Nutty suggestion to kill spam
J Atkinson (Mr)
Suppose a huge number of dummy email addresses were created,
and exposed so that they were harvested. Maybe some web pages
that each contained nothing but 10,000 dummy email addresses?
They could easily be created using search and replace.
Let's say there was a concerted campaign; if 1,000 Demon users,
plus a few others, each created 100,000 such addresses, how
would the spammers cope? Looks like it could be easy to create
at least 250,000,000 dummies.
I guess there are other ways to create dummies, and I also assume
that once the word spread, everyone might create a few in the
interests of solidarity.
The result could be that finding a genuine email address could be
like finding a needle in a haystack. Without a lot of work ...
If they found their way onto CDs and sold to spammers, wouldn't that
result in their results plummeting? It's kind of a brute force
solution,
but can you see why it wouldn't work?
Of course, we won't need this now that Brightmail is going to zap all
that spam, but I hope to see some amusing and informed reasoning
as to the pros and cons of this idea.
--
J Atkinson (Mr)
Chris Hastie
<j...@manx2.demon.co.uk> writes
> This is just a nutty idea, but I'd like to know if it would work
>
> Suppose a huge number of dummy email addresses were created,
> and exposed so that they were harvested. Maybe some web pages
> that each contained nothing but 10,000 dummy email addresses?
> They could easily be created using search and replace.
http://www.monkeys.com/wpoison/
--
Chris Hastie
John Underwood
demon.ip.support.turnpike
(Reference: <o+iHfsB5xF$$Ew...@manx2.demon.co.uk>)
> This is just a nutty idea, but I'd like to know if it would work
>
I seem to remember it being suggested that the attempts to implement
previous similar thoughts made nutty a rather mild description.
> Suppose a huge number of dummy email addresses were created,
> and exposed so that they were harvested. Maybe some web pages
> that each contained nothing but 10,000 dummy email addresses?
> They could easily be created using search and replace.
>
"Easily" in the sense of doing it. How are you going to ensure that none
of your 10,000 addresses are real or could be real addresses in the
future, or could become real addresses by omitting things like .Invalid?
> Let's say there was a concerted campaign; if 1,000 Demon users,
> plus a few others, each created 100,000 such addresses, how
> would the spammers cope? Looks like it could be easy to create
> at least 250,000,000 dummies.
I would imagine the spammers would cope remarkably well. They would get
a ready-made list of genuine, highly targeted addresses for the business
needs of their very many gullible customers.
>
> I guess there are other ways to create dummies,
Why create them, the spammers find them without the need.
>and I also assume
> that once the word spread, everyone might create a few in the
> interests of solidarity.
And bung up the Internet with even more crap than it is having to bear
at the moment.
>
> The result could be that finding a genuine email address could be
> like finding a needle in a haystack. Without a lot of work ...
>
You mean almost as difficult as a genuine e-mail getting through the
even large amount of noise than it has to face at the moment.
> If they found their way onto CDs and sold to spammers, wouldn't that
> result in their results plummeting?
Why should that make a difference, a vast number of the addresses on CDs
are fake, spam-trapped or MIDs already, there are some genuine ones
among them and the once who use spam CD address lists for their
"marketing" are not concerned with the proportion of results, merely
that they get some (they don't seem to mind paying more for the CD
because it contains large numbers of false addresses so would probably
be even happier to pay more for bigger lists of false addresses).
>It's kind of a brute force solution,
> but can you see why it wouldn't work?
You forgot the ignorance bit of that, I am afraid.
>
> Of course, we
Who is this "we"? I wouldn't want Brightmail, but even if I did, it is
not being offered to me.
The topic of this group is Turnpike. The program is not restricted to
Demon customers and many of us here are not Demon customers. I am not
saying that it is not a relevant topic when related to Turnpike, but
Brightmail, like many other aspects of Demon's services, are only on
topic when they are so related. Brightmail in principle (rather than in
implementation if Turnpike is involved) is as relevant here as a
discussion about how much Demon should charge for ADSL.
Having said that, I don't need that now, having been using a far cheaper
method of dealing with spam that arrives and reducing the amount sent.
Nor do I need Brightmail for the same reason. I would instantly turn it
off, but would probably move to another provider who didn't charge me
for things I don't want. (By not having a specific charge, they are
taking it out of the profits which could, otherwise, be spent on
features I would like).
>won't need this now that Brightmail is going to zap all
> that spam, but I hope to see some amusing and informed reasoning
> as to the pros and cons of this idea.
I fear you may have to hope in vain, though some attempts at amusement
may follow.
What would be a more constructive use of your time would be to have a
look at the work that has been going on for years in the Campaign
against Unsolicited Commercial Email (CAUCE) and, particularly EuroCAUCE
<http://www.euro.cauce.org/en/> where many people have been and continue
to try and do something about reducing the problem of spam (without
creating another one) by all possible and legal means.
--
John Underwood
Do not change the Reply-To: address -it will work if you use it within 30 days.
After that visit <http://theunderwoods.org.uk/contact.html> for a current
contact address. Do not write to the From: address.
John Underwood
demon.ip.support.turnpike
(Reference: <SNjPK3TkXG$$Ew$Q...@nospam.oak-wood.co.uk>)
>
>http://www.monkeys.com/wpoison/
This reference raises a worry I have about it:
http://birdhouse.org/cgi-bin/mt/mt-comments.cgi?entry_id=1030
Another:
http://www.bigredblob.com/MT/archives/000226.html
is a discussion of the use of wpoison. Which would also apply to Mr
Atkinson's thoughts.
Roy Brown
> This is just a nutty idea, but I'd like to know if it would work
Dafter than you could possibly imagine, I'd say.
> Suppose a huge number of dummy email addresses were created,
> and exposed so that they were harvested. Maybe some web pages
> that each contained nothing but 10,000 dummy email addresses?
> They could easily be created using search and replace.
Of course. Why don't you just knock up a couple of thousand to begin
with, as proof of concept?
Remember they must be good enough to fool spammers, and yet not be email
addresses that anyone might be using now - or want to start using in the
future, else you'd be prespamming them.
And of course, they shouldn't be anything that breaches any ISP's AUP -
like inventing lots of Demon addresses, say.
I'd like, of course, against each generated address, some assurance that
it didn't already exist. You'd have to check that; you couldn't just
assume it. And I'd need to see that proof; I wouldn't just take your
word for it.
> Let's say there was a concerted campaign; if 1,000 Demon users,
> plus a few others, each created 100,000 such addresses, how
> would the spammers cope? Looks like it could be easy to create
> at least 250,000,000 dummies.
Your maths is awry; that 'few' would have to be 1500, or in other words
half as many again non-Demon users as users.
But where are you going to find 1,000 Demon users who would be clever
enough to be capable of doing this, and yet who would be stupid enough
to do it? Let alone the other 1500?
> I guess there are other ways to create dummies,
Judging from this article, procreation seems to be one. I think I'd
rather do that than this.....
> and I also assume that once the word spread, everyone might create a
>few in the interests of solidarity.
Hah! Did nobody read you 'The Little Red Hen' as a child?
> The result could be that finding a genuine email address could be
> like finding a needle in a haystack. Without a lot of work ...
You mean like finding a genuine email among your spam is now?
> If they found their way onto CDs and sold to spammers, wouldn't that
> result in their results plummeting? It's kind of a brute force
>solution,
> but can you see why it wouldn't work?
Er.... spammers might get to know and avoid these giant honeytrap
websites? Or might not even find them in the first place?
Perhaps it would be better if you cut out the middleman, and just made
CDs of all these fake addresses, and left them where spammers might find
them? On park benches, say, or tucked into books on philosophy in public
libraries?
> Of course, we won't need this now that Brightmail is going to zap all
> that spam, but I hope to see some amusing and informed reasoning
> as to the pros and cons of this idea.
You're not Derrick Fawsitt by any chance, are you?
--
Roy Brown 'Have nothing in your houses that you do not know to be
Kelmscott Ltd useful, or believe to be beautiful' William Morris
J Atkinson (Mr)
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>Why should that make a difference, a vast number of the addresses on
>CDs are fake, spam-trapped or MIDs already, there are some genuine ones
>among them and the once who use spam CD address lists for their
>"marketing" are not concerned with the proportion of results, merely
>that they get some (they don't seem to mind paying more for the CD
>because it contains large numbers of false addresses so would probably
>be even happier to pay more for bigger lists of false addresses).
>
I was wondering if spammers found that their results were greatly
reduced, they might give up.
>>won't need this now that Brightmail is going to zap all
>> that spam, but I hope to see some amusing and informed reasoning
>> as to the pros and cons of this idea.
>
>I fear you may have to hope in vain, though some attempts at amusement
>may follow.
>
Try not to be so deadly serious, and don't get so personal.
I'm not an expert and I knew already that this probably wouldn't
work, I posted because sometimes daft ideas lead to ones that
do.
--
J Atkinson (Mr)
John Underwood
demon.ip.support.turnpike
(Reference: <ueVtJ5D5MH$$Ew...@kelmscott.co.uk>)
>Er.... spammers might get to know and avoid these giant honeytrap
>websites? Or might not even find them in the first place?
Part of a discussion I saw earlier on a similar approach pointed out
that there was a serious danger here of buggering up the activity of the
genuine web crawlers rather more than the spammers - these are the
devices on which we all depend to keep the web search engines up to
date.
The answer was that wpoison included the standard tags to stop web
crawlers from viewing them. The snag is that, according to one sources,
the spam crawlers now observe these things as well (which means you
should reduce the likelihood of harvesting from web sites by putting the
tags in place - I don't really believe that one).
However, if this sort of thing were to become widespread, the spammers
would rapidly take countermeasures.
I fear it is a myth that spammers are stupid, they make a lot of money
and protect their interests very well. The fact that they are able to
find really stupid people who will buy lists of totally fictitious
addresses is no indication of the intelligence of the ones clever enough
to sell to them - and is also an argument why this idea hasn't a cat in
hell's chance of success.
Like its predecessor's name implies, the only thing this will achieve is
to poison the web.
John Underwood
demon.ip.support.turnpike
(Reference: <fjVaodAkaI$$Ew...@manx2.demon.co.uk>)
> I was wondering if spammers found that their results were greatly
> reduced, they might give up.
Spammers aren't the slightest bit interested in the results from the
addresses that they sell in such large numbers. As long as they have
enough addresses and enough people to sell them to, they will make
money.
This idea guarantees the first, the other will never be a problem - look
at the number of people who still fall for the money laundering schemes.
John Underwood
demon.ip.support.turnpike
(Reference: <fjVaodAkaI$$Ew...@manx2.demon.co.uk>)
> Try not to be so deadly serious, and don't get so personal.
>
Sorry to take seriously the disruption of the most significant
development in the history of man's communications. This was not
personal. I was commenting that, though I had not been able to produce
much humour in my response, others might later. I fear I was wrong,
everyone else is saying much the same thing as I did.
> I'm not an expert and I knew already that this probably wouldn't
> work, I posted because sometimes daft ideas lead to ones that
> do.
Yes, but through no fault of your own you happened to pick on one which
has already been shown not to have produced one that doesn't daft.
May I point out that this is a discussion group where peer review is
practised. If you ask a question, people will try and answer and others
will tear that answer to pieces if need be in the interests of ensuring
that the answer is correct. If the question is inadequately expressed
clarification will be sought and if it is not forthcoming this may lead
to criticism.
If you offer unsolicited advice it will be welcomed and it will be given
the same treatment as if in response to a question. The problem with
peer review in this company is that we will tend to assume that someone
offering advice is a peer. Sometimes that can miss the target.
You should also remember that it is a very important principle in
quality management and the quality review process which, very loosely,
is applied here that it is the product - the advice - that is presented
for criticism. Your idea was criticised. If you wish to take that
personally, I fear that is your problem.
The idea is crap I make no comment on you. If you don't like that what
would you want me to say? I am not going to say it is a good idea just
to avoid upsetting you.
Jim Crowther
> Let's say there was a concerted campaign; if 1,000 Demon users,
> plus a few others, each created 100,000 such addresses, how
> would the spammers cope? Looks like it could be easy to create
> at least 250,000,000 dummies.
Ill-thought-out idiocy, sorry.
And if *you* tried it, I'd be complaining why *you* were idiotically and
openly introducing extra loads on the servers.
--
Jim Crowther "It's MY computer" (tm SMG)
Avoid more swen by dumping your old Usenet addresses, and
put 'spam' or 'delete' somewhere in the Reply-to: header.
Help yourself avoid the spam: <http://keir.net/k9.html>
Kevin Blackburn
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>Nor do I need Brightmail for the same reason. I would instantly turn it
>off, but would probably move to another provider who didn't charge me
>for things I don't want. (By not having a specific charge, they are
>taking it out of the profits which could, otherwise, be spent on
>features I would like).
I can't be sure, but I'd imagine dropping the e-mail load to, oh, maybe
10% of the current load by not having to store and forward spam, would
be valuable to Demon in its own right, and could balance the cost of
Brightmail. Their processor time and memory are not free.
--
Kevin Blackburn Ke...@fairbruk.demon.co.uk
Kevin Blackburn
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>none of your 10,000 addresses are real or could be real addresses in
>the future, or could become real addresses by omitting things like
>.Invalid?
Not convinced by the underlying idea, but as a Demon user (which some
reading here are not, I grant you), I have a semi-infinite number of
e-mail addresses I can "create" on a whim , that no one else could ever
use - namely anything other than the few addresses I actually use of the
form <randomtext>@fairbruk.demon.co.uk.
Indeed, the spammers are already convinced quite a few addresses of that
form exist, for all I've never used them, and get auto-killed by me.
--
Kevin Blackburn Ke...@fairbruk.demon.co.uk
John Underwood
demon.ip.support.turnpike
(Reference: <SEFk31E1NR$$Ew...@fairbruk.demon.co.uk>)
>I can't be sure, but I'd imagine dropping the e-mail load to, oh, maybe
>10% of the current load by not having to store and forward spam, would
>be valuable to Demon in its own right, and could balance the cost of
>Brightmail. Their processor time and memory are not free.
I accept that. Even without the possible savings (and I suspect external
bandwidth is more significant - it is an ongoing running cost rather
than the one-off capital costs of additional facilities), the cost of
facilities like this are low enough so that separate charging would cost
more.
I only hope that no bean-counter in Demon thinks of your reasoning. They
might then be inclined to require those who wish to opt out of
Brightmail to pay for the privilege of not being given an optional
service they don't require or want.
However, such a discussion is relevant to demon.service where it would
be inappropriate for me to go, having made public there (and elsewhere)
my attitude to unwanted additional features offered by Demon. Follow-up
set.
John Underwood
demon.ip.support.turnpike
(Reference: <uEPrXjGdUR$$Ewp$@fairbruk.demon.co.uk>)
>Not convinced by the underlying idea, but as a Demon user (which some
>reading here are not, I grant you),
It is not only Demon users who can do that, indeed, you are restricted
in that you can only choose the local part of your address, you have no
option to add a sub-domain to your host.dcu
>I have a semi-infinite number
I suspect you mean quasi-infinite :-) half of infinity is still
infinity. I grant, though, that it is a very large number.
>of e-mail addresses I can "create" on a whim , that no one else could
>ever use
Ever use legitimately
> - namely anything other than the few addresses I actually use of the
>form <randomtext>@fairbruk.demon.co.uk.
But mail addressed to them would go somewhere. In your case, it would go
to Demon (consuming at the very least, its external bandwidth). Much of
it might be picked up by Brightmail, and some would reach you where you
could reject it. Even using envelope rejection with SMTP you will
transfer a few bytes for each message. Insignificant? Depends on how
many you get. If it comes by POP3, you will get all the headers which is
a little less insignificant.
>
>Indeed, the spammers are already convinced quite a few addresses of
>that form exist, for all I've never used them, and get auto-killed by
>me.
Actually, I suspect you may have used the vast majority of them - not as
addresses, but as Message IDs in usenet. After examining all MID spam
received over several months, I have yet to find one which is not either
an entire MID that I have used or including the end of the local part of
one, after the character $ of +. This applies even to single character
aliases [1]
As a matter of interest, how do you identify such addresses? With the
limited addresses Demon permit you to use, I can only see rejection of
unrecognised names. Given that, what is the risk of losing genuine mail
sent to a mistyped or badly remembered address? If you receive mail by
SMTP, such rejection will be notified to the sender. If you receive by
POP3 it will merely be deleted and neither you nor the sender will know
it didn't reach you. (This could be avoided if you were to use a
black-hole domain for your Message IDs).
[1] Some will say that the probability of a single character alias
matching the last character of an MID is too high to draw a conclusion,
and that is true. What, though, are the chances of finding, among my
outgoing usenet postings, an MID whose local part ends with + or $
followed by a single character. Add to that the fact that I have found
no single character aliases which do not match the end of an MID ending
(+|$).
(There is no possibility of it ending with + or $ followed by 2 or 3
other characters).
J Atkinson (Mr)
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>The idea is crap I make no comment on you. If you don't like that what
>would you want me to say? I am not going to say it is a good idea just
>to avoid upsetting you.
>
I agree it was a crap idea, but I thought it was fun to kind of
fantasise
about it for a while, at least.
Sometimes, throwing up something crazy can lead to new ideas that
really are useful.
(If I could think of an example of that, I'd give details below.)
--
J Atkinson (Mr)
J Atkinson (Mr)
<ke...@fairbruk.demon.co.uk> writes
That's my experience too, I think it's called a dictionary attack.
I'm also fascinated to note that some of the spam is addressed to
email addresses that I used only once, such as "irli.kirli". Sadly, I
used something like a dozen of these, and they all seem to have
been picked up. I used them more than 5 years ago, so I'm dismayed
to see that they are still being sold on as genuine addresses, which
they are not. It's easy to delete everything sent to "irli.kirli". If
the
spammers are emailing people like me, they'll go broke pretty quick.
--
J Atkinson (Mr)
J Atkinson (Mr)
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>I fear it is a myth that spammers are stupid, they make a lot of money
>and protect their interests very well. The fact that they are able to find
>really stupid people who will buy lists of totally fictitious addresses is no
>indication of the intelligence of the ones clever enough to sell to them -
>and is also an argument why this idea hasn't a cat in hell's chance of
>success.
>
That's a good point - people wouldn't buy such lists if they proved
to
be largely dummies.
Perhaps if the ISPs had got together as spam began to be a problem
and each one created a large number of dummy addresses, those
lists really would consist mostly of fictitious addresses, and only a
great deal of hard graft could tell the real ones.
Doesn't this kind of prove my point?
Brightmail looks very promising; if their system is taken up by
enough
ISPs, I hope it will have the same effect. Come on, where is it?
>Like its predecessor's name implies, the only thing this will achieve is to
>poison the web.
--
J Atkinson (Mr)
John Underwood
demon.ip.support.turnpike
(Reference: <r9a3fOCYKW$$Ew...@manx2.demon.co.uk>)
> That's a good point - people wouldn't buy such lists if they proved
>to
> be largely dummies.
Oh but they do. The evidence is provided whenever you get a message
addressed to one. How does the person buying the list know that he is
being sold a pup? He thinks he is getting a list of thousands of
genuine, proven addresses, highly targeted to his business. I received
an invitation once to buy one for my car sales business. That shows how
highly targeted it was - yet people do buy them - perhaps second hand
car salesmen are as gullible as their customers.
>Perhaps if the ISPs had got together as spam began to be a problem
> and each one created a large number of dummy addresses, those
> lists really would consist mostly of fictitious addresses, and only
>a
> great deal of hard graft could tell the real ones.
>
Don't you ever learn. The point has been made how disastrous this whole
idea is from the start. If the ISPs had done what you suggest, there
wouldn't be an Internet any more.
> Doesn't this kind of prove my point?
>
No. It proves that your point is pointless.
> Brightmail looks very promising; if their system is taken up by
>enough
> ISPs, I hope it will have the same effect. Come on, where is it?
Where it has always been.
If you want to know the answer to the question "When will Demon
implement it?" why don't you ask Demon or put the question in a forum
which deals with such questions. It is nothing to do with Turnpike, you
won't get an answer here.
Fortunately, not all ISPs have the desperate need that Demon appears to
have. Perhaps small is beautiful in this arena too - funny, a few years
ago I would have seen great merit in using a large ISP, now I am very
glad I don't.
John Underwood
demon.ip.support.turnpike
(Reference: <dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
> That's my experience too, I think it's called a dictionary attack.
I would like to see evidence of that. I have been monitoring this for
months and have yet to see a single example which cannot be directly
attributed to a message ID I have used in Usenet.
I think it is called harvesting and spammers do it regularly. I doubt
whether they would bother with dictionary attacks, why should they? The
number of ISPs who provide unlimited aliases within a domain are few and
non-existent in the land of the spammers. Doing it to owners of domains
is likely to hit far too many knowledgeable objectors to spam.
Failing to identify what are MIDs and separate them from more realistic
addresses is an effort not worth the spammers taking, after all, the
messages aren't going anywhere (that they clog up the entire Internet
while not going anywhere is not the spammers' problem, it doesn't cost
them anything). They do have the certainty that someone or something has
written down this address-like thing. The chances of it being an address
are rather greater than a dictionary attack would make produce.
Incidentally, what dictionary do you think the spammers could use to
look up this address?
dNw6zsBzEW$$Ew...@manx2.demon.co.uk
And if you receive spam to that address don't blame me, if it is going
to be harvested, it already has been, though you are more likely to
receive spam to ew...@manx2.demon.co.uk. Not all MIDs are harvested by
any means, but those that are can appear after as little as two months,
though the norm appears to be about 10 months.
Richard Clayton
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 13:54:59, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike
>(Reference: <dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
>
>>
>> That's my experience too, I think it's called a dictionary attack.
>
>I would like to see evidence of that.
this is entirely off-topic -- and the general level of contribution
reflects the disadvantages of that :( I've set followups accordingly
however, just for John, from a Demon customer whose machine was
compromised yesterday (the "!" means that the delivery failed, and as
you can see hinet.net has a different approach than mail2000.com.tw)
2004-01-07 06:45:25 jt744...@diyserver.net -> !p0...@mail2000.com.tw
also -> !p0...@mail2000.com.tw
-> !p0...@mail2000.com.tw
-> !p0927...@mail2000.com.tw
-> p091...@ms48.hinet.net
-> p0929....@msa.hinet.net
-> p0...@msa.hinet.net
-> p0...@ms19.hinet.net
-> p091...@ms1.hinet.net
-> p091...@ms22.hinet.net
-> p091...@ms16.hinet.net
-> p091...@ms7.hinet.net
-> p091...@ms43.hinet.net
-> p091...@ms28.hinet.net
-> p091...@ms55.hinet.net
-> p0...@ms14.hinet.net
-> p093...@ms32.hinet.net
-> p0931...@ms1.hinet.net
-> p091...@ms32.hinet.net
-> p091...@ms41.hinet.net
-> p091...@ms26.hinet.net
-> p0...@ms19.hinet.net
-> p091...@ms12.hinet.net
-> p091...@ms3.hinet.net
-> p091...@ms18.hinet.net
-> p0...@ms22.hinet.net
-> p091...@ms36.hinet.net
-> p091...@ms51.hinet.net
-> p0...@ms8.hinet.net
-> p091...@ms39.hinet.net
>I think it is called harvesting
no, a dictionary attack is different
>and spammers do it regularly. I doubt
>whether they would bother with dictionary attacks, why should they?
because they wish to deliver their messages
>Incidentally, what dictionary do you think the spammers could use to
>look up this address?
>
> dNw6zsBzEW$$Ew...@manx2.demon.co.uk
dictionary attacks seldom have much to with dictionaries... here's one
that does, at least slightly, they're using local parts which work
somewhere else
2004-01-06 04:42:54 SS...@msa.hinet.net -> alu...@ms34.hinet.net
2004-01-06 04:43:09 ff...@msa.hinet.net -> ba...@ms3.hinet.net
2004-01-06 04:43:39 mm...@msa.hinet.net -> ay...@hotmail.com
2004-01-06 04:43:48 ee...@msa.hinet.net -> bri...@ms12.hinet.net
2004-01-06 04:43:58 nn...@msa.hinet.net -> aau...@cm1.hinet.net
2004-01-06 05:03:48 oo...@msa.hinet.net -> am...@ms9.hinet.net
2004-01-06 05:03:55 LL...@msa.hinet.net -> assoc...@ms41.hinet.net
2004-01-06 05:04:06 VV...@msa.hinet.net -> bind...@ms46.hinet.net
2004-01-06 05:04:15 ff...@msa.hinet.net -> arri...@ms15.hinet.net
2004-01-06 05:04:39 AA...@msa.hinet.net -> beat...@msa.hinet.net
2004-01-06 05:04:51 pp...@msa.hinet.net -> ce00...@ms31.hinet.net
2004-01-06 05:25:18 qq...@msa.hinet.net -> burg...@ms35.hinet.net
2004-01-06 05:25:30 gg...@msa.hinet.net -> bud...@ms16.hinet.net
2004-01-06 05:25:40 RR...@msa.hinet.net -> ar...@ms17.hinet.net
2004-01-06 05:25:51 bb...@msa.hinet.net -> ak...@ms47.hinet.net
2004-01-06 05:25:59 pp...@msa.hinet.net -> cas...@ms28.hinet.net
2004-01-06 05:26:05 XX...@msa.hinet.net -> bea...@ms23.hinet.net
2004-01-06 05:26:18 ee...@msa.hinet.net -> af...@ms53.hinet.net
2004-01-06 05:35:31 HH...@msa.hinet.net -> a...@ms28.hinet.net
--
richard writing to inform and not as company policy
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM
J Atkinson (Mr)
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 13:54:59, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike
>(Reference: <dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
>
>>
>> That's my experience too, I think it's called a dictionary attack.
>
>I would like to see evidence of that. I have been monitoring this for
>months and have yet to see a single example which cannot be directly
>attributed to a message ID I have used in Usenet.
>
My understanding is that a dictionary attack is when a spammer
makes up probable addresses and puts the, before the @manx2...
I do get a lot of spams that look like that, notably rb@manx2...
which I have never used, possibly some others.
How would rb@ get created, if I never used it?
>Incidentally, what dictionary do you think the spammers could use to
>look up this address?
>
> dNw6zsBzEW$$Ew...@manx2.demon.co.uk
>
Polish? Lithuanian? To me, that looks like a message ID from a
news posting, and it's news to me that they could be used for
email. Wow, I earned something.
>
>And if you receive spam to that address don't blame me, if it is going
>to be harvested, it already has been, though you are more likely to
>receive spam to ew...@manx2.demon.co.uk. Not all MIDs are harvested by
>any means, but those that are can appear after as little as two months,
>though the norm appears to be about 10 months.
ewe6 looks kinda familiar ...
--
J Atkinson (Mr)
J Atkinson (Mr)
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 14:00:56, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike
>(Reference: <r9a3fOCYKW$$Ew...@manx2.demon.co.uk>)
>
>
>> That's a good point - people wouldn't buy such lists if they proved
>>to
>> be largely dummies.
>
>Oh but they do. The evidence is provided whenever you get a message
>addressed to one. How does the person buying the list know that he is
>being sold a pup? He thinks he is getting a list of thousands of
>genuine, proven addresses, highly targeted to his business. I received
>an invitation once to buy one for my car sales business. That shows how
>highly targeted it was - yet people do buy them - perhaps second hand
>car salesmen are as gullible as their customers.
>
I don't want to pursue this endlessly, but I can see that if
businesses
thought they were getting genuine addresses, they'd buy. If they
were buying rubbish, it would take a while for the word to get round,
depending on whether the media took up the story. Then the buyers
would start asking questions, and sales of lists would fall.
>>Perhaps if the ISPs had got together as spam began to be a problem
>> and each one created a large number of dummy addresses, those
>> lists really would consist mostly of fictitious addresses, and only
>>
>> great deal of hard graft could tell the real ones.
>>
>Don't you ever learn. The point has been made how disastrous this whole
>idea is from the start. If the ISPs had done what you suggest, there
>wouldn't be an Internet any more.
>
>> Doesn't this kind of prove my point?
>>
>No. It proves that your point is pointless.
>
>> Brightmail looks very promising; if their system is taken up by
>>enough
>> ISPs, I hope it will have the same effect. Come on, where is it?
>
>Where it has always been.
>
>If you want to know the answer to the question "When will Demon
>implement it?" why don't you ask Demon or put the question in a forum
>which deals with such questions. It is nothing to do with Turnpike, you
>won't get an answer here.
>
>Fortunately, not all ISPs have the desperate need that Demon appears to
>have. Perhaps small is beautiful in this arena too - funny, a few years
>ago I would have seen great merit in using a large ISP, now I am very
>glad I don't.
--
J Atkinson (Mr)
Jim Crowther
<j...@manx2.demon.co.uk> writes:
> This is just a nutty idea, but I'd like to know if it would work
Just another nutty idea, please don't indent *all* text. Looks very
messy after a few follow-ups...
Dave Bird
Excellent, it already exists. I don't suppose I could run the CGI
on my tenner-a-month demon webpage, but I could certainly link to it.
In article<Wrkkj$Q7AH$$EA...@dontspam.theunderwoods.org.uk>, John
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes:
>This reference raises a worry I have about it:
>
>http://birdhouse.org/cgi-bin/mt/mt-comments.cgi?entry_id=1030
>
>Another:
>
>http://www.bigredblob.com/MT/archives/000226.html
These discussions are definitely worth reading,
though you may or may not be put off wpoison by them.
As another user suggested, it is always possible to seed the harvester
with blac...@xemu.demon.co.uk or getst...@xemu.demon.co.uk
(in my case) or whatever, and have these users 100% bounce
their mail.
In article<zl+NA5VT0I$$EA...@dontspam.theunderwoods.org.uk>, John
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes:
>I fear it is a myth that spammers are stupid, they make a lot of money
>and protect their interests very well.
The depressing fact is therefore that they may be technically dumb
but employ damn good technical help.
--
Dave Bird, an official ARS HakeMonger ><_'> <_"
(licensed to mung pelagic fish and clams of all kinds upon the Internet)
"If turbot be the food of hate, Lay on MacErrel and, by damn,
Cry HADDOCK and let loose the cods of war!" Wm Skatesfin
Paul Terry
<j...@manx2.demon.co.uk> writes
> I don't want to pursue this endlessly,
Especially since it is not on-topic here. However, in the interests of
helping to convey a better understanding of spam ...
>but I can see that if businesses thought they were getting genuine
>addresses, they'd buy.
Since sending spam is against the AUP of any decent ISP and is against
the law in an increasingly large number of jurisdictions, I believe you
are wrong for any serious "business".
>If they were buying rubbish, it would take a while for the word to get
>round, depending on whether the media took up the story. Then the
>buyers would start asking questions, and sales of lists would fall.
The buyers concerned are, by and large, people hoping to sell
pornography, medications without licence and yet more disks of addresses
for spamming. The nature of their "business" is such that they are
unlikely pursue a claim that their address list is unfit for the purpose
for which it was purchased.
The whole tawdry business depends upon one fool in a million making a
purchase - and since sending out 360,000,000 spams takes little effort
and even less cost, 360 potential sales reap a reward - but to the
annoyance of millions of other people.
--
Paul Terry
Kevin Blackburn
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 08:30:21, Kevin Blackburn wrote in
>demon.ip.support.turnpike
>(Reference: <uEPrXjGdUR$$Ewp$@fairbruk.demon.co.uk>)
>
>
>>Not convinced by the underlying idea, but as a Demon user (which some
>>reading here are not, I grant you),
>
>It is not only Demon users who can do that,
Quite, but some seem touchy about the matter.
> indeed, you are restricted in that you can only choose the local part
>of your address, you have no option to add a sub-domain to your host.dcu
Indeed, though I do actually own a domain name, via bignames, which I'm
pretty sure I can add sub-domains, mail to all of which will come my
way.
>
>>I have a semi-infinite number
>
>I suspect you mean quasi-infinite :-) half of infinity is still
>infinity. I grant, though, that it is a very large number.
Wow, someone even more than a pedant than I am! Anyway, Concise OED
allows "partly, in some degree or particular", for "semi-" the strict
"half".
Exercises for the pedantic reader:
1) "Half of infinity" - discuss
2) Why is the number of addresses to me not infinite, or any factor
thereof?
>
>>of e-mail addresses I can "create" on a whim , that no one else could
>>ever use
>
>Ever use legitimately
>
>> - namely anything other than the few addresses I actually use of the
>>form <randomtext>@fairbruk.demon.co.uk.
>
>But mail addressed to them would go somewhere. In your case, it would
>go to Demon (consuming at the very least, its external bandwidth).
I was just challenging one part of the original assertion - this sort of
reason is one of those reasons why the underlying idea is flawed
> Much of it might be picked up by Brightmail, and some would reach you
>where you could reject it. Even using envelope rejection with SMTP you
>will transfer a few bytes for each message. Insignificant? Depends on
>how many you get. If it comes by POP3, you will get all the headers
>which is a little less insignificant.
>
>>
>>Indeed, the spammers are already convinced quite a few addresses of
>>that form exist, for all I've never used them, and get auto-killed by
>>
>
>Actually, I suspect you may have used the vast majority of them - not
>as addresses, but as Message IDs in usenet. After examining all MID
>spam received over several months, I have yet to find one which is not
>either an entire MID that I have used or including the end of the local
>part of one, after the character $ of +. This applies even to single
>character aliases [1]
That I suppose is possible in some cases. In others they play <random
real first name>@fairbruk.demon.co.uk while fishing
>
>As a matter of interest, how do you identify such addresses? With the
>limited addresses Demon permit you to use, I can only see rejection of
>unrecognised names. Given that, what is the risk of losing genuine mail
>sent to a mistyped or badly remembered address? If you receive mail by
>SMTP, such rejection will be notified to the sender. If you receive by
>POP3 it will merely be deleted and neither you nor the sender will know
>it didn't reach you. (This could be avoided if you were to use a
>black-hole domain for your Message IDs).
It's not perfect, but I use two levels of filter -
1) Certain characters ("x"), double digits, etc. where I feel happy that
the miss-spelling is going to be obvious to the original sender I reject
by killfile rules.
2) Others that don't match the few names I do use go into a "Rubbish"
folder (or a Spam Assassin folder, depending) - they get a cursory look
before deletion (delete rather than reject, as rejected messages are
unlikely to reach the spammer, just some innocent third party).
>
>
>[1] Some will say that the probability of a single character alias
>matching the last character of an MID is too high to draw a conclusion,
>and that is true. What, though, are the chances of finding, among my
>outgoing usenet postings, an MID whose local part ends with + or $
>followed by a single character. Add to that the fact that I have found
>no single character aliases which do not match the end of an MID ending
>(+|$).
>
>(There is no possibility of it ending with + or $ followed by 2 or 3
>other characters).
>
--
Kevin Blackburn Ke...@fairbruk.demon.co.uk
Don Moody
<j...@manx2.demon.co.uk> writes
> I'm dismayed
> to see that they are still being sold on as genuine addresses, which
> they are not. It's easy to delete everything sent to "irli.kirli".
>If the
> spammers are emailing people like me, they'll go broke pretty quick.
Proof positive that you haven't a clue what you are talking about.
The economics of spamming are not the same as the economics of sending
out printed items by snailmail. In the latter, every item has a small
but significant cost. Swamping a mailing list with dummy addresses does
change the profitability of selling by snailmail. In the former, the
cost of sending out another spam is so small that it really does not
affect profitability if the addresses are 99% false to 1& genuine (or
even worse figures).
Spammers get their money from two sources.
1. Idiots who buy disks in the belief that all addresses on them
are genuine. They pay actual cash up front for the disk. For some
purposes (see below) it doesn't even matter to these idiots if the
addresses are 99% crap. Their profit model is the same as that of the
address providers.
2. The lists are used to pluck morons out of cyberspace who will
cough up money for goods or services, and take no action when the goods
or services are shoddy or not delivered. That is because what they are
coughing up money for is shaming or even outright criminal. They can't
sue for their (probably unrecoverable) losses without certainly
confessing to a crime or intent to be criminal. If just one in a million
addresses leads to a moron who coughs up money for nothing, the spammer
makes a profit. A twist on this one is illustrated by the banking scams.
Typically, emails are sent out inviting you to visit the bank's website
to confirm security details about your accounts. Very smooth and very
genuine looking. So you go to your Lloyds, Barclay's, HSBC - whoever -
site and do what it asks. In the process you give up all your crucial
accounts management information. Next time you visit your account, all
your money is gone. Why? The spam email wasn't really from your bank and
the site you visited wasn't really the bank site. It was a dummy set up
by the fraudsters who've just cleaned you out. Just one mug caught by
that one makes sending out millions of copies of spam a very profitable
pastime. Last time I looked, one of the banks recorded that over 100,000
people had fallen for it.
If you are so dim about the point and method of operation of spam, then
desist from any more nutty suggestions. You are becoming part of the
problem, and contributing nothing to its solution.
Don
--
Dr D P Moody, Ashwood, Exeter Cross, Liverton, Newton Abbot, Devon,
England TQ12 6EY
Tel: +44(0) 1626 821725 Fax: +44(0) 1626 824912
Richard Clayton
<d...@hyperpeople.demon.co.uk> writes
[of "phishing" -- still off-topic here]
>Last time I looked, one of the banks recorded that over 100,000
>people had fallen for it.
nope :( the 100,000 figure was for the number of undeliverable
"bounces" that the Bank of England received when the phishing email was
sent out in their name ... the only conclusion that you can draw from
this is an estimate of the number of emails sent
the only figures I have come across for people taken in seemed to be ten
or so per bank. However, it is clear that some email senders are better
social engineering than others -- so it may only be a matter of time
before a more effective run is made :(
John Underwood
demon.ip.support.turnpike
(Reference: <AuuAN3Ebfb$$Ew...@fairbruk.demon.co.uk>)
>1) "Half of infinity" - discuss
That is a part of the very important Scholastic Philosophy point about
how many pure spirits can occupy the same point in space.
More useful (but a clue to the answer) is to consider the value of the
product of zero and infinity. (Or even a finite value and zero - since
1*0=0 and 2*0=0 why isn't 1=2?)
>2) Why is the number of addresses to me not infinite, or any factor
>thereof?
The maximum length of a local part is 64 characters, the maximum length
of the domain is 255 but that is irrelevant for your Demon address (and
your hosting providers may express concern if you went this far).
Even if you use the devices to go outside the normal character set, you
still have a finity of characters you may use in each of those 64
positions. It is not worth working it out, it is, as I agreed, a very
large number, but it is a long way from infinity.
Were the IETF to allow the length to be 128 characters, you would have
the square of that large number. This is a variant of Aristotle's proof
that there is no number which is infinite since you can always add 1 to
a number, so there is always a greater number than any number.
This can lead into a discussion of two completely different uses of the
term "infinity" which would be even more off-topic than the rest of this
thread (but infinitely more interesting).
John Underwood
demon.ip.support.turnpike
(Reference: <AuuAN3Ebfb$$Ew...@fairbruk.demon.co.uk>)
>That I suppose is possible in some cases. In others they play <random
>real first name>@fairbruk.demon.co.uk while fishing
I am not disputing that. Either the possibility of it being done or
anyone who has verifiable evidence that it is the case. (I haven't seen
anything so far that is not conjecture and supposition rather than
demonstrable fact).
What I am saying is that I have not seen any random aliases sent here
which can't be explained as derivatives of usenet MIDs.
Martin Brown
<ke...@fairbruk.demon.co.uk> writes
>In article <16a8HIQCuG$$EA...@dontspam.theunderwoods.org.uk>, John
>Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>>Nor do I need Brightmail for the same reason. I would instantly turn
>>it off, but would probably move to another provider who didn't charge
>>taking it out of the profits which could, otherwise, be spent on
>>features I would like).
>
>I can't be sure, but I'd imagine dropping the e-mail load to, oh, maybe
>10% of the current load by not having to store and forward spam, would
>be valuable to Demon in its own right, and could balance the cost of
>Brightmail. Their processor time and memory are not free.
I suspect that the reason they are choosing to use anti-spam measures
now is because they can no longer manage the exponential rate of growth
of worthless bulk email traffic by adding new hardware cost effectively.
Regards,
--
Martin Brown
Martin Brown
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 13:54:59, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike
>(Reference: <dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
>
>>
>> That's my experience too, I think it's called a dictionary attack.
>
>I would like to see evidence of that. I have been monitoring this for
>months and have yet to see a single example which cannot be directly
>attributed to a message ID I have used in Usenet.
I don't think I have ever seen any deep dictionary attacks, but I have
seen some shallow ones to "info", "qos", "service", "support", "sales",
"test", etc. and also sporadically to a range of <random_4digit_number>
Specific traffic occurs to a handful of random text nonsense named
mailboxes that have never existed or been used by my domain. It is just
possible that some are a substring of some TP msgid - mostly they begin
with "a" or "e". But they look much more like the result of programming
errors in an address harvester. "ewdi" is one such.
Which reminds me. One thing I would like to see added to the Demon email
configuration is the option to have Demon's server bounce all mail to
mailboxes starting with certain letters unconditionally. This could be
done efficiently and would save them storing junk only for me to bounce
it later.
Regards,
--
Martin Brown
Duncan Clark
Fri, 9 Jan 2004, Richard Clayton <ric...@highwayman.com> penned the
following literary masterpiece:
>However, it is clear that some email senders are better
>social engineering than others -- so it may only be a matter of time
>before a more effective run is made :(
I received a very convincing looking e-mail supposedly from Barclays
yesterday. The link, as shown in the text e-mail, initially pointed to
the correct https barclays website but a hidden bit re-routed you
elsewhere i.e.
>Dear Barclays IBank Customer!
>
>As part of our continuing commitment to
>protect your account and to reduce the instance
>of fraud on our website, we are undertaking a
>period review of our member accounts. You are
>requested to visit our site by following the link
>given below. This is required for us to continue
>to offer you a safe and risk free environment to
>send and receive money online, and maintain the
>Barclays IBank Experience. In success you will be
>redirected to the Barclays IBank home page. Thank you.
>[link] https://ibank.barclays.co.uk/fp/1_2x/online/1,,logon,00.html
The headers looked genuine until you look at the IP address:
>Return-path: <ser...@ibank.barclays.co.uk>
>Received: from punt-3.mail.demon.net by mailstore
> for *******@genesys.demon.co.uk id 1AeZVn-0003Br-QL;
> Thu, 08 Jan 2004 12:43:43 +0000
>Received: from [61.103.200.125] (helo=ibank.barclays.co.uk)
> by punt-3.mail.demon.net with smtp id 1AeZVn-0003Br-QL
> for *******@genesys.demon.co.uk; Thu, 08 Jan 2004 12:43:43 +0000
>To: *******@genesys.demon.co.uk <*******@genesys.demon.co.uk>
>From: Barclays IBank support <ser...@ibank.barclays.co.uk>
>X-Mailer: Microsoft Outlook Express 6
>Subject: Important your Barclays IBank account information.
>MIME-Version: 1.0
>Content-type: text/html
>Content-Transfer-Encoding: 8bit
>Message-Id: <E1AeZVn-...@punt-3.mail.demon.net>
>Date: Thu, 08 Jan 2004 12:43:43 +0000
It was the best one I have seen so far.
Duncan
--
I love deadlines. I especially like the whooshing noise they make as
they go flying by.
Duncan Clark
GeneSys Ltd.
Mark Browne
<newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 13:54:59, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike (Reference:
><dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
>
>>
>> That's my experience too, I think it's called a dictionary attack.
>
>I would like to see evidence of that. I have been monitoring this for
>months and have yet to see a single example which cannot be directly
>attributed to a message ID I have used in Usenet.
I am not sure if this is what you mean, but I have received large
amounts of spam to various addresses (z...@kafana.d.c.u etc.) which I do
not believe to be based on MIDs. They are plausible names, just not
ones that I use.
--
Mark Browne
If replying by email, please use the "Reply-To" address, as the
"From" address will be rejected
J Atkinson (Mr)
<nos...@musonix.demon.co.uk> writes
>In message <eRA60gByEa$$Ew...@manx2.demon.co.uk>, "J Atkinson (Mr)"
><j...@manx2.demon.co.uk> writes
>
>> I don't want to pursue this endlessly,
>
>Especially since it is not on-topic here. However, in the interests of
>helping to convey a better understanding of spam ...
>
This is just purely as a matter of interest, but is the identity of
the
spammers known?
I did read somewhere that a lot of them congregate in Florida.
Are their locations known?
Do they lose their accounts after a mass emailing or do they have
some means of doing it repeatedly?
--
J Atkinson (Mr)
Dave Eastabrook
>In message <eRA60gByEa$$Ew...@manx2.demon.co.uk>, "J Atkinson (Mr)"
><j...@manx2.demon.co.uk> writes
>>but I can see that if businesses thought they were getting genuine
>>addresses, they'd buy.
>
>Since sending spam is against the AUP of any decent ISP and is against
>the law in an increasingly large number of jurisdictions, I believe you
>are wrong for any serious "business".
I always report UK spammers (cc'ed to them), to their ISP, and upstream
providers both of email and of their site hosting. I've been emailed
and phoned back, and they maintain these are "opt-in" lists they bought
in good faith, and they'll get their legal dept to chase the seller. I
once pointed out to one that "e...@elmbronze.dcu" wasn't even a competent
harvesting of my old Usenet posting address, but I don't think he
understood what I meant about newsgroups (or harvesting as it was May).
Recently I had Web Windows on the phone, and he said he'd checked out
his email campaign with the Direct Marketing Association, and they'd
approved it, even in light of the new UK anti-spam regulation which I
believe came into force 1st January (2 months after the EU deadline!).
In spite of being a spammer he was a nice guy, and if telling the truth
it would seem that the DMA should be given a clue, preferably with
extreme force and large financial penalties, and taxes on membership.
10,000% tax sounds good to me.
A UK internet entrepreneur forum I used to be on seemed sadly to be
largely in favour of the rights of business to spam whatever the
delivery method ("it's marketing"), and against the new anti-spam law.
Of course if it's targeted it's OK, which means I daresay since all of
us spend money or credit, then anybody's financial spam is "targeted".
Same for sex. Please note that I'm being sarcastic (or is it sardonic?).
The only elmbronze + demon addresses I now collect are postmaster and
fax (26,000 left on the Q) and since demon email faxes failed to arrive,
I now use a physical fax machine :-(
I look forward to the first UK spammer - and hopefully accomplices (ISP)
being brought to justice and fined. Then maybe we'll see some changes.
>The buyers concerned are, by and large, people hoping to sell
>pornography, medications without licence and yet more disks of addresses
>for spamming.
Supposedly 90% of the world's spam is sent by just 150 known spammers.
And whatever the geography of transmission, it's mostly US originated.
I can't see why a "black op" can't be mounted against them.
Sorry about all that, I've almost certainly lost business because of
incompetently setting my filters at times - for instance, clumsily
ticking that box in envelope rejection that says "reject" all mail not
handled by the above rules (TP WISH - confirmation dialogue please!!!)
(that's if it's not already in TP6 which I'll get when I've got ADSL).
Dave
--
to send mail I think postmaster will still work at elmbronze dcu.
Paul Terry
<j...@manx2.demon.co.uk> writes
>This is just purely as a matter of interest, but is the identity of the
>spammers known?
http://www.spamhaus.org/rokso/
--
Paul Terry
Ben Newsam
Organization header saying 'Dis'
>they maintain these are "opt-in" lists they bought in good faith
What peculiar logic do they use to explain how a list can possibly be
"opt in" when it has been bought?
--
Ben
Chris Hastie
>pornography, medications without licence and yet more disks of
>addresses for spamming.
To which list I would add cheap cigarettes and, bizarrely, anti-spam
software. How does that one work then?
--
Chris Hastie
Richard Clayton
<j...@manx2.demon.co.uk> writes
> This is just purely as a matter of interest, but is the identity of
>the
> spammers known?
as hinted several times -- this is NOT of "interest" in d.i.s.t and
you're unlikely to get an especially good answer here [ as people will
probably demonstrate :( ]
can I suggest a visit to www.google.com ... this will locate many sites
that will answer all of your questions
PhilipPowell
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Thu, 8 Jan 2004 at 13:54:59, J Atkinson (Mr) wrote in
>demon.ip.support.turnpike
>(Reference: <dNw6zsBzEW$$Ew...@manx2.demon.co.uk>)
>
>
>>
>> That's my experience too, I think it's called a dictionary attack.
>
>I would like to see evidence of that. I have been monitoring this for
>months and have yet to see a single example which cannot be directly
>attributed to a message ID I have used in Usenet.
Having made a very recent change to MailWasher's settings, my evidence
is looking as if it would tally very closely to John's - which, I admit,
did take me a little by surprise.
Of some 700 attempted spams directly to bdcu [rather than through bou]
in the last 40 hours, all bar a tiny handful have been to philip@bdcu or
what looks like one of 4-5 part MID@bdcu. There have been a small number
[<10] to hilip@bdcu and maybe just a couple of oddities which could have
been part MIDs.
There are, as has been stated numerous times in dist, various ways of
dealing with spam. In this thread alone I can see 7 different posters +
myself using a type of spamtrap. Some will be using nothing more than
the facilities offered by TP while others will be incorporating another
line of defence with such as K9 or MailWasher and I'm sure we could each
make a good case for why we use the method we do!
Making the spammers appear to have to work harder for their successes
might seem, superficially, to be satisfying. However, it would - at the
very least - place an even greater burden on the mail servers. Far
better to educate users to avoid it as much as possible.
--
Philip Powell
Looking north across the Derwent Valley and Northumberland
to The Cheviot
Andy
<j...@manx2.demon.co.uk> wrote
>In message <oKJ770WMcX$$EA...@dontspam.theunderwoods.org.uk>, John
>Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>>Incidentally, what dictionary do you think the spammers could use to
>>look up this address?
>>
>> dNw6zsBzEW$$Ew...@manx2.demon.co.uk
>>
>
> Polish? Lithuanian?
The Polish alphabet contains 31 upper-case characters and 39 lower-case
ones, but none are numbers.
[For ueber-pedants only: there are several instances of many-to-one
mappings between Polish lower & upper case; eg all three lower-case 'a'
(unadorned; with comma-like-thing below; with 2 dots above) correspond
to 'A'.]
--
Andy
For Austria & its philately, Lupus, & much else visit
<URL:http://www.kitzbuhel.demon.co.uk/>
Andy
<b...@microser.demon.co.uk> wrote
Several guarantee registration cards I have seen have a section for you
to give all your personal details and interests, so that "information of
interest can be sent". That's opting-in to snailmailed spam. I presume
enough people must do this to make it worth printing the extra page.
So, although I wouldn't do it, I can accept that some people might opt
for spam - except that it wouldn't be "unsolicited"! Hence, "opt-in"
lists are feasible.
Dr John Stockton
news:demon.ip.support.turnpike, Martin Brown <|||newspam|||@nezumi.demon
.co.uk> posted at Fri, 9 Jan 2004 10:39:40 :-
>
>I don't think I have ever seen any deep dictionary attacks, but I have
>seen some shallow ones to "info", "qos", "service", "support", "sales",
>"test", etc. and also sporadically to a range of <random_4digit_number>
Agreed, more or less. There are also cases that look as if someone
else's left part has combined with my right part; and, IIRC, I usually
get more than 4 digits.
>Specific traffic occurs to a handful of random text nonsense named
>mailboxes that have never existed or been used by my domain. It is just
>possible that some are a substring of some TP msgid - mostly they begin
>with "a" or "e". But they look much more like the result of programming
>errors in an address harvester. "ewdi" is one such.
I believe that all news and mail articles posted from your Turnpike
configuration have message-IDs ............Ew..@nezu-- (and all from the
other common configuration have EA instead of Ew), where . is wild.
It is therefore practically certain that the vast majority of spurious
addresses which include ew..@, omitting any obvious cases such as ewan
and lewis, are generated by using TP M-IDs, starting after the last
"implausible" character (i.e. $ +). Mostly, the ones that reach you are
from your site's M-IDs.
You may also notice that you get few or no 3- & 2- character strange
spurious addresses, but a few 1-character ones. The above explains
this, since characters @-4 & @-3 are always plausible, but @-2 may be $
and/or +.
If you retain copies of your outgoings, you should almost always be able
to identify at least one candidate causing article, generally in News.
All this has been obvious for some considerable while, at least to those
who both post to News and see [some of] the addresses to which unwanted
material is directed. John Underwood has recently discovered it, maybe
by reading this newsgroup.
Your "ewdi" is very probably caused as above; if there are only a
handful of such addresses, you are lucky.
Since Demon have been (1) propagating Turnpike, and thus the generation
of TP M-IDs, for a number of years, and (2) selling "all the E-names you
like @<host> : ISTM that they have, albeit without guilty intent,
enabled this problem. There must be a look-up process invoked when
incoming mail for X...@Y.demon.co.uk arrives at Demon, used to determine
whether Y is known, and to bounce the mail otherwise. It should IMHO be
a SMOP for the lookup to retrieve another couple of bits, indicating
that Y has chosen to have all mail to local parts matching ew..@ / ea..@
also rejected. It would need to be opt-in, to allow for the possibility
that you have a brother called Ewan or Lewis, or a sister Jewel. ISTM
that it would use fewer CPU cycles than the Brightmail approach,
reducing the amount of work for Brightmail.
NOTE: AIUI, "spam" properly means EMP - excessive multiple posting to
News. The term is generally nowadays given a broader meaning; for
example, as in "Clive's spam deleter" which is an excellent way of
removing mail addresses to a specific unwanted local part at your site
(yes, *that* Clive). Quite a number of people consider the term to
encompass any undesirable message in News, Mail, or the whole Net.
Caution: there are some here who will happily use the term in a
restricted meaning when in discussion with those who remain unaware that
they are doing so. Pedantry, to be benevolent, should be manifest.
--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
I find MiniTrue useful for viewing/searching/altering files, at a DOS prompt;
free, DOS/Win/UNIX, <URL:http://www.idiotsdelight.net/minitrue/> Update soon?
John Underwood
demon.ip.support.turnpike
(Reference: <jmiEtySsTo$$Ew...@nospam.demon.co.uk>)
>But they look much more like the result of programming errors in an
>address harvester. "ewdi" is one such.
The MID of the message from which that was taken was:
jmiEtySsTo$$Ew...@nospam.demon.co.uk
ewbv complies exactly with the situation I described. ewdi looks to me
exactly as if it is an extract from a MID in a posting from you in which
the local part ends in ewdi which is preceded by + or $.
Unless you habitually delete your outgoing usenet postings within a few
months, may I suggest that you set up a search of all mail with this
IMAP search string in the Advanced search tab:
FLAG OUTGOING HEADER "Message-ID" "ewdi@"
Have a look at the message ID of anything it finds.
John Underwood
demon.ip.support.turnpike
(Reference: <32Ntb+HX8o$$Ew...@kafana.demon.co.uk.invalid>)
>I am not sure if this is what you mean, but I have received large
>amounts of spam to various addresses (z...@kafana.d.c.u etc.) which I do
>not believe to be based on MIDs. They are plausible names, just not
>ones that I use.
I agree that such an alias could not be produced by my hypothetical
method. I have heard reports that common names are invented with some
domains, but I have never seen that. Were johann to appear in spam,
would it be reasonable to assume that someone had guessed at that in
this same way? It is interesting, then, that jo...@theunderwoods.org.uk
did not get spam during many months of use until very soon after it
appeared in a usenet From: address by accident.
John Underwood
demon.ip.support.turnpike
(Reference: <eZOwhbQGlu$$Ew...@blencathra.org.uk>)
>Some will be using nothing more than the facilities offered by TP
I would qualify that by adding that though my approach can (with one
exception which doesn't affect every user) be implemented with TP, I do
in fact use other facilities, but not applications. Instead of rejecting
on the basis of the forward path using TP's envelope rejection, that
mail is dumped in the remote mail server and does not occupy my
bandwidth. I can also send out a bounce message which removes the danger
of a mistaken address being ignored and the proven effect of reducing
the amount of spam sent to my addresses.
John Underwood
demon.ip.support.turnpike
(Reference: <Lhd$oHCGoq$$Ew...@manx2.demon.co.uk>)
> This is just purely as a matter of interest, but is the identity of
>the
> spammers known?
>
> I did read somewhere that a lot of them congregate in Florida.
>
> Are their locations known?
In many cases, and published in appropriate forums of which this is not
one.
>
> Do they lose their accounts after a mass emailing or do they have
> some means of doing it repeatedly?
What accounts? Where they use accounts with other people, they may lose
them. Do you know how easy to set up your own access without an ISP? I
don't, were I to want to know I would ask in an appropriate forum of
which this is not one.
All this information which you so avidly seek is widely available but
not here where it is quite off-topic (and, therefore, you won't find it
here).
Wm...
<udvKe5EX50$$EA...@dontspam.theunderwoods.org.uk>
demon.ip.support.turnpike John Underwood
<newsab...@deleteifspam.theunderwoods.org.uk>
>All this information which you so avidly seek is widely available but
>not here where it is quite off-topic (and, therefore, you won't find it
>here).
Including information from RC in this thread that contradicted what you
said and that you declined to answer but continued to go on about?
I can only presume RC is in your kill fill as well as myself. Have fun
saying what you believe about dictionary spamming why don't you :)
--
Wm ...
Reply-To: address valid for at least 7 days from date of posting
John Purser
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Fri, 9 Jan 2004 at 12:18:39, Mark Browne wrote in
>demon.ip.support.turnpike
>(Reference: <32Ntb+HX8o$$Ew...@kafana.demon.co.uk.invalid>)
>
>
>>I am not sure if this is what you mean, but I have received large
>>amounts of spam to various addresses (z...@kafana.d.c.u etc.) which I
>>do not believe to be based on MIDs. They are plausible names, just
>>not ones that I use.
>
>I agree that such an alias could not be produced by my hypothetical
>method. I have heard reports that common names are invented with some
>domains, but I have never seen that.
up an account to demonstrate the procedure to some students. I neither
used it nor told anyone the address. Within 24hrs it was thoroughly
spammed.
Experience of student users is that short names get spammed, long ones
dont. If spammers are inventing names and testing them for Hotmail the
chances are they are doing it for other domains.
Further to earlier discussion on benevolent pedantry: in this case
"spam" = UCE :-p
--
John: Replace "SPAMBIN" with "john" to reply.
Dr John Stockton
news:demon.ip.support.turnpike, John Purser <b...@jpurser.demon.co.uk>
posted at Sat, 10 Jan 2004 11:01:05 :-
>I have certainly seen this happen with Hotmail. On one occasion I set
>up an account to demonstrate the procedure to some students. I neither
>used it nor told anyone the address. Within 24hrs it was thoroughly
>spammed.
But did you allow any of the students to see the identity of the
account? If any did, they might well have endeavoured to make the
identity known to spammers.
--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Web <URL:http://www.merlyn.demon.co.uk/> - FAQish topics, acronyms, & links.
Plaintext, quoting : see <URL:http://www.usenet.org.uk/ukpost.html>
Do not Mail News to me. Before a reply, quote with ">" or "> " (SoRFC1036)
Wm...
demon.ip.support.turnpike Dr John Stockton <sp...@merlyn.demon.co.uk>
[ff set to d.s]
>JRS: In article <B97bFoQxt9$$Ew...@jpurser.demon.co.uk>, seen in
>news:demon.ip.support.turnpike, John Purser <b...@jpurser.demon.co.uk>
>posted at Sat, 10 Jan 2004 11:01:05 :-
>
>>I have certainly seen this happen with Hotmail. On one occasion I set
>>up an account to demonstrate the procedure to some students. I neither
>>used it nor told anyone the address. Within 24hrs it was thoroughly
>>spammed.
Date, please? I suspect things have moved on considerably at hotmail
since your "experiment"
>But did you allow any of the students to see the identity of the
>account? If any did, they might well have endeavoured to make the
>identity known to spammers.
Yes, yes, yes, they may have tried to "teach the teacher" but ... WTF
has this got to do with Turnpike? It may be that people feel safer
playing with ideas in dist than d.s but please be adult and play where
you are meant to play about these things.
Martin Brown
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Fri, 9 Jan 2004 at 10:39:40, Martin Brown wrote in
>demon.ip.support.turnpike
>(Reference: <jmiEtySsTo$$Ew...@nospam.demon.co.uk>)
>
>
>>But they look much more like the result of programming errors in an
>>address harvester. "ewdi" is one such.
I made a mistake it was actually "ewdy" that gets the most spam. I kill
all mail addressed to "ew*" by default now. And everything addressed to
numbers.
Ewdy came from a single msg ID (and posted to this ng)
Message-ID: <5MMcujE29Nm$Ew...@nezumi.demon.co.uk>
Date: Fri, 24 Oct 2003 09:14:46 +0100
And appears to attract a fair amount of fan mail from the spammers. I
should not be troubled by this in future since all <msgid>@ traffic now
bounces off nospam.d.c.u However, the damage is already done.
>
>The MID of the message from which that was taken was:
>
> jmiEtySsTo$$Ew...@nospam.demon.co.uk
>
>ewbv complies exactly with the situation I described. ewdi looks to me
>exactly as if it is an extract from a MID in a posting from you in which
>the local part ends in ewdi which is preceded by + or $.
>
>Unless you habitually delete your outgoing usenet postings within a few
>months, may I suggest that you set up a search of all mail with this
>IMAP search string in the Advanced search tab:
>
>FLAG OUTGOING HEADER "Message-ID" "ewdi@"
>
>Have a look at the message ID of anything it finds.
It found that I misremembered the target. "Ewdy" rather than "Ewdi"
Some of the spammers even preserve the capitalisation of the original
MID.
Thanks for the encouragement to dig deeper. Seems like this explanation
fits perfectly.
Bringing it back on topic for TP support is there any modification of
the TP msg ID that would ensure that spammers would never be able to do
this harvesting and end up with a syntactically valid address?
Perhaps ensuring the last character before the @ is always a $ ?
Regards,
--
Martin Brown
PhilipPowell
<|||newspam|||@nezumi.demon.co.uk> writes
Having mentioned earlier in this thread some changes I'd made in
MailWasher, I've been looking further and have noticed an oddity.
AFAICT, not a single MID I have used since 26th February 2002 has been
used for spam - up until then, all MIDs ended bdcu, since then they've
all ended bou.
My first thought when I noticed this was that it was all being routed
through bou to a specific bdcu address. This seemed a possibility so I
made another change so that anything not addressed to the 4 users of bou
would come to a very clearly identified bdcu address. The result -
nothing.
I was going to say it couldn't be tied to the use of .invalid in anyway
as I'd used that in the From field for about 2 years previously but
further investigation of the 3 different apparent MIDs used in the last
few items of spam showing on MailWasher [3 of the ones that are used
most of all fortunately] originated from postings made in November and
December 2000.
John Underwood
demon.ip.support.turnpike
(Reference: <Y4UqKLBK...@nospam.demon.co.uk>)
>Thanks for the encouragement to dig deeper. Seems like this explanation
>fits perfectly.
I am not suggesting that this is the only explanation of unrecognised
aliases, but if it fits this algorithm I would not spend much effort in
imagining clever ways the spammers might have used to create it by some
other means.
(I thought I found an exception the other day, but it was an MID, from a
message I posted in December 2002 - and I had just removed everything
earlier than January 2003 to archive, which is where I found it).
John Underwood
demon.ip.support.turnpike
(Reference: <Y4UqKLBK...@nospam.demon.co.uk>)
>I made a mistake it was actually "ewdy" that gets the most spam. I kill
>all mail addressed to "ew*" by default now. And everything addressed to
>numbers.
I would strongly suggest being more specific than that - you have just
stopped yourself using any alias with news in it, just for one obvious
example.
/ew..@/u
would be as precise as you can get - which will catch the aliases
derived from MIDs by using the last part of the MID local part.
This leaves you vulnerable to losing anything genuine, sent by design or
accident to anything with the alias ending ew and two further
characters. The suggestion of stopping only the full length MIDs will
remove most (but, perhaps, not all) of that risk, but will let through
the very large numbers of messages with truncated aliases.
John Underwood
demon.ip.support.turnpike
(Reference: <QWgDCMFB...@blencathra.org.uk>)
>My first thought when I noticed this was that it was all being routed
>through bou to a specific bdcu address. This seemed a possibility so I
>made another change so that anything not addressed to the 4 users of
>bou would come to a very clearly identified bdcu address. The result -
>nothing.
I take it you are talking about the domain of the MIDs. IN that case, it
is set within TP by the personality in use when the message is posted.
You can change it using the Advanced tab on the Personality properties.
This is nothing to do with the characters at the end of the local part
which have been under discussion here. The penultimate pair (3rd and 4th
before the @) appear to be consistently constant for any situation
(usually ew or ea).
PhilipPowell
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Sun, 11 Jan 2004 at 13:28:33, PhilipPowell wrote in
>demon.ip.support.turnpike
>(Reference: <QWgDCMFB...@blencathra.org.uk>)
>
>
>>My first thought when I noticed this was that it was all being routed
>>through bou to a specific bdcu address. This seemed a possibility so I
>>made another change so that anything not addressed to the 4 users of
>>bou would come to a very clearly identified bdcu address. The result -
>>nothing.
>
>I take it you are talking about the domain of the MIDs. IN that case,
>it is set within TP by the personality in use when the message is
>posted. You can change it using the Advanced tab on the Personality
>properties.
>
>This is nothing to do with the characters at the end of the local part
>which have been under discussion here.
I accept that but would have assumed that it if an MID was:
xxxxxxxxxewxxxx@bou
then an associated spam should have come to something like
ewxxxx@bou
Yet [Sod's Law, until my latest download!] everything that looks like
spam to an MID has been to @ bdcu despite the fact that the last MID
including @ bdcu I seem to have posted was in February 2002.
Clearly, I was wrong in that there was one to an MID @ bou in the last
download to MailWasher - although, that was from a posting that was
almost 3 years ago.
>The penultimate pair (3rd and 4th before the @) appear to be
>consistently constant for any situation (usually ew or ea).
I'd certainly agree that all the ones I've traced have had ew as the
penultimate pair. Unfortunately, every newsgroup posting of mine I still
have on the HD seems to have ew as the penultimate pair )-:
Paul Terry
>Bringing it back on topic for TP support is there any modification of
>the TP msg ID that would ensure that spammers would never be able to do
>this harvesting and end up with a syntactically valid address?
Configure | Personalities | Properties | Advanced
And then set the Message-ID domain to something such as your local
machine (see the MID on this message).
>Perhaps ensuring the last character before the @ is always a $ ?
I think you would do better to change the portion *after* the @ - there
is no requirement that message-IDs should be capable of
misinterpretation as routeable email addresses.
--
Paul Terry
John Underwood
demon.ip.support.turnpike
(Reference: <GANmXDR0...@blencathra.org.uk>)
>I accept that but would have assumed that it if an MID was:
>
>xxxxxxxxxewxxxx@bou
>
>then an associated spam should have come to something like
>
>ewxxxx@bou
My understanding of the pattern is that the penultimate pair of
characters in the local part of a TP generated MID is always the same
for one system and usually is ew (for a U or S licence) or ea (for M).
This has no bearing on what the spammers do. Some will use the entire
MID local part, with or without a change to lower case. Others truncate
it by removing everything from the left hand so that all that remains
are the characters which follow the last + or $ (and possibly other
non-alphanumeric characters).
I have seen MID local parts with any number of characters up to the
original length, but in every case, where they are shorter, there has
always been at least one MID containing the alias used with one of the
unusual characters in front of it.
(Obviously, this means that a one-character alias is possible this way
and I have received some and always found an MID with that single
character at the end, preceded by + or $ etc. A two or three character
alias is impossible with Turnpike generated MIDs but four character ones
are very common).
Richard Clayton has answered my request for evidence that dictionary
attacks do happen, for which I thank him. However, I don't think that
contradicts my assertion that if a spam message is sent to an address
which is related to a known MID fitting my description, it is more
likely to have been obtained from that MID than by any other means and
if, as in my case, every single example of an unrecognised alias fits
this description, I would contend that extraction of aliases from
harvested MIDs is considerably more common than are dictionary attacks.
PhilipPowell
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Sun, 11 Jan 2004 at 16:33:56, PhilipPowell wrote in
>demon.ip.support.turnpike
>(Reference: <GANmXDR0...@blencathra.org.uk>)
>
>
>>I accept that but would have assumed that it if an MID was:
>>
>>xxxxxxxxxewxxxx@bou
>>
>>then an associated spam should have come to something like
>>
>>ewxxxx@bou
>
>My understanding of the pattern is that the penultimate pair of
>characters in the local part of a TP generated MID is always the same
>for one system and usually is ew (for a U or S licence) or ea (for M).
Well, that certainly explains why mine all seem to be "ew"!
My main point, until I proved otherwise, was that no MID using bou
seemed to have been used in spam. Although that itself was wrong, I'm
still somewhat puzzled that no spam MID here seem to have shown up
dating after April 2001.
In my case, all the spam MID have come from one very low [almost dead]
traffic uk.* group.
>Richard Clayton has answered my request for evidence that dictionary
>attacks do happen, for which I thank him. However, I don't think that
>contradicts my assertion that if a spam message is sent to an address
>which is related to a known MID fitting my description, it is more
>likely to have been obtained from that MID than by any other means and
>if, as in my case, every single example of an unrecognised alias fits
>this description, I would contend that extraction of aliases from
>harvested MIDs is considerably more common than are dictionary attacks.
That certainly seems to be the case here. Virtually all spam to bdcu
that I've checked has proved to come using a part MID, philip or hilip.
I've taken on board Paul's comments elsewhere in the thread though,
until I see a more recent MID used for spam, it is unlikely to be
effective.
Dr John Stockton
news:demon.ip.support.turnpike, Martin Brown <|||newspam|||@nezumi.demon
>. I
>should not be troubled by this in future since all <msgid>@ traffic now
>bounces off nospam.d.c.u However, the damage is already done.
>
Be aware that your technique has at least two disadvantages.
(1) With a "shared" RHS, there can be no absolute guarantee that your M-
ID will be unique, as it should be. It has IIRC been said, with
authority, either that it is very unlikely or that it is impossible that
another nospam.dcu-using Turnpike, albeit using a similar algorithm,
will generate the same left part as one of yours; and it is obviously
unlikely that another mailer will match one of your left parts.
(2) There are, in some newsgroups, people of such impressive imbecility
and volubility that one does not want to see either any post of theirs
or any following post on the same branch of a thread-tree; one can
achieve that, where the RHS of the M-ID is unique to a person, by
killing on that right part appearing in a header. If such a person
should be a nospam M-ID user, you will be tarred with the same brush.
--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Web <URL:http://www.merlyn.demon.co.uk/> - FAQqish topics, acronyms & links;
some Astro stuff via astro.htm, gravity0.htm; quotes.htm; pascal.htm; &c, &c.
No Encoding. Quotes before replies. Snip well. Write clearly. Don't Mail News.
Martin Brown
<sp...@merlyn.demon.co.uk> writes
>JRS: In article <Y4UqKLBK...@nospam.demon.co.uk>, seen in
>news:demon.ip.support.turnpike, Martin Brown <|||newspam|||@nezumi.demon
>.co.uk> posted at Sun, 11 Jan 2004 10:29:30 :-
>
>>. I
>>should not be troubled by this in future since all <msgid>@ traffic now
>>bounces off nospam.d.c.u However, the damage is already done.
>>
>
>Be aware that your technique has at least two disadvantages.
>
>(1) With a "shared" RHS, there can be no absolute guarantee that your M-
>ID will be unique, as it should be.
I agree. That is why I would much prefer it if TP generated MIDs that
resisted the spam harvesters efforts more effectively.
Getting lots of spam to "EW??" through posting to Usenet using TP does
not strike me as a good feature. And that is the default for all new
users.
>
>(2) There are, in some newsgroups, people of such impressive imbecility
>and volubility that one does not want to see either any post of theirs
>or any following post on the same branch of a thread-tree; one can
>achieve that, where the RHS of the M-ID is unique to a person, by
>killing on that right part appearing in a header. If such a person
>should be a nospam M-ID user, you will be tarred with the same brush.
So be it. I consider that a price worth paying.
Regards,
--
Martin Brown
Martin Brown
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Sun, 11 Jan 2004 at 10:29:30, Martin Brown wrote in
>demon.ip.support.turnpike
>(Reference: <Y4UqKLBK...@nospam.demon.co.uk>)
>
>
>>I made a mistake it was actually "ewdy" that gets the most spam. I
>>kill all mail addressed to "ew*" by default now. And everything
>>addressed to numbers.
>
>I would strongly suggest being more specific than that - you have just
>stopped yourself using any alias with news in it, just for one obvious
>example.
>
>/ew..@/u
>
>would be as precise as you can get - which will catch the aliases
>derived from MIDs by using the last part of the MID local part.
I am more specific still. I had not meant to mislead. The actual rules I
use are:
/^ew..$/u TP harvested MIDs
/^\d+.*$/u Snews harvested MIDs & numeric dictionary attacks.
Looking more closely at the second rule it seems I could simplify it to
/^\d/u
with only a tiny risk of collateral damage. I consider the next rule far
too risky for rejection but it may be of interest for folder routing.
/_..@/f Matches a pattern used by certain spam engines
But sadly it will definitely cause collateral damage if used for
rejection. It can still be used for routing to move probable chaff into
a junk folder though.
>
>This leaves you vulnerable to losing anything genuine, sent by design
>or accident to anything with the alias ending ew and two further
>characters.
Not if it is constrained to begin with "ew".
>The suggestion of stopping only the full length MIDs will remove most
>(but, perhaps, not all) of that risk, but will let through the very
>large numbers of messages with truncated aliases.
I have never seen any spam addressed to full length TP MIDs only to the
4 letter substring following immediately after the $.
I suppose it is a blessing that TP keeps the two leading characters
constant. But it would be nicer if the MID was made unharvestable.
Regards,
--
Martin Brown
Paul Terry
<|||newspam|||@nezumi.demon.co.uk> writes
>In message <eTjLoWAn...@merlyn.demon.co.uk>, Dr John Stockton
><sp...@merlyn.demon.co.uk> writes
>>(1) With a "shared" RHS, there can be no absolute guarantee that your M-
>>ID will be unique, as it should be.
>I agree.
So what happens in the case of ISPs that do not issue domains to
customers?
AFAICS, in such cases Turnpike just generates a MID of something like
...............@tesco.net
Nothing very unique about the RHS in that.
--
Paul Terry
John Underwood
demon.ip.support.turnpike
(Reference: <8AdjUNLuToAAFwd$@nospam.demon.co.uk>)
>/^ew..$/u TP harvested MIDs
In my experience, only some of them.
Here is a list of those I have received during the last few months. This
rule (with ea instead of ew) would have matched 34 of them and missed
48.
1 Character (2)
d k (both of these occurred in one, and only one, MID
preceded by a + of $)
4 character (34)
eaif ea5g ealh eadm ea39 eajn eawa EArG EANl
ea75 eab6 earr eaba ea9l eaky ea6y eae0 eaig
eanj eahw eaxg eafu ea4y eax0 eaqh eahi eakp
eaqe easf ea0n eacm eash eaam eagx
5 character (5)
9ea0u 9eak2 9EAdR 8easo 9easo
6 character (2)
2beayp r9eawq
7 character (1)
qb9eajl
8 character (1)
uug9eauc
12 character (3)
3hehuvy9eafx wclulyg9eaom nrf7av09eau7
13 character (1)
zoxcrnpm9eavs
15 character (2)
51xnqc7sey9eapi h7agz2qepck9ear
16 character (31)
nk1bk6cwoj59eajb xau0x1exzwg9ear0 cokizgcgkf89eapf
qikcroawufx9eagz pivilucefv99eadt ger5asdg3du9eame
5mugqadbir99eadl kcgb0mjk6z99eahl 19wv8eec1rv9eaxa
khk6sebsaq59eaub veddmpcmzzj9eagp dhz4ibeycl89eatl
DL20jmBRteq9EAtE knnagqexhx79eau8 hXfIV8BRp6q$AAp3
nrqbxhq0ly09ea8g oplrkvblecl9eaeo qxtbx8bckdc9ea7h
dfdq3efmzes9eaer ctiy43edix89eapf vz4tvvhpdly9eazp
hjca1nmmtxi9eaox mxeyokb8h7d9ea0b w3j4c9ciosp9eare
jx1qpocehc79eac6 yubogjcp3p79eawi jidmzab0uno9eapm
vsznihc36r99eaea zmwichegfop9eatm ejdzhhguilx9eakb
uqinxxhovc79eahe
John Underwood
demon.ip.support.turnpike
(Reference: <z$lQbnANm...@nospam.demon.co.uk>)
>I agree.
Richard Clayton appears to disagree.
Message-ID: <6$pNpRGti...@highwayman.com>
The local part of a TP MID will be unique, within reasonable
expectation, regardless of the domain used. Of course there is no
guarantee that someone will not forge a duplicate, but there is no
guarantee that no-one will forge a duplicate even with a shared domain.
>That is why I would much prefer it if TP generated MIDs that resisted
>the spam harvesters efforts more effectively.
How do you think that could be achieved? The spammers can extract an MID
from a news posting. If it uses a real domain and the local part with
that domain receives mail, then mail sent using that MID as a recipient
address will arrive. TP can do nothing to stop that happening, you can,
however, by not using a real domain or not accepting mail from alias
sent to your real domain. TP will allow you to set any domain you like,
it is not within the scope of TP to say what domain you may or may not
use.
If you don't want to use your own, there are others you may obtain
permission to use. One was offered in this group last week and that one
provides each user with a unique MID domain, even though it is not
necessary with Turnpike. It is not immune from harvesting, but nothing
sent to any alias within it will go anywhere (certainly nowhere near the
user).
PhilipPowell
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Mon, 12 Jan 2004 at 11:28:46, Martin Brown wrote in
>demon.ip.support.turnpike
>(Reference: <8AdjUNLuToAAFwd$@nospam.demon.co.uk>)
>
>
>>/^ew..$/u TP harvested MIDs
>
>In my experience, only some of them.
Me2
Anyone else noticed that ew and ea seemed to change to fw and fa
sometime Saturday afternoon?
Richard Clayton
<newsa...@blencathra.demon.co.uk.invalid> writes
>Anyone else noticed that ew and ea seemed to change to fw and fa
>sometime Saturday afternoon?
http://www.merlyn.demon.co.uk/critdate.htm#2004
--
richard @ highwayman . com "Nothing seems the same
Still you never see the change from day to day
And no-one notices the customs slip away"
PhilipPowell
<ric...@highwayman.com> writes
>In article <LJX11lQf$uAA...@all.spam.sent.to.hell>, PhilipPowell
><newsa...@blencathra.demon.co.uk.invalid> writes
>
>>Anyone else noticed that ew and ea seemed to change to fw and fa
>>sometime Saturday afternoon?
>
> http://www.merlyn.demon.co.uk/critdate.htm#2004
I should have known! As someone born at 9 o'clock on 9/9, I tend to look
out for date oddities but must admit that that one passed me by.
Actually, I'd narrowed the time down to between 13:13:33 and 18:55:55
just from the postings here - and who made the first posting here with
TP after the change: JRS (-:
Martin Brown
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Mon, 12 Jan 2004 at 11:28:46, Martin Brown wrote in
>demon.ip.support.turnpike
>(Reference: <8AdjUNLuToAAFwd$@nospam.demon.co.uk>)
>
>
>>/^ew..$/u TP harvested MIDs
>
>In my experience, only some of them.
Curiouser and curiouser! I just analysed my entire database of all
postings made with TP and 88% are "$ew..@" 12% are "+ew..@" and that is
all.
>
>Here is a list of those I have received during the last few months. This
>rule (with ea instead of ew) would have matched 34 of them and missed
>48.
So what is different between our configurations that means that all my
MIDs always have a "$" or "+" exactly 4 characters before the "@" ?
Regards,
--
Martin Brown
Dr John Stockton
news:demon.ip.support.turnpike, PhilipPowell <newsa...@blencathra.dem
on.co.uk.invalid> posted at Mon, 12 Jan 2004 19:05:03 :-
>Anyone else noticed that ew and ea seemed to change to fw and fa
>sometime Saturday afternoon?
Alas, I did not, nor did I expect it.
But, as it happens, I generated mail on Sat 2004-01-10 at 13:34:59, with
Ew; and at 14:06:26, with Fw.
Therefore, I assert that the change happened at 13:37:04 UTC (any Dutch
users reading this? they should have it from 14:37:04 local, ISTM).
I have been sent spam for so many ew..@ that harvesting should have
resulted in collisions, different articles for which the .. represents
the same character pair. Alas, more addresses will now be harvested
than would otherwise have been the case.
I'm not sure when the previous similar change occurred, if at all, but
1995-07-09 16:12:48 Sunday is a *possible* candidate; I did not at that
time have Turnpike or Demon here. It was Ew by 1996-01-24. Iff there
was such a change then, then caveat Friday 13th in Summer 2012.
All previous suggestions about killing ew..@ spam now apply to fw..@
spam, except that new Turnpike installations can safely have users
called Ewan or Lewis.
--
Š John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. Š
Web <URL:http://www.merlyn.demon.co.uk/> - w. FAQish topics, links, acronyms
PAS EXE etc : <URL:http://www.merlyn.demon.co.uk/programs/> - see 00index.htm
Dates - miscdate.htm moredate.htm js-dates.htm pas-time.htm critdate.htm etc.
Wm...
demon.ip.support.turnpike Martin Brown
<|||newspam|||@nezumi.demon.co.uk>
>So what is different between our configurations that means that all my
>MIDs always have a "$" or "+" exactly 4 characters before the "@" ?
This has been done before.
John Underwood
demon.ip.support.turnpike
(Reference: <+4q8YFFH...@highwayman.com>)
>In article <LJX11lQf$uAA...@all.spam.sent.to.hell>, PhilipPowell
><newsa...@blencathra.demon.co.uk.invalid> writes
>
>>Anyone else noticed that ew and ea seemed to change to fw and fa
>>sometime Saturday afternoon?
>
> http://www.merlyn.demon.co.uk/critdate.htm#2004
>
It reinforces my suggestive wish that TP incorporate at the end of the
local part of an MID a configurable character string which will enable a
user to identify an "address" as really an MID.
In the meantime, since our previous ideas have now lost validity, I
suggest the use of a sub-domain. I have been using one for long enough
for it not to be a problem - any local parts bearing the new dicharacter
will be identifiable by the sub-domain.
Anyone who wish to avail themselves of a free black hole domain should
ask me for permission to use the one I can provide. (It won't include
any reference to me by name and I won't normally be using it myself).
Wm...
<QLLlbQB6...@dontspam.theunderwoods.org.uk>
demon.ip.support.turnpike John Underwood
<newsab...@deleteifspam.theunderwoods.org.uk>
>It reinforces my suggestive wish that TP incorporate at the end of the
>local part of an MID a configurable character string which will enable
>a user to identify an "address" as really an MID.
It fits your theory so beg
>In the meantime, since our previous ideas have now lost validity, I
>suggest the use of a sub-domain. I have been using one for long enough
>for it not to be a problem - any local parts bearing the new
>dicharacter will be identifiable by the sub-domain.
I have been able to use mine
>Anyone who wish to avail themselves of a free black hole domain should
>ask me for permission to use the one I can provide. (It won't include
>any reference to me by name and I won't normally be using it myself).
Will someone please take up the offer? I can't take the begging
Wim
<tcn...@blackhole.do-not-spam.me.uk> writes,
>Will someone please take up the offer? I can't take the begging
Well, I'd love to be of any help, but I just don't understand why I
should take up the offer. So, an explanation would be very helpful.
TIA.
--
An eye for an eye makes the whole world blind.
Mahatma Ghandi (1869-1948)
Martin Brown
Underwood <newsab...@deleteifspam.theunderwoods.org.uk> writes
>On Mon, 12 Jan 2004 at 08:23:41, Martin Brown wrote in
>demon.ip.support.turnpike
>(Reference: <z$lQbnANm...@nospam.demon.co.uk>)
>
>
>>I agree.
>
>Richard Clayton appears to disagree.
>
>Message-ID: <6$pNpRGti...@highwayman.com>
>
>The local part of a TP MID will be unique, within reasonable
>expectation, regardless of the domain used.
Unique within reasonable expectation is not the same as unique. The odds
are going to be pretty good that they are, but it cannot be guaranteed.
>
>>That is why I would much prefer it if TP generated MIDs that resisted
>>the spam harvesters efforts more effectively.
>
>How do you think that could be achieved?
On present evidence ensuring that the last character of any MID is
either "$" or "+" ought to suffice. All part MIDs I can see appear to
have been generated this way by taking out the substring just before the
"@".
Now that time has passed I note my own MIDs are much longer strings
since about Saturday (the past 6 months output appears to have been
atypically short). "$Ew.." appears to be intimately related to time/date
rather than IP address. Now I have $lQbnANmlAAFwuz@ & seq instead.
>The spammers can extract an MID from a news posting.
But if all they get is a zero length string it won't do them any good.
Regards,
--
Martin Brown
John Hall
Dr John Stockton <sp...@merlyn.demon.co.uk> writes:
>I'm not sure when the previous similar change occurred, if at all, but
>1995-07-09 16:12:48 Sunday is a *possible* candidate; I did not at that
>time have Turnpike or Demon here. It was Ew by 1996-01-24. Iff there
>was such a change then, then caveat Friday 13th in Summer 2012.
What seems to have happened on 1995-07-09, at least for me, is that "Aw"
replaced "$V" immediately before the "Ew", but at some subsequent date
the "Aw" then introduced was replaced by something else:
Message-ID: <0Z3YIVA0Iu$vE...@jhall.demon.co.uk>
Date: Sat, 8 Jul 1995 20:53:24 +0100
Message-ID: <fKAqpAAtG5$vE...@jhall.demon.co.uk>
Date: Sun, 9 Jul 1995 09:22:05 +0100
Message-ID: <QU8PiDAh...@jhall.demon.co.uk>
Date: Mon, 10 Jul 1995 19:41:37 +0100
Message-ID: <nMPyUDAv...@jhall.demon.co.uk>
Date: Tue, 11 Jul 1995 19:57:51 +0100
But by early this year:
Message-ID: <u6jm+cQC5c$$Ew...@jhall.demon.co.uk>
Date: Thu, 8 Jan 2004 21:40:18 +0000
--
John Hall "He crams with cans of poisoned meat
The subjects of the King,
And when they die by thousands G.K.Chesterton:
Why, he laughs like anything." from "Song Against Grocers"
John Underwood
demon.ip.support.turnpike
(Reference: <6H2jqnb1E0AAFw8w@[127.0.0.1]>)
>Will someone please take up the offer?
Several people have.
>I can't take the begging
It isn't begging, and you don't have to take it. Why do you choose to
receive what I write since it upsets you so much?
Wm...
<|||newspam|||@nezumi.demon.co.uk>
>>>That is why I would much prefer it if TP generated MIDs that resisted
>>>the spam harvesters efforts more effectively.
>>
>>How do you think that could be achieved?
>
>On present evidence ensuring that the last character of any MID is
>either "$" or "+" ought to suffice. All part MIDs I can see appear to
>have been generated this way by taking out the substring just before
>the "@".
>
>Now that time has passed I note my own MIDs are much longer strings
>since about Saturday (the past 6 months output appears to have been
>atypically short). "$Ew.." appears to be intimately related to
>time/date rather than IP address. Now I have $lQbnANmlAAFwuz@ & seq
>instead.
>
>>The spammers can extract an MID from a news posting.
>
>But if all they get is a zero length string it won't do them any good.
Just so that I am clear: you want TP to change the way it generates
MIDs because bad people *may* pull strings from TP generated MIDs at the
moment?
People harvesting addresses for sale are unlikely to know about TP;
dictionary attacks *do* happen in spite of JohnU's assertions to the
contrary and RC has show that here but it has conveniently been ignored;
pulling a string from an MID is a SMOP whatever characters appear before
the @ and I do not think TP should play the game you suggest it should.
Any strings pulled from your current MID will not get to you anyway
because of the part after the @ so what is your concern?
===
This bit is general, not addressed to Martin in person.
I am sick of this kind of discussion. I have many correspondents that
only have one e-mail address. e.g. mary@hotmail or yahoo and think it
is about time the oft repeated mantra of *not* using "Reject it if the
email name is not recognised" is debunked. Does mary@aol care that she
does not get the mail she wants because people type mmary or maary or
marry? I doubt it. More to the point mary probably doesn't care to get
e-mail from people that are sufficiently stupid to get her name wrong.
TP has a very useful radio button which can be found at Configure /
Email routeing / Reject if the email name is not recognised -- use it.
In spite of the FUD that has been spread here too many times to mention
no-one has ever made the mistake of mistypying my address (and if they
have they got it right the next time).
Richard Clayton
<|||newspam|||@nezumi.demon.co.uk> writes
>>Richard Clayton appears to disagree.
>>
>>Message-ID: <6$pNpRGti...@highwayman.com>
>>
>>The local part of a TP MID will be unique, within reasonable
>>expectation, regardless of the domain used.
>
>Unique within reasonable expectation is not the same as unique.
correct, but you, your children and your grandchildren may not live long
enough to be able to detect the difference
> The odds
>are going to be pretty good that they are, but it cannot be guaranteed.
it certainly could be guaranteed -- for you to believe in that guarantee
I suspect one would need to reinsure the risk. I would not expect to see
very significant premiums being paid (underwriters tend to be more
familiar with statistics than the general public)
--
richard writing to inform and not as company policy
"Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM
Jim Crowther
<tcn...@blackhole.do-not-spam.me.uk> writes:
>TP has a very useful radio button which can be found at Configure /
>Email routeing / Reject if the email name is not recognised -- use it.
It is useful for those who only use those aliases that are 'recognised'.
I haven't created a new alias every time I've written to a company using
an alias of the form info.company-name, and so using that Reject option
would be a Bad Thing here.
--
Jim Crowther "It's MY computer" (tm SMG)
Avoid more swen by dumping your old Usenet addresses, and
put 'spam' or 'delete' somewhere in the Reply-to: header.
Help yourself avoid the spam: <http://keir.net/k9.html>
Wm...
<NWbycwB7...@dontspam.theunderwoods.org.uk>
demon.ip.support.turnpike John Underwood
<newsab...@deleteifspam.theunderwoods.org.uk>
>On Tue, 13 Jan 2004 at 00:52:05, Wm... wrote in
>demon.ip.support.turnpike
>(Reference: <6H2jqnb1E0AAFw8w@[127.0.0.1]>)
>>Will someone please take up the offer?
>
>Several people have.
Unnecessarily BTW
>>I can't take the begging
>
>It isn't begging, and you don't have to take it. Why do you choose to
>receive what I write since it upsets you so much?
Because you write excessively and appear to like doing so, I don't know
why you like doing that. Maybe you are bored? I don't know.
As I have said before I think your advice is, in general, good, I just
don't see why you need to repeat it in this newsgroup over and over
again rather than putting your thoughts together and making a web page
that you (and I and other people) can point people to.
Wouldn't that save you time?
That you have also been wrong on a few things recently isn't important.
Dave Eastabrook
>Tue, 13 Jan 2004 12:19:07
><NWbycwB7...@dontspam.theunderwoods.org.uk>
>demon.ip.support.turnpike John Underwood
><newsab...@deleteifspam.theunderwoods.org.uk>
>>receive what I write since it upsets you so much?
>
>Because you write excessively and appear to like doing so, I don't know
>why you like doing that. Maybe you are bored? I don't know.
I found John's postings very helpful, both in general and in answer to
mine. He writes a lot because he has a lot to say. Thanks John.
I remember you used to keep the Wishlist, probably still do? I expect
that with contributions of other regulars that led to improved versions
of TP. Thanks Wm and the others too.
Dave
--
to send mail I think postmaster will still work at elmbronze dcu.
Wm...
demon.ip.support.turnpike Jim Crowther
<Don't_bo...@blackhole.do-not-spam.me.uk>
>In message <qpwHBiOvF$AAFwsO@[127.0.0.1]>, Wm...
><tcn...@blackhole.do-not-spam.me.uk> writes:
>
>>TP has a very useful radio button which can be found at Configure /
>>Email routeing / Reject if the email name is not recognised -- use it.
>
>It is useful for those who only use those aliases that are 'recognised'.
>
>I haven't created a new alias every time I've written to a company
>using an alias of the form info.company-name, and so using that Reject
>option would be a Bad Thing here.
It is not a TP problem is it?
Jim Crowther
<tcn...@blackhole.do-not-spam.me.uk> writes:
>Tue, 13 Jan 2004 13:55:47 <Ucysz6Qjj$AAF...@nospam.at.my.choice.of.UID>
>demon.ip.support.turnpike Jim Crowther
><Don't_bo...@blackhole.do-not-spam.me.uk>
>
>>In message <qpwHBiOvF$AAFwsO@[127.0.0.1]>, Wm...
>><tcn...@blackhole.do-not-spam.me.uk> writes:
>>
>>>TP has a very useful radio button which can be found at Configure /
>>>Email routeing / Reject if the email name is not recognised -- use it.
>>
>>It is useful for those who only use those aliases that are 'recognised'.
>>
>>I haven't created a new alias every time I've written to a company
>>using an alias of the form info.company-name, and so using that Reject
>>option would be a Bad Thing here.
>
>
>It is not a TP problem is it?
No indeed, but IMHO worth mentioning, as I suspect quite a few folk
might be in a similar position to mine.
"Reject if the email name is not recognised" can be very useful, and in
many individual circumstances I'd strongly recommend it.
I'm just trying to make sure no-one uses it without first being aware of
some possible consequences, that's all.
Mark Browne
<Don't_bo...@blackhole.do-not-spam.me.uk> writes
>In message <qpwHBiOvF$AAFwsO@[127.0.0.1]>, Wm...
><tcn...@blackhole.do-not-spam.me.uk> writes:
>
>>TP has a very useful radio button which can be found at Configure /
>>Email routeing / Reject if the email name is not recognised -- use it.
>
>It is useful for those who only use those aliases that are 'recognised'.
>
>I haven't created a new alias every time I've written to a company
>using an alias of the form info.company-name, and so using that Reject
>option would be a Bad Thing here.
I do exactly the same, but have recently been recording the email
address that people send to me. At some point in the future (for some
value of "future"), I may create aliases for all of them and switch on
the "Reject Unknown Alias" option.
--
Mark Browne
If replying by email, please use the "Reply-To" address, as the
"From" address will be rejected
John Underwood
demon.ip.support.turnpike
(Reference: <ki3p+cxE...@kafana.demon.co.uk.invalid>)
>I do exactly the same, but have recently been recording the email
>address that people send to me. At some point in the future (for some
>value of "future"), I may create aliases for all of them and switch on
>the "Reject Unknown Alias" option.
The advantage of Jim's approach (used by Mark and me) is that there is
no additional work required when giving an address to a new
correspondent. In some cases, it would just not be possible to add the
new alias before a message were sent and rejected - e.g. my wife makes
an enquiry from her work system or either of do face to face or by
telephone when out.
My policy is to have a general acceptance rule for /^info/u and then, if
necessary, precede it with rejections for any that I need to throw away.
In all cases, great care should be taken in rejecting on the envelope
when collecting mail via POP3, especially if using a POP3 server other
than Demon's. There are circumstances in which the information is not
provided for TP to reconstruct the envelope (quite legitimately within
the existing standards). In such a case, there is no forward path, so it
can't be recognised and the message will be rejected.
Wm...
<Don't_bo...@blackhole.do-not-spam.me.uk>
>I'm just trying to make sure no-one uses it without first being aware
>of some possible consequences, that's all.
I think we have been doing that too long.
Wm...
<6YufPJFo...@dontspam.theunderwoods.org.uk>
demon.ip.support.turnpike John Underwood
<newsab...@deleteifspam.theunderwoods.org.uk>
>In all cases, great care should be taken in rejecting on the envelope
>when collecting mail via POP3, especially if using a POP3 server other
>than Demon's. There are circumstances in which the information is not
>provided for TP to reconstruct the envelope (quite legitimately within
>the existing standards). In such a case, there is no forward path, so
>it can't be recognised and the message will be rejected.
So make your advice specific then. Put it on a website and be done with
it.
Paul Terry
<tcn...@blackhole.do-not-spam.me.uk> writes
>I am sick of this kind of discussion. I have many correspondents that
>only have one e-mail address. e.g. mary@hotmail or yahoo and think it
>is about time the oft repeated mantra of *not* using "Reject it if the
>email name is not recognised" is debunked. Does mary@aol care that she
>does not get the mail she wants because people type mmary or maary or
>marry? I doubt it. More to the point mary probably doesn't care to
>get e-mail from people that are sufficiently stupid to get her name wrong.
Another point that does not get mentioned in these discussions, is the
frequency with which people actually ever type out the address in an
email at all.
The number of times I actually type one is vanishingly small. I either
reply to an email, in which case the address is filled-in automatically,
or Turnpike's auto-complete does the job for me by selecting a correct
address from the address book, or a mailto link pastes the correct
address.
Given that OE (a seriously if regrettably popular mailer) also does all
of these things, I doubt that the question of typing, let alone
mistyping, addresses often arises for many people. I certainly don't see
mistyped addresses on genuine email here, even though such messages
would be received.
--
Paul Terry
PhilipPowell
>In message <6H2jqnb1E0AAFw8w@[127.0.0.1]>, Wm...
><tcn...@blackhole.do-not-spam.me.uk> writes,
>
>>Will someone please take up the offer? I can't take the begging
>
>Well, I'd love to be of any help, but I just don't understand why I
>should take up the offer. So, an explanation would be very helpful.
If you EMAIL John, you will/may find out. Enough said (-:
John Underwood
demon.ip.support.turnpike
(Reference: <PJT01YBO...@all.spam.sent.to.hell>)
>If you EMAIL John, you will/may find out. Enough said (-:
This is coming from someone who complains frequently, often and
repeatedly, that I should not put my ideas in postings here but on a web
site.
Now I have complied with his commands. The information is on a web site
so that those who are interested can read it.
As Wm.. has asked me not to keep on repeating myself, I will not do so
merely for his sake. He can refer to the already published information
about how to find what he wants to know.
Dr John Stockton
ip.support.turnpike, Richard Clayton <ric...@highwayman.com> posted at
Mon, 12 Jan 2004 19:25:59 :-
>In article <LJX11lQf$uAA...@all.spam.sent.to.hell>, PhilipPowell
><newsa...@blencathra.demon.co.uk.invalid> writes
>
>>Anyone else noticed that ew and ea seemed to change to fw and fa
>>sometime Saturday afternoon?
>
> http://www.merlyn.demon.co.uk/critdate.htm#2004
99.9 kB, btw; the .zip is only 3/8 of that.
Those who read that page *after* the next upload should find a reference
into the latest issue of Risks Digest (easily got by taking
news:comp.risks) - 23.12 item 3 - which reports a software FAILURE
having the same basic cause (probably of no concern to us, though).
John Hall's observations appear easily consistent with reason.
This is a good example, IMHO, of how much can be deduced about a
lightly-coded message format from a simple observation.
--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 MIME. ©
Wm...
<TbylPiBY...@dontspam.theunderwoods.org.uk>
demon.ip.support.turnpike John Underwood
<newsab...@deleteifspam.theunderwoods.org.uk>
>As Wm.. has asked me not to keep on repeating myself, I will not do so
>merely for his sake. He can refer to the already published information
>about how to find what he wants to know.
|f you have done that I am pleased, the URL is ...
Jim Crowther
<tcn...@blackhole.do-not-spam.me.uk> writes:
>Tue, 13 Jan 2004 15:32:54 <xyiF4aXm...@nospam.at.my.choice.of.UID>
>demon.ip.support.turnpike Jim Crowther
><Don't_bo...@blackhole.do-not-spam.me.uk>
>
>>I'm just trying to make sure no-one uses it without first being aware
>>of some possible consequences, that's all.
>
>I think we have been doing that too long.
IHMO I'm afraid it's always necessary to point out the possible
drawbacks to otherwise splendid solutions, otherwise we'd just be saying
RTFM, and the usefulness of dist would be diminished.
Jim Crowther
<nos...@musonix.demon.co.uk> writes:
>Given that OE (a seriously if regrettably popular mailer) also does all
>of these things, I doubt that the question of typing, let alone
>mistyping, addresses often arises for many people. I certainly don't
>see mistyped addresses on genuine email here, even though such messages
>would be received.
My experience also, and I suspect that of many others.
Roy Brown
<tcn...@blackhole.do-not-spam.me.uk> writes
>I am sick of this kind of discussion. I have many correspondents that
>only have one e-mail address. e.g. mary@hotmail or yahoo and think it
>is about time the oft repeated mantra of *not* using "Reject it if the
>email name is not recognised" is debunked. Does mary@aol care that she
>does not get the mail she wants because people type mmary or maary or
>marry? I doubt it. More to the point mary probably doesn't care to
>get e-mail from people that are sufficiently stupid to get her name wrong.
This is a very good point.
>TP has a very useful radio button which can be found at Configure /
>Email routeing / Reject if the email name is not recognised -- use it.
This is a bridge too far.
>In spite of the FUD that has been spread here too many times to mention
>no-one has ever made the mistake of mistypying my address (and if they
>have they got it right the next time).
Quitey. No-oney every mistypys, ofy coursey, andy Demon'sy abilityy toy
sendy youy ally they mistypys ofy youry namey, insteady ofy themy beingy
losty fory every, asy happenys ony lessery ISPsy, hasy noy merity
whatsovery.
--
Roy Brown 'Have nothing in your houses that you do not know to be
Kelmscott Ltd useful, or believe to be beautiful' William Morris
John Underwood
demon.ip.support.turnpike
(Reference: <mux0Quhs6DBAFwFr@[127.0.0.1]>)
>|f you have done that I am pleased, the URL is ...
I am getting tired of this offensive intrusive and inquiatorial
behaviour. Why don't you grow up Tarr?
I gave all the information you need. Write to me if you want more.
Anyone who sincerely shows an interest will be given what they need.
All you have to do is convince me that you are sincerely and
constructively interested in what I am offering.
Off-topic for d.i.s.t. Follow-up set.