temp email addresses on usenet for spam minimisation
Troy Piggins
valid, but only for a set period of time after they post. I was
thinking this would be a good way to minimise spam and want to test it
out for a while.
Just wanted to ask about the methodology adopted from some of those that
use this method. I will be running it on a linux box using procmail.
I am not interested in munging my email address, and this method will
only be a suppliment to my whitelist/blacklist/procmail
filters/spamassassin combination.
So I was thinking about having an email address valid for about one
month - something like 0508-...@piggo.com for August 2005. I know
there is potential problem if I post on 31 Aug, but maybe I accept mail
to that address for 2 months instead, and overlap the acceptance of that
address with 0509-...@piggo.com.
I'm interested in all comments about the above (email is fine also if
you don't want everyone to know), and to hear how it has been
implemented by others. Also, what about the predictability of my
proposed method? It is quite obvious, I know. But as I said it will
only suppliment my other filters.
Thanks.
--
Troy Piggins
Tarkus
looked into Spamgourmet? I've been using it for years, and it's one of
the coolest services I've ever used. And free.
http://www.spamgourmet.com/index.cgi
--
"I went to the doctor because I'd swallowed a bottle of sleeping
pills. My doctor told me to have a few drinks and get some rest."
- Rodney Dangerfield
Now playing: the radio.
mymomsthi...@yahoo.com
> I've noticed some people on usenet with temporary email addresses -
> valid, but only for a set period of time after they post. I was
> thinking this would be a good way to minimise spam and want to test it
> out for a while.
Why I am responding:
--------------------
I saw this while doing research on the exact opposite question which I
just posted to the nntp newsgrops asking why on earth does an nntp post
require a valid email smtp/pop3 login?
Why do I not with to give my SMTP/POP3 identity away:
-----------------------------------------------------
I did an experiment where I created two email addresses and merely
posted one message with one and did nothing with the other and within
days I had spam on the one (guess which one) and within a couple of
months it was filled with spam.
Had I posted with my real email, the high spam:mail ratio would have
rendered my email address useless.
My response to you:
------------------
Why do you even bother to give a real email address at all (however
temporary)?
Why not just make up a fake one so that the spammers can spam that fake
email to death?
My particular problem:
----------------------
I can't seem to set up Forte Free Agent without giving it a 'real'
email address and that, in the light of the above, is vexing to say the
least!
Amy
gregor herrmann
> So I was thinking about having an email address valid for about one
> month - something like 0508-...@piggo.com for August 2005.
My experience ist that a "+" sign in the address is helpful too (see
my From:) because spammers' scripts often can't handle it.
gregor
--
.''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4
: :' : infos zur usenet-hierarchie at.*: http://www.usenet.at/
`. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/
`-
Alan Connor
Piggins" wrote:
Hi Troy. The problem with this approach is that the address will be receiving spam for long after you drop it. And generating
bounces, etc.
In fact the _domain_ will probably be flooded with spam forever.
Why don't you want to munge your address?
AC
--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
~
Troy Piggins
> If you're not married to the idea of doing your own thing, have you
> looked into Spamgourmet? I've been using it for years, and it's one
> of the coolest services I've ever used. And free.
>
> http://www.spamgourmet.com/index.cgi
Yeah, I have seen that. Not that I am "married", but would just like to
do my own thing. Thanks for the suggestion, though.
How often do you change the address?
--
Troy Piggins
Troy Piggins
> Troy Piggins wrote:
>> I've noticed some people on usenet with temporary email addresses -
>> valid, but only for a set period of time after they post. I was
>> thinking this would be a good way to minimise spam and want to test it
>> out for a while.
>
> Why I am responding:
> --------------------
> I saw this while doing research on the exact opposite question which I
> just posted to the nntp newsgrops asking why on earth does an nntp post
> require a valid email smtp/pop3 login?
It doesn't. NNTP, SMTP, and POP3 are all different protocols used for
different things.
> Why do I not with to give my SMTP/POP3 identity away:
> -----------------------------------------------------
> I did an experiment where I created two email addresses and merely
> posted one message with one and did nothing with the other and within
> days I had spam on the one (guess which one) and within a couple of
> months it was filled with spam.
>
> Had I posted with my real email, the high spam:mail ratio would have
> rendered my email address useless.
Yep - I have done the same experiment. I posted with an email address
for a few weeks, and never again. I still get spam sent to that address
(well, I don't really, but my logs show attempts).
> My response to you:
> ------------------
> Why do you even bother to give a real email address at all (however
> temporary)?
> Why not just make up a fake one so that the spammers can spam that fake
> email to death?
Well, I see that as the spammers beating me. And there have been cases
where people have sent me legitimate emails resulting from usenet posts.
I will not give in to spammers.
> My particular problem:
> ----------------------
> I can't seem to set up Forte Free Agent without giving it a 'real'
> email address and that, in the light of the above, is vexing to say the
> least!
Haven't used Agent myself, but find it hard to believe you can't use a
fake email address. The email addresses you are trying to use - are
they in a valid email address format? eg a...@email.invalid
Or perhaps it isn't Agent imposing the restriction, but rather your
newserver requiring a valid email address as a login/authentication?
Or could it be the free version you are using, and the paid version
allows you to fake/munge email addresses?
Not sure, as I said I have't used Agent before.
--
Troy Piggins
Troy Piggins
> On 31 Jul 2005 22:23:50 GMT, Troy Piggins wrote:
>
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-...@piggo.com for August 2005.
>
> My experience ist that a "+" sign in the address is helpful too (see
> my From:) because spammers' scripts often can't handle it.
Really? I will look into that - hadn't heard that one before. Handy to
know if it is correct. Although I would've thought they had a way
around that by now.
So any other comment? Do you do similar to what I was thinking? I
notice those numbers in your "From" header - is that a disposable
address?
Thanks.
--
Troy Piggins
Sam
> On comp.mail.misc, in <slrndeqjrq...@piggo.com>, "Troy
> Piggins" wrote:
>>
>> I'm interested in all comments about the above (email is
>> fine also if you don't want everyone to know), and to hear
>> how it has been implemented by others. Also, what about the
>> predictability of my proposed method? It is quite obvious, I
>> know. But as I said it will only suppliment my other filters.
>>
>> Thanks.
>>
>> -- Troy Piggins
>
> Hi Troy.
Hi, Beavis! Where have you been for over a week, visiting Bigfoot? How's
the wife and kids?
> The problem with this approach is that the address will be
> receiving spam for long after you drop it.
Not if you do this right.
> And generating bounces, etc.
Who cares. I'm not the one who's going to be bouncing spam.
> In fact the _domain_ will probably be flooded with spam forever.
Not if the domain part no longer exist, because the variable part is in the
domain portion of the E-mail address.
> Why don't you want to munge your address?
Because he's not a Beavis.
Sam
> So I was thinking about having an email address valid for about one
> month - something like 0508-...@piggo.com for August 2005. I know
> there is potential problem if I post on 31 Aug, but maybe I accept mail
> to that address for 2 months instead, and overlap the acceptance of that
> address with 0509-...@piggo.com.
Since this is your domain, and you control it, put the variable part in the
domain address. Set up an MX record for 08.2005.piggo.com, and post as
@08.2005.piggo.com.
In two weeks, set up an MX record for 09.2005.piggo.com, begin using
@09.2005.piggo.com to post to Usenet, and remove the MX record for
08.2005.piggo.com at the end of August.
Lather, rinse, repeat.
You can adjust the granularity to any arbitrary level.
Troy Piggins
> On comp.mail.misc, in <slrndeqjrq...@piggo.com>, "Troy
> Piggins" wrote:
>
>> I've noticed some people on usenet with temporary email
>> addresses - valid, but only for a set period of time after they
>> post. I was thinking this would be a good way to minimise spam
>> and want to test it out for a while.
>> I am not interested in munging my email address,
>> and this method will only be a suppliment to my
>> whitelist/blacklist/procmail filters/spamassassin combination.
>
> Hi Troy. The problem with this approach is that the address will be
> receiving spam for long after you drop it. And generating bounces,
> etc.
>
> In fact the _domain_ will probably be flooded with spam forever.
G'day Alan. It will and it does. Too late to stop that, it already
happens and will continue to do so. But that happens to anyone who owns
a domain name even if you don't post on usenet.
> Why don't you want to munge your address?
As I've said in some of my other replies, I see that as the spammers
beating me. Screw them. I aint hiding.
And I know that you do munge your addy, and that's cool. You want
usenet kept on usenet, and email kept for personal. That's fine.
Thanks for the comments. I am already most of hte way there with this
system being automatic for me, jsut some tweaking at the moment.
--
Troy Piggins
Troy Piggins
* Sam wrote:
>
> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
> Content-Type: text/plain; format=flowed; charset="US-ASCII"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
I know I know, my newsreader is "broken". You are the only person on
usenet I have ever seen this stuff not processed correctly by slrn.
I'll get there with a filter... eventually.
> Troy Piggins writes:
>
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-...@piggo.com for August 2005. I know
>> there is potential problem if I post on 31 Aug, but maybe I accept mail
>> to that address for 2 months instead, and overlap the acceptance of that
>> address with 0509-...@piggo.com.
>
> Since this is your domain, and you control it, put the variable part in the
> domain address. Set up an MX record for 08.2005.piggo.com, and post as
> @08.2005.piggo.com.
>
> In two weeks, set up an MX record for 09.2005.piggo.com, begin using
> @09.2005.piggo.com to post to Usenet, and remove the MX record for
> 08.2005.piggo.com at the end of August.
Ok, I see having variable in the domain part versus username part,
although I am a bit much of a mail server noob. What are the benefits of
this? Does mail sent to the "old" domain bounce, or undeliverable?
Wouldn't that also be possible with invalid usernames?
I will just need to figure out how to automate the MX record update
within postfix if I decide to use this method.
> Lather, rinse, repeat.
Thanks Sam "Martha Stewart" V :-)
--
Troy Piggins
Blinky the Shark
> ["Followup-To:" header set to comp.mail.misc.]
> * Sam wrote:
>> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
>> Content-Type: text/plain; format=flowed; charset="US-ASCII"
>> Content-Disposition: inline
>> Content-Transfer-Encoding: 7bit
> I know I know, my newsreader is "broken". You are the only person on
> usenet I have ever seen this stuff not processed correctly by slrn.
> I'll get there with a filter... eventually.
If you mean the pgp junk, I'm seeing it too, even though I have
set hide_pgpsignature 1
--
Blinky Linux Registered User 297263
Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html
Alan Connor
Piggins" wrote:
> * Alan Connor wrote:
>
>> On comp.mail.misc, in <slrndeqjrq...@piggo.com>, "Troy
>> Piggins" wrote:
>>
>>> I've noticed some people on usenet with temporary email
>>> addresses - valid, but only for a set period of time after
>>> they post. I was thinking this would be a good way to
>>> minimise spam and want to test it out for a while.
>
> [snip]
>
>>> I am not interested in munging my email address,
>>> and this method will only be a suppliment to my
>>> whitelist/blacklist/procmail filters/spamassassin
>>> combination.
>
> [snip]
>
>> Hi Troy. The problem with this approach is that the address
>> will be receiving spam for long after you drop it. And
>> generating bounces, etc.
>>
>> In fact the _domain_ will probably be flooded with spam
>> forever.
>
> G'day Alan. It will and it does. Too late to stop that, it
> already happens and will continue to do so. But that happens
> to anyone who owns a domain name even if you don't post on
> usenet.
:-) Pretty much.
>
>> Why don't you want to munge your address?
>
> As I've said in some of my other replies, I see that as the
> spammers beating me. Screw them. I aint hiding.
I don't hide from people, just spambots.
There is a difference.
I don't have to hide from spammers because they can't beat
my filter. But I see no need to be the cause of more spam
than necessary flooding the Internet.
Most of the 'spam' I get is from the fuckwitted spammer-trolls
who are now going to jump in here and claim that my filter
is spamming the Internet.
----> Big Yawn <----
Happy to ignore their Usenet farts as usual.
>
> And I know that you do munge your addy, and that's cool. You
> want usenet kept on usenet, and email kept for personal.
> That's fine.
Not quite. I want stuff that should be posted on the Usenet to
be posted on the Usenet.
A lot of people from the Usenet contact me, and some have become
regular correspondents.
>
> Thanks for the comments. I am already most of hte way there
> with this system being automatic for me, jsut some tweaking at
> the moment.
>
> -- Troy Piggins
Cheers,
AC
--
alanconnor AT
earthlink DOT net. Use your real return
Troy Piggins
> Troy Piggins wrote:
>> * Sam wrote:
>
>>> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
>>> Content-Type: text/plain; format=flowed; charset="US-ASCII"
>>> Content-Disposition: inline
>>> Content-Transfer-Encoding: 7bit
>
>> I know I know, my newsreader is "broken". You are the only person on
>> usenet I have ever seen this stuff not processed correctly by slrn.
>> I'll get there with a filter... eventually.
>
> If you mean the pgp junk, I'm seeing it too, even though I have
>
> set hide_pgpsignature 1
The term "broken" was used because I have corresponded with Sam about
that before, and that was the term he used. His posts with mimegpg
appear to comply with the relevant RFCs (can't remember the actual
no's), but slrn doesn't handle them properly.
I have looked into it in the past, but didn't have the time to fully
handle it. I was thinking about writing a macro to just strip out the
stuff outside the boundaries, but needed to do a lot more learning about
s-lang etc to complete it.
Wanna share the load ;-) ?
--
Troy Piggins
Sam
>> In two weeks, set up an MX record for 09.2005.piggo.com, begin using
>> @09.2005.piggo.com to post to Usenet, and remove the MX record for
>> 08.2005.piggo.com at the end of August.
>
> Ok, I see having variable in the domain part versus username part,
> although I am a bit much of a mail server noob. What are the benefits of
> this?
If some spamware tries to spam that E-mail address a year from now, it won't
even find your mail server.
> Does mail sent to the "old" domain bounce, or undeliverable?
Try sending mail to <foo...@abracadabra.tld.invalid> and see for yourself
what happens. Both abracadabra.tld.invalid and 08.2005.piggo.com would be
nonexistent domains, and will suffer the same fate, for the purpose of this
experiment.
> Wouldn't that also be possible with invalid usernames?
The spamware will still connect to your mail server, and attempt to deliver
the message, which you will reject. There are known flavors of spamware
that will repeatedly try to deliver spam even after a permanent delivery
failure. The spamware will make repeated delivery attempts through
different zombies, on the theory that the delivery failure is due to a
blacklisted zombie.
When the domain is invalid, the spamware will not even find your mail
server. So, each spamware attempted delivery attempt will only cause a
failed DNS lookup.
An even better idea is to put in a wildcard MX to 127.0.0.1, so that the
failed DNS lookup gets cached.
Blinky the Shark
>> set hide_pgpsignature 1
Sorry -- it's my turn to wash and wax the elephants this week. :)
(I know nothing about s-lang.)
Sam
> I don't have to hide from spammers because they can't beat
> my filter.
Right, Beavis. It's difficult to “beat” your procmail recipe:
:0
/dev/null
> A lot of people from the Usenet contact me, and some have become
> regular correspondents.
Beavis, how long have you been posting to Usenet?
Sam
> that before, and that was the term he used. His posts with mimegpg
> appear to comply with the relevant RFCs (can't remember the actual
> no's), but slrn doesn't handle them properly.
Why, it's RFC 2015.
I have a standing open challenge for anyone to identify anything in this
message (or in any one I've posted for many years now) that disagrees with
RFC 2015. If there's something here that's not right, then I'll fix it.
Troy Piggins
I couldn't see anything non-compliant last time I looked into it with my
inexperienced eyes.
--
Troy Piggins
Troy Piggins
* Sam wrote:
>>
>> Ok, I see having variable in the domain part versus username part,
>> although I am a bit much of a mail server noob. What are the benefits of
>> this?
>
> If some spamware tries to spam that E-mail address a year from now, it won't
> even find your mail server.
>
>> Does mail sent to the "old" domain bounce, or undeliverable?
>
> Try sending mail to <foo...@abracadabra.tld.invalid> and see for yourself
> what happens. Both abracadabra.tld.invalid and 08.2005.piggo.com would be
> nonexistent domains, and will suffer the same fate, for the purpose of this
> experiment.
>
>> Wouldn't that also be possible with invalid usernames?
>
> The spamware will still connect to your mail server, and attempt to deliver
> the message, which you will reject. There are known flavors of spamware
> that will repeatedly try to deliver spam even after a permanent delivery
> failure. The spamware will make repeated delivery attempts through
> different zombies, on the theory that the delivery failure is due to a
> blacklisted zombie.
>
> When the domain is invalid, the spamware will not even find your mail
> server. So, each spamware attempted delivery attempt will only cause a
> failed DNS lookup.
>
> An even better idea is to put in a wildcard MX to 127.0.0.1, so that the
> failed DNS lookup gets cached.
I see. Thanks for putting it in layman's terms for me. Sounds like the
path I will (attempt to) take.
Thanks again.
--
Troy Piggins
Blinky the Shark
> If you use Free Agent for email you have to give Agent your real email
> address. To hide your real address in newsgroups, first highlight all
> your subscribed newsgroups and then click on Properties and enter a
> fake email address. In future when you post with Agent in newsgroups
> your fake email address will be displayed, however if you reply by
> email your real email address will be shown.
<noting the address you're flying and that I have been known to use>
Ian, what's the deal with privacy.net? When they (I believe) changed
hands and the new site (definitely) appeared, there was no longer any
mention of the old m...@privacy.net (and me[number]@privacy.net) hole(s).
I looked all over the place. Are you sure that's still available in the
form it was before?
Blinky the Shark
> On 1 Aug 2005 07:41:13 GMT, "Blinky the Shark"wrote:
>>Ian Anderson wrote:
>>> If you use Free Agent for email you have to give Agent your real email
>>> address. To hide your real address in newsgroups, first highlight all
>>> your subscribed newsgroups and then click on Properties and enter a
>>> fake email address.
>><noting the address you're flying and that I have been known to use>
>>Ian, what's the deal with privacy.net? When they (I believe) changed
>>hands and the new site (definitely) appeared, there was no longer any
>>mention of the old m...@privacy.net (and me[number]@privacy.net) hole(s).
>>I looked all over the place. Are you sure that's still available in the
>>form it was before?
> The web page once said those addresses were available to be used and
> as far as I know there is nowhere on the web pages where it asks
> people to stop using them. If such a request was made I would stop
> using the email address immediately. But those addresses must be in
> wide use to avoid spam in newsgroups by thousands possibly millions of
> people.
I sent a post to m...@privacy.net this morning; I haven't seen a bounce.
I take this as a good sign (in terms of the service still being up and
available), since that's the way it worked when we know it was up.
Frank Slootweg
[deleted]
> I sent a post to m...@privacy.net this morning; I haven't seen a bounce.
> I take this as a good sign (in terms of the service still being up and
> available), since that's the way it worked when we know it was up.
Perhaps I remember wrong, but AFAIR, m...@privacy.net used to 'bounce',
i.e. give a return message saying something to the effect that it was
a dummy address and that mail to it was not read. IMO, that was the good
thing, i.e. respondents which were not aware of what m...@privacy.net
was/meant at least got notification that their mail 'failed'.
Blinky the Shark
Contrast that to the bounce I just got, that still, along with any
mention of it at the new web site, makes me think the service has been
disabled:
<q>
This message was created automatically by mail delivery software (Exim).
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on
fall-pradero.atl.sa.earthlink.net.
...
The address to which the message has not yet been delivered is:
</q>
Blinky the Shark
> Frank Slootweg wrote:
>> Blinky the Shark <no....@box.invalid> wrote: [deleted]
>>> I sent a post to m...@privacy.net this morning; I haven't seen a
>>> bounce. I take this as a good sign (in terms of the service still
>>> being up and available), since that's the way it worked when we know
>>> it was up.
>> Perhaps I remember wrong, but AFAIR, m...@privacy.net used to
>> 'bounce', i.e. give a return message saying something to the effect
>> that it was a dummy address and that mail to it was not read. IMO,
>> that was the good thing, i.e. respondents which were not aware of
>> what m...@privacy.net was/meant at least got notification that their
>> mail 'failed'.
> Contrast that to the bounce I just got, that still, along with any
Along with there *not being* any mention of it...
My bad writing.
Frank Slootweg
> Frank Slootweg wrote:
> > Blinky the Shark <no....@box.invalid> wrote: [deleted]
>
> >> I sent a post to m...@privacy.net this morning; I haven't seen a
> >> bounce. I take this as a good sign (in terms of the service still
> >> being up and available), since that's the way it worked when we know
> >> it was up.
>
> > Perhaps I remember wrong, but AFAIR, m...@privacy.net used to
> > 'bounce', i.e. give a return message saying something to the effect
> > that it was a dummy address and that mail to it was not read. IMO,
> > that was the good thing, i.e. respondents which were not aware of
> > what m...@privacy.net was/meant at least got notification that their
> > mail 'failed'.
>
> not being] any mention of it at the new web site, makes me think the
> service has been disabled:
>
> <q>
>
> This message was created automatically by mail delivery software (Exim).
>
> A message that you sent has not yet been delivered to one or more of its
> recipients after more than 24 hours on the queue on
> fall-pradero.atl.sa.earthlink.net.
>
> ...
>
> The address to which the message has not yet been delivered is:
>
> m...@privacy.net
>
> </q>
I also sent a test message and got this, more specific, response:
> Reporting-MTA: dns; smtp4.wanadoo.nl
> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)
>
> Final-Recipient: rfc822; m...@privacy.net
> Action: delayed
> Status: 4.0.0
> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)
Note the "timed out" bit. So apparently my MSP's mailserver
(smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
out.
Perhaps the more knowledgeable (than I) people in the audience can
indicate which scenario would give this response, in the context of a
m...@privacy.net target address. I.e. if privacy.net does not accept mail
to m...@privacy.net, then why the time-out instead of an 'immediate'
reject? And if it does accept mail, then why does Blinky's mail fail and
mine time-out (and probably fail later)?
Steve Baker
wrote:
>> Reporting-MTA: dns; smtp4.wanadoo.nl
>> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)
>>
>> Final-Recipient: rfc822; m...@privacy.net
>> Action: delayed
>> Status: 4.0.0
>> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
>> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)
>
> Note the "timed out" bit. So apparently my MSP's mailserver
>(smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
>out.
No, the thing that is timing out is the TCP/IP connection attempt to
206.207.85.33. That is a temporary error, a mailserver will keep trying
to connect for a period of time... often for around 4 days. What you
guys got was a status report indicating that there was a temporary
delivery problem. After a while (on Aug 8 in your case) you will get a
status report indicating that that the server has given up, that it
considers the message undeliverable.
There are no MX records for privacy.net, but there is an A record
(206.207.85.33). If there was also no A record, you would get an
immediate permanent error of "unknown host" or something like that.
If the address m...@privacy.net was an invaild address at a server that
was otherwise accepting email addressed to @privacy.net, there would be
an immediate permanent error when that server said "no such user" in
some fashion.
Steve Baker
Neil Woods
Privacy.net used to have an MX record which pointed to mail.privacy.net,
which resolved to 127.0.0.1.
I've no idea when this stopped working, but I would assume it was when
ownership changed to its present one.
I think this must have been after the time you mentioned (approximately
a year or so ago).
--
Neil.
Blinky the Shark
>> <q>
>> ...
>> </q>
My error message did say it'd keep trying for a while; I didn't realize that
was relevant, and snipped it. (That's implied by the "yet" in the bulk
of the bounce message that I did post, above.) I've received nothing
more from the server as of today.
Blinky the Shark
I just sent consumer.net - the contact shown for the privacy.net home
page - a query:
<q>
Regarding privacy.net:
Before privacy.net apparently changed hands and a new web site appeared,
it offered email addresses m...@privacy.net and m...@privacy.net through
me9@privacy net (and perhaps some other addresses) as spam holes; i.e.,
it made those addresses available to the public to use in situations
where they were likely to be harvested by spammers, with the
understanding that any mail to them would be bounced.
I find nothing on the new privacy.net site about this public service.
Does that imply it's no longer being offered and we should stop using
those addresses as spam holes? Or are they still available and just not
promoted for some reason? Is the new site still incomplete?
I and others who don't know your current intent with regard to this
service await clarification.
Thanks.
</q>
Since they don't have the smarts to *either* say the service is closed
or continue to mention it on the site, I doubt that I'll get an answer;
or if I do, it'll probably be of the form "uh...what service?", which I
can't explain any more clearly to the new owners.
NormanM
> As you rightly mentioned they originally offered use of addresses from
> "m...@privacy.net and m...@privacy.net through to m...@privacy.net" but I
> see others now putting what.ever...@privacy.net.
I thought the original "they" were different from the current "they".
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Steve Baker
wrote:
>Since they don't have the smarts to *either* say the service is closed
>or continue to mention it on the site, I doubt that I'll get an answer;
>or if I do, it'll probably be of the form "uh...what service?", which I
>can't explain any more clearly to the new owners.
Why do you care? Using no....@box.invalid is a *much* more
net-friendly way to go if privacy.net was indeed refusing email sent to
m...@privacy.net; in that case there would be email abusive to third
parties floating around as a result of spam and virus propogations.
Which makes me doubt that there ever was a mailserver associated with
privacy.net.
Steve Baker
Blinky the Shark
> On 4 Aug 2005 20:02:03 GMT, "Blinky the Shark"wrote:
>>I just sent consumer.net - the contact shown for the privacy.net home
>>page - a query:
>><q>
>>Regarding privacy.net:
>>Before privacy.net apparently changed hands and a new web site appeared,
>>it offered email addresses m...@privacy.net and m...@privacy.net through
>>me9@privacy net (and perhaps some other addresses) as spam holes; i.e.,
>>it made those addresses available to the public to use in situations
>>where they were likely to be harvested by spammers, with the
>>understanding that any mail to them would be bounced.
>>I find nothing on the new privacy.net site about this public service.
>>Does that imply it's no longer being offered and we should stop using
>>those addresses as spam holes? Or are they still available and just not
>>promoted for some reason? Is the new site still incomplete?
>>I and others who don't know your current intent with regard to this
>>service await clarification.
>>Thanks.
>></q>
>>Since they don't have the smarts to *either* say the service is closed
>>or continue to mention it on the site, I doubt that I'll get an answer;
>>or if I do, it'll probably be of the form "uh...what service?", which I
>>can't explain any more clearly to the new owners.
> That sounds very clear to me so it will be interesting to see what
> reply you might receive from them.
> As you rightly mentioned they originally offered use of addresses from
> "m...@privacy.net and m...@privacy.net through to m...@privacy.net" but I
> see others now putting what.ever...@privacy.net.
Yes, some people will abuse whatever they can get their hands on.
> It seems to be well and truly out of control.
Perhaps that's why they dropped it, if they did.
Blinky the Shark
> On Fri, 05 Aug 2005 11:16:31 +1000, Ian Anderson wrote:
>> As you rightly mentioned they originally offered use of addresses from
>> "m...@privacy.net and m...@privacy.net through to m...@privacy.net" but I
>> see others now putting what.ever...@privacy.net.
> I thought the original "they" were different from the current "they".
I think that's the assumption we've been working with, here.
Blinky the Shark
> On 4 Aug 2005 20:02:03 GMT, Blinky the Shark <no....@box.invalid>
> wrote:
>>Since they don't have the smarts to *either* say the service is closed
>>or continue to mention it on the site, I doubt that I'll get an answer;
>>or if I do, it'll probably be of the form "uh...what service?", which I
>>can't explain any more clearly to the new owners.
> Why do you care? Using no....@box.invalid is a *much* more
Why is my reason for caring important?
> net-friendly way to go if privacy.net was indeed refusing email sent to
> m...@privacy.net; in that case there would be email abusive to third
> parties floating around as a result of spam and virus propogations.
> Which makes me doubt that there ever was a mailserver associated with
> privacy.net.
Then what was sending their custom bounces?
Steve Baker
wrote:
>> net-friendly way to go if privacy.net was indeed refusing email sent to
>> m...@privacy.net; in that case there would be email abusive to third
>> parties floating around as a result of spam and virus propogations.
>> Which makes me doubt that there ever was a mailserver associated with
>> privacy.net.
>
>Then what was sending their custom bounces?
I don't know. Some research indicates that privacy.net had an MX
record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
"localhost", so privacy.net couldn't have been been sending "custom
bounces" in that case. But outgoing mailservers that accepted
m...@privacy.net as a valid address would have then sent bounces
indicating that the email was undeliverable. I don't think they should
accept email when the MX record points to 127.0.0.1, but I don't really
know.
I don't know what the setup was, but it's certainly no surprise that
a privately owned outfit would suddenly change their policies or sell
their domain name.
Steve Baker
Blinky the Shark
> On 5 Aug 2005 08:04:27 GMT, Blinky the Shark <no....@box.invalid>
> wrote:
>>> net-friendly way to go if privacy.net was indeed refusing email sent to
>>> m...@privacy.net; in that case there would be email abusive to third
>>> parties floating around as a result of spam and virus propogations.
>>> Which makes me doubt that there ever was a mailserver associated with
>>> privacy.net.
>>Then what was sending their custom bounces?
> I don't know. Some research indicates that privacy.net had an MX
> record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
> "localhost", so privacy.net couldn't have been been sending "custom
> bounces" in that case. But outgoing mailservers that accepted
> m...@privacy.net as a valid address would have then sent bounces
> indicating that the email was undeliverable. I don't think they should
> accept email when the MX record points to 127.0.0.1, but I don't really
> know.
Nor do I.
> I don't know what the setup was, but it's certainly no surprise that
> a privately owned outfit would suddenly change their policies or sell
> their domain name.
I don't believe I showed any surprise.
Steve Baker
wrote:
>>>Then what was sending their custom bounces?
>
>> I don't know. Some research indicates that privacy.net had an MX
>> record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
>> "localhost", so privacy.net couldn't have been been sending "custom
>> bounces" in that case. But outgoing mailservers that accepted
>> m...@privacy.net as a valid address would have then sent bounces
>> indicating that the email was undeliverable. I don't think they should
>> accept email when the MX record points to 127.0.0.1, but I don't really
>> know.
>
>Nor do I.
Can you show us an example of a "custom bounce"?
Steve Baker
Blinky the Shark
>>Nor do I.
Not with the service apparently disabled.
Blinky the Shark
>> <q>
>> ...
>> </q>
Today (or perhaps last night) I got the final bounce on my post (above).
Now I can't find it (sorry!), but it was a tried-for-four-days-giving-up
bounce.
Troy Piggins
> On Sun, 31 Jul 2005, Troy Piggins wrote:
>> I've noticed some people on usenet with temporary email addresses -
>> valid, but only for a set period of time after they post. I was
>> thinking this would be a good way to minimise spam and want to test
>> it out for a while.
>>
>> Just wanted to ask about the methodology adopted from some of those
>> that use this method. I will be running it on a linux box using
>> procmail.
[snip]
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-...@piggo.com for August 2005. I know
>> there is potential problem if I post on 31 Aug, but maybe I accept
>> mail to that address for 2 months instead, and overlap the acceptance
>> of that address with 0509-...@piggo.com.
>>
>> I'm interested in all comments about the above (email is fine also if
>> you don't want everyone to know), and to hear how it has been
>> implemented by others. Also, what about the predictability of my
>> proposed method? It is quite obvious, I know. But as I said it will
>> only suppliment my other filters.
>
> The real trick is to have a way of generating a non-trivially-revealed
> mailbox address that has a time code in it. This way, your mail
> server can be programmed to automatically reject mail received after
> some time window from the generation time.
>
> Example:
>
> Mailbox generates only a username portion time coded:
> 20050...@x.net
>
> Server recognizes the timestamp as for 08 August 2005, and has a 7
> day window. Therefore, it rejects all mail received on or after 15
> August sent to this mailbox.
>
> Of course, one must somehow encrypt or otherwise obscure the timestamp
> part for it to be useful. Otherwise, some spammer may recognize the
> pattern and send to a logically current mailbox (e.g.
> "20050815xxx@..." for a week later). The encryption needs to generate
> a result that lies in the RFC2822 username part syntax and SHOULD also
> have a one or more randomly generated bits interspersed (at known
> locations) to throw off any guessers. It's even better if this
> results in other than a fixed-length encoding.
>
> Those who have control over their own DNS records can also implement
> part of the timecode into the domain name, especially if they have
> some sub-zone available to them where they can wildcard-cname it to
> their mail server, e.g.
>
> *.domain.com. IN CNAME mail.domain.com.
>
> One day or one week granularity is all that is really needed in the
> timecode - for windowing purposes. Of course, if one want granularity
> up to the second, then no generated mailbox should equal any other.
> Some people may want a reception window as wide as a month and not the
> 1 week I used in the example.
>
> For those with less control, one can vary the "plussed" part to an
> otherwise constant username - but then one needs to reject mail (where
> the sender isn't already whitelisted) that lacks a "+" part.
>
> Remember: Whatever timestamp encoding is done, it must be decodable
> by the mail server (best case) or mail reading client (worst case),
> but not trivially decodable by a person (spammer - so don't simply use
> a "YYYYMMDD"[e.g.] pattern).
Wow - thanks mate. Good advice.
I would think one week is a bit short for me, but I get the idea. I
will also have some fun with the wildcard-cname because I am by no means
a DNS expert, but I do have some control over it so will look into it.
Will also have to look into the syncronising of the timestamp with
postfix, but am loving the challenge :-)
--
Troy Piggins
(playing with disposable email addresses
and message IDs to minimise spam)