Unsubscribe
unsubscribe
Unsubscribe
Re: Unsubscribe
Mike Yrabedra wrote: unsubscribe If you look at the message headers, there's a header explaining where to send unsubscribe messages to (this is the RFC standard header for doing this, so look for it in other mailing lists): List-Unsubscribe: mailto:users-unsubscr...@spamassassin.apache.org
Re: Unsubscribe
Paolo, You need to send the email to this address users-unsubscr...@spamassassin.apache.org On Fri, Jun 12, 2009 at 8:25 AM, Paolo Toninpaolo.to...@gmail.com wrote: -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: Unsubscribe
On Fri, June 12, 2009 14:37, Matt Kettler wrote: If you look at the message headers, there's a header explaining where to send unsubscribe messages to (this is the RFC standard header for doing this, so look for it in other mailing lists): google webmail does not support it :/ List-Unsubscribe: mailto:users-unsubscr...@spamassassin.apache.org wonder how users subscribed in the first place :) -- http://localhost/ 100% uptime and 100% mirrored :)
Re: Unsubscribe
Benny Pedersen wrote: On Fri, June 12, 2009 14:37, Matt Kettler wrote: If you look at the message headers, there's a header explaining where to send unsubscribe messages to (this is the RFC standard header for doing this, so look for it in other mailing lists): google webmail does not support it :/ Thats actually an interesting point, and kinda ironic at that. Since we saw two of them come in pretty back to back, I suspect a joe job of sometype. those people might not have subscribed. other interesting point, the spamassassin mailing list does violate (technically) the US (you) CAN-SPAM laws. #1, no easy unsubscribe (if you are on gmail, you really can't unless you know how to) #2, no full physical address of sender. this just goes to show how stupid can-spam is, if spammers can easily buy 20,000 nonsense domains, subscribe you without your permission to all 20,000, include a remove link and address and make you unsubscribe from all 20,000 SA mailing list folks: you might want to include both automatically in the footer of your emails. Yes, they will break dkim signing for many people, but maybe we should lead by example. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: Unsubscribe
On Fri, 12 Jun 2009, Michael Scheidell wrote: the spamassassin mailing list does violate (technically) the US (you) CAN-SPAM laws. #1, no easy unsubscribe (if you are on gmail, you really can't unless you know how to) #2, no full physical address of sender. Since CAN-SPAM only covers email whose primary purpose is advertising or promoting a commercial product or service, the SA mailing list isn't even address by the law, much less in violation of it. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Unsubscribe
I'm curious why you can't see the unsubscribe link in the header with Gmail. I can. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Jun 12, 2009 at 8:54 AM, Shane Williamssha...@shanew.net wrote: On Fri, 12 Jun 2009, Michael Scheidell wrote: the spamassassin mailing list does violate (technically) the US (you) CAN-SPAM laws. #1, no easy unsubscribe (if you are on gmail, you really can't unless you know how to) #2, no full physical address of sender. Since CAN-SPAM only covers email whose primary purpose is advertising or promoting a commercial product or service, the SA mailing list isn't even address by the law, much less in violation of it. -- Public key #7BBC68D9 at | Shane Williams http://pgp.mit.edu/ | System Admin - UT iSchool =--+--- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Unsubscribe
and when all fails: http://lmgtfy.com/?q=unsubscribe+spamassassin+mailing+list On 6/12/2009 4:07 PM, Curtis LaMasters wrote: I'm curious why you can't see the unsubscribe link in the header with Gmail. I can. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Jun 12, 2009 at 8:54 AM, Shane Williamssha...@shanew.net wrote: On Fri, 12 Jun 2009, Michael Scheidell wrote: the spamassassin mailing list does violate (technically) the US (you) CAN-SPAM laws. #1, no easy unsubscribe (if you are on gmail, you really can't unless you know how to) #2, no full physical address of sender. Since CAN-SPAM only covers email whose primary purpose is advertising or promoting a commercial product or service, the SA mailing list isn't even address by the law, much less in violation of it. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | sha...@shanew.net Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Unsubscribe
Shane Williams wrote: Since CAN-SPAM only covers email whose primary purpose is advertising or promoting a commercial product or service, the SA mailing list isn't even address by the law, much less in violation of it. Guess I never caught that part. I knew the lawyers who drafted it made sure their friends in politics were except. no, I don't know about gmail. I do know if you are unlucky enough to be forced to use OWA, well, you should not be on this list anyway.. either case, then. maybe i lean towards if you are not smart enough to find the headers you shouldn't have subscribed in the first place. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: Unsubscribe
maybe i lean towards if you are not smart enough to find the headers you shouldn't have subscribed in the first place. Actually, it's worse than that. In order to FIND the list and the link/insruction to subscribe to it, you go to the website, and the two links for subscribing and unsubscribing via e-mail are right *there* together in that one place. Scary - Charles
Re: Unsubscribe
Charles Gregory wrote: maybe i lean towards if you are not smart enough to find the headers you shouldn't have subscribed in the first place. Actually, it's worse than that. In order to FIND the list and the link/insruction to subscribe to it, you go to the website, and the two links for subscribing and unsubscribing via e-mail are right *there* together in that one place. Scary - Charles On the many mailing lists where I see these poorly directed unsubscribe emails, nearly all of them contain the single word unsubscribe and nothing else. Couldn't the mailing list software be updated to detect these emails and to reject them? Or at least put them into a moderation queue so threads like this one don't get started? Could even just send an autoresponse back to the sender advising them where they should look in order to find out the unsubscribe instructions. -- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
Re: Unsubscribe
Could even just send an autoresponse back to the sender advising them where they should look in order to find out the unsubscribe instructions. Or run a script to unsubscribe them :-) Could look for 'out of office' and 'on vacation' also. -- Michael Scheidell, CTO |SECNAP Network Security Finalist 2009 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: Unsubscribe
On Fri, 12 Jun 2009 10:47:21 -0400 (EDT) Charles Gregory cgreg...@hwcn.org wrote: maybe i lean towards if you are not smart enough to find the headers you shouldn't have subscribed in the first place. Actually, it's worse than that. In order to FIND the list and the link/insruction to subscribe to it, you go to the website, and the two links for subscribing and unsubscribing via e-mail are right *there* together in that one place. Scary - Charles It's been 6 years since I subscribed to this list, but I was sent a confirmation email that had to be replied to in order to subscribe. It's called double opt-in. Just about as safe as can be for getting only those who really want to subscribe. -- Raquel It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change. --Charles Darwin
Re: Unsubscribe
At 06:43 12-06-2009, Michael Scheidell wrote: SA mailing list folks: you might want to include both automatically in the footer of your emails. Yes, they will break dkim signing for many people, but maybe we should lead by example. The people that footer is intended for won't read it anyway. Regards, -sm
Re: BOTNET timeouts?
On 11-Jun-2009, at 13:45, Charles Gregory wrote: 2) I disagree that another person could/should 'fork' the botnet plug-in. This would cause confusion even if care was taken to rename the plug-in or otherwise distinguish the two versions for the newbie looking to download a recommended plug-in. For something so specific, there *should* be an 'official' version - yours. I would only 'fork' the development for a major design philosophy split. The creation of third-party patches is the correct solution for situations like these. 1) there's nothing wrong with forking. 2) n00bs should not be installing SA or admining mailservers anyway 3) n00bs who do, will find a forked botnet addon the least of their problems. 4) Sounds to me like this 'patch' *IS* a major design philosophy split. 5) Badgering someone to update on your schedule something they wrote and released for free is rude. 3) It is *reasonable* to request that the main distribution of a software package have included within it any patch that has stood the test of time in use as a third-pary patch, Your definition of 'withstood the test of time' does not match up with the definition of the project developer. This is fine, there is a solution. It's called 'forking'. But I would never guess from the package that a patch was available or useful. It is useful for SOME people under SOME conditions. It is not *universally* useful. So if I may recommend: Why not include the patch as a separate file in your download, John explained why. This patch does not represent the direction he wants to go with Botnet. Remember that comment about design philosophy? -- Tina... homecoming is spelled c *O* m
Re: Unsubscribe
On 12-Jun-2009, at 07:25, Benny Pedersen wrote: google webmail does not support it :/ Yes it does. Look under something like Original Message -- I am by nature made for my won good, not my own evil
Re: Unsubscribe
On 12-Jun-2009, at 07:43, Michael Scheidell wrote: the spamassassin mailing list does violate (technically) the US (you) CAN-SPAM laws. No one cares, and it's not true. The unsubscribe link is right there in plain sight. Whether Gmail conceals it from you has nothing to do with it. If you want to complain about it, complain to google. They will tell you that the full text of the message is available and how to get to it. SA mailing list folks: you might want to include both automatically in the footer of your emails. No. this is a bad idea. If you can't figure out how to look at mail headers, then you have no business on this list. -- Vi Veri Veniversum Vivus Vici
Re: Unsubscribe
On 12-Jun-2009, at 10:36, Raquel wrote: It's called double opt-in No it's not. It's called 'subscription confirmation'. Double opt-in is a spammer phrase invented to imply that a form on a web page asking for an email address is opt-in. -- Look, that's why there's rules, understand? So that you *think* before you break 'em.
Re: backscatter from dnswl
Excerpts from Charles Gregory's message of Thu Jun 11 07:13:02 -0700 2009: How many accounts are we talking about here? If it is just one or two addresses, and the user(s) being 'spoofed' have distinctive *names* on their genuine 'From' headers, then you can test for quoted messages in the body that contain a From line withthe correct address but a *wrong* 'name' in front of it. To use your address as an example: body LOC_NOTARVIS /^[ ]*From: ?([^A]|A[^r]|Ar[^v])[^@]+a...@exys\.org/ So any junk 'returned' to you as faked sender, containing, for example: Returned From: Bob smith a...@exys.org would trip over this rule. Also note that if somehow your name is *stripped*, and only the address appears, this rule will *not* trigger. It only works on *wrong* names in front of your address. The use of [^@] keeps the rule from triggering if someone has specified multiple addresses. You might not want this on a body 'From' test, but I also use this as a header 'To' rule for some of my clients to stop dictionary spam attacks :) - Charles Thanks! This looks very useful. We temporarily have blocked some networks which exhaust our relays. This is indeed caused by only a few domains all from the same customer group (trading stuff), and I think some spammers are using those addresses as From: mainly because 1) it looks trustworthy 2) we allow sender callins. Interestingly the backscatter is _only_ caused by domains within Russia with almost identical format (well, all qmail ), so I'm looking into triggering that. That forged Name/Address relationship is a pretty good find. I'll look into applying that rule system wide.
Re: Unsubscribe
LuKreme, I agree that one should be able to read the mail headers, but unless you knew to look there, you wouldn't really ever care to. Especially when wanting to unsubscribe. I don't think it has ever come across my mind to look there. RFC's aside...a link at the bottom of the email is the easiest. I don't plan on unsubscribing so I don't really care, but being bull headed is pointless in this case. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Jun 12, 2009 at 8:47 PM, LuKremekrem...@kreme.com wrote: On 12-Jun-2009, at 10:36, Raquel wrote: It's called double opt-in No it's not. It's called 'subscription confirmation'. Double opt-in is a spammer phrase invented to imply that a form on a web page asking for an email address is opt-in. -- Look, that's why there's rules, understand? So that you *think* before you break 'em.
Re: BOTNET timeouts?
On Fri, Jun 12, 2009 at 07:39:58PM -0600, LuKreme wrote: But I would never guess from the package that a patch was available or useful. It is useful for SOME people under SOME conditions. It is not *universally* useful. It's not universally useful to have some *basic* sanity checks/timeouts in code? Well sure, not all disaster scenarios can affect all users. This thread is getting ridiculous.
Re: Unsubscribe
At 07:16 PM 6/12/2009, you wrote: LuKreme, I agree that one should be able to read the mail headers, but unless you knew to look there, you wouldn't really ever care to. Especially when wanting to unsubscribe. I don't think it has ever come across my mind to look there. RFC's aside...a link at the bottom of the email is the easiest. I don't plan on unsubscribing so I don't really care, but being bull headed is pointless in this case. I know we're beating a dead horse here, but a few things to think about: You don't MAGICALLY join a mailing list. You have to follow usually a few steps (often not only subscribe, but often confirm your request by replying to the You really want to join this list? e-mail or clicking on a link in the e-mail. You generally get a e-mail telling you that you've confirmed your subscription AND includes instructions on how to unsubscribe. Almost EVERY mailing list either includes instructions on how to unsubscribe at the bottom or in the headers. If you're joining a anti-spam mailing list, you should be able to figure out how to unsubscribe. Almost NO mailing list software has you e-mail the general list to perform commands such as unsubscribe. If you're smart enough to join, you should be smart enough to unsubscribe. I'm probably missing sometihng, but that's a good majority of it.
Re: Unsubscribe
On Fri, 12 Jun 2009 19:47:21 -0600 LuKreme krem...@kreme.com wrote: On 12-Jun-2009, at 10:36, Raquel wrote: It's called double opt-in No it's not. It's called 'subscription confirmation'. Double opt-in is a spammer phrase invented to imply that a form on a web page asking for an email address is opt-in. If you want to get snippy and real technical about it, the Mailman people call it, confirmed opt-in. -- Raquel Our values are defined by what we will tolerate when it is done to others. --William Greider
Re: Unsubscribe
On 12-Jun-2009, at 20:16, Curtis LaMasters wrote: RFC's aside...a link at the bottom of the email is the easiest. I don't plan on unsubscribing so I don't really care, but being bull headed is pointless in this case. Modifying the message body breaks things. If you can figure out how to subscribe, you can figure out how to unsubscribe. Not taking the time to figure this out is merely selfish and lazy. even if you don't know to look at the headers, you can go to google. http://lmgtfy.com/?q=unsubscribe+spamassassin -- Look, that's why there's rules, understand? So that you *think* before you break 'em.
Re: Unsubscribe
On Sat, June 13, 2009 03:42, LuKreme wrote: On 12-Jun-2009, at 07:25, Benny Pedersen wrote: google webmail does not support it :/ Yes it does. Look under something like Original Message it was a leading q a from my side and i am not using it :) -- http://localhost/ 100% uptime and 100% mirrored :)
Re: BOTNET timeouts?
On Fri, 12 Jun 2009, LuKreme wrote: So if I may recommend: Why not include the patch as a separate file in your download, John explained why. This patch does not represent the direction he wants to go with Botnet. Remember that comment about design philosophy? When he GOES in that direction, the function of the patch will be subsumed by it and he can stop distributing the patch. The reason its *called* a patch is because it provides a temporary fix to a problem that can later be corrected 'properly' in accordance with design philosophy Please be clear that I was not asking that he modify his original code to 'include' the patch, but that he merely supply the patch file or even just a link to it, as a temporary measure for people who need it. This would not cause a 'design philosophy' problem. It would just save people the trouble of having the problem and *finding* the patch. But again, it's his time, he can do with it as he will. I just make the suggestions that seem reasonable to me. :) - Charles
