Re: Do these domains merit blocking?
> On Dec 15, 2021, at 1:57 PM, Alan Hodgson wrote: > > On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote: >> >> I got a couple to an actual human who answered ab...@princeton.edu. I can >> forward them privately. > > Let me rephrase that; I complained to ab...@princeton.edu and actually heard > back from a human, to whom I have since sent copies of the spam messages. > Well, this was the result of sending to the email address published on their info page… -- I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host mxa-5701.gslb.pphosted.com[205.220.160.168] said: 550 5.1.1 User Unknown (in reply to RCPT TO command) Reporting-MTA: dns; mail.morefoo.com X-Postfix-Queue-ID: AECB8B0031 X-Postfix-Sender: rfc822; c...@sporklab.com Arrival-Date: Thu, 16 Dec 2021 12:30:27 -0500 (EST) Final-Recipient: rfc822; rapt+privacyst...@princeton.edu Original-Recipient: rfc822;rapt+privacyst...@princeton.edu Action: failed Status: 5.1.1 Remote-MTA: dns; mxa-5701.gslb.pphosted.com Diagnostic-Code: smtp; 550 5.1.1 User Unknown --
Re: Do these domains merit blocking?
On 12/15/21 9:39 AM, Bill Cole wrote: There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Insert obligatory $Postmaster...Liberty...Filter...Discression message here. I've added rejections for policy reasons to systems that I administer. A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I want to support research. But I can't stand research that takes a cavalier attitude because it's research. To whit I saw some comments on another mailing list, mailop?, that indicated that the researcher admitted that s/he was sending the messages and the attitude was "so what". I feel like the institution needs to be held accountable for this. This is now (at least) the 2nd mailing list where I've seen this discussed and engineer hours are being consumed. There are real world costs to the purported research. So I say not on the systems that I administer. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote: > > I got a couple to an actual human who answered > ab...@princeton.edu. I can forward them privately. Let me rephrase that; I complained to ab...@princeton.edu and actually heard back from a human, to whom I have since sent copies of the spam messages.
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 13:24 -0500, Charles Sprickman wrote: > Does anyone have a sample of one of their emails? > > I’m composing a brief nastygram and would like to get my eyes on > one before finishing up. > I got a couple to an actual human who answered ab...@princeton.edu. I can forward them privately.
Re: Do these domains merit blocking?
You can find the email we received from them here http://paste.debian.net/1223611/ (just the body, idk if anyone also want headers) Must admit I thought it was a scam, just because it was its own domain, out of the blue and as many have mentioned unsolicited. Bert On 15/12/2021 19:24, Charles Sprickman wrote: Does anyone have a sample of one of their emails? I’m composing a brief nastygram and would like to get my eyes on one before finishing up. Thanks, Charles On Dec 15, 2021, at 11:39 AM, Bill Cole wrote: There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist. I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence... A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Do these domains merit blocking?
Does anyone have a sample of one of their emails? I’m composing a brief nastygram and would like to get my eyes on one before finishing up. Thanks, Charles > On Dec 15, 2021, at 11:39 AM, Bill Cole > wrote: > > There has recently been a spate of odd spams to harvested addresses asking > hypothetical questions about domains' privacy practices. It turns out this is > a grad student enrolling human subjects in a study without informed > consent... The explanation is at > https://measurement.cs.princeton.edu/privacystudy/ and there is a list of > domains there which were created to run this maldesigned study. > > Many of the early batch compounded the consent problem with outright fraud, > claiming to be from people who do not exist. > > I am curious about what the SA user world thinks of such domains. My personal > opinion is that the grad student, his faculty advisors, and his IRB should > all be forced to find new careers and the domains should have a null CNAME at > the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all > noticed the domains unflatteringly, which I suppose constitutes a more > balanced consequence... > > A customer has expressed mild dismay at the concept that a fine research > institution should be "punished for doing research." I'm less attached to > Princeton than my NJ-based customer and (having worked in a NIH-funded lab) > less idolizing of the Ivory Tower in general. I have no difficulty explaining > my position, but I am rather surprised that I need to in 2021. Am I missing > something special that makes such research spam somehow not spam? > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire
Re: Do these domains merit blocking?
You can quote me: If the pope itself is sending me the cure to cancer but he doesn't have my consent then it IS spam and I would block it and depending on the way the domain manager handles it I would block the domain. KAM On Wed, Dec 15, 2021, 11:40 Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > There has recently been a spate of odd spams to harvested addresses asking > hypothetical questions about domains' privacy practices. It turns out this > is a grad student enrolling human subjects in a study without informed > consent... The explanation is at > https://measurement.cs.princeton.edu/privacystudy/ and there is a list of > domains there which were created to run this maldesigned study. > > Many of the early batch compounded the consent problem with outright > fraud, claiming to be from people who do not exist. > > I am curious about what the SA user world thinks of such domains. My > personal opinion is that the grad student, his faculty advisors, and his > IRB should all be forced to find new careers and the domains should have a > null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus > DBL have all noticed the domains unflatteringly, which I suppose > constitutes a more balanced consequence... > > A customer has expressed mild dismay at the concept that a fine research > institution should be "punished for doing research." I'm less attached to > Princeton than my NJ-based customer and (having worked in a NIH-funded lab) > less idolizing of the Ivory Tower in general. I have no difficulty > explaining my position, but I am rather surprised that I need to in 2021. > Am I missing something special that makes such research spam somehow not > spam? > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire >
Re: Do these domains merit blocking?
On 12/15/2021 11:39 AM, Bill Cole wrote: Am I missing something special that makes such research spam somehow not spam? Everyone thinks that their own unsolicited bulk email - isn't spam. But a line must be drawn somewhere. In this case, the sender has absolutely no preexisting relationship to the recipient, and Raymond's statement about them sending to "scraped addresses" is, imo, devastating to their case. The closest argument that might have been possible is the idea that the email might potentially be of more benefit to the recipient than it is to the sender (e.g., sort of like a notification about a class action lawsuit) - but I can't find that argument anywhere in this situation either. But even class action lawsuit notifications are rarely sent to scraped addresses. It's on my "to do" list to add those domains as permanent additions to invaluement's URI/domain bl sometime this week, when I get some more time. (I'm in the middle of some intense upgrades, so I barely had time to type this message.) -- Rob McEwen, invaluement
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 11:39 -0500, Bill Cole wrote: > > A customer has expressed mild dismay at the concept that a fine > research institution should be "punished for doing research." I'm > less attached to Princeton than my NJ-based customer and (having > worked in a NIH-funded lab) less idolizing of the Ivory Tower in > general. I have no difficulty explaining my position, but I am > rather surprised that I need to in 2021. Am I missing something > special that makes such research spam somehow not spam? No. And that's about the stupidest "study" I've ever heard of. It's not like they're going to get any responses other than "fsck off" (which is what I added to my header_filters after getting the second one). It's hard to imagine anyone being that naive in 2021, but here we are.
Do these domains merit blocking?
There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist. I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence... A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire