Re: spamcop
Am 2006-09-28 14:01:01, schrieb Mumia W..: I've gotten a couple of such messages with the virus removed. What? - Maybe it was an accident... =8O I have arround 400.000 of them in my Virus/Spam store If you need such attachmenst, I can forwar it to you. ;-) Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Cameron L. Spitzer [EMAIL PROTECTED]: [This message has also been posted to linux.debian.user.] In article [EMAIL PROTECTED], s. keeling wrote: Mumia W.. [EMAIL PROTECTED]: On 09/28/2006 12:23 PM, Andrew Sackville-West wrote: [...] also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or I've gotten a couple of such messages with the virus removed. Follow it up. Complain to the bouncer that their SMTP is misconfigured and they're sending bounce messages to innocent third parties whose From: addresses were forged by spammers. My experience has been that anyone clueless enough in 2006 to run a broken server (Barracuda appliance, Qmail...), that sends backscatter to random addresses supplied by spammers and malware, is too clueless to understand a complaint about it. If you can even get a complaint through. I feel your pain. Look their domain up in whois -h whois.abuse.net. Thanks. postmaster (default, no info) every time. Send mail to [EMAIL PROTECTED] and [EMAIL PROTECTED] User unknown, or sorry, your spam report triggered our spam filter. Schmucks. Not just clueless, clue resistant. Clue repellent. Report them to RFC-Ignorant.org when that happens. Then add them to your local DNSBL if you can get away with it. Or your firewall. ACK. Thanks. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://www.spots.ab.ca/~keeling Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Friday 29 September 2006 03:23, Andrew Sackville-West wrote: I hate to get into this discussion but... On Thu, Sep 28, 2006 at 06:09:46AM +1000, Andrew Vaughan wrote: [snippage] However apparently the problem is users reporting list emails to spamcop. just to point out that I've personally been getting a few of these lately. confirmation emails from lists I've not signed up for. Now, I know better than to report these to a blacklist, and in fact, I don't tag them as spam for my filter either, in case I miss a legit one, but others in this world don't think and it would be pretty easy for someone to report one as spam and there you go, the list is blacklisted again. just a thought. My phrasing evidently wasn't clear. AIUI the problem isn't misdirected confirmation emails. The problem is that some spam makes it through debian filters. List subscribers then report that that spam to spamcop. Spamcop then blames murphy for sending that spam. In the bits you snipped I even quoted the spamcop web page saying mailing list subscribers shouldn't report spam they have received via mailing lists they are legitimately subscribed to. Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Saturday 30 September 2006 12:02, Andrew Vaughan wrote: My phrasing evidently wasn't clear. AIUI the problem isn't misdirected confirmation emails. The problem is that some spam makes it through debian filters. List subscribers then report that that spam to spamcop. Spamcop then blames murphy for sending that spam. Spamcop will list an IP address based on two criterion 1) mails sent to spamtraps 2) mails reported by users as spam The weightage on these two are different. Sometimes a server could have been listed due to sending emails to spamtraps, sometimes it could have been listed due to users reporting spam emails to spamcop and sometimes both. However as mentioned in http://lists.debian.org/debian-user/2006/09/msg01679.html the last time murphy was listed is because of spamtraps. While in previous situations it could have been listed for reason (2), the last time murphy was listed seems to be solely due to (1). If the reason is infact (1), then it is debian's fault and not spamcop's. If the reason is (2), then the list admins should report these users to spamcop and then their spamcop accounts will be suspended because spam mails on a mailing list should be reported only by list admin and not by the users... hope that helps raju -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Kamaraju Kusumanchi [EMAIL PROTECTED]: On Saturday 30 September 2006 12:02, Andrew Vaughan wrote: My phrasing evidently wasn't clear. AIUI the problem isn't misdirected confirmation emails. The problem is that some spam makes it through debian filters. List subscribers then report that that spam to spamcop. Spamcop then blames murphy for sending that spam. Spamcop will list an IP address based on two criterion 1) mails sent to spamtraps 2) mails reported by users as spam SC also takes into account the number of separate reports from discrete users. One report means little. In the past, when I was receiving list mail, I've reported spam received from the list and the Spamcop report always mentioned that it noticed the spam came from a mailing list and SC never blamed the list. It went after the spam's originator. I'm always very careful about checking who or what Spamcop is going to slap once I confirm it's spam, and I never saw it list murphy or any other Debian machine as being responsible. Nowadays, I read the lists via the Usenet gateways linux.debian.*, so I no longer have to care. Whatever spam lands on the list doesn't get to my eyes unless I'm dumb enough to tell slrn to display it. If it does, that's my fault more than anyone else's. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://www.spots.ab.ca/~keeling Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
s. keeling wrote: Here's some aliases to help you look up the originator's complaint address which you can Cc: in the same mail to get the originator's account killed (there may be others, and I'd appreciate hearing about them :-): afnic='whois -h whois.afrinic.net' apnic='whois -h whois.apnic.net' arin='whois -h whois.arin.net \+' brnic='whois -h whois.registro.br' jpnic='whois -h whois.nic.ad.jp' krnic='whois -h whois.krnic.net' lacnic='whois -h whois.lacnic.net' ripe='whois -h whois.ripe.net' Check out the gwhois package in debian, the /etc/gwhois/pattern file. -- Håkon Alstadheim priv: +47 74 82 60 27 7510 Skatval mob: +47 47 35 39 38 http://alstadheim.priv.no/hakon/ job: +47 93 41 70 55
Re: spamcop
[This message has also been posted to linux.debian.user.] In article [EMAIL PROTECTED], s. keeling wrote: Mumia W.. [EMAIL PROTECTED]: On 09/28/2006 12:23 PM, Andrew Sackville-West wrote: [...] also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or I've gotten a couple of such messages with the virus removed. Follow it up. Complain to the bouncer that their SMTP is misconfigured and they're sending bounce messages to innocent third parties whose From: addresses were forged by spammers. My experience has been that anyone clueless enough in 2006 to run a broken server (Barracuda appliance, Qmail...), that sends backscatter to random addresses supplied by spammers and malware, is too clueless to understand a complaint about it. If you can even get a complaint through. Look their domain up in whois -h whois.abuse.net. postmaster (default, no info) every time. Send mail to [EMAIL PROTECTED] and [EMAIL PROTECTED] User unknown, or sorry, your spam report triggered our spam filter. Not just clueless, clue resistant. Clue repellent. Report them to RFC-Ignorant.org when that happens. Then add them to your local DNSBL if you can get away with it. Or your firewall. Cameron -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Seth Goodman [EMAIL PROTECTED] writes: You are responsible for everything that comes out of your server, intentional or not. Sure, but sending a few pieces of mail to a spamtrap pretty clearly isn't causing any actual harm. Rather, it's being used as evidence that the sender is a spammer, and cases such as Debian show that indeed, such evidence is sometimes wrong. So what exactly is the harm that debian is responsible for? Does it justify the reaction? What if I dial a wrong-number which is an FBI trap for terrorists (or whatever ;-), and the FBI subsequently throws me in jail for months until I'm cleared. I'm responsible for the mis-dial, but it's at worst an utterly minor transgression. The FBI, on the other hand, has arguably done something much worse. [We sometimes excuse police agencies of such acts if the potential risk they are defending against is _extremely_ grave, but I don't think it's reasonable to claim spam falls into that category.] One can manipulate legitimate servers into abusing innocent third parties, or to falsely incriminating themselves as spammers. When that happens, it is incumbent on the owner of the server to take action. That's part of the responsibility of running an server on the net. Indeed -- so what is the action that spamcop would like? Mistakes will occur from both ends and both parties have to cooperate. From reading this list, I can see there's a fairly clear set of things debian would like spamcop to do (mainly have some sort of white list, either for machines or pattern matching of messages reaching spamtraps). I've never seen any indication that spamcop has said anything constructive about the issue (maybe they have of course), and the impression I've gotten is that they really don't want to enter a dialogue at all, just prescribe standard generic solutions (which may not apply). Thumbing our noses at a DNSBL that many people consider worthwhile is not good policy. Probably not. [Of course if the DNSBL proves itself to be a bunch of clueless bozos who are completely unwilling to listen to outside criticism (and there certainly are such), there may not be much choice... Mind you, I have no idea whether spamcop has reached this level.] -Miles -- 1971 pickup truck; will trade for guns -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wednesday 27 September 2006 16:15, David Dyer-Bennet wrote: On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: On Wednesday 20 September 2006 08:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! If murphy is sending spamtraps, it deserves to be listed. period. Um, nonsense. Not really! Best practice for any mailing list is to require email confirmation, based on a message sent to the subscribed address (whether the initial subscribe request came via email or over the web). Thus, I can make any mailing list server send email to a spamtrap address trivially -- I just fake a subscribe message from the spamtrap address, or enter the spamtrap address into the subscription form on the web. The catch here is that you have no idea of what the spamtrap address is. I dont think it is easy for humans to guess what the spamtrap addresses look like. raju -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On 9/28/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: The catch here is that you have no idea of what the spamtrap address is. I dont think it is easy for humans to guess what the spamtrap addresses look like. That depends on what direction you're trying to go. Are you trying to determine if a particular address is a spamtrap? That might or might not be easy to do. Are you trying to find a spamtrap address? I'm pretty sure I found one, and it was trivial to do. From the format of the address, it would be easy for a human being to recognize, and I could probably guess some reasonable patterns for grep that would find others. -- Michael A. Marsh http://www.umiacs.umd.edu/~mmarsh http://mamarsh.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
I hate to get into this discussion but... On Thu, Sep 28, 2006 at 06:09:46AM +1000, Andrew Vaughan wrote: [snippage] However apparently the problem is users reporting list emails to spamcop. just to point out that I've personally been getting a few of these lately. confirmation emails from lists I've not signed up for. Now, I know better than to report these to a blacklist, and in fact, I don't tag them as spam for my filter either, in case I miss a legit one, but others in this world don't think and it would be pretty easy for someone to report one as spam and there you go, the list is blacklisted again. just a thought. also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or somesuch, but man there's a ton of it lately. A signature.asc Description: Digital signature
Re: spamcop
On 09/28/2006 12:23 PM, Andrew Sackville-West wrote: [...] also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or somesuch, but man there's a ton of it lately. A I've gotten a couple of such messages with the virus removed. -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, Sep 28, 2006 at 02:01:01PM -0500, Mumia W.. wrote: On 09/28/2006 12:23 PM, Andrew Sackville-West wrote: [...] also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or somesuch, but man there's a ton of it lately. A I've gotten a couple of such messages with the virus removed. I get tens of those a day and so does mike mccarty -- I recently started getting emails with virus spoofed as if coming from him. we are digging through them looking for similarities etc before posting up to the list in general. at least I'm not alone :) A signature.asc Description: Digital signature
Re: spamcop
Kamaraju Kusumanchi [EMAIL PROTECTED] writes: The catch here is that you have no idea of what the spamtrap address is. I dont think it is easy for humans to guess what the spamtrap addresses look like. I suspect that spammers know a lot more about that than you or I. Or maybe they don't, and simply do it _randomly_. Anyway, the point is that simplistic assumptions like if it arrives at a spamtrap, it must be spam are just that -- simplistic. Spamcop ought to have measures in place to deal with the inevitable cases where their assumptions turn out to be wrong. Unfortunately many anti-spam sites, in their zeal to attack spam, seem to not care very much about what collateral damage they inflict. -Miles -- Is it true that nothing can be known? If so how do we know this? -Woody Allen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Mumia W.. [EMAIL PROTECTED]: On 09/28/2006 12:23 PM, Andrew Sackville-West wrote: [...] also, threadjacking, but its spam related... is anyone else getting a lot of these bounced email spam? I'm getting a TON of it lately. It all has a .zip or .com binary attachment, so obviously its a virus or I've gotten a couple of such messages with the virus removed. Follow it up. Complain to the bouncer that their SMTP is misconfigured and they're sending bounce messages to innocent third parties whose From: addresses were forged by spammers. Here's some aliases to help you look up the originator's complaint address which you can Cc: in the same mail to get the originator's account killed (there may be others, and I'd appreciate hearing about them :-): afnic='whois -h whois.afrinic.net' apnic='whois -h whois.apnic.net' arin='whois -h whois.arin.net \+' brnic='whois -h whois.registro.br' jpnic='whois -h whois.nic.ad.jp' krnic='whois -h whois.krnic.net' lacnic='whois -h whois.lacnic.net' ripe='whois -h whois.ripe.net' Forward inline (not as attachment) to the abuse address and have them deal with their problem. Two birds, one stone. Kill a spammer, and educate a clueless admin. Received: is your friend. Learn to read them. It's not difficult. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://www.spots.ab.ca/~keeling Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. Spammers! http://www.spots.ab.ca/~keeling/emails.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: spamcop
On Thursday, September 28, 2006 6:26 PM -0500, Miles Bader wrote: Anyway, the point is that simplistic assumptions like if it arrives at a spamtrap, it must be spam are just that -- simplistic. Spamcop ought to have measures in place to deal with the inevitable cases where their assumptions turn out to be wrong. If an address has never sent email, it is obviously impossible for it to opt in to anything and any mail that it receives is unsolicited. If someone guesses an address at a domain and sends it mail, that is also unsolicited. If someone makes a typo when entering their email address, it may be an honest mistake but it is still an unsolicited message and it came from your server. You are responsible for everything that comes out of your server, intentional or not. I suppose one could postulate that DNSBL's should all be required to have a human view every potential listing, to avoid a small number of false positives due to honest mistakes. OTOH, it would be just as unreasonable to suggest that a large public list such as Debian-user should have an administrator manually approve every confirmation email before sending, to avoid any abuse to innocent third parties. Both are impractical. One can manipulate legitimate servers into abusing innocent third parties, or to falsely incriminating themselves as spammers. When that happens, it is incumbent on the owner of the server to take action. That's part of the responsibility of running an server on the net. Unfortunately many anti-spam sites, in their zeal to attack spam, seem to not care very much about what collateral damage they inflict. While there is no excuse for operating a DNSBL without a reasonable level of care, it is not possible to manually review every listing/delisting event. Nor is it possible to avoid all errors in an automated process where forgery is possible. Mistakes will occur from both ends and both parties have to cooperate. Thumbing our noses at a DNSBL that many people consider worthwhile is not good policy. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wednesday 20 September 2006 08:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! If murphy is sending spamtraps, it deserves to be listed. period. If it is not spamcop, there are tons of other DNSBLs which will happily list it in the due course. Since spamcop is very very aggressive, you are seeing the effect first in spamcop and not in other DNSBLs. Why not just whitelist murphy by yourself? raju -- http://kamaraju.googlepages.com/cornell-bazaar http://groups.google.com/group/cornell-bazaar/about -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: If murphy is sending spamtraps, it deserves to be listed. period. Um, murphy sends confirmation email to any address registered through the web interface. Even if you changed this to email-to-subscribe without a web option, addresses can be spoofed. This isn't about spam coming from murphy, it's about a denial of service attack against it. I suppose another option is to have the confirmations handled by a different host, though this still allows an attacker to DoS the confirmation server through spamcop, so that people using spamcop can no longer subscribe nor unsubscribe. -- Michael A. Marsh http://www.umiacs.umd.edu/~mmarsh http://mamarsh.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: spamcop
On Wednesday, September 27, 2006 10:58 AM -0500, Michael Marsh wrote: On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: If murphy is sending spamtraps, it deserves to be listed. period. Um, murphy sends confirmation email to any address registered through the web interface. Even if you changed this to email-to-subscribe without a web option, addresses can be spoofed. This isn't about spam coming from murphy, it's about a denial of service attack against it. I suppose another option is to have the confirmations handled by a different host, though this still allows an attacker to DoS the confirmation server through spamcop, so that people using spamcop can no longer subscribe nor unsubscribe. I agree with Michael: tricking a server that responsibly sends out confirmation messages into sending one to a spamtrap is about denial of service. I also agree with Kumaraju that sending mail to spamtraps should get anyone listed. If your server is not otherwise a spam source, and the DoS continues, you should expect to get the server whitelisted. However, it is your responsibility, and not the DNSBL maintainer, to make sure this happens. It's a rather nasty form of DoS, as it uses an organization that tries to fight network abuse to cause problems for the FLOSS community. Worst of all, the Debian listmasters have swallowed the bait. That's why it is important, whether people like SpamCop or not, to arrange to get murphy whitelisted. Complaining that SpamCop is cluelessly administered won't convince many to stop using SpamCop, yet will convince some that the Debian community has an attitude problem. Either way, the people perpetrating the DoS win, though it turns out differently if we cooperate with SpamCop. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wednesday 27 September 2006 11:57, Michael Marsh wrote: On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: If murphy is sending spamtraps, it deserves to be listed. period. Um, murphy sends confirmation email to any address registered through the web interface. What about the idea of placing a captcha in the subscription page (http://www.debian.org/MailingLists/subscribe) ? I am pretty sure this idea must have occured to the persons who are in charge (as it is so simple) and they must have discarded for some reason which I am too ignoramus to think of... raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wednesday 27 September 2006 09:51, Seth Goodman wrote: I agree with Michael: tricking a server that responsibly sends out confirmation messages into sending one to a spamtrap is about denial of service. I also agree with Kumaraju that sending mail to spamtraps should get anyone listed. If your server is not otherwise a spam source, and the DoS continues, you should expect to get the server whitelisted. However, it is your responsibility, and not the DNSBL maintainer, to make sure this happens. It's a rather nasty form of DoS, as it uses an organization that tries to fight network abuse to cause problems for the FLOSS community. Worst of all, the Debian listmasters have swallowed the bait. That's why it is important, whether people like SpamCop or not, to arrange to get murphy whitelisted. Complaining that SpamCop is cluelessly administered won't convince many to stop using SpamCop, yet will convince some that the Debian community has an attitude problem. Either way, the people perpetrating the DoS win, though it turns out differently if we cooperate with SpamCop. +1 This is entirely reasonable and responsible. Spamcop even has its own opt-in confirmation that works the same way. All we need is a listmaster with the time and inclination to communicate with the Spamcop deputies. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: On Wednesday 27 September 2006 11:57, Michael Marsh wrote: Um, murphy sends confirmation email to any address registered through the web interface. What about the idea of placing a captcha in the subscription page (http://www.debian.org/MailingLists/subscribe) ? I am pretty sure this idea must have occured to the persons who are in charge (as it is so simple) and they must have discarded for some reason which I am too ignoramus to think of... I doubt it would help. This is a minimal-effort, large-scale annoyance issue for a person to actually do by hand. The debian mailing lists are a large audience. Someone sufficiently motivated to put murphy into a spam trap with a bogus subscription attempt probably won't balk at a captcha. -- Michael A. Marsh http://www.umiacs.umd.edu/~mmarsh http://mamarsh.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Kamaraju Kusumanchi writes: What about the idea of placing a captcha in the subscription page (http://www.debian.org/MailingLists/subscribe) ? Why do you want to prevent blind people from subscribing? -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thursday 28 September 2006 01:44, Kamaraju Kusumanchi wrote: On Wednesday 20 September 2006 08:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! If murphy is sending spamtraps, it deserves to be listed. period. If murphy is sending to spamtraps, then yes that does need to be fixed. However if the cause is an occasional misdirected subscription confirmation, then this isn't easy. Even spamcop says Occasionally, confirmation requests are misdirected, usually due to innocent typing errors. If one receives a single misdirected confirmation message, do not report it as spam. (http://www.spamcop.net/fom-serve/cache/125.html). However apparently the problem is users reporting list emails to spamcop. (see http://lists.debian.org/debian-user/2006/09/msg02125.html, and the email from [EMAIL PROTECTED] that I'll quote below .) Even spamcop says don't do that. Spam sent to mailing lists No matter how hard list managers try, spammers find a way to inject spam to the list (sometimes even going so far as to subscribe to the list first). This results in all list members receiving the spam. List servers often show themselves as the source of the mail sent to it, not the originating user's IP address. Spam sent to mail lists/groups must not be reported using SpamCop except by the list owner. Subscribers may send a note to the list owner who can block the source from sending to the list or take responsibility for reporting the spam themselves. (http://www.spamcop.net/fom-serve/cache/14.html). Spamcop assumes that its users get it right. A well written example of just what can happen when a spamcop user gets it wrong is http://catless.ncl.ac.uk/Risks/22.19.html#subj7 http://catless.ncl.ac.uk/Risks/22.21.html#subj4 If it is not spamcop, there are tons of other DNSBLs which will happily list it in the due course. Since spamcop is very very aggressive, you are seeing the effect first in spamcop and not in other DNSBLs. Why not just whitelist murphy by yourself? My isp has been using mandatory blocking based on spamcop and cbl. This global blacklist overrides user whitelists, and cannot be disabled. I lost approx. 500 emails from debian.org last week. (They have indicated that they will make changes, but as yet I don't know what those changes will be.) I emailed [EMAIL PROTECTED] some questions about the spamcop/debian relationship. I'll paste sections of the reply below. [Pascal Hakim [EMAIL PROTECTED]] Feel free to quote my replies somewhere public if you wish them to be. Murphy.d.o has been listed on spamcop 6 times in the last 4 months. Is debian actually notified of these listings by spamcop? See reply to next question. Do they attempt to get in touch and give debian a chance to resolve issues before listing murphy.d.o? Spamcop normally seems to notify the owner of the IP block rather than us. The issue we have is list subscribers reporting mail they have received from a list as spam. Spamcop doesn't seem to care that users have actually signed up for this list traffic, although they've told us in the past that they've whitelisted us to some extent. This doesn't seem to help a huge amount, as we still get listed for periods of 24 hours or so here and there. As I understand it, spamcop doesn't do real whitelisting, but their software can be taught to trust an IP so that it will not consider that IP as the source of the spam unless it can't find someone else to blame. Even when they have whitelisted us, they apparently report spam that has gone through the list to the IP block owners, which makes any report they send rather useless, since some people seem to be automating spam reporting to spamcop. Do they reply when some-one from debian.org attempts to contact them? Last time we talked to them (about 3 listings ago), they told us that we had been whitelisted. [snip] When contact is made, is sufficient information provided to give debian a reasonable chance of identifying the actual source of the 'spam' and/or disputing the issue? We usually get to see some of the messages, which are clearly sent to list subscribers. [snip] If spamcop doesn't provide a copy of the spam, do representatives give the the impression that they have actually seen and examined the original spam or do they simply assert that their scripts/users/spam-traps are right? I don't believe humans actually look at a report before the listing is created. When/if the source is identified, is it a. misdirected bounces? b. misdirected auto-responses? c. some-one blaming debian for spam which was sent to a lists? d. spamcop being fooled by forged email headers? e. user/reporter error? f. something else? The times I've looked at reports, it's always been c. Do Debian auto-responders/mailing-lists a.
Re: spamcop
On 9/27/06, Kamaraju Kusumanchi [EMAIL PROTECTED] wrote: On Wednesday 20 September 2006 08:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! If murphy is sending spamtraps, it deserves to be listed. period. Um, nonsense. Best practice for any mailing list is to require email confirmation, based on a message sent to the subscribed address (whether the initial subscribe request came via email or over the web). Thus, I can make any mailing list server send email to a spamtrap address trivially -- I just fake a subscribe message from the spamtrap address, or enter the spamtrap address into the subscription form on the web. -- David Dyer-Bennet, mailto:[EMAIL PROTECTED], http://www.dd-b.net/dd-b/ RKBA: http://www.dd-b.net/carry/ Pics: http://www.dd-b.net/dd-b/SnapshotAlbum/ Dragaera/Steven Brust: http://dragaera.info/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
John Kelly wrote: Many users won't complain, because they're glad to have an INBOX free of porn spam and other garbage. For that, they don't mind sacrificing a potential 2% false positives. Sorry, but my direct experience contradicts your opinion. No only will they not accept any loss of emails, but they will not even accept a delay of a few hours (as we found out when we tried grey-listing). The number of people who complain loudly is small, but they usually happen to be quite influential people. For users who can't overcome the fear factor, I can change their spam setting from BLOCK to TAG. Then they receive everything, garbage and all. The spam which would have been blocked, is tagged with a header X-Delivery-Tag: UCE followed by a descriptive reason. Actually, this is sort of what we do for all spam. Spam messages get sent as an attachment to a warning message with the SA score. Nothing gets deleted, so any false positives can be picked up by the users, who have the responsibility of checking their Junk Mail folder (everyone seems happy to do this much at least). That said, rDNS checks are still useful. If a message fails these then I add a 20s delay after the RCPT command. This does not seem to affect any legitimate customers and even forces some of the spammers to drop the connection. :-D (Even if they don't, our mail servers have the resources spare and it hopefully stops the zombie bots from sending a few extra messages). Best regards, -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: spamcop
On Mon, 25 Sep 2006 14:46:20 +0100, George Borisov [EMAIL PROTECTED] wrote: John Kelly wrote: Many users won't complain, because they're glad to have an INBOX free of porn spam and other garbage. For that, they don't mind sacrificing a potential 2% false positives. Sorry, but my direct experience contradicts your opinion. So I only have an opinion, without experience? How would you know? The number of people who complain loudly is small And thus I lose little by letting them take their business elsewhere. but they usually happen to be quite influential people. When you're near the bottom of the authority chain, perhaps submission is the best way to cope. But I'm not, and I don't.
Re: spamcop
John Kelly wrote: So I only have an opinion, without experience? How would you know? I don't, so I make no assumptions that you do. When you're near the bottom of the authority chain, perhaps submission is the best way to cope. In that case I guess customer service == submission. But I'm not, and I don't. Good for you. Best regards, -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: spamcop
On Mon, 25 Sep 2006 16:55:18 +0100, George Borisov [EMAIL PROTECTED] wrote: John Kelly wrote: So I only have an opinion, without experience? How would you know? I don't, so I make no assumptions that you do. When you're near the bottom of the authority chain, perhaps submission is the best way to cope. My statement is a simple if/then clause. It does NOT say George is near the bottom of the authority chain. I made no assumptions. But if the shoe fits, you can wear it. You started this by saying your experience contradicts my opinion to imply that I don't know what I'm talking about. And then, you contradict yourself. You dispute my assertion that many users are so happy to have a spam free INBOX, they won't complain about losing a few false positives. Yet in the same email, you acknowledge that the number of complaining users is very small. Well then obviously, if the number of complaining users is very small, then what I said must be true: many users won't complain. George, if this is a debate, you're losing.
Re: spamcop
John Kelly wrote: My statement is a simple if/then clause. It does NOT say George is near the bottom of the authority chain. I made no assumptions. But if the shoe fits, you can wear it. Ah well, you missed my point about customer service then (which was my point by the way - shame, I even put in a == and everything to make it more entertaining.) You started this by saying your experience contradicts my opinion to imply that I don't know what I'm talking about. When I said my experience contradicts your opinion I meant exactly that, word for word. If you want to read more into it then that's fine. It is not my place to look after your self-confidence issues. You dispute my assertion that many users are so happy to have a spam free INBOX, they won't complain about losing a few false positives. Yet in the same email, you acknowledge that the number of complaining users is very small. The number of _directly_ complaining users is small. I know well enough that for every one that does a good few more will complain up their chain of command instead (we are only a service provider after all). Well then obviously, if the number of complaining users is very small, then what I said must be true: many users won't complain. Such simplistic thinking - are you sure you know what you are talking about? (FYI this is more of a joke.) George, if this is a debate, you're losing. In your opinion. :-p Best regards, -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: spamcop
John Kelly [EMAIL PROTECTED] wrote: Well then obviously, if the number of complaining users is very small, then what I said must be true: many users won't complain. George, if this is a debate, you're losing. I'm not an administrator, but I do work in a customer-oriented field. One of the first rules to learn is Don't treat your customers like numbers in a statistic. They are real persons with real problems and feelings. One of the 2% lost mail can be the most important ... Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Mon, 25 Sep 2006 18:05:13 +0100, George Borisov [EMAIL PROTECTED] wrote: You started this by saying your experience contradicts my opinion to imply that I don't know what I'm talking about. When I said my experience contradicts your opinion I meant exactly that, word for word. Really? I wonder why then, in the next email you needed to further explain that you made no assumptions about my experience. If you want to read more into it then that's fine. It is not my place to look after your self-confidence issues. And now you try to twist your false implication to make it look like my problem. You lost the fight, George. And that's no mere implication.
Re: spamcop
On Mon, 25 Sep 2006 20:12:37 +0300, Andrei Popescu [EMAIL PROTECTED] wrote: I'm not an administrator, but I do work in a customer-oriented field. One of the first rules to learn is Don't treat your customers like numbers in a statistic. They are real persons with real problems and feelings And what field is that? Most large businesses treat their customers like cattle. Why would Internet service be any different?
Re: spamcop
John Kelly [EMAIL PROTECTED] wrote: On Mon, 25 Sep 2006 20:12:37 +0300, Andrei Popescu [EMAIL PROTECTED] wrote: I'm not an administrator, but I do work in a customer-oriented field. One of the first rules to learn is Don't treat your customers like numbers in a statistic. They are real persons with real problems and feelings And what field is that? Airline (not low-cost) Most large businesses treat their customers like cattle. Why would Internet service be any different? So, in your opinion, if other large businesses treat their customers like cattle, then so should everybody? Then what hope do we have to improve things? I would definitely switch the provider if they would loose my mail. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
John Kelly wrote: Really? I wonder why then, in the next email you needed to further explain that you made no assumptions about my experience. Well you did put a question mark at the end of it. As far as I am aware that generally means you wanted a reply. Also, I don't like to cause unnecessary offence, so when you misinterpreted my words to imply such offence, I wanted to clarify that none was intended. And now you try to twist your false implication to make it look like my problem. There is no need for me to do that, you manage just fine yourself. Paranoia, as well as self confidence issues - this really is out of my league. You lost the fight, George. And that's no mere implication. If this will make you sleep better tonight, then I will happily accept. TO EVERYONE: JOHN KELLY... WINS! FLAWLESS VICTORY!!! (Sorry, this is not really the sort of thing that I can fit fatality into, as well.) As I am the looser here, this will be my last post on this thread. If anyone needs me, I will be crawling with my tail between my legs. I guess everyone has their own way of relieving stress. :-p Best regards, -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: spamcop
On Mon, 25 Sep 2006 20:38:38 +0300, Andrei Popescu [EMAIL PROTECTED] wrote: I'm not an administrator, but I do work in a customer-oriented field. And what field is that? Airline (not low-cost) Airlines? This should light a good firestorm. So, in your opinion, if other large businesses treat their customers like cattle, then so should everybody? You want me to believe that airlines don't treat their customers like cattle? Nowadays passengers hardly dare speak to the flight crew for fear they will call the FBI to report terrorism. Then what hope do we have to improve things? I would definitely switch the provider if they would loose my mail. I never lose mail. By policy, I reject it. Anyone who doesn't like the policy can waive it, upon request. And in that case, I deliver to them all the garbage they can eat. They can have whatever they want, so why would they complain? Anyone who does, is complaining for the joy of complaining. And life is too short to put up with that.
Re: spamcop
On Mon, 25 Sep 2006 18:45:21 +0100, George Borisov [EMAIL PROTECTED] wrote: Also, I don't like to cause unnecessary offence, so when you misinterpreted my words to imply such offence, I wanted to clarify that none was intended. I don't believe you. As I am the looser here, this will be my last post on this thread. In this email, I asked no questions. So if you violate the promise you just made, your self contradictions undoubtedly involve malice and forethought.
Re: spamcop
On Thursday 21 September 2006 21:11, Seth Goodman wrote: On Thursday, September 21, 2006 11:39 AM -0500, Stephen wrote: This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Strongly agree. Spam from USENET is part of it, but SpamCop listed the server because of messages to a spamtrap. If this is correct, it had to be a confirmation message :) Spam trap addresses are secret, so there's no way to stop this except by talking to the DNSBL maintainers. On 21.09.06 22:39, Pollywog wrote: Are you saying that SpamCop maintains spamtrap addresses and that networks or hosts that send spam to them are added to SpamCop's databases? Yes, that's AFAIK how SpamCOP spamtraps work. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Daniele writes: I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. The Debian mailing-list servers never send mail to anyone who is not subscribed. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Daniele writes: I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. On 21.09.06 07:55, John Hasler wrote: The Debian mailing-list servers never send mail to anyone who is not subscribed. pardon, what about spam sent to administrative addresses? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thursday 21 September 2006 14:55, John Hasler wrote: Daniele writes: I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. The Debian mailing-list servers never send mail to anyone who is not subscribed. Yes, you are right. The spam flow through debian servers. They aren't the first source. My apologies for using the incorrect term. Daniele -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On 09/21/2006 07:55 AM, John Hasler wrote: Daniele writes: I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. The Debian mailing-list servers never send mail to anyone who is not subscribed. Yes they do. They send confirmation messages. Spammers will send fake subscription requests to lists.debian.org using forged addresses in the From headers. Some of those addresses will be spamcop spamtraps. Lists.debian.org will get listed. Note that this has *nothing* to do with whether the list is open or not. Closing the list would make it far more difficult for people to report bugs and get help, and it wouldn't do ZIP to prevent spamcop listings. The solution is to gently ask spamcop to exclude debian-formatted subscription confirmation messages from causing a listing. If they don't accommodate, then there is nothing we can do. -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Fri, 22 Sep 2006 04:18:56 -0500, Mumia W.. [EMAIL PROTECTED] wrote: The solution is to gently ask spamcop to exclude debian-formatted subscription confirmation messages from causing a listing. If they don't accommodate, then there is nothing we can do. If spamcop is not self motivated in this respect, other lists besides debian, will have the same problem. So why bother? However, we can do something: stop using spamcop, and recommend the same to others.
Re: spamcop
Stephen wrote:
[snip]
It's not appropriate in my view, to allow anyone to post to debian-user,
without first subscribing. Apparently, anyone can post to debian-user,
without needing to do that step. I don't buy the argument that it's too
much of a hurdle to expect a newbie to debian to subscribe --
Subscribing to e-mail lists is done pretty much everywhere, so it's an
expected task, by pretty much anyone using them.
WARNING WILL ROBINSON! DANGER! IMMINENT FLAME WAR!
[snip]
Hell, it's not like Debian.org doesn't have the expertise to do what's
right IMO.
FIRST SALVO FIRED ACROSS THE BOW!
More to follow, I trow!
Mike
--
p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Mumia W.. wrote:
[snip]
Closing the list would make it far more difficult for people to report
bugs and get help, and it wouldn't do ZIP to prevent spamcop listings.
Please define the phrase far more difficult.
This is a serious request.
Mike
--
p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 2006-09-21 at 09:45 -0700, Alan Ianson wrote: Debian lists are not a source of spam, they are a victim of it. A bit like leaving your car unlocked with the keys in the ignition makes you a victim if it gets stolen. Allowing non members to post will get you spammed. Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On 09/22/2006 10:45 AM, Mike McCarty wrote: Mumia W.. wrote: [snip] Closing the list would make it far more difficult for people to report bugs and get help, and it wouldn't do ZIP to prevent spamcop listings. Please define the phrase far more difficult. This is a serious request. Mike Perhaps I should've said it would make it far more discouraging for people to report bugs and get help from debian-user if they had to subscribe. -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: spamcop
On Thursday, September 21, 2006 8:49 PM -0500, John Kelly wrote: On Thu, 21 Sep 2006 16:33:26 -0500, Seth Goodman [EMAIL PROTECTED] wrote: But once you get a grip and hang on for a while, you realize that sacrificing 2% is a piece of cake. If users value reliably getting their messages more than they value spam reduction, which seems to be the case, it will cost you. Large system admins are not fools. They have tried this and people don't accept it. Is that your experience, or speculation? I do not operate large MTA's, though I have known people who do and they are definitely not fools. They understood that testing for forward DNS != reverse DNS at connection time is an extremely cheap way to reduce the spam load. Some actually do reject for this. The reason that many don't is the level of user complaints they experienced when they tried, or experiences of other operators they know. If most of the large MTA's implemented this policy, you would no longer see a significant false positive rate, as everyone who could would be forced to comply :) There are still a significant number of systems in the developing world whose providers don't delegate reverse DNS or who can't set it for you. Taking a hard-line here would prevent many people from operating a useful mail server. This is the same reason that the sensible RMX proposal for tagging hosts that are permitted to send mail on behalf of a domain failed: the reverse DNS system is in poor condition in many places. People have known for quite a while that forcing systems to take responsibility for their outbound mail flow is the primary issue. That means forward DNS, reverse DNS and EHLO name should all agree. It also means that MTA's must control submission rights, either by IP or preferably with SMTP AUTH, so users can also submit mail remotely. Furthermore, MTA's can limit the use of sender identities to those that the submitter has a right to use. If your network includes insecure systems, it is prudent to force them to submit mail to a smarthost and use both virus and spam filters on outgoing traffic. That small set of best practices would both make it easier for sending MTA's to curtail abuse and then take responsibility for what they send. However, even that modest set of requirements has been too much for the largest providers to implement for fear of the breakage it would cause. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Mumia W.. wrote:
On 09/22/2006 10:45 AM, Mike McCarty wrote:
Please define the phrase far more difficult.
This is a serious request.
Mike
Perhaps I should've said it would make it far more discouraging for
people to report bugs and get help from debian-user if they had to
subscribe.
Thanks for the clarification.
Mike
--
p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Fri, 22 Sep 2006 13:16:23 -0500, Seth Goodman [EMAIL PROTECTED] wrote: I do not operate large MTA's, though I have known people who do and they are definitely not fools. They understood that testing for forward DNS != reverse DNS at connection time is an extremely cheap way to reduce the spam load. Some actually do reject for this. The reason that many don't is the level of user complaints they experienced when they tried, or experiences of other operators they know. Many users won't complain, because they're glad to have an INBOX free of porn spam and other garbage. For that, they don't mind sacrificing a potential 2% false positives. For users who can't overcome the fear factor, I can change their spam setting from BLOCK to TAG. Then they receive everything, garbage and all. The spam which would have been blocked, is tagged with a header X-Delivery-Tag: UCE followed by a descriptive reason. They can key on that for client-side filtering and/or sorting with whatever client software they prefer. But I don't get involved with that. Anyone who exerts that much effort just to avoid a few false positives, is on their own. If most of the large MTA's implemented this policy, you would no longer see a significant false positive rate, as everyone who could would be forced to comply :) It's time to move in that direction. We don't need an RFC saying we MUST, we just need the collective willpower to do it. There are still a significant number of systems in the developing world whose providers don't delegate reverse DNS or who can't set it for you. Those users will just have to relay through a smart host, like all the dynamic cable and dsl users in the developed world. However, even that modest set of requirements has been too much for the largest providers to implement for fear of the breakage it would cause. It's more fear, than breakage.
Re: spamcop
On Fri, Sep 22, 2006 at 07:13:26PM +0100, John Kelly wrote: Many users won't complain, because they're glad to have an INBOX free of porn spam and other garbage. For that, they don't mind sacrificing a potential 2% false positives. Unless one of the lost mails is a very very important mail, then you may hear from a lawyer. Your job as a mail admin is simple: deliver all mails sent to me in my inbox, not more, not less. What I do with my mails is not your concern. Then you are always safe. I don’t want others to filter my mail. You may tag mails, yes, but not more, unless you have a written permission from me to do so, and I am informed about the risks. software they prefer. But I don't get involved with that. Anyone who exerts that much effort just to avoid a few false positives, is on their own. Be liberal in what you accept… Those users will just have to relay through a smart host, like all the dynamic cable and dsl users in the developed world. They may simply not have one, or are not allowed to connect to it. However, even that modest set of requirements has been too much for the largest providers to implement for fear of the breakage it would cause. It's more fear, than breakage. Since you can get sued for lesser things nowadays, I wouldn’t do it without a really waterproof concept. Shade and sweet water! Stephan -- | Stephan SeitzE-Mail: [EMAIL PROTECTED] | | PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html | signature.asc Description: Digital signature
Re: spamcop
On Fri, 22 Sep 2006 21:29:20 +0200, Stephan Seitz [EMAIL PROTECTED] wrote: You may tag mails, yes, but not more, unless you have a written permission from me to do so, and I am informed about the risks. My server, my rules. Who are you.
Re: spamcop
John Kelly wrote:
On Fri, 22 Sep 2006 21:29:20 +0200, Stephan Seitz [EMAIL PROTECTED]
wrote:
You may tag mails, yes, but not more, unless you have a written
permission from me to do so, and I am informed about the risks.
My server, my rules. Who are you.
At a lot of places, he's the guy who gets the e-mail from
customers who pay your salary.
Mike
--
p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, Sep 21, 2006 at 10:39:39PM +, Pollywog wrote: On Thursday 21 September 2006 21:11, Seth Goodman wrote: On Thursday, September 21, 2006 11:39 AM -0500, Stephen wrote: This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Strongly agree. Spam from USENET is part of it, but SpamCop listed the server because of messages to a spamtrap. If this is correct, it had to be a confirmation message :) Spam trap addresses are secret, so there's no way to stop this except by talking to the DNSBL maintainers. Are you saying that SpamCop maintains spamtrap addresses and that networks or hosts that send spam to them are added to SpamCop's databases? Wouldn't surprise me. That's what spamtraps are for. Perhaps spamcop should try some reverse spamfiltering on their spamtrap to identify subscription response messages that intended to poison their spamtraps. -- hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Fri, 2006-09-22 at 21:29 +0200, Stephan Seitz wrote: Your job as a mail admin is simple: deliver all mails sent to me in my inbox, not more, not less. What I do with my mails is not your concern. Then you are always safe. At most of my clients you'll be out of a job in no time. Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Sat, Sep 23, 2006 at 12:03:49AM +0200, Hans du Plooy wrote: At most of my clients you'll be out of a job in no time. Maybe, but in most cases those are the people crying the loudest if they don’t get a valuable mail because of „collateral damage”. So you’ll lose either way. If they can’t handle their mail they should do the same thing they do with snail mail: let a secretary handle it. Shade and sweet water! Stephan -- | Stephan SeitzE-Mail: [EMAIL PROTECTED] | | PGP Public Keys: http://fsing.rootsland.net/~stse/pgp.html | signature.asc Description: Digital signature
Re: spamcop
On Wednesday 20 September 2006 20:54, John Kelly wrote: When spamcop admins don't have enough sense to whitelist servers like murphy.debian.org, it's time to abandon them I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. Regards, Daniele -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 21 Sep 2006 10:01:58 +0200, Daniele P. [EMAIL PROTECTED] wrote: When spamcop admins don't have enough sense to whitelist servers like murphy.debian.org, it's time to abandon them I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. You are saying that thousands of individual users should each do what spamcop should already be doing for them. Any spam blacklist that is not saving my time, is wasting my time. Good riddance to spamcop.
Re: spamcop
On Thu, 21 Sep 2006, John Kelly wrote: On Thu, 21 Sep 2006 10:01:58 +0200, Daniele P. [EMAIL PROTECTED] wrote: When spamcop admins don't have enough sense to whitelist servers like murphy.debian.org, it's time to abandon them I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. You are saying that thousands of individual users should each do what spamcop should already be doing for them. Any spam blacklist that is not saving my time, is wasting my time. Good riddance to spamcop. Any spam blacklist that is not saving my time, is wasting my time. Good riddance to spamcop. A better method is to use www.policyd-weight.org, this takes the weight of each RBL/RHSBL and adds it up, if it passes a certain threshold, then its considered SPAM. Justin. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 21 Sep 2006 10:42:35 -0400 (EDT), Justin Piszcz [EMAIL PROTECTED] wrote: Any spam blacklist that is not saving my time, is wasting my time. Good riddance to spamcop. A better method is to use www.policyd-weight.org, Believe it or not, not everyone runs postfix. this takes the weight of each RBL/RHSBL and adds it up, if it passes a certain threshold, then its considered SPAM. And what voodoo determines the right threshold? The best method is to use spam lists which are well administered.
Re: spamcop
On Thursday 21 September 2006 15:23, John Kelly wrote: I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. You are saying that thousands of individual users should each do what spamcop should already be doing for them. Sorry, but I don't want to say that. I want only to remark that debian mailing lists are source of spam. Additionally I'm not happy with my current solution (whitelist), but right now I don't have a plan to add and additional specific filter configuration. I hope that somebody could solve this problem at the source (debian server). Thanks, Daniele P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Daniele P. [EMAIL PROTECTED] wrote: On Thursday 21 September 2006 15:23, John Kelly wrote: I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. You are saying that thousands of individual users should each do what spamcop should already be doing for them. Sorry, but I don't want to say that. I want only to remark that debian mailing lists are source of spam. Additionally I'm not happy with my current solution (whitelist), but right now I don't have a plan to add and additional specific filter configuration. I hope that somebody could solve this problem at the source (debian server). Thanks, Daniele P. This has been discussed pretty extensively a while ago. The conclusion was that d-u has pretty effective spam-filtering, the signal-to-noise ratio is very low. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 21 Sep 2006 17:00:24 +0200, Daniele P. [EMAIL PROTECTED] wrote: I want only to remark that debian mailing lists are source of spam. Additionally I'm not happy with my current solution (whitelist), but right now I don't have a plan to add and additional specific filter configuration. I hope that somebody could solve this problem at the source (debian server). I stop 99.5% of all spam hitting my servers. My three step defense, described in a previous post, begins by requiring valid forward and reverse DNS, which comprise a matching pair. It's the foundation on which everything else depends. The improper DNS false positive rate is low, less than 2%. Admins must accept some collateral damage, if they expect to win the war. There is resistance to this idea, because some admins fear losing any legit mail. But given that the false positive rate is low, it should be feasible to develop and maintain a whitelist of legitimate mail servers lacking proper DNS. I'm not volunteering, but it's an idea that has merit. The list may also urge offending admins to set up proper DNS, like when newspapers publish a shame list of people who have not paid their property tax.
Re: spamcop
On Thu, 21 Sep 2006 17:00:24 +0200 Daniele P. [EMAIL PROTECTED] wrote: On Thursday 21 September 2006 15:23, John Kelly wrote: I don't agree. I have whitelisted the debian mailing lists. They are the first (and the only) source of spam in my inbox. I think that spamcop isn't entirely wrong. You are saying that thousands of individual users should each do what spamcop should already be doing for them. Sorry, but I don't want to say that. I want only to remark that debian mailing lists are source of spam. Additionally I'm not happy with my current solution (whitelist), but right now I don't have a plan to add and additional specific filter configuration. I hope that somebody could solve this problem at the source (debian server). Thanks, Daniele P. I have to agree with you Daniele. I don't use spamcop. However, I also have had to whitelist this list so that my spam solution doesn't dump posts from Debian. I also think something should be done on the list server. -- Raquel You're not to be so blind with patriotism that you can't face reality. Wrong is wrong, no matter who does it or says it. --Malcolm X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, Sep 21, 2006 at 06:19:38PM +0300 or thereabouts, Andrei Popescu wrote: This has been discussed pretty extensively a while ago. The conclusion was that d-u has pretty effective spam-filtering, the signal-to-noise ratio is very low. I understand your point, however it's annoying when for example, in my case, in the past 8 months (since I've been observing closely) any UCE that gets through to my e-mail, is all from debian-user. We're not talking about a lot, but still it's too much. So, when people like me, whom are on many e-mail lists, only get UCE from debian-user, then I would think it would be prudent for Debian to rethink their policy regarding how open these lists are currently. It's not appropriate in my view, to allow anyone to post to debian-user, without first subscribing. Apparently, anyone can post to debian-user, without needing to do that step. I don't buy the argument that it's too much of a hurdle to expect a newbie to debian to subscribe -- Subscribing to e-mail lists is done pretty much everywhere, so it's an expected task, by pretty much anyone using them. This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Being too open has it's price, and it's the subscribers to this list that are basically being deluged with UCE, due to Debian not acting accordingly to the best of their ability. Hell, it's not like Debian.org doesn't have the expertise to do what's right IMO. -- Regards Stephen + When one burns one's bridges, what a very nice fire it makes. -- Dylan Thomas + signature.asc Description: Digital signature
Re: spamcop
On Thu September 21 2006 09:26, Raquel wrote: Sorry, but I don't want to say that. I want only to remark that debian mailing lists are source of spam. Additionally I'm not happy with my current solution (whitelist), but right now I don't have a plan to add and additional specific filter configuration. I hope that somebody could solve this problem at the source (debian server). Debian lists are not a source of spam, they are a victim of it. It's a problem that needs to be dealt with at the source, those who mail spam. I have to agree with you Daniele. I don't use spamcop. However, I also have had to whitelist this list so that my spam solution doesn't dump posts from Debian. I also think something should be done on the list server. What spamcop is trying to do is good, but I think they are too aggressive and some legitimate mails become collateral damage in the war on spam. That is spamcop's doing/problem. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 21 Sep 2006 12:39:08 -0400, Stephen [EMAIL PROTECTED] wrote: It's not appropriate in my view, to allow anyone to post to debian-user, without first subscribing. Apparently, anyone can post to debian-user, without needing to do that step. I don't buy the argument that it's too much of a hurdle to expect a newbie to debian to subscribe -- Subscribing to e-mail lists is done pretty much everywhere, so it's an expected task, by pretty much anyone using them. If debian-user was only a mailing-list, many people would agree. But debian-user is more than a mailing list. It's also gated to the Usenet newsgroup linux.debian.user, where anyone can post. That's just the way Usenet newsgroups work. Spam filtering of non subscribers, after the fact, is the only method possible, under the circumstances.
Re: spamcop
I am using spamassassin and only very occasinally are messages from this list flagged! When they are, if it were a false alarm, I set to ham. Spamassassin works on rules it downloads, user rules and is Bayes-trained by marking emails as spam or ham. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Stephen [EMAIL PROTECTED] wrote: On Thu, Sep 21, 2006 at 06:19:38PM +0300 or thereabouts, Andrei Popescu wrote: This has been discussed pretty extensively a while ago. The conclusion was that d-u has pretty effective spam-filtering, the signal-to-noise ratio is very low. I understand your point, however it's annoying when for example, in my case, in the past 8 months (since I've been observing closely) any UCE that gets through to my e-mail, is all from debian-user. We're not talking about a lot, but still it's too much. You should see debian-www, it's much worse and it has a fraction of the traffic of d-u So, when people like me, whom are on many e-mail lists, only get UCE from debian-user, then I would think it would be prudent for Debian to rethink their policy regarding how open these lists are currently. It's not appropriate in my view, to allow anyone to post to debian-user, without first subscribing. Apparently, anyone can post to debian-user, without needing to do that step. I don't buy the argument that it's too much of a hurdle to expect a newbie to debian to subscribe -- Subscribing to e-mail lists is done pretty much everywhere, so it's an expected task, by pretty much anyone using them. This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Being too open has it's price, and it's the subscribers to this list that are basically being deluged with UCE, due to Debian not acting accordingly to the best of their ability. IMHO 'deluged' is a bit exagerated. Also you can spot most spam by subject, so it's almost like filtering uninteresting threads. Hell, it's not like Debian.org doesn't have the expertise to do what's right IMO. -- Regards Stephen As I said, this has been discussed extensively and your arguments are not new. Please don't reopen this issue as it generated a nasty flamewar. I don't mind if you want to continue this off-list. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, Sep 21, 2006 at 08:15:29PM +0300 or thereabouts, Andrei Popescu wrote: Stephen [EMAIL PROTECTED] wrote: snip You should see debian-www, it's much worse and it has a fraction of the traffic of d-u This is an argument for the status quo -- Just because another list is getting more ? snip This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Being too open has it's price, and it's the subscribers to this list that are basically being deluged with UCE, due to Debian not acting accordingly to the best of their ability. IMHO 'deluged' is a bit exagerated. Also you can spot most spam by subject, so it's almost like filtering uninteresting threads. I don't agree with this thinking at all -- The onus should never be on the end user to jump through hoops. The sad fact is, that in all the e-mail lists I'm on, Debian is the culprit 99.9% of the time, in any UCE I receive. It's much easier to simply require new users to register, and reply to a confirmation e-mail IMO. It's appropriate to expect people to register for an e-mail list, yes, even for beginner type help. Hell, it's not like Debian.org doesn't have the expertise to do what's right IMO. As I said, this has been discussed extensively and your arguments are not new. Please don't reopen this issue as it generated a nasty flamewar. I don't mind if you want to continue this off-list. Obviously it should be rethought, if people are upset with the status-quo. -- Regards Stephen + signature.asc Description: Digital signature
Re: spamcop
On Thu, Sep 21, 2006 at 05:01:33PM +0100 or thereabouts, John Kelly wrote: On Thu, 21 Sep 2006 12:39:08 -0400, Stephen [EMAIL PROTECTED] wrote: It's not appropriate in my view, to allow anyone to post to debian-user, without first subscribing. Apparently, anyone can post to debian-user, without needing to do that step. I don't buy the argument that it's too much of a hurdle to expect a newbie to debian to subscribe -- Subscribing to e-mail lists is done pretty much everywhere, so it's an expected task, by pretty much anyone using them. If debian-user was only a mailing-list, many people would agree. Please read below. But debian-user is more than a mailing list. It's also gated to the Usenet newsgroup linux.debian.user, where anyone can post. That's just the way Usenet newsgroups work. Spam filtering of non subscribers, after the fact, is the only method possible, under the circumstances. Not necessarily. I'm on a couple of other lists that are gated to USENET , as well as being on private company servers. Anyone can read/reply to the USENET postings, but they won't make it to the private server, until one registers there first. There is no reason it can't be done this way here. I should point out, that these other lists I'm talking about are for Graphic Designers -- If these non-conformists accept this, then I'm sure the new user to Debian can, and won't be access challenged. I understand the argument that Debian wishes to make getting and receiving help, as easy as possible. Having the requirement for one to register to the e-mail list first, is not mutually exclusive to the goal of Debian support being open to everyone/anywhere. What it shows is Debian acting responsible in helping prevent the proliferation of UCE and showing a proactive stance. -- Regards Stephen + It is a wise father that knows his own child. -- William Shakespeare, The Merchant of Venice + signature.asc Description: Digital signature
Re: spamcop
On Thu, 21 Sep 2006 14:15:58 -0400, Stephen [EMAIL PROTECTED] wrote: But debian-user is more than a mailing list. It's also gated to the Usenet newsgroup linux.debian.user, where anyone can post. Spam filtering of non subscribers, after the fact, is the only method possible, under the circumstances. Not necessarily. I'm on a couple of other lists that are gated to USENET , as well as being on private company servers. Anyone can read/reply to the USENET postings, but they won't make it to the private server, until one registers there first. Debian is not a PRIVATE organization. Debian wants to be accessible, via mailing lists or Usenet, without treating Usenet posters as second class citizens, or diminishing the convenience of Usenet access. If it was my decision to make, I would abolish the mailing lists, and run Usenet only. Many users pulling is more efficient than one server pushing.
RE: spamcop
On Wednesday, September 20, 2006 5:48 PM -0500, John Kelly wrote: On Wed, 20 Sep 2006 18:01:38 -0500, Seth Goodman [EMAIL PROTECTED] wrote: require matching DNS, forward and reverse ... some large servers won't use it. I don't know of any. But if there really are some sending legitimate mail, I would be interested in collaborating to maintain a whitelist of them. Need to be LARGE though, to be worthwhile. This is large system receiving policy, not the large system configuration. All the large senders I know about have properly configured DNS. There are far too many small MTA's with misconfigured DNS, however, for a large MTA to ban without a steady stream of customer complaints. You seem aware of this problem in your later post: On Thursday, September 21, 2006 9:53 AM -0500, John Kelly wrote: The improper DNS false positive rate is low, less than 2%. Admins must accept some collateral damage, if they expect to win the war. It's a pity, but very few people think in terms of winning the spam war anymore. Most systems would consider this false positive rate unusable by a large margin. The larger the provider, the less workable this solution. While I would love to have this be an absolute requirement for SMTP, there are too many incompetently administered systems from which you must accept mail, and large parts of the developing world do not routinely delegate rDNS. This is a nasty problem that won't go away quickly. There is resistance to this idea, because some admins fear losing any legit mail. But given that the false positive rate is low, it should be feasible to develop and maintain a whitelist of legitimate mail servers lacking proper DNS. I'm not volunteering, but it's an idea that has merit. This works fine for small systems but doesn't scale. Admins can't be bothered whitelisting everyone's one or two correspondents with broken DNS, and almost everyone has some, even in the developed world. Customers will not tolerate _their_ correspondent's mail being blocked when those systems are not abusing any networks. The list may also urge offending admins to set up proper DNS, like when newspapers publish a shame list of people who have not paid their property tax. We already have rfc-ignorant and it is widely ignored. The only people who care are the ones who would never get on that list in the first place. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, Sep 21, 2006 at 06:57:31PM +0100 or thereabouts, John Kelly wrote: On Thu, 21 Sep 2006 14:15:58 -0400, Stephen [EMAIL PROTECTED] wrote: But debian-user is more than a mailing list. It's also gated to the Usenet newsgroup linux.debian.user, where anyone can post. Spam filtering of non subscribers, after the fact, is the only method possible, under the circumstances. Not necessarily. I'm on a couple of other lists that are gated to USENET , as well as being on private company servers. Anyone can read/reply to the USENET postings, but they won't make it to the private server, until one registers there first. Debian is not a PRIVATE organization. Debian wants to be accessible, via mailing lists or Usenet, without treating Usenet posters as second class citizens, or diminishing the convenience of Usenet access. Naturally, however having subscriptions is not closing access, and no one in this thread is asserting that Debian isn't a public organization. It's my understanding that one can't just post on USENETs debian-user, one has to go through a gateway, which _does_ require a subscription process. Has this changed or is my understanding incorrect ? Hell, do you think for profit companies want to prevent their customers from using their e-mail lists ? Of course not, it simply lets them control access to those, that wish to use the list without needing to filter copious amounts of UCE. It's about the user experience (sorry for the cliche). Perhaps Debian should consider that, it's at least equally as important as open unfettered access for SPAMers. If it was my decision to make, I would abolish the mailing lists, and run Usenet only. Many users pulling is more efficient than one server pushing. I'm happy you're not the decision maker then. :) USENET is pretty much useless these days, because of it's open unfettered access and signal to noise ratio. Not all newsgroups, but many. -- Regards Stephen + Kindness is a language which the deaf can hear and the blind can read. -- Mark Twain + signature.asc Description: Digital signature
Re: spamcop
On Thu, 21 Sep 2006 14:53:28 -0500, Seth Goodman [EMAIL PROTECTED] wrote: The improper DNS false positive rate is low, less than 2%. It's a pity, but very few people think in terms of winning the spam war anymore. Most systems would consider this false positive rate unusable by a large margin. The larger the provider, the less workable this solution. That's the fear factor. But once you get a grip and hang on for a while, you realize that sacrificing 2% is a piece of cake.
RE: spamcop
On Thursday, September 21, 2006 11:39 AM -0500, Stephen wrote: This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Strongly agree. Spam from USENET is part of it, but SpamCop listed the server because of messages to a spamtrap. If this is correct, it had to be a confirmation message :) Spam trap addresses are secret, so there's no way to stop this except by talking to the DNSBL maintainers. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: spamcop
On Thursday, September 21, 2006 2:33 PM -0500, John Kelly wrote: On Thu, 21 Sep 2006 14:53:28 -0500, Seth Goodman [EMAIL PROTECTED] wrote: The improper DNS false positive rate is low, less than 2%. It's a pity, but very few people think in terms of winning the spam war anymore. Most systems would consider this false positive rate unusable by a large margin. The larger the provider, the less workable this solution. That's the fear factor. But once you get a grip and hang on for a while, you realize that sacrificing 2% is a piece of cake. If users value reliably getting their messages more than they value spam reduction, which seems to be the case, it will cost you. Large system admins are not fools. They have tried this and people don't accept it. It works nicely for small systems but the administrative overhead makes it hard to run a large system that way. It's also grossly unfair to people in some developing regions who don't have control over their rDNS and we can't tell them to get a grip. I hope things change and we can require forward == reverse in the future. If that happens on a large scale, spam-friendly providers can just use dynamic IP hostnames that are not detectable via regexp :) -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thursday 21 September 2006 21:11, Seth Goodman wrote: On Thursday, September 21, 2006 11:39 AM -0500, Stephen wrote: This is why debian-user is being constantly blacklisted -- So the onus is on Debian to fix things on their end. Strongly agree. Spam from USENET is part of it, but SpamCop listed the server because of messages to a spamtrap. If this is correct, it had to be a confirmation message :) Spam trap addresses are secret, so there's no way to stop this except by talking to the DNSBL maintainers. Are you saying that SpamCop maintains spamtrap addresses and that networks or hosts that send spam to them are added to SpamCop's databases? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Thu, 21 Sep 2006 16:33:26 -0500, Seth Goodman [EMAIL PROTECTED] wrote: But once you get a grip and hang on for a while, you realize that sacrificing 2% is a piece of cake. If users value reliably getting their messages more than they value spam reduction, which seems to be the case, it will cost you. Large system admins are not fools. They have tried this and people don't accept it. Is that your experience, or speculation?
Re: spamcop
On Wed September 20 2006 05:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! This outfit is more like spam nazi's. What they are trying to do is commendable, the way they do it is not. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
Alan Ianson wrote: This outfit is more like spam nazi's. What they are trying to do is commendable, the way they do it is not. Is it to early in the thread to bring up Godwin's Law? :-p -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: spamcop
George Borisov wrote: Alan Ianson wrote: This outfit is more like spam nazi's. What they are trying to do is commendable, the way they do it is not. Is it to early in the thread to bring up Godwin's Law? :-p Apparantly not :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wednesday 20 September 2006 18:41, Alan Ianson wrote: On Wed September 20 2006 05:21, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! This outfit is more like spam nazi's. What they are trying to do is commendable, the way they do it is not. Bad news. They bounce my yahoogroups getting me kicked off regularly. However, note that there are two of them, .com and .net. I cannot specify which one is the aggressive one right now. Check at next bounce. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: spamcop
On Wednesday, September 20, 2006 7:22 AM -0500, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! The listing is at http://www.spamcop.net/w3m?action=checkblockip=70.103.162.31 (expires in nine hours). It appears the machine sent mail to a spamtrap. It has been listed five times in the last six months. I think that's worth looking into. If it did indeed send mail to a spamtrap, the listing is justified, even if it's rather inconvenient. If that machine has become a target for spammers who would like to make spamtraps useless (for example, taking any action that would send an automated confirmation message from a high-volume server to a spamtrap address), the answer is not to abandon SpamCop. Any DNSBL that uses spamtraps is susceptible to this ploy. I'm willing to look into a solution if nobody else is interested. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wed, 20 Sep 2006 13:08:20 -0500, Seth Goodman [EMAIL PROTECTED] wrote: On Wednesday, September 20, 2006 7:22 AM -0500, John Kelly wrote: For the second time in the past few days, spamcop has listed murphy.debian.org. That's it. I'm done with spamcop! If that machine has become a target for spammers who would like to make spamtraps useless (for example, taking any action that would send an automated confirmation message from a high-volume server to a spamtrap address), the answer is not to abandon SpamCop. When spamcop admins don't have enough sense to whitelist servers like murphy.debian.org, it's time to abandon them I'm willing to look into a solution if nobody else is interested. I already have the solution. Spamcop is now in my book on the same page as SORBS. The page titled NEVER USE.
RE: spamcop
On Wednesday, September 20, 2006 1:55 PM -0500, John Kelly wrote: When spamcop admins don't have enough sense to whitelist servers like murphy.debian.org, it's time to abandon them Did anyone investigate the problem and make this request? Any DNSBL is subject to gaming by spammers who would like to curtail the use of DNSBL's in general and spamtraps in particular. I don't think that responding as the spammers would like is in our interest. -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wed, 20 Sep 2006 15:33:05 -0500, Seth Goodman [EMAIL PROTECTED] wrote: Did anyone investigate the problem and make this request? If they're not self motivated, I have no incentive to use them. Any DNSBL is subject to gaming by spammers who would like to curtail the use of DNSBL's in general and spamtraps in particular. No, not any. Just spamtrap based lists poorly administered. I don't think that responding as the spammers would like is in our interest. Spamcop didn't provide much help. They were last on my list of dnsbls to check, so they caught very little spam. I won't miss spamcop. My three step defense works fine without spamcop: 1) require matching DNS, forward and reverse 2) use regex tests for dynamic/dialup host names (works because #1 strictly enforced, and thus hostname is known) 3a) query dynablock.njabl.org for any dynamic hosts missed by my local checks in step 2 3b) query a few GOOD, RELIABLE dnsbls: dnsbl.njabl.org list.dsbl.org sbl-xbl.spamhaus.org With this defense, very little spam succeeds. All I get now are the occasional stray spams sent by users of legitimate ISPs. The only way to stop that is content filtering, and since the volume is negligible, I don't bother.
RE: spamcop
On Wednesday, September 20, 2006 3:19 PM -0500, John Kelly wrote: On Wed, 20 Sep 2006 15:33:05 -0500, Seth Goodman [EMAIL PROTECTED] wrote: Did anyone investigate the problem and make this request? If they're not self motivated, I have no incentive to use them. I don't particularly want to defend these guys. I'm defending spamtrap-based DNSBL's, not any specific list. Expecting anybody to notice that a server from any friendly organization was listed is a bit much. If someone from Debian contacted them and didn't get anywhere, that would be a different story. Any DNSBL is subject to gaming by spammers who would like to curtail the use of DNSBL's in general and spamtraps in particular. No, not any. Just spamtrap based lists poorly administered. Spamtraps are easily manipulated for any server that sends out confirmation messages, and some lists are better than others. While I don't like the idea that a Debian server is listed anywhere, it is reasonable to expect that someone would contact the list maintainers. In the case that it is impossible to avoid sending mail to a spamtrap, as for any machine that sends confirmation messages from a web form, and the server admins are known to deal with abuse complaints, then whitelisting is appropriate. However, it is not unreasonable to expect that someone would request it. My three step defense works fine without spamcop: 1) require matching DNS, forward and reverse I personally advocate this approach, although it is not strictly RFC-compliant, so some large servers won't use it. 2) use regex tests for dynamic/dialup host names (works because #1 strictly enforced, and thus hostname is known) Even if you don't reject on !exist(reverse)||(reverse != forward), you can still use the reverse on the IP for the regexp and reject for local policy when it matches. 3a) query dynablock.njabl.org for any dynamic hosts missed by my local checks in step 2 3b) query a few GOOD, RELIABLE dnsbls: dnsbl.njabl.org list.dsbl.org sbl-xbl.spamhaus.org This is a very reasonable set of lists. I believe that dnsbl.njabl.org is a subset of xbl.spamhaus.org, so the first query is redundant (unless you are trying to limit spamhaus queries). -- Seth Goodman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: spamcop
On Wed, 20 Sep 2006 18:01:38 -0500, Seth Goodman [EMAIL PROTECTED] wrote: require matching DNS, forward and reverse it is not strictly RFC-compliant Though not saying MUST, there is an RFC that recommends it. Which one, is a good exercise for the reader. some large servers won't use it. I don't know of any. But if there really are some sending legitimate mail, I would be interested in collaborating to maintain a whitelist of them. Need to be LARGE though, to be worthwhile. dnsbl.njabl.org is a subset of xbl.spamhaus.org According to spamhaus website, they only use the open proxy subset from njabl: 127.0.0.9. When I query njabl, I consider: 127.0.0.2 -- open relays 127.0.0.4 -- spam Sources 127.0.0.8 -- insecure formmail.cgi 127.0.0.9 -- open proxy servers And since I query njabl first, I may as well use the open proxy information from the original source, instead of spamhaus second hand copy.
