irrational, fascist thought. Regardless of your exact definition of spam, all reasonable ones I've heard have one thing in common - it's based on CONTENT, not IP address. Blacklists couldn't care less about content - legitimate email or spam, out it goes, to the detriment of communications. They also, quite clearly, don't work to eliminate spam.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:41 PM 1/9/2004, Vernon Schryver wrote... >Could you point to significant amounts of real mail, as opposed to >theoretical examples, that might reasonably have consider legitimate >by its targets but that was rejected as the result of a MAPS RBL >listing? Note that the validity of mail is determined not its senders >but by its targets. Yes. For a lengthy period, all mail.com SMTP servers were included in the RBL, blocking significant numbers of legitimate, private, non-spam emails from reaching willing recipients.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Tuesday, January 13, 2004, at 10:42 AM, Vernon Schryver wrote: You might be ignorant instead of dishonest. How very kind of you to consider two possibilities, thank you. Are you calling me and those who point out that some blacklists detect 70-90% of spam with false positive rates below 1% liers? Calling someone a liar is simply not my style, nor did I use any words that were remotely close to doing so. If I could see anything in my words that could possibly be construed that way I would apologize for it. (And, by the way, I consider *any* false positives unacceptable if there's no suitable mechanism for detecting and correcting them.) This discussion is going nowhere, so I'm going back to more serious work on comprehensive spam control. -- Nathaniel
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Nathaniel Borenstein <[EMAIL PROTECTED]> > ... > > Mr. Sauve could rent an IP address that is not on dial-up or dynamic > > blacklists and run his systems there. > > In other words, because some ISP with whom he has NO relationship has > deemed his own ISP spam-friendly, he should abandon his ISP, whether > *he* thinks they are spam-friendly or not. The words that come to mind > to describe this sort of arrangement are "cartel," "blackmail," and > "extortion." It is also a perfect example of an assertion I made > before, which is that blacklists are being used by the large ISP's as a > tool for consolidation in the ISP market. When RoadRunner blocked my > ISP, the *only* thing they were helpful about was offering to help me > get "better" Internet service by changing ISPs. Exactly the same charges can be made about taxis, pizza delivery services, and so forth that refuse to deliver to "bad" parts of the real world. Perhaps in some cases you are right, but in the vast majority you are wrong. Is a simple, undeniable fact that the sources of spam are concentrated in a small fraction of the IPv4 address space. For example, the last numbers I saw about SPEWS had it listing a tiny fraction of 1% of the IPv4 address space. There are other problems with your theory. The biggest is the link between the big ISPs and the blacklisters. Besides the undeniable spammers (e.g. the ROKSO members), it is the big ISPs that are most likely to be blacklisted, particularly in "dialup" or "dynamic" blacklists. According to your theory, Charter Communications is part of a conspiracy of big outfits to drive away their own customers by blacklisting their own IP addresses. How sane and honest is that? If you are saying that blacklists and boycotts are dangerous weapons, then you're certainly right. That's why contrary to my naive reading of the U.S. Constitution, there are federal laws that limit or outlaw boycotts in some circumstances that I don't understand. See http://www.google.com/search?q=%22secondary+boycott%22 Exactly what do you want? - a U.S. Federal law against IP address blacklists? - a test for social responsibility and good sense given prospective IP address blacklist opererators administrated by the IESG? - a U.N. regulation prohibiting stupidity and foolishness by users and ISPs while choosing blacklists? Pardon me, but it seems you want the IETF to declare that all blacklisting and spam rejecting by IP address wrong and nasty. As far as I can tell, you would require me to accept mail from 69.6.0.0/18 because you fear I might refuse mail from you. Or perhaps you would allow me to reject Wholesalebandwidth spam provided I not tell anyone. > >> Blacklists also, quite clearly, don't work to eliminate spam. > > > > No honest person who actually looks at spam agrees with that. > > As I've made clear, *I* agree with that. Given the exchanges that > preceded this, it sounds like you are asserting that I -- and all the > other people who have argued against you in good faith on this list -- > are dishonest. Is everyone who disagrees with your conclusions > necessarily dishonest? If so, why are you wasting time talking with > us? You might be ignorant instead of dishonest. If you have not looked any blacklists except those that have affected your mail, then you have not, in my words, really looked at spam. Are you calling me and those who point out that some blacklists detect 70-90% of spam with false positive rates below 1% liers? It your words could be read that way. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
I'm sorry, I know I said I wasn't going to be lured into another exchange in this thread, but I can't help it... On Monday, January 12, 2004, at 10:45 PM, Vernon Schryver wrote: Mr. Sauve could rent an IP address that is not on dial-up or dynamic blacklists and run his systems there. In other words, because some ISP with whom he has NO relationship has deemed his own ISP spam-friendly, he should abandon his ISP, whether *he* thinks they are spam-friendly or not. The words that come to mind to describe this sort of arrangement are "cartel," "blackmail," and "extortion." It is also a perfect example of an assertion I made before, which is that blacklists are being used by the large ISP's as a tool for consolidation in the ISP market. When RoadRunner blocked my ISP, the *only* thing they were helpful about was offering to help me get "better" Internet service by changing ISPs. Blacklists also, quite clearly, don't work to eliminate spam. No honest person who actually looks at spam agrees with that. As I've made clear, *I* agree with that. Given the exchanges that preceded this, it sounds like you are asserting that I -- and all the other people who have argued against you in good faith on this list -- are dishonest. Is everyone who disagrees with your conclusions necessarily dishonest? If so, why are you wasting time talking with us? -- Nathaniel
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: [EMAIL PROTECTED] (Mike S) > ... > >Instead of paying the extra cost to hire an ISP that cares > >enough to not have spamming customers, people complain about the evils > >of blacklists. > ... > I can't do so because my IP address is on a blacklist. I have > cable modem, but the world thinks I'm a dial-up. For that reason > alone, having nothing whatsoever to do with spam, I'm forced to > give up privacy and control of my communications. Mr. Sauve could rent an IP address that is not on dial-up or dynamic blacklists and run his systems there. A remote co-lo or hosting service would cost more than the $30/month or whatever slum rate he is paying for cable modem service. Or he could convince his correspondents to whitelist his IP address or stop using the relevant blacklists. Either he has not tried that, his correspondents also pay slum rates for slum service, or they don't want enough to hear from him to increase their spam loads. Perhaps I should ask if Mr. Sauve is violating the terms of service of his ISP. What does Charter say about "servers"? Did Charter give Mr. Sauve's IP address to the blacklists that bother him? Or perhaps he has already rented an IP address that is not dynamic. But if he has done that, where is his complaint? Is it just Interveloce/GO International's rates? > "Anti-spam" initiatives that are based on such blacklists are > quite simply the failed results of irrational, fascist thought. In that he is calling his correspondents irrational fascists, because it is they who have chosen to reject his mail. Never mind that facism has something to do with "centralized autocratic government headed by a dictatorial leader, severe economic and social regimentation, and forcible suppression of opposition" and that seems like the opposite of the anarchy of blacklists. Also ignore the fact that a taxi or pizza delivery service refusing to go to dangerous parts of town is no more irrational than refusing mail from the IP address neighborhoods that are major sources of spam. Any individual is unlikely to be a spammer or mugger, but the statistical risk/reward ratio is too high. By all accounts, the odds that the the next SYN to your port 25 from a "dynamic" IP address involve spam are very high. > Regardless of your exact definition of spam, all reasonable ones > I've heard have one thing in common - it's based on CONTENT, not > IP address. Blacklists couldn't care less about content That's nonsense. Blacklists do care about content in a statistical sense. If blacklists don't care about content, then neither do so called Bayseian filters. I've often said that lists like the DUL bug me, but not because they are useless. Lists like the DUL catch a lot of spam and little legitimate mail. > - legitimate > email or spam, out it goes, to the detriment of communications, > which is the Internet's raison d'etre. I take that back, it used > to be that way. Now the Internet is meant to make big corporations > lots of money. I've been around for a few years (TIP-25 (DOCB) in 1972), but I don't recall that Communication in the sense Mr. Sauve means was ever the Internet's raison d'etre. 15 years ago, would be communalists were bemoaning the commercialization of the net and interference with capital-C-Communication, by which they meant they deserved free bandwidth. Their successors complain about the free ride they never got. Back in Mr. Sauve's golden era, his perfect unfiltered IP bandwdith was either not available to small or commercial outfits like Alientech LLC or it would have cost 2000% more (>$5000/year) for 10% as many bits/sec (56K). > Blacklists also, quite clearly, don't work to eliminate spam. No honest person who actually looks at spam agrees with that. Good blacklists (e.g. CRL) are better than 70% effective with false negative rates that large, very conservative corportations can tolerate. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 09:58 PM 1/12/2004, Dean Anderson wrote... >On Mon, 12 Jan 2004, Mike S wrote: >1) privacy - routing via my ISP's outbound SMTP gives them >> the right to intercept and read my email, according the ECPA; > >Err, Just the opposite is more freqently the case.The ECPA specifically prohibits the >ISP from exceeding its limited authority. Cite, please. I've got one: "(2)(a)(i) It shall not be unlawful under this chapter for an ... agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment..." >2) control - sending from my own system allows me to control retry >> attempts and times, instead of being forced to wait 4 days for my ISP >> to bounce an undelivered back to me, assuming they don't just silently >> lose it. > >If your contract allows you to run your own system, then the ISP would not >be allowed to prevent you from doing that. This could be made into an >ECPA issue---some people think it is merely and only a contract >non-performance issue and said contract excludes liability for failure to >perform. Like the Sherman Anti-Trust Act, the ECPA is a criminal statute >with civil actions permitted, and carries its own civil and criminal >penalties. My ISP's support of the MAPS DUL, and the use of the MAPS system by others, is a violation of 18 U.S.C. 1030. Email me for details, but I've covered this on this list recently. >Of course, if your contract does not allow you to run your own system, >then you don't have a complaint about blacklists blocking it. There is nothing to prohibit direct routing of email.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Mon, 12 Jan 2004, Mike S wrote: > At 06:50 PM 1/12/2004, Vernon Schryver wrote... > >Instead of paying the extra cost to hire an ISP that cares > >enough to not have spamming customers, people complain about the evils > >of blacklists. > > Feh. Once again with an argument based on incorrect assumptions. > > I don't spam. I would preferentially route email direct for two main > reasons: 1) privacy - routing via my ISP's outbound SMTP gives them > the right to intercept and read my email, according the ECPA; Err, Just the opposite is more freqently the case. Most ISP's usually only have the right to block spam. Some don't even have that right, if you don't purchase their spam filter service. The ECPA specifically prohibits the ISP from exceeding its limited authority. There was recently a very good ECPA case of a company (not an ISP) that exceeded its authority: Konop V Hawaiian Airlines. But privacy is still an issue, because you don't know that the ISP's admins aren't breaking the law. Reading mail in a mail queue is far easier than using a sniffer, and much more tempting. Some ISPs are very lax on administrator discipline, and some very well-known people such as Steven Bellovin still claim the ECPA doesn't apply to the internet at all. [FYI, I will be posting the House and Senate reports (scans of copies, but mostly readable) on the web with a lot of other information about the ECPA and the Computer Fraud and Abuse Act, including cases and other information, as well as cases involving blacklists and Anti-Trust. The ECPA house and senate reports are very illuminating. I'll post a URL if people are interested.] 2) control - sending from my own system allows me to control retry > attempts and times, instead of being forced to wait 4 days for my ISP > to bounce an undelivered back to me, assuming they don't just silently > lose it. If your contract allows you to run your own system, then the ISP would not be allowed to prevent you from doing that. This could be made into an ECPA issue---some people think it is merely and only a contract non-performance issue and said contract excludes liability for failure to perform. Like the Sherman Anti-Trust Act, the ECPA is a criminal statute with civil actions permitted, and carries its own civil and criminal penalties. Of course, if your contract does not allow you to run your own system, then you don't have a complaint about blacklists blocking it. Assuming you have permission to operate your system, then there are many good reasons besides the ones you've listed to do that. > I can't do so because my IP address is on a blacklist. I have cable > modem, but the world thinks I'm a dial-up. For that reason alone, > having nothing whatsoever to do with spam, I'm forced to give up > privacy and control of my communications. This is what anti-trust law is for. A blacklist is group boycott. If it significantly harms your business, then it is illegal. The blacklist and the blacklist subscribers can be (and have been) enjoined from blacklisting genuine business. > "Anti-spam" initiatives that are based on such blacklists are quite > simply the failed results of irrational, fascist thought. Regardless > of your exact definition of spam, all reasonable ones I've heard have > one thing in common - it's based on CONTENT, not IP address. > Blacklists couldn't care less about content - legitimate email or > spam, out it goes, to the detriment of communications, which is the > Internet's raison d'etre. I take that back, it used to be that way. > Now the Internet is meant to make big corporations lots of money. > > Blacklists also, quite clearly, don't work to eliminate spam. True. But rational argument isn't enough to overcome irrational facist, thought. For that we have courts and laws. --Dean
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:50 PM 1/12/2004, Vernon Schryver wrote... >Instead of paying the extra cost to hire an ISP that cares >enough to not have spamming customers, people complain about the evils >of blacklists. Feh. Once again with an argument based on incorrect assumptions. I don't spam. I would preferentially route email direct for two main reasons: 1) privacy - routing via my ISP's outbound SMTP gives them the right to intercept and read my email, according the ECPA; 2) control - sending from my own system allows me to control retry attempts and times, instead of being forced to wait 4 days for my ISP to bounce an undelivered back to me, assuming they don't just silently lose it. I can't do so because my IP address is on a blacklist. I have cable modem, but the world thinks I'm a dial-up. For that reason alone, having nothing whatsoever to do with spam, I'm forced to give up privacy and control of my communications. "Anti-spam" initiatives that are based on such blacklists are quite simply the failed results of irrational, fascist thought. Regardless of your exact definition of spam, all reasonable ones I've heard have one thing in common - it's based on CONTENT, not IP address. Blacklists couldn't care less about content - legitimate email or spam, out it goes, to the detriment of communications, which is the Internet's raison d'etre. I take that back, it used to be that way. Now the Internet is meant to make big corporations lots of money. Blacklists also, quite clearly, don't work to eliminate spam.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Bill Sommerfeld <[EMAIL PROTECTED]> > ... > One problem with dropping suspected spam into a spam cesspool as > opposed to rejecting it outright in the SMTP session is that many > people (myself included) have neither the time nor the inclination to > wade through our spam cesspools on a regular basis looking for > misclassified messages. That's too true. Since the spam collected/rejected by my real mailbox and personal spam traps exceeded 1000 spam/day, I can only skim envelopes. If I count duplicates, my average for the last 40 days is 3516/day. > An SMTP-level reject at least gives the sender a real-time indication > that the recipient will not be seeing the message any time soon.. There may be a false dichotomy there. You can reject a message during the SMTP transaction and so give the sender a real-time indication while also capturing the entire message in a spam cesspool. All 787 MBytes now in my 40-day rolling cesspoll were rejected with a 5yz or 4yz SMTP response. That many systems don't capture what they reject implies nothing about anything except those SMTP servers. I'm flummoxed by criticism of external DNS blacklists based on the lack logging by SMTP servers. That's predictable among the general public, but not here. This thread is related to the nearby thread about the end of life announcement for SpeakFreely. The problem in both cases is less with evil media conglomerates converting the Internet into TV than with people who won't feed themselves. Instead of getting their code and networks running IPv6, they install NAT boxes and complain about the RIAA. Contrary to the whines from ISPs with major spam problem, those that have real (including enforced) anti-spam policies don't have spamming customers. Instead of paying the extra cost to hire an ISP that cares enough to not have spamming customers, people complain about the evils of blacklists. Instead of taking the extra trouble to use an operating system or at least an MTA that is not a worm delivery and spam facilitation system, they send mail to random, spam-obsessed strangers like me asking how to add spam filtering to Outlook. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> Good point. That's why I favor giving users access to their spam pool > when they suspect problems, and using challenge/response in certain > (carefully defined) situations. > A good filtering mechanism is not nearly as black and white as a blacklist. so, you're conflating two things here: 1) the access control criteria (message source address in blacklist vs. "bad" message content as determined by various heuristics). 2) what happens to the message once the access control decision is made (rejected at SMTP layer; accepted but bitbucketed; accepted but quarantined; accepted and placed in regular mailbox; etc.). you can (and spamassassin does) uses DNSBL's as part of a "not black and white" decision process, and you can implement both strategies. One problem with dropping suspected spam into a spam cesspool as opposed to rejecting it outright in the SMTP session is that many people (myself included) have neither the time nor the inclination to wade through our spam cesspools on a regular basis looking for misclassified messages. An SMTP-level reject at least gives the sender a real-time indication that the recipient will not be seeing the message any time soon.. - Bill
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
[my final message to the list on this thread] On Monday, January 12, 2004, at 03:51 PM, Vernon Schryver wrote: I also have to say that I fear your approach would help the larger ISPs use spam as an excuse to kill off smaller ISP's... How so? Exactly what is my approach? I'm sorry, you're right, that was totally unfair. I meant blacklists, because you were arguing for them, but that doesn't make "your approach" synonymous with blacklists. My apologies for trivializing your position. s/"your approach"/blacklisting/ "Fair due process" and "free speech" and even "legitimacy" are none of your concern I don't want to burden the ietf list with an argument over the nature of liberty, but I'd be happy to have that discussion privately if you like. If you think blacklists are bad because they can be run by fools, then you also must hate any network authentication and authorization mechanism. That's only a slight overstatement, actually. I am offended by your implication that I suggested any such thing. I am sorry if I misinterpreted. Then you'd better give up on the Internet. That's a tad oversimplified, isn't it? Was Yosemite doomed when the first candy wrapper was dropped in the valley? -- Nathaniel
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Nathaniel Borenstein <[EMAIL PROTECTED]> > ... > I also have to say that I fear your approach would help the larger ISPs > use spam as an excuse to kill off smaller ISP's... How so? Exactly what is my approach? Please note what I've said too many times: - I don't currently use a public blacklist and have never used one for non-trivial mail. - I'm flogging spam defenses that compete with blacklists. > and I question the > fundamental legitimacy of blocking all of an ISP's customers before > there's a fair due process to establish the ISP's culpability. "Fair due process" and "free speech" and even "legitimacy" are none of your concern unless you own the mailbox that would *RECEIVE* the blocked mail. No one has any right to send anyone any mail. We have only privileges granted by targets of our mail. If our targets are foolish and hire ISPs with long histories of both permitting a lot of outgoing spam and blocking a lot of incoming legitimate mail (see recent complaints about RR's false positives), then that's just tough and perhaps we should convince our correspondents to switch ISPs or find new correspondents. Good or bad spam filtering is merely a part of the rest of good or bad SMTP or any other ISP service. It makes no more sense to condemn the HTTP protocol because many web pages are junk than it does to condemn blacklists because some blacklists are junk or used badly. If you think blacklists are bad because they can be run by fools, then you also must hate any network authentication and authorization mechanism. What's the difference between Kerberos and a mail blacklist? Both are responsible for summary denial of services. I fear there are bad reasons for the disdain for blacklists: - they are effective against spam from spam friendly ISPs. - some of us work for spam friendly ISPs and let the interests of our employers color our thinking. - some of us are lazy and hire ISPs have been spam friendly. - some of us feel we have a devine right to send any mail to anyone and are deeply offended by any contrary suggestion, not to mention an effective mechanism. > "Caring > enough about spam" is an awfully slippery concept on which to base a > blacklist. I am offended by your implication that I suggested any such thing. I only pointed out that using spam-friendly ISPs has consequences. (You evidently know about XO's reputation, which I think has improved lately.) The only major blacklist that does anything remotely like your implication is SPEWS, which "escalates" in order to get the attention of ISPs. If I did use a blacklist, it wouldn't be SPEWS but that would be only one reason among serveral. > ... > > that is not blacklist, then why can't a blacklist be run properly? > > Good point. That's why I favor giving users access to their spam pool > when they suspect problems, and using challenge/response in certain > (carefully defined) situations. A good filtering mechanism is not > nearly as black and white as a blacklist. The last part of that is simply wrong. Every filtering mechanism is exactly as black and white as a blacklist. Whether or not an SMTP server keeps good logs has nothing to do with whether it decides to reject messages using blacklists of IP addresses or domain names or anything else. If your correspondents use software that consults any blacklist but doesn't keep good logs, then the fault lies first with your correspondents for using bad software, second with you for having foolish correspondents, and not at all with the blacklist. Yes, I realize that I'm implying that to keep good logs you need to act on a blacklist (if you use one) at the end of the DATA command instead of before the HELO. > > Any fool > > can set up a blacklist. That many fools have and other fools have > > used them does not show that blacklists are bad any more than the ease > > of setting up an IP network shows TCP is the spawn of the devil. > > I will confess that my personal experience makes it very hard for me to > be rational on the subject of blacklists, as I fear that any concession > to them will only encourage the creation of destructive blacklists by > "fools". In general I prefer a solution that any fool can implement, > because one surely will. Then you'd better give up on the Internet. As with much of the net, the information in and functioning of any spam system is at least somewhat "administrative" and subject to the whims of any fools administrating it. The buyer must beware, not only of hiring a spam friendly ISP, but contracting with a foolish spam filter. The greater fool is often the buyer of services offered by lesser fools. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Monday, January 12, 2004, at 12:49 PM, Vernon Schryver wrote: Several times? As far as I know, most people I know have never been collateral or other kinds of blacklist damage. Do you use what might be called marginal ISPs? Some large outfits such as UUNet have long refused to care enough about spam. The ISP in question was XO -- marginal by some standards, perhaps. But as I tried to mediate the dispute, I found XO acting much more responsibly than Road Runner, which was blocking them. I also have to say that I fear your approach would help the larger ISPs use spam as an excuse to kill off smaller ISP's... and I question the fundamental legitimacy of blocking all of an ISP's customers before there's a fair due process to establish the ISP's culpability. "Caring enough about spam" is an awfully slippery concept on which to base a blacklist. If you can trust outsiders to have "sufficient administrative staff to deal with the inevitable mistakes and exceptions" in a spam blocking mechanism that is not blacklist, then why can't a blacklist be run properly? Good point. That's why I favor giving users access to their spam pool when they suspect problems, and using challenge/response in certain (carefully defined) situations. A good filtering mechanism is not nearly as black and white as a blacklist. Any fool can set up a blacklist. That many fools have and other fools have used them does not show that blacklists are bad any more than the ease of setting up an IP network shows TCP is the spawn of the devil. I will confess that my personal experience makes it very hard for me to be rational on the subject of blacklists, as I fear that any concession to them will only encourage the creation of destructive blacklists by "fools". In general I prefer a solution that any fool can implement, because one surely will. -- Nathaniel
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
Hi - > From: "Vernon Schryver" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, January 12, 2004 9:49 AM > Subject: Re: SMTP Minimum Retry Period - Proposal To Modify Mx ... > Several times? As far as I know, most people I know have never been > collateral or other kinds of blacklist damage. ... In the past, both the IETF disman and agentx mailing lists were adversely affected because the domain in which they were then hosted was blacklisted. It would not surprise me if other IETF mailing lists have had similar problems. Outside the IETF, I've seen similar problems for mailing lists for INCITS and ISO groups. Depending on the list software in use and how the hosts using the blacklists are configured, the working group members, and even the mailing list administrator, may be completely unaware that some group members are not getting all (or any) posts unless they compare what they've received with the mailing list archive. A particularly nasty kind of damage occurs when web forms use email confirmation. Last year I had some grief because a national railway company in Europe was using a service that blacklisted mindspring.com. I couldn't complete the transaction until I confirmed my email address, but I couldn't confirm my email address because they had blocked the domain. Randy
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Nathaniel Borenstein <[EMAIL PROTECTED]> > FWIW, I believe Keith is probably right. Blacklisting has been a major > impediment to my own email usage. I don't know about any *particular* > blacklisting service because when your ISP gets blacklisted by mistake > and you're simply collateral damage, it's very hard for you to get an > explanation of what's going on, because your email has been blocked -- > this has happened to me several times. Several times? As far as I know, most people I know have never been collateral or other kinds of blacklist damage. Do you use what might be called marginal ISPs? Some large outfits such as UUNet have long refused to care enough about spam. (See the current Spamhaus listings for UUNet at http://www.spamhaus.org/sbl/listings.lasso?isp=uu.net and particularly the orange boxes.) > My own theory is that > blacklists are fundamentally flawed because they are inevitably NOT > accompanied by sufficient administrative staff to deal with the > inevitable mistakes and exceptions in the blacklist. Moreover they > aren't necessary, given the number of other ways to block spam. -- > Nathaniel I have interests in other ways to block spam, but I don't like that reasoning. Many bad implementations don't prove the idea is hopeless. The design and implementation flaws in practically all installations of desktop software do not show that desk top computers are bad ideas. All of us, including those who have never used a Microsoft product, have been collateral damage of Microsoft's design philosophies, implementation processes, and business plans, but that implies nothing about personal computers in general or software from the Seattle area. Before mail-abuse.org existed and I think before the RBL was called the "RBL," it was pointed out to me. I said that I couldn't imagine a Fortune 500 company having an outsider decide which IP addresses could send mail. No matter how forcefully I would have said "Paul's a good guy," if I'd been one of my bosses, I would have been unmoved. But maybe that's just me. All other (usable) ways to block spam are being purchased as out-sourced services. If you can trust outsiders to have "sufficient administrative staff to deal with the inevitable mistakes and exceptions" in a spam blocking mechanism that is not blacklist, then why can't a blacklist be run properly? The only thing that distinguishes blacklists from other third party spam filters is that setting up a DNS blacklist is easiest. Any fool can set up a blacklist. That many fools have and other fools have used them does not show that blacklists are bad any more than the ease of setting up an IP network shows TCP is the spawn of the devil. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
FWIW, I believe Keith is probably right. Blacklisting has been a major impediment to my own email usage. I don't know about any *particular* blacklisting service because when your ISP gets blacklisted by mistake and you're simply collateral damage, it's very hard for you to get an explanation of what's going on, because your email has been blocked -- this has happened to me several times. My own theory is that blacklists are fundamentally flawed because they are inevitably NOT accompanied by sufficient administrative staff to deal with the inevitable mistakes and exceptions in the blacklist. Moreover they aren't necessary, given the number of other ways to block spam. -- Nathaniel On Sunday, January 11, 2004, at 10:20 PM, Michel Py wrote: Keith Moore Somehow I doubt the IETF list cares enough to want to keep reading this exchange, There's definitely some of the readers that are tired of reading you. Michel.
RE: SMTP Minimum Retry Period - Proposal To Modify Mx
> Keith Moore > Somehow I doubt the IETF list cares enough to > want to keep reading this exchange, There's definitely some of the readers that are tired of reading you. Michel.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
You are a barefaced liar. How so in that assertion of mine? Folks who can't see the hole in your analysis for themselves can ask me in private mail. Somehow I doubt the IETF list cares enough to want to keep reading this exchange, and you've already demonstrated that you don't care what I say.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> Cc: Keith Moore <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > From: Keith Moore <[EMAIL PROTECTED]> > To: Vernon Schryver <[EMAIL PROTECTED]> > >>> If that is an issue, it ought to be raised by those who are being > >>> misled, the targets of mail, instead of senders and other third > >>> parties. > >> > >> it IS being raised by them, for those who are actually able to figure > >> out what's going on. of course, when the recipient doesn't receive > >> the > >> mail he's expecting, he has no idea where to look - so he tends to > >> blame the sender. > > > > Keith Moore is not complaining about mail he has not received because > > of the dasterdly misinformation from the RBL. He is either a third > > party sender of reject mail that he is certain was wanted by its > > targets > > despite being rejected or he is a fourth party presuming to speak for > > the first parties (spam targets) against the second parties (blacklist > > providers). > > You are a barefaced liar. How so in that assertion of mine? Unless I missed something that seems unlikely, Keith Moore is not complaining about mail he has failed to receive. He surely would not have been misled by blacklist operators into configuring his SMTP servers to use one of their evil nasty cheating lying dishonest fraudulent unhealthy fattening cancer-causing end-to-end principle breaking RBLs. The remaining possibilities are that he writing is on behalf of himself as a sender of rejected mail or he is a fourth party presuming to speak for the people actually involved, senders, receivers, and blacklist operators. I admit that I would not be surprised if his opinion of anti-spam blacklists was informed long ago when some of his more or less innocent mail was rejected with a reference to MAPS's RBL. I've no evidence of that except his use of archaic jargon and what his "courtesy copies" and statements about how I've configured my SMTP server show of his views of those who would be happier with fewer of his words. Concerning how I've configured my SMTP server--Juging from the headers of the IETF list messages, today it has rejected 2 copies of "and the horse you rode in on" and one copy of "You are a barefaced liar." That seems like a Good Thing(tm), but perhaps not enough. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
If that is an issue, it ought to be raised by those who are being misled, the targets of mail, instead of senders and other third parties. it IS being raised by them, for those who are actually able to figure out what's going on. of course, when the recipient doesn't receive the mail he's expecting, he has no idea where to look - so he tends to blame the sender. Keith Moore is not complaining about mail he has not received because of the dasterdly misinformation from the RBL. He is either a third party sender of reject mail that he is certain was wanted by its targets despite being rejected or he is a fourth party presuming to speak for the first parties (spam targets) against the second parties (blacklist providers). You are a barefaced liar.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> Cc: Keith Moore <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > From: Keith Moore <[EMAIL PROTECTED]> > To: Vernon Schryver <[EMAIL PROTECTED]> > ... > > If that is an issue, it ought to be raised by those who are being > > misled, the targets of mail, instead of senders and other third > > parties. > > it IS being raised by them, for those who are actually able to figure > out what's going on. of course, when the recipient doesn't receive the > mail he's expecting, he has no idea where to look - so he tends to > blame the sender. Keith Moore is not complaining about mail he has not received because of the dasterdly misinformation from the RBL. He is either a third party sender of reject mail that he is certain was wanted by its targets despite being rejected or he is a fourth party presuming to speak for the first parties (spam targets) against the second parties (blacklist providers). An odd thing about users of DNS blacklists and other filters is that many users avoid confronting senders of rejected mail. Many users are happy to let senders assume what the senders want to believe, that the evil nasty rbl consipracy used lies, bribery, and extortion to force an ISPs to use a blacklist. Never mind that after being informed of that evil nexus by senders, most users do nothing but demand even more filtering. Ignore the fact that blacklists are free or cost money and are now generally selling points. Of course popularity in the market is not proof of virtue, but it does poke holes in the claims of senders of rejected mail about blacklists. > ... > whatever. your mail server claims it's forwarding my mail to DCC, and > it's not bulk mail. The first phrase is true but only of mail sent directly from Keith Moore to my SMTP server. His second statement is false. Bulk mail includes any message which has a "a bunch" of copies sent to one or more mailboxes. All mail sent through non-trivial mailing list reflectors is bulk. Spam is bulk mail that is unsolicited. "A bunch" varies depending on whom you ask and when. Keith Moore has long known that his "courtesy copies" to my mailbox are unsolicited and unwelcome. They are identical except in headers to hundreds of copies of the same messages, and so are "bulk." I tolerate (and sometimes find interesting) the copies of his messages that arrive through the IETF reflector, but I object to duplicate copies of flames and insults. If your "a bunch" threshold for "bulk" is 2, then Keith Moore's attempts to put 2 copies of his messages in my mailbox are "spam" regardless of the hundreds of copies sent elsewhere. (Some people say 2 is the right threshold for "bulk", but I run my DCC client with a threshold of 5. 5 is a common choice for vanity domains. Choices for real domains range from 20 to 200 as well as the overflow value of "many.") > > Consider "courtesy" copies of mailing list messages and the people who > > send them. Many courtesy copies are sent unthinkingly by using a > > "reply all" function, but others are intentional. The intentional > > copies amount to "microphone queue jumping." > > "and the horse you rode in on." > > you are misleading people, and you know it. Notice that he does not specify whom is being misled or the falsehood. Sheesh!--what would a reasonable person do who knows that one of his targets doesn't want his "courtesy" copies? Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
In any case, what standing do you have to comment on what mail is rejected by other peoples SMTP servers? Sites can reject mail to their own servers if they want to. the issue is whether they're being misled about the criteria used by a blacklist. If that is an issue, it ought to be raised by those who are being misled, the targets of mail, instead of senders and other third parties. it IS being raised by them, for those who are actually able to figure out what's going on. of course, when the recipient doesn't receive the mail he's expecting, he has no idea where to look - so he tends to blame the sender. Apparently you also think that it's acceptable to forward mail from people you don't like to DCC, misrepresenting it as spam. The only reasonable response to people with this kind of attitude ends with "and the horse you rode in on". Actually, that's being far too polite. First, contrary to Keith Moore's the baloney, DCC clients detect bulk mail. whatever. your mail server claims it's forwarding my mail to DCC, and it's not bulk mail. Consider "courtesy" copies of mailing list messages and the people who send them. Many courtesy copies are sent unthinkingly by using a "reply all" function, but others are intentional. The intentional copies amount to "microphone queue jumping." "and the horse you rode in on." you are misleading people, and you know it.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Keith Moore <[EMAIL PROTECTED]> > ... > > In any case, what standing do you have to comment on what mail is > > rejected by other peoples SMTP servers? > > Sites can reject mail to their own servers if they want to. the issue > is whether they're being misled about the criteria used by a blacklist. If that is an issue, it ought to be raised by those who are being misled, the targets of mail, instead of senders and other third parties. > > I think that as long as > > those using blacklists get what they ask for, no outsiders have any > > business commenting, and particularly not would be senders of > > unsolicited bulk mail. > > Apparently you also think that it's acceptable to forward mail from > people you don't like to DCC, misrepresenting it as spam. The only > reasonable response to people with this kind of attitude ends with "and > the horse you rode in on". Actually, that's being far too polite. First, contrary to Keith Moore's the baloney, DCC clients detect bulk mail. It is impossible to (mis)represent mail as unsolicited bulk mail or spam by forwarding it to a DCC server. Doing so only reports it as "bulk." Are the "courtesy" copies mailing list contributions that Keith Moore insists on sending "bulk"? If they are private, then forwarding them to the DCC instead of my mailbox can have no effect because no one else will see them. If they are bulk, then some extra reporting also has no effect; if DCC clients haven't marked them solicited bulk by whitelisting the IETF list, they should be rejected as unsolicited bulk mail. That's how the DCC works. So why is Keith Moore so exercised? Consider "courtesy" copies of mailing list messages and the people who send them. Many courtesy copies are sent unthinkingly by using a "reply all" function, but others are intentional. The intentional copies amount to "microphone queue jumping." Their senders they feel their targets should see and respond to their words first. When the IETF reflector took literally days to finish sending copies to people at the end of alphabet like me, there might have been other reasons, but today it finishes within several dozen minutes. I didn't realize that "courtesy" copies are often intentional queue jumping until I noticed that senders of "courtesy copies" tend to foam at the mouth about the evils of MAPS, the RBL, blacklists, and spam filtering in general. I did not notice that common thread until I tired of "courtesy" copies of foaming flaming nonsense and started dropping senders into my personal, non-published blacklist. If you want to see apoplectic fits, use a sendmail access_DB instead of procmail to for your filtering. That will spare your system a few cycles, but it also lets senders know they're not being heard. People who hate the RBL and DUL for impersonally filtering their earthshaking words really hate being being personally shunned. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
... It's never clear to me what Keith Moore means by "RBL" when he repeats that claim. Those three letters are a registered service mark for a product that historically has been run so conservatively that claims that should not be used to reject mail sound silly. Yes, "RBL" did indeed reject valid mail, I never heard of any examples of mail considered valid by its targets that was rejected as the result of RBL listings. Maybe you ought to get out more. Could you point to significant amounts of real mail, as opposed to theoretical examples, that might reasonably have consider legitimate by its targets but that was rejected as the result of a MAPS RBL listing? Yes, but I'm not going to dig back through backup tapes looking from complaints from users who didn't get their na-digests just because you're in denial. In any case, what standing do you have to comment on what mail is rejected by other peoples SMTP servers? Sites can reject mail to their own servers if they want to. the issue is whether they're being misled about the criteria used by a blacklist. I think that as long as those using blacklists get what they ask for, no outsiders have any business commenting, and particularly not would be senders of unsolicited bulk mail. Apparently you also think that it's acceptable to forward mail from people you don't like to DCC, misrepresenting it as spam. The only reasonable response to people with this kind of attitude ends with "and the horse you rode in on". Actually, that's being far too polite.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: [EMAIL PROTECTED] (Mike S) > ... > The RBL and DUL are quite clearly (and openly) designed and > intended to be used to implement denial of service. Doing so with > the explicit authorization of the email recipient would be legal. > ... > The MAPS system does not, and cannot, distinguish between spam > email and legitimate, addressee desired email. It is a brute force > system which throws the baby out with the bathwater. Who but someone incapable of understanding the concept of one person never wanting to receive any mail or other communications from another could say something like that? For the rest of us, it makes perfect sense to say "I never want to receive any mail from any IP address owned by Stanford Wallace. I also never want to receive mail from any SMTP client using an IP address that has been declared 'dynamic' by its owner, because that declaration says that its owner cannot figure out who is using the address at any given time." I suspect that Mike Sauve (msauve at alientech.net) is upset with the RBL and DUL because some of his mail was rejected. I cannot find any evidence that he has sent unsolicited bulk commecial email, although some of his public statements about the definition of "spam" have been a little unusual. Perhaps he tried to run a commercial site on "residential" IP addresses and blames MAPS instead of the ISP that labelled those addresses. Note: - The DUL was largely populated with declarations by the owners of the IP addresses in question. - The IP address owners are ISPs, not the end users renting them, at least if they're not SWIPed. - I've always considered "dynamic" declarations by ISPs as implying that the ISP is a slumlord uninterested in tracking abuse by its users. Contrary to years of knowingly false statements from such as UUNET, anyone with standing to contribute to this list knows that figuring out which modem, DSL port, or cable modem port was using a block of "dynamic" IP addresses at any given instant requires only the will to maintain and consult RADIUS or other logs. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
Mike S wrote: [..] > The change interferes with the delivery of email to a "protected > computer," i.e. the computer of the person to whom the email is sent. > The ISP's mail exchanger is simply an intermediary. You have no right, without a contract, to *demand* transit service from any ISP's mail exchanger. If you *have* a contract then read the fineprint carefully. You probably delegated to your ISP the right to accept/reject SMTP connections carrying emails nominally heading to your address/mailbox. [..] > The MAPS system does not, and cannot, distinguish between spam email > and legitimate, addressee desired email. True, but irrelevant to the question of who is authorized to protect what machines. cheers, gja -- Grenville Armitage http://caia.swin.edu.au I come from a LAN downunder.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:07 PM 1/10/2004, Daniel Pelstring wrote... >The administrator doing the blocking would be in the clear, since >they are authorized to access this computer (and are in fact authorized to >change this information, even if you disagree with the change.) The law prohibits "intentionally cause[ing] damage without authorization, to a protected computer." The MX is not the "protected computer" in the discussion at hand. The "protected computer" is the computer of the email addressee. The MX is merely an intermediary. By the logic you present, one could argue that no violation (of this law) would be present for hacking a backbone router and inserting a filter which dropped all incoming packets bound for any next hop, since that router would not be "damaged" under the definition given by 18 U.S.C. 1030, the "damage" only occurring external to that router. > The >provider of a blocking list would not have accessed this computer at all, >since they did not make the change. The desires of the intended recipient >do not matter at all under this law, as they do not own the computer on >which the change was made. The change interferes with the delivery of email to a "protected computer," i.e. the computer of the person to whom the email is sent. The ISP's mail exchanger is simply an intermediary. The RBL and DUL are quite clearly (and openly) designed and intended to be used to implement denial of service. Doing so with the explicit authorization of the email recipient would be legal. Using MAPS RBL and/or DUL is an act which "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage ['impairment to the integrity or availability of data, a program, a system, or information'] without authorization, to a protected computer," a violation of 18 U.S.C. 1030. The "protected system" is the email addressee's, not the ISP's. If a recipient is not receiving desired email due to ISP use of the MAPS system, the ISP is guilty of unlawful denial of service. Not only the ISP, but also MAPS, is guilty of knowingly and intentionally damaging a protected computer. A person may authorize, indeed ask, that spam be blocked upstream. With such authorization, an ISP is clearly free to block spam email. As I have already pointed out, it is irrational to claim that a addressee has authorized that _desired_ email be dropped. I have encountered exactly that situation due to use of the MAPS DUL. The MAPS system does not, and cannot, distinguish between spam email and legitimate, addressee desired email. It is a brute force system which throws the baby out with the bathwater.
RE: SMTP Minimum Retry Period - Proposal To Modify Mx
The law you cited refers only to civil damages resulting from criminal activity. In order to press a civil suit under this law, the defendant would first need to be convicted of criminal activity falling under (i), (ii), (iii), (iv), or (v) of subsection (a)(5)(B), which in turn requires a violation of (a)(5)(A) which requires unauthorized access to a protected computer. The administrator doing the blocking would be in the clear, since they are authorized to access this computer (and are in fact authorized to change this information, even if you disagree with the change.) The provider of a blocking list would not have accessed this computer at all, since they did not make the change. The desires of the intended recipient do not matter at all under this law, as they do not own the computer on which the change was made. If something has been done which violates a service agreement, you can press a civil suit based on that agreement, which falls under contract law and has nothing at all to do with 18 U.S.C. 1030. I am not a lawyer, although I did spend much time doing legal research for one. This is actually an extremely simple law, and I can say with a fair degree of certainty that it does not cover what you think it does. If you need legal advice, talk to a lawyer, you may have a civil suit if this filtering violates a contract you have with the party in question. 18 U.S.C. 1030 however, does not apply here. I hope this was helpful. -Daniel Pelstring -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike S Sent: Saturday, January 10, 2004 11:45 AM To: [EMAIL PROTECTED] Subject: Re: SMTP Minimum Retry Period - Proposal To Modify Mx At 10:32 PM 1/9/2004, Ken Raeburn wrote... >Not in any mail I've seen so far, but the other traffic since implies I've missed something. Investigating that... my apologies. 18 U.S.C. 1030 >In any case, the quotations I've seen suggest you believe that the blocking is done without authorization. That is correct. Understand that I am NOT referring to UCE/spam. In the case of UCE/Spam, I will stipulate that the intended recipient may indeed have authorized upstream blocking/filtering. It is, however, irrational and incorrect to argue that the recipient has authorized blocking/filtering of email replies sent in direct response to queries they have sent. RBL/DUL makes no distinction between these types of email, and indiscriminately causes both types to be blocked. One cannot argue that general "best effort" or "no guarantees" terms of service cover this situation, since the blocking is known and deliberate. > As I said in my previous mail, I suspect the service agreement is likely to provide for it; I can only speak for the ISP agreements I've been a party to, and they do NOT authorize any upstream filtering or blocking. >And I suspect the receiving computer to which "damage" would be done would be the ISP's mail server; presumably none of this is interfering with the transmission between the ISP's mail server and the customer's machine. It is interfering with communications between sender and recipient, which is exactly what the cited law prohibits. The maintainer of the MX has publicly agreed to accept mail destined for the domain (by publishing an MX record). Blocking/refusing/filtering email bound for a protected system is a violation of U.S. law, unless specific authorization has been granted to do so, which has not occurred (see above).
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Sat, 10 Jan 2004 12:48:39 -0500 Mike S <[EMAIL PROTECTED]> wrote: > At 12:08 PM 1/10/2004, Richard Welty wrote... > >might i suggest citing some case law demonstrating the relevance > >of the statute you cited? > Non sequitor. By your implied logic, no new laws could be > effectively created or enforced, since all would lack precedent. > The relevant code is relatively new, so only limited, if any, > case law can be expected to be extant in any case. so, you have a statute dated 1996 which you claim prohibits certain activities. you are apparently unable to cite any case law (i don't know if you actually have tried to find any or not, you simply responded by dismissing the suggestion.) i suspect you're not a lawyer. i also seriously doubt you've actually asked a lawyer specializing in this type of law for an informed opinion. i think that i don't care to take "legal advice" from you. have a nice day, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 01:55 PM 1/10/2004, [EMAIL PROTECTED] wrote... >I'm sure if that legal theory were sustainable, MAPS would have been served notice >of a lawsuit by now So, your argument amounts to the equivalent of "If life is possible on Mars, then life must exist on Mars." You'd better let NASA know, it may save them a bundle of money.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Sat, 10 Jan 2004 12:48:39 EST, [EMAIL PROTECTED] (Mike S) said: > The relevant code is relatively new, so only limited, if any, case law can be > expected to be extant in any case.> http://www.usdoj.gov/criminal/cybercrime/1030_new.html Title of the page is "18 USC 1030, as amended Oct 11, 1996". And the language you cite from 18 USC 1030 (5)(A)(i) was in there back then. In 1996. Plenty of time to build up case law. Interesting that no spammer seems to have actually brought suit under 18 USC 1030 (g): http://www4.law.cornell.edu/uscode/18/1030.html "Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in clause (i), (ii), (iii), (iv), or (v) of subsection (a)(5)(B). Damages for a violation involving only conduct described in subsection (a)(5)(B)(i) are limited to economic damages. No action may be brought under this subsection unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage. No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware. I'm sure if that legal theory were sustainable, MAPS would have been served notice of a lawsuit by now And I know there's people from MAPS lurking here, so if they want to chime up that such a lawsuit has made it past the preliminary stages (i.e. didn't get thrown out by a judge immediately), they can... pgp0.pgp Description: PGP signature
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 12:08 PM 1/10/2004, Richard Welty wrote... >might i suggest citing some case law demonstrating the relevance >of the statute you cited? Non sequitor. By your implied logic, no new laws could be effectively created or enforced, since all would lack precedent. The relevant code is relatively new, so only limited, if any, case law can be expected to be extant in any case.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Sat, 10 Jan 2004 11:27:53 -0500 Mike S <[EMAIL PROTECTED]> wrote: > At 08:42 AM 1/10/2004, Bill Sommerfeld wrote... > >> > If you think there's some violation of law going on here, please be more > >> > specific. What law, and in what country? > >> > >> Try to keep up. A specific citation has already been made. > > > >and already been debunked. > If one considers spraying bullets and so shooting and killing > innocent bystanders while defending against an assailant as > legal, then yes, it's been debunked. might i suggest citing some case law demonstrating the relevance of the statute you cited?[1] the rhetoric of your response is largely content free. w/o supporting case law, your "legal opinion" is of rather limited value. richard [1] i, for one, will be extremely impressed if you actually dredge some up. i don't think that statute has any relevance to dns based BLs, whether a MAPS product or otherwise. the question is one for the courts to decide, and i'm not at all aware of anyone actually attempting to use that statute in the manner you suggest. -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 10:32 PM 1/9/2004, Ken Raeburn wrote... >Not in any mail I've seen so far, but the other traffic since implies I've missed >something. Investigating that... my apologies. 18 U.S.C. 1030 >In any case, the quotations I've seen suggest you believe that the blocking is done >without authorization. That is correct. Understand that I am NOT referring to UCE/spam. In the case of UCE/Spam, I will stipulate that the intended recipient may indeed have authorized upstream blocking/filtering. It is, however, irrational and incorrect to argue that the recipient has authorized blocking/filtering of email replies sent in direct response to queries they have sent. RBL/DUL makes no distinction between these types of email, and indiscriminately causes both types to be blocked. One cannot argue that general "best effort" or "no guarantees" terms of service cover this situation, since the blocking is known and deliberate. > As I said in my previous mail, I suspect the service agreement is likely to provide > for it; I can only speak for the ISP agreements I've been a party to, and they do NOT authorize any upstream filtering or blocking. >And I suspect the receiving computer to which "damage" would be done would be the >ISP's mail server; presumably none of this is interfering with the transmission >between the ISP's mail server and the customer's machine. It is interfering with communications between sender and recipient, which is exactly what the cited law prohibits. The maintainer of the MX has publicly agreed to accept mail destined for the domain (by publishing an MX record). Blocking/refusing/filtering email bound for a protected system is a violation of U.S. law, unless specific authorization has been granted to do so, which has not occurred (see above).
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:41 PM 1/9/2004, Vernon Schryver wrote... >Could you point to significant amounts of real mail, as opposed to >theoretical examples, that might reasonably have consider legitimate >by its targets but that was rejected as the result of a MAPS RBL >listing? Note that the validity of mail is determined not its senders >but by its targets. Yes. For a lengthy period, all mail.com SMTP servers were included in the RBL, blocking significant numbers of legitimate, private, non-spam emails from reaching willing recipients.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 08:42 AM 1/10/2004, Bill Sommerfeld wrote... >> > If you think there's some violation of law going on here, please be more >> > specific. What law, and in what country? >> >> Try to keep up. A specific citation has already been made. > >and already been debunked. If one considers spraying bullets and so shooting and killing innocent bystanders while defending against an assailant as legal, then yes, it's been debunked.
Re: SMTP Minimum Retry Period - Proposal To Modify MX
> The RBL, and particularly the DUL, are not "good faith," as it is > well known that both block significant amounts of legitimate, > non-spam, non-uce, recipient-desired email. I guess it depends on your definition of "significant". I haven't noticed a problem, but the amount of spam I get is large enough that, in good faith, I'm willing to tolerate a modest number of false positives. - Bill
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> > If you think there's some violation of law going on here, please be more > > specific. What law, and in what country? > > Try to keep up. A specific citation has already been made. and already been debunked. - Bill
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Fri, Jan 09, 2004 at 06:45:57PM -, Sabahattin Gucukoglu wrote: > On 9 Jan 2004 at 9:18, Harald Tveit Alvestrand <[EMAIL PROTECTED]> spoke, thus: > > > Why doesn't your friend use ETRN to trigger delivery of his queued mail > > from his mate whenever he gets online? > > He doesn't want his mate getting his mail while he's not available if he > will be available shortly after. The idea is to restrain clients from > passing onto the next MX, and thereby let his mail fall into his own > responsibility when the unavailability of his host is either known to be > temporary or is simply not long enough to justify any resulting policy > differences between hosts. But the problem is that until vast quanties of people understand your extended MX proposal, the mail will be received by the backup server anyway. And given past experience, it takes a long, long time for support for new features to get propagated to enough of the global internet infrastructure that it will really solve your friend's problem. Let me propose another possible solution, which doesn't require making global infrastructural changes. It will require changes to the SMTP server on the backup MX machine, but that is something which is much more likely to be doable. First of all, on the backup MX server, you create a little daemon that periodically checks to see if the primary mail server is up. If it is down for more than a predefined time perioud (a day in your example), then it sets a flag "this host is down hard". Secondly, you change the the SMTP server on the backup MX server that by default, attempts to send mail to your friends domain return a 4xx soft error, UNLESS the "this host is down hard" flag is set. If that flag is set, then the mail is accepted, and queued for transmission to your friend's mail server. As a side benefit, current spamming software will see the soft failure, and not bother to retry the mail transmission while your friend's host mail server is temporarily down. - Ted
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Friday, Jan 9, 2004, at 22:06 US/Eastern, Mike S wrote: At 06:43 PM 1/9/2004, Ken Raeburn wrote... If you think there's some violation of law going on here, please be more specific. What law, and in what country? Try to keep up. A specific citation has already been made. Not in any mail I've seen so far, but the other traffic since implies I've missed something. Investigating that... my apologies. In any case, the quotations I've seen suggest you believe that the blocking is done without authorization. As I said in my previous mail, I suspect the service agreement is likely to provide for it; it would be something for the customer to take up with the ISP if they believe otherwise. And I suspect the receiving computer to which "damage" would be done would be the ISP's mail server; presumably none of this is interfering with the transmission between the ISP's mail server and the customer's machine. Ken
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 06:43 PM 1/9/2004, Ken Raeburn wrote... > If you think there's some violation of law going on here, please be more > specific. What law, and in what country? Try to keep up. A specific citation has already been made.
Re: SMTP Minimum Retry Period - Proposal To Modify MX
> That law reads in part: > > "Whoever... knowingly causes the transmission of a program, > information, code, or command, and as a result of such conduct, > intentionally causes damage without authorization, to a protected > computer...shall be punished..." Except that use of DNSBL's is generally authorized by the entity administering the mail servers; moreover, it is increasingly clear that the vast majority of email users do not regard the blocking of spam as "damage". See also 47 USC 230(c)(2): No provider or user of an interactive computer service shall be held liable on account of - (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material ... --- As far as I'm concerned, spam is "otherwise objectionable". And I believe that there is at least one congressional resolution encouraging the private sector to work on spam control technologies.. - Bill
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Sat, 2004-01-10 at 11:00, Mike S wrote: At 05:42 PM 1/9/2004, [EMAIL PROTECTED] wrote... >On Fri, 09 Jan 2004 15:13:50 EST, [EMAIL PROTECTED] (Mike S) said: >Note that MAPS is *NOT* blocking a single piece of e-mail itself. None. Zip. Zero. Of course not. MAPS is simply a database. As I quite clearly said, *USE* of MAPS impairs email. >Meanwhile, the site that's actually rejecting your mail has made that decision *itself*, >that it doesn't want to receive mail from you, possibly with MAPS as one component >of the information used to make said decision. > >To have a chance of winning this argument, you'll have to prove that the receiving >system is legally *obligated* to accept every piece of mail that you might happen to >want to send. MX <> recipient. If I send email [EMAIL PROTECTED] to the published MX for aol.com and aol.com blocks the ultimate recipient from receiving that email, they are in violation of the law, having interfered with the availability of email for both the sending and receiving systems. By publishing an MX, they have agreed to accept email for any valid address within their domain. That's what an MX is. They are likely in breach of their civil contract with the recipient, also. Of course, anyone who publishes an MX record but refuses mail is simply an idiot incapable of understanding why the Internet exists in the first place. The Balkanization has begun. The Internet is dead. Any user of such services agree to a user agreement of use of the service, which includes the right for the service to filter e-mail, monitor content, and terminate the user account. It is interesting to see that with the new US law, some people are trying to find justification within the IETF on why SPAM should be authorised. I would not be surprised if a few IETF members here be summoned to one of these new multi-million dollar case base on their comments... Cheers Franck Martin [EMAIL PROTECTED] SOPAC, Fiji GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320 "Toute connaissance est une reponse a une question" G.Bachelard signature.asc Description: This is a digitally signed message part
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
Mike S wrote: [..] > "Whoever... knowingly causes the transmission of a program, information, code, or > command, and as a result of such conduct, intentionally causes damage without > authorization, to a protected computer...shall be punished..." Your email is not authorized to enter and reside on a recipient's mail server until and unless the recipient's mail server says it is. Mail servers are entitled to refuse reception of your email using whatever decision process they choose. This includes the method of assigning a "this source is likely a spammer" semantic to responses received from lookups on certain externally maintained lists. cheers, gja -- Grenville Armitage http://caia.swin.edu.au I come from a LAN downunder.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Friday, Jan 9, 2004, at 18:00 US/Eastern, Mike S wrote: Meanwhile, the site that's actually rejecting your mail has made that decision *itself*, that it doesn't want to receive mail from you, possibly with MAPS as one component of the information used to make said decision. To have a chance of winning this argument, you'll have to prove that the receiving system is legally *obligated* to accept every piece of mail that you might happen to want to send. MX <> recipient. If I send email [EMAIL PROTECTED] to the published MX for aol.com and aol.com blocks the ultimate recipient from receiving that email, they are in violation of the law, having interfered with the availability of email for both the sending and receiving systems. By publishing an MX, they have agreed to accept email for any valid address within their domain. That's what an MX is. They are likely in breach of their civil contract with the recipient, also. So, by that argument, an MX site for FooISP (which presumably would be run by FooISP, or at least under contract with FooISP) can't use Spamassassin or Greylisting to avoid spam either, nor any other criteria. The spammers must love you. An ISP using such tools may be in breach of contract with the recipient; it depends on the contract, of course. More likely, I suspect, the contract gives them the latitude to prevent abusive behavior, or rejects any guarantees of availability of services at any given time or when dealing with non-local resources. Which is probably enough to cover Spamassassin and RBL. If you think there's some violation of law going on here, please be more specific. What law, and in what country? As Valdis said, you need to show why they're obligated to accept absolutely every message, regardless of contracts. Of course, anyone who publishes an MX record but refuses mail is simply an idiot incapable of understanding why the Internet exists in the first place. The Balkanization has begun. The Internet is dead. Um, right. Maybe my troll filter is on the blink today? Ken
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Keith Moore <[EMAIL PROTECTED]> > ... > > It's never clear to me what Keith Moore means by "RBL" when he repeats > > that claim. Those three letters are a registered service mark for a > > product that historically has been run so conservatively that claims > > that should not be used to reject mail sound silly. > > Yes, "RBL" did indeed reject valid mail, I never heard of any examples of mail considered valid by its targets that was rejected as the result of RBL listings. There was plenty of screaming and whining by advertisers would be about their supposed free speech rights. Could you point to significant amounts of real mail, as opposed to theoretical examples, that might reasonably have consider legitimate by its targets but that was rejected as the result of a MAPS RBL listing? Note that the validity of mail is determined not its senders but by its targets. > because it misled site > administrators into thinking that mailers that failed its test were > inherently able to be exploited into relaying significant amounts of > spam. So sites that trusted RBL's misrepresentation blocked valid mail > from sites that rate-limited relayed mail (including the site I ran at > one time) even when that rate-limiting was an effective spam block. That makes no sense to me. It sounds like a confounding of other blacklists with MAPS's RBL. The RBL is (was?) based on spam received instead of open relays inferred by probing. Or perhaps it is a statement that you were "misled ... into thinking" that some "mailer" failed some test. Or is it at statement that bulk mail you sent was rejected by its targets? In any case, what standing do you have to comment on what mail is rejected by other peoples SMTP servers? I think that as long as those using blacklists get what they ask for, no outsiders have any business commenting, and particularly not would be senders of unsolicited bulk mail. > I really have no sympathy for net vigilanties who insist on trying to > enforce their own narrow-minded definitions for how the net should work, > and who disrupt others' service in the process. Do you have any idea how ironic that statement is? Can you imagine that the saying "their network; their rules" might apply to all of us? I happen to agree with some of your statements about NAT, but I hope I'm sane enough to not act on them, because "trying to enforce [that] narrow-minded [definition] for how the net should work [would] disrupt others' service in the process." By the way, do you also agree with the other individual who repeated the familiar (in spammy circles) kooky wishful thinking that running a DNS blacklist somehow violates U.S. Federal law? Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 05:42 PM 1/9/2004, [EMAIL PROTECTED] wrote... >On Fri, 09 Jan 2004 15:13:50 EST, [EMAIL PROTECTED] (Mike S) said: > >> Use of the MAPS RBL and DUL clearly impairs the availability and integrity of >> the Internet email system and the information transferred using that system. >> MAPS RBL and DUL participants are actively participating in illegal denial of >> service > >Erm. Sounds like you're choking on something. > No. You are. >Note that MAPS is *NOT* blocking a single piece of e-mail itself. None. Zip. Zero. Of course not. MAPS is simply a database. As I quite clearly said, *USE* of MAPS impairs email. >Meanwhile, the site that's actually rejecting your mail has made that decision >*itself*, >that it doesn't want to receive mail from you, possibly with MAPS as one component >of the information used to make said decision. > >To have a chance of winning this argument, you'll have to prove that the receiving >system is legally *obligated* to accept every piece of mail that you might happen to >want to send. MX <> recipient. If I send email [EMAIL PROTECTED] to the published MX for aol.com and aol.com blocks the ultimate recipient from receiving that email, they are in violation of the law, having interfered with the availability of email for both the sending and receiving systems. By publishing an MX, they have agreed to accept email for any valid address within their domain. That's what an MX is. They are likely in breach of their civil contract with the recipient, also. Of course, anyone who publishes an MX record but refuses mail is simply an idiot incapable of understanding why the Internet exists in the first place. The Balkanization has begun. The Internet is dead.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Fri, 09 Jan 2004 10:56:04 MST, Vernon Schryver <[EMAIL PROTECTED]> said: > It's never clear to me what Keith Moore means by "RBL" when he repeats > that claim. Those three letters are a registered service mark for a > product that historically has been run so conservatively that claims Unfortunately, this has probably gone the same way as Linoleum. > If his claim refers to private blacklists, then it is obvious nonsense. > There are many IP addresses (e.g. WholesaleBandwidth's /18) that will > never send mail that anyone but a spammer wants delivered for the > foreseeable future. Yeah, and 69/8 wouldn't be sending packets for the forseeable future either. Look where it got the people who got the early allocations out of that range. pgp0.pgp Description: PGP signature
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On Fri, 09 Jan 2004 15:13:50 EST, [EMAIL PROTECTED] (Mike S) said: > Use of the MAPS RBL and DUL clearly impairs the availability and integrity of > the Internet email system and the information transferred using that system. > MAPS RBL and DUL participants are actively participating in illegal denial of > service Erm. No. Note that MAPS is *NOT* blocking a single piece of e-mail itself. None. Zip. Zero. All they are doing is publishing information regarding their opinion of a given host's mail policies. As such, they're not interfering with anything, but merely answering queries. Meanwhile, the site that's actually rejecting your mail has made that decision *itself*, that it doesn't want to receive mail from you, possibly with MAPS as one component of the information used to make said decision. To have a chance of winning this argument, you'll have to prove that the receiving system is legally *obligated* to accept every piece of mail that you might happen to want to send. pgp0.pgp Description: PGP signature
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> On 9 Jan 2004 at 9:18, Harald Tveit Alvestrand <[EMAIL PROTECTED]> > spoke, thus: > > > Why doesn't your friend use ETRN to trigger delivery of his queued > > mail from his mate whenever he gets online? > > He doesn't want his mate getting his mail while he's not available if > he will be available shortly after. So configure the secondary MX return to 4xx in response to RCPT whenever the primary MX should be available "shortly after". > Also, etrn/similar don't solve the RBL problem. For that matter, RBL doesn't solve any problem either. But if you really want to do RBL filtering on mail relayed to the secondary MX, you should be able to filter on addresses in Received fields. Sure, it's dodgy, but if you're trusting RBL you're already demonstrating you don't care about reliable mail delivery.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> > His mate is a wise man. RBLs are a really terrible idea, and > > they've caused a lot of valid mail to be rejected. There's really > > no way to reliably determine that a message is spam based on the IP > > address or sender's domain name. The most you should do with RBLs > > is delay or rate-limit mail from the blacklisted sites, you should > > never reject such mail. > > .. > > It's never clear to me what Keith Moore means by "RBL" when he repeats > that claim. Those three letters are a registered service mark for a > product that historically has been run so conservatively that claims > that should not be used to reject mail sound silly. Yes, "RBL" did indeed reject valid mail, because it misled site administrators into thinking that mailers that failed its test were inherently able to be exploited into relaying significant amounts of spam. So sites that trusted RBL's misrepresentation blocked valid mail from sites that rate-limited relayed mail (including the site I ran at one time) even when that rate-limiting was an effective spam block. I really have no sympathy for net vigilanties who insist on trying to enforce their own narrow-minded definitions for how the net should work, and who disrupt others' service in the process.
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
At 12:03 PM 1/9/2004, Keith Moore wrote... >> There's >> just one more condition - his mate, though great as mates go, is an anti- >> RBL purist. He refuses to use RBLs. > >His mate is a wise man. RBLs are a really terrible idea, and they've >caused a lot of valid mail to be rejected. Not only that, but at least in the U.S., they are illegal per 18 U.S.C. 1030 -Fraud and Related Activity in Connection with Computers. That law reads in part: "Whoever... knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer...shall be punished..." MAPS RBL and DUL and those who participate in it knowingly transmit information (zone lookups) and commands (SMTP configurations) which causes unauthorized damage to protected systems. "[T]he term "protected computer" means a computer... which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States" This clearly covers any computer with which the user may send email for Internet commerce, including eBay and web purchases. "The term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information" Use of the MAPS RBL and DUL clearly impairs the availability and integrity of the Internet email system and the information transferred using that system. MAPS RBL and DUL participants are actively participating in illegal denial of service
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
On 9 Jan 2004 at 9:18, Harald Tveit Alvestrand <[EMAIL PROTECTED]> spoke, thus: > Why doesn't your friend use ETRN to trigger delivery of his queued mail > from his mate whenever he gets online? He doesn't want his mate getting his mail while he's not available if he will be available shortly after. The idea is to restrain clients from passing onto the next MX, and thereby let his mail fall into his own responsibility when the unavailability of his host is either known to be temporary or is simply not long enough to justify any resulting policy differences between hosts. His mate could, if this were a dynamic DNS provider, be half-way across the world when the client only needed to wait a few minutes before it could deliver to the final destination. This is just an example. Also, etrn/similar don't solve the RBL problem. > That way, the 4-hour delay is avoided without requiring global changes to > the Internet infrastructure The unilateral thought of all of us, no doubt. :-) It is quite outrageous as far as requirements go for such a simple feature, but I honestly can't see a simple way otherwise that doesn't involve inter-host communication which, obviously, can't happen if the backed-up host is out, or other scheduled checking. If his mate could somehow know that he (my friend) were down, his mate could serve him, and when he returned his mate could, upon instruction by him, give an appropriate number and message to the effect that the primary was up, go and deliver to him, when all clients tried sending to my friend through his mate. Would implementation of such a system be worthwhile, even if it meant periodic checks by his mate that my friend was down? The MX concept is very good, but very heavy-handed and served a time long ago when it really was necessary. Also, the demand on the speed of mail delivery has gone up with the number of email users on the net and their expectations of it. In terms of saved bandwidth, there's a slight argument for the cost of a DNS query. I would be willing to implement it either way, though preferably the least destructive one. Cheers, Sabahattin -- Thought for the day: Dictatorship (n): a form of government under which everything which is not prohibited is compulsory. Latest PGP Public key blocks? Send any mail to: <[EMAIL PROTECTED]> Sabahattin Gucukoglu Phone: +44 (0)20 7,502-1615 Mobile: +44 (0)7986 053399 http://www.sabahattin-gucukoglu.com/ Email/MSN: <[EMAIL PROTECTED]>
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> From: Keith Moore <[EMAIL PROTECTED]> > ... > His mate is a wise man. RBLs are a really terrible idea, and they've > caused a lot of valid mail to be rejected. There's really no way to > reliably determine that a message is spam based on the IP address or > sender's domain name. The most you should do with RBLs is delay or > rate-limit mail from the blacklisted sites, you should never reject > such mail. > .. It's never clear to me what Keith Moore means by "RBL" when he repeats that claim. Those three letters are a registered service mark for a product that historically has been run so conservatively that claims that should not be used to reject mail sound silly. You would certainly want to do more than just rate limit Cyberpromo's spam. He might be referring to other DNS (or BGP) distributed, more or less real time blacklists. Depending on which of the zillions of lists he is talking about, his claim is either entirely accurate or even worse than it would be if it refers to MAPS's RBL(sm). Some DNS blacklists are at best used for scoring and only by those who don't mind affecting legitimate email. Other DNS blacklists have false positive rates (legitimate rejected/total legitimate) below 0.01% that allow them to be used by corporations that would rather receive 1000 spam than reject one legitimate message. If his claim refers to private blacklists, then it is obvious nonsense. There are many IP addresses (e.g. WholesaleBandwidth's /18) that will never send mail that anyone but a spammer wants delivered for the foreseeable future. Then there are private blacklists of domain names that are undeniably valid targets of complete blacklisting, starting with Cyberpromo.com. The clear and undesputed (except by spammers and some others with special interests) consensus is that blacklists are undesirable but entirely legitimate, useful, and often necessary mechanisms for dealing with network abuse by rejecting, not just delaying mail. The buyer (or user) must beware, but Keith Moore blanket condemnation of "RBLs" is simply wrong. His apparent claim that SMTP servers must accept mail from everywhere as much sense as claims R. Stallman's complaints 20 years ago closed telnet ports. Note none of the SMTP servers I run use any DNS (or BGP) SMTP blacklists. He's not trying to gore any of my oxen. Vernon Schryver[EMAIL PROTECTED]
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
Why doesn't your friend use ETRN to trigger delivery of his queued mail from his mate whenever he gets online? That way, the 4-hour delay is avoided without requiring global changes to the Internet infrastructure
Re: SMTP Minimum Retry Period - Proposal To Modify Mx
> There's > just one more condition - his mate, though great as mates go, is an anti- > RBL purist. He refuses to use RBLs. His mate is a wise man. RBLs are a really terrible idea, and they've caused a lot of valid mail to be rejected. There's really no way to reliably determine that a message is spam based on the IP address or sender's domain name. The most you should do with RBLs is delay or rate-limit mail from the blacklisted sites, you should never reject such mail. > My proposal: an extension to the MX record in the DNS, which must be > backward compatible with existing MX records - that is, non-conformant > mailers must not be confused by the new form of the record. Doesn't seem like a good idea in general, nor does it seem necessary. It's perfectly reasonable for the secondary MX to be explicitly configured to flush its mail queue for the primary MX at pre-determined times (as in a cron job). It's also perfectly reasonable for the primary MX to contact the secondary MX at regular intervals and (using any of a variety of mechanisms) say "please give me my mail". So it doesn't seem like we need a new DNS RR to solve this problem. Keith