Running PINE on remote host: Virus question
Samuel W. Heywood
I am currently running PINE on the SDF Public Access UNIX system.
BTW, my "From:" is one of my valid email addresses. Just "RemoveThis."
I have some questions:
What if somebody should send me an email virus to my email address
at "sdf.lonestar.org"? Could it infect my setup and other files on
the remote host? Could the virus cause PINE to start sending out
infected emails to everybody in my address book? I know perfectly well
about how to deal with suspicious attachments received in emails when
running an email program on my local machine, but I don't know how to
scan for viruses on a remote host, unless I should resort to the hassle
of downloading the suspicious attachment to my local machine and then
scanning it for viruses on my local machine. Is it possible to infect
stuff on my directory on the remote host simply by opening an email
message received by PINE? Any good advice on what I should do to
protect myself while running PINE on a remote host will be appreciated.
TIA
Sam Heywood
-- SDF Public Access UNIX System - http://sdf.lonestar.org
Will Yardley
Samuel W. Heywood wrote:
> What if somebody should send me an email virus to my email address at
> "sdf.lonestar.org"? Could it infect my setup and other files on the
> remote host? Could the virus cause PINE to start sending out infected
> emails to everybody in my address book? I know perfectly well about
> how to deal with suspicious attachments received in emails when
> running an email program on my local machine, but I don't know how to
> scan for viruses on a remote host, unless I should resort to the
> hassle of downloading the suspicious attachment to my local machine
> and then scanning it for viruses on my local machine.
simple answer: not really (or at least not likely)
most UNIX mail clients aren't dumb enough to run something
automatically, and they're generally smarter about file types (ie they
use information in the file itself rather than the extension or MIME
type to determine what to do with it).
also, there are very few (if any) viruses targeted towards UNIX systems,
and i very much doubt that a windoze virus would be very successful in
infecting a UNIX or Linux machine.
lastly, people don't generally read mail as 'root' on a UNIX system, so
if you were to run arbitrary code, it would be running as an
unprivileged user -- it would have to also run some kind of exploit
before it would be able to do a whole lot of damage beyond what it could
do as your user.
this is somewhat of an oversimplification, but for these (and other)
reasons, it's fairly unlikely that this will happen. this is one of the
major reasons why reading your mail in a console based client on a
remote machine is ideal.
i would highly *not* recommend downloading something you suspect is a
virus to your own computer. if you're very curious about it, you could
save it on the remote machine and examine it there.
--
No copies, please.
To reply privately, simply reply; don't remove anything.
Samuel W. Heywood
Thanks for your opinion, Will. I'm a complete newbie to running PINE
on a remote host as I am doing right now. I used to run a DOS version
of PINE on my local computer. I always avoid as much as possible
having to read email with a Windows computer because they are so
vulnerable to virii. I have been receiving a lot of KLEZ.H viruses
recently. They say that Windows users can get their machines infected
with that one simply by opening an email and without even clicking on
an attachment.
BTW, I am so new at working with files in this Unix shell that I
wouldn't even know how to scan a suspect file for viruses on the
Unix host. I'm glad I have a good background in DOS. This makes
learning Unix and Linux a lot easier for me than it would be for
one whose experience comes mainly from knowledge of the Windows OS.
Regards,
Sam Heywood
Gopi Sundaram
> What if somebody should send me an email virus to my email address at
> "sdf.lonestar.org"? Could it infect my setup and other files on the
> remote host?
Tough to say. By receiving it, you can't get infected. You can possibly
be infected if you execute the virus. The advantage of having mutually
incompatible binary formats is that you are only at risk if you are
running the same OS on the same architecture as the virus was compiled
for. If you have a virus in an interpreted language, you have the
liberty of examining the code.
> Could the virus cause PINE to start sending out infected emails to
> everybody in my address book?
Yes, but only if you execute it.
> Is it possible to infect stuff on my directory on the remote host
> simply by opening an email message received by PINE?
Pine doesn't automatically execute or open any attachments. So unless
you choose to do something, Pine won't do stupid things on your behalf.
> BTW, my "From:" is one of my valid email addresses. Just
> "RemoveThis."
You own removethis.com? You must receive thousands of spam mails because
of people like you that use that as a domain to munge their return
address.
--
Gopi Sundaram
gop...@cse.sc.edu
http://www.cse.sc.edu/~gopalan/Pine/
Samuel W. Heywood
> On Thu, 25 Apr 2002, Samuel W. Heywood wrote:
<snip>
> Pine doesn't automatically execute or open any attachments. So unless
> you choose to do something, Pine won't do stupid things on your behalf.
>
If that is the case then it might probably be safe to run even a Windows
version of PINE.
> > BTW, my "From:" is one of my valid email addresses. Just
> > "RemoveThis."
>
> You own removethis.com? You must receive thousands of spam mails because
> of people like you that use that as a domain to munge their return
> address.
Odd as it may seem, I get very few spams at my email address at
"subdimension.com", but I get lots of spams at my paid ISP,
"shentel.net", even though I never do any newsgroup posting using
my shentel email address. In newsgroup posts I use a slightly
munged variant of my "subdimension.com" email address in my "From:"
Regards,
Sam Heywood
Will Yardley
> On Sat, 27 Apr 2002, Gopi Sundaram wrote:
>> You own removethis.com? You must receive thousands of spam mails because
>> of people like you that use that as a domain to munge their return
>> address.
> In newsgroup posts I use a slightly munged variant of my
> "subdimension.com" email address in my "From:"
i think that what gopi was trying to point out is that if you're going
to munge your email address, you should use an address ending in
.invalid - it's very rude to use a real domain name since you could be
inadvertantly causing people at those domains to get bulk mail and / or
responses to your messages.
http://www.faqs.org/faqs/net-abuse-faq/munging-address/
(read section 4d).
Samuel W. Heywood
> In article <Pine.NEB.4.44.020427...@sdf.lonestar.org>,
> Samuel W. Heywood wrote:
> > On Sat, 27 Apr 2002, Gopi Sundaram wrote:
>
> >> You own removethis.com? You must receive thousands of spam mails because
> >> of people like you that use that as a domain to munge their return
> >> address.
>
> > In newsgroup posts I use a slightly munged variant of my
> > "subdimension.com" email address in my "From:"
>
> i think that what gopi was trying to point out is that if you're going
> to munge your email address, you should use an address ending in
> .invalid - it's very rude to use a real domain name since you could be
> inadvertantly causing people at those domains to get bulk mail and / or
> responses to your messages.
OK, I can understand that, but up until just now I had no idea that
"http://www.removethis.com" could possibly be a real domain name.
Thousands of newsgroup posters use "RemoveThis" as a simple spam block.
I was absolutely amazed to find that anyone would want to register such
a name as that as a real domain name. Just out of curiosity to see if
such a domain by that name could possibly exist I just now checked.
Sure enough, the place is for real and they even have a web site at the
URL I named above!
OK, I have since changed my mung to ".invalid", as the last character
string in my "From:"
Sam Heywood
Gopi Sundaram
> OK, I can understand that, but up until just now I had no idea that
> "http://www.removethis.com" could possibly be a real domain name.
If it ends in a valid top-level domain, then it can possibly be a valid
domain name.
> Thousands of newsgroup posters use "RemoveThis" as a simple spam
> block.
I have several things to say to them.
> I was absolutely amazed to find that anyone would want to register
> such a name as that as a real domain name.
I can think of lots of uses. The fact is, even if a domain doesn't
exist now, it could in the future if it ends in a valid TLD. Archives
are available for so many things, that your modified From: header could
cause problems years from now.
> OK, I have since changed my mung to ".invalid", as the last character
> string in my "From:"
Most spammers have tools to help strip out such simple modifications.
Modifying your From: header is a bad way to stop spam anyway.
Samuel W. Heywood
A lot of people here use filtering techniques so as to have all
the spam dumped into a separate folder. While that helps, it
doesn't solve the problem for those who sometimes have to go
online with a very slow connection. When travelling I take an
old laptop along with me. It has an old and slow modem. I have
to connect with my ISP via long distance. It sure is a waste of
my time and money to have to download spam. Yes, I know I can
filter it so that it gets dumped into a separate folder, but I
still have to download all that garbage. Currently I am receiving
lots of huge messages having the KLEZ.H virus attachments. I sure
wish the authorities would crack down and punish the spammers and
the virus senders.
Sam Heywood
Gopi Sundaram
> A lot of people here use filtering techniques so as to have all the
> spam dumped into a separate folder. While that helps, it doesn't
> solve the problem for those who sometimes have to go online with a
> very slow connection.
If you connect using IMAP, you shouldn't be filtering on the client-side
anyway. It goes against the idea of IMAP which lets you access the same
mail everywhere, regardless of the client. Look into procmail or some
such server-side filtering system.
> Currently I am receiving lots of huge messages having the KLEZ.H virus
> attachments.
You shouldn't be downloading the attachments until you choose to view
them, if you use IMAP. This should cost you hardly anything unless you
download the attachment.
> I sure wish the authorities would crack down and punish the spammers
You aren't helping unless you are reporting them to the authorities.
> and the virus senders.
Cluelessness isn't a crime (although it should be).
Dale Wharton
> [...]
>
> If you connect using IMAP, you shouldn't be filtering on the client-side
> anyway. It goes against the idea of IMAP which lets you access the same
> mail everywhere, regardless of the client. Look into procmail or some
> such server-side filtering system.
>
What you say makes sense. Can you post a couple
examples using procmail? Or at least some URIs?
> > Currently I am receiving lots of huge messages having the KLEZ.H virus
> > attachments.
>
> You shouldn't be downloading the attachments until you choose to view
> them, if you use IMAP. This should cost you hardly anything unless you
> download the attachment.
>
> > I sure wish the authorities would crack down and punish the spammers
>
> You aren't helping unless you are reporting them to the authorities.
>
Quit teasing, Gopi. I suspect you know whereof
you speak. Please tell us:
How does one "choose to view" attachments before
downloading them?
Who are the authorities to whom we should report
offenders? TIA, best wishes ...
--
Dale Wharton ve2...@rac.ca M O N T R E A L Te souviens-tu?
Samuel W. Heywood
> On Sun, 28 Apr 2002, Samuel W. Heywood wrote:
>
> > A lot of people here use filtering techniques so as to have all the
> > spam dumped into a separate folder. While that helps, it doesn't
> > solve the problem for those who sometimes have to go online with a
> > very slow connection.
>
> If you connect using IMAP, you shouldn't be filtering on the client-side
> anyway. It goes against the idea of IMAP which lets you access the same
> mail everywhere, regardless of the client. Look into procmail or some
> such server-side filtering system.
Most of the spam and viruses that I get are sent to my email address
at my paid ISP where they have only a POP3 server. The email address
at my paid ISP is also the same email address where most of my
relatives and friends and neighbors and the people with whom I conduct
business write.
> > Currently I am receiving lots of huge messages having the KLEZ.H virus
> > attachments.
>
> You shouldn't be downloading the attachments until you choose to view
> them, if you use IMAP. This should cost you hardly anything unless you
> download the attachment.
Yes, I know. The problem is that my main email address at my paid ISP
is one which I must access by a POP3 client.
> > I sure wish the authorities would crack down and punish the spammers
>
> You aren't helping unless you are reporting them to the authorities.
I go through periods of reporting all of my spams to spamcop. I never
felt that doing so has helped at all in stopping my spam. I continue
to get the same spams from the same sources.
> > and the virus senders.
>
> Cluelessness isn't a crime (although it should be).
Cluelessnes is a crime, depending on what kind of equipment you are
operating in an unsafe manner. If you hurt somebody with a gun
because you didn't know it was loaded, then you will probably get
convicted of a crime, as you ought to be. If you hurt somebody with
your computer because you didn't know it was infected with a virus,
then society will be all too willing to forgive you. Society has
very strange values.
Sam Heywood
Serguei Mokhov (mokhov @ cs.concordia.ca)
"Dale Wharton" <ve2...@rac.ca> wrote in message news:Pine.OSF.4.44.020428...@alcor.concordia.ca...
> > > I sure wish the authorities would crack down and punish the spammers
> >
> > You aren't helping unless you are reporting them to the authorities.
>
> offenders? TIA, best wishes ...
Usually you report those things to ab...@host.you.suspect.was.compromised.com
Providing them with full headers of the offensive email and stuff.
The host is an ISP, and they can pre-filter mail before it gets
to your mailbox. Plus, many ISPs do virus-check of all incoming
mail... But none of these guarantee 100% to "crack down and punish the spammers".
-s
Mark Crispin
> > > > I sure wish the authorities would crack down and punish the spammers
> > > You aren't helping unless you are reporting them to the authorities.
> > Who are the authorities to whom we should report offenders?
> Providing them with full headers of the offensive email and stuff.
In the case of spammers (or spam victims) located in the USA, the US
Federal Trade Commission has a mailbox for you to forward your spam:
u...@ftc.gov
This isn't a place to complain; the spam just goes into a database.
However, it does good to contribute to the FTC's spam database; they are
using it to identify and shutdown Internet scams being spread via spam.
In the case of spam involving postal fraud where the spammer (or victim)
is in the US, the US Postal Service Inspector has a mailbox for you to
forward that spam:
fr...@uspis.gov
Be sure to forward all the pyramid schemes and Nigerian scams there.
If you really feel evil, collect the US postal addresses on the pyramid
schemes and report them to the US Internal Revenue Service (and the income
taxing authorities of the appropriate country for non-US adddresses) as
being recipients of unreported illegal income.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Sebastian Jester
I am posting this because I had a long (private) discussion with Gopi
Sundaram about .invalid and the like. I used to use use....@to.invalid as
from: header for news groups and put my real eamil address in the reply-to:
header. He objected to my signature (below), because by the word of the
relevant RFC <http://www.rfc-editor.org/rfc/rfc2606.txt> .invalid shouldn't be
used in messages which appear on the internet.
Still, I don't agree with Gopi Sundaram in that using an .invalid address is a
bad way to eliminate spam - I think it's good because it stops the spam within
the spammer's network, unlike recipient-side filtering, which only deals with
spam once it has used up bandwidth. I used an .invalid domain which is also
invalid once .invalid is removed because every news group posting resulted in
spam, and the legacy of my postings with my real email address still continues
to heap spam on me.
For a related comment, see
<http://groups.google.com/groups?selm=a6aiva%24itd%241%40mothership.upress.Virginia.EDU>
But now, I seem to have found an alternative way to post in a news group with
a valid address but without spam: I signed up with a free internet mail
provider and got myself the email address you see above. It's perfectly valid,
you can write to me there. The internet provider has some spam filters
installed, so I don't have to bother. Maybe some email harvesters remove the
nospam from my address and send email to someone else (or a non-existent
address). Be that as it may, I haven't received *any* spam on that free email
account (apart from the provider's own ads, but I put their email address on
my personal anti-spam list with them... grin). I can even forward mail from
that account to my other address.
So that's what I would encourage people to do now: Sign up with a free webmail
provider which does spam filtering for you. Don't do any address-munging, it
enrages some people either way. You may want to shop around for a service
which doesn't ask for too many personal details, and in particular doesn'
share them with anyone (M$-Bash, possibly unfounded: in the way passport /
.net do). Possibly get yourself an address with "nospam" in it. Enjoy
spam-free posting in newsgroups!
And if you do get spam: I use http://spamcop.net which does the reporting for
me. You only need to tell them a valid email address once, which they won't
tell anybody else. You can then forward spam to them, and the site will find
out where the mail actually came from and send anonymous reports on your
behalf.
Sebastian Jester
--
Don't want spam from posting to newsgroups? DON'T post anonymously!
Mung your from: with .invalid as domain and provide a valid reply-to:
Sylvain Robitaille
> Can you post a couple examples using procmail? Or at least some URIs?
http://alcor.concordia.ca/topics/email/auto/
--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca
Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
Gopi Sundaram
> Still, I don't agree with Gopi Sundaram in that using an .invalid
> address is a bad way to eliminate spam - I think it's good because it
> stops the spam within the spammer's network, unlike recipient-side
> filtering, which only deals with spam once it has used up bandwidth.
Spammers typically don't use their own networks. They abuse open-relays.
So the system that takes the load belongs to a clueless (or in
yesteryears, idealistic) sysadmin. And since the Return-Path is forged,
the spammers don't get bounces either. It's like shooting in the dark
with a sawn-off shotgun, which is quite close to what I would like to do
with spammers >:-)
> Maybe some email harvesters remove the nospam from my address and send
> email to someone else
That possibility is a problem. I have the same objection to this as I
have for using a valid domain that doesn't belong to you or you have
authorization to use.
> Sign up with a free webmail provider which does spam filtering for
> you. Don't do any address-munging,
This is what I agree with. The RFCs only require that the From: address
be a deliverable mailbox. There is no stipulation that someone/something
read/parse whatever is delivered to it. You seem to be munging your
spam-bait address in addition. That is redundant.
I used to have a hotmail address that I used exclusively to provide to
web sites that needed an email address. I only open it once every two
weeks to keep it alive. I never read anything that is sent there.
On the other hand, I use the address above for all my USENET posts. I
have no intention of changing this. This (and mailing lists) are the
only places I use this address. For everything else, the domain changes
as in my .sig. This helps me separate personal from junk mail.
Right now, it is trivial for me to look up earlier posts in any
archives. I do get anywhere from zero to ten spam messages a week. I can
deal with that. By reporting them, and using spamcop to help kick them
off of their carriers.
Jeffrey Goldberg
in <Pine.LNX.4.50.020428...@shiva1.cac.washington.edu>:
> forward that spam:
> fr...@uspis.gov
> Be sure to forward all the pyramid schemes and Nigerian scams there.
Does that supercede
419 Task Force <419...@usss.treas.gov>
which is where I've been sending Nigerian money transfer scams to?
Also (from the US) I've started to send all spam from Chinese (PRC)
networks or advertising hosts in the PRC to the embassy
Embassy of the PRC <chinaem...@fmprc.gov.cn>
Stating that the lack of response from network administrators in China to
reports of abuse from their network is an important "people to people"
diplomatic issue for China. I've never had a response, but I do it anyway.
> If you really feel evil, collect the US postal addresses on the pyramid
> schemes and report them to the US Internal Revenue Service (and the income
> taxing authorities of the appropriate country for non-US adddresses) as
> being recipients of unreported illegal income.
It is surprisingly difficult to find a "tip-off" email address for the
IRS. They have a toll free number number listed on their website, but even
after talking to someone there, I had to print out what I'd recieved and
mail it in. (I was reporting spam from the "Global Prosperity" scam, who
were the subject of the largest IRS raid ever). This was more than a year
ago, so things might have changed.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
I rarely read top-posted, over-quoting or HTML postings.
Sebastian Jester
can we agree on the following anti-spam HOWTO:
1) Don't munge, use a free webmail account for usenet.
2) If you feel you must munge,
a) make it obvious
b) use .invalid as domain
c) if any valid address can be obtained by guessing or substitution, it
must be one you own
d) provide a means to contact you, either as reply-to: or in a signature.
3) Use http://spamcop.net to report spammers.
That's the summary, here's the discussion which I am summarising...
On Mon, 29 Apr 2002, Gopi Sundaram (>) wrote:
> On Mon, 29 Apr 2002, Sebastian Jester (>>) wrote):
>> ...
>
> Spammers typically don't use their own networks. They abuse open-relays.
> So the system that takes the load belongs to a clueless (or in
> yesteryears, idealistic) sysadmin. And since the Return-Path is forged,
> the spammers don't get bounces either. It's like shooting in the dark
> with a sawn-off shotgun, which is quite close to what I would like to do
> with spammers >:-)
OK, that's a reason. But even the mail going through an open relay has to be
sent to that relay from some network, doesn't it? Maybe I ought to analyse
spamming software and tactics in more detail, and try to come up with a way
that hurts the spamming system from within. Just never reading spam is, in the
long run, not going to stop spam.
> > Sign up with a free webmail provider which does spam filtering for you.
> > Don't do any address-munging,
>
> This is what I agree with. The RFCs only require that the From: address
> be a deliverable mailbox.
I still haven't found the place where an RFC says that a usenet message should
contain a from: address which corresponds to a deliverable mailbox (and
preferably one the sender owns). I agree there are reasons not to munge your
address, as you say "shooting in the dark". But those who don't agree and
still want to munge should do so with .invalid *only*.
See the discussion on usenet message format which I think is summarised at
<http://www.landfield.com/usefor/2001/Mar/0089.html> and which resulted in
<http://www.landfield.com/usefor/drafts/draft-ietf-usefor-article-06.01.unpaged>
> You seem to be munging your spam-bait address in addition. That is
> redundant.
No! The address is valid as is. I just wanted to experiment. The next email
address I will try will be the same without the nospam, just to see whether
that works equally well.
> I used to have a hotmail address that I used exclusively to provide to
> web sites that needed an email address. I only open it once every two
> weeks to keep it alive. I never read anything that is sent there.
Yes, and that defies the sense of providing an email address so people can
reply to your posts personally by mail. How many people will bother to check
that the address they are replying to is the one in your signature, in
particular if the signature is being stripped on reply? You are giving in to
spam by allowing people to spend time on composing mails which you will never
read. use....@to.invalid + valid reply-to: is kinder to would-be
correspondents. I wouldn't have noticed the difference.
> On the other hand, I use the address above for all my USENET posts. I
> have no intention of changing this. This (and mailing lists) are the
> only places I use this address. For everything else, the domain changes
> as in my .sig. This helps me separate personal from junk mail.
I have to ask to be sure I am getting this right: Is the email address in the
from: header of your post (which looks nearly like the one in the signature)
the webmail address? If so, you are really badly misleading people who want to
talk to you. Nobody will notice a missing 'e' in an otherwise identical
address between from: and sig. I had to look about three times, and you told
me. People spend time writing messages which you are going to dump in the bin
unread. That is not very polite, I think. But maybe it's just a typo, so I
apologise for my ranting if it is. And are you saying you subscribe to mailing
lists with an account you will never read? I must be misunderstanding you.
You can see my signature evolving as consequence of these discussions...
Sebastian Jester
--
Don't want spam from posting to newsgroups? DON'T post anonymously!
Get yourself a separate, free email address with a webmail provider.
And use http://spamcop.net
srivastava
> And if you do get spam: I use http://spamcop.net which does the reporting for
Spamcop is not very effective in tackling spam. I report 4 or 5 emails
every day but there is no decrease in the volume of spam that I get.
Why not get an email from www.despammed.com? That is very effective but
they out right delete if mail is addressed as BCC. That means it can not
be used as regular mail.
--
srivastava
Email: To reply, replace *deadspam* by *despammed*.
Sebastian Jester
>
> Spamcop is not very effective in tackling spam. I report 4 or 5 emails
> every day but there is no decrease in the volume of spam that I get.
That is a complete non sequitur. You don't know how much spam you would get if
you, or other people, didn't report anything.
Is www.despammed.com any different from signing up for a mail address with
spamcop.net? For starters, it seems to offer free mail which spamcop.net
doesn't. But does despammed.com also report back to spammers' ISPs, to fight
spammers at the source?
I think we need spam reporting more than filtering. But thanks for the link to
free spam filtering!
BTW Hormel/SPAM isn't as upset about using "spam" to refer to UCE as
despammed.com insinuates: <http://www.spam.com/ci/ci_in.htm>
Sebastian Jester
--
Don't want spam from posting to newsgroups? DON'T post anonymously!
Nancy McGough
> So that's what I would encourage people to do now: Sign up with
> a free webmail provider which does spam filtering for you.
> Don't do any address-munging, it enrages some people either
> way. You may want to shop around for a service which doesn't
> ask for too many personal details, and in particular doesn'
> share them with anyone (M$-Bash, possibly unfounded: in the way
> passport / .net do). Possibly get yourself an address with
> "nospam" in it. Enjoy spam-free posting in newsgroups!
Yes, I agree that this is the way to go and I've got a growing
list of IMAP service providers that you can use for this here
<http://www.ii.com/internet/messaging/imap/isps/>
Since this is comp.mail.pine and Pine is primarily an IMAP
client, I'm wondering why you (Sebastian) chose gmx.net. I used
to have them listed in my list but a number of people emailed me
and told me that they only do POP. If you want to be able to
optimally use Pine with your "public" address, I recommend
choosing someone who supports IMAP access (as well as webmail,
POP, and whatever other features you're looking for).
BTW, my public address, which is what is in the From header of
this message, hardly gets any spam and I don't do any filtering
on it (even though some of my friends call me the "Procmail
Queen"!). I think it might be because spammers don't think there
is much of a market for their goods or services in Armenia (.am)!
Good luck with your spam fighting,
Nancy
^x
REFERENCE:
The message I'm replying to -- and this entire thread & group --
may be available at
<http://groups.google.com/groups?selm=Pine.GSO.4.44.0204291354120.18800-100000@sun7>
--
ii Main Pine Page: <http://www.ii.com/internet/messaging/pine/>
Nancy McGough <http://www.ii.com/> Infinite Ink
--= Sent via Pine 4.44: IMAP, NNTP & ESMTP for Unix/Win/MacOS X =--
Gopi Sundaram
> I still haven't found the place where an RFC says that a usenet
> message should contain a from: address which corresponds to a
> deliverable mailbox
RFC 1036 §2.1.1 says that the From: header should contain the electronic
mailing address of the person who sent the message.
It also defers to RFC 822 (now superceded by RFC 2822) in cases of
conflicts. RFC 2822 §3.6.2 talks about originator mailboxes. Note that
it talks about mailboxes. Assuming that a mailbox gets mail delivered to
it (which is not far-fetched), if mail cannot be delivered to it from
other internet hosts, then that mailbox address should not be used in
internet messages. Interoperability of various electronic mail systems
was the reason RFC 822 was written!
> (and preferably one the sender owns).
I quote from RFC 2822 §3.6.2:
In all cases, the "From:" field SHOULD NOT contain
any mailbox that does not belong to the author(s)
of the message.
Does that satisfy your needs?
>> I used to have a hotmail address that I used exclusively to provide
>> to web sites that needed an email address. I only open it once every
>> two weeks to keep it alive. I never read anything that is sent there.
>
> Yes, and that defies the sense of providing an email address so people
> can reply to your posts personally by mail.
Please re-read that. I said I used it for web sites that demanded an
address. Those were guaranteed to generate junk mail that I didn't want.
They would probably also sell my address to other sites, for more junk
mail.
> I have to ask to be sure I am getting this right: Is the email address
> in the from: header of your post (which looks nearly like the one in
> the signature) the webmail address?
No, it is not from hotmail. Both my From: address and the signature
address are delivered to the same mailbox. I filter on the recipient
pattern. If it matches the one in my sig, it stays put. Otherwise, if it
matches a mailing list subscription, it gets filtered to the list
folder. The rest go to a low priority folder that I scan every two days.
I mainly look for replies to USENET posts. The rest gets sent off to
spamcop.
(Actually, I filter on the Delivered-To header that my MTA adds. This
helps with spam, since spammers don't use To and Cc headers)
Nancy has discussed some more rigorous techniques of spam filtering that
she uses at <http://www.ii.com/internet/messaging/spam/>
Sebastian Jester
> Since this is comp.mail.pine and Pine is primarily an IMAP
> client, I'm wondering why you (Sebastian) chose gmx.net. I used
> to have them listed in my list but a number of people emailed me
> and told me that they only do POP. If you want to be able to
> optimally use Pine with your "public" address, I recommend
> choosing someone who supports IMAP access (as well as webmail,
> POP, and whatever other features you're looking for).
Yes, correct, and I encourage everyone to follow Nancy McGough's advice and
peruse her web site (plug)
<http://www.ii.com/internet/messaging/imap/isps/>
The reason why I am happy with gmx.net which only does POP is this: I only use
gmx.net for usenet posting, and I only read "normal" mail from my institute's
workstation (which I can IMAP to from home). The institute has a proxy server
which doesn't let POP through (double bummer). I am happy to read email at
gmx.net through the web server - but I agree it's horrible because it is
completely insecure.
I will try secure IMAP at fastmail.fm for a change... thanks!
Sebastian Jester
--
Don't want spam from posting to newsgroups? DON'T post anonymously!
Will Yardley
Nancy McGough wrote:
> Since this is comp.mail.pine and Pine is primarily an IMAP client, I'm
> wondering why you (Sebastian) chose gmx.net. I used to have them
> listed in my list but a number of people emailed me and told me that
> they only do POP. If you want to be able to optimally use Pine with
> your "public" address, I recommend choosing someone who supports IMAP
> access (as well as webmail, POP, and whatever other features you're
> looking for).
well this is definitely drifting away from the original topic, but i
don't know if PINE is "primarily" an IMAP client - i don't know the
exact statistics, but i'd bet that more people use PINE to access a
local mail spool than use it for IMAP (if only due to the number of
universities, hosting companies, etc. that use PINE on local spools).
personally, if i wasn't able to read my mail directly on the server, i'd
want to get it *off* that server as quickly as possible, so i'd probably
use POP3 along with something like getmail or fetchmail.
this would be particularly important if your mail provider didn't allow
you to access the server to do filtering of any sort (procmail or
whatever).
Jeremy Howard
<...>
> The reason why I am happy with gmx.net which only does POP is this: I only use
> gmx.net for usenet posting, and I only read "normal" mail from my institute's
> workstation (which I can IMAP to from home). The institute has a proxy server
> which doesn't let POP through (double bummer). I am happy to read email at
> gmx.net through the web server - but I agree it's horrible because it is
> completely insecure.
>
> I will try secure IMAP at fastmail.fm for a change... thanks!
>
or imaps.proxy.fastmail.fm (SSL) as your IMAP server name. These both
listen on *all* ports, so you should be able to find a free port on
your proxy. Ports we've found often open include 443, 21, 22, 23, and
70.
Nancy McGough
> If you're stuck behind a firewall, use imap.proxy.fastmail.fm (no SSL)
> or imaps.proxy.fastmail.fm (SSL) as your IMAP server name. These both
> listen on *all* ports, so you should be able to find a free port on
> your proxy. Ports we've found often open include 443, 21, 22, 23, and
> 70.
Is this documented on the Fastmail.fm web site? I'd like to link
to this info on my IMAP Service Providers page.
Thanks,
Nancy
PS - Congrats on Fastmail being called "the Google of Webmail" in
the GnomeREPORT!
REFERENCE:
The message I'm replying to -- and this entire thread & group --
may be available at
<http://groups.google.com/groups?selm=279db04c.02043...@posting.google.com>
Jeremy Howard
> On 30 Apr 2002 Jeremy Howard (j+go...@howard.fm) wrote:
> > If you're stuck behind a firewall, use imap.proxy.fastmail.fm (no SSL)
> > or imaps.proxy.fastmail.fm (SSL) as your IMAP server name. These both
> > listen on *all* ports, so you should be able to find a free port on
> > your proxy. Ports we've found often open include 443, 21, 22, 23, and
> > 70.
>
> Is this documented on the Fastmail.fm web site? I'd like to link
> to this info on my IMAP Service Providers page.
>
srivastava
> Is www.despammed.com any different from signing up for a mail address
with
> spamcop.net? For starters, it seems to offer free mail which
spamcop.net
> doesn't. But does despammed.com also report back to spammers' ISPs, to
fight
> spammers at the source?
No it simply filters.
> I think we need spam reporting more than filtering. But thanks for the
link to
> free spam filtering!
Many can not afford it due to various reasons such as lack of time.
--
srivastava
srivastava
> BTW, my public address, which is what is in the From header of
> this message, hardly gets any spam and I don't do any filtering
> on it (even though some of my friends call me the "Procmail
> Queen"!). I think it might be because spammers don't think there
> is much of a market for their goods or services in Armenia (.am)!
How did you get this kind of address? I want such a address for myself.
Nancy McGough
>
> "Nancy McGough" <nm-this-addr...@no.sp.am> wrote in message
> > this message, hardly gets any spam and I don't do any filtering
> > on it (even though some of my friends call me the "Procmail
> > Queen"!). I think it might be because spammers don't think there
> > is much of a market for their goods or services in Armenia (.am)!
>
> How did you get this kind of address? I want such a address for myself.
A friend of mine, who is involved in CAUCE, has the no.sp.am
subdomain and he gave me the nm-this-address-is-valid address.
He doesn't want to get in the biz of giving out these addresses
so no.sp.am isn't an option for you. But, with some ingenuity,
you could get a weird domain and create a weird subdomain and
start using that.
Good luck confusing the spammers!
Nancy
PS - More "anarchist's cookbook" tips on my IMAP Service
Providers page.
REFERENCE:
The message I'm replying to -- and this entire thread & group --
may be available at
<http://groups.google.com/groups?selm=3cd0d8e3$1...@news1e1.seinf.abb.se>
srivastava
> A friend of mine, who is involved in CAUCE, has the no.sp.am
> subdomain and he gave me the nm-this-address-is-valid address.
> He doesn't want to get in the biz of giving out these addresses
> so no.sp.am isn't an option for you. But, with some ingenuity,
> you could get a weird domain and create a weird subdomain and
> start using that.
Thank you for the reply. I do it as follows:
* Have sriva...@deadspam.com as my email and the following stuff in
the signature file.
Is this a good practice?
Earlier I have something like a@b.c but thought it was not very
attractive.
Nancy McGough
> * Have sriva...@deadspam.com as my email and the following stuff in
> the signature file.
> Is this a good practice?
> srivastava
> Email: To reply, replace *deadspam* by *despammed*.
I don't think this is a good practice, and I discuss it on my
Changing Your From Header in Pine page in this section:
Do Not Use a Forged or Bogus From Header
<http://www.ii.com/internet/messaging/pine/changing_from/#not>
and it's been discussed at great length in this -- and many other
-- newsgroups. For discussion groups (like this one), I suggest
that you use a valid From address but rarely check it and then
make it clear in your messages that you prefer people to respond
in the group. IMHO, this is better anyway because
1) everyone benefits from the discussion
2) the discussion is archived in Google Groups, etc.
HTH,
Nancy
REFERENCE:
The message I'm replying to -- and this entire thread & group --
may be available at
<http://groups.google.com/groups?selm=3cd0f535$1...@news1e1.seinf.abb.se>
srivastava
> and it's been discussed at great length in this -- and many other
> -- newsgroups. For discussion groups (like this one), I suggest
> that you use a valid From address but rarely check it and then
> make it clear in your messages that you prefer people to respond
> in the group. IMHO, this is better anyway because
>
> 1) everyone benefits from the discussion
> 2) the discussion is archived in Google Groups, etc.
On http://news.zedat.fu-berlin.de/en/faq.html, I found as follows:
----
Alternatively you can use the free service at deadspam.com; you will get
an e-mail address, and mails to this address will be bounced to the
sender with a configurable message.
----
sriva...@deadspam.com is a perfectly valid address in some sense.
a user
> On 2 May 2002 srivastava (sriva...@deadspam.com) wrote:
>>
>> Thank you for the reply. I do it as follows:
>> * Have sriva...@deadspam.com as my email and the following stuff in
>> the signature file.
>> Is this a good practice?
>> --
>> srivastava
>> Email: To reply, replace *deadspam* by *despammed*.
>
>
> I don't think this is a good practice, and I discuss it on my
> Changing Your From Header in Pine page in this section:
>
> Do Not Use a Forged or Bogus From Header
> <http://www.ii.com/internet/messaging/pine/changing_from/#not>
>
> and it's been discussed at great length in this -- and many other
> -- newsgroups. For discussion groups (like this one), I suggest
> that you use a valid From address but rarely check it and then
> make it clear in your messages that you prefer people to respond
> in the group. IMHO, this is better anyway because
>
> 1) everyone benefits from the discussion
> 2) the discussion is archived in Google Groups, etc.
>
situation? From this, I am wondering if getting a free mail addr
but never access it or whether one can set it to never accept mail....
Sebastian Jester
> > address but rarely check it and then make it clear in your messages that
> > you prefer people to respond in the group. IMHO, this is better anyway
> > because
> >
> > 1) everyone benefits from the discussion
> > 2) the discussion is archived in Google Groups, etc.
I think there are some things you'd rather discuss in private, especially if a
thread has become OT for that group. Therefore, I would always advocate to
include a return address that is likely to be read.
> Do you have any ideas on how "Hotmail" handles their "mailbox full"
> situation? From this, I am wondering if getting a free mail addr
> but never access it or whether one can set it to never accept mail....
That's like having the postman drop your mail straight into the trash...
rude. And yes, you will have to check mail regularly. That's why something
IMAPable is way cooler than hotmail: you can check mail there from within the
same pine that you use to read all your other mail.
(As you can see, I have managed to set up secure IMAP to fastmail, but it
wasn't straightforward - all the cook books assume that you use 1 pine to
access 1 account. fastmail.fm tells you you have to edit .pinerc manually,
because the usual M-S-L routine for some reason doesn't work (is this a pine
bug?). But they omitted the recipe for adding the fastmail inbox as
incoming-folder in the .pinerc (because again, it doesn't work with M-S-L).
Is this the same for all IMAP providers, or is fastmail special in some sense?
If it's not a special case, is it in some FAQ? I looked around II.com and Gopi
Sundaram's FAQ, but couldn't find anything so I tried, and I tried, and I
tried...)
Sebastian Jester
--
Don't want spam from posting to newsgroups? DON'T post anonymously!
srivastava
news:Pine.GSO.4.44.0205021838040.12891-100000@sun7...
> That's like having the postman drop your mail straight into the
trash...
> rude. And yes, you will have to check mail regularly. That's why
something
By that logic I would say that it is equally rude to delete spammer's
mail without reading.
Sebastian Jester
> "Sebastian Jester" <s_je...@fastmail.fm> wrote in message
> news:Pine.GSO.4.44.0205021838040.12891-100000@sun7...
> > That's like having the postman drop your mail straight into the trash...
> > rude. And yes, you will have to check mail regularly. That's why something
> By that logic I would say that it is equally rude to delete spammer's
> mail without reading.
I don't agree. If a someone goes to some length to forge mail headers, so I
can't tell where the message really came from, and abuses open proxies or open
relays to distribute the message, that is a behaviour which doesn't deserve my
time and attention (even if their product might be useful). I bin junk mail,
but I look whether there's a bona fide letter between it somewher before doing
so.