On Tue, 03 Apr 2007 19:39:55 -0400
[EMAIL PROTECTED] wrote:
On Tue, 03 Apr 2007 15:18:36 PDT, Scott Weeks said:
What I meant was: when only a few folks use email, the spammers will go
away.
They won't go away, they'll just go infest whatever the people are using.
We're already seeing signifi
on Wed, Apr 04, 2007 at 06:25:18PM -0400, John L wrote:
>
> >>This technique works great to keep spam out of your mailbox.
> >
> >Inline rejection is a little dangerous for mailing lists
>
> And for anyone else who doesn't feel like jumping through your hoops.
>
> >Providing a telephone number
This technique works great to keep spam out of your mailbox.
Inline rejection is a little dangerous for mailing lists
And for anyone else who doesn't feel like jumping through your hoops.
Providing a telephone number in the bounce is an effective way to deal
with false positives.
Only if
Yes, its an SMTP bounce, not a store, try to forward and return.
I should have clarified.
> Right. It also quite an effective way to be sure you never hear from
> non-technical users who don't understand your bounce message,
>and from people like me who don't feel like jumping through your ho
> > 1) You send bounces from spammers to innocent people, whose
> > addresses have been forged.
>
> This is an SMTP reject, not a bounce. It's a lethal variety of
> greylisting.
>
> This technique works great to keep spam out of your mailbox.
Inline rejection is a little dangerous for mailing l
On Wed, 4 Apr 2007 08:46:33 -0700
Ken Simpson <[EMAIL PROTECTED]> wrote:
[...snip]
Captchas apparently help quite a bit to stem this kind of problem
because they install a technical barrier that, while not impossible to
break through programatically, at least delays things a bit and
reduces the
On Wed, Apr 04, 2007 at 02:05:41PM -0500, Joe Greco wrote:
...
> Yes, that's nice, except that Joe Greco isn't authorized to do that.
> We're not talking about a system operating in a vacuum here. There
> are already established mechanisms for guarding domains. We're talking
> about rapid update
>> While its a pretty brute force approach, one method Iâm trying is to
>> curtail the source of email. In otherwords, if smtp traffic comes from an
>> unknown source it gets directed to a sendmail server that intentionally
>> rejects the email message (550 with a informational message/url).
>
> On Tue, Apr 03, 2007 at 10:55:38PM -0500, Joe Greco wrote:
> ...
> > What purpose does an identity check serve? How do you verify the
> > identity? If a domain name is already registered, what value is there
> > to the "identity" check? What identity are you verifying? The
> > individual re
Paul Vixie wrote:
...
Back to reality and 2007:
In this case, we speak of a problem with DNS, not sendmail, and not bind.
As to blacklisting, it's not my favorite solution but rather a limited
alternative I also saw you mention on occasion. What alternatives do you
offer which we can use today?
joej wrote:
Greetings.
While its a pretty brute force approach, one method I’m trying is to
curtail the source of email. In otherwords, if smtp traffic comes from an
unknown source it gets directed to a sendmail server that intentionally
rejects the email message (550 with a informational mes
That makes sense, and matches up with my experience... you also have
"amateur" spammers just doing stuff manually (as well as spammers paying
people pennies a page to input CAPTCHA responses).
Another issue is that the unsolicited contact paradigm blurs a bit, when
you have musicians and pro
On Wed, Apr 04, 2007 at 10:06:18AM -0500, Joe Greco wrote:
...
> If you seriously want to propose something:
>
> If you're going to do any vetting, the time to do it is at registration,
> not at crunch time.
If what you're talking about is the identity of the person registering,
yes.
If what y
On Tue, Apr 03, 2007 at 10:55:38PM -0500, Joe Greco wrote:
...
> What purpose does an identity check serve? How do you verify the
> identity? If a domain name is already registered, what value is there
> to the "identity" check? What identity are you verifying? The
> individual requesting the
On Apr 4, 2007, at 11:57 AM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
[SNIP]
That is really a separate issue. This discussion is about limiting the
damage caused by domains which do rapid NS switching. If we know which
domains are new, DNS operators could put them on probation and o
Greetings.
While its a pretty brute force approach, one method I’m trying is to
curtail the source of email. In otherwords, if smtp traffic comes from an
unknown source it gets directed to a sendmail server that intentionally
rejects the email message (550 with a informational message/url). If th
> > If you're going to do any vetting, the time to do it is at
> > registration,
> > not at crunch time.
>
> The bulk of the discussion over the past few days was directed at the
> practice of rapid updates of BRAND NEW DOMAIN NAMES. Clearly this is
> entirely separate from the issue of updating
> Analogies that compare to a postulated situation which is patently
> false are amusing, but non-constructive. You might wish to bone up on
> your understanding of US firearms law (preferably from a source other
> than CSI or Law & Order [insert standard disparaging comment about the
> mass me
> If you're going to do any vetting, the time to do it is at
> registration,
> not at crunch time.
The bulk of the discussion over the past few days was directed at the
practice of rapid updates of BRAND NEW DOMAIN NAMES. Clearly this is
entirely separate from the issue of updating information f
> Some of it is quite sophisticated: full blown "instant" profiles with
> fake comments ... the smarter spammers actually make the profile look
> real (often lifting material from legit user profiles), and then
> just ...
At the MIT Spam Conference, I was talking to MySpace's anti spam
researche
<[EMAIL PROTECTED]> writes:
> Same with buying a handgun in most states and in Canada. Same with
> opening a business in most jurisdictions. You have to go to cityhall and
> apply for a license first. Why should domain name registries be special
> and be exempt from these normal processes of vet
offers 5 minutes from curb to seat checkin service. The need exists but
it ain't gonna be filled anytime soon because the government prohibits
such things. The government mandates delays and multiple vetting
processes between the time you step on the curb and the time you sit in
your airplane se
> > > There is no need for rapidly unannounced updates by the
> > registries.
> >
> > That simply isn't true.
>
> You're right. Just like there is a very strong need for an airline that
> offers 5 minutes from curb to seat checkin service. The need exists but
> it ain't gonna be filled anyti
Why not make it so that instant updates require a human to show up in person
somewhere and give their fingerprint.
(there are a huge number of businesses out there that make a living handling
transactions where identity matters (think western union, etc),
perhaps some of them would be happy to hav
> > There is no need for rapidly unannounced updates by the
> registries.
>
> That simply isn't true.
You're right. Just like there is a very strong need for an airline that
offers 5 minutes from curb to seat checkin service. The need exists but
it ain't gonna be filled anytime soon because
25 matches
Mail list logo
