Re: namedroppers mismanagement, continued

[Keith Moore]

> > - in the current situation, even postings from occasional posters
> >   are being blocked.  and when postings are blocked, the message is
> >   terse and cryptic (even insulting) and contains no clue about how
> >   to workaround the problem
> 
> Do you have specific recent examples of this? If it is the case it needs to be
> fixed.

I think I was simply mistaken about this ; I was remembering the 
"post from non-subscriber" messages I'd seen recently and confusing
them with the "list won't accept posts from non-subscribers"
messages I used to occasionally see from that list.

> > - getting on the "approved posters" list is not well documented or
> >   understood.  for some list software this is a manual operation
> >   requiring the list admin to edit a file; on others it is under
> >   control of the subscriber but he/she has to "subscribe" the alternate
> >   address using some obscure option like /NOMAIL.
> 
> Perhaps in the case of namedroppers the added [ post by non-subscriber... ]
> note can include the instructions on how to get added to that list.

ideally, I think, the instructions would come in the form of a response
sent back to the sender, rather than being sent to the list.  and they
should explain how to get on the approved poster list rather than expecting
everyone to post from their subscription address.

Re: namedroppers mismanagement, continued

[Michael Froomkin - U.Miami School of Law]

I would think that archive.org would do the job if we asked them to?

Else, this is a natural for a grant...

On Mon, 2 Dec 2002, Stephen Sprunk wrote:

> Thus spake "Michael Froomkin - U.Miami School of Law"
> <[EMAIL PROTECTED]>
> > I have just run into an example of this (POISSON) when I was unable to
> > find the archive.  I was surprised -- and puzzled.  Surely the storage
> > costs for archiving ALL IETF lists, especially in their spamless form,
> > can't be that great?  What sort of volume are we talking about ?
> 
> Depends on the list; the main IETF list is over 1.5MB/mo in my personal
> archives.  Given that the WG lists are maintained by volunteers, it would be
> a significant cost to provide several years of archives out of the list
> maintainer's pocket, especially when you add in the trolls and spam which
> are not part of the list's relevant content.
> 
> > > 2.  The volume of spam in a bounced-messages archive would quickly
> > > change your mind.
> >
> > Here, you could well be right.  But would that have to be held beyond the
> > life of the group?
> 
> If you consider the bounced messages to be legitimate content worth
> archiving, then their archive should be kept as long as the non-bounced
> archive.
> 
> > > 3.  All of this would be easily solved by someone (e.g. IETF
> secretariat)
> > > providing list service for all WGs with a consistent policy.
> >
> > Agree.  But I'd like to also suggest that part of this policy is keeping
> > the (unspammed) archives around, if only for the sake of people (like
> > me) who try sometimes to write the history of decision-making in some
> > of these areas.
> 
> I agree.  I've petitioned several times for centralized lists and archives,
> and have even offerred to provide them free to all WGs, but so far the IESG
> has taken no action.  My guess is there's nobody we all trust to be such a
> central manager -- right now one of the IESG members is being accused of
> list mismanagement.
> 
> S
> 
> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: namedroppers mismanagement, continued

[Michael Froomkin - U.Miami School of Law]

OK, I'm convinced about not keeping the spam.  I still think the "kooks"
list has two values: 1) people who think they are being unfairly
discriminated against have a simple database to point to for evidence; 2)
who know what people 50 years from now will find interestingwhich goes
to the related question of keeping the whole archive available somewhere
when the working group finishes.

(There's of course a theoretical issue with some hypothetical listowner
treating criticism as spam, but sufficent until the day...)

On Mon, 2 Dec 2002, Fred Baker wrote:

> At 11:50 AM 11/27/2002 -0500, Michael Froomkin - U.Miami School of Law wrote:
> >Regardless of the specifics of this case, I think a good rule would be to
> >say that all bounced messages on any IETF list MUST be archived on a
> >separate 'bounced' list.
> 
> Sounds good on the surface, but you might want to reconsider operationally.
> 
> We drop probably 30-40 messages a day from the IAB list, mostly KLEZ 
> Viruses, 419 scams, spam in oriental characters, and random other sales 
> stuff. This is after having moved it from [EMAIL PROTECTED] to [EMAIL PROTECTED]; 
> you'd be amazed how much crud goes to the former list.
> 
> Since it is a members-only list, we *do* use a "recognized persons" list to 
> reduce the filtering load; this has allowed a few virus-mails through, but 
> not much. In acting as one of the four moderators for six months, I have 
> "approved" perhaps a dozen messages total, and in each case added the 
> sender to the "recognized sender" list so I don't have to mess with it. The 
> recognized senders, btw, include all IESG members and all working group 
> chairs as of a certain date, and we add other folks as needed. The 
> kooks-and-nonsense notes I have silently discarded have been less than I 
> allowed through, perhaps three or four at most.
> 
> I think it is positively dangerous to archive Klez emails, and a waste of 
> online storage. A person reviewing the email might open the application.
> 
> I could see archiving the kooks-and-nonsense email. It wouldn't be a very 
> interesting archive - you have to *earn* a place on that list, and as a 
> result I'll bet that most folks on this list have that list built into 
> their individual email filters already. But I really don't see the value of 
> archiving the spam. 
> 
> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: namedroppers mismanagement, continued

[Stephen Sprunk]

Thus spake "Michael Froomkin - U.Miami School of Law"
<[EMAIL PROTECTED]>
> I have just run into an example of this (POISSON) when I was unable to
> find the archive.  I was surprised -- and puzzled.  Surely the storage
> costs for archiving ALL IETF lists, especially in their spamless form,
> can't be that great?  What sort of volume are we talking about ?

Depends on the list; the main IETF list is over 1.5MB/mo in my personal
archives.  Given that the WG lists are maintained by volunteers, it would be
a significant cost to provide several years of archives out of the list
maintainer's pocket, especially when you add in the trolls and spam which
are not part of the list's relevant content.

> > 2.  The volume of spam in a bounced-messages archive would quickly
> > change your mind.
>
> Here, you could well be right.  But would that have to be held beyond the
> life of the group?

If you consider the bounced messages to be legitimate content worth
archiving, then their archive should be kept as long as the non-bounced
archive.

> > 3.  All of this would be easily solved by someone (e.g. IETF
secretariat)
> > providing list service for all WGs with a consistent policy.
>
> Agree.  But I'd like to also suggest that part of this policy is keeping
> the (unspammed) archives around, if only for the sake of people (like
> me) who try sometimes to write the history of decision-making in some
> of these areas.

I agree.  I've petitioned several times for centralized lists and archives,
and have even offerred to provide them free to all WGs, but so far the IESG
has taken no action.  My guess is there's nobody we all trust to be such a
central manager -- right now one of the IESG members is being accused of
list mismanagement.

S

Re: namedroppers mismanagement, continued

[Fred Baker]

At 11:50 AM 11/27/2002 -0500, Michael Froomkin - U.Miami School of Law wrote:

Regardless of the specifics of this case, I think a good rule would be to
say that all bounced messages on any IETF list MUST be archived on a
separate 'bounced' list.


Sounds good on the surface, but you might want to reconsider operationally.

We drop probably 30-40 messages a day from the IAB list, mostly KLEZ 
Viruses, 419 scams, spam in oriental characters, and random other sales 
stuff. This is after having moved it from [EMAIL PROTECTED] to [EMAIL PROTECTED]; 
you'd be amazed how much crud goes to the former list.

Since it is a members-only list, we *do* use a "recognized persons" list to 
reduce the filtering load; this has allowed a few virus-mails through, but 
not much. In acting as one of the four moderators for six months, I have 
"approved" perhaps a dozen messages total, and in each case added the 
sender to the "recognized sender" list so I don't have to mess with it. The 
recognized senders, btw, include all IESG members and all working group 
chairs as of a certain date, and we add other folks as needed. The 
kooks-and-nonsense notes I have silently discarded have been less than I 
allowed through, perhaps three or four at most.

I think it is positively dangerous to archive Klez emails, and a waste of 
online storage. A person reviewing the email might open the application.

I could see archiving the kooks-and-nonsense email. It wouldn't be a very 
interesting archive - you have to *earn* a place on that list, and as a 
result I'll bet that most folks on this list have that list built into 
their individual email filters already. But I really don't see the value of 
archiving the spam. 

Re: namedroppers mismanagement, continued

[Russ Allbery]

(namedroppers removed as my comment is more of a meta-comment on running
mailing lists and I'm not subscribed to namedroppers itself)

Olafur Gudmundsson <[EMAIL PROTECTED]> writes:

> Randy is currently wasting valuable time in manually scanning 100+ spams
> a day that are sent to namedroppers and other IETF mailing lists he runs
> and we all should thank him for the good citizen service he provides!
> Every meesage that is reposted from the bounced list contains a header
> explaining that posting address is not a subscribed address.

This is an obnoxious amount of work.  I can thank him for the service he's
providing in trying to keep the list free of spam and also think that this
is way more work than someone should be expected to do.  :)

While I really dislike the technology when applied to personal mailboxes,
this sounds like a place where a confirmation system would work well.  If
the list receives a message from a non-subscriber, send back a message
saying so and asking them to respond and include a confirmation code of
some kind, similar to mailing list subscription confirmations.  If they do
so, release the message into the mailing list and also whitelist their
address (in case they're participating in an ongoing discussion).

My experience with a technique like this is that it eliminates 99% of the
spam still, is reasonably intuitive for at least a technical audience, and
eliminates the need for anyone to wade through all the spam to look for
the gems, a task that I would not wish on anyone.  It also has the side
advantage of being unassailably impartial.

We all already spend far too much human effort dealing with spam.
Centralizing that human effort onto one person optimizes it somewhat but
still wastes valuable time that could be better used for some productive
purpose.  It's rather like periodically cleaning the bathroom, and if
there were some way we could get computers to do that for us, I think we
should jump at the chance, even if the computer doesn't do *quite* as good
of a job.  :)

This solution does require some additional setup on the server side:  The
list software has to be able to do those sorts of confirmations, has to
maintain a server-side queue of messages that are pending confirmation,
and has to implement the whitelist system.  It would likely require a
small amount of work to implement over an existing mailing list manager,
and I'm certainly not suggesting that Randy have to do that implementation
work.  But since this situation comes up very frequently for IETF mailing
lists, perhaps someone could volunteer to implement this feature for
whatever mailing list management software the IETF mailng list system is
using?  That would at least help the problem for people hosting their
lists with the IETF.

I wonder if Mailman already has this feature.  If not, that might be a
good place to start in adding it, since Mailman is very actively developed
and seems to be passing the venerable Majordomo as the most widely
deployed mailing list management system.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: namedroppers mismanagement, continued

[Stephen Sprunk]

Thus spake "Keith Moore" <[EMAIL PROTECTED]>
> > The list moderator asked him to add his email address to the list, and
> > indicated that as a result of doing so his mail would be unmoderated. Is
it
> > so hard to do?
>
> frankly, it's ridiculous to expect people to subscribe to every list to
which they
> wish to contribute.

Frankly, it's ridiculous to expect either (a) all WG members to receive
dozens of spams per day due to no filtering, or (b) the WG chair to read and
manually approve any emails (among the dozens of spams) which are relevant.

We have the least-bad technical solution in place today.  We'd all like open
lists, but the community's inability to control spam has made that a moot
point.

S

Re: namedroppers mismanagement, continued

[Michael Froomkin - U.Miami School of Law]

On Fri, 29 Nov 2002, Stephen Sprunk wrote:

> Thus spake "Michael Froomkin - U.Miami School of Law"
> <[EMAIL PROTECTED]>
> > [cc's trimmed]
> >
> > Regardless of the specifics of this case, I think a good rule would be to
> > say that all bounced messages on any IETF list MUST be archived on a
> > separate 'bounced' list.  To whom would this suggestion best be directed?
> 
> 1.  Many WG lists themselves aren't archived, but you want to force bounced
> messages to be?  Are you ready to pay for this?
> 

I have just run into an example of this (POISSON) when I was unable to
find the archive.  I was surprised -- and puzzled.  Surely the storage
costs for archiving ALL IETF lists, especially in their spamless form,
can't be that great?  What sort of volume are we talking about ?

> 2.  The volume of spam in a bounced-messages archive would quickly change
> your mind.

Here, you could well be right.  But would that have to be held beyond the
life of the group?  

> 
> 3.  All of this would be easily solved by someone (e.g. IETF secretariat)
> providing list service for all WGs with a consistent policy.

Agree.  But I'd like to also suggest that part of this policy is keeping
the (unspammed) archives around, if only for the sake of people (like me)
who try sometimes to write the history of decision-making in some of these
areas.

> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: namedroppers mismanagement, continued

[Stephen Sprunk]

Thus spake "Keith Moore" <[EMAIL PROTECTED]>
> > isn't moderating the list randy's perogative as WG chair?
>
> excluding relevant input is not the perogatie of the chair.

I've seen no claims to date that Randy has dropped any posts from anyone who
has followed the documented process.  If DJB refuses to follow the opt-in
policy for namedroppers, it is not the IETF/IESG's problem -- it's DJB's.

I think it was an error in Randy's judgement for him to have manually
forwarded some of DJB's posts; he should have dropped them all until DJB
chose to follow the process like everyone else on namedroppers.

S

Re: namedroppers mismanagement, continued

[Stephen Sprunk]

Thus spake "Michael Froomkin - U.Miami School of Law"
<[EMAIL PROTECTED]>
> [cc's trimmed]
>
> Regardless of the specifics of this case, I think a good rule would be to
> say that all bounced messages on any IETF list MUST be archived on a
> separate 'bounced' list.  To whom would this suggestion best be directed?

1.  Many WG lists themselves aren't archived, but you want to force bounced
messages to be?  Are you ready to pay for this?

2.  The volume of spam in a bounced-messages archive would quickly change
your mind.

3.  All of this would be easily solved by someone (e.g. IETF secretariat)
providing list service for all WGs with a consistent policy.

S

Re: namedroppers mismanagement, continued

[Olafur Gudmundsson]

On Wed, 27 Nov 2002, Dean Anderson wrote:

> I am not on the ietf or iesg list. I don't know if this will go through to
> those lists.
>
> While DJB may also have some subscription issue, that is not the
> fundamental problem.
>
> It seems from your comments below, that you think that Randy isn't
> manually blocking/forwarding messages from subscribed addresses. However,
> that it not true.

As of early this year the policy of the list was changed from
"moderation" to "subscriber automated posting".
Bringing up ancient history is not productive as that issue has
been addressed.

Randy is currently wasting valuable time in manually scanning
100+ spams a day that are sent to namedroppers and other IETF mailing
lists he runs and we all should thank him for the good citizen service
he provides!
Every meesage that is reposted from the bounced list contains a header
explaining that posting address is not a subscribed address.

I agree that the feature to get a message back saying that a message is
waiting for manual moderation is good, it requires effort for the
list operator to set up. In my personal case I get few of these messages
each month in response to viral attempts to post messages as me on
random mailing lists.

>
> The real problem is that Randy sometimes don't post messages from people
> he doesn't like or on topics he has an interest in, even when they are
> posted from subscribed addresses.  This has happened to me several times.
> One of the occasions where it happened to me is documented on Bernstein's
> web page.  It has probably happened many more times that haven't made it
> on DJB's webpage.

Ancient history.


>
> There seems to be no reason that Randy should set himself up as a
> moderator, or any reason whatsoever there should be any manual
> intervention on posting from subscribed addresses.  Do you agree?

Yes, this is the CURRENT list policy. Thus the only messages that
are affected are from non subscribers and people posting from
different address.

In response the some points raised in this thread two changes
will happen:
 - Montly namedroppers list policy message will contain statement on
the posting policy.
 - Moderated messages will contain more informative instructions
   on how to avoid moderation.

Olafur (DNSEXT co-chair)

Re: namedroppers mismanagement, continued

[Scott Bradner]

> IMHO, it's long past the time that the IETF should have a centralized
> mail management system where lists can be (not forced to be, of
> course) centrally created and yet still managed by individual list
> authors.

yup - and its been the case for quite a while

Scott

Re: namedroppers mismanagement, continued

[Wes Hardaker]

> On Wed, 27 Nov 2002 09:55:49 -0800 (PST), Randy Presuhn 
><[EMAIL PROTECTED]> said:

Randy> As someone who has maintained a couple of WG mailing lists for
Randy> several years, I'd object to the imposition of such a
Randy> requirement.  The amount of spam, especially *large* (megabyte
Randy> or more) viral messages, directed at WG mailing lists makes
Randy> keeping all the trash a highly unattractive proposition.

I think the proper solution here is to use proper tools rather than to
impose another burden on the list administrators.  Mailing management
has come a long way in the last few years.  The easiest package I've
seen for administrative purposes is probably the mailman package,
which is being used by a very very wide range of Internet groups.  As
an example, all of the SourceForge mailing list software is managed by
mailman.

I strongly encourage the use of a more intuitive mail package like
mailman.  I've managed many mailing lists with it, ranging in size
from a few people to > 5000 and I must say that it makes
administration easy.  Moderated lists, or subscriber-only lists are
more easily taken care of because list administrators just have to
click on a button that says "reject" or "accept" or "discard".  The
nice thing about the reject action is that it sends back text to the
user saying what the problem was and how they can likely correct it.
IE, the complaint that started this huge thread (dropped problems as
opposed to a properly worded response going back) are generally taken
care of by the software, not the administrator, which is important.
It's so easy to use that my Dad can and does use it, who knows nothing
about SMTP, sendmail, aliases, unix, postfix, ...  I'm sure Randy Bush
will have no trouble with it.  It's only disadvantage is that it's
heavily web based, which will probably make a few people groan.
However, it would be rather trivial to write a mail-based,
script-based, or other wrapper around it if that was the only problem
with it.

IMHO, it's long past the time that the IETF should have a centralized
mail management system where lists can be (not forced to be, of
course) centrally created and yet still managed by individual list
authors.  The ops area has been doing this for a while, but I think it
makes sense for the main organization to host this instead if possible
(yes, I do realize that a server and bandwidth would have to be
donated to the cause).  It's all the small administrative issues like
this that detract us from real work on real protocols.  Let's fix this
at the global level, please.  Sourceforge hosts > 51,700 projects most
of which have multiple mailing lists associated with them.  We should
learn from their experiences.

-- 
Wes Hardaker
Network Associates Laboratories

RE: namedroppers mismanagement, continued

[John M. Brown]

Dan, sounds like a plan.  I say all messages from
Bernstein be handled via his option #2

Can we please BOUNCE all of Dr. Bernsteins email with
the correct procedure, in the bounce message, on how
to subscribe and be a participating member of the list
instead of bitching and wasting time.

If you have specific complaints about the List Manager
then forward them, in private, to the NomCom.

This list is NOT the place for this bitch fest.

Now lets get back to something more important like
arguing over DNS SEC. ;)


Jeesh, what a waste...


> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of D. J. Bernstein
> Sent: Wednesday, November 27, 2002 4:25 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: namedroppers mismanagement, continued
>
>
> [ post by non-subscriber.  with the massive amount of spam,
> it is easy to
>   miss and therefore delete mis-posts.  your subscription address is
>   [EMAIL PROTECTED], please post from it or
>   fix subscription your subscription address! ]
>
> Olafur Gudmundsson writes:
> > Ask Randy to put your posting address on the approved posters list.
>
> Messages are not being bounced with explanations of how to
> set them up as known addresses. Messages are being SILENTLY
> DISCARDED. (Misdirecting them to some obscure web page would
> have essentially the same effect.)
>
> You say the problem is that _I_ am not doing something. But a
> whole bunch of namedroppers messages from _other_ people have
> also been listed as coming from non-subscribers. How many
> more messages have been lost--- or deliberately thrown away
> by Bush? THE PROCEDURE IS FLAWED!
>
> As for my own sender address [EMAIL PROTECTED], Bush has already
> taken manual action---but what he did was _not_ adding the
> address to a list of known
> addresses. Instead, he started putting my subscription
> address on top of all my messages to the list---shortly after
> I had informed him that I kept _that_ address private to
> limit the number of people who can forge unsubscription requests.
>
> I don't care whether Bush's decisions can be adequately
> explained by stupidity. The decisions shouldn't be made by
> hand in the first place. The only acceptable ways to process
> a message to a standardization mailing list are
>
>(1) to immediately pass it through unchanged to the subscribers or
>(2) to immediately bounce it.
>
> The decision between #1 and #2 must be made by objective
> standards. The bounces must clearly and thoroughly explain
> the standards. The standards must allow the sender to
> straightforwardly arrange for #1.
>
> ---D. J. Bernstein, Associate Professor, Department of
> Mathematics, Statistics, and Computer Science, University of
> Illinois at Chicago
>
>
>
> --
> to unsubscribe send a message to
> [EMAIL PROTECTED] with the word 'unsubscribe'
> in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
>

Re: namedroppers mismanagement, continued

[bert hubert]

On Wed, Nov 27, 2002 at 03:50:07PM -0500, Dean Anderson wrote:

> There seems to be no reason that Randy should set himself up as a
> moderator, or any reason whatsoever there should be any manual
> intervention on posting from subscribed addresses.  Do you agree?

The lack of transparency smacks of impropriety. I see this list well served
with some moderation. I do not see it benefit from unfettered solo activity
with no external checks and balances.

'Trust me' does not apply here.

To resolve this I suggest a page with any articles that have been refused
for whatever reason. Randy?

Regards,

bert

-- 
http://www.PowerDNS.com  Versatile DNS Software & Services
http://lartc.org   Linux Advanced Routing & Traffic Control HOWTO

Re: namedroppers mismanagement, continued

[Dean Anderson]

I am not on the ietf or iesg list. I don't know if this will go through to
those lists.

While DJB may also have some subscription issue, that is not the
fundamental problem.

It seems from your comments below, that you think that Randy isn't
manually blocking/forwarding messages from subscribed addresses. However,
that it not true.

The real problem is that Randy sometimes don't post messages from people
he doesn't like or on topics he has an interest in, even when they are
posted from subscribed addresses.  This has happened to me several times.
One of the occasions where it happened to me is documented on Bernstein's
web page.  It has probably happened many more times that haven't made it
on DJB's webpage.

There seems to be no reason that Randy should set himself up as a
moderator, or any reason whatsoever there should be any manual
intervention on posting from subscribed addresses.  Do you agree?


--Dean


On Wed, 27 Nov 2002, Olafur Gudmundsson wrote:

>
>
> On 27 Nov 2002, D. J. Bernstein wrote:
>
> > [ post by non-subscriber.  with the massive amount of spam, it is easy to
> >   miss and therefore delete mis-posts.  your subscription address is
> >   [EMAIL PROTECTED], please post from it or
> >   fix subscription your subscription address! ]
> >
> > Once again: Bush is (1) subjecting a huge number of legitimate messages
> > to manual review and (2) silently discarding many of these legitimate
> > messages, apparently at a rate of hundreds per year (not counting mine).
>
> All you need to do is ONE of the following:
>   Use the same subcription address and posting address
>   Ask Randy to put your posting address on the approved posters
>   list.
>
> >
> > Both #1 and #2 are unacceptable. I want the manual reviews _eliminated_.
> > If a message isn't posted immediately, it must be bounced, with a clear
> > explanation of how to have it posted without Bush's intervention.
>
> The ONLY reason there is manual review is because you are not
> addhearing to the protocol for posting to the mailing list.
>
> >
> > If the IETF documentation doesn't make sufficiently clear that Bush's
> > behavior is unacceptable, that documentation also has to be fixed.
>
> Send text.
>
>   Olafur
>
>
>
>
> --
> to unsubscribe send a message to [EMAIL PROTECTED] with
> the word 'unsubscribe' in a single line as the message text body.
> archive: 
>

Re: namedroppers mismanagement, continued

[Keith Moore]

> The list moderator asked him to add his email address to the list, and
> indicated that as a result of doing so his mail would be unmoderated. Is it
> so hard to do?

frankly, it's ridiculous to expect people to subscribe to every list to which they
wish to contribute.

for example, if there were a working group trying to break IPv4 so that simple
unauthenticated IPv4-enabled light switches could exist, it would be quite
reasonable for people outside that group to want to make comments to that
group to discourage them from breaking IP or apps that use IP.  those outside
contributors should not have to be subjected to mail about how great it will be
when those apps are broken but we have IP-enabled light switches.

Keith

p.s. yes this group does exist, and their documents are before the IESG.

Re: namedroppers mismanagement, continued

[Garrett Wollman]

In article [EMAIL PROTECTED]> 
you write:
>Neither is
>
> echo subscribe '[EMAIL PROTECTED]' | mail namedroppers-request 
>ops.ietf.org

Not a useful answer.  There is a reason why the address from which I
am sending this message is not the one to which I am subscribed.  (If
this reason is not obvious, look at the headers.)

-GAWollman

-- 
Garrett A. Wollman   | [G]enes make enzymes, and enzymes control the rates of
[EMAIL PROTECTED]  | chemical processes.  Genes do not make ``novelty-
Opinions not those of| seeking'' or any other complex and overt behavior.
MIT, LCS, CRS, or NSA| - Stephen Jay Gould (1941-2002)

RE: namedroppers mismanagement, continued

[Bill Strahm]

I don't know about others, but I use the IETF mailing list service to
manage the list.  If you want to send a message all it takes is a
subscribe, but please don't send me any e-mails... Very easy to do with
a Webpage...

This only guarantees that I won't see your mail and possibly make a
mistake, hopefully I don't make too many mistakes, but I am human

Bill

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 26, 2002 2:33 PM
To: [EMAIL PROTECTED]
Cc: 'Keith Moore'; [EMAIL PROTECTED]
Subject: Re: namedroppers mismanagement, continued


> No I don't want random people sending stuff to a low volume list ( a
> couple messages a week is normal ) so I think asking people to
> subscribe is a low overhead task...

I understand where you are coming from, but too many IETF working
groups' output has suffered from lack of outside input.  Certainly it's
reasonable to expect frequent contributors to at least get on an
"allowed posters" list, but it's not reasonable to exclude occasional
input from others.

Keith

Re: namedroppers mismanagement, continued

[Keith Moore]

> No I don't want random people sending stuff to a low volume list ( a
> couple messages a week is normal ) so I think asking people to subscribe
> is a low overhead task...

I understand where you are coming from, but too many IETF working groups'
output has suffered from lack of outside input.  Certainly it's reasonable
to expect frequent contributors to at least get on an "allowed posters"
list, but it's not reasonable to exclude occasional input from others.

Keith

Re: namedroppers mismanagement, continued

[Erik Nordmark]

> - in the current situation, even postings from occasional posters 
>   are being blocked.  and when postings are blocked, the message is 
>   terse and cryptic (even insulting) and contains no clue about how 
>   to workaround the problem

Do you have specific recent examples of this? If it is the case it needs to be
fixed.

> - getting on the "approved posters" list is not well documented or
>   understood.  for some list software this is a manual operation 
>   requiring the list admin to edit a file; on others it is under
>   control of the subscriber but he/she has to "subscribe" the alternate
>   address using some obscure option like /NOMAIL.

Perhaps in the case of namedroppers the added [ post by non-subscriber... ]
note can include the instructions on how to get added to that list.

  Erik

Re: namedroppers mismanagement, continued

[jfcm]

At 19:17 28/11/02, Keith Moore wrote:

Can we please fix this problem which has gone on for several years
and stop pretending that this behavior is acceptable?


1. djb cannot post on namedroppers ultimately because of the spam,.
2. he must be on a special list because he is of the IETF but not of that 
specific WG.
3. this is accepted as a limitation of the IETF capacity

Before spam blocks IETF, would it not be a priority to discuss an RFC 
documenting:
- a serious anti-spam solution based on sender authentification
- a meta-mailing list concept: you register once to a meta IETF list and 
you can post on every WG?

Sounds like a survival issue?
jfc

RE: namedroppers mismanagement, continued

[Bill Strahm]

Ok... I have to know...

Randy,

Can you please put [EMAIL PROTECTED] on the approved posters list for
namedroppers ?

Isn't it as simple as that ?

Bill

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Keith Moore
Sent: Thursday, November 28, 2002 10:18 AM
To: Erik Nordmark
Cc: [EMAIL PROTECTED]
Subject: Re: namedroppers mismanagement, continued 


> If folks need to post all the time from a different
> address than their subscription address *they* should take the step to

> get that posting address added to the approved posters list.

that might be fine, except

- in the current situation, even postings from occasional posters 
  are being blocked.  and when postings are blocked, the message is 
  terse and cryptic (even insulting) and contains no clue about how 
  to workaround the problem

- getting on the "approved posters" list is not well documented or
  understood.  for some list software this is a manual operation 
  requiring the list admin to edit a file; on others it is under
  control of the subscriber but he/she has to "subscribe" the alternate
  address using some obscure option like /NOMAIL.
 
I've run several IETF lists myself and I know how much of a pain it is
to filter out spam.  Yes, the process is error prone.  Yes it's 
a pain to keep approving posts from the same person (though it's 
easy to fix that problem, and no I don't think adding that person to an
approved posters lists is assuming too much).  And yet I still don't
think that namedroppers is being managed appropriately.

Can we please fix this problem which has gone on for several years and
stop pretending that this behavior is acceptable?

Keith

Re: namedroppers mismanagement, continued

[Keith Moore]

> If folks need to post all the time from a different
> address than their subscription address *they* should take the step to
> get that posting address added to the approved posters list.

that might be fine, except

- in the current situation, even postings from occasional posters 
  are being blocked.  and when postings are blocked, the message is 
  terse and cryptic (even insulting) and contains no clue about how 
  to workaround the problem

- getting on the "approved posters" list is not well documented or
  understood.  for some list software this is a manual operation 
  requiring the list admin to edit a file; on others it is under
  control of the subscriber but he/she has to "subscribe" the alternate
  address using some obscure option like /NOMAIL.
 
I've run several IETF lists myself and I know how much of a pain it
is to filter out spam.  Yes, the process is error prone.  Yes it's 
a pain to keep approving posts from the same person (though it's 
easy to fix that problem, and no I don't think adding that person
to an approved posters lists is assuming too much).  And yet I still
don't think that namedroppers is being managed appropriately.

Can we please fix this problem which has gone on for several years
and stop pretending that this behavior is acceptable?

Keith

Re: namedroppers mismanagement, continued

[Erik Nordmark]

> I don't care whether Bush's decisions can be adequately explained by
> stupidity. The decisions shouldn't be made by hand in the first place.
> The only acceptable ways to process a message to a standardization
> mailing list are
> 
>(1) to immediately pass it through unchanged to the subscribers or
>(2) to immediately bounce it.
> 
> The decision between #1 and #2 must be made by objective standards. The
> bounces must clearly and thoroughly explain the standards. The standards
> must allow the sender to straightforwardly arrange for #1.

I disagree that there is no room for human beings filtering out spam.
Your approach means that an IETF participant can't cross-post messages
to mailing lists to which s/he is not subscribed, which I think would make
inter-WG coordination much more difficult when we need to make it easier.

  Erik

Re: namedroppers mismanagement, continued

[Erik Nordmark]

> Anyways, if the admin really considers it impolite (I don't), then
> maybe that admin should send the user an opt-in (or opt-out) notice
> before (or after) adding the user to the pre-approved list of
> posters.  (Note: for the subscribers list, the policy should be opt-in).
> This is easily automated (most list management software supports
> such).

The folks that are willing to go through piles of spam to find the non-spam
emails from non-subscribers do us a tremedous service, since it allows
cross-postings across WGs (which is important to help with coordination of
the IETF work IMHO), without subjecting the rest of us to spam.

Requiring those folks to take the initiative to add folks to the mailing
list has the issues others have pointed out (about guessing the intent)
and is also putting the burden on folks I think we should reward for
filtering spam. If folks need to post all the time from a different 
address than their subscription address *they* should take the step to
get that posting address added to the approved posters list.

  Erik

Re: namedroppers mismanagement, continued

[Erik Nordmark]

> Bush imposed his mailing-list control methods without IESG approval, in
> violation of RFC 2418, section 3.2.

Dan,

The spam filtering applied to the namedroppers list is consistent
with the IESG policy on spam control at
http://www.ietf.org/IESG/Statements.html

> What's stopping him from selectively delaying or discarding messages
> that he doesn't like? How can we tell whether these were actually
> ``mistakes''?

Messages sent by subscribers to the list, or from addresses that have
been explicitly requested to be added to the exception list
of automatically approved non-subscriber posters, are sent to the list
without any manual review.

The manual review only applies to non-subscriber postings with the intent
of filtering out spam that isn't caught by the automatic spam filtering,
while allowing occasional messages, such as WG cross postings, to get through.
However, any frequent posters to the list should either post from
their subscription address or ask to be added to the exception list.

   Erik

Re: namedroppers mismanagement, continued

[Keith Moore]

> The policy of namedroppers is posted to the list monthly. No one can
> claim they do not know that policy. I do not see much relavence to what
> the policy of a mailing list with the same "user name" at a different
> host 22 years ago was. You are grasping at staws.

perhaps not, but in some circles it is common wisdom that if you want
to start a new working group, it needs a new mailing list, in order
to discourage hold-over discussions from the old lists.

Keith

Re: namedroppers mismanagement, continued

[Donald Eastlake 3rd]

The policy of namedroppers is posted to the list monthly. No one can 
claim they do not know that policy. I do not see much relavence to what 
the policy of a mailing list with the same "user name" at a different 
host 22 years ago was. You are grasping at staws.

Donald

On Wed, 27 Nov 2002, Keith Moore wrote:

> Date: Wed, 27 Nov 2002 21:00:20 -0500
> From: Keith Moore <[EMAIL PROTECTED]>
> To: Donald Eastlake 3rd <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: namedroppers mismanagement, continued 
> 
> > PS: The namedroppers list is a special case because of persistent
> > attempts over a long period to use it for purposes outside of the
> > charter of the WG.
> 
> might that be because the namedroppers list is seen as a descendant
> of the namedroppers lists that has existed since circa 1980 as a  
> general forum for name service discussion?
==
 Donald E. Eastlake 3rd   [EMAIL PROTECTED]
 155 Beaver Street  +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA   [EMAIL PROTECTED]

Re: namedroppers mismanagement, continued

[Keith Moore]

> PS: The namedroppers list is a special case because of persistent
> attempts over a long period to use it for purposes outside of the
> charter of the WG.

might that be because the namedroppers list is seen as a descendant
of the namedroppers lists that has existed since circa 1980 as a  
general forum for name service discussion?

Re: namedroppers mismanagement, continued

[D. J. Bernstein]

Olafur Gudmundsson writes:
> Ask Randy to put your posting address on the approved posters list.

Messages are not being bounced with explanations of how to set them up
as known addresses. Messages are being SILENTLY DISCARDED. (Misdirecting
them to some obscure web page would have essentially the same effect.)

You say the problem is that _I_ am not doing something. But a whole
bunch of namedroppers messages from _other_ people have also been listed
as coming from non-subscribers. How many more messages have been lost---
or deliberately thrown away by Bush? THE PROCEDURE IS FLAWED!

As for my own sender address [EMAIL PROTECTED], Bush has already taken manual
action---but what he did was _not_ adding the address to a list of known 
addresses. Instead, he started putting my subscription address on top of
all my messages to the list---shortly after I had informed him that I
kept _that_ address private to limit the number of people who can forge
unsubscription requests.

I don't care whether Bush's decisions can be adequately explained by
stupidity. The decisions shouldn't be made by hand in the first place.
The only acceptable ways to process a message to a standardization
mailing list are

   (1) to immediately pass it through unchanged to the subscribers or
   (2) to immediately bounce it.

The decision between #1 and #2 must be made by objective standards. The
bounces must clearly and thoroughly explain the standards. The standards
must allow the sender to straightforwardly arrange for #1.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Re: namedroppers mismanagement, continued

[Donald Eastlake 3rd]

I second this. If some WG wants to maintain such a bounced list, that's
fine, but there isn't sufficient reason for it to be a requirement.

It's too bad that the exponentially increasing volume of spam has such
corrosive effect but that is the reality. Every IETF WG list I have
anything to do with has spam filtration and/or moderation of various
sorts. And I know exactly what the response from those who claim to
represent "openness" will be to this message. But the fact is that, for
the vast majority of IETF WG mailing lists, eliminating spam filtration
or moderation would greatly decrease participation and decrease input. I
don't give a damn about personal opinions that everyone should be able
to do their own high quality spam filtration and or be willing to "just
hit D".  I'm talking about reality and they don't. The minor additional
effort by those not subscribed to subscribe or get themselves added to
the can-post-but-not-subscribed-list or send the contribution to the WG
chair for posting is certainly a cost and may eliminate some input but
I'm satisfied from the consensus in WGs where this has been discussed
that these effects are dwarfed by the loss of input and participation
that would occur if filtration and moderation were eliminated.

Donald

PS: The namedroppers list is a special case because of persistent
attempts over a long period to use it for purposes outside of the
charter of the WG. Becasue of this, it has been found necessary by the
WG chairs for human judgement to be used more than on any other WG
mailing list. The ADs and IESG and IETF chair, who represent and are
selected by the IETF community, are and have for a long time been fully
aware of this. The periodic waves of complaint messages on the subject
posted to the IETF list are primarily a waste of everyone's time since
the policies are supported by the consensus in the working groups
involved.

On Wed, 27 Nov 2002, Randy Presuhn wrote:

> Date: Wed, 27 Nov 2002 09:55:49 -0800 (PST)
> From: Randy Presuhn <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: namedroppers mismanagement, continued
> 
> Hi -
> 
> > Date: Wed, 27 Nov 2002 11:50:23 -0500 (EST)
> > From: "Michael Froomkin - U.Miami School of Law" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: namedroppers mismanagement, continued
> > In-Reply-To: <[EMAIL PROTECTED]>
> > Message-ID: <[EMAIL PROTECTED]>
> ...
> > Regardless of the specifics of this case, I think a good rule would be to
> > say that all bounced messages on any IETF list MUST be archived on a
> > separate 'bounced' list.  To whom would this suggestion best be directed?
> ...
> 
> As someone who has maintained a couple of WG mailing lists
> for several years, I'd object to the imposition of such a
> requirement.  The amount of spam, especially *large* (megabyte
> or more) viral messages, directed at WG mailing lists makes
> keeping all the trash a highly unattractive proposition.
> 
> (Much of the viral spam I see bears the forged addresses
> of legitimate subscribers, so I have to resort to other
> mechanisms to keep the lists clean.)
> 
>  --
>  Randy Presuhn  BMC Software, Inc.  SJC-1.3141
>  [EMAIL PROTECTED]  2141 North First Street
>  Tel: +1 408 546-1006   San José, California 95131  USA
>  --
>  My opinions and BMC's are independent variables.
>  --
> 
> 

-- 
==
 Donald E. Eastlake 3rd   [EMAIL PROTECTED]
 155 Beaver Street  +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA   [EMAIL PROTECTED]

Re: namedroppers mismanagement, continued

[Dave Crocker]

Michael,


Wednesday, November 27, 2002, 8:50:23 AM, you wrote:
Michael> [cc's trimmed]

Michael> Regardless of the specifics of this case, I think a good rule would be to
Michael> say that all bounced messages on any IETF list MUST be archived on a
Michael> separate 'bounced' list.  To whom would this suggestion best be directed?

Michael,

Are you offering to pay for the lifetime subsidy for this archive
service that you are suggesting?  The form of you suggestion means
that there is no limit to the number of messages that might need
archiving.

d/
-- 
 Dave Crocker  
 TribalWise 
 t +1.408.246.8253; f +1.408.850.1850

Re: namedroppers mismanagement, continued

[Michael Froomkin - U.Miami School of Law]

I agree that a size limit would be appropriate, especially if it also
applied to the main list, but maybe even if it did not.

On Wed, 27 Nov 2002, Randy Presuhn wrote:

> Hi -
> 
> > Date: Wed, 27 Nov 2002 11:50:23 -0500 (EST)
> > From: "Michael Froomkin - U.Miami School of Law" <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: namedroppers mismanagement, continued
> > In-Reply-To: <[EMAIL PROTECTED]>
> > Message-ID: <[EMAIL PROTECTED]>
> 
> > Regardless of the specifics of this case, I think a good rule would be to
> > say that all bounced messages on any IETF list MUST be archived on a
> > separate 'bounced' list.  To whom would this suggestion best be directed?
> 
> 
> As someone who has maintained a couple of WG mailing lists
> for several years, I'd object to the imposition of such a
> requirement.  The amount of spam, especially *large* (megabyte
> or more) viral messages, directed at WG mailing lists makes
> keeping all the trash a highly unattractive proposition.
> 
> (Much of the viral spam I see bears the forged addresses
> of legitimate subscribers, so I have to resort to other
> mechanisms to keep the lists clean.)
> 
>  --
>  Randy Presuhn  BMC Software, Inc.  SJC-1.3141
>  [EMAIL PROTECTED]  2141 North First Street
>  Tel: +1 408 546-1006   San José, California 95131  USA
>  --
>  My opinions and BMC's are independent variables.
>  --
> 
> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's warm here.<--

Re: namedroppers mismanagement, continued

[Olafur Gudmundsson]

On 27 Nov 2002, D. J. Bernstein wrote:

> [ post by non-subscriber.  with the massive amount of spam, it is easy to
>   miss and therefore delete mis-posts.  your subscription address is
>   [EMAIL PROTECTED], please post from it or
>   fix subscription your subscription address! ]
>
> Once again: Bush is (1) subjecting a huge number of legitimate messages
> to manual review and (2) silently discarding many of these legitimate
> messages, apparently at a rate of hundreds per year (not counting mine).

All you need to do is ONE of the following:
Use the same subcription address and posting address
Ask Randy to put your posting address on the approved posters
list.

>
> Both #1 and #2 are unacceptable. I want the manual reviews _eliminated_.
> If a message isn't posted immediately, it must be bounced, with a clear
> explanation of how to have it posted without Bush's intervention.

The ONLY reason there is manual review is because you are not
addhearing to the protocol for posting to the mailing list.

>
> If the IETF documentation doesn't make sufficiently clear that Bush's
> behavior is unacceptable, that documentation also has to be fixed.

Send text.

Olafur

Re: namedroppers mismanagement, continued

[Randy Presuhn]

Hi -

> Date: Wed, 27 Nov 2002 11:50:23 -0500 (EST)
> From: "Michael Froomkin - U.Miami School of Law" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: namedroppers mismanagement, continued
> In-Reply-To: <[EMAIL PROTECTED]>
> Message-ID: <[EMAIL PROTECTED]>
...
> Regardless of the specifics of this case, I think a good rule would be to
> say that all bounced messages on any IETF list MUST be archived on a
> separate 'bounced' list.  To whom would this suggestion best be directed?
...

As someone who has maintained a couple of WG mailing lists
for several years, I'd object to the imposition of such a
requirement.  The amount of spam, especially *large* (megabyte
or more) viral messages, directed at WG mailing lists makes
keeping all the trash a highly unattractive proposition.

(Much of the viral spam I see bears the forged addresses
of legitimate subscribers, so I have to resort to other
mechanisms to keep the lists clean.)

 --
 Randy Presuhn  BMC Software, Inc.  SJC-1.3141
 [EMAIL PROTECTED]  2141 North First Street
 Tel: +1 408 546-1006   San José, California 95131  USA
 --
 My opinions and BMC's are independent variables.
 --

Re: namedroppers mismanagement, continued

[Michael Froomkin - U.Miami School of Law]

[cc's trimmed]

Regardless of the specifics of this case, I think a good rule would be to
say that all bounced messages on any IETF list MUST be archived on a
separate 'bounced' list.  To whom would this suggestion best be directed?

On 27 Nov 2002, D. J. Bernstein wrote:

> Once again: Bush is (1) subjecting a huge number of legitimate messages
> to manual review and (2) silently discarding many of these legitimate
> messages, apparently at a rate of hundreds per year (not counting mine).
> 
> Both #1 and #2 are unacceptable. I want the manual reviews _eliminated_.
> If a message isn't posted immediately, it must be bounced, with a clear
> explanation of how to have it posted without Bush's intervention.
> 
> If the IETF documentation doesn't make sufficiently clear that Bush's
> behavior is unacceptable, that documentation also has to be fixed.
> 
> ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> Statistics, and Computer Science, University of Illinois at Chicago
> 
> 

-- 
Please visit http://www.icannwatch.org
A. Michael Froomkin   |Professor of Law|   [EMAIL PROTECTED]
U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
+1 (305) 284-4285  |  +1 (305) 284-6506 (fax)  |  http://www.law.tm
-->It's hot here.<--

Re: namedroppers mismanagement, continued

[D. J. Bernstein]

Once again: Bush is (1) subjecting a huge number of legitimate messages
to manual review and (2) silently discarding many of these legitimate
messages, apparently at a rate of hundreds per year (not counting mine).

Both #1 and #2 are unacceptable. I want the manual reviews _eliminated_.
If a message isn't posted immediately, it must be bounced, with a clear
explanation of how to have it posted without Bush's intervention.

If the IETF documentation doesn't make sufficiently clear that Bush's
behavior is unacceptable, that documentation also has to be fixed.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Re: namedroppers mismanagement, continued

[Keith Moore]

> isn't moderating the list randy's perogative as WG chair?

excluding relevant input is not the perogatie of the chair.

Re: namedroppers mismanagement, continued

[Paul Vixie]

> ..., the worst error you can make is to refuse to forward valuable
> input to working groups. ...

speaking as one whose namedroppers articles have never been lost or rejected,
and as someone who remembers how much spam was broadcast through namedroppers
before randy began moderating it, my only complaint is that randy's method
sometimes introduces latency.  some discussions are improved by high latency,
others are hurt by it.  if we're going to have latency i'd like it to only
occur in discussions that will be improved by it.  if discrimination of that
kind is not possible, then i'd prefer no human-induced moderation latency.
a simple "fully verified opt-in" mailing system, as supported in free tools
like mailman and (modern) majordomo, do fine at keeping spam out.

> ... and furthermore you've known about this problem for years and
> stubbornly insisted that you had a right to impose your arbitrary
> constraints on working group operation, in violation of established rules
> and policies.

i'm not an ietf process expert.  isn't moderating the list randy's perogative
as WG chair?
-- 
Paul Vixie

Re: namedroppers mismanagement, continued

[Keith Moore]

> so my personal method is to let the user act on their own behalf
> and to respond to explicit written requests.  that way, the worst
> error i can make is cut and paste, and even that has gotten me in
> trouble on occasion.

no, the worst error you can make is to refuse to forward valuable
input to working groups.  and furthermore you've known about this
problem for years and stubbornly insisted that you had a right
to impose your arbitrary constraints on working group operation,
in violation of established rules and policies.

Keith

Re: namedroppers mismanagement, continued

[Kurt D. Zeilenga]

At 04:48 PM 2002-11-26, Randy Bush wrote:
>> Assuming this provides a means for the user can make an explicit
>> request to opt-in to a list of "known email addresses", great
>> (DJB should opt-in).
>
>i think about 472 people have said that already.

I took recent statements on this list as indicating that
namedroppers used the senders address to determine what
might be spam but didn't have a separate list of
"known email addresses" which mail from is assumed to be
non-spam.

Thanks for clarifying that such a separate list does exist
for namedroppers and that the user simply needs to explicitly
request addition to it for his messages to be considered
non-spam.

Kurt

Re: namedroppers mismanagement, continued

[Randy Bush]

> Assuming this provides a means for the user can make an explicit
> request to opt-in to a list of "known email addresses", great
> (DJB should opt-in).

i think about 472 people have said that already.  i guess that this
is a great leap forward for ietf progress in forming internet
technology.

randy

Re: namedroppers mismanagement, continued

[Kurt D. Zeilenga]

At 03:42 PM 2002-11-26, Randy Bush wrote:
>so my personal method is to let the user act on their own behalf
>and to respond to explicit written requests.

Assuming this provides a means for the user can make an explicit
request to opt-in to a list of "known email addresses", great
(DJB should opt-in).

If not, why have you chosen not to implement guideline 5 in
http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt?
It seems to me that following this guideline would significant
reduce the number of administrative errors and hopefully allow
the community to re-focus on technical issues.

Kurt

Re: namedroppers mismanagement, continued

[Randy Bush]

> Pre-approved lists continues to allow IETF'ers to post to IETF
> lists without having to be subscribed or suffer through the
> error-prone, distribution delay inducing, and list admin's time
> consuming processes some list admins have forced upon us.

like what i call "do-gooder software", when you guess correctly,
no one ever says thanks.  but guess wrongly once, and you get
screamed at forever.

so my personal method is to let the user act on their own behalf
and to respond to explicit written requests.  that way, the worst
error i can make is cut and paste, and even that has gotten me in
trouble on occasion.

but ymmv, and that's what makes the world go 'round.

randy

Re: namedroppers mismanagement, continued

[Kurt D. Zeilenga]

At 01:43 PM 2002-11-26, Fred Baker wrote:
>At 11:57 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote:
>>Anyways, if the admin really considers it impolite (I don't), then
>>maybe that admin should send the user an opt-in (or opt-out) notice
>>before (or after) adding the user to the pre-approved list of
>>posters.
>
>How does that differ from what was requested?

Pre-approved lists continues to allow IETF'ers to post to IETF
lists without having to be subscribed or suffer through the
error-prone, distribution delay inducing, and list admin's time
consuming processes some list admins have forced upon us.

Kurt

Re: namedroppers mismanagement, continued

[Fred Baker]

At 11:57 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote:

Anyways, if the admin really considers it impolite (I don't), then
maybe that admin should send the user an opt-in (or opt-out) notice
before (or after) adding the user to the pre-approved list of
posters.


How does that differ from what was requested?


>Is it so hard to do?

  echo '[EMAIL PROTECTED]' >> namedroppers.allowed-posters

is not hard at all.


Neither is

echo subscribe '[EMAIL PROTECTED]' | mail namedroppers-request  
ops.ietf.org

RE: namedroppers mismanagement, continued

[Bill Strahm]

Keith,
I almost agree with you... Except here is the problem...

The [EMAIL PROTECTED] mailing list has 17 request(s) waiting for your
consideration at:

https://www1.ietf.org/mailman/admindb/ipoverib

I'll go ahead and remove the 17 messages trying to sell sex, toner
cartridges, stuff in char sets I don't even know what they are...

No I don't want random people sending stuff to a low volume list ( a
couple messages a week is normal ) so I think asking people to subscribe
is a low overhead task... You don't even have to receive the mail
traffic.

It is also not in the communities interest to slog through 100's of
spams to find a usefull nugget of truth either.

Bill

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Keith Moore
Sent: Tuesday, November 26, 2002 6:41 AM
To: Eliot Lear
Cc: D. J. Bernstein; [EMAIL PROTECTED]
Subject: Re: namedroppers mismanagement, continued


>   Join the list already.  How hard is that for a so-called mail guru?

there are valid reasons to post to a list when you're not subscribed, or
from a different address from the one you use for your subscription.

and it's not in the community's interest to ignore useful input.

Re: namedroppers mismanagement, continued

[D. J. Bernstein]

David Frascone writes:
> Why not simply subscribe and resend?

How does that help namedroppers recover all the lost messages from
_other_ people? Bush has _sent_ 115 legitimate namedroppers messages
from non-subscribers in the last three months; how many has he _lost_?

> I'm sure I mistakenly reject many of them.

Do you _silently discard_ them? If the sender isn't monitoring the list,
how will he ever know that his message didn't go through? If he _is_
monitoring the list, how long is he supposed to wait before complaining?

Bush imposed his mailing-list control methods without IESG approval, in
violation of RFC 2418, section 3.2. He has been caught engaging in
content-based censorship several times:

   http://cr.yp.to/djbdns/namedroppers.html

What's stopping him from selectively delaying or discarding messages
that he doesn't like? How can we tell whether these were actually
``mistakes''?

Manual reviews are completely inappropriate for a standardization forum.
They allow uncontrolled abuse, even when they aren't exacerbated by a
lack of notification to the sender.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Re: namedroppers mismanagement, continued

[Kurt D. Zeilenga]

At 11:10 AM 2002-11-26, Fred Baker wrote:
>At 07:39 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote:
>>The list admin should add the unsubscribed address to the
>>list of "known email addresses".  See item 5 in:
>>  http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt
>
>that's one of the list admin's options. But it turns out that many list admins 
>consider adding a name to a list unbidden is impolite, and choose to not do this 
>either, because they consider it error-prone and potentially insecure.

I think it could be easily argued that manual approval process is
far more error-prone than automated approval process and comes
with the most of the same security and "use" issues you discuss.

Anyways, if the admin really considers it impolite (I don't), then
maybe that admin should send the user an opt-in (or opt-out) notice
before (or after) adding the user to the pre-approved list of
posters.  (Note: for the subscribers list, the policy should be opt-in).
This is easily automated (most list management software supports
such).

>Is it so hard to do?

  echo '[EMAIL PROTECTED]' >> namedroppers.allowed-posters

is not hard at all.

Kurt

Re: namedroppers mismanagement, continued

[Fred Baker]

At 07:39 AM 11/26/2002 -0800, Kurt D. Zeilenga wrote:

The list admin should add the unsubscribed address to the
list of "known email addresses".  See item 5 in:
  http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt


that's one of the list admin's options. But it turns out that many list
admins consider adding a name to a list unbidden is impolite, and choose to
not do this either, because they consider it error-prone and potentially
insecure. Simply adding the address doesn't check that it is an address
someone can send mail *to*, which is something someone replying to the list
expects, and it doesn't allow people to reliably trim the CC line - I can
usually remove email addresses from the CC line other than the alias
itself, and simply reply to the list, but in this case that would cut the
person out of the discussion. If there is a clear definition of a member
(for example, a member of the IAB), "known addresses" is a useful
work-around, but for a list participant, adding his email to the list is
pretty much de rigeur.

The list moderator asked him to add his email address to the list, and
indicated that as a result of doing so his mail would be unmoderated. Is it
so hard to do?

Re: namedroppers mismanagement, continued

[Lawrence Greenfield]

   From: "Kurt D. Zeilenga" <[EMAIL PROTECTED]>
   Date: Tue, 26 Nov 2002 07:39:49 -0800
[...]
   No.  The list admin should add the unsubscribed address to the
   list of "known email addresses".  See item 5 in:
 http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt

It's getting more and more to the point that we should just centralize
all of the mailing lists. (Thus also centralizing archives and making
it harder for things to just get lost.)

I remember trying to post a comment to the tls-wg mailing list and
getting a bounce with no useful information about how to actual send
my message without subscribing. So I replied to the bounce, hoping to
get a person who could help me in some way. It bounced. I gave up,
which was unfortunate since I was trying to correct a misunderstanding
about how many application protocols actual use TLS.

Larry

Re: namedroppers mismanagement, continued

[Paul Ebersman]

djb> I've sent twelve messages to the namedroppers mailing list this
djb> month.

Did I miss the announcement where the namedroppers mailing list was
on the IETF standards track?

--
Paul

Re: namedroppers mismanagement, continued

[Kurt D. Zeilenga]

At 04:26 AM 2002-11-26, Eliot Lear wrote:
>Were you one of those kids who had trouble following directions?  Randy has given you 
>a pretty plain solution that even my mother could follow (and my mother barely knows 
>how to find the "on" button of a computer).  Join the list already.  How hard is that 
>for a so-called mail guru?

No.  The list admin should add the unsubscribed address to the
list of "known email addresses".  See item 5 in:
  http://www.ietf.org/IESG/STATEMENTS/mail-submit-policy.txt

Kurt

Re: namedroppers mismanagement, continued

[Keith Moore]

>   Join the list already.  How hard is that for a so-called mail guru?

there are valid reasons to post to a list when you're not subscribed,
or from a different address from the one you use for your subscription.

and it's not in the community's interest to ignore useful input.

Re: namedroppers mismanagement, continued

[Keith Moore]

> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)

in my experience, if you send mail to the list administrator
and say "please add [EMAIL PROTECTED] as an address that is allowed
to post to this list", the problem goes away - for that list.

and no, I don't think that one should have to "say the secret magic words"
to make the right thing happen.but it does seem to work in practice.

Keith

Re: namedroppers mismanagement, continued

[Joe Baptista]

Bernstein - I'm not surprised this is happening.  I've experimented with
your dns daemon and it is by far superior to the existing bind
implimentations.  So I'm frankly not very surprised Bush don't like your
posts.  But I will admit the behaviour is juvenile.  But again this should
not surprise us.

But to end this on a positive note - let me make clear I admire your work.

regards
joe baptista

On 26 Nov 2002, D. J. Bernstein wrote:

> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)
>
> Bush says that the only relevant feature of my messages is that they're
> sent from an address that isn't subscribed to namedroppers. Okay, boys
> and girls, let's look at some statistics:
>
>* 5/12 of my messages have been silently discarded;
>
>* according to Bush, this has nothing to do with me or the content,
>  so we estimate that about 5/12 of all non-subscriber messages have
>  been silently discarded;
>
>* in the past three months, there have been about 100 legitimate
>  messages from other people who Bush labelled as non-subscribers;
>
>* so we estimate that, in the last three months, Bush has silently
>  discarded about 71 legitimate messages from other people. That's a
>  rate of hundreds per year.
>
> Bush doesn't say ``Your message didn't go through.'' Bush doesn't say
> ``Reply to this bounce to confirm your original message.'' He simply
> throws the message away.
>
> This is supposed to be the mailing list for an open IETF working group.
> It's outrageous that valid messages are being silently discarded---even
> if the number is not as large as hundreds per year.
>
> ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> Statistics, and Computer Science, University of Illinois at Chicago
>
> P.S. Out of my twelve messages, the five that were silently discarded
> are exactly the five that I would pick if I were a censor trying to bias
> the DNSEXT decisions in favor of the BIND company. Coincidence, right?
>
> P.P.S. Bush's mailing-list software doesn't cryptographically confirm
> unsubscription requests. I kept my subscription address private until
> Bush revealed it a few days ago. I'm working on obtaining a subscription
> through an address that Bush doesn't know is connected to me.
>

Re: namedroppers mismanagement, continued

[David Frascone]

Why not simply subscribe and resend?

As a maintainer of several lists, I can confirm what a royal pain it is to
deal with people posting from non-subscribed addresses.  I usually get 1-2 a
week as I'm sorting through the 10-15 SPAMs a day.  I'm sure I mistakenly
reject many of them.

Just my $.02 worth,


-Dave

On Tuesday, 26 Nov 2002, D. J. Bernstein wrote:
> I've sent twelve messages to the namedroppers mailing list this month.
> Five of them have been silently discarded by the namedroppers censor,
> Randy Bush. (See http://cr.yp.to/djbdns/namedroppers.html for previous
> incidents.)
>
> Bush says that the only relevant feature of my messages is that they're
> sent from an address that isn't subscribed to namedroppers. Okay, boys
> and girls, let's look at some statistics:
>
>* 5/12 of my messages have been silently discarded;
>
>* according to Bush, this has nothing to do with me or the content,
>  so we estimate that about 5/12 of all non-subscriber messages have
>  been silently discarded;
>
>* in the past three months, there have been about 100 legitimate
>  messages from other people who Bush labelled as non-subscribers;
>
>* so we estimate that, in the last three months, Bush has silently
>  discarded about 71 legitimate messages from other people. That's a
>  rate of hundreds per year.
>
> Bush doesn't say ``Your message didn't go through.'' Bush doesn't say
> ``Reply to this bounce to confirm your original message.'' He simply
> throws the message away.
>
> This is supposed to be the mailing list for an open IETF working group.
> It's outrageous that valid messages are being silently discarded---even
> if the number is not as large as hundreds per year.
>
> ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> Statistics, and Computer Science, University of Illinois at Chicago
>
> P.S. Out of my twelve messages, the five that were silently discarded
> are exactly the five that I would pick if I were a censor trying to bias
> the DNSEXT decisions in favor of the BIND company. Coincidence, right?
>
> P.P.S. Bush's mailing-list software doesn't cryptographically confirm
> unsubscription requests. I kept my subscription address private until
> Bush revealed it a few days ago. I'm working on obtaining a subscription
> through an address that Bush doesn't know is connected to me.
>

-- 
David Frascone

   My karma ran over my dogma

Re: namedroppers mismanagement, continued

[Eliot Lear]

Dan,

Were you one of those kids who had trouble following directions?  Randy 
has given you a pretty plain solution that even my mother could follow 
(and my mother barely knows how to find the "on" button of a computer). 
 Join the list already.  How hard is that for a so-called mail guru?

Eliot