Re: List congestion

2023-09-20 Thread zeynep 
Thank you for this information, Greg. This is a matter that should be discussed 
here. The cpunks mailing list has been under spam email attacks for years, but 
in the last few years, a person claiming to be named "Karl" has been sending a 
large number of spam emails. I refer to this person as the user with the 
username "Karl," of course, this is not “their” real identity. Of course, they 
use some intermediary programs while doing these. This is an attack, just like 
in previous years. 
    There are even more important details; most of the emails disappear in the 
archive. These spam emails coming from Karl and various usernames are 
disrupting the archive. These are attacks similar to those in previous years, 
but they serve as a barrier for many to escape from here and exchange ideas 
with each other. It leads to the breakdown of the community and causes people 
worldwide who share similar ideas to abandon this community, among many other 
things.
   This situation prevents the discussion of many important topics; people have 
become much more indifferent towards governments compared to the 90s. Except 
for the 2010s, now most people don't care about their data being collected, and 
those in such communities are being blocked with this 'exhaustion method’
While usernames like Karl (may sound anti-democratic), technical sanctions 
should be applied. My message to the people here is to overlook these and 
discuss again what we can do next.
Regards 
Zeynep

List congestion

2023-09-20 Thread Greg Newby 
Hi dear friends.

Here is a summary of what's been going on with the cypherpunks list and server 
since Saturday September 16.

Two factors combined that resulted in the cpunks list being temporarily 
throttled or rate-limited by gmail, yahoo and probably a few other big email 
services.

One factor is Karl's rate of messaging, mentioned below. I counted 115 unique 
messages sent to the list over a 6-hour period on September 16.

This rate of messaging is much higher than typical, and gmail and yahoo 
automatically started rate-limiting our messages. Here's a typical response 
from gmail - note that it's from today. We are still rate-limited:

77E2511C0DDF   12495 Wed Sep 20 02:09:59  cypherpunks-boun...@lists.cpunks.org
(host alt1.gmail-smtp-in.l.google.com[74.125.193.27] said: 421-4.7.28 
[69.55.231.143  15] Our system has detected an unusual rate of 421-4.7.28 
unsolicited mail originating from your IP address. To protect our 421-4.7.28 
users from spam, mail sent from your IP address has been temporarily 421-4.7.28 
rate limited. Please visit 421-4.7.28  
https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 
review our Bulk Email Senders Guidelines. 
z15-20020adff74f00b00321773bb921si909870wrp.463 - gsmtp (in reply to end of 
DATA command))

There are currently almost 100 messages to cypherpunks that have not been 
delivered to gmail addresses. (This message will, presumably, soon be one of 
them.)


The second factor is that Karl was victim of an unsubscription mailbombing 
attack. Over 200,000 unique IP addresses visited the page at lists.cpunks.org 
to send a password reminder to his gmail address. At one point there were over 
33,000 messages queued up to Karl on the cpunks server. Gmail started bouncing 
these, too. I deleted a whole bunch that were pending and the attack stopped on 
Saturday night.


Now, several days later, gmail is still blocking messages. The cpunks list has 
around 50 subscribers with gmail addresses. Those folks probably won't see this 
note until gmail allows messages to flow.

The link above has Google's guidance on this situation. The cpunks server is 
fully compliant with all the technical controls like SPF, and hopefully all the 
messages will eventually be delivered.

Meanwhile, messages always go to the list archive, here:
  https://lists.cpunks.org/pipermail/cypherpunks/


To address the first issue, on Saturday I asked Karl to consider sending fewer 
messages per day. Combining many short messages into fewer longer messages will 
be less likely to trigger rate limiting on the big mail services.


To address the second issue, if the problem reoccurs I can put some 
captcha-style blocks on the list management page(s) and/or simply disable the 
password reminder feature. It would be great if the problem simply doesn't 
occur again, though, since it has a big impact on the server and other 
subscribers, not just Karl.

For that broader context, the cpunks server at https://lists.cpunks.org is the 
main production server for Project Gutenberg, from which we publish around 200 
new free eBooks/month. On Saturday, messages to one of the key production 
coordinators who has a yahoo.com email address could not get through because 
yahoo, like gmail, was blocking us.

Many of us will remember that historically, cypherpunks was a set of lists 
connected via remailers. That is something that could happen again if there is 
interest - certainly I would do what I can to support it. Meanwhile, though, 
the list lives on a single physical server.

I hope this background is useful. I don't feel any need to keep this type of 
situation a secret, and it's the nature of cpunks that subscribers want the 
list to keep working. Suggestions and discussion are welcome.

  ~ Greg

On Tue, Sep 19, 2023 at 09:50:55PM -0400, mailbombbin wrote:
> i miss spamming the cypherpunks list densely
> it gave me relief to know i was flooding [good people] [relief from my
> learned experiences]
> i’ve been thinking some of continuing it despite greg’s request
> draft saved at 2149, 2147-8
> 
> i guess it would make sense to use a unique host
> 
> i don’t really understand gregs emails, how are my posts issues
> compared to thousands of bomb things? i imagine its complicated to
> reciew, huge logs, many recipients, different error messages
> 
> 2150