Just to correct the record, I didn't say that blocking open relays
encourages spam. I said that the open relay blacklists are spammers (well,
I said they are certainly spammer resources, and probably the spammers,
too). You could paraphrase that to say that using open relay _blacklists_
encourages spammers. I've said that if you block the open relay
blacklists, spammers won't sign up for service. And I've said that
blocking open relays usually only blocks legitimate email, and does not
block any spam, since the spammer could have connected directly or through
their ISP's relays. And I've said that open relays do not benefit the
spammer or multiply their sending rate. Not to rehash this, as I know
some people disagree. But if you are going to quote me, please quote me
accurately.
I understand some of what Ofer is ranting about, but there are other ways
besides double opt-in to prevent or track abuse of lists. Though,
frankly, even though Ofer was an intern in my group at KSR in the early
90's, I don't recall any sites with well-known passwords. Most of the net
back then was connected via 56K links and telnet was slow. People got
guest accounts at sites they had some connection with. Maybe those guest
account passwords were circulated among some student groups. But I think
perhaps he is mis-remembering stories about Richard Stallman. But those
stories pre-date the internet, and date from the early 80s.
However, I disagree that list admins are responsible for the abuse of
their lists. The abuser is responsible for their abuse. No one else is
responsible. Of course there exist things that can be abused. If their
didn't, their wouldn't be any conveniences or any utility. Any tool can be
abused. Even a box cutter, or a nail clipper. The people they abuse are
usually known to them. Spam is but an annoyance. The abuser is eventually
found, or they eventually quit. The most important thing for an admin to
consider is business, and getting work done. It is a mistake to become a
BOFH and interfere with business or productivity in order to seek out some
holy grail of reducing spam. The first priority of an admin is to keep
the business and its users productive. Blocking a single legitimate email
is usually more costly than deleting hundreds of spams.
I have no sympathy for those on a radical qwest to stamp out spam. They
won't ever succeed. All they can do is make the abusers feel more
powerful. Frequently, they seem to become abusers themselves to make
their point. They make life more difficult for everyone, who have to
explain why their half baked plans won't really work. They are much worse
than the spammers. Much worse.
--Dean
On Thu, 14 Nov 2002, Justin S. Peavey wrote:
> Cos,
>
> Please note, I am not arguing against your points, nor have I been. I
> considered them valid, posted them to the membership for discussion,
> and stated my personal opinion in support of confirmations; so I'm not
> too sure who you're ranting at here.
>
> I bring it up for discussion because thats the way we do things here,
> at least for non-emergency changes to the SOP. Ideologies are quite
> wide-ranging on this list (I'll rehash the list debate on why blocking
> open relays encourages SPAM to make my point if necessary :-), so
> personally I don't assume anything as a no-brainer.
>
> For the current record, we have had a couple of public vocal postings
> in-favor of confirmations, two private posts to me of the ilk "it's
> been working fine, so if it ain't broke...", and one private post in
> support of confirmations. This topic has been being discussed for two
> days now and I've heard no strong objections, so unless anyone can
> swing a valid counter-point, I'll make the change today.
>
> -Justin
>
> On Wed, Nov 13, 2002 at 01:18:16PM -0500, [EMAIL PROTECTED] scribed to To
>[EMAIL PROTECTED]:
> > [BTW, I am only on the announce list, so if there's been any
> > discussion on bblisa not cc'd to me, I haven't seen it.]
> >
> > "Justin S. Peavey" <[EMAIL PROTECTED]> wrote:
> > > Thanks Tabor. Folks, to be clear - I am not advocating the currently
> > > policies, just stating them as they stand and implementing them. My
> > > personal opinion tends toward limiting the list posting to
> > > subscribers-only and requiring confirmation.
> >
> > I never said anything about limiting list posting. I'm not even on
> > the discussion list :) As Tabor said, that's something that can be
> > debated, with merits on both sides. If I were subscribing to the main
> > list I'd probably argue for keeping posting open until there were a
> > problem, and closing it only then.
> >
> > However, requiring confirmation for subscription is an absolute no
> > brainer. It needs to be done on every Internet-accessible mailing
> > list, no exceptions. I'm surprised anyone would even bring it up
> > as a discussion topic. Five years ago, yeah, people debated this.
> > But today? On a mailing list full of sysadmins?
> >
> > In the early 90s plenty of sites had guest accounts with no passwords,
> > or well known published passwords. If you pointed out the existence
> > of such an account to an admin today, though, you'd expect a response
> > of "oops, thanks for pointing it out" followed by a quick fix. Not a
> > discussion about whether they want to have open accounts accessible
> > from the net because it's been that way in the past and they haven't
> > suffered a lot of abuse of it yet.
> >
> > Pranksters, spammers, and people with grudges, are using unconfirmed
> > subscription mailing lists as their tools on a regular basis. When
> > they do this, both the list and the unwitting new subscribers are the
> > victims, everyone is confused, recriminations flow, and nobody knows
> > who actually is to blame. The list admins are responsible for this.
> > When I receive unwanted email, write back to complain, and am told by
> > some list admin that my address was subscribed to the list and it's
> > not their fault they didn't know I didn't want to subscribe, they have
> > no way to know who subscribed me... I know who to blame. It is their
> > responsibility, because they run a list that doesn't require positive
> > confirmation of subscriptions, and their evasion carries no weight.
> > When this happens to bblisa, do you want people complaining to your
> > ISP and to their ISP that you're running a spam list?
> >
> > I feel like I'm back in the mid 90s, to even have to say this.
> >
> > "OSI is a beautiful dream, and TCP/IP is living it!"
>
> --
> Justin S. Peavey <[EMAIL PROTECTED]>
>
> "Back Bay LISA" List Administrator
> http://www.bblisa.org
>
>
> ---
> Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'.
> Mail administrative requests to `[EMAIL PROTECTED]'.
>
---
Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'.
Mail administrative requests to `[EMAIL PROTECTED]'.
