Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Procmail vs SPAM

0 views
Skip to first unread message

Dave Brown

unread,
Aug 29, 2003, 7:10:29 PM8/29/03
to
I have a procmail "recipe" set up to filter various keywords. Recently one
of those messages got through via some sort if ISO coding. In the subject
line was some text that began with the string "=?ISO-8859-1?...", followed
by a scramble of characters. Pine simply decoded it, and the word showed
up in the "Subject:" line. If this type of coding becomes commonplace, my
current "recipes" will lose their effectiveness.

Is there some simple utility that will decode this nonsense which I can
call from procmail to defeat this particular dodge?

--
Dave Brown Austin, TX

peter pilsl

unread,
Aug 30, 2003, 6:32:23 AM8/30/03
to
Dave Brown wrote:

there are tools like spamassassin that provides extended filtersets for
procmail to filter spam and can deal with various codings.

peter

--
peter pilsl
pilsl_...@goldfisch.at
http://www.goldfisch.at

to...@aplawrence.com

unread,
Aug 30, 2003, 7:06:28 AM8/30/03
to

Why not just filter out anything that encodes the Subject line?

How many messages that you actually want would start the subject with
that? I'd guess zero, and in fact my own filters dump that
immediately.

While there is, I suppose, the remote possibility that someone
might send me something legitimate that began that way, I'll
take the chance..

--
to...@aplawrence.com Unix/Linux/Mac OS X resources: http://aplawrence.com
Get paid for writing about tech: http://aplawrence.com/publish.html

Alan Connor

unread,
Aug 30, 2003, 1:28:29 PM8/30/03
to


That's one of the fatal flaws in the SpamAssassin (et al) strategy.

What you are doing is deciding that people who mail you cannot use a long
list of subject lines and strings in the body....


....without TELLING them what that list is.


Of course, the SPAMMERS know what that list is, because they are the world's
foremost SpamAssassin (et al) experts.

Alan C

--

take control of your mailbox ----- elrav1 ----- http://tinyurl.com/l55a

Dan Espen

unread,
Aug 30, 2003, 2:46:16 PM8/30/03
to
Alan Connor <xxx...@xxxx.xxx> writes:

> On Sat, 30 Aug 2003 11:06:28 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
> That's one of the fatal flaws in the SpamAssassin (et al) strategy.

...


> Of course, the SPAMMERS know what that list is, because they are the world's
> foremost SpamAssassin (et al) experts.

Gee, I'm using Spamassassin. I hope I don't run into one of those spammers.
Since I started using it, I've trapped close to 1000 spams and less than
10 have gotten thru.

What seems to get thru is stuff in languages I couldn't read.
At least thats what I think it is.

to...@aplawrence.com

unread,
Aug 30, 2003, 4:32:24 PM8/30/03
to
In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>On Sat, 30 Aug 2003 11:06:28 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
>>
>>
>> Dave Brown <dhb...@hobbes.dhbrown.net> wrote:
>>>I have a procmail "recipe" set up to filter various keywords. Recently one
>>>of those messages got through via some sort if ISO coding. In the subject
>>>line was some text that began with the string "=?ISO-8859-1?...", followed
>>>by a scramble of characters. Pine simply decoded it, and the word showed
>>>up in the "Subject:" line. If this type of coding becomes commonplace, my
>>>current "recipes" will lose their effectiveness.
>>
>>>Is there some simple utility that will decode this nonsense which I can
>>>call from procmail to defeat this particular dodge?
>>
>> Why not just filter out anything that encodes the Subject line?
>>
>> How many messages that you actually want would start the subject with
>> that? I'd guess zero, and in fact my own filters dump that
>> immediately.
>>
>> While there is, I suppose, the remote possibility that someone
>> might send me something legitimate that began that way, I'll
>> take the chance..
>>
>> --
>> to...@aplawrence.com Unix/Linux/Mac OS X resources: http://aplawrence.com
>> Get paid for writing about tech: http://aplawrence.com/publish.html


>That's one of the fatal flaws in the SpamAssassin (et al) strategy.

As Spamassassin works on a point system, having ONE such indicator
does not make it spam. There's no "flaw".

>What you are doing is deciding that people who mail you cannot use a long
>list of subject lines and strings in the body....

Huh? I'm talking about the header subject line, not the body.

I filter a number of ways:

With the access.db at my mail server to block domains that have shown
themselves to be spammers (I clean that out every few months and
start over). Can't run SpamAssassin there yet for stupid reasons
I really need to fix.

Filtering by To: address in the headers as I pop it from the server
and deleting messages to bogus addresses.

Filtering Subject in the headers lines at the same time

Then running it through Spamassassin
http://aplawrence.com/MacOSX/macosxspamassassin.html

and finally it hits the Bayesian filters and the rules of
Mail.app on my Mac.

>....without TELLING them what that list is.

>Of course, the SPAMMERS know what that list is, because they are the world's
>foremost SpamAssassin (et al) experts.

Perhaps you could explain better what you mean, 'cause I don't
get it..

Alan Connor

unread,
Aug 30, 2003, 4:57:39 PM8/30/03
to

These are not newsgroups for lawyers or politicians: You can't play wordgames
with computers or people that know them.

It IS a flaw, and you know it or you are an idiot.

I'm not going to bother parsing out the sentence and covering all possible
interpretations.

>>What you are doing is deciding that people who mail you cannot use a long
>>list of subject lines and strings in the body....
>
> Huh? I'm talking about the header subject line, not the body.
>

Yes. And the word "subject" does in fact appear in my line above.

You DO have a long list of forbidden subject lines, and you do NOT
give this list to everyone you send mail to or want to receive mail from,
just like I said.


What I said about SA and its siblings is absolutely true, except, perhaps,
about grepping the body, which I understand that some people do: procmail
can do that easily.


Please save your bullshit for the for the peasants.

>
> --
> to...@aplawrence.com Unix/Linux/Mac OS X resources: http://aplawrence.com
> Get paid for writing about tech: http://aplawrence.com/publish.html

Richard Kimber

unread,
Aug 30, 2003, 4:40:11 PM8/30/03
to
On Sat, 30 Aug 2003 14:46:16 -0400, Dan Espen wrote:

> What seems to get thru is stuff in languages I couldn't read.
> At least thats what I think it is.

Most of these can easily be filtered out with procmail.

- Richard.

Dave Null

unread,
Aug 30, 2003, 5:53:00 PM8/30/03
to
On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:

> ....


> It IS a flaw, and you know it or you are an idiot.
>

> ....


> Please save your bullshit for the for the peasants.

*plonk*

Alan Connor

unread,
Aug 30, 2003, 7:13:12 PM8/30/03
to


SpamAssassin searches for strings and characters in the subject: Fact


The users of SA do not hand out lists of what they are searching for and
will kill: fact


If you don't think that is a flaw, then YOU are a moron.


And being plonked by a moron is a compliment.

Dan Espen

unread,
Aug 30, 2003, 8:46:34 PM8/30/03
to
Richard Kimber <rki...@ntlworld.com> writes:

What part of this should I filter on?:

From: "=?windows-1251?b?0/fl4e376SD25e3y8A==?=" <oqpwt...@yahoo.com>
Message-Id: <2003082615...@mhguemzvqy.com>
Subject: =?windows-1251?b?z/Dg6vLo9+Xx6ujpIOrz8PEg5Ov/IOTo8OXq8u7w4CDv7iDs4PDq5fLo7ePzLg==?=
X-Spam-Score: 2.6 (++)
X-Spam-Status: No, hits=2.6 required=5.0
tests=BAYES_30,FORGED_YAHOO_RCVD,MAILTO_TO_REMOVE,SUBJ_ALL_CAPS
version=2.55

Óâàæàåìûå êîëëåãè!

Óíèêàëüíàÿ âîçìîæíîñòü âñåãî çà íåäåëþ óçíàòü âñå òåõíîëîãèè,
íåîáõîäèìûå äëÿ ýôôåêòèâíîé ðàáîòû äèðåêòîðà ïî ìàðêåòèíãó!
...

×òîáû îòïèñàòüñÿ îò äàëüíåéøèõ ðàññûëîê, îòïðàâüòå ïóñòîå ïèñüìî ïî
àäðåñó rem...@mebgamma.ru

I guess I could increase the SA scoring on
MAILTO_TO_REMOVE
and FORGED_YAHOO_RCVD

Dan Espen

unread,
Aug 30, 2003, 8:49:50 PM8/30/03
to
Alan Connor <xxx...@xxxx.xxx> writes:

> On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>
>>
>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>
>>> ....
>>> It IS a flaw, and you know it or you are an idiot.
>>>
>>> ....
>>> Please save your bullshit for the for the peasants.
>>
>> *plonk*
>
> SpamAssassin searches for strings and characters in the subject: Fact
>
> The users of SA do not hand out lists of what they are searching for and
> will kill: fact
>
> If you don't think that is a flaw, then YOU are a moron.
>
> And being plonked by a moron is a compliment.

I can't figure out what you are going on about.

SA works, and works great. Are you disputing the
numbers I posted? Or is it flawed because of some
theory you have about its operation?


to...@aplawrence.com

unread,
Aug 30, 2003, 9:13:39 PM8/30/03
to
In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>>>That's one of the fatal flaws in the SpamAssassin (et al) strategy.
>>
>> As Spamassassin works on a point system, having ONE such indicator
>> does not make it spam. There's no "flaw".
>>

>These are not newsgroups for lawyers or politicians: You can't play wordgames
>with computers or people that know them.

>It IS a flaw, and you know it or you are an idiot.

No, I don't know it. Do you understand how Spamassassin works? That
the "flaw" you are so excited about cannot by itself cause something
to be classified as spam?

This isn't word games, this is how it works.

>I'm not going to bother parsing out the sentence and covering all possible
>interpretations.

>>>What you are doing is deciding that people who mail you cannot use a long
>>>list of subject lines and strings in the body....
>>
>> Huh? I'm talking about the header subject line, not the body.
>>

>Yes. And the word "subject" does in fact appear in my line above.

>You DO have a long list of forbidden subject lines, and you do NOT
>give this list to everyone you send mail to or want to receive mail from,
>just like I said.

Umm, no, it's not a long list, but that's my choice and has nothing
at all to do with SpamAssassin. That's separate filter I happen
to do.

>What I said about SA and its siblings is absolutely true, except, perhaps,
>about grepping the body, which I understand that some people do: procmail
>can do that easily.

What you said is misinformed.

>Please save your bullshit for the for the peasants.

OK..

Sam

unread,
Aug 30, 2003, 9:20:11 PM8/30/03
to
Dan Espen writes:

> Richard Kimber <rki...@ntlworld.com> writes:
>
>> On Sat, 30 Aug 2003 14:46:16 -0400, Dan Espen wrote:
>>
>>> What seems to get thru is stuff in languages I couldn't read.
>>> At least thats what I think it is.
>>
>> Most of these can easily be filtered out with procmail.
>
> What part of this should I filter on?:
>
> From: "=?windows-1251?b?0/fl4e376SD25e3y8A==?=" <oqpwt...@yahoo.com>
> Message-Id: <2003082615...@mhguemzvqy.com>
> Subject: =?windows-1251?b?z/Dg6vLo9+Xx6ujpIOrz8PEg5Ov/IOTo8OXq8u7w4CDv7iDs4PDq5fLo7ePzLg==?=
> X-Spam-Score: 2.6 (++)
> X-Spam-Status: No, hits=2.6 required=5.0
> tests=BAYES_30,FORGED_YAHOO_RCVD,MAILTO_TO_REMOVE,SUBJ_ALL_CAPS
> version=2.55

These are not full headers.

You probably have a "Content-Type: text/plain; charset=windows-1251" header.

This one can be filtered on "=?windows-1251?" in the From: or the Subject:
header, and for Content-Type:.*charset="?windows-1251

This is just one character set, though. You'll have to do this for a bunch
of widely-used character sets.

> I guess I could increase the SA scoring on
> MAILTO_TO_REMOVE
> and FORGED_YAHOO_RCVD

What "FORGED_YAHOO_RCVD"? You did not post the full headers, and show what
the received: headers were.

Dan Espen

unread,
Aug 30, 2003, 9:58:37 PM8/30/03
to
Sam <s...@email-scan.com> writes:

> Dan Espen writes:
>
>> Richard Kimber <rki...@ntlworld.com> writes:
>>
>>> On Sat, 30 Aug 2003 14:46:16 -0400, Dan Espen wrote:
>>>
>>>> What seems to get thru is stuff in languages I couldn't read.
>>>> At least thats what I think it is.
>>>
>>> Most of these can easily be filtered out with procmail.
>> What part of this should I filter on?:
>> From: "=?windows-1251?b?0/fl4e376SD25e3y8A==?="
>> <oqpwt...@yahoo.com>
>> Message-Id: <2003082615...@mhguemzvqy.com>
>> Subject: =?windows-1251?b?z/Dg6vLo9+Xx6ujpIOrz8PEg5Ov/IOTo8OXq8u7w4CDv7iDs4PDq5fLo7ePzLg==?=
>> X-Spam-Score: 2.6 (++)
>> X-Spam-Status: No, hits=2.6 required=5.0
>> tests=BAYES_30,FORGED_YAHOO_RCVD,MAILTO_TO_REMOVE,SUBJ_ALL_CAPS
>> version=2.55
>
> These are not full headers.
>
> You probably have a "Content-Type: text/plain; charset=windows-1251" header.
>
> This one can be filtered on "=?windows-1251?" in the From: or the
> Subject: header, and for Content-Type:.*charset="?windows-1251
>
> This is just one character set, though. You'll have to do this for a
> bunch of widely-used character sets.

If windows-1251 means Russian, I guess I could filter on it.

All I'd ever seen procmail do is filter on From/To/Subject, but I just
checked the man page and I see it can look at any header.
I guess I could catch this one on the charset.

I only have 2 like that in the same time interval I've trapped 1000 spams
so its no big deal for me.

>> I guess I could increase the SA scoring on
>> MAILTO_TO_REMOVE
>> and FORGED_YAHOO_RCVD
>
> What "FORGED_YAHOO_RCVD"? You did not post the full headers, and show
> what the received: headers were.

Well, if SA says they are forged, I believe it.
I don't see how procmail could filter on a forged address,
I'd imagine they are all different.

Anyway, I can't get hold of that mail right now, seems like my
net connection has suddenly slowed to a crawl.

Peter T. Breuer

unread,
Aug 30, 2003, 10:33:16 PM8/30/03
to
In comp.os.linux.misc Dan Espen <da...@mk.telcordia.nospamcom> wrote:
> Richard Kimber <rki...@ntlworld.com> writes:

>> On Sat, 30 Aug 2003 14:46:16 -0400, Dan Espen wrote:
>>
>>> What seems to get thru is stuff in languages I couldn't read.
>>> At least thats what I think it is.
>>
>> Most of these can easily be filtered out with procmail.

> What part of this should I filter on?:

> From: "=?windows-1251?b?0/fl4e376SD25e3y8A==?=" <oqpwt...@yahoo.com>
> Message-Id: <2003082615...@mhguemzvqy.com>
> Subject: =?windows-1251?b?z/Dg6vLo9+Xx6ujpIOrz8PEg5Ov/IOTo8OXq8u7w4CDv7iDs4PDq5fLo7ePzLg==?=

^^^^^^^^^^^

That.

> X-Spam-Score: 2.6 (++)
> X-Spam-Status: No, hits=2.6 required=5.0
> tests=BAYES_30,FORGED_YAHOO_RCVD,MAILTO_TO_REMOVE,SUBJ_ALL_CAPS
> version=2.55

Peter

Peter Jones

unread,
Aug 31, 2003, 4:29:57 AM8/31/03
to
Dan Espen <da...@mk.telcordia.NOSPAMcom> wrote in news:icwucud51t.fsf@home-
1.localdomain:

> SA works, and works great. Are you disputing the
> numbers I posted? Or is it flawed because of some
> theory you have about its operation?

Don't get too stressed, Dan. SpamAssassin is flawed, horribly and fatally,
because Alan has A Better Way To Do Things. Just ask him.

<alanspeak>
Of course, anybody defending SpamAssassin (such as myself, and no doubt
yourself, now that you've had the nerve to post your horrible lying rant
(quoted above)) is also a SPAMMER because who else would defend a spam-
management tool that just doesn't work?
</alanspeak>

We're not sure yet what that makes Alan, other than wildly amusing... :-)

Cheers,
Pete.

to...@aplawrence.com

unread,
Aug 31, 2003, 8:29:41 AM8/31/03
to
In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>
>>
>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>
>>> ....
>>> It IS a flaw, and you know it or you are an idiot.
>>>
>>> ....
>>> Please save your bullshit for the for the peasants.
>>
>> *plonk*
>>


>SpamAssassin searches for strings and characters in the subject: Fact


>The users of SA do not hand out lists of what they are searching for and
>will kill: fact

Are you EVER going to understand that SA works on an accumulated point
basis and that is why YOU are being the moron?

>If you don't think that is a flaw, then YOU are a moron.

Not a flaw because it is simply one more criterion that MIGHT
indicate something is spam. Again.

to...@aplawrence.com

unread,
Aug 31, 2003, 11:29:49 AM8/31/03
to

> *plonk*

You know, you really shouldn't killfile people like this, because
that makes their comments invisible and unchallenged, which means
that the uninformed may take them as fact.

Save killfiling for the folks who offer nothing but abuse, there
are "enough" of them around :-)

Alan Clifford

unread,
Aug 31, 2003, 7:42:49 AM8/31/03
to
On Sat, 30 Aug 2003, Dan Espen wrote:

DE> Richard Kimber <rki...@ntlworld.com> writes:
DE>
DE> > On Sat, 30 Aug 2003 14:46:16 -0400, Dan Espen wrote:
DE> >
DE> >> What seems to get thru is stuff in languages I couldn't read.
DE> >> At least thats what I think it is.
DE> >
DE> > Most of these can easily be filtered out with procmail.
DE>
DE> What part of this should I filter on?:
DE>


DE> ×òîáû îòïèñàòüñÿ îò äàëüíåéøèõ ðàññûëîê, îòïðàâüòå ïóñòîå ïèñüìî ïî

The recipes I use are below. I cannot get into the source website
anymore:

http://www.waltdnes.org/email/chinese/link.html


but I have put a copy of the explanation at:

http://www.mundungus.org/chinese.html

# 5% gagabuggee body, version 2
:0 BD
* -1^1 .
* 2^1 =[0-9A-F][0-9A-F]
* 20^1 [ -ÿ]
* 20^1 =[A-F][0-9A-F]
{
do whatever, maybe /dev/null
}

Note that that the [ -ÿ] is character 160 to 255.

I haven't got around to creating "version 2" of the subject recipes so
they are a bit clunkier.

# 5% gagabuggee subject
# avoid empty subject
:0
* ^Subject: \/.+
{
:0 D
* -1^1 MATCH ?? .
* 2^1 MATCH ?? =[0-9A-F][0-9A-F]
* 20^1 MATCH ?? [ ¡¢£€¥Š§š©ª«¬­®¯°±²³Žµ¶·ž¹º»ŒœŸ¿]
* 20^1 MATCH ?? [ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖרÙÚÛÜÝÞß]
* 20^1 MATCH ?? [àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]
* 20^1 MATCH ?? =[A-F][0-9A-F]
{
do whatever, maybe /dev/null
}
}

# B Mime header extension in subject?
:0
* ^Subject:.*=\?.*\?b\?\/.+\?=
{
## LOG="B mime header $MATCH $NL"
MIMESUBJECT=`echo $MATCH | mimencode -u -b`
## LOG="B mime header $MIMESUBJECT $NL"

# 5% gagabuggee subject
:0 D
* -1^1 MIMESUBJECT ?? .
* 2^1 MIMESUBJECT ?? =[0-9A-F][0-9A-F]
* 20^1 MIMESUBJECT ?? [ ¡¢£€¥Š§š©ª«¬­®¯°±²³Žµ¶·ž¹º»ŒœŸ¿]
* 20^1 MIMESUBJECT ?? [ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖרÙÚÛÜÝÞß]
* 20^1 MIMESUBJECT ?? [àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ]
* 20^1 MIMESUBJECT ?? =[A-F][0-9A-F]
{
do whatever, maybe /dev/null
]
}


Alan

( If replying by mail, please note that all "sardines" are canned.
There is also a password autoresponder but, unless this a very
old message, a "tuna" will swim right through. )

Alan Connor

unread,
Aug 31, 2003, 1:46:51 PM8/31/03
to
On Sun, 31 Aug 2003 12:29:41 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
>
>
> In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>>On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>>
>>>
>>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>>
>>>> ....
>>>> It IS a flaw, and you know it or you are an idiot.
>>>>
>>>> ....
>>>> Please save your bullshit for the for the peasants.
>>>
>>> *plonk*
>>>
>
>
>>SpamAssassin searches for strings and characters in the subject: Fact
>
>
>>The users of SA do not hand out lists of what they are searching for and
>>will kill: fact
>
> Are you EVER going to understand that SA works on an accumulated point
> basis and that is why YOU are being the moron?
>

Myself and everyone else here knows full well that scoring is involved.

procmail has scoring and so does slrn and a whole pile of other programs.


We also know that there is a list of subject and body lines that would

result in an accumulated score that would cause any mail containing them
to be classified as spam.


And that you don't hand out those lists to people who SHOULD have them
in order to prevent their mails from being so classified.

You honestly seem to be stupid, so I took the time to spell it out for
you.


You are now killfiled.

Go waste someone else's time.

Tim C

unread,
Aug 31, 2003, 2:23:43 PM8/31/03
to
Alan Connor wrote:

> We also know that there is a list of subject and body lines that would
>
> result in an accumulated score that would cause any mail containing them
> to be classified as spam.
>

Could you please provide us with an example of a legitimate e-mail that
would be marked as spam by SpamAssassin because of "subject and body lines


that would result in an accumulated score"

--
Tim C
ti...@accesswave.ca

Peter Jones

unread,
Aug 31, 2003, 5:45:15 PM8/31/03
to
Alan Connor <alanc...@earthlink.net> wrote in
news:fwq4b.3824$Lk5....@newsread3.news.pas.earthlink.net:

> We also know that there is a list of subject and body lines that would
> result in an accumulated score that would cause any mail containing them
> to be classified as spam.

http://spamassassin.org/tests.html

> And that you don't hand out those lists to people who SHOULD have them
> in order to prevent their mails from being so classified.

http://spamassassin.org/tests.html

> You are now killfiled.

I guess it's a good thing that Alan likes replying to his own posts, 'cos at
this rate he will be all alone in here. Probably happier too. If there is
anyone here not in Alan's killfile who could be bothered to take the time,
would you like to pass on the above URL to him.

OTOH, it's probably not worth the effort.

Pete.

James Keasley

unread,
Aug 31, 2003, 6:00:51 PM8/31/03
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <Xns93E94EE16FE8...@210.49.20.254>, Peter Jones wrote:

> http://spamassassin.org/tests.html

> I guess it's a good thing that Alan likes replying to his own posts, 'cos at
> this rate he will be all alone in here. Probably happier too. If there is
> anyone here not in Alan's killfile who could be bothered to take the time,
> would you like to pass on the above URL to him.

Well he is obviously a kook, I KFed him some time ago.

- --
James jamesk[at]homeric[dot]co[dot]uk

"Capital punishment turns the state into a murderer. But imprisonment turns
the state into a gay dungeon-master." -Rev. Jesse Jackson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/UnAVqfSmHkD6LvoRAgqWAJkBWut9BSXi0T1wVb3wsDLmPt0BiACggFWN
CXIUTdLSMswH+u3InNgf8VY=
=ObXf
-----END PGP SIGNATURE-----

Alan Connor

unread,
Aug 31, 2003, 6:31:12 PM8/31/03
to
On 31 Aug 2003 22:00:51 GMT, James Keasley <m...@privacy.net> wrote:
>
>
> In article <Xns93E94EE16FE8...@210.49.20.254>, Peter Jones wrote:
>
>> http://spamassassin.org/tests.html
>
>> I guess it's a good thing that Alan likes replying to his own posts, 'cos at
>> this rate he will be all alone in here. Probably happier too. If there is
>> anyone here not in Alan's killfile who could be bothered to take the time,
>> would you like to pass on the above URL to him.
>
> Well he is obviously a kook, I KFed him some time ago.
>
> - --
> James jamesk[at]homeric[dot]co[dot]uk
>
>


No. That is utterly false, and you know it SPAMMER or professional spam-
fighter that you obviously are.


What's "kookie" about pointing out fatal flaws in an existing program

and designing a program that is much more effective at accomplishing the

stated goals of the first program.


Nice try SPAMMER.


Isn't it just a shame that criminals like you can't get into the mailboxes

of people who use my program.


Don't like this fact? Then sit on it and rotate.


You and your spammer buddies are HISTORY.


Get a JOB

Alan Connor

unread,
Aug 31, 2003, 6:31:12 PM8/31/03
to

Spammers LUV SpamAssassin


I no longer have any doubts about this.


I have written a simple program that eliminates spam completely

and find myself under attack by people who *claim* to be ordinary SpamAssassin

users.


Now WHO is it that would have reason to hate a program that makes sending the
user spam a waste of time?


SPAMMERS, that's who.


Why do they love SpamAssassin?


Think about it:


You have an SA user with, among other things, what amounts to a list of
prohibited strings in the subject header and body.


Does he or she send this list to anyone likely to be sending them mail?

No. But they discuss it in public and semi-public forums with other SA users,

don't they.


So where do the spammers hang out? Care to guess?


And they end up being the only people in the world outside of the legitimate
SA experts themselves that have this magic list of prohibited strings and
all the other tests that will cause mail to be tagged as spam.


Want a list of spammers? Hit the archives and begin with searching for the
string "MSP" and then "elrav1" which is what msp became after a major rework.

Focus on comp.mail.misc

Copy the headers from any posts that contain obviously unfair and unreasonable
attacks on yours truly.


You will then have a list of some of the worst scum on the Internet.


And guess who is teaching them how to get spam into your mailbox?


The same people who are allegedly keeping it OUT of your mailbox.


And they are fairly often the SAME people.


If you want spam, then use SA and its relatives. If you don't, use elrav1
and its relatives.


It's this simple: If you are going to accept anonymous mail you are going
to be at the mercy of spammers and trolls.

Sam

unread,
Aug 31, 2003, 10:21:34 PM8/31/03
to
Dan Espen writes:

>> This one can be filtered on "=?windows-1251?" in the From: or the
>> Subject: header, and for Content-Type:.*charset="?windows-1251
>>
>> This is just one character set, though. You'll have to do this for a
>> bunch of widely-used character sets.
>
> If windows-1251 means Russian, I guess I could filter on it.

There are also several other Russian character sets: koi8-r, and ibm866.


Whoever

unread,
Aug 31, 2003, 10:42:10 PM8/31/03
to
On Sun, 31 Aug 2003, Alan Connor wrote:

>
> Spammers LUV SpamAssassin
>
>
> I no longer have any doubts about this.
>
>
> I have written a simple program that eliminates spam completely

Actually, contrary to popular belief, it is easy to stop spam. Just stop
using email!

>
>
> You have an SA user with, among other things, what amounts to a list of
> prohibited strings in the subject header and body.
>
>
> Does he or she send this list to anyone likely to be sending them mail?

Errrr... SpamAssassin is open source and written mostly in Perl. Anyone
can look at the tests SpamAssassin makes.

>
>

Doug Laidlaw

unread,
Aug 31, 2003, 11:27:09 PM8/31/03
to
Alan Connor wrote:

If you are serious, let's see it. If it is that thing where you decide not
to receive any mails from people that won't do it twice, be prepared to miss
out on a lot. Business doesn't have the time to waste that you obviously
have. They can't even answer their phones within a reasonanble time frame.

Doug.
--
Registered Linux User No. 277548.
They say lightning never strikes twice in the same place. My typing is
about as accurate. Apologies for any typos that slip in. - Doug.

Ed Murphy

unread,
Sep 1, 2003, 2:51:07 AM9/1/03
to
On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:

> I have written a simple program that eliminates spam completely

You didn't provide URLs. I can't imagine why; in your shoes, I
would stick 'em in my .sig, and otherwise trumpet them with alarming
regularity. Anyway, here they are:

http://home.earthlink.net/~alanconnor/elrav1/elrav1.html
http://home.earthlink.net/~alanconnor/elrav1/files.html

Ack! Why isn't it downloadable in .tar.gz format? Your poor
presentation has just lost 90% of your potential audience!

Anyway, it appears to be a set of front-end scripts to procmail
that implements the following:

1) Whitelisted senders are allowed
2) Non-whitelisted senders are sent "Please reply to this with <key>"
3) Messages with <key> become whitelisted

This is a valid approach (mostly, see next paragraph) - but look at
how you present it! You could calmly explain the different approaches
used by SA and elrav1, and why you believe elrav1's approach is better;
but instead, you keep writing apoplectic rants. Your poor presentation
has just lost another 90% of your potential audience!

This is a valid approach (mostly, see below) but IMO your /terrible/
attitude causes lots of people to refuse to listen to you. Sorry, dude,
but stamping your foot and insisting the world come to your doorstep is
just /not going to work/. You're going to have to actually learn a
modicum of diplomacy. This is possible (provably; I did it). No, it's
not always pleasant (I speak from experience there as well), but the
alternative

Some Windoze viruses look at the victim's address book when forging a
From: line. Such From: lines have a reasonable chance of being on
your whitelist. (If you are their friend, then they might be yours as
well.) Does elrav1 have any ability to detect forged From: lines? (I
don't know; I'm asking.)

> You have an SA user with, among other things, what amounts to a list of
> prohibited strings in the subject header and body.
>
>
> Does he or she send this list to anyone likely to be sending them mail?

If any of my friends triggered enough of SA's heuristics that their
messages registered as spam, (a) I'd be very surprised and (b) I'd
re-evaluate whether they are still my friend.

> No. But they discuss it in public and semi-public forums with other SA users,
> don't they.

I assume you are referring to the publically disclosed list of heuristics
used by SA:

http://www.spamassassin.org/tests.html

Sure, a smart spammer could read that list and figure sneaky ways around
at least some of the rules. But do they /actually do so/? A quick
eyeballing of the rules, and of some of the spam I've received lately,
seems to indicate that they do not!

Have you *actually tested* SA on a plausible volume of e-mail? How
about SA with Bayesian filtering activated? You may still be able
to say "SA is not as good as elrav1" and be correct, but currently
you are saying "SA is terrible" and I suspect that's just not true.

> Want a list of spammers? Hit the archives and begin with searching for the
> string "MSP" and then "elrav1" which is what msp became after a major rework.
>
> Focus on comp.mail.misc
>
> Copy the headers from any posts that contain obviously unfair and unreasonable
> attacks on yours truly.

Unfair and unreasonable by whose judgment? Yours? You're biased. First,
you have a direct interest in elrav1 (you're the author). Second, at
least based on the posts of yours that I've seen in comp.os.linux.misc,
you are in a near-constant state of apoplexy. "Follow my orders, you
idiot, or I'll subject you to the worst fate imaginable - I'll *killfile*
you!" Terrible attitude, like I said earlier, and it's poisoning any
chance of elrav1 being given serious consideration.

For the record, I don't use any spam filter whatsoever. I don't
particularly need one. My typical daily mail volume consists of
several dozen messages from various mailing lists (which are sorted
into folders) and perhaps one or two dozen spams (which are left in
my inbox, and which take less than a minute to delete by hand).

I also haven't written any software comparable to either SA or
elrav1; it would take me at least a week to train up to the level
that I could do so. If I did write such software, though, then
rest assured that I would pay the *utmost* attention to good
presentation - because my goal would be to write a program worthy
of widespread use, and actually get it into widespread use.

Maybe your goal is for elrav1 to be used only by those select few
users willing to ignore your apoplexy, overcome your lack of succinct
this-is-the-basic-concept explanation, and jump through your
wheel-reinventing hoops to unpack it. If that is indeed your goal,
then your current approach is guaranteed to achieve it.

Oh, and if you feel like killfiling me, then don't waste your time
threatening me that you may do so. (Unless you take pleasure in
writing such threats. I suspect that this is the case.) Just do
it and get it over with. I'd consider it an honor.

George Hewitt

unread,
Sep 1, 2003, 4:02:04 AM9/1/03
to
I don't use SA. I use a program called SmiteSpam which is built into my
mailserver directly. It works fantastically and the integration to the
mailserver and its webmail component is good news for my clients.

JMBCV

unread,
Sep 1, 2003, 5:32:18 AM9/1/03
to
"DB" == Dave Brown <dhb...@hobbes.dhbrown.net>:
DB> I have a procmail "recipe" set up to filter various keywords. Recently one
DB> of those messages got through via some sort if ISO coding. In the subject
DB> line was some text that began with the string "=?ISO-8859-1?...", followed
DB> by a scramble of characters. Pine simply decoded it, and the word showed
DB> up in the "Subject:" line. If this type of coding becomes commonplace, my
DB> current "recipes" will lose their effectiveness.
DB>
DB> Is there some simple utility that will decode this nonsense which I can
DB> call from procmail to defeat this particular dodge?


There used to be a perl utility, called De-Mangle MIME Headers (dmmh or
something), that did RFC2047 decoding.

Google for it.

Alan Connor

unread,
Sep 1, 2003, 6:36:27 AM9/1/03
to

No, Sam Whoever, I am not reading your post.


To repeat for the thousandth time: grow up and get a life

Alan Connor

unread,
Sep 1, 2003, 6:36:26 AM9/1/03
to


Nice little commercial utterly lacking in substance.

Alan Connor

unread,
Sep 1, 2003, 6:36:28 AM9/1/03
to


What the HELL are you talking about?


Business doesn't have the time to waste that you obviously
> have. They can't even answer their phones within a reasonanble time frame.
>
> Doug.


I recommend changing your medication.

to...@aplawrence.com

unread,
Sep 1, 2003, 7:26:35 AM9/1/03
to
In comp.os.linux.misc Ed Murphy <emur...@socal.rr.com> wrote:
>On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:

>> I have written a simple program that eliminates spam completely

..stuff trimmed..

>Anyway, it appears to be a set of front-end scripts to procmail
>that implements the following:

> 1) Whitelisted senders are allowed
> 2) Non-whitelisted senders are sent "Please reply to this with <key>"
> 3) Messages with <key> become whitelisted

>This is a valid approach (mostly, see next paragraph) - but look at
>how you present it! You could calmly explain the different approaches
>used by SA and elrav1, and why you believe elrav1's approach is better;
>but instead, you keep writing apoplectic rants. Your poor presentation
>has just lost another 90% of your potential audience!

..stuff trimmed..

>If any of my friends triggered enough of SA's heuristics that their
>messages registered as spam, (a) I'd be very surprised and (b) I'd
>re-evaluate whether they are still my friend.

Exactly..

>Have you *actually tested* SA on a plausible volume of e-mail? How
>about SA with Bayesian filtering activated? You may still be able
>to say "SA is not as good as elrav1" and be correct, but currently
>you are saying "SA is terrible" and I suspect that's just not true.

I agree. I do some extra procmail filtering pre-SA seeing it,
and some Bayesian afterward, but that's just to save me a little
extra bit of time. SA works fine without it.

I don't like the elrav1 type approach because it is annoying to
have to go through some extra step for someone to send me mail, and
while I'll annoy my friends, annoying my customers isn't a good
idea. But it might be a FINE idea for someone else, though I
would still recommend that they use SA too. Nothing in elrav1
PREVENTS using SA, and if he were smart enough to understand that
he'd be better off.

..stuff deleted ..

>Unfair and unreasonable by whose judgment? Yours? You're biased. First,
>you have a direct interest in elrav1 (you're the author). Second, at
>least based on the posts of yours that I've seen in comp.os.linux.misc,
>you are in a near-constant state of apoplexy. "Follow my orders, you
>idiot, or I'll subject you to the worst fate imaginable - I'll *killfile*
>you!" Terrible attitude, like I said earlier, and it's poisoning any
>chance of elrav1 being given serious consideration.

Or being reviewed. If he had calmly explained his product as
you suggested, I might have written a little blurb about it at
my site, and so might other folks. I probably would have mentioned
that SA should still be in there, but so what?

>Maybe your goal is for elrav1 to be used only by those select few
>users willing to ignore your apoplexy, overcome your lack of succinct
>this-is-the-basic-concept explanation, and jump through your
>wheel-reinventing hoops to unpack it. If that is indeed your goal,
>then your current approach is guaranteed to achieve it.

:-)

Philipp Pagel

unread,
Sep 1, 2003, 7:31:29 AM9/1/03
to
In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:

> Does he or she send this list to anyone likely to be sending them mail?
> No. But they discuss it in public and semi-public forums with other SA users,
> don't they.

It's called open source developement. Keeping the list secret may sound
like a good idea but would probably be the first example of successfull
security through obscurity if it worked.

> And guess who is teaching them how to get spam into your mailbox?

Well, up to now SA does a pretty good job to keep my inbox clean. So
apparently the spammers are not investing too much effort into getting
around it.

Actually, it's not that surprising:
People who use spamfilters hate spam (duh!) and thus are extremely
unlikely to generate any revenue for the spammer. So the effort of
circumventing their filters is probably not worth it.

Spamfilters used by large webmail services are a totally different
story! Blocking all spam from hotmail etc. generates a big problem for
the spammers - this is where they are most likely to look for ways
around the filter. I don't know how many big sites use SA but as I
said: up to now it works fine for me ...

> The same people who are allegedly keeping it OUT of your mailbox.
> And they are fairly often the SAME people.

Are they? I'm sure you have evidence to back this accusation. And
if so - why does SA still work?

> If you want spam, then use SA and its relatives. If you don't, use elrav1
> and its relatives.

I don't know your program and if it's any good but shouting at your
potential users and wild accusations against your competitors are
generally not considered a good marketing strategy at least in the open
source community...

cu
Philipp

PS: Please use reasonable formatting - ragged postings full of empty
lines are very uncomfortable to read...


--
Dr. Philipp Pagel Tel. +49-89-3187-3675
Institute for Bioinformatics / MIPS Fax. +49-89-3187-3585
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1
85764 Neuherberg, Germany

George Hewitt

unread,
Sep 1, 2003, 7:45:24 AM9/1/03
to
Excuse me, commercial? I'm just a user giving my experience. The author of
this thread seemed unhappy with SA so I gave an alternative.

Peter Jones

unread,
Sep 1, 2003, 8:06:57 AM9/1/03
to
James Keasley <m...@privacy.net> wrote in
news:slrnbl4s...@Athena.localdomain:

> Well he is obviously a kook, I KFed him some time ago.

A kook in denial at that! I guess I should probably do likewise -- and
probably will, soon enough -- but at the moment I'm still gaining a certain
amount of perverse amusement from his, uh, wisdom...

Pete.

Peter Jones

unread,
Sep 1, 2003, 8:14:19 AM9/1/03
to
Whoever <nob...@devnull.none> wrote in
news:Pine.LNX.4.44.0308311939590.25100-100000@c941211-a:

> Errrr... SpamAssassin is open source and written mostly in Perl. Anyone
> can look at the tests SpamAssassin makes.

Indeed. Oh, and http://spamassassin.org/tests.html -- the tests are hardly
secret. Furthermore, while Alan will never allow himself to see the sense of
this, a quick perusal of the list of tests described at the above URL will
quickly show you that SpamAssassin is a little more selective than a
straight-forward "list of forbidden words".

I know that none of my *friends* sends me emails with a "Click to
Unsubscribe" link, or with forged headers, or -- well, it's a fairly
comprehensive list. By default, individual words such as "Viagra" (to choose
one of the few) do not contribute a whole lot to the score anyway. I wonder
if Alan can spell "holistic"?

Pete.

Peter Jones

unread,
Sep 1, 2003, 8:25:07 AM9/1/03
to
Peter Jones <jon...@optushome.com.au> wrote in
news:Xns93E9E238EEDB...@210.49.20.254:

> I wonder if Alan can spell "holistic"?

And/or heuristic.

(I did *mean* to say 'holistic' originally; honest!)

Pete.

Michael W. Cocke

unread,
Sep 1, 2003, 9:02:27 AM9/1/03
to
On Sun, 31 Aug 2003 17:46:51 GMT, Alan Connor
<alanc...@earthlink.net> wrote:

>On Sun, 31 Aug 2003 12:29:41 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
>>
>>
>> In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>>>On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>>>
>>>>
>>>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>>>
>>>>> ....
>>>>> It IS a flaw, and you know it or you are an idiot.
>>>>>
>>>>> ....
>>>>> Please save your bullshit for the for the peasants.
>>>>
>>>> *plonk*
>>>>
>>
>>
>>>SpamAssassin searches for strings and characters in the subject: Fact
>>

Just to make one additional attempt to set the record straight - this
is not FACT, this is selective abstract of fact.

Spamassassin _CAN_ do this, if you configure it to. It can also do
other things.

Mike-


Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

Alan Connor

unread,
Sep 1, 2003, 9:38:20 AM9/1/03
to
On 1 Sep 2003 11:31:29 GMT, Philipp Pagel <philip...@gmx.de> wrote:
>
>
> In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
>
>> Does he or she send this list to anyone likely to be sending them mail?
>> No. But they discuss it in public and semi-public forums with other SA users,
>> don't they.
>
> It's called open source developement. Keeping the list secret may sound
> like a good idea but would probably be the first example of successfull
> security through obscurity if it worked.
>

You misunderstand: They have an obligation, IF they have any sense, to
tell the people who send them mail what they CANNOT put on the subject line
or in the body.


>> And guess who is teaching them how to get spam into your mailbox?
>
> Well, up to now SA does a pretty good job to keep my inbox clean. So
> apparently the spammers are not investing too much effort into getting
> around it.

That's only part of the picture, and you know it.

Do you send the mail that *might be* spam to /dev/null or put it in a
directory to look over later?

Do you always review your mail logs to see if non-spam got classified as
spam?

Do you spend time regularly up-dating your filters?

Do you lose non-spam mail?


>
> Actually, it's not that surprising:
> People who use spamfilters hate spam (duh!) and thus are extremely
> unlikely to generate any revenue for the spammer. So the effort of
> circumventing their filters is probably not worth it.


No. I think that's not true at all. Anyone using SA and its siblings

likes spam, or they would use a different system.

Maybe you are the exception, but I have been following SA posts for quite
a while, and almost every SA user FREAKS if they LOSE spam before getting
to look it over.


>
> Spamfilters used by large webmail services are a totally different
> story! Blocking all spam from hotmail etc. generates a big problem for
> the spammers - this is where they are most likely to look for ways
> around the filter. I don't know how many big sites use SA but as I
> said: up to now it works fine for me ...
>

>> The same people who are allegedly keeping it OUT of your mailbox.
>> And they are fairly often the SAME people.
>
> Are they? I'm sure you have evidence to back this accusation. And
> if so - why does SA still work?
>

Enough to convince me. I don't care what YOU think, unless you can
offer contrary evidence.

I know for a fact that many of the apparently normal SA users are
spammers.

SA (etc) doesn't work, if one's object is to rid one's life of spam and worrying
about it and messing with it.

>> If you want spam, then use SA and its relatives. If you don't, use elrav1
>> and its relatives.
>
> I don't know your program and if it's any good but shouting at your
> potential users and wild accusations against your competitors are
> generally not considered a good marketing strategy at least in the open
> source community...
>
> cu
> Philipp
>

I base my assessment of SA on the hundreds of posts I have read by SA users
on the Usenet.

If you are being honest, and SA has eliminated spam, and worry about spam
and worry about whether non-spam is being discarded, and if you don't save
spam in another directory to look over,

then you are an exception to the norm.


One becomes what one hates and attracts what one hates.

I don't hate spam, I just won't tolerate it in my life, at all.

Nor will I put up with programs that can't actually tell spam from non-spam
and need constant oversight.


>
>
> PS: Please use reasonable formatting - ragged postings full of empty
> lines are very uncomfortable to read...
>
>


I format like I do for reasons that seem valid to me.

You may format YOUR messages as you wish.

Alan Connor

unread,
Sep 1, 2003, 9:38:21 AM9/1/03
to
On Mon, 01 Sep 2003 09:02:27 -0400, Michael W Cocke <co...@catherders.com> wrote:
>
>
> On Sun, 31 Aug 2003 17:46:51 GMT, Alan Connor
><alanc...@earthlink.net> wrote:
>
>>On Sun, 31 Aug 2003 12:29:41 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
>>>
>>>
>>> In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>>>>On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>>>>
>>>>>
>>>>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>>>>
>>>>>> ....
>>>>>> It IS a flaw, and you know it or you are an idiot.
>>>>>>
>>>>>> ....
>>>>>> Please save your bullshit for the for the peasants.
>>>>>
>>>>> *plonk*
>>>>>
>>>
>>>
>>>>SpamAssassin searches for strings and characters in the subject: Fact
>>>
>
> Just to make one additional attempt to set the record straight - this
> is not FACT, this is selective abstract of fact.
>
> Spamassassin _CAN_ do this, if you configure it to. It can also do
> other things.
>
> Mike-


Big sig and empty post


The only thing SpamAssassin can't do is assassinate spam reliably.

Jean-David Beyer

unread,
Sep 1, 2003, 9:52:46 AM9/1/03
to
Alan Connor wrote (in part):

> Do you send the mail that *might be* spam to /dev/null or put it in a
> directory to look over later?

Mostly it gets silently deleted.


>
> Do you always review your mail logs to see if non-spam got classified as
> spam?

Usually, but not always.


>
> Do you spend time regularly up-dating your filters?
>

No.

> Do you lose non-spam mail?
>

Probably. My friends know I use pretty tough e-mail filters.

I used to say that, due to spam and virii, the e-mail will be completely
useless in five years. That was a couple of years ago. I think I was
right. Unless something much more effective is done, there are only
three years to go before I just stop using it. Perhaps I will have to
delete ALL incoming e-mail except for a very short whitelist of people,
and the checking will have to be done on the Received: headers, not the
From: field.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 9:45am up 10 days, 19:12, 2 users, load average: 2.10, 2.09, 2.09

Alan Connor

unread,
Sep 1, 2003, 10:05:54 AM9/1/03
to
On Mon, 01 Sep 2003 09:02:27 -0400, Michael W Cocke <co...@catherders.com> wrote:
>
>
> On Sun, 31 Aug 2003 17:46:51 GMT, Alan Connor
><alanc...@earthlink.net> wrote:
>
>>On Sun, 31 Aug 2003 12:29:41 +0000 (UTC), to...@aplawrence.com <to...@aplawrence.com> wrote:
>>>
>>>
>>> In comp.os.linux.misc Alan Connor <xxx...@xxxx.xxx> wrote:
>>>>On 30 Aug 2003 21:53:00 GMT, Dave Null <bit-b...@config.com> wrote:
>>>>>
>>>>>
>>>>> On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>>>>>
>>>>>> ....
>>>>>> It IS a flaw, and you know it or you are an idiot.
>>>>>>
>>>>>> ....
>>>>>> Please save your bullshit for the for the peasants.
>>>>>
>>>>> *plonk*
>>>>>
>>>
>>>
>>>>SpamAssassin searches for strings and characters in the subject: Fact
>>>
>
> Just to make one additional attempt to set the record straight - this
> is not FACT, this is selective abstract of fact.
>
> Spamassassin _CAN_ do this, if you configure it to. It can also do
> other things.
>
> Mike-
>

Yes, let's set the record straight.


The *majority* of people who use SA and its siblings send mail that *might*
be spam to a directory and then look it over, ostensibly to make sure that
no non-spam has been included.

Or they go over their logs instead.

Because they can NEVER truly trust filters that may or may not classify
non-spam as spam


They also get some spam in their inbox.

They also have to learn a complex program.

They also have to update their filters fairly regularly

They also lose non-spam mail


So sensible people ask: Why don't you just delete spam from your inbox
after reading the subject and from lines that are right in front of you?


It would be a lot less work and MORE effective.


I would never trust one of these programs to filter my mail.

And that includes those that the ISPs use.

My important mailboxes are on a private server that leaves all the
filtering to the individual accounts.

I run my own little program on it and get no spam and lose no non-spam
and don't have to worry about it at ALL.

John Winters

unread,
Sep 1, 2003, 10:35:47 AM9/1/03
to
In article <6nI4b.4575$Lk5...@newsread3.news.pas.earthlink.net>,
Alan Connor <alanc...@earthlink.net> wrote:
[snip]

>Yes, let's set the record straight.

Now lets straighten Alan's odd idea of "straight".

For the record, I use BogoFilter which probably counts as a sibling
of SA and does an excellent job.

>The *majority* of people who use SA and its siblings send mail that *might*
>be spam to a directory and then look it over, ostensibly to make sure that
>no non-spam has been included.

I chuck it all into a folder called "ProbableSpam". I can thus check it
if and when I think something has got lost. Early on I had a few e-mails
in there which weren't Spam but I haven't had one now for quite a few
months.

The downside of this is that, when in doubt, BogoFilter leaves the
e-mail in my main queue so I do get a few Spam messages in my Inbox.

>Or they go over their logs instead.

No, I don't bother.

>Because they can NEVER truly trust filters that may or may not classify

>non-spam as spam.

No, it seems that BogoFilter is sufficiently good that the likelihood of
this is acceptably small.

>They also get some spam in their inbox.

True, I do get the odd one.

>They also have to learn a complex program.

Completely untrue. It just installs and works. Certainly much less
work than your offering seems to be from the instructions.

>They also have to update their filters fairly regularly

No. BogoFilter does all that for me. It learns each time I flick over
a Spam message which it missed and it also scans all my folders of what
I consider good mail to learn what I like.

>They also lose non-spam mail

I haven't had an incident of this in a very long time. In any case, I
wouldn't lose them, I'd just have to go into my Spam folder and fish them
out.

>So sensible people ask: Why don't you just delete spam from your inbox
>after reading the subject and from lines that are right in front of you?

Because this would be immensely more work. Using BogoFilter is like having
a hard working and intelligent secretary who pre-sorts all your mail.
I get to my desk to find two piles labelled "Good stuff" and "Rubbish".
I can if I want override my secretary's decisions but it's seldom
needed.

>It would be a lot less work

No, it would be a lot more work. How can doing all the work of your
secretary be less work?

>and MORE effective.

It's meaningless to say it would be more effective. The purpose of a spam
filter is to make sure you don't have to deal with each message individually
yourself. If you do it all yourself then the method is *totally* ineffective,
not more effective.

>I would never trust one of these programs to filter my mail.

Your call. Doesn't it occur to you to wonder why others get really good
results from them when you have proved intellectually to yourself that
this isn't possible? Could it just possibly be that you've made a mistake
in your assessment?

>And that includes those that the ISPs use.
>
>My important mailboxes are on a private server that leaves all the
>filtering to the individual accounts.
>
>I run my own little program on it and get no spam and lose no non-spam
>and don't have to worry about it at ALL.

This would be the program where you have to keep manually updating the
blocking lists every time you acquire a new correspondent who might
not be willing to jump through your hoops is it? Every time you, for
instance, place an order at a web site you then have to update your
blocking lists to make sure you don't lose their acknowledgements.
Doesn't sound like no worry at all to me.

HTH
John
--
The Linux Emporium - the source for Linux in the UK
See http://www.linuxemporium.co.uk/

We had a woodhenge here once but it rotted.

to...@aplawrence.com

unread,
Sep 1, 2003, 10:49:54 AM9/1/03
to
In comp.os.linux.misc Philipp Pagel <philip...@gmx.de> wrote:
>In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:

>> Does he or she send this list to anyone likely to be sending them mail?
>> No. But they discuss it in public and semi-public forums with other SA users,
>> don't they.

>It's called open source developement. Keeping the list secret may sound
>like a good idea but would probably be the first example of successfull
>security through obscurity if it worked.

>> And guess who is teaching them how to get spam into your mailbox?

>Well, up to now SA does a pretty good job to keep my inbox clean. So
>apparently the spammers are not investing too much effort into getting
>around it.

And if they actually did, most of it wouldn't be spam anymore: just
sensible text from a real sender hawking their wares..

Real solicitations don't bother me. You usually only get
them once (real advertisers don't want to waste their time
annoying you and would give you a real method to opt-out) and
sometimes they are actually something I want to know about. Those
kind of ads usually pass through SA unscathed, as they should.

Alan Connor

unread,
Sep 1, 2003, 10:59:50 AM9/1/03
to
On Mon, 01 Sep 2003 09:52:46 -0400, Jean-David Beyer <jdb...@exit109.com> wrote:
>
>
> Alan Connor wrote (in part):
>
>> Do you send the mail that *might be* spam to /dev/null or put it in a
>> directory to look over later?
>
> Mostly it gets silently deleted.
>>
>> Do you always review your mail logs to see if non-spam got classified as
>> spam?
>
> Usually, but not always.
>>
>> Do you spend time regularly up-dating your filters?
>>
> No.
>
>> Do you lose non-spam mail?
>>
> Probably. My friends know I use pretty tough e-mail filters.
>
> I used to say that, due to spam and virii, the e-mail will be completely
> useless in five years. That was a couple of years ago. I think I was
> right. Unless something much more effective is done, there are only
> three years to go before I just stop using it. Perhaps I will have to
> delete ALL incoming e-mail except for a very short whitelist of people,
> and the checking will have to be done on the Received: headers, not the
> From: field.
>

Thanks for your honesty, Jean-David.


I have already taken the leap that you see yourself taking in the near
future, with a few refinements added. You really should at least look
over my little program. I'd love to hear any ideas you might have for
improvements. Will send you a mail that contains a password in the body
that will get you right through my filters.

to...@aplawrence.com

unread,
Sep 1, 2003, 11:01:33 AM9/1/03
to
In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
>On 1 Sep 2003 11:31:29 GMT, Philipp Pagel <philip...@gmx.de> wrote:
>>
>>
>> In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
>>
>>> Does he or she send this list to anyone likely to be sending them mail?
>>> No. But they discuss it in public and semi-public forums with other SA users,
>>> don't they.
>>
>> It's called open source developement. Keeping the list secret may sound
>> like a good idea but would probably be the first example of successfull
>> security through obscurity if it worked.
>>

>You misunderstand: They have an obligation, IF they have any sense, to
>tell the people who send them mail what they CANNOT put on the subject line
>or in the body.

Point system. Point system. How many times does it need to be said
before this moron gets it?


>>> And guess who is teaching them how to get spam into your mailbox?
>>
>> Well, up to now SA does a pretty good job to keep my inbox clean. So
>> apparently the spammers are not investing too much effort into getting
>> around it.

>That's only part of the picture, and you know it.

>Do you send the mail that *might be* spam to /dev/null or put it in a
>directory to look over later?

I put it in a directory.

>Do you always review your mail logs to see if non-spam got classified as
>spam?

Not always.. SA has yet to classify something as spam that I think
is not, so I don't look all that often and when I do it's just
a cursory once-over.

>Do you spend time regularly up-dating your filters?

>Do you lose non-spam mail?

Maybe once in a great while. Recently, because of SoBig, I got
thousands of "Mailer Daemon" type messages and had to put in a filter
for them temporarily. I knew that would be a problem because
I also have opt-in mailing lists and like to keep dead addresses
out of them. I wrote my filters to account for that, but then
a customer forwarded one of his "Mailer Daemon" messages asking
why he'd gotten it, and I filtered it out. He was smart enough to
send another message asking why I hadn't replied (I tell my
customers that if they don't get a timely response on email or
voice mail, there is something very wrong so please try another
communication method!). He was also smart enough to understand
WHY his email got dropped and was neither surprised or upset.


>No. I think that's not true at all. Anyone using SA and its siblings
>likes spam, or they would use a different system.

I wish you were smart enough to understand that nothing prevents
you from using multiple methods. Whitelist are fine for some folks,
but don't compete with SA and in fact the two methods can work
well together - if you want to use whitelists, SA can make them
work even better.

>I don't hate spam, I just won't tolerate it in my life, at all.

>Nor will I put up with programs that can't actually tell spam from non-spam
>and need constant oversight.

SA doesn't need "constant oversight" :-)

Alan Connor

unread,
Sep 1, 2003, 11:20:52 AM9/1/03
to

takes 5 minutes, what do you want?


>>They also have to update their filters fairly regularly
>
> No. BogoFilter does all that for me. It learns each time I flick over
> a Spam message which it missed and it also scans all my folders of what
> I consider good mail to learn what I like.
>

You are still DOING it!


>>They also lose non-spam mail
>
> I haven't had an incident of this in a very long time. In any case, I
> wouldn't lose them, I'd just have to go into my Spam folder and fish them
> out.
>
>>So sensible people ask: Why don't you just delete spam from your inbox
>>after reading the subject and from lines that are right in front of you?
>
> Because this would be immensely more work. Using BogoFilter is like having
> a hard working and intelligent secretary who pre-sorts all your mail.
> I get to my desk to find two piles labelled "Good stuff" and "Rubbish".
> I can if I want override my secretary's decisions but it's seldom
> needed.
>
>>It would be a lot less work
>
> No, it would be a lot more work. How can doing all the work of your
> secretary be less work?
>
>>and MORE effective.
>
> It's meaningless to say it would be more effective. The purpose of a spam
> filter is to make sure you don't have to deal with each message individually
> yourself. If you do it all yourself then the method is *totally* ineffective,
> not more effective.
>
>>I would never trust one of these programs to filter my mail.
>
> Your call. Doesn't it occur to you to wonder why others get really good
> results from them when you have proved intellectually to yourself that
> this isn't possible? Could it just possibly be that you've made a mistake
> in your assessment?
>

I read the posts on this newsgroup. I KNOW what's going on

>>And that includes those that the ISPs use.
>>
>>My important mailboxes are on a private server that leaves all the
>>filtering to the individual accounts.
>>
>>I run my own little program on it and get no spam and lose no non-spam
>>and don't have to worry about it at ALL.
>
> This would be the program where you have to keep manually updating the
> blocking lists every time you acquire a new correspondent who might
> not be willing to jump through your hoops is it? Every time you, for
> instance, place an order at a web site you then have to update your
> blocking lists to make sure you don't lose their acknowledgements.
> Doesn't sound like no worry at all to me.
>
> HTH
> John


No, and that last paragraph does not describe my program at all, which
you either know or were lying above about looking over the docs.


Since you concluded this post with a malicious falsehood or lied at
the top about looking over my program.


Then I don't believe a word you have said here.


I am about to conclude that a good number of the users of SA and its brethren
are truly human scum that have no honor whatsoever.

Alan Connor

unread,
Sep 1, 2003, 11:38:38 AM9/1/03
to
On Mon, 01 Sep 2003 15:20:52 GMT, Alan Connor <alanc...@earthlink.net> wrote:
>
>
> On Mon, 1 Sep 2003 14:35:47 +0000 (UTC), John Winters <new...@linuxemporium.co.uk> wrote:
>>
>>
>> In article <6nI4b.4575$Lk5...@newsread3.news.pas.earthlink.net>,
>> Alan Connor <alanc...@earthlink.net> wrote:
>> [snip]
>>>Yes, let's set the record straight.
>>
>> Now lets straighten Alan's odd idea of "straight".
>>

Sorry, an obvious liar can't set anything straight.

<snip>


>>
>> This would be the program where you have to keep manually updating the
>> blocking lists every time you acquire a new correspondent who might
>> not be willing to jump through your hoops is it? Every time you, for
>> instance, place an order at a web site you then have to update your
>> blocking lists to make sure you don't lose their acknowledgements.
>> Doesn't sound like no worry at all to me.
>>
>> HTH
>> John
>

Obviously, he is lying about reading about my program, or maliciously
misrepresenting what he did read.

Dealing with spam with elrav1 is ENTIRELY automated and invisible to
the user and NEVER lets any through to the inbox.

And it never dumps non-spam.

John Winters

unread,
Sep 1, 2003, 11:38:30 AM9/1/03
to
In article <otJ4b.4654$Lk5....@newsread3.news.pas.earthlink.net>,

Alan Connor <alanc...@earthlink.net> wrote:
>On Mon, 1 Sep 2003 14:35:47 +0000 (UTC), John Winters <new...@linuxemporium.co.uk> wrote:
>> In article <6nI4b.4575$Lk5...@newsread3.news.pas.earthlink.net>,
>> Alan Connor <alanc...@earthlink.net> wrote:

[Lots of unnecessary quoting snipped. Please learn to quote intelligently]

>>>They also have to learn a complex program.
>>
>> Completely untrue. It just installs and works. Certainly much less
>> work than your offering seems to be from the instructions.
>>
>
>takes 5 minutes, what do you want?

You haven't addressed the point I made. You said I had to learn a complex
program. I pointed out this wasn't true. Now you seem to be claiming
that yours isn't much more complex. That's a fairly large shift of
position.

>>>They also have to update their filters fairly regularly
>>
>> No. BogoFilter does all that for me. It learns each time I flick over
>> a Spam message which it missed and it also scans all my folders of what
>> I consider good mail to learn what I like.
>>
>
>You are still DOING it!

Doing what? If you mean I'm having to update my filters, then no I'm
not. BogoFilter does it by looking at what I kept and what I discarded.
I'd be keeping/discarding it anyway so your assertion is false.

[snip lots more pointless quoting]

>>>I would never trust one of these programs to filter my mail.
>>
>> Your call. Doesn't it occur to you to wonder why others get really good
>> results from them when you have proved intellectually to yourself that
>> this isn't possible? Could it just possibly be that you've made a mistake
>> in your assessment?
>>
>
>I read the posts on this newsgroup. I KNOW what's going on

Sorry - can you explain how that addresses the question I asked?

[snip more unnecessary quoting]

>>>I run my own little program on it and get no spam and lose no non-spam
>>>and don't have to worry about it at ALL.
>>
>> This would be the program where you have to keep manually updating the
>> blocking lists every time you acquire a new correspondent who might
>> not be willing to jump through your hoops is it? Every time you, for
>> instance, place an order at a web site you then have to update your
>> blocking lists to make sure you don't lose their acknowledgements.
>> Doesn't sound like no worry at all to me.

[snip quoted signature]
>
>No,

No to what? No it isn't no worry?

>and that last paragraph does not describe my program at all, which
>you either know or were lying above about looking over the docs.

That paragraph is based entirely on looking at the documents for your program.
If I don't need to go through the process described above, please explain
how I avoid having to do it. Bear in mind that no auto-responder at an
e-commerce site is going to go through your hoop-leaping process of responding
to an auto-email.

>Since you concluded this post with a malicious falsehood or lied at
>the top about looking over my program.

Please tell me where the falsehood is. It certainly isn't malicious.

I looked over the instructions - not the program. If the instructions
are wrong, please tell us.

>Then I don't believe a word you have said here.

Up to you. Your lack of judgement is your problem.

>I am about to conclude that a good number of the users of SA and its brethren
>are truly human scum that have no honor whatsoever.

Ah, abuse. Sort of demonstrates a lack of reasoning ability doesn't it?

I suppose the main thing which makes your program utterly useless from
my point of view is the fact that I run a business. You can't ask your
potential customers to jump through hoops before you'll talk to them.
They simply pass on by and shop elsewhere.

Imagine a high-street shop where, instead of being able to wander in and
browse, you have to pass an integrity check before you're allowed in.
It would be commercial suicide. Similarly, for anyone running a business,
any spam filter has to pass the check that it doesn't put barriers in the
way of customers - even small ones which they could potentially overcome.
The browsing public simply won't wear it.

For a private user your program might be handy, particularly if used in
conjunction with other tools like SA or BogoFilter (or both). You're
blowing your own case out of the water though by:

a) Publishing false claims about the competion.
b) Heaping abuse on anyone who queries them.

You may be convinced that your solution is the best thing since sliced
bread, but until you can convince others of that by *reasoning*, you're
doomed to failure. Trying to pretend things are other than they are
buys you absolutely nothing, and ranting and raving simply condemns you
as a fool.

Your problems are just that - *your* problems - not anyone else's and
certainly not mine. As long as you fail to come up with any cogent
reasoning and certainly as long as you treat abuse as the your argument
point of first resort, you won't get any more responses from me.

Ed Murphy

unread,
Sep 1, 2003, 12:07:41 PM9/1/03
to
On Mon, 01 Sep 2003 11:31:29 +0000, Philipp Pagel wrote:

> People who use spamfilters hate spam (duh!) and thus are extremely
> unlikely to generate any revenue for the spammer. So the effort of
> circumventing their filters is probably not worth it.

I'm reminded of the following:

www.miami.com/mld/miamiherald/living/columnists/dave_barry/6649728.htm

And how has the telemarketing industry responded to this tidal wave of
public hostility? It has issued this statement: "Gosh, if these people
really don't want us to call them, then there's no point in our calling
them! We'd only be making them hate us more, and that's just plain
stupid! We'll try to come up with a less offensive way to do business."

No, wait, that's what the telemarketers would say in Bizarro World,
where everything is backward, and Superman is bad, and telemarketers
contain human DNA. Here on Earth, the telemarketers are claiming they
have a constitutional right to call people who do not want to be
called. They base this claim on Article VX, Section iii, row 5, seat 2,
of the U.S. Constitution, which states: ''If anybody ever invents the
telephone, Congress shall pass no law prohibiting salespeople from
using it to interrupt dinner.''

Ed Murphy

unread,
Sep 1, 2003, 12:05:45 PM9/1/03
to
On Mon, 01 Sep 2003 13:38:20 +0000, Alan Connor wrote:

>> PS: Please use reasonable formatting - ragged postings full of empty
>> lines are very uncomfortable to read...

> I format like I do for reasons that seem valid to me.

And what, pray tell, might those reasons be? I'm inclined to assume
that the primary reason is "because I'm a loudmouthed net.kook", but
you may certainly attempt to prove me wrong...

John-Paul Stewart

unread,
Sep 1, 2003, 11:37:28 AM9/1/03
to
Ed Murphy wrote:
>
> On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:
>
> > I have written a simple program that eliminates spam completely

[snip]

> Anyway, it appears to be a set of front-end scripts to procmail
> that implements the following:
>
> 1) Whitelisted senders are allowed
> 2) Non-whitelisted senders are sent "Please reply to this with <key>"
> 3) Messages with <key> become whitelisted

[snip]

> Some Windoze viruses look at the victim's address book when forging a
> From: line. Such From: lines have a reasonable chance of being on
> your whitelist. (If you are their friend, then they might be yours as
> well.) Does elrav1 have any ability to detect forged From: lines? (I
> don't know; I'm asking.)

It would also appear that spammers harvest e-mail addresses from Usenet
not only as targets for their spam, but also to use as return
addresses. (I have seen spam with my own e-mail address in the From:
field. I don't use Windows at all, so it is not a Windows virus that
put it there.) I've heard from others here c.o.l.misc who've had the
same thing happen, too.

Now imagine what happens when a spammer sends out a million spams with a
valid but forged return address. An innocent third party could
potentially be innudated with thousands of address varification requests
from users of the elrav1 software. That seems like a pretty serious
flaw!

These are good reasons why spam should never be bounced. The address
validation stage is essentially the same thing.

Alan Connor

unread,
Sep 1, 2003, 1:01:49 PM9/1/03
to
On Mon, 1 Sep 2003 15:38:30 +0000 (UTC), John Winters <new...@linuxemporium.co.uk> wrote:
>
>
> In article <otJ4b.4654$Lk5....@newsread3.news.pas.earthlink.net>,
> Alan Connor <alanc...@earthlink.net> wrote:
>>On Mon, 1 Sep 2003 14:35:47 +0000 (UTC), John Winters <new...@linuxemporium.co.uk> wrote:
>>> In article <6nI4b.4575$Lk5...@newsread3.news.pas.earthlink.net>,
>>> Alan Connor <alanc...@earthlink.net> wrote:
>
> [Lots of unnecessary quoting snipped. Please learn to quote intelligently]
>

So you begin with a condescending insult.


and after your last post, with its malicious lies about my program you
think I am going to take an insult and read the rest of your garbage?


Fuck you. Killfiled

If there is anyone reading the list stupid enough to believe a word you say,
then there is nothing I can do about that.

Alan Connor

unread,
Sep 1, 2003, 1:01:50 PM9/1/03
to
On Mon, 01 Sep 2003 11:37:28 -0400, John-Paul Stewart <jpst...@sympatico.ca> wrote:
>
>
> Ed Murphy wrote:
>>
>> On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:
>>
>> > I have written a simple program that eliminates spam completely
>
> [snip]
>
>> Anyway, it appears to be a set of front-end scripts to procmail
>> that implements the following:
>>

"Appears" to be? Here's the first paragraph of the introduction:

elrav1 (Entry-List-Request-for-Address-Validation-One) is a simple,
textmode front end for the procmail package. It can be run from a tty, an
xterm, or any equivalent utility. It operates indepentently of your mail
client and doesn't care what your MTA is.

>> 1) [pass]listed senders are allowed


>> 2) Non-whitelisted senders are sent "Please reply to this with <key>"
>> 3) Messages with <key> become whitelisted
>

That's an oversimplification

> [snip]
>
>> Some Windoze viruses look at the victim's address book when forging a
>> From: line. Such From: lines have a reasonable chance of being on
>> your whitelist. (If you are their friend, then they might be yours as
>> well.) Does elrav1 have any ability to detect forged From: lines? (I
>> don't know; I'm asking.)
>
> It would also appear that spammers harvest e-mail addresses from Usenet
> not only as targets for their spam, but also to use as return
> addresses. (I have seen spam with my own e-mail address in the From:
> field. I don't use Windows at all, so it is not a Windows virus that
> put it there.) I've heard from others here c.o.l.misc who've had the
> same thing happen, too.


If that happenned once on an address, elrav1 has a quick and permanent
fix, which you would know if you had actually read the docs.


>
> Now imagine what happens when a spammer sends out a million spams with a
> valid but forged return address. An innocent third party could
> potentially be innudated with thousands of address varification requests
> from users of the elrav1 software. That seems like a pretty serious
> flaw!
>

So you are blaming ME for the crimes of spammers?

And ignoring the fact that MANY spamfighting programs send out far more
garbage than mine does.

> These are good reasons why spam should never be bounced. The address
> validation stage is essentially the same thing.


Why doesn't anyone claiming to pass intelligent judgement on things actually
do their homework?


If you had bothered to actually look at the docs, you would have seen that
after receiving mail twice from an address that fails to return the
RAV, any further mail from that address is sent to /dev/null.


I am very grateful that there are people out there that are actually
reading the docs before passing judgement

About half the people that have mailed me about elrav1 are now using it.


Neither they nor I care about the opinion of someone who hasn't done their
homework but claims to have done.

You can forget about mailing me. The password listing was just converted
to a blocked listing.


Hey guy, we are using the program and if you don't like it, try writing
your congressperson.


Just don't try spamming or trolling us, because it won't work.


Results, not the opinions of jerks, are what count in this world.

/dev/rob0

unread,
Sep 1, 2003, 1:19:40 PM9/1/03
to
In article <pan.2003.09.01....@socal.rr.com>,
Ed Murphy wrote:

An excellent article. Thank you.

> On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:
>
>> I have written a simple program that eliminates spam completely
>

> You didn't provide URLs. I can't imagine why; in your shoes, I
> would stick 'em in my .sig, and otherwise trumpet them with alarming

It's in his .sig under a different (shorter) name.

> attitude causes lots of people to refuse to listen to you. Sorry, dude,
> but stamping your foot and insisting the world come to your doorstep is
> just /not going to work/. You're going to have to actually learn a
> modicum of diplomacy. This is possible (provably; I did it). No, it's

Alan (or "Farley Benn" or "Bruce Burhans"?) seems to have a black-and-
white world view which lends itself to the generation of much conflict
where it may not have otherwise existed. For instance, to classify the
SA authors and users as spammers ... under a more realistic (IMO) world
view this is patently absurd. They have a different threshold of spam
tolerance. They are not willing to risk losing out on legitimate email
in pursuit of the spam-free mailbox.

Perhaps most importantly: they haven't allowed their spam hatred to get
out of hand. They can keep it in proper perspective. I'm not sure Alan
can.

"Farley" came up in alt.os.linux.slackware some time ago. Initially I
welcomed him there, but his personality (ego?) invariably led to a long
flamefest, after which he quit posting.

BTW I want to thank the poster who tipped us (c.o.l.networking) off to
the connection to "Farley" and "Bruce". I did a little Groups.googlage
and I think it gave me a bit of insight into Alan. I can understand how
someone into survivalism, with political views so far out of the
mainstream, can develop the black-and-white world view. (No matter, it's
still fallacious, of course.)

> not always pleasant (I speak from experience there as well), but the
> alternative

... is to doze off in mid-sentence! :) LOL!

> If any of my friends triggered enough of SA's heuristics that their
> messages registered as spam, (a) I'd be very surprised and (b) I'd
> re-evaluate whether they are still my friend.

Well, I think all of us have friends, or at least relatives, who are
completely clueless. :)

> Sure, a smart spammer could read that list and figure sneaky ways around
> at least some of the rules. But do they /actually do so/? A quick

"Smart spammer" is an oxymoron. Spamming is a violation of many rules of
nature and of common sense, such as the law of GIGO. I imagine few of
them actually profit thereby, and those who do eventually get caught.

> eyeballing of the rules, and of some of the spam I've received lately,
> seems to indicate that they do not!

And why should they? Most reasonable people, even those lacking in
Net-savvy, ignore all spam anyway. Spammers' targets are those who are
new to the 'Net, and who are truly gullible enough to believe that the
child/widow[er]/sibling of a deceased official in an African country has
actually sought his/her assistance in finding a bank account for the
decedent's substantial ill-gotten gains.

> For the record, I don't use any spam filter whatsoever. I don't
> particularly need one. My typical daily mail volume consists of
> several dozen messages from various mailing lists (which are sorted

Me neither, and likewise. $FROM address above uses server-side filtering
which catches several each day. $preferred_email address below uses some
simple procmail rules to catch some spam, but it doesn't get much. AAMOF
the vast majority of the spam which comes into a mailbox I see arrives
through a whitelisted mailing list!

This brings me to a question for Alan regarding elrav1: does it manage
to filter any spam from mailing lists or other whitelisted sources?
AFAICS, no, it does not. Thus it does not take the place of the likes of
SpamAssassin!

Alan, a guy like you might be interested in the linux-crypto mailing
list. (I know, because in many ways I *am* like you. :) But please don't
try subscribing to that list! I doubt your blood pressure could stand
the spam.

> Oh, and if you feel like killfiling me, then don't waste your time
> threatening me that you may do so. (Unless you take pleasure in
> writing such threats. I suspect that this is the case.) Just do
> it and get it over with. I'd consider it an honor.

Alan's plonk wouldn't interest me one way or the other, except that once
I get it I will stop posting with the assumption that he may be reading.

Alan's a real GNU/Linux user, and despite the fact that his personality
gets in the way, he does try to contribute to the community. His angry
rhetoric and offensive language does not have any emotional effect on
me, except insofar as it's a disappointment to see his message lost in
the fuss. So I haven't KF'ed him, nor do I expect to do so.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

Alan Connor

unread,
Sep 1, 2003, 1:46:40 PM9/1/03
to
On Mon, 1 Sep 2003 10:19:40 -0700, /dev/rob0 <ro...@gmx.co.uk> wrote:
>
>
> In article <pan.2003.09.01....@socal.rr.com>,
> Ed Murphy wrote:
>
> An excellent article. Thank you.
>
>> On Sun, 31 Aug 2003 22:31:12 +0000, Alan Connor wrote:
>>
>>> I have written a simple program that eliminates spam completely
>>
>> You didn't provide URLs. I can't imagine why; in your shoes, I
>> would stick 'em in my .sig, and otherwise trumpet them with alarming
>
> It's in his .sig under a different (shorter) name.
>
>> attitude causes lots of people to refuse to listen to you. Sorry, dude,
>> but stamping your foot and insisting the world come to your doorstep is
>> just /not going to work/. You're going to have to actually learn a
>> modicum of diplomacy. This is possible (provably; I did it). No, it's
>
> Alan (or "Farley Benn" or "Bruce Burhans"?)

What the hell does THAT mean?


seems to have a black-and-
> white world view which lends itself to the generation of much conflict
> where it may not have otherwise existed. For instance, to classify the
> SA authors and users as spammers


More bullshit. I have never accused the authors of SA of being spammers.


... under a more realistic (IMO) world
> view this is patently absurd.


Yes, it would be absurd if someone had actually said it.

They have a different threshold of spam
> tolerance. They are not willing to risk losing out on legitimate email
> in pursuit of the spam-free mailbox.
>

I never miss any mail that I want to get.

People that are unwilling to take 5 seconds to return an RAV *once* in
a lifetime in order to communicate with me, are jerks that I don't want
to have access to my mailbox.


> Perhaps most importantly: they haven't allowed their spam hatred to get
> out of hand. They can keep it in proper perspective. I'm not sure Alan
> can.
>

I don't hate spam at all. I just won't put up with it.

> "Farley" came up in alt.os.linux.slackware some time ago. Initially I
> welcomed him there, but his personality (ego?) invariably led to a long
> flamefest, after which he quit posting.
>

Man you ARE a nutcase!

> BTW I want to thank the poster who tipped us (c.o.l.networking) off to
> the connection to "Farley" and "Bruce". I did a little Groups.googlage
> and I think it gave me a bit of insight into Alan. I can understand how
> someone into survivalism, with political views so far out of the
> mainstream, can develop the black-and-white world view. (No matter, it's
> still fallacious, of course.)


A nutcase thinks I have a fallacious worldview and a multiple personality
too.


I am truly devastated.


The rest of this garbage snipped.


/dev/rob0, another fucking troll hiding behind a pseudonym.


Why don't you get a life, you loser?

Whoever

unread,
Sep 1, 2003, 1:58:18 PM9/1/03
to
On Mon, 1 Sep 2003 to...@aplawrence.com wrote:

> In comp.os.linux.misc Philipp Pagel <philip...@gmx.de> wrote:
>
> >Well, up to now SA does a pretty good job to keep my inbox clean. So
> >apparently the spammers are not investing too much effort into getting
> >around it.

Mine too.

>
> And if they actually did, most of it wouldn't be spam anymore: just
> sensible text from a real sender hawking their wares..

True, but working around SA is pretty difficult - if the text analysis
does not catch it, then frequently the RBL's add enough score for spam to
be correctly tagged. Mostly, the spams that get through are very short.

>
> Real solicitations don't bother me.

It raises the interesting question of what is spam and what is not.
As can be expected, people have different opinions on this, but probably
the most all-encompassing might be "that which I do not want to receive".
The problem for such a definition that one person's spam is another
person's ham.

Overall, I find SA to be highly effective. My company's settings are such
that it does not tag all spam, but I am prepared to accept that.
Furthermore, we get a lot of spam that is atypical.

John Winters

unread,
Sep 1, 2003, 2:05:52 PM9/1/03
to
In article <Pine.LNX.4.44.0309011050240.27738-100000@c941211-a>,
Whoever <nob...@devnull.none> wrote:
[snip]

>It raises the interesting question of what is spam and what is not.
>As can be expected, people have different opinions on this, but probably
>the most all-encompassing might be "that which I do not want to receive".
>The problem for such a definition that one person's spam is another
>person's ham.

I don't think the line is nearly as vague as that. I suppose it's possible
that there are people out there who welcome e-mail information about how
to increase the size of their poultry or defraud multi-national operations
in Nigeria, but it's very unlikely.

For a start at an attempted classification one could just ask, "Was this
message composed specifically with me in mind?" If someone writes to me
saying they've seen my website and they have a product which they think
I might like to stock (and it is clear that they really have done this)
then technically it's UCE, but it's certainly not Spam. I have no problem
with this sort of e-mail, even if I'm not actually interested in the product.
On the other hand if an e-mail starts with the same text but said text is
clearly a lie then it is Spam.

Yes, there can be some borderline cases but the vast majority of Spam is
Spam in *everybody's* book.

Dave Null

unread,
Sep 1, 2003, 2:07:44 PM9/1/03
to
On Sun, 31 Aug 2003 15:29:49 +0000 (UTC), to...@aplawrence.com hath writ:
> In comp.os.linux.misc Dave Null <bit-b...@config.com> wrote:
>>On Sat, 30 Aug 2003 20:57:39 GMT, Alan Connor farted in churcH:
>
>>> ....
>>> It IS a flaw, and you know it or you are an idiot.
>>>
>>> ....
>>> Please save your bullshit for the for the peasants.
>
>> *plonk*
>
> You know, you really shouldn't killfile people like this, because
> that makes their comments invisible and unchallenged, which means
> that the uninformed may take them as fact.
>
> Save killfiling for the folks who offer nothing but abuse, there
> are "enough" of them around :-)

You have both a valid concern and a good point.

How-some-ever:
*So many* jerks.
*So little* time.
...compounded by a dial-up connection.

John-Paul Stewart

unread,
Sep 1, 2003, 1:55:35 PM9/1/03
to

We seem to be talking about different things here.

I'm talking about the case where an anonymous spammer sends e-mail to
one million different addresses, but forging *my* e-mail address in the
From: field. Now if even 1% of those 1 million addresses use your
system, I'm going to receive 10,000 RAVs from 10,000 *different*
addresses. IOW 10,000 different installations of your software only
generated a single RAV each, but an innocent third party has ended up
with all 10,000 of them.

Note that in this case the person receiving those 10,000 RAVs (me) is
not *necessarily* using elrav.

Q1: What are the consequences of sending 10,000 RAVs from 10,000
different users to somebody who is *not* using elrav himself? I suspect
the poor guy is going to end up with a full mailbox.

Q2: What about the case where the third party *is* using elrav?
Presumably the system is smart enough not to send out RAVs for incoming
RAVs, but can it recognize those incoming RAVs as being bogus and
silently discard them?

The first case is what I'm really concerned about, though.

Whoever

unread,
Sep 1, 2003, 2:18:49 PM9/1/03
to
On Mon, 1 Sep 2003, Alan Connor wrote:

>
> That's only part of the picture, and you know it.
>
> Do you send the mail that *might be* spam to /dev/null or put it in a
> directory to look over later?

One of the great things about SA is that SA does not define what to do
with the spam. It's trivially easy to send high scoring spam to /dev/null,
while tagging other emails for review. Your question assumes a
black-and-white approach of delete/not-delete.

>
> Do you always review your mail logs to see if non-spam got classified as
> spam?

With the scheme I described above, individuals can have the option of
reviewing the lower-scoring spam. Higher-scoring spam does not have to be
delivered to user mailboxes.

Tagging the lower scoring spam allows users to filter in the client mail
programs and review (or just delete all from) a single mailbox. This is
much easier than reviewing untagged emails.

>
> Do you spend time regularly up-dating your filters?

I doubt any SA user does this, except for the developers.

>
> Do you lose non-spam mail?

Do *you* lose non-spam mail? I strongly suspect you do.

For SA users, this depends on the thresholds they set and what they want
to do with the spam. With the settings we use, about 70% of the spam is
not delievered to user mailboxes. 25% is tagged and delivered and perhaps
5% slips though. This may be high, but:
1. It dramatically reduces the amount of time users spend dealing with
spam.
2. It sets the likelyhood of a false positive at a trivially low level.

>
> Maybe you are the exception, but I have been following SA posts for quite
> a while, and almost every SA user FREAKS if they LOSE spam before getting
> to look it over.

Eveidently you have trouble reading, because I posted earlier that my
network sends spam to a mailbox that no-one ever reads. No-one looks it
over.

> Enough to convince me. I don't care what YOU think, unless you can
> offer contrary evidence.

This is pointless, countless people have posted that SA works, but all you
do is claim that such people are spammers.

>
> I know for a fact that many of the apparently normal SA users are
> spammers.

Do you have any facts on which to base that? Other than circular
arguments?

> SA (etc) doesn't work, if one's object is to rid one's life of spam and worrying
> about it and messing with it.
>
> >> If you want spam, then use SA and its relatives. If you don't, use elrav1
> >> and its relatives.

If you want to lose a lot of email, use elrav1. If you want to receive
only spam filtered email, use SA.

>
> I don't hate spam, I just won't tolerate it in my life, at all.

That's fine. It's up to you to decide how much legitimate email you are
prepared to lose in order to eliminate spam. Most companies just are not
prepared to lose sales because of spam filtering.

>
> Nor will I put up with programs that can't actually tell spam from non-spam
> and need constant oversight.

Have you ever actually *used* SA?

Question for you:
How do you use elrav1 and receive emails from mailing lists that set the
"From" address as the original sender's eamil address?


Whoever

unread,
Sep 1, 2003, 2:25:22 PM9/1/03
to
On Mon, 1 Sep 2003, John Winters wrote:

> In article <Pine.LNX.4.44.0309011050240.27738-100000@c941211-a>,
> Whoever <nob...@devnull.none> wrote:
> [snip]

> >the most all-encompassing might be "that which I do not want to receive".
> >The problem for such a definition that one person's spam is another
> >person's ham.
>
> I don't think the line is nearly as vague as that. I suppose it's possible
> that there are people out there who welcome e-mail information about how
> to increase the size of their poultry or defraud multi-national operations
> in Nigeria, but it's very unlikely.

Well, people have been defraduded through the 419 schemes, so clearly
those people did welcome the original email.

>
> For a start at an attempted classification one could just ask, "Was this
> message composed specifically with me in mind?" If someone writes to me
> saying they've seen my website and they have a product which they think
> I might like to stock (and it is clear that they really have done this)
> then technically it's UCE,

Websites can have a contact address. Any relevent email sent to that
address is clearly not unsolicited.

>
> Yes, there can be some borderline cases but the vast majority of Spam is
> Spam in *everybody's* book.

Yes, there is a subset of spam that the vast majority of people will agree
is spam.


/dev/rob0

unread,
Sep 1, 2003, 2:07:55 PM9/1/03
to
In article <2YK4b.4742$tw6...@newsread4.news.pas.earthlink.net>,

Alan Connor wrote:
> On Mon, 01 Sep 2003 11:37:28 -0400, John-Paul Stewart <jpst...@sympatico.ca> wrote:
> [snip]

> Hey guy, we are using the program and if you don't like it, try writing
> your congressperson.

I would not assume that a poster from a Canadian ISP and under a .ca
address would care to have any correspondence with a member of the U.S.
Congress. Certainly not "his" "congressperson".

Sorry, I know it's a cheap shot, but it was easy. I couldn't resist. :)

Ed Murphy

unread,
Sep 1, 2003, 2:52:42 PM9/1/03
to
On Mon, 01 Sep 2003 17:01:50 +0000, Alan Connor wrote:

>>> Anyway, it appears to be a set of front-end scripts to procmail
>>> that implements the following:

> "Appears" to be? Here's the first paragraph of the introduction:
>
> elrav1 (Entry-List-Request-for-Address-Validation-One) is a simple,
> textmode front end for the procmail package. It can be run from a tty, an
> xterm, or any equivalent utility. It operates indepentently of your mail
> client and doesn't care what your MTA is.

It is indeed a set of front-end scripts to procmail. I don't doubt
that. It's the "implements the following" that I wasn't sure about.

>>> 1) [pass]listed senders are allowed
>>> 2) Non-whitelisted senders are sent "Please reply to this with <key>"
>>> 3) Messages with <key> become whitelisted

> That's an oversimplification

Okay, we also have the following.

4) Option: Whitelist may contain entire domains, as well as
individual e-mail addresses
5) Option: Three-strikes rule (multiple failures to reply with
<key> leads to auto-blocking)
6) Option: Friends / domains / password / blocked lists may be
manually edited

There, does that cover all the core features?

>>> Some Windoze viruses look at the victim's address book when forging a
>>> From: line. Such From: lines have a reasonable chance of being on
>>> your whitelist. (If you are their friend, then they might be yours as
>>> well.) Does elrav1 have any ability to detect forged From: lines? (I
>>> don't know; I'm asking.)

>> It would also appear that spammers harvest e-mail addresses from Usenet
>> not only as targets for their spam, but also to use as return
>> addresses. (I have seen spam with my own e-mail address in the From:
>> field. I don't use Windows at all, so it is not a Windows virus that
>> put it there.) I've heard from others here c.o.l.misc who've had the
>> same thing happen, too.

> If that happenned once on an address, elrav1 has a quick and permanent
> fix, which you would know if you had actually read the docs.

I've read the docs, but I don't know what you consider a "fix". Do
you mean "block the compromised address"? That's awfully inconvenient
for your friend, who still legitimately uses that address! Are they
supposed to change addresses just to send e-mail to you?

>> Now imagine what happens when a spammer sends out a million spams with a
>> valid but forged return address. An innocent third party could
>> potentially be innudated with thousands of address varification requests
>> from users of the elrav1 software. That seems like a pretty serious
>> flaw!

> So you are blaming ME for the crimes of spammers?

No, he's blaming you for responding to their crimes in the wrong
way. Sending RAVs to a forged From: is the wrong way!

> And ignoring the fact that MANY spamfighting programs send out far more
> garbage than mine does.

So? Talk about what *your* program does!

>> These are good reasons why spam should never be bounced. The address
>> validation stage is essentially the same thing.

> If you had bothered to actually look at the docs, you would have seen that


> after receiving mail twice from an address that fails to return the
> RAV, any further mail from that address is sent to /dev/null.

This only works if the ~/.elrav1/3strikes directory exists. Also, see
John-Paul Stewart's post: while it protects the victim of a forged From:
from thousands of RAVs from one elrav1 user, it does *not* protect that
victim from thousands of elrav1 users sending one RAV each!

John Winters

unread,
Sep 1, 2003, 2:51:41 PM9/1/03
to
In article <slrnbl72n...@linuxbox.stpaultel.com>,

/dev/rob0 <ro...@gmx.co.uk> wrote:
>In article <2YK4b.4742$tw6...@newsread4.news.pas.earthlink.net>,
> Alan Connor wrote:
>> On Mon, 01 Sep 2003 11:37:28 -0400, John-Paul Stewart <jpst...@sympatico.ca> wrote:
>> [snip]
>> Hey guy, we are using the program and if you don't like it, try writing
>> your congressperson.
>
>I would not assume that a poster from a Canadian ISP and under a .ca
>address would care to have any correspondence with a member of the U.S.
>Congress. Certainly not "his" "congressperson".
>
>Sorry, I know it's a cheap shot, but it was easy. I couldn't resist. :)

Engaging Alan in reasoned debate is a bit like shooting fish in a barrel.

John Winters

unread,
Sep 1, 2003, 2:55:51 PM9/1/03
to
In article <Pine.LNX.4.44.0309011059350.27738-100000@c941211-a>,

Whoever <nob...@devnull.none> wrote:
>On Mon, 1 Sep 2003, Alan Connor wrote:
>
[snip]

>> Do you lose non-spam mail?
>
>Do *you* lose non-spam mail? I strongly suspect you do.

Of course he does. However, since this means that reality fails to fit
in with his decisions about how reality *should* be, he then rationalises
the discrepancy by deciding that the people who won't navigate his
obstacle course are people he didn't want to hear from anyway and so
count as honorary spam.

Alan Connor

unread,
Sep 1, 2003, 2:57:32 PM9/1/03
to

Seems to ME that you should be complaining about the spammer, because
he or she is the one responsible for this mess.

A whole lot of people and organizations send out auto-responses of various
kinds, from vacation-messages to simple acknowledgements of received mail

And a lot of alleged spamfighting software sends auto-responses to the
apparent sender too.

You are saying that all these people have to stop doing these things
because of the crimes of spammers?


> Note that in this case the person receiving those 10,000 RAVs (me) is
> not *necessarily* using elrav.
>

If you were using my program, or one that is similar, then you wouldn't even
know it happened.


> Q1: What are the consequences of sending 10,000 RAVs from 10,000
> different users to somebody who is *not* using elrav himself? I suspect
> the poor guy is going to end up with a full mailbox.
>

See my comments above. I have never heard of this happening, and auto-responses
are hardly a new thing. The functionality for them is one of the key features
of formail, part of the excellent procmail package.


> Q2: What about the case where the third party *is* using elrav?
> Presumably the system is smart enough not to send out RAVs for incoming
> RAVs, but can it recognize those incoming RAVs as being bogus and
> silently discard them?
>

See above.


> The first case is what I'm really concerned about, though.

I think, actually, that you are imagining a worse-case scenario that isn't
likely to happen. I will give some thought to it though. Maybe there is
a way to recognize when something like that is happening.

Okay. I've thought about it :-)

When I send a message to a first-time contact, their address is automatically
passlisted.

I would not receive an RAV from an address that wasn't passlisted.

Therefore, and earlier idea of mine might be just the ticket to nip your
nightmare in the bud.

Have all RAVs be identified by a unique header like this:


X-RAV: Y

(the Y only necessary because my mail client, and I assume others, won't
accept empty headers for posting)

Now anyone using an elrav1-like program would just have a recipe in the
BLOCKED section that would send any mail with that header straight to
/dev/null.

(this section is the last one before the RAV section in elrav1's
part of a ~/.procmailrc, so it wouldn't interfere with anything on the
passlist and none of them would make it to the RAV section.)


Do you like this partial solution, John-Paul?

( I will add that header to elrav1 in the near future, just to get the
ball rolling )


Now to address the real heart of the matter....


Here's Timo Salmi's argument, with which I fully concur:


The problem is spam, not any of the responses to it.

If a significant number of people adopted an RAV program, spam
would simply cease to exist.

---------------------------------

Great feedback!

Alan Connor

unread,
Sep 1, 2003, 2:57:36 PM9/1/03
to

Dear Sam Dave Null and Sam Whoever

I'm not reading your posts.


A.C.


Ed Murphy

unread,
Sep 1, 2003, 3:05:23 PM9/1/03
to
On Mon, 01 Sep 2003 10:19:40 -0700, /dev/rob0 wrote:

> In article <pan.2003.09.01....@socal.rr.com>,
> Ed Murphy wrote:
>
> An excellent article. Thank you.

You're welcome.

>> If any of my friends triggered enough of SA's heuristics that their
>> messages registered as spam, (a) I'd be very surprised and (b) I'd
>> re-evaluate whether they are still my friend.
>
> Well, I think all of us have friends, or at least relatives, who are
> completely clueless. :)

There's a difference between passive cluelessness and actively stupid
behavior. I expect that only the latter would lead to "false" positives.

>> Sure, a smart spammer could read that list and figure sneaky ways around
>> at least some of the rules. But do they /actually do so/? A quick
>
> "Smart spammer" is an oxymoron. Spamming is a violation of many rules of
> nature and of common sense, such as the law of GIGO. I imagine few of
> them actually profit thereby, and those who do eventually get caught.

Ah, but the Second Law of Humanity ("people are dumb") may be trumped
by the First ("people are jerks"). It's also possible to possess great
technical knowledge while severely lacking common sense. (I've been
there. A depressingly large number of people are still there.)

>> eyeballing of the rules, and of some of the spam I've received lately,
>> seems to indicate that they do not!
>
> And why should they? Most reasonable people, even those lacking in
> Net-savvy, ignore all spam anyway. Spammers' targets are those who are
> new to the 'Net, and who are truly gullible enough to believe that the
> child/widow[er]/sibling of a deceased official in an African country has
> actually sought his/her assistance in finding a bank account for the
> decedent's substantial ill-gotten gains.

As several people have independently stated, the most depressing thing
about spam is that it apparently works, every so often.

> Alan's a real GNU/Linux user, and despite the fact that his personality
> gets in the way, he does try to contribute to the community. His angry
> rhetoric and offensive language does not have any emotional effect on
> me, except insofar as it's a disappointment to see his message lost in
> the fuss. So I haven't KF'ed him, nor do I expect to do so.

I'll give him that much, yes. I worry that his personality (along with
a few other highly abrasive ones) will color the community's image in the
eyes of others. This is mostly why I post a lot, despite not really
being a guru; to demonstrate that there are people who will try to help.

Ed Murphy

unread,
Sep 1, 2003, 3:11:13 PM9/1/03
to
On Mon, 01 Sep 2003 17:46:40 +0000, Alan Connor wrote:

> They have a different threshold of spam
>> tolerance. They are not willing to risk losing out on legitimate email
>> in pursuit of the spam-free mailbox.

> I never miss any mail that I want to get.
>
> People that are unwilling to take 5 seconds to return an RAV *once* in
> a lifetime in order to communicate with me, are jerks that I don't want
> to have access to my mailbox.

So it's suitable for you. It's unsuitable for others, and you'd do
well to admit that. (Example: leafnode's web page explicitly says
that it "scales very badly".)

1) Do you recognize that you're being rude?
2) Do you care?

John-Paul Stewart

unread,
Sep 1, 2003, 4:07:16 PM9/1/03
to

But the innocent third party has *no clue* who the spammer is, where the
spam originated from, or any other useful information about the spam.
All that third party sees is a bunch of RAVs (from unique addresses).
Thus the third party only sees two options for sending complaints: the
sender of the RAV (i.e., the victim of the initial spamming) or the
writer of the RAV-sending software.



> A whole lot of people and organizations send out auto-responses of various
> kinds, from vacation-messages to simple acknowledgements of received mail

Sure there are legitimate uses of auto-responses, but one must be
careful not conclude that that means *all* uses of auto-responders are
valid.



> And a lot of alleged spamfighting software sends auto-responses to the
> apparent sender too.

I'd consider any such "alledged spamfighting software" seriously flawed
to the point that I wouldn't use it.



> You are saying that all these people have to stop doing these things
> because of the crimes of spammers?

No. But I am saying that *nobody* should reply to spam.

In the truest sense of the word "spam", the address either 1) belongs to
an innoncent third party, 2) will never be read by a human, 3) or
doesn't exist at all. AIUI, your RAV software will effectively weed out
spam in cases 2 and 3. I want to make you think about handling case
number 1.



> > Note that in this case the person receiving those 10,000 RAVs (me) is
> > not *necessarily* using elrav.
> >
>
> If you were using my program, or one that is similar, then you wouldn't even
> know it happened.

How so? How does your software recognize 10,000 RAVs from unique
addresses as being something that should be discarded? I haven't seen
any explanation of how that works.



> > Q1: What are the consequences of sending 10,000 RAVs from 10,000
> > different users to somebody who is *not* using elrav himself? I suspect
> > the poor guy is going to end up with a full mailbox.
> >
>
> See my comments above. I have never heard of this happening, and auto-responses
> are hardly a new thing. The functionality for them is one of the key features
> of formail, part of the excellent procmail package.

When used properly, auto-responses can be fine. The fact that
acceptable uses exist for auto-responses does not mean that this is an
acceptable use for them.

(I have seen cases where an improperly used 'vacation'-type program sent
out auto-responses about two dozen times per day to a single mailing
list. This is just one example of unacceptable uses of an
auto-responder. Again, I say the mere fact that acceptable uses do
exist does not imply that all uses are acceptable.)



> > Q2: What about the case where the third party *is* using elrav?
> > Presumably the system is smart enough not to send out RAVs for incoming
> > RAVs, but can it recognize those incoming RAVs as being bogus and
> > silently discard them?
> >
>
> See above.

Where? You haven't explained anywhere how 10,000 RAVs from unique
addresses would be recognized as dicardable junk mail.



> > The first case is what I'm really concerned about, though.
>
> I think, actually, that you are imagining a worse-case scenario that isn't
> likely to happen.

It may not be likely to be a problem until a large percentage of users
are using such software. Then two things will happen:

1) The number of RAVs getting sent out will increase. (More users ==
more RAVs)

2) The incentive for spammers to hi-jack e-mail addresses will go up.
(If they know that address A accepts e-mail from address B, that's a
*strong* incentive for them to forge address B when they send the spam.
More to the point, if they know address B is a valid address, then
*somebody, somewhere* must accept mail from it. So they'll hi-jack
address B since they know it'll get through to at least some people.)

> I will give some thought to it though. Maybe there is
> a way to recognize when something like that is happening.
>
> Okay. I've thought about it :-)
>
> When I send a message to a first-time contact, their address is automatically
> passlisted.
>
> I would not receive an RAV from an address that wasn't passlisted.
>
> Therefore, and earlier idea of mine might be just the ticket to nip your
> nightmare in the bud.
>
> Have all RAVs be identified by a unique header like this:
>
> X-RAV: Y
>
> (the Y only necessary because my mail client, and I assume others, won't
> accept empty headers for posting)
>
> Now anyone using an elrav1-like program would just have a recipe in the
> BLOCKED section that would send any mail with that header straight to
> /dev/null.
>
> (this section is the last one before the RAV section in elrav1's
> part of a ~/.procmailrc, so it wouldn't interfere with anything on the
> passlist and none of them would make it to the RAV section.)
>
> Do you like this partial solution, John-Paul?

It might help in the case where the innocent third party uses elrav-like
software. But if he doesn't, then he's still going to get flooded with
RAVs when a spammer "borrows" his e-mail address...one for every user
the original spammer targeted.

Again, my concern is for the innocent third party, who had their e-mail
address used by a spammer, and who has never heard of address
verification software.



> ( I will add that header to elrav1 in the near future, just to get the
> ball rolling )
>
> Now to address the real heart of the matter....
>
> Here's Timo Salmi's argument, with which I fully concur:
>
> The problem is spam, not any of the responses to it.
>
> If a significant number of people adopted an RAV program, spam
> would simply cease to exist.

I disagree. Spammers would just find new ways of getting spam in.

Like I said above, I think they'd be more likely use real e-mail
addresses. Viruses stealing address books would become much more
popular. Think about it: the virus steals a person's address book
knowing that all of those addresses should accept mail from the verified
address of the book's owner. So the spammer can use the book-owner's
address to spam those people knowing that his spam will get past the
address verfication system.

Of course, that's a security problem for the address book/e-mail client
authors to deal with, not a problem with elrav and the like. However, I
don't think elrav (or *any* other means) will ever stop spammers from
sending spam. For how many years have we been trying to deal with
postal junk mail, telemarketers, and the likes? A lot longer than
e-mail spam, I'd say, yet those are still common.

to...@aplawrence.com

unread,
Sep 1, 2003, 4:48:32 PM9/1/03
to
In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
>>
>Fuck you. Killfiled

>If there is anyone reading the list stupid enough to believe a word you say,
>then there is nothing I can do about that.

Is there anyone left he hasn't killfiled?


--
to...@aplawrence.com Unix/Linux/Mac OS X resources: http://aplawrence.com
Get paid for writing about tech: http://aplawrence.com/publish.html

Johann Koenig

unread,
Sep 1, 2003, 4:56:20 PM9/1/03
to
On Mon, 1 Sep 2003 20:48:32 +0000 (UTC)
to...@aplawrence.com wrote:

> In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
> >>
> >Fuck you. Killfiled
>
> >If there is anyone reading the list stupid enough to believe a word
> >you say, then there is nothing I can do about that.
>
> Is there anyone left he hasn't killfiled?

I certainly hope not. I'm counting on him killfiling everyone. Then,
when he sees no posts, he will assume the list is dead and go away.

Yeah, I know, its not going to happen. But I can dream, can't I?
--
-johann koenig
Now Playing: Ace Of Base - Wheel Of Fortune : The Sign
Today is Prickle-Prickle, the 25th day of Bureaucracy in the YOLD 3169
My public pgp key: http://mental-graffiti.com/pgp/johannkoenig.pgp

Peter T. Breuer

unread,
Sep 1, 2003, 5:36:07 PM9/1/03
to
In comp.os.linux.misc Johann Koenig <expl...@att.net> wrote:
> --=.MKFOJc.8?jIWo/
> Content-Type: text/plain; charset=US-ASCII
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit

> On Mon, 1 Sep 2003 20:48:32 +0000 (UTC)
> to...@aplawrence.com wrote:

>> In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
>> >>
>> >Fuck you. Killfiled
>>
>> >If there is anyone reading the list stupid enough to believe a word
>> >you say, then there is nothing I can do about that.
>>
>> Is there anyone left he hasn't killfiled?

> I certainly hope not. I'm counting on him killfiling everyone. Then,

Kookie hasn't killfiled me yet.

The problem with his program is that nobody is going to install it
because it's silly. You don't want to put off people from talking to
you. If I write to somebody I don't know and get a bounce, I'm hardly
going to go and deal with a key to get to them. Well, I might - but not
usually.

What WOULD be a good idea would be to combine it with SA, and let SA
send out a bounce with an offer of a key if they're serious, to
BORDERLINE spam evaluations.

Peter

Alan Connor

unread,
Sep 1, 2003, 5:40:38 PM9/1/03
to
On Mon, 01 Sep 2003 16:07:16 -0400, John-Paul Stewart <jpst...@sympatico.ca> wrote:
>
>


<snip>

>> > system, I'm going to receive 10,000 RAVs from 10,000 *different*
>> > addresses. IOW 10,000 different installations of your software only
>> > generated a single RAV each, but an innocent third party has ended up
>> > with all 10,000 of them.
>> >
>>
>> Seems to ME that you should be complaining about the spammer, because
>> he or she is the one responsible for this mess.
>
> But the innocent third party has *no clue* who the spammer is, where the
> spam originated from, or any other useful information about the spam.
> All that third party sees is a bunch of RAVs (from unique addresses).
> Thus the third party only sees two options for sending complaints: the
> sender of the RAV (i.e., the victim of the initial spamming) or the
> writer of the RAV-sending software.
>

Let some fool try that. I will laugh my ass off.


>> A whole lot of people and organizations send out auto-responses of various
>> kinds, from vacation-messages to simple acknowledgements of received mail
>
> Sure there are legitimate uses of auto-responses, but one must be
> careful not conclude that that means *all* uses of auto-responders are
> valid.
>
>> And a lot of alleged spamfighting software sends auto-responses to the
>> apparent sender too.
>
> I'd consider any such "alledged spamfighting software" seriously flawed
> to the point that I wouldn't use it.
>
>> You are saying that all these people have to stop doing these things
>> because of the crimes of spammers?
>
> No. But I am saying that *nobody* should reply to spam.
>

Agreed. But since there is no software that can reliably tell spam from
not-spam by grepping it, one does the best one can.

> In the truest sense of the word "spam", the address either 1) belongs to
> an innoncent third party, 2) will never be read by a human, 3) or
> doesn't exist at all. AIUI, your RAV software will effectively weed out
> spam in cases 2 and 3. I want to make you think about handling case
> number 1.
>
>> > Note that in this case the person receiving those 10,000 RAVs (me) is
>> > not *necessarily* using elrav.
>> >
>>
>> If you were using my program, or one that is similar, then you wouldn't even
>> know it happened.
>
> How so? How does your software recognize 10,000 RAVs from unique
> addresses as being something that should be discarded? I haven't seen
> any explanation of how that works.
>

Because, and not only is this on my website, but posted just today on this
very newsgroup, elrav1 deals with mail from strangers "invisibly": the
user never knows it came unless the RAV is returned.

>> > Q1: What are the consequences of sending 10,000 RAVs from 10,000
>> > different users to somebody who is *not* using elrav himself? I suspect
>> > the poor guy is going to end up with a full mailbox.
>> >
>>
>> See my comments above. I have never heard of this happening, and auto-responses
>> are hardly a new thing. The functionality for them is one of the key features
>> of formail, part of the excellent procmail package.
>
> When used properly, auto-responses can be fine. The fact that
> acceptable uses exist for auto-responses does not mean that this is an
> acceptable use for them.


You seem to be under the delusion that YOU get to decide what the proper
use of auto-responses are.

>
> (I have seen cases where an improperly used 'vacation'-type program sent
> out auto-responses about two dozen times per day to a single mailing
> list. This is just one example of unacceptable uses of an
> auto-responder. Again, I say the mere fact that acceptable uses do
> exist does not imply that all uses are acceptable.)

To who? Do I need your permission? No.


>
>> > Q2: What about the case where the third party *is* using elrav?
>> > Presumably the system is smart enough not to send out RAVs for incoming
>> > RAVs, but can it recognize those incoming RAVs as being bogus and
>> > silently discard them?
>> >
>>
>> See above.
>
> Where? You haven't explained anywhere how 10,000 RAVs from unique
> addresses would be recognized as dicardable junk mail.
>

Nor did I say that was what was going on.


>> > The first case is what I'm really concerned about, though.
>>
>> I think, actually, that you are imagining a worse-case scenario that isn't
>> likely to happen.
>
> It may not be likely to be a problem until a large percentage of users
> are using such software. Then two things will happen:
>
> 1) The number of RAVs getting sent out will increase. (More users ==
> more RAVs)
>
> 2) The incentive for spammers to hi-jack e-mail addresses will go up.
> (If they know that address A accepts e-mail from address B, that's a
> *strong* incentive for them to forge address B when they send the spam.

That's just stupid. Spammmer cannot operate on individual cases.


> More to the point, if they know address B is a valid address, then
> *somebody, somewhere* must accept mail from it. So they'll hi-jack
> address B since they know it'll get through to at least some people.)
>

Except that the only thing that goes out is an RAV, not a copy of the
spam.

Yes. And my concern is that I don't get any spam.

>> ( I will add that header to elrav1 in the near future, just to get the
>> ball rolling )
>>
>> Now to address the real heart of the matter....
>>
>> Here's Timo Salmi's argument, with which I fully concur:
>>
>> The problem is spam, not any of the responses to it.
>>
>> If a significant number of people adopted an RAV program, spam
>> would simply cease to exist.
>
> I disagree. Spammers would just find new ways of getting spam in.
>

> Like I said above, I think they'd be more likely use real e-mail
> addresses. Viruses stealing address books would become much more
> popular. Think about it: the virus steals a person's address book
> knowing that all of those addresses should accept mail from the verified
> address of the book's owner. So the spammer can use the book-owner's
> address to spam those people knowing that his spam will get past the
> address verfication system.
>

I don't have an address book, or even know what they are.


> Of course, that's a security problem for the address book/e-mail client
> authors to deal with, not a problem with elrav and the like. However, I
> don't think elrav (or *any* other means) will ever stop spammers from
> sending spam. For how many years have we been trying to deal with
> postal junk mail, telemarketers, and the likes? A lot longer than
> e-mail spam, I'd say, yet those are still common.


Well, you are simply wrong.


I NEVER see even the subjects of spam. It is an utter waste of time to
send spam to me.


The RAV *must* be responded to by a human being and it MUST come back from
the same address that was used to acquire it. And the password/address
combo expires after one use.

There is no way to beat that system. They cannot POSSIBLY afford the staff
that would be necessary to get even ONE spam through to a sizable mailing
list.


If it proves necessaary, I can add a script I wrote a few weeks ago to
elrav1: It rejects any RAV's that come back with any changes but quoting.


But this isn't ever going to be needed, because spammers cannot EVER
devote any attention to individual addresses.


It is wonderful to own one's mailbox again. You ought to try it.

Alice

unread,
Sep 1, 2003, 7:50:52 PM9/1/03
to
Ed Murphy wrote:

> On Mon, 01 Sep 2003 11:31:29 +0000, Philipp Pagel wrote:
>
>> People who use spamfilters hate spam (duh!) and thus are extremely
>> unlikely to generate any revenue for the spammer. So the effort of
>> circumventing their filters is probably not worth it.
>
> I'm reminded of the following:
>
> www.miami.com/mld/miamiherald/living/columnists/dave_barry/6649728.htm
>
> And how has the telemarketing industry responded to this tidal wave of
> public hostility? It has issued this statement: "Gosh, if these people
> really don't want us to call them, then there's no point in our calling
> them! We'd only be making them hate us more, and that's just plain
> stupid! We'll try to come up with a less offensive way to do business."
>
> No, wait, that's what the telemarketers would say in Bizarro World,
> where everything is backward, and Superman is bad, and telemarketers
> contain human DNA. Here on Earth, the telemarketers are claiming they
> have a constitutional right to call people who do not want to be
> called. They base this claim on Article VX, Section iii, row 5, seat 2,
> of the U.S. Constitution, which states: ''If anybody ever invents the
> telephone, Congress shall pass no law prohibiting salespeople from
> using it to interrupt dinner.''

Hey cool, I never noticed that part until you pointed it out!

Thanks for a good hearty laugh.

Alice

W. Citoan

unread,
Sep 1, 2003, 8:27:47 PM9/1/03
to
On Mon, 01 Sep 2003 21:40:38 GMT, Alan Connor wrote:
> On Mon, 01 Sep 2003 16:07:16 -0400, John-Paul Stewart
> <jpst...@sympatico.ca> wrote:
>
> > 2) The incentive for spammers to hi-jack e-mail addresses will go
> > up. (If they know that address A accepts e-mail from address B,
> > that's a *strong* incentive for them to forge address B when they
> > send the spam.
>
> That's just stupid. Spammmer cannot operate on individual cases.

[snip]

> > More to the point, if they know address B is a valid address, then
> > *somebody, somewhere* must accept mail from it. So they'll hi-jack
> > address B since they know it'll get through to at least some
> > people.)
>
> Except that the only thing that goes out is an RAV, not a copy of the
> spam.

Spammers are already using valid email addresses of innocent bystanders
in the "From" fields of their emails. One of my coworkers was a victim
of this. He received quite a few complaints about sending spam. Most
people aren't knowledgeable enough to detect these faked addresses.

The recent W32/Sobig.F (and the related Blaster) outbreak is an example
of how a spammer can easily get around an RAV-based system. They would
simply distribute malware that downloads spam and forwards it to
everyone in the user's address book. If the recipient has already gone
through the RAV with the sender, then that spam will pass the filter and
be received.

I would assume that this would be a less frequent occurrence than today's
spam problem, but then the recent security exploits leave me less
confident then I would have been several months back...

> The RAV *must* be responded to by a human being and it MUST come back
> from the same address that was used to acquire it. And the
> password/address combo expires after one use.
>
> There is no way to beat that system. They cannot POSSIBLY afford the
> staff that would be necessary to get even ONE spam through to a
> sizable mailing list.

Looking at your default RAV response, it would be trivial to write a
script that extracts the password, places it the subject line of a
reply, and sends it back. I'm sure you can modify the response to your
individual taste, but if everyone started using your RAV system, I would
think spammers would become quite adapt at using automated tools to
parse the messages and try to figure out the passwords. They might not
get all of them, but I'm sure they would get enough to make it worth
their effort.

- W. Citoan
--
Aphasia:
Loss of speech in social scientists when asked
at parties, "But of what use is your research?"

Whoever

unread,
Sep 1, 2003, 8:47:45 PM9/1/03
to
On Mon, 1 Sep 2003, Alan Connor wrote:

>
> Dear Sam Dave Null and Sam Whoever
>
> I'm not reading your posts.

Usual answer of net.kook!

Oh, and why do you feel it is neccessary to answer my posts with "I am not
reading ..." if you are *really* not reading them.

The *best* way to avoid SPAM is to not post your email address in
websites, usenet, etc.

I have spam-free email addresses because I am careful about my privacy.

Alan Connor

unread,
Sep 1, 2003, 9:14:34 PM9/1/03
to
On Tue, 02 Sep 2003 00:27:47 -0000, W. Citoan <wci...@NOSPAM-yahoo.com> wrote:
>
>
> On Mon, 01 Sep 2003 21:40:38 GMT, Alan Connor wrote:
>> On Mon, 01 Sep 2003 16:07:16 -0400, John-Paul Stewart
>> <jpst...@sympatico.ca> wrote:
>>
>> > 2) The incentive for spammers to hi-jack e-mail addresses will go
>> > up. (If they know that address A accepts e-mail from address B,
>> > that's a *strong* incentive for them to forge address B when they
>> > send the spam.
>>
>> That's just stupid. Spammmer cannot operate on individual cases.
>
> [snip]
>
>> > More to the point, if they know address B is a valid address, then
>> > *somebody, somewhere* must accept mail from it. So they'll hi-jack
>> > address B since they know it'll get through to at least some
>> > people.)
>>
>> Except that the only thing that goes out is an RAV, not a copy of the
>> spam.
>
> Spammers are already using valid email addresses of innocent bystanders
> in the "From" fields of their emails. One of my coworkers was a victim
> of this. He received quite a few complaints about sending spam. Most
> people aren't knowledgeable enough to detect these faked addresses.
>
> The recent W32/Sobig.F (and the related Blaster) outbreak is an example
> of how a spammer can easily get around an RAV-based system.o


Listen friend, you obviously don't know an RAV system from a whole in
the ground.

W. Citoan

unread,
Sep 1, 2003, 9:42:26 PM9/1/03
to
On Tue, 02 Sep 2003 01:14:34 GMT, Alan Connor wrote:
>
> Listen friend, you obviously don't know an RAV system from a whole in
> the ground.

No, what is obvious is that you are unwilling to seriously discuss your
system. You seem unwilling to accept any suggestion that your system is
not full proof.

1) The From address for the spam can be an email address that you have
already accepted via a successful challenge / response. The From
addresses of spams are routinely faked. Any whitelist system (which is
what RAV boils down to after the initial challenge / response) is
susceptible to that.

2) The correct response to the challenge can be parsed from the
challenge. Spammers can simply script the correct response and defeat
the purpose of the challenge.

Your system works for you because those you communicate with are willing
to put up with it and since it's not widespread, spammers aren't
interested in subverting it. But to suggest that if everyone started
using your system, spam would go away is merely a fantasy.

- W. Citoan
--
Weekends were made for programming.
- Karl Lehenbauer

Sam

unread,
Sep 1, 2003, 9:48:53 PM9/1/03
to
Alan Connor writes:

Ok, sunshine, kindly explain how a RAV system differs from a "whole in the
ground".


Alan Connor

unread,
Sep 1, 2003, 9:58:50 PM9/1/03
to
On Tue, 02 Sep 2003 01:42:26 -0000, W. Citoan <wci...@NOSPAM-yahoo.com> wrote:
>
>
> On Tue, 02 Sep 2003 01:14:34 GMT, Alan Connor wrote:
>>
>> Listen friend, you obviously don't know an RAV system from a whole in
>> the ground.
>
> No, what is obvious is that you are unwilling to seriously discuss your
> system. You seem unwilling to accept any suggestion that your system is
> not full proof.
>

Please try to concentrate:

1. I never even see the subject line of spam; in fact, I don't even know it
arrived at my computer. (if it did :-)


2. It never eats mail that I want to receive.

Now *I* call that foolproof.


Of course, we may have different definitions of "foolproof", and that's fine
with me.


Now, please do a little homework, which can be done right here on comp.mail.misc
by reading the post "elrav1: The Spammer's Nemesis", from earlier today.

And when you can tell elrav1 from a slab of concrete, get back to me.

W. Citoan

unread,
Sep 1, 2003, 10:25:34 PM9/1/03
to
On Tue, 02 Sep 2003 01:58:50 GMT, Alan Connor wrote:
>
> Please try to concentrate:
>

I suggest that you follow your own advice. You have made claims that
your system is full proof and that if everyone used your system, spam
would cease to exist. Both of these claims are false.

The fact that you haven't received spam doesn't make your system full
proof. It only means that no one is actively trying to circumvent it.

If you like your system and it works for you, then go ahead and use it.
But claiming that it will stop a spammer who is actively trying to
bypass it from ever getting through and that it is the solution to all
spam is simply bogus.

If you feel otherwise, then explain how it will handle the situations
that I and others have posted. Don't bother claiming that we need to
study up on your system more. We have and we've seen the problems.

- W. Citoan
--
Malek's Law:
Any simple idea will be worded in the most complicated way.

Alan Connor

unread,
Sep 1, 2003, 10:29:56 PM9/1/03
to
On Tue, 02 Sep 2003 02:25:34 -0000, W. Citoan <wci...@NOSPAM-yahoo.com> wrote:
>
>
> On Tue, 02 Sep 2003 01:58:50 GMT, Alan Connor wrote:
>>
>> Please try to concentrate:
>>
>
> I suggest that you follow your own advice. You have made claims that
> your system is full proof and that if everyone used your system, spam
> would cease to exist. Both of these claims are false.


Both of those claims are true.


And, because you are a genuine moron, I am killfiling you.


Now you can go back to trying to figure out how many toes you have.

W. Citoan

unread,
Sep 1, 2003, 10:47:16 PM9/1/03
to
On Tue, 02 Sep 2003 02:29:56 GMT, Alan Connor wrote:
> On Tue, 02 Sep 2003 02:25:34 -0000, W. Citoan
> <wci...@NOSPAM-yahoo.com> wrote:
> >
> > On Tue, 02 Sep 2003 01:58:50 GMT, Alan Connor wrote:
> >>
> >> Please try to concentrate:
> >>
> >
> > I suggest that you follow your own advice. You have made claims
> > that your system is full proof and that if everyone used your
> > system, spam would cease to exist. Both of these claims are false.
>
> Both of those claims are true.
>
> And, because you are a genuine moron, I am killfiling you.
>
> Now you can go back to trying to figure out how many toes you have.

You know, I was giving this guy the benefit of the doubt. That he just
got off on the wrong foot with some of the other posters.

I'm not sure of it's that he can't stand being wrong or that he doesn't
really understand the subject (probably both), but it's clear that he's
incapable of discussing it.

That's my first (public, at least) killfiling! That's a milestone of
sorts to celebrate I guess. :-)

- W. Citoan
--
A friend of mine won't get a divorce, because he hates lawyers more than he
hates his wife.

Sam

unread,
Sep 1, 2003, 10:53:18 PM9/1/03
to
Alan Connor writes:

> On Tue, 02 Sep 2003 02:25:34 -0000, W. Citoan <wci...@NOSPAM-yahoo.com> wrote:
>>
>>
>> On Tue, 02 Sep 2003 01:58:50 GMT, Alan Connor wrote:
>>>
>>> Please try to concentrate:
>>>
>>
>> I suggest that you follow your own advice. You have made claims that
>> your system is full proof and that if everyone used your system, spam
>> would cease to exist. Both of these claims are false.
>
> Both of those claims are true.

No, they're not.

> And, because you are a genuine moron, I am killfiling you.

Translation: "you're not buying my bullshit, and I failed to convince you
that I'm the Messiah. So, I'll just pick up my toes, and go home. Nyah!"

Alice

unread,
Sep 1, 2003, 11:01:27 PM9/1/03
to
Whoever wrote:

>
>>
>> Real solicitations don't bother me.
>
> It raises the interesting question of what is spam and what is not.
> As can be expected, people have different opinions on this, but probably


> the most all-encompassing might be "that which I do not want to receive".
> The problem for such a definition that one person's spam is another
> person's ham.
>

> Overall, I find SA to be highly effective. My company's settings are such
> that it does not tag all spam, but I am prepared to accept that.
> Furthermore, we get a lot of spam that is atypical.

I like SA too, it does a great job. On my personal email, which gets about
200+ messages per day, of which 100-150 are spam, over the last six months
not one falsely tagged spam. A few spams leak through from time to time,
but that is not a problem.

I'm in favor of 100% verified opt-in for anyone trying to sell me anything.
I didn't buy a computer, and pay for a phone line and Internet service so
marketers could get a free ride. I really hate subsidizing them. The
trouble is we've let them get away with it forever- we pay for phone
service so we can be annoyed by telemarketers. Some of us pay for a postal
mailbox. They've sold and re-sold our personal data at will, without our
consent, without giving us a cut. They're used to getting a free ride, it
will take a hell of an effort to change that mindset.

Alice

Alice

unread,
Sep 1, 2003, 11:06:10 PM9/1/03
to
<snip ravings>

You sound nuts. My experience, and the experiences of many people,
contradict your assertions. What do you have against SpamAssassin? You
don't like it- don't use it. Ranting against it is pretty feeble against
the experiences of people who actually use it. If your program is a good
spam-fighting tool, you're discrediting it by sounding like a wacko.I
wouldn't trust code from a crazy person.

Alice

Alan Connor

unread,
Sep 1, 2003, 11:27:05 PM9/1/03
to


Calling someone "nuts" and "whacko" is nothing but an intellectual copout,
and the last resort of bigots.


One gets tired of these sorts of lame attacks from SA users.


Why don't you debate me?


Point-by-point?

Otherwise your post simply has no meaning to me at all.

The opinions of bigots are worthless.


As for using my program, I give you back your own words:


"You dont like- don't use it."


I wrote it for myself, and it does exactly what I want it to do, it
has eliminated spam from my life.

Completely. I don't have to think about it or see it or mess with the
program or anything.


There are around 40 people, now, that I KNOW are using it, and are VERY
happy with it.


Can't see why I should worry about the opinion of someone who doesn't know
anything about, can you?

Jerry Lapham

unread,
Sep 1, 2003, 9:22:56 PM9/1/03
to
In <3F534F2E...@exit109.com>, on 09/01/03
at 09:52 AM, Jean-David Beyer <jdb...@exit109.com> said:

> I used to say that, due to spam and virii, the e-mail will be completely
> useless in five years. That was a couple of years ago. I think I was
> right. Unless something much more effective is done, there are only
> three years to go before I just stop using it. Perhaps I will have to
> delete ALL incoming e-mail except for a very short whitelist of people,
> and the checking will have to be done on the Received: headers, not the
> From: field.

On the other hand, the spam plague could actually have a benefit. Seems
like most spam any more is HTML. Perhaps, to avoid spam, people will quit
accepting HTML e-mail and insist on plain text.

-Jerry
--
============================================================
Jerry Lapham, Monroe, OH
E-Mail: rjla...@infinet.com
Written Monday, September 01, 2003 - 09:22 PM (EDT)
============================================================
MR/2 Ice tag: When sign painters strike, do they carry blank signs?

Alan Connor

unread,
Sep 1, 2003, 11:34:28 PM9/1/03
to
On Mon, 01 Sep 2003 20:06:10 -0700, Alice <m...@privacy.net> wrote:


By-the-way, Alice, elrav1 is just a collection of well-commented shell scripts,
not a bloated binary monstrosity like SA.

If you are at all *nix/sh literate, you can easily read it and see for yourself
what is happenning.

Alan Connor

unread,
Sep 1, 2003, 11:59:10 PM9/1/03
to
On Mon, 01 Sep 2003 21:22:56 -0400, Jerry Lapham <rjla...@infinet.com> wrote:
>
>
> In <3F534F2E...@exit109.com>, on 09/01/03
> at 09:52 AM, Jean-David Beyer <jdb...@exit109.com> said:
>
>> I used to say that, due to spam and virii, the e-mail will be completely
>> useless in five years. That was a couple of years ago. I think I was
>> right. Unless something much more effective is done, there are only
>> three years to go before I just stop using it. Perhaps I will have to
>> delete ALL incoming e-mail except for a very short whitelist of people,
>> and the checking will have to be done on the Received: headers, not the
>> From: field.
>
> On the other hand, the spam plague could actually have a benefit. Seems
> like most spam any more is HTML. Perhaps, to avoid spam, people will quit
> accepting HTML e-mail and insist on plain text.
>
> -Jerry


A lot of people ALREADY refuse HTML mail.

I told my ISP that if they wanted me to read their mail, that it would have
to be in plain text. And so it always is.

Any mail from strangers that comes to my box that is Content-Type: text/html
and over 10kb goes straight to /dev/null.

It's ALWAYS spam.

My regular contacts respect my wishes and don't send me anything but plain
text mail.

HTML belongs on websites, not in mailboxes.

Peter T. Breuer

unread,
Sep 1, 2003, 11:59:23 PM9/1/03
to
In comp.os.linux.misc Alan Connor <alanc...@earthlink.net> wrote:
> On Mon, 01 Sep 2003 20:06:10 -0700, Alice <m...@privacy.net> wrote:
>>
>>
>><snip ravings>
>>
>> You sound nuts. My experience, and the experiences of many people,
>> contradict your assertions. What do you have against SpamAssassin? You
>> don't like it- don't use it. Ranting against it is pretty feeble against
>> the experiences of people who actually use it. If your program is a good
>> spam-fighting tool, you're discrediting it by sounding like a wacko.I
>> wouldn't trust code from a crazy person.
>>

> Calling someone "nuts" and "whacko" is nothing but an intellectual copout,


> and the last resort of bigots.

It is the last resort - you don't argue, you snip peoples arguments and
substitute your own insults. Hence people call you nuts.

> One gets tired of these sorts of lame attacks from SA users.

See! Argue, don't insult.

> Why don't you debate me?

People did. You didn't reply. Your system would let spam through from
spammers who counterfeit From addresses that have alreaded been
greenlighted by your system.

> Point-by-point?

That was the point. And there were several more! You ignored them.

> Otherwise your post simply has no meaning to me at all.

But "otherwise" does not apply. The post in question is merely
summarising the debate, nottaking part in it. It is a metapost.
It is saying "you lost - you are a whacko". Tough. Next time debate
properly and the audience may take a different view.

> The opinions of bigots are worthless.

But she is not a bigot, so your statement is worthless. She has formed
a view on the evidence of the debate you solicited, and so it is not
a prior opinion.

> As for using my program, I give you back your own words:

> "You dont like- don't use it."

> I wrote it for myself, and it does exactly what I want it to do, it
> has eliminated spam from my life.

Only because you have no friends, so it doesn't let spam that pupports
to be from tehm through. Tell us the name of some friends and we'll
pass them on to a spamhaus, and let us know how you get on.

> Completely. I don't have to think about it or see it or mess with the
> program or anything.

See!

> There are around 40 people, now, that I KNOW are using it, and are VERY
> happy with it.

Why would they be happy with it?

> Can't see why I should worry about the opinion of someone who doesn't know
> anything about, can you?

Yep. That you can't see is your problem.

Peter

Whoever

unread,
Sep 2, 2003, 12:04:23 AM9/2/03
to
On Tue, 2 Sep 2003, Alan Connor wrote:

>
> 2. It never eats mail that I want to receive.

Only because your definition of mail that you do not want to receive
includes email from people who won't or can't respond to your challenge.

I could just as easily say:
1. I don't want to receive email from anyone.
2 I am not going to accept any emails
3. I won't miss any emails that I want to receive (since the set of
"emails I want to receive" is empty)
Problem solved!

Oh, by the way, doesn't someone already have a patent on the central
component of your system?


Ed Murphy

unread,
Sep 2, 2003, 12:08:45 AM9/2/03
to
On Tue, 02 Sep 2003 01:58:50 +0000, Alan Connor wrote:

> 1. I never even see the subject line of spam; in fact, I don't even know it
> arrived at my computer. (if it did :-)

Perhaps you missed it when I asked this question before, so here it is
again:

If a spammer forges "From: f...@bar.com", and f...@bar.com is in your
whitelist, then does elrav1 detect it as spam?

I suspect that (a) the answer is no, and hence (b) your system is
*not* foolproof. I'm interested to hear your response, though;
perhaps I have overlooked something.

Alan Connor

unread,
Sep 2, 2003, 12:23:37 AM9/2/03
to
On Tue, 02 Sep 2003 03:59:10 GMT, Alan Connor <alanc...@earthlink.net> wrote:
>


Hey Sam Whoever, in the vain hope that it will at last penetrate what's
left of your mind:


I don't read your childish posts.

You are a boring punk and I have better things to do.


I highly recommend that you get a life.

(this makes HOW many times I have told you this in the last months?
Doesn't it embaress you at all to make a public fool of yourself for
months on end? Or is it that you are simply too dumb to realize that you
are?)

It is loading more messages.
0 new messages