On Mon, Apr 03, 2000 at 12:56:11AM +0100, Ian Jackson wrote: > I think you are being hypocritical. You complain when other people > post their opinions and discussions of this topic with you, yet you > post your own diatribes here. Since your request to keep the > discussion to private email seems insincere I shall answer you here.
I've explained why I posted the first message in this thread -- I wasn't sure I could successfully send mail to your machine. Since then, I have merely followed up other people's remarks, if I felt they misunderstood my position. It is you who felt compelled to CC our argument to the submitter of every bug I closed, an act I consider more intrusive than CC'ing a mailing list. The people who submitted those bugs needed to know why I closed them. They did not particularly need to hear you lecture me about your mail system. > Also, I object to your misleading characterisations of my position and I don't recall that I have done so; please cite a reference. > highly tendentious phrasings in your complaints. They are not helpful Perhaps "tendentious" bears a connotation of which I am not aware, but I do not see how making remarks that are consistent with my perspective are particularly problematic. > for constructive debate and I respectfully suggest that you tone it > down. As I said in private email, I understand that you're angry, but > please stop acting out. I'm less angry about SAUCE being sassy with my mail now then I was before, but since you continue to resort to logical fallacies to proclaim the value of the DUL, I can't say that I'm distinctly less upset. To wit: "Paul Vixie approves of the DUL" is not a valid reason for adopting it. Last I checked, Paul Vixie handled the MAPS project generally but delegated management of DUL to Gordon Fecyk (IIRC). We can presume that Paul Vixie approves of DUL on principle, but because someone may be an expert in cron and name service doesn't necessarily translate to a similar level of expertise in good mail transport practice. "Lots of other people use DUL" is not a valid reason for adopting it, unless DUL's value is derived *solely* from the fact that other people uses, and thus promotes interoperability. In fact, DUL is designed to reduce spam, not to be popular, and it actually has detrimental effects on some hosts that follow various RFC's regarding SMTP connections. "Statistics show that DUL generates few false positives" is not a valid reason for adopting it unless these statistics are available for analysis and critique, and we know that the data were gathered under well-controlled conditions. Jason Gunthorpe's statistics for the Debian mailing lists -- while I don't know how well they were controlled -- seemed to indicate that the number of false positives was indeed signifcant. So it is possible to make statistical conclusions that cut both ways with respect to the efficacy of DUL -- and that means that we either need better statistics, or must abandon quantitative analysis as a means of determining the value of DUL. For an explanation of why the above are invalid logical arguments, I refer the reader to any introductory level book on rhetoric or critical thinking. > The problem is caused by the existence of spam, because it means that > there are people who are trying to send mail to us whose mail we > definitely want to exclude - and these exclusions are essentially > political rather than technical and sometimes have false positives or > mean that certain kinds of apparently harmless behaviour end up > forbidden. This leads to the kinds of heated debates we've seen here. I don't understand why you feel the need to qualify "harmless" with "apparently". Is it your position that the sending of non-spam mail from a dialup host is in fact harmful? If so, please support that position with an argument that doesn't refer to DUL (to do so would be circular reasoning). > It seems obvious to me that we should try to balance the negative > effects of spam (and other kinds of abusive or broken mail) and the > inconvenience of people having to change mail configuration or > whatever to make the mail get through. To achieve a "balance" acceptable to the corpus of the project is likely going to require some kind of democratic approach, and involve compromise. I have seen no evidence that DUL advocates are willing to compromise. There might not be much in the way of middle ground to reach on this issue; there are people who believe it is acceptable to deliberately impede the transmission of e-mail that isn't spam, and there are those who don't. It is well and good for each person to make this decision for his or her own mailbox -- but blacklists are typically configured at the MTA level, which means that people can unwittingly become subject to blacklists that they wouldn't otherwise employ. > Instead, we should argue each issue on merits in a constructive way, > in terms of its costs, benefits etc. Keep in mind that bounced non-spam mails are a special kind of cost that directly detract from the benefit. It is not an auxiliary cost, like CPU cycles or RAM consumed -- but rather a "cost" that reduces the bottom line benefit directly. It is, in effect, like a shopkeeper deliberately turning business away; it is not like his utility bills or payroll expenses. > It seems to me that the case for the MAPS RBL and the MAPS RSS are > pretty well established; they have very low false positive rates, and > are generally careful about who they include. With the RBL, of > course, you could even say that it's unethical to financially support > a spam-haven ISP. It's true that being (or mailing via) an open relay > - the criterion for RSS - is not necessarily evil in itself, but it ^^^^ > makes it very hard to distinguish legitimate from spam mail, and in > general we are all I think agreed that in today's Internet open relays > are a problem which needs to be removed. Where did "evil" come into this? I thought you were going to do an economic cost/benefit analysis, not a moral one. Otherwise you're not really making much of an improvement over the folks shouting about "rights", a tactic you identified as counter-productive. > I won't go into the DUL here, because that's a very contentious issue > and would be too much to talk about in this one message. I'll send > another message with my view on the DUL. Well, where's the cost/benefit analysis? It's not in the other message, either. Just the three logical fallacious I described earlier. > Branden's complaint is about the fact that for the first three hours [...] > the `450' message and became upset. I suppose you're hashing through all this again on the mailing list because of my inflammatory subject line. So, for those keeping score, either in private mail to iwj or to this mailing list, I: 1) Acknowledged that a bounce message was not received; 2) Acknowledged that the mail was ultimately delivered; 3) Acknowledged that I overreacted when closing the bugs from senders at chiark: "I plead guilty to behaving somewhat inappropriately, albeit in a fundamentally non-damaging and reversible way. If you think I should be somehow disciplined for this action, you know who to talk to." (iwj reopened the bugs, except for one that had been fixed for years anyway, and so stayed closed). What do you want, a retraction? Fine: Ian Jackson, I'm sorry I said I was on your blacklist when I wasn't. I misunderstood and overreacted. Though I won't be surprised if before long I end up in your killfile. :-/ > Branden claims: > Individual users must twist themselves into [a] pretzel [...] > to satisfy SAUCE [.] > This is simply false. Individual users have to do nothing at all. You're right. Let's s/individual users/system administrators/ and restore what you eliminated with brackets: "System administrators must twist themselves into one pretzel to satisfy the DUL, another to satisfy ORBS (where you can be blacklisted by association, not for doing anything wrong on your own box), a third to satisfy SAUCE (where the concept of blacklisting has been turned on its head and you must qualify for a "whitelist" before it deigns to listen to you). I'm sure the list will continue to grow as certain individuals find the measures of all of the above insufficient." If they don't have to do anything special to avoid being rejected by SAUCE, fine. They still may fall victim to blacklists *despite no spam mails ever having been originated or relayed by their machine*." That is the phenomenon to which I object. That is why I agree with your statement (far) above that said we should get some standards in place. A mail administrator needs to know what to expect, if his SMTP connections are to be turned away and he *knows* he's not contributing to the Internet's spam problem. If we absolutely have to hack away at the poor unwashed unfortunates on dialup and/or dynamic IP's by refusing to let them send mail generally, then let's get it in an RFC. Tell them they can't do it in an accepted standards document. You and Craig Sanders think ORBS is reckless, someone else in Debian (maybe it was Hamish Moffatt) doesn't. Obviously people who are deeply concerned about spam can have differing opinions. This is fine until they impose their differing opinions on other people in such a way as you can't be sure ahead of time who you're going to be able to connect to on port 25. In thinking about this, I have to wonder if it wouldn't be a bad idea to advertise what anti-spam measures are in place in the response to the HELO (or EHLO) command, along with the other extensions. If a host can figure out what blacklists it is on, MTA's would thus be able to generate their own bounces without bothering to try and send the mail message. You might think this is redundant since real bounces would be sent anyway, but if the MTA furthermore keeps track of what hosts blacklist it, you can actually collect statistics about how much mail is being blackholed from the *sending* site. What would this accomplish? It would give us those lovely statistics on false positives that are so troublesome to otherwise determine. After all, the RBL and DUL don't bother to look inside the mail sent from a host and see what it is -- spam or otherwise. The *sending* host is in a much better position to track the information about false positives. I've snipped most of the rest of Ian's critique of me because I figure he feels the need to joust back at me and re-establish his place in the Debian dominance hierarchy. Okay, Ian, I give. You can belittle people better than I can. Uncle. Since I've now acknowledged the fact that I overreacted multiple times, once privately and once publically, please let me know when you're done. By the way, the time you've spent compelling me to slink away like a whipped cur I could have spent writing up that proposal for a Debian Procedures manual. Since you know I'm a pathologically defensive person, why not leave me alone for a bit and let me get back to work? :) > (The message `Irritated' does really mean something here. It's to do > with SAUCE's teergrube function. If SAUCE needs to issue an SMTP > error response, it will pause for a little before actually sending the > error response. It remembers for each calling IP address how many > errors it has been sending recently, compared to successful responses > and successful message deliveries, and calculates a delay for each > error response - or in extreme cases each response of any kind - > according to a complicated formula. This has a number of benefits. > For example it prevents address-testing/harvesting by spammers. Some > sending systems will immediately retry the same failed request, and it > prevents these infinite loops from spinning out of control.) The subjective issue of humor aside, do you suppose there is *any* possible non-anthropomorphic term that could communicate the same message? Do we *have* to have "cute" messages like "ecstatic", "pleased", "irritated", "angry", and "furious"? Is SAUCE freely licensed? Maybe I could package it for you and replace these words with terms more descriptive for people like myself with thick skulls and thin skins... Finally, I note that your teergrube appears weighted towards negative assessments -- unless there's another "happy" state you haven't mentioned? -- G. Branden Robinson | A celibate clergy is an especially good Debian GNU/Linux | idea, because it tends to suppress any [EMAIL PROTECTED] | hereditary propensity toward fanaticism. roger.ecn.purdue.edu/~branden/ | -- Carl Sagan
pgpc5QwnXJ4Ev.pgp
Description: PGP signature