Re: How Not To Filter Spam

On Sat, 21 Feb 2004, Iljitsch van Beijnum wrote: This is all about cost-benefit and the realities of the messy, chaotic, ignorant world of mail users the world around. In nearly all cases the cost-benefit of signing or encrypting all messages and maintaining strict, reliable lists of ALL

Re: How Not To Filter Spam

On 20-feb-04, at 15:32, Robert G. Brown wrote: It is useful only if you only get mail from a small, closed group of people, almost by definition, as I think Vernon and others have pointed out. Well, I don't know about you, but I _do_ get mail from a small, closed group of people. I also get mail

Re: How Not To Filter Spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20-feb-04, at 2:15, Vernon Schryver wrote: That sounds like the old authentication solves spam hope. It was wrong before SMTP-AUTH and it is still wrong. Guess what, it is impossible to solve spam the same way it is impossible to solve burglary.

Re: How Not To Filter Spam

On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20-feb-04, at 2:15, Vernon Schryver wrote: That sounds like the old authentication solves spam hope. It was wrong before SMTP-AUTH and it is still wrong. Guess what, it is impossible

RE: How Not To Filter Spam

Sent: Friday, February 20, 2004 6:32 AM To: Iljitsch van Beijnum Cc: Vernon Schryver; [EMAIL PROTECTED] Subject: Re: How Not To Filter Spam On Fri, 20 Feb 2004, Iljitsch van Beijnum wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20-feb-04, at 2:15, Vernon Schryver wrote

Re: How Not To Filter Spam

On 19-feb-04, at 1:18, Robert G. Brown wrote: If a message comes in incorrectly addressed, yes, it will bounce. It should, shouldn't it? Yes, but only by ejecting the message immediately during the SMTP session. Accepting the message, then realize it can't be delivered and sending a bounce

Re: How Not To Filter Spam

Vernon Schryver wrote: If the envelope sender was forged as is common in spam, universal in worms, and practically nonexistent in legitimate mail, then your bounce will afflict third party's mailbox. My mailbox receives enough worm bounces to make me say it is an awfully bad thing. Yes.

Re: How Not To Filter Spam

From: Ed Gerck [EMAIL PROTECTED] Yes. However, if your mailbox could automatically handle confirmation requests based on messages that were actually sent by you (in much the same way that NAT boxes work -- you only get a reply to a request you send), then you would not be bothered by the

Re: How Not To Filter Spam

Vernon Schryver wrote: If a complete stranger is the sender of an incoming message, then crypto keys are irrelevant to determining the message is unsolicited bulk. No. In PGP, for example, I accept a key based on who signed it and when. If I can trust the signer(s), I may use a key from

Re: How Not To Filter Spam

From: Ed Gerck [EMAIL PROTECTED] If a complete stranger is the sender of an incoming message, then crypto keys are irrelevant to determining the message is unsolicited bulk. No. In PGP, for example, I accept a key based on who signed it and when. If I can trust the signer(s), I may

Re: How Not To Filter Spam

Vernon Schryver wrote: From: Ed Gerck [EMAIL PROTECTED] If a complete stranger is the sender of an incoming message, then crypto keys are irrelevant to determining the message is unsolicited bulk. No. In PGP, for example, I accept a key based on who signed it and when. If I

RE: How Not To Filter Spam

: Tuesday, February 17, 2004 8:03 PM To: [EMAIL PROTECTED] Subject: Re: How Not To Filter Spam From: william(at)elan.net It is also a classic example of what is wrong with the MUA filtering You certain dont assume that there is nothing wrong with the filtering system you use

Re: How Not To Filter Spam

Tony, TH a legitimate message from someone I have corresponded with in the past. The TH only way to detect a fraud at the MUA would be to have a verifiable TH signature from Alain (this was trapped at my MTA due to the exe file). yes, but no. first, there is an increasingly heated debate

Re: How Not To Filter Spam

On Tue, 17 Feb 2004, Vernon Schryver wrote: Thn enclosed example of how not to filter spam is offered for those who might want to preemptively add accuspam.com or downloadfast.com to their blacklists. It is also a classic example of what is wrong with the MUA filtering tactics Robert Brown

RE: How Not To Filter Spam

From: Tony Hain To: 'Vernon Schryver' [EMAIL PROTECTED], [EMAIL PROTECTED] So if you had received the mail sent here yesterday claiming to be from Alain Durand would you block Sun or IBM? ... I should not have responded specifically (if at all) to the other gentleman's complaint about my

Re: How Not To Filter Spam

On Wed, 18 Feb 2004, Dave Crocker wrote: Tony, TH a legitimate message from someone I have corresponded with in the past. The TH only way to detect a fraud at the MUA would be to have a verifiable TH signature from Alain (this was trapped at my MTA due to the exe file). yes, but no.

RE: How Not To Filter Spam

Dave Crocker wrote: Tony, TH a legitimate message from someone I have corresponded with in the past. The TH only way to detect a fraud at the MUA would be to have a verifiable TH signature from Alain (this was trapped at my MTA due to the exe file). yes, but no. first, there is an

Re: How Not To Filter Spam

Tony, first, there is an increasingly heated debate between folks who want to sign the message (TEOS, DomainKeys), versus others who want to secure the channel between sender and receiver (RMX, LMAP, SPF, etc.). TH Is there an obvious reason not to do both? Cost of effort. Distraction of

RE: How Not To Filter Spam

On Wed, 18 Feb 2004, Vernon Schryver wrote: ] From: Robert G. Brown [EMAIL PROTECTED] ] ... ] In the department, where we do USE spam assassin, no bounce messages are ] generated except when mail fails for one of the standard reasons ] unrelated to filtering of any sort. ... On today's

Re: How Not To Filter Spam

-BEGIN PGP SIGNED MESSAGE- Dave == Dave Crocker [EMAIL PROTECTED] writes: Dave first, there is an increasingly heated debate between folks who Dave want to sign the message (TEOS, DomainKeys), versus others who want Dave to secure the channel between sender and receiver

RE: How Not To Filter Spam

From: Robert G. Brown [EMAIL PROTECTED] ... If a message comes in incorrectly addressed, yes, it will bounce. It should, shouldn't it? This has nothing to do with whether or not it is spam or a virus or any other kind of message. If it is a bad thing, it is a very fundamental bad

RE: How Not To Filter Spam

On Wed, 18 Feb 2004, Vernon Schryver wrote: From: Tony Hain To: 'Vernon Schryver' [EMAIL PROTECTED], [EMAIL PROTECTED] So if you had received the mail sent here yesterday claiming to be from Alain Durand would you block Sun or IBM? ... I should not have responded specifically (if

How Not To Filter Spam

Thn enclosed example of how not to filter spam is offered for those who might want to preemptively add accuspam.com or downloadfast.com to their blacklists. It is also a classic example of what is wrong with the MUA filtering tactics Robert Brown advocates. I certainly did not try to contact

Re: How Not To Filter Spam

On Tue, 17 Feb 2004, Vernon Schryver wrote: It is also a classic example of what is wrong with the MUA filtering You certain dont assume that there is nothing wrong with the filtering system you use and others may try duplicate as well. Otherwise how would you explain that you have Elan and

Re: How Not To Filter Spam

From: william(at)elan.net It is also a classic example of what is wrong with the MUA filtering You certain dont assume that there is nothing wrong with the filtering system you use and others may try duplicate as well. Otherwise how would you explain that you have Elan and

Re: How Not To Filter Spam

On Tue, 17 Feb 2004, Vernon Schryver wrote: From: william(at)elan.net It is also a classic example of what is wrong with the MUA filtering You certain dont assume that there is nothing wrong with the filtering system you use and others may try duplicate as well. Otherwise how would