2nd RFD: comp.org.cauce moderated
John C. Mozena
REQUEST FOR DISCUSSION (RFD)
moderated group comp.org.cauce
This is a formal Request For Discussion (RFD) for the creation of a
world-wide moderated Usenet newsgroup comp.org.cauce. This is not a
Call for Votes (CFV); you cannot vote at this time. Procedural
details are below.
Newsgroup line:
comp.org.cauce The Coalition Against Unsolicited Commercial E-Mail. (Moderated)
CHANGES from previous RFD:
Added possibility of institution of "Dave the Resurrector" should forged
cancels become an issue.
Added mechanism for adding/removing moderators.
Added mechanism for modbot recognition of "spamblocked" addresses of a
specific format.
RATIONALE: comp.org.cauce
The Coalition Against Unsolicited Commercial E-Mail (CAUCE) is the largest
organization dedicated to the eradication of unsolicited commercial e-mail
(UCE, or "spam"). Its activities are currently discussed on
news.admin.net-abuse.email, news.admin.net-abuse.policy, the SPAM-L
mailing list and on a closed list internal to CAUCE. There is also a CAUCE
e-newsletter.
CAUCE has over 4000 members and many more people interested in its efforts
to extend the "junk fax" law to cover e-mail. Currently, there is no
single forum in which CAUCE can make announcements, educate its members
and discuss its activities and philosophy with interested parties.
The extremely high traffic on news.admin.net-abuse.email and on SPAM-L
makes it difficult for persons interested in discussing CAUCE's activities
to find information about the organization. A dedicated newsgroup will
facilitate this discussion.
CHARTER: comp.org.cauce
Comp.org.cauce is dedicated to announcements from and discussion of the
Coalition Against Unsolicited Commercial E-Mail <http://www.cauce.org>.
Any and all posts directly related to CAUCE or anti-spam legislation in
general are welcome.
The newsgroup, while founded by CAUCE, is not censored by the organization
in any way. It is robomoderated to eliminate crossposts and advertisements
only -- opinions contrary to those of CAUCE are solicited.
No advertisements (with the exception of those contained in standard
.signature files) are welcome.
Posters are also asked to keep the discussion civil -- ad hominem attacks
are not conducive to serious policy discussion.
Reposts of UCE or spam, other than those used for demonstration purposes,
are not necessary. Use news.admin.net-abuse.sightings or
news.admin.net-abuse.email instead.
END CHARTER.
MODERATOR INFO: comp.org.cauce
Moderator: John Levine <jo...@iecc.com>
Moderator: John C. Mozena <m...@mich.com>
Moderator: Corey Snow <co...@snowpoint.com>
Submission address: <comp-or...@abuse.net>
Comp.org.cauce is robomoderated. Messages crossposted to comp.org.cauce
and more than one other group will be rejected and returned to the sender
with an explanation of the newsgroup's moderation policy. Messages
crossposted between comp.org.cauce and another moderated group will
receive the same treatment.
In addition to the crosspost policy, the initial post from each discrete
address will result in an e-mail from the modbot to that address
containing a unique token, which must be returned to an e-mail address
specified in the message containing the token. The initial message will
then be posted and future messages will be posted automatically unless
they violate the crosspost limitation. Successful posts will receive an
e-mail confirmation of their propagation. Three permanent rejections of
confirmation e-mails will require re-registration of a valid address with
the modbot.
Posters will have the option to use "spamblocks" of defined
characteristics. As the moderators are opposed to any system of spamblocks
that send rejected messages to innocent postmasters, users wishing to use
spamblocked addresses on comp.org.cauce must use software that accepts
messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
address and "-XXX" is a hash of the Subject: line of the post. The user
can then filter on "-XXX," accepting only that mail for which the hash
resolves. If the user does not implement the software necessary to resolve
the hashes and read legitimate mail, the confirmation messages from the
modbot will bounce and the poster will be automatically blocked from
posting. This is necessary in order to keep posters from using the
spamblock, not resolving addresses and inundating their postmaster with
bounces of UCE and legitimate mail.
There are ISPs that have in place software that can accomplish this
blocking/filtering. See <http://www.rahul.net/guest/nojunk.html> for
further information. Software developers are encouraged to create
packages to accomplish this filtering for platforms other than UNIX.
Addresses that have been used to post advertisements will be blocked by
the modbot at the discretion of the moderators. Persistently abusive
posters may also have their access suspended or revoked.
Should the moderators decide to add to or subtract from the moderator
panel, a majority vote of the panel will be required. In the event of a
tie vote, no change shall be made to the existing composition.
The moderators, by unanimous consent only, may implement a system for
automatic reposts of cancelled articles (often known as "Dave the
Resurrector") should they deem it necessary.
END MODERATOR INFO.
PROCEDURE:
This is a request for discussion, not a call for votes. In this phase
of the process, any potential problems with the proposed newsgroups
should be raised and resolved. The discussion period will continue
for a minimum of 21 days (starting from when the first RFD for this
proposal is posted to news.announce.newgroups), after which a Call For
Votes (CFV) may be posted by a neutral vote taker if the discussion
warrants it. Please do not attempt to vote until this happens.
All discussion of this proposal should be posted to news.groups.
This RFD attempts to comply fully with the Usenet newsgroup creation
guidelines outlined in "How to Create a New Usenet Newsgroup" and "How
to Format and Submit a New Group Proposal". Please refer to these
documents (available in news.announce.newgroups) if you have any
questions about the process.
DISTRIBUTION:
This RFD has been posted to the following newsgroups:
news.groups, news.announce.newgroups,
news.admin.net-abuse.email, news.admin.net-abuse.policy
and news.admin.net-abuse.misc
and SPAM-L, the Spam Prevention and Discussion Mailing List, subscriptions
at <list...@peach.ease.lsoft.com>.
Proponent: John C. Mozena <m...@cauce.org>
Dave Aronson; remove antispam Xs to reply
John C. Mozena <m...@cauce.org> writes:
> Comp.org.cauce is robomoderated. Messages crossposted to comp.org.cauce
> and more than one other group will be rejected and returned to the sender
> with an explanation of the newsgroup's moderation policy. Messages
> crossposted between comp.org.cauce and another moderated group will
> receive the same treatment.
Well, it's a step in the right direction. B-) As you may have heard, I
think ease of crossposts are the #1 thing WRONG with Usenet, and favor a
rule of "no crossposts, at all, to anything, ever, period", but....
> In addition to the crosspost policy, the initial post from each discrete
> address will result in an e-mail from the modbot to that address
> containing a unique token, which must be returned to an e-mail address
> specified in the message containing the token. The initial message will
> then be posted and future messages will be posted automatically unless
> they violate the crosspost limitation.
The problem with this is that a disgruntled spammer could forge a huge
dump of posts from an approved poster. Perhaps if all posts from an
approved poster had to include the token (which should be random enough
that it would take a spammer impractically long to guess a valid one),
which would be removed before posting so a spammer couldn't grab that
too? This would solve the spamblock problem too, as the poster could
use whatever address he pleases so long as an approved token is in the
designated place (such as perhaps the beginning of the Subject).
> Posters will have the option to use "spamblocks" of defined
> characteristics. As the moderators are opposed to any system of spamblocks
> that send rejected messages to innocent postmasters, users wishing to use
> spamblocked addresses on comp.org.cauce must use software that accepts
> messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
> address and "-XXX" is a hash of the Subject: line of the post. The user
> can then filter on "-XXX," accepting only that mail for which the hash
> resolves. If the user does not implement the software necessary to resolve
> the hashes and read legitimate mail, the confirmation messages from the
> modbot will bounce and the poster will be automatically blocked from
> posting. This is necessary in order to keep posters from using the
> spamblock, not resolving addresses and inundating their postmaster with
> bounces of UCE and legitimate mail.
VERY strong disagreement. Users should not have to expose their
addresses to the harvesters (which you KNOW will be working overtime in
c.o.cauce) just because their ISP will not install new software.
-Dave Aronson, Sysop, Air 'n Sun (airnsun.pcbuddy.com), @ (703) 319-0714
SUPPORT REP CHRIS SMITH'S NO-JUNK-EMAIL BILL! GIVE A DAMN, DON'T SPAM!
Opinions MINE, not from Template, Mensa, NRA, NVCDL, US Gov't, or God!
http://www.webspawner.com/users/DaveAronson/
WD Baseley
In article <8745564...@isc.org>, John C. Mozena <m...@cauce.org>
articulated:
> REQUEST FOR DISCUSSION (RFD)
> moderated group comp.org.cauce
[...]
>users wishing to use
>spamblocked addresses on comp.org.cauce must use software that accepts
>messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
>address and "-XXX" is a hash of the Subject: line of the post.
Of the three accounts I have, not one will accept this style of
address. One of them will accept a plus (+) sign in place of the
dash; the other two will not accept either.
Would it be terribly involved to allow (+) as well as (-)?
Maybe a better question is, how many mail systems allow only the (+),
and is it a number sufficient to include (+) in the bot?
Respectfully,
-- WD Baseley
Bruce Baugh
On Thu, 18 Sep 1997 04:20:45 GMT, John C. Mozena <m...@cauce.org>
wrote:
>Comp.org.cauce is robomoderated. Messages crossposted to comp.org.cauce
>and more than one other group will be rejected and returned to the sender
>with an explanation of the newsgroup's moderation policy. Messages
Excellent, given crossposting's role as one of the greatest banes
useful Usenet discourse these days.
>In addition to the crosspost policy, the initial post from each discrete
>address will result in an e-mail from the modbot to that address
>containing a unique token, which must be returned to an e-mail address
>specified in the message containing the token. The initial message will
Just like majordomo and listserv subscription confirmation, then.
Cool.
>they violate the crosspost limitation. Successful posts will receive an
>e-mail confirmation of their propagation. Three permanent rejections of
>confirmation e-mails will require re-registration of a valid address with
>the modbot.
Like others, I hope there's an easy way to disable the confirmation
notice. The three-strikes rule seems sensible enough.
>
>Posters will have the option to use "spamblocks" of defined
>characteristics. As the moderators are opposed to any system of spamblocks
>that send rejected messages to innocent postmasters, users wishing to use
>spamblocked addresses on comp.org.cauce must use software that accepts
>messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
I'd like to suggest that this isn't a useful idea. It's too little for
the "I must munge!" crowd, and too much for the "None must munge!"
crowd. Given one spammer dehashing, it becomes pointless.
And I think it underminses the utility of a firm position. "No
munging" is a clear boundary. "Munging only with this hash thing" is
fuzzier.
Other than that, though, no particular objections.
--
Bruce Baugh <*>
ari...@eyrie.org <*>
kurdnA gerG
In article <dn67ry4...@template.com>, david....@template.XcomX
(Dave Aronson; remove antispam Xs to reply) wrote:
> John C. Mozena <m...@cauce.org> writes:
> > In addition to the crosspost policy, the initial post from each discrete
> > address will result in an e-mail from the modbot to that address
> > containing a unique token, which must be returned to an e-mail address
> > specified in the message containing the token. The initial message will
> > then be posted and future messages will be posted automatically unless
> > they violate the crosspost limitation.
>
> The problem with this is that a disgruntled spammer could forge a huge
> dump of posts from an approved poster. Perhaps if all posts from an
> approved poster had to include the token (which should be random enough
> that it would take a spammer impractically long to guess a valid one),
> which would be removed before posting so a spammer couldn't grab that
> too? This would solve the spamblock problem too, as the poster could
> use whatever address he pleases so long as an approved token is in the
> designated place (such as perhaps the beginning of the Subject).
I tried exactly this approach in a moderated alt group several months back,
and it just doesn't work. Technically, it was fine, but it's difficult for
posters because it's such a different approach from posting to other
groups.
First is the problem with the cookies themselves. People *do* forget their
pass codes, so now you've got to introduce some way to change them. I
handled this with a request address along the lines of what a list server
uses. You could tell it you forgot your cookie, and it would treat you as
a new poster again. This is a *very* annoying process for infrequent
posters. I also gave people a way to change their codes to something more
memorable through the same address, but it ultimately didn't help much.
There was a second problem with passphrases, in that people would code them
into signature files, then forget to remove them when posting to other
newsgroups. Then, of course, the whole safeguard has been compromised.
Third was the bogus address problem. For this approach to work, you either
need to ensure that all cookies/passphrases are unique *and* hard to guess
(e.g. sequential numbering or other predictable schemes won't do) *and*
easy to remember (UGH!), or you have to scan for (and strip out) an
included real-address *and* the cookie. People tend to forget, when
they've changed providers or switched between munged and non-munged
addresses, that their passphrases are no longer going to work, so they have
to do the cookie dance yet again.
End result: It's too much work and no one bothers using the group.
-g
--
net.scum and proud!
Assistant Ruler, Usenet
Fluffy has all the fun. I get to change his litterbox.
Information Security
In alt.cypherpunks Igor Chudov @ home <ich...@algebra.com> wrote:
: >Posters will have the option to use "spamblocks" of defined
: >characteristics. As the moderators are opposed to any system of spamblocks
: >that send rejected messages to innocent postmasters...
: ... postmasters can in principle agree with users that they use
: a certain form of spamblocked address, like nos...@provider.net, and
: alias nospam to /dev/null.
Yes, but many people want to _eliminate_ the SMTP transfer of SPAM.
(We are talking about the 'From:' for email replies to a Usenet post)
So, an munged address that can't be unmunged is ideal.
(Munge until no good enymore ;-)
If the choice is between getting spammed (guaranteed), and a very
few people not being able to hit 'reply' to a Usenet post to
email a response, that latter should lose. It's the poster's choice.
As far as not loading down a postmaster: simple.
Have the bot try to resolve (nslookup/set q=mx) before trying
to mail a reply.
It's that simple.
---guy<at>painintheass.com
Eli the Bearded
In article <8745564...@isc.org>, John C. Mozena <m...@cauce.org> wrote:
> Posters will have the option to use "spamblocks" of defined
> characteristics. As the moderators are opposed to any system of spamblocks
> that send rejected messages to innocent postmasters, users wishing to use
> spamblocked addresses on comp.org.cauce must use software that accepts
> messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
> address and "-XXX" is a hash of the Subject: line of the post. The user
> can then filter on "-XXX," accepting only that mail for which the hash
Are you suggesting that has to be a literal '-' in there? That is the
default for qmail, but other software uses other seperators. AMS and
sendmail use '+', MMDF uses '='. I have also seen embedded comments
(eg <foo(XXX)@bar.com>) and case preservation requirements advocated.
(Sendmail is case insensitve for addresses, but other than Postmaster,
there is no requirement for case insensitivity, and mailers en route
are forbidded to change the case.)
See my email addressing FAQ. Posted today (as
<URL:news:eli$97091...@qz.little-neck.ny.us>) to comp.mail.misc,
news.answers, and some other groups.
Elijah
------
thought this should be clarified
WD Baseley
On Thu, 18 Sep 1997 14:09:16 -0500, ich...@algebra.com (Igor Chudov @
home) wrote:
>[Crossposted to alt.support.schizophrenia.]
[and a s**tload of other places - sneck!]
>On Thu, 18 Sep 1997 04:20:45 GMT, John C. Mozena <m...@cauce.org> wrote:
>Of course, I also voice my customary objection to disallowing anonymous
>users from posting to moderated groups. This restriction is almost
>always (as in this case) unnecessary, it chills free speech, and
>violates the great privacy that the Internet has offered to its users,
>with a ZERO added benefit.
I fail to see how replyable addresses disallow anonymity.
>Moreover, postmasters can in principle agree with users that they use
>a certain form of spamblocked address, like nos...@provider.net, and
>alias nospam to /dev/null.
This will accomplish little. The junkoids will simply yank the block.
It also does not address the issues of wasted bandwidth and CPU cycles
consumed by the sending of the dreck in the first place. Therefore,
it is at best a temporary measure.
>Also, the proposal as it stands is poised to dramatically increase
>amount of spam that arrives to the poor internet providers. Since
>address harvesters archive all DIFFERENT addresses, instead of archiving
>and using one address like nos...@algebra.com, spammers will now
>archive dozens of addresses like ichudov...@algebra.com.
That is an excellent point.
>Another problem, of course, is that most spams do not have the
>destination address in the To: or Cc: field. Many mailers do not bother
>to populate Received: fields with destination addresses either. As a
>result, I do not quite understand how the users are supposed to better
>filter out UCEs if the spamblocked address is resolved to their own
>email account.
So's that.
Regards,
-- WD Baseley
True disputants are like true sportsmen;
their whole delight is in the pursuit.
Alexander Pope
Ron Schwarz
> REQUEST FOR DISCUSSION (RFD)
> moderated group comp.org.cauce
>Added mechanism for modbot recognition of "spamblocked" addresses of a
>specific format.
This is good. Can you detail the requirements?
Offhand, I've vote yes at this point.
--
Replies to: c
e ubvb.c
n l o
sor@c m
jon ivar skullerud
> REQUEST FOR DISCUSSION (RFD)
> moderated group comp.org.cauce
>Added mechanism for modbot recognition of "spamblocked" addresses of a
>specific format.
This is good. Can you detail the requirements?
The detailed requirements are in the document you quoted. Read it.
Offhand, I've vote yes at this point.
Imho, the requirements are so complex that the suggested
"spamblocking" mechanism is useless. In fact, it's not spamblocking
at all, rather an advanced form of filtering, open to only a tiny
minority.
--
______ _________________________________________________
/ | jon ivar skullerud |
| jon | jsku...@physix.adelaide.edu.au |
\______ | Correct the spelling of physix to reply |
\ | |
ivar | | http://www.physix.adelaide.edu.au/~jskuller/ |
_______/ |_________________________________________________|
Ron Schwarz
On 19 Sep 1997 11:28:14 +0930, jon ivar skullerud
<jsku...@physix.adelaide.edu.au> wrote:
>(Ron Schwarz) writes:
> On Thu, 18 Sep 1997 04:20:45 GMT, John C. Mozena <m...@cauce.org>
> wrote:
>
> > REQUEST FOR DISCUSSION (RFD)
> > moderated group comp.org.cauce
>
> >Added mechanism for modbot recognition of "spamblocked" addresses of a
> >specific format.
>
> This is good. Can you detail the requirements?
>
>The detailed requirements are in the document you quoted. Read it.
>
> Offhand, I've vote yes at this point.
>
>Imho, the requirements are so complex that the suggested
>"spamblocking" mechanism is useless. In fact, it's not spamblocking
>at all, rather an advanced form of filtering, open to only a tiny
>minority.
Ouch, I missed that!
This is it:
>Posters will have the option to use "spamblocks" of defined
>characteristics. As the moderators are opposed to any system of spamblocks
>that send rejected messages to innocent postmasters, users wishing to use
>spamblocked addresses on comp.org.cauce must use software that accepts
>messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
>address and "-XXX" is a hash of the Subject: line of the post. The user
>can then filter on "-XXX," accepting only that mail for which the hash
>resolves. If the user does not implement the software necessary to resolve
>the hashes and read legitimate mail, the confirmation messages from the
>modbot will bounce and the poster will be automatically blocked from
>posting. This is necessary in order to keep posters from using the
>spamblock, not resolving addresses and inundating their postmaster with
>bounces of UCE and legitimate mail.
>
>There are ISPs that have in place software that can accomplish this
>blocking/filtering. See <http://www.rahul.net/guest/nojunk.html> for
>further information. Software developers are encouraged to create
>packages to accomplish this filtering for platforms other than UNIX.
I agree with you. If the goal is to keep the group closed to all but
the elect (and the truly clueless) then it should work like a charm.
It is making me question my CAUCE membership. Hmmm, is it even
possible to opt-out of CAUCE should I decide to do that, or is it a
join-only list?
Ginger Sackett Glaser
david....@template.XcomX (Dave Aronson; remove antispam Xs to
reply) wrote:
>
>John C. Mozena <m...@cauce.org> writes:
>
>> Comp.org.cauce is robomoderated. Messages crossposted to comp.org.cauce
>> and more than one other group will be rejected and returned to the sender
>> with an explanation of the newsgroup's moderation policy. Messages
>> crossposted between comp.org.cauce and another moderated group will
>> receive the same treatment.
>
>Well, it's a step in the right direction. B-) As you may have heard, I
>think ease of crossposts are the #1 thing WRONG with Usenet, and favor a
>rule of "no crossposts, at all, to anything, ever, period", but....
>
Oh no, I hope noone ever does that. We have one poster in the rpc.*
groups who insists on posting her junk to every group as separate
posts (this is really easy for anyone with a Windows based cut and
paste editor), instead of crossposting them. So anyone who reads all
the groups has to see her drivel 6 times instead of once with a good
cross post managing newsreader.
Considering how easy it would be for crossposters to just post several
identical copies of the stuff they now crosspost, I'd rather keep the
crossposting mechanism.
Ginger
Tommy the Terrorist
[juvenile cross-post to schizophrenia group removed; schizophrenia is not
the same as split personality disorder; next time why don't you insert
some "dumb nigger" comments in the subject line and direct it to
African-American groups, it'll get more of a rise out of people...]
In article <slrn622v2s....@manifold.algebra.com> ,
ich...@algebra.com writes:
>Also, the proposal as it stands is poised to dramatically increase
>amount of spam that arrives to the poor internet providers. Since
>address harvesters archive all DIFFERENT addresses, instead of archiving
>and using one address like nos...@algebra.com, spammers will now
>archive dozens of addresses like ichudov...@algebra.com.
...
>I am scared to even think how much mail would have to go through my poor
>connection, if instead of one spamblocked address my users were forced by the
>silly proposal above to use a different spamblocked address each
>time they post.
... you leave out the more important stupidity of such a system, namely,
that spammers would easily subvert such a system, by removing the "-XXX",
by adding the "XXX" in the subject line, or by jumping through whatever
hoops they'd have to in order to regenerate the address. But of course,
this is part of the PLAN - by getting people who are neutral or negative
to compromise their "spamblocker" schemes and thereby get hit with spam,
"cauce" is hoping to annoy them and bring them over to their position.
I don't think it's any coincidence that my intake of spam jumped from
about 5 per day to 20 per day a few days ago when I jumped on the other
spam thread in alt.censorship. But I will not be so easy fooled, nor
deterred. I've read those laws and I see as many opportunities for abuse
as ever there were with the CDA. Under the Torricelli bill, the FTC can
*sue* anyone it wants for $5000 *per message*, where even ONE unsolicited
mail for ANY reason can count, and it only has to be MORE LIKELY THAN NOT
that you actually sent it. Now how can you prove that it's more likely
than not that a forger was trying to set you up? Even if the forger is
in with censors...? And then, of course, the common people, a.k.a.
IDIOTS, are supposed to beg and plead for uncrackable identity schemes a
la Clinton's "key escrow" plan (a hard-crypto "Internet license" scheme
in sheep's clothing). To save them from this. Fucking fools, they're
earning the fascist hell they are making for themselves.
Eric Jaron Stieglitz
In article <8745564...@isc.org>, John C. Mozena <m...@cauce.org> wrote:
>
>Comp.org.cauce is robomoderated. Messages crossposted to comp.org.cauce
>and more than one other group will be rejected and returned to the sender
>with an explanation of the newsgroup's moderation policy. Messages
>crossposted between comp.org.cauce and another moderated group will
>receive the same treatment.
So what happens if an RFD or a CFV relevant to CAUCE needs to be posted.
Those are frequently crossposted to 3-5 groups including
news.announce.newgroups. Will there be an exception for this kind of posting
or may someone only pass through a non-crossposted pointer to the CFV?
Perhaps it might be better to robomoderate single postings and human moderate
crosspostings to assure that they are relevant?
>Posters will have the option to use "spamblocks" of defined
>characteristics. As the moderators are opposed to any system of spamblocks
>that send rejected messages to innocent postmasters, users wishing to use
>spamblocked addresses on comp.org.cauce must use software that accepts
>messages of the type <foo...@bar.com>, where <f...@bar.com> is the correct
>address and "-XXX" is a hash of the Subject: line of the post. The user
>can then filter on "-XXX," accepting only that mail for which the hash
>resolves. If the user does not implement the software necessary to resolve
>the hashes and read legitimate mail, the confirmation messages from the
>modbot will bounce and the poster will be automatically blocked from
>posting. This is necessary in order to keep posters from using the
>spamblock, not resolving addresses and inundating their postmaster with
>bounces of UCE and legitimate mail.
This is much too complicated for Joe User.
I'm also a little concerned that some of the traffic on the group may
duplicate the stuff in news.admin.net-abuse.email. You've addressed this
problem briefly at the beginning of the RFD, but I think it could use some
more discussion.
---
Eric Jaron Stieglitz eph...@ctr.columbia.edu
Home: (212) 851-1152 "Support Bacteria --
Work: (212) 854-8782 It's the only culture some people have."
Gerben Vos
John C. Mozena writes:
>Posters will have the option to use "spamblocks" of defined
>characteristics.
Remove this spamblocking scheme, as it is useless. I'd rather have a
no-spamblocks policy than this scheme, that will be easily cracked by
address harvesters, and will give the poster only a false sense of
security after costing him a lot of trouble to set it up.
*Again*, why no X-Actual-Address: line? The modbot can reply to the
correct address, and on Usenet only the munged address will appear.
It's so easy to implement, and keeps everyone happy except the
spammers.
After all, i *do* appreciate the efforts of the people who do the
hard work within the CAUCE, and i acknowledge their right to have
the newsgroup set up in a way they, as moderators, can live with.
I just think that what is proposed is a very bad and harmful
compromise.
I will vote against if this spamblock scheme appears in the final CFV,
but will vote for if either it is removed (and a no-spamblocks-at-all
policy is enforced), or if arbitrary spamblocks are allowed.
g e r b e n @ c s . v u . n l . . . . . . . . . . . . G e r b e n V o s <><
Join the Coalition Against Unsolicited Commercial Email! http://www.cauce.org/
The hedgehog can never be buggered at all.
Chris Gunn
JS> Fm UseNet: jsku...@physix.adelaide.edu.au [news.groups]
JS> Two comments:
JS> Successful posts will receive an
JS> e-mail confirmation of their propagation.
JS> Will it be possible to turn this off? Not everyone appreciates being
JS> inundated with email just because things that are supposed to work,
JS> work.
Howdy Jon,
Agree! The poster will have confirmation in about the same time frame by
seeing their message appear on the newsgroup. When practical, posters should
be notified about rejected messages not the good ones.
It seems a little contrary to the meaning of CAUCE to generate unnecessary
E-Mail. {grin}
Chris
BIZynet Coordinator <cg...@bizynet.com or cg...@laplaza.org>
Co-Moderator of biz.general, biz.stolen, biz.marketplace.international,
and alt.business.import-export.only
John C. Mozena
In article <3424ff4b...@news.cmc.net>,
Ron Schwarz <s...@sig.to.reply> wrote:
>I agree with you. If the goal is to keep the group closed to all but
>the elect (and the truly clueless) then it should work like a charm.
I'll be posting to comp.org.cauce without any spamblock. Does that make me
elect or clueless?
>It is making me question my CAUCE membership. Hmmm, is it even
>possible to opt-out of CAUCE should I decide to do that, or is it a
>join-only list?
Just let us know. <comm...@cauce.org>. Leave the mailing list at
<cauce-annou...@lists.cauce.org>.
See my posts elsewhere in this thread where I detail a way to post to
comp.org.cauce and be spamblocked, as long as you have procmail or the
equivalent.
--
John C. Mozena [=-=+=-=] m...@mich.com [=-=+=-=] http://www.mich.com/~moz/
"One piece of spam is too much for many people." - Sanford Wallace
I'm not underestimating your intelligence. I mean, how could I? - S. Adams
Outlaw unsolicited commercial e-mail! Join CAUCE at http://www.cauce.org
John C. Mozena
In article <342140ee...@news.mindspring.com>,
WD Baseley <wbas...@mindspring.com> wrote:
>Would it be terribly involved to allow (+) as well as (-)?
>
>Maybe a better question is, how many mail systems allow only the (+),
>and is it a number sufficient to include (+) in the bot?
If you want to register a plussed address with the bot, that's fine. The
bot treats them as it would an unmunged address. At the moment, the
portion of the address after the (+) must remain static.
This allows wbasely+...@mindspring.com, with procmail sending
everything with +REMOVEME in it to /dev/null or to a lint trap. All you
have to do is return the confirmation message from that address before
implementing the procmail rule.
Ron Schwarz
On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <3424ff4b...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>
>>I agree with you. If the goal is to keep the group closed to all but
>>the elect (and the truly clueless) then it should work like a charm.
>
>I'll be posting to comp.org.cauce without any spamblock. Does that make me
>elect or clueless?
Elect, obviously. (See, I gave you the benefit of the doubt.)
>>It is making me question my CAUCE membership. Hmmm, is it even
>>possible to opt-out of CAUCE should I decide to do that, or is it a
>>join-only list?
>
>Just let us know. <comm...@cauce.org>. Leave the mailing list at
><cauce-annou...@lists.cauce.org>.
I will reserve that decision for the moment.
>See my posts elsewhere in this thread where I detail a way to post to
>comp.org.cauce and be spamblocked, as long as you have procmail or the
>equivalent.
I saw them. They are utterly absurd.
John C. Mozena
In article <5vucru$eni$1...@nadine.teleport.com>,
Portland Atari Club <at...@kelly.teleport.com> wrote:
>This is pure, unadulterated B.S.
No, bounces to postmasters are a valid concern. They keep the mailbox from
being used for its intended purpose.
>A spamblock in the format "us...@domain.XXX.tld" (if the XX is carefulyl
>chosen so as NOT to point to a real domain) does not cause significant
>netowrk loading nor redirect email to uninvolved third parties (although
>bouces might go to an innocent third party, if the yUCEr uses a forged
>Return-Path, as most do now; that, however, will not change the existing
>situation, and it has already be held by several courts that the forged
>third-party practice is actionable trespass to chattel).
If (as almost all do) the spammer forges the path, the bounces go to an
innocent third party. It's the spammer's fault, sure, but why should the
person who decided to post to Usenet be allowed to direct that spam to
somebody who has no choice in the matter?
The "trespass" rulings, such as CompuServe v. CyberPromo, have yet to be
successfully used to recover damages from a spammer, AFAIK. Once that
happens, and we have a powerful tool with which to fight this hijacking, I
might be convinced to bend some. At the moment, though, it's not reality.
>Since the proponents of the CAUCE newsgroup wish to exclude the vast
>majority fo Usenet posters, I will not carry the new group if it passes
>the vote, and I will vote against it as long as the above-quoted provision
>remains in the charter/RFD.
CAUCE cannot support a group that allows/promotes the abuse of innocent
third parties' systems through the actions of spammers and the informed
choice of Usenet posters.
Anything you do to your address that allows you to respond to the initial
verification mail and keep subsequent modbot replies from bouncing to the
bot or other postmasters is allowable. The moderation scheme proposed is
one that the bot will be specifically designed to allow.
I think this is a valid compromise, as it allows both sides to adhere to
their principles.
I certainly don't think it's "B.S."
Ron Schwarz
On 20 Sep 1997 03:11:43 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <5vucru$eni$1...@nadine.teleport.com>,
>Portland Atari Club <at...@kelly.teleport.com> wrote:
>
>>This is pure, unadulterated B.S.
>
>No, bounces to postmasters are a valid concern. They keep the mailbox from
>being used for its intended purpose.
Hmm, what does that remind me of?
[...]
>CAUCE cannot support a group that allows/promotes the abuse of innocent
>third parties' systems through the actions of spammers and the informed
>choice of Usenet posters.
Does that extend to Usenet II policy that endorses using throwaway
accounts from free providers (AKA "innocent third parties") as
drop-boxes for spam caused by the addresses getting harvested from
posts?
John C. Mozena
>*Again*, why no X-Actual-Address: line? The modbot can reply to the
>correct address, and on Usenet only the munged address will appear.
>It's so easy to implement, and keeps everyone happy except the
>spammers.
And the postmasters to whom spam sent to the spamblocked addresses
bounces. This is a serious problem that is only getting worse as more
people spamblock without thinking of the consequences.
>I will vote against if this spamblock scheme appears in the final CFV,
>but will vote for if either it is removed (and a no-spamblocks-at-all
>policy is enforced), or if arbitrary spamblocks are allowed.
YOu can use whatever spamblock you like, as long as it doesn't bounce mail
back to the bot. I have suggested plussed addresses and procmail. Other
options may be evident to others, including aliases to /dev/null. YOu just
need to be able to return the initial confirmation token from that
address.
John C. Mozena
In article <34317d59...@news.cmc.net>,
Ron Schwarz <s...@sig.to.reply> wrote:
>On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
>wrote:
>>I'll be posting to comp.org.cauce without any spamblock. Does that make me
>>elect or clueless?
>
>Elect, obviously. (See, I gave you the benefit of the doubt.)
Wasn't your point that you had to be a mail wizard or a clueless newbie to
use the group?
I don't think I'm either.
>>See my posts elsewhere in this thread where I detail a way to post to
>>comp.org.cauce and be spamblocked, as long as you have procmail or the
>>equivalent.
>
>I saw them. They are utterly absurd.
A bit more detail, please. What's absurd about them?
John C. Mozena
In article <uc7iuvz...@wilson.physics.adelaide.edu.au>,>Two comments:
>
> Successful posts will receive an
> e-mail confirmation of their propagation.
>
No, because it's also a verification mechanism that spamblocked addresses
aren't bouncing everything to postmasters.
>If this is the only kind of spamblock that is allowed, then i'd say
>you can just as well ban all spamblocks.
That was our initial intent -- this is a compromise.
>Those who are able to set up
>such sophisticated mail software will certainly be able to filter
>their mail as well, so they won't need any spamblock. The people who
>'need' spamblocks are those who are not able to filter their mail.
>This proposal does nothing for them.
This spamblock is available as part of at least one ISP's basic service.
It is an ideal method of using news while avoiding the intentional and
unintentional abuses inherent in e-mail spam. I wish *everybody* would
use this system, as it would destroy the utility of Usenet trawling for
addresses.
It's the only way to allow spamblocks without increasing the load on
postmasters.
John C. Mozena
In article <5vu437$5nn$1...@apakabar.cc.columbia.edu>,
Eric Jaron Stieglitz <eph...@ctr.columbia.edu> wrote:
> So what happens if an RFD or a CFV relevant to CAUCE needs to be posted.
>Those are frequently crossposted to 3-5 groups including
>news.announce.newgroups. Will there be an exception for this kind of posting
>or may someone only pass through a non-crossposted pointer to the CFV?
We'll post full RFDs/CFVs. As with all moderated groups, the proponent
should contact the moderators ahead of time to get approval, jsut like the
FAQ says.
> This is much too complicated for Joe User.
It's the one system the bot specifically supports. Anything else that
keeps mail from bouncing, including routing it to /dev/null, is allowable.
> I'm also a little concerned that some of the traffic on the group may
>duplicate the stuff in news.admin.net-abuse.email. You've addressed this
>problem briefly at the beginning of the RFD, but I think it could use some
>more discussion.
Nanae is hideously busy and high-noise. There's no way to have a viable
discussion about CAUCE there. There are also other forums in which CAUCE
is being discussed -- SPAM-L, alt.stop.spamming, nana.misc, etc. We want
to unify the discussion.
John C. Mozena
In article <34284148...@news.zippo.com>,
Bruce Baugh <ari...@eyrie.org> wrote:
>Like others, I hope there's an easy way to disable the confirmation
>notice. The three-strikes rule seems sensible enough.
If confirmation is disabled, then there's no opportunity to garner
"strikes," which are essentially a validation mechanism for a deliverable
address.
The address can point to /dev/null after the response to the initial
confirmation message. It just can't bounce back at the bot or to a
postmaster.
>I'd like to suggest that this isn't a useful idea. It's too little for
>the "I must munge!" crowd, and too much for the "None must munge!"
>crowd. Given one spammer dehashing, it becomes pointless.
>
>And I think it underminses the utility of a firm position. "No
>munging" is a clear boundary. "Munging only with this hash thing" is
>fuzzier.
I'm trying not to be too messianic about this. I don't mung, never will
and don't like the idea. I'm surprised more people don't think about where
all that bounced mail goes -- and it's not just the postmasters who allow
3rd-party relaying.
I'm offering an option to those who *must* mung their addresses. There's
also the opportunity to register foo+RE...@faz.com, return the initial
confirmation mail from there, then use procmail to point foo+REMOVEME at
/dev/null. The bot won't care.
John C. Mozena
In article <34307cbd...@news.cmc.net>,
Ron Schwarz <s...@sig.to.reply> wrote:
[snip, quoting me]
>>CAUCE cannot support a group that allows/promotes the abuse of innocent
>>third parties' systems through the actions of spammers and the informed
>>choice of Usenet posters.
>
>Does that extend to Usenet II policy that endorses using throwaway
>accounts from free providers (AKA "innocent third parties") as
>drop-boxes for spam caused by the addresses getting harvested from
>posts?
Well, the most obvious response is that CAUCE != Usenet II.
The other answer is that Hotmail, etc. have opted to make their systems
open for use by anybody who follows their AUP. Unless and until they
prohibit such use as is "endorsed" by the U2 rules, I don't see a problem.
There's no "innocence" involved here -- they've made a decision to open up
their systems for just this type of use.
If Hotmail has a problem, they'll cancel the accounts and/or change their
AUP.
Ron Schwarz
On 20 Sep 1997 03:52:43 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <34307cbd...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>
>[snip, quoting me]
>
>>>CAUCE cannot support a group that allows/promotes the abuse of innocent
>>>third parties' systems through the actions of spammers and the informed
>>>choice of Usenet posters.
>>
>>Does that extend to Usenet II policy that endorses using throwaway
>>accounts from free providers (AKA "innocent third parties") as
>>drop-boxes for spam caused by the addresses getting harvested from
>>posts?
>
>Well, the most obvious response is that CAUCE != Usenet II.
>
>The other answer is that Hotmail, etc. have opted to make their systems
>open for use by anybody who follows their AUP. Unless and until they
>prohibit such use as is "endorsed" by the U2 rules, I don't see a problem.
>There's no "innocence" involved here -- they've made a decision to open up
>their systems for just this type of use.
Hahahahahahahaha! This is *typical* spammer logic!
"It's perfectly OK for us to send our stuff through open relays; hell,
they're OPEN!" .... "As long as people have addresses that accept
email from others, we have every right to access their open
addresses!"
Somehow I doubt that the investors that finance Hotmail and the other
similar systems had that in mind. Pardon my skepticism, eh? "Hey, I
have a *great* idea! Let's pump megabucks into a system, so a bunch
of elitest fools can use us for tossaway spam magnets!"
>If Hotmail has a problem, they'll cancel the accounts and/or change their
>AUP.
No shit, Sherlock.
Can we say, "fri...@public.com"?
Ron Schwarz
On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <34317d59...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>>On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
>>wrote:
>
>>>I'll be posting to comp.org.cauce without any spamblock. Does that make me
>>>elect or clueless?
>>
>>Elect, obviously. (See, I gave you the benefit of the doubt.)
>
>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>use the group?
>
>I don't think I'm either.
"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
server-side filters."
>>>See my posts elsewhere in this thread where I detail a way to post to
>>>comp.org.cauce and be spamblocked, as long as you have procmail or the
>>>equivalent.
>>
>>I saw them. They are utterly absurd.
>
>A bit more detail, please. What's absurd about them?
This has been answered by other posters in this thread. The
requirements are aimed at a select few capable of complying with them.
I've seen similar gamesmanship at play in other venues. Many years
ago, I learned that the reason so many RFQ proposals were so er, uh,
"uniquely worded" was because they were written in such a way that
only *one* vendor could fill them as specified. And strangely, the
"one vendor" had an er, uh, "unique relationship" with the agency in
question. Still, the regs said the thing had to go out for
competitive bidding, so out it went. If only one vendor submitted a
proposal, well hayull, sohn, that's jes' the free market in operation!
Bruce Baugh
On 20 Sep 1997 02:53:53 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>>Like others, I hope there's an easy way to disable the confirmation
>>notice. The three-strikes rule seems sensible enough.
>If confirmation is disabled, then there's no opportunity to garner
>"strikes," which are essentially a validation mechanism for a deliverable
>address.
Perhaps I wasn't clear. What I meant was this: In Igor Chudov's STUMP
system there's a no-acknowledgements list, to which posters can
request being added. Once they're there, the software doesn't send out
further acknowledgements. That's the disabling I had in mind.
--
Bruce Baugh <*>
ari...@eyrie.org <*>
WD Baseley
On Sat, 20 Sep 1997 10:09:34 GMT, s...@sig.to.reply (Ron Schwarz)
wrote:
>On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
>wrote:
John, save your breath on this one.
>
>>In article <34317d59...@news.cmc.net>,
>>Ron Schwarz <s...@sig.to.reply> wrote:
>>>On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
>>>wrote:
>>
>>>>I'll be posting to comp.org.cauce without any spamblock. Does that make me
>>>>elect or clueless?
>>>
>>>Elect, obviously. (See, I gave you the benefit of the doubt.)
>>
>>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>>use the group?
>>
>>I don't think I'm either.
>
>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>server-side filters."
I'm posting from my home, or from work, on Windoze boxes of varying
vintage. I connect to the net by instructing a modem inside one of
those aging machines to dial a telephone number.
I've done a bit of programming, but when someone posts procmail
scripts, I look at them and say, "Who in their right mind would
actually make *sense* out of that? And why would they want to?"
When I help out folks in the local newsgroups, I predicate my posts
with, "I'm not an admin, or an employee of ISP X".
I'm sure as hell not 'elect'. I'm working my way, slowly, away from
the 'clueless' zone, but I'm definitely out of it. I don't mung my
address. I'm not going to mung my address should comp.org.cauce come
into being.
So, Ron, your 'elect or clueless' statement is false. False.
>I've seen similar gamesmanship at play in other venues. Many years
>ago, I learned that the reason so many RFQ proposals were so er, uh,
>"uniquely worded" was because they were written in such a way that
>only *one* vendor could fill them as specified. And strangely, the
>"one vendor" had an er, uh, "unique relationship" with the agency in
>question. Still, the regs said the thing had to go out for
>competitive bidding, so out it went. If only one vendor submitted a
>proposal, well hayull, sohn, that's jes' the free market in operation!
This is why I'm not going to bother reading you anymore. You go to
absurd lengths to denigrate people who are working really hard, much
of it on a volunteer level, to make things better.
*I* volunteer *my* time doing things that I *thought* you agreed made
things better too; things like helping folks complain to the right
people about junk email, showing them how to figure out headers,
educating them on why junk email is system abuse, and, apparently to
your utter horror, educating them on how they can protect themselves,
through filtering and other means. In other words, I've been working
hard to help people come out from hiding, to feel free to stand up for
themselves, to fight back. And I've gotten one hell of an education
myself along the way, thanks to many people who were doing the same
kind of things for *me*.
Those people are the good guys, Ron. The people you accuse of working
for Sanford Wallace, or fixing bids, or making a little exclusive
world where only they can play, those people are the good guys. You
are wrong about them. Wrong.
You want to be able to erect a wall to keep the bad guys out; a wall
of mung. You reject valid arguments that your mung wall might
adversely affect others. CAUCE, and the originators of U2, are
attempting to eliminate the *need* for the wall. But you still want
to cower behind your wall of mung, firing inflammatory shots blindly
over the top of it.
As far as I'm concerned, you can have your wall.
-- WD Baseley
The Email Abuse FAQ is at
<http://members.aol.com/emailfaq>
Fight UCE - join CAUCE
<http://www.cauce.org>
Ron Schwarz
On 21 Sep 1997 00:00:55 +0200, skar...@LOCALHOST.ruhr.de (Wolfgang
Schelongowski) wrote:
>In <5vvvi9$5...@server2.mich.com> m...@server2.mich.com (John C. Mozena) writes:
>
>>In article <34317d59...@news.cmc.net>,
>>Ron Schwarz <s...@sig.to.reply> wrote:
>>>On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
>>>wrote:
>
>>>>See my posts elsewhere in this thread where I detail a way to post to
>>>>comp.org.cauce and be spamblocked, as long as you have procmail or the
>>>>equivalent.
>>>
>>>I saw them. They are utterly absurd.
>
>>A bit more detail, please. What's absurd about them?
>
>That your solution still requires the receiver to pay fo the
>received spam at e.g. $15 per MB (http://www.ins.net/ins/serispf.htm).
>Note that ins.net is just 5km north of me, so there will be places where
>it's more expensive. Of course, local calls are payed by connect time,
>too, and they'll probably double soon, again, due to deregulation.
And, even beyond that, they can only be used by people running a
limited range of software on a limited range of providers.
Wolfgang Schelongowski
>In article <34317d59...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>>On 20 Sep 1997 03:03:00 -0400, m...@server2.mich.com (John C. Mozena)
>>wrote:
>>>See my posts elsewhere in this thread where I detail a way to post to
>>>comp.org.cauce and be spamblocked, as long as you have procmail or the
>>>equivalent.
>>
>>I saw them. They are utterly absurd.
>A bit more detail, please. What's absurd about them?
That your solution still requires the receiver to pay fo the
received spam at e.g. $15 per MB (http://www.ins.net/ins/serispf.htm).
Note that ins.net is just 5km north of me, so there will be places where
it's more expensive. Of course, local calls are payed by connect time,
too, and they'll probably double soon, again, due to deregulation.
--
Wolfgang Schelongowski Check _ALL_ headers before sending email.
The man in the silk suit hurries by as he catches the poor old ladies' eyes
Just for fun he says "get a job"
-- B.R. Hornsby, The Way It Is
Gerben Vos
John C. Mozena writes:
>And the postmasters to whom spam sent to the spamblocked addresses
>bounces. This is a serious problem that is only getting worse as more
>people spamblock without thinking of the consequences.
OK, finally i get it. I don't think the problem is very bad, however,
because the targeted person will be getting a lot of bounces anyway.
Still, you have a very valid point, and i understand why the CAUCE
people don't want to support it.
>YOu can use whatever spamblock you like, as long as it doesn't bounce mail
>back to the bot.
Another good point. If you had spelled these two arguments out as
clearly as this earlier in the discussion, you might have spared me a
lot of confusion. Anyway, thanks. I think all discussed issues should
be spelled out very clearly in an introductory document for the
newsgroup. I'm willing to help with that, though i think others would
do a better job at it.
I still have my doubts about the -XXX scheme. It will increase UCE from
UCEers that harvest their addresses stupidly.
But i think that only a limited number of posters will be able to use
it, so that's not a big problem. It should be documented *very clearly*,
however, that this scheme will not protect someone who doesn't use a
filter system that supports it.
For the moment, i'll retract my statement that i would vote NO if the
-XXX scheme would appear in the CFV.
Wolfgang Schelongowski
In <3423bf74...@news.mindspring.com>
wbas...@mindspring.com (WD Baseley) writes:
>On Sat, 20 Sep 1997 10:09:34 GMT, s...@sig.to.reply (Ron Schwarz)
>wrote:
>>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>>server-side filters."
>I'm posting from my home, or from work, on Windoze boxes of varying
>vintage. I connect to the net by instructing a modem inside one of
>those aging machines to dial a telephone number.
I pay up to around $0.05 per minute for local calls. The price has
doubled 20 months ago and will increase again soon due to deregulation.
How about you?
Tuesday I'll meet Matthias who pays $15 for each MB received (cf.
http://www.ins.net/ins/serispf.htm). How much do you pay?
>*I* volunteer *my* time doing things that I *thought* you agreed made
>things better too; things like helping folks complain to the right
When I write a complaint I usually have to resort to foreign
language (English) because most people in the USA wouldn't
understand anything in my mother language except words from Hogans
Heroes. Have you ever written one complaint in a foreign language?
Never More
Ron Schwarz wrote:
> When you see rules that will have the side-effect of dissuading lots
> of people from posting, you have to question whether or not "side-"
> belongs in the sentence.
Very much in agreement here. In this one of these threads there is a
statement that news admins rate mungers just a tad above spammers. In
the same post we learn that 30% of the people in a 'moderated' group
munge their address.
In groups I frequent, non-moderated, the mungers are now at about 40%
and the number is likely to rise. Sort of like Truman being elected by
a side effect.
I remain a strong supporter of the Cauce goals but am somewhat leery of
the people behind it. Some statements in this thread have been - um -
interesting.
Ever feel like a side of beef?
----------
Cipher
Successful posts will receive an
>e-mail confirmation of their propagation. Three permanent rejections of
>confirmation e-mails will require re-registration of a valid address with
>the modbot.
Is this really necessary? I am a CAUCE member, but I don't want mail
confirming every post I make. You want to send me a rejection note, fine.
>Posters will have the option to use "spamblocks" of defined
>characteristics.
Bad idea, IMO. Let me spam block my own way please. What if my software
won't allow me to do it your way? I get UCE based on posts to a CAUCE
group? Please say it ain't so!
>As the moderators are opposed to any system of spamblocks
>that send rejected messages to innocent postmasters,
With these things in place I would have to vote no, and not read the
group if passed. I think you're making it WAY too difficult for people
to post.
Cipher
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 Charset: noconv
iQA/AwUBM81uIbKO9JtAv+/uEQKiBACg0InZT+DGQBNFWAZ4/2Rbm4i2X/8AnjkS
xeNHEHShMX0KgKmIttKbduQn=467z
-----END PGP SIGNATURE-----
Shmuel Metz
In <3423bf74...@news.mindspring.com>, on 09/20/97
> You want to be able to erect a wall to keep the bad guys out;
> a wall of mung. You reject valid arguments that your mung
> wall might adversely affect others. CAUCE, and the originators
> of U2, are attempting to eliminate the *need* for the wall.
> But you still want to cower behind your wall of mung, firing
> inflammatory shots blindly over the top of it.
You're doing the same thing that you accuse him of.
-----------------------------------------------------------
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2
Team OS/2
Team PL/I
Any unsolicited commercial junk E-mail will will be subject to
legal action.
I mangled my E-mail address to foil automated spammers; reply to
domain os2bbs dot com user shmuel to contact me. Do not reply to
spam...@library.lspace.org
-----------------------------------------------------------
jon ivar skullerud
In article <5vvrfl$3...@server2.mich.com> m...@server2.mich.com
> In article <uc7iuvz...@wilson.physics.adelaide.edu.au>,
> jon ivar skullerud <jsku...@physix.adelaide.edu.au> wrote:
> >Two comments:
> >
> >> e-mail confirmation of their propagation.
> >
> >inundated with email just because things that are supposed to work,
> >work.
> No, because it's also a verification mechanism that spamblocked addresses
> aren't bouncing everything to postmasters.
Of course, if you are going to require replyable addresses, you will
have to send some kind of mail to that address to verify this.
However, this does not mean you have to acknowledge every single
article from this address. Would it not be possible to turn
acknowledgement off for a particular address once it has been
verified?
> >If this is the only kind of spamblock that is allowed, then i'd say
> >you can just as well ban all spamblocks.
> That was our initial intent -- this is a compromise.
I know. But as i, and several others, have pointed out, it will be of
no use to those who would want to use spamblocks. You may therefore
just as well revert to your original position.
Pardon me for being thick, but in fact i cannot quite see how this
system can be described as a spamblock. To me, it looks just like an
advanced form of filtering.
> >Those who are able to set up
> >such sophisticated mail software will certainly be able to filter
> >their mail as well, so they won't need any spamblock. The people who
> >'need' spamblocks are those who are not able to filter their mail.
> >This proposal does nothing for them.
> This spamblock is available as part of at least one ISP's basic service.
Good on them! However, that's one isp out of how many? Far more
people will be able to use procmail or other kinds of mail filtering.
In fact, i'd rather have most isps offer easy-to-use server-side
filtering as part of their basic service.
> It is an ideal method of using news while avoiding the intentional and
> unintentional abuses inherent in e-mail spam. I wish *everybody* would
> use this system, as it would destroy the utility of Usenet trawling for
> addresses.
> It's the only way to allow spamblocks without increasing the load on
> postmasters.
Other people have pointed out flaws in this scheme. Let me just point
out another one: How do you distinguish between legitimate replies
where the subject is changed, and illegitimate mail (spam) to the
hashed address? Do you throw the legitimate replies in the bit-bucket
with the spam?
--
______ _________________________________________________
/ | jon ivar skullerud |
| jon | jsku...@physix.adelaide.edu.au |
\______ | Correct the spelling of physix to reply |
\ | |
ivar | | http://www.physix.adelaide.edu.au/~jskuller/ |
_______/ |_________________________________________________|
Ron Schwarz
On 21 Sep 1997 23:35:42 GMT, Cipher <cip...@mindspring.com> wrote:
>With these things in place I would have to vote no, and not read the
>group if passed. I think you're making it WAY too difficult for people
>to post.
And I think there's a reason for everything.
Seems like there's some groupthink in evidence between CAUCE and
Usenet II camps.
When you see rules that will have the side-effect of dissuading lots
of people from posting, you have to question whether or not "side-"
belongs in the sentence.
Gerben Vos
jon ivar skullerud writes:
>Other people have pointed out flaws in this scheme. Let me just point
>out another one: How do you distinguish between legitimate replies
>where the subject is changed, and illegitimate mail (spam) to the
>hashed address? Do you throw the legitimate replies in the bit-bucket
>with the spam?
Or the other way around: there is already UCE that masquerades as a
reply, with not only the address, but also the subject culled from an
article posted by the victim.
Gerben Vos
Igor Chudov @ home writes:
>If the postmaster makes a conscious decision that he does not need
>bounces, he can configure his email system so that these bounces
>never appear in the first place. For sendmail, this setup is
>governed by define(`POSTMASTERBOUNCE').
The mail system that is targeted for the bounces doesn't have to be the
same as the relay. If it's not the same, its postmaster has no control
over sending bounces from the mail relay host.
The bounces, sent via a higher-capacity mail relay, could saturate
or bring down the mail system, or even the Internet link, of a
small site. I must say that i haven't seen UCE myself yet that is as
malicious as this, but it's a definite possibility. Of course, it's a
denial of service attack and therefore illegal.
Note that i don't agree with the no-spamblock policy that the
moderators propose. I just think it's way less harmful than the
-XXX pseudo-spamblock scheme they propose as a compromise, and their
arguments for a no-spamblock policy are sound enough to let them have
their newsgroup. In the end, that's what i want as well: a newsgroup
for the CAUCE, and as quickly as possible.
A slightly elitist CAUCE newsgroup is better than none at all, and the
moderator (or, as it is here, the operator of the moderation bot) of
a newsgroup should be able to moderate it with a clear conscience,
whatever his ideas may be. After all, many of them are working harder
on stamping out UCE than a lot of us (at least, me).
Propose comp.org.cauce.d if you want an unmoderated group. Or stand as
a moderator for comp.org.cauce , and convince us you're as dedicated as
they are.
>As I explained before, there is nothing that prevents the bot
>owners from sending messages that would not receive any bounces.
> From n...@valid.address.to.prevent.bounces
> To: nos...@provider.net
> Subject: Acknowledgment of your post
> From: moderat...@cauce.org
> Reply-To: moderat...@cauce.org
> Errors-To: n...@valid.address.to.prevent.bounces
Better make that:
: From bitb...@cauce.org
: ...
: Errors-To: bitb...@cauce.org
...otherwise it might end up in the postmaster mailbox of provider.net ,
one of its MX sites, or even that of cauce.org anyway.
g e r b e n @ c s . v u . n l . . . . . . . . . . . . G e r b e n V o s <><
Join the Coalition Against Unsolicited Commercial Email! http://www.cauce.org/
Phevbfvgl xvyyrq gur png.
Charles Lindsey
>I'm sure as hell not 'elect'. I'm working my way, slowly, away from
>the 'clueless' zone, but I'm definitely out of it. I don't mung my
>address. I'm not going to mung my address should comp.org.cauce come
>into being.
But nobody is asking you to mung your address when comp.org.cauce come
into being. Just post as From: wbas...@mindspring.com and your posts will
appear.
All that cauce is asking for is that if people really _must_ mung their
addresses (and clearly that does not include you), then they should mung
them "properly", so innocent postmasters do not get mailbombed. In other
words, the modbot will reject all _munged_ addresses, except those munged
in the approved form. What is wrong with that?
--
Charles H. Lindsey ---------At Home, doing my own thing-------------------------
Email: c...@clw.cs.man.ac.uk Web: http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
Gerben Vos
Charles Lindsey writes:
>All that cauce is asking for is that if people really _must_ mung their
>addresses (and clearly that does not include you), then they should mung
>them "properly", so innocent postmasters do not get mailbombed. In other
>words, the modbot will reject all _munged_ addresses, except those munged
>in the approved form. What is wrong with that?
Um, like, it makes the mung useless, and generates tonnes of extra spam?
No mung is better than this form of mung.
g e r b e n @ c s . v u . n l . . . . . . . . . . . . G e r b e n V o s <><
Join the Coalition Against Unsolicited Commercial Email! http://www.cauce.org/
The three principal virtues of a programmer are Laziness, Impatience,
and Hubris. -- Larry Wall
Gerben Vos
Igor Chudov @ home writes:
>>The bounces, sent via a higher-capacity mail relay, could saturate
>>or bring down the mail system, or even the Internet link, of a
>>small site. I must say that i haven't seen UCE myself yet that is as
>>malicious as this, but it's a definite possibility. Of course, it's a
>>denial of service attack and therefore illegal.
>Wait a second. What high-capacity mail system? I have a suspicion that
>we are talking about completely different situations here. Please
>describe the _relevant_ scenario under which bounces saturate some
>mail system.
>As I argue, this inconvenience is actually imaginary, but there is
>no way that mungers can somehow "saturate" mail systems.
Trying to explain the position of the moderators as i see it, not
exactly my opinion:
Suppose free-form munging is allowed, and munged addresses appear in
the headers of articles in comp.org.cauce . BNS (Bad Naughty Spammer)
sees the munged address and sends spam (more precisely UCE) to it. BNS
has a stupid mailer, so he uses the mail forwarder of FLP (Friendly
Large Provider) to bounce his spam off it. BNS is clever, so he sets
the return path to the address of IV (Innocent Victim). The mail
reaches the mail forwarder of FLP. MFoFLP tries send the mail to the
munged address, but fails, so it bounces it back. Unfortunately, the
return path points to IV, not to BNS or FLP, so IV gets mail. Since BNS
does this to a lot of addresses, IV is deluged with bounces.
Is this correct? I must admit that i've never run a mail system or even
a mailing list myself. I have played with SMTP a lot, however.
I still think the above isn't a major problem. After all,
comp.org.cauce is only a small part of Usenet, so IV will be deluged
anyway.
It's the only scenario i can think of that causes a problem for an
innocent postmaster caused by a munged address, though.
>Note that we talk about posters munging their addresses when they
>post to USENET. The only problem that CAUCE proponents could put
>forward to justify their proposal is that their bot would send autoreplies
>and that would hurt "innocent postmasters". I see nothing that could
>"saturate or bring down the mail system", at worst it can be a bit of
>annoyance if certain postmasters misconfigured their mail systems.
Their autoreplies can indeed be made to cause no problem at all.
g e r b e n @ c s . v u . n l . . . . . . . . . . . . G e r b e n V o s <><
Join the Coalition Against Unsolicited Commercial Email! http://www.cauce.org/
Phevbfvgl xvyyrq gur png.
Ron Schwarz
On Sun, 21 Sep 97 21:32:05 -0400, Shmuel (Seymour J.) Metz
<postmaster@LOCALHOST> wrote:
>In <3423bf74...@news.mindspring.com>, on 09/20/97
> at 01:13 PM, wbas...@mindspring.com (WD Baseley) said:
>
>> You want to be able to erect a wall to keep the bad guys out;
>> a wall of mung. You reject valid arguments that your mung
>> wall might adversely affect others. CAUCE, and the originators
>> of U2, are attempting to eliminate the *need* for the wall.
>> But you still want to cower behind your wall of mung, firing
>> inflammatory shots blindly over the top of it.
>
>You're doing the same thing that you accuse him of.
But he's a Good Guy ("Good Guy" being defined as inner circle of CAUCE
or Usenet II), so therefore it's OK. Got it?
I love the "attempting to eliminate the *need* for the wall".
"We are attempting to eliminate the need for airbags, by outlawing
collisions. In the meantime, please do not complicate matters by
wearing seatbelts."
John C. Mozena
In article <606bk2$n80$1...@star.cs.vu.nl>, Gerben Vos <ger...@cs.vu.nl> wrote:
>Charles Lindsey writes:
>
>>All that cauce is asking for is that if people really _must_ mung their
>>addresses (and clearly that does not include you), then they should mung
>>them "properly", so innocent postmasters do not get mailbombed. In other
>>words, the modbot will reject all _munged_ addresses, except those munged
>>in the approved form. What is wrong with that?
>
>Um, like, it makes the mung useless, and generates tonnes of extra spam?
>No mung is better than this form of mung.
Except that we're not *requiring* the -XXX hash mung. We're just saying
that the modbot will support it, as it entails a different From: address
on each post. It requires a hack on the modbot.
Anything else you do that keeps mail to you from bouncing is acceptable.
John C. Mozena
In article <604b0e$5...@camel3.mindspring.com>,
Cipher <cip...@mindspring.com> wrote:
>Is this really necessary? I am a CAUCE member, but I don't want mail
>confirming every post I make. You want to send me a rejection note, fine.
It's a confirmation mechanism both of the post and of the fact that your
mail isn't bouncing to some postmaster somewhere because of a badly munged
address.
>>Posters will have the option to use "spamblocks" of defined
>>characteristics.
>
>Bad idea, IMO. Let me spam block my own way please. What if my software
>won't allow me to do it your way? I get UCE based on posts to a CAUCE
>group? Please say it ain't so!
You can mung your address in any manner that allows you to return the
initial confirmation message from the modbot and to refrain from bouncing
subsequent messages -- valid responses to posts, spam or confirmation
messages -- to the modbot.
How you do that is up to you. I've made suggestions elsewhere in this
thread that I will be happy to repeat in e-mail for the sanity of those
reading this immense thing.
>>As the moderators are opposed to any system of spamblocks
>>that send rejected messages to innocent postmasters,
>
>With these things in place I would have to vote no, and not read the
>group if passed. I think you're making it WAY too difficult for people
>to post.
We're just trying to help people realize that munging their addresses has
a serious and usually-unseen consequence. Every bounce goes *somewhere*,
and it's usually not to the spammer.
John C. Mozena
In article <uc7bu1l...@wilson.physics.adelaide.edu.au>,
jon ivar skullerud <jsku...@physix.adelaide.edu.au> wrote:
>In article <5vvrfl$3...@server2.mich.com> m...@server2.mich.com
>(John C. Mozena) writes:
>> No, because it's also a verification mechanism that spamblocked addresses
>> aren't bouncing everything to postmasters.
>
>Of course, if you are going to require replyable addresses, you will
>have to send some kind of mail to that address to verify this.
>However, this does not mean you have to acknowledge every single
>article from this address. Would it not be possible to turn
>acknowledgement off for a particular address once it has been
>verified?
The most important reason for the no-spamblock rule is to cut down on the
number of bounces to innocent postmasters. Confirmation mail, in addition
to cutting down on the "it hasn't appeared, I'll send it again"
double-message syndrome, keps verifying that the address is accepting mail
and not making some poor postmaster's life harder.
>I know. But as i, and several others, have pointed out, it will be of
>no use to those who would want to use spamblocks. You may therefore
>just as well revert to your original position.
>
>Pardon me for being thick, but in fact i cannot quite see how this
>system can be described as a spamblock. To me, it looks just like an
>advanced form of filtering.
That it is.
The proposal outlined in the RFD is one that the modbot will be modified
to allow. Anything else done by the poster that allows them to return the
initial confirmation message from the modbot and to not bounce subsequent
mails is allowable. This includes aliasing the address to /dev/null,
getting a Hotmail account, using procmail to filter on a plussed address,
whatever.
You don't have to use the -XXX hash. It was just explicitly mentioned
because it's the only form of mutating address the bot will recognize.
>Other people have pointed out flaws in this scheme. Let me just point
>out another one: How do you distinguish between legitimate replies
>where the subject is changed, and illegitimate mail (spam) to the
>hashed address? Do you throw the legitimate replies in the bit-bucket
>with the spam?
Yes. That's a risk of any filtering mechanism. That's why I don't filter
or mung.
You could, of course, route messages that trip the filter to a separate
folder rather than /dev/null, as some do.
Ron Schwarz
On 22 Sep 1997 16:39:28 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <34259fe0...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>>On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
>>wrote:
>
>>>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>>>use the group?
>>>
>>>I don't think I'm either.
>>
>>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>>server-side filters."
>
>I don't filter at all. I don't mung. I use procmail to separate mailing
>list mail into folders, that's it.
Well good for you John.
Pardon me if I'm not interested in marching to the beat of your
drummer.
Of course, I guess that means I can't march in your parade at all.
So I'll be revoking my CAUCE membership, and, advising others to do
likewise.
Even though I am in agreement with CAUCE regarding Smith, I am in
apparent disagreement with them over enough other things that I am not
allowed to engage in discussion on their terms.
>>This has been answered by other posters in this thread. The
>>requirements are aimed at a select few capable of complying with them.
>
>Yep. You have to have a computer, a modem and Internet access.
And a strong desire to obey.
John C. Mozena
In article <601h2n$1...@xivic.ruhr.de>,
Wolfgang Schelongowski <skar...@LOCALHOST.ruhr.de> wrote:
>>A bit more detail, please. What's absurd about them?
>
>That your solution still requires the receiver to pay fo the
>received spam at e.g. $15 per MB (http://www.ins.net/ins/serispf.htm).
>Note that ins.net is just 5km north of me, so there will be places where
>it's more expensive. Of course, local calls are payed by connect time,
>too, and they'll probably double soon, again, due to deregulation.
Do you pay for mail when it never even makes it to the spool, when it's
/dev/nulled, for instance?
In that case, I suggest you get a Hotmail or other free account and use
that, instead of a service like the one you have.
Use it for all your mail and save yourself a bundle.
Ron Schwarz
On Mon, 22 Sep 1997 15:53:07 -0500, ich...@algebra.com (Igor Chudov @
home) wrote:
>On Mon, 22 Sep 1997 19:49:25 GMT, Ron Schwarz <s...@sig.to.reply> wrote:
[...]
>>I love the "attempting to eliminate the *need* for the wall".
>>
>>"We are attempting to eliminate the need for airbags, by outlawing
>>collisions. In the meantime, please do not complicate matters by
>>wearing seatbelts."
>
>I see it more as ``if you are a honest citizen, you certainly would not
>mind registering your name and address and keep your door open to let
>the government search you. We want to eliminate the _need_ for keys
>and locks to keep you safer.''
Believe it or not, that's essentially what the gov't here (the US) is
trying to do with encryption, and the same arguments are made against
it.
John C. Mozena
In article <34259fe0...@news.cmc.net>,
Ron Schwarz <s...@sig.to.reply> wrote:
>On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
>wrote:
>>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>>use the group?
>>
>>I don't think I'm either.
>
>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>server-side filters."
I don't filter at all. I don't mung. I use procmail to separate mailing
list mail into folders, that's it.
>This has been answered by other posters in this thread. The
>requirements are aimed at a select few capable of complying with them.
Yep. You have to have a computer, a modem and Internet access.
--
John C. Mozena
In article <slrn62d2lm....@manifold.algebra.com>,
Igor Chudov @ home <ich...@algebra.com> wrote:
>The postmaster always has control over his own procmail and can filter
>out everything he wants. It is not complicated.
Yes, but if he wants to see "legitimate" bounces so he can keep an eye on
what's happening with his mail system, then he's also going to be open to
bounces caused by spamblocks.
>Note that we talk about posters munging their addresses when they
>post to USENET. The only problem that CAUCE proponents could put
>forward to justify their proposal is that their bot would send autoreplies
>and that would hurt "innocent postmasters". I see nothing that could
>"saturate or bring down the mail system", at worst it can be a bit of
>annoyance if certain postmasters misconfigured their mail systems.
No, no, no. You misunderstand the issue. It's not mail from the modbot
that's causing the problem, it's bounced spam that has a forged domain
in the headers.
Spammer sends mail to a list including spamblocked addresses harvested
from Usenet. Headers are forged so that "nob...@localhost.com" appears as
the From: and Reply-To: addresses (this actually happened).
Postm...@localhost.com gets a bounce message for each spamblocked
address.
The mail from the modbot is a verification mechanism to ensure that this
isn't happening.
>As I argue, this inconvenience is actually imaginary, but there is
>no way that mungers can somehow "saturate" mail systems.
Ask Matt Seidl, who filed suit against the spammer who forged his
localhost.com domain into the headers of the spam and got 2K+ messages in
his postmaster mailbox. No, they weren't by any means all from mungesd
addresses, but he said the mung bounces weren't insignificant.
>It is still harmful because it a) violates privacy of users, b) exposes
>them to UCE and c) censors users of anonymous remailers.
You've welcome to post with an anonymous address. I assume that plenty of
people will do so. You just need to be able to receive mail at that
address -- or at least to have it not bounce.
>I find it hypocritical that an organization dedicated to fight
>unsolicited commercial email insists on a provision that would
>force posters to expose themselves to unsolicited commercial
>email.
We're not forcing anybody to do any such thing. If all else fails, you're
welcome to decide that you'd rather not get spam than post to the group.
But we feel we've included plenty of options for everybody from wizards to
clueless newbies. We'll help people out, if they need it.
>I disagree. If we got into this way of thinking, we'd let a lot of
>stupidities creep into charters of many. many newsgroups. It is better
>if all proponents of all newsgroups see that stupid proposals do not
>get accepted and that dishonesty in moderators and proponents is not
>rewarded.
Either prove I've been dishonest or retract that statement.
I don't like being called a liar.
Until you do one or the other, I've got nothing else to say to you.
Ron Schwarz
On 22 Sep 1997 17:05:58 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <601h2n$1...@xivic.ruhr.de>,
>Wolfgang Schelongowski <skar...@LOCALHOST.ruhr.de> wrote:
>>In <5vvvi9$5...@server2.mich.com> m...@server2.mich.com (John C. Mozena) writes:
>
>>>A bit more detail, please. What's absurd about them?
>>
>>That your solution still requires the receiver to pay fo the
>>received spam at e.g. $15 per MB (http://www.ins.net/ins/serispf.htm).
>>Note that ins.net is just 5km north of me, so there will be places where
>>it's more expensive. Of course, local calls are payed by connect time,
>>too, and they'll probably double soon, again, due to deregulation.
>
>Do you pay for mail when it never even makes it to the spool, when it's
>/dev/nulled, for instance?
>
>In that case, I suggest you get a Hotmail or other free account and use
>that, instead of a service like the one you have.
>
>Use it for all your mail and save yourself a bundle.
Yeah, Wolfgang, just cost-shift to an unwitting third party. Hell,
spammers do it all the time, so we know it works!
I guess the CA/UCENET-II people have gone full circle.
Information Security
In alt.cypherpunks John C. Mozena <m...@server2.mich.com> wrote:
: In article <slrn62d2lm....@manifold.algebra.com>,
: Igor Chudov @ home <ich...@algebra.com> wrote:
: >The postmaster always has control over his own procmail and can filter
: >out everything he wants. It is not complicated.
: Yes, but if he wants to see "legitimate" bounces so he can keep an eye on
: what's happening with his mail system, then he's also going to be open to
: bounces caused by spamblocks.
: >Note that we talk about posters munging their addresses when they
: >post to USENET. The only problem that CAUCE proponents could put
: >forward to justify their proposal is that their bot would send autoreplies
: >and that would hurt "innocent postmasters". I see nothing that could
: >"saturate or bring down the mail system", at worst it can be a bit of
: >annoyance if certain postmasters misconfigured their mail systems.
: No, no, no. You misunderstand the issue. It's not mail from the modbot
: that's causing the problem, it's bounced spam that has a forged domain
: in the headers.
: Spammer sends mail to a list including spamblocked addresses harvested
: from Usenet. Headers are forged so that "nob...@localhost.com" appears as
: the From: and Reply-To: addresses (this actually happened).
: Postm...@localhost.com gets a bounce message for each spamblocked
: address.
: The mail from the modbot is a verification mechanism to ensure that this
: isn't happening.
The normal choice is to run a filter program for review of "suspect" ones.
How about using a one-time acknowledged reply to REGISTER a munged address,
preferably an unresolvable one.
It's that simple.
---guy
John C. Mozena
In article <slrn62dh2k....@manifold.algebra.com>,
Igor Chudov @ home <ich...@algebra.com> wrote:
>... and properly configuring the modbot so that munging does not cause
>problems to ANYONE is even better.
It's not the modbot that causes bounces to innocent postmasters. It's
spammers and people who don't bother to inspect addresses before mailing.
Rebecca McQuitty
jon ivar skullerud <jsku...@physix.adelaide.edu.au> wrote:
[ about acknowledging every post ]
> Would it not be possible to turn acknowledgement off for a
> particular address once it has been verified?
Or to send an auto-ack to any given address no more than once per week
or per month.
--
Rebecca Graham McQuitty
Curtis Jewell
In article <slrn62e0d6....@manifold.algebra.com>, ich...@algebra.com (Igor Chudov) wrote:
>On 22 Sep 1997 16:48:52 -0400, John C. Mozena <m...@server2.mich.com> wrote:
>>In article <606bk2$n80$1...@star.cs.vu.nl>, Gerben Vos <ger...@cs.vu.nl> wrote:
>>>Charles Lindsey writes:
>>>
>>>>All that cauce is asking for is that if people really _must_ mung their
>>>>addresses (and clearly that does not include you), then they should mung
>>>>them "properly", so innocent postmasters do not get mailbombed. In other
>>>>words, the modbot will reject all _munged_ addresses, except those munged
>>>>in the approved form. What is wrong with that?
>>>
>>>Um, like, it makes the mung useless, and generates tonnes of extra spam?
>>>No mung is better than this form of mung.
>>
>>Except that we're not *requiring* the -XXX hash mung. We're just saying
>>that the modbot will support it, as it entails a different From: address
>>on each post. It requires a hack on the modbot.
>>
>>Anything else you do that keeps mail to you from bouncing is acceptable.
>
>
>igor
Well, not quite.
Just get a "trash account" on Hotmail.
That's what I've had to do.
--Curtis
--Curtis
Mail to the address above will be deleted unread.
Send replies to curtis_whalen (at) geocities.com
This is because of SPAM.
John C. Mozena
In article <slrn62e4bd....@manifold.algebra.com>,
Igor Chudov @ home <ich...@algebra.com> wrote:
>On 22 Sep 1997 17:42:57 -0400, John C. Mozena <m...@server2.mich.com> wrote:
>>Igor Chudov @ home <ich...@algebra.com> wrote:
[snip]
>>>I disagree. If we got into this way of thinking, we'd let a lot of
>>>stupidities creep into charters of many. many newsgroups. It is better
>>>if all proponents of all newsgroups see that stupid proposals do not
>>>get accepted and that dishonesty in moderators and proponents is not
>>>rewarded.
>>
>>Either prove I've been dishonest or retract that statement.
>
>I did not say that _you_ were dishonest. _You_ just said that. :)
I am both the proponent and a moderator. You were most certainly referring
to me when you talked about "dishonesty in moderators and proponents."
I work in a field where reputation -- especially for honesty -- is
everything. If a reader can't trust me, then I'm screwed.
Like I said, prove I'm lying or retract it. Your flights of fancy about
"their stated goals are not their true goals" don't come close to proof.
They're based on inference, fuzzy leaps of "logic" and assumptions based
on "numerous articles by many posters," which seem to consist essentially
of you, Ron Schwarz and Rich Tietjens with the occasional visitor.
You little, little person. Stand up and admit you called me a liar based
on inference. Either do that, or shut up and go away, because you're
wasting my and the few readers who remain to this thread's time. If we
can't trust you to tell the truth, then you're no better than any other
net.kook.
Cipher
In article <606ld7$5...@server2.mich.com> John C. Mozena,
m...@server2.mich.com writes:
>In article <604b0e$5...@camel3.mindspring.com>,
>Cipher <cip...@mindspring.com> wrote:
>
>>Is this really necessary? I am a CAUCE member, but I don't want mail
>>confirming every post I make. You want to send me a rejection note, fine.
>
>It's a confirmation mechanism both of the post and of the fact that your
>mail isn't bouncing to some postmaster somewhere because of a badly munged
>address.
Which I don't need or feel is necessary. Do a lot of NGs send out
successful post aks?
>>>Posters will have the option to use "spamblocks" of defined
>>>characteristics.
>>
>>Bad idea, IMO. Let me spam block my own way please. What if my software
>>won't allow me to do it your way? I get UCE based on posts to a CAUCE
>>group? Please say it ain't so!
>
>You can mung your address in any manner that allows you to return the
>initial confirmation message from the modbot and to refrain from bouncing
>subsequent messages -- valid responses to posts, spam or confirmation
>messages -- to the modbot.
>
>How you do that is up to you. I've made suggestions elsewhere in this
>thread that I will be happy to repeat in e-mail for the sanity of those
>reading this immense thing.
>
>>>As the moderators are opposed to any system of spamblocks
>>>that send rejected messages to innocent postmasters,
I think it's been demonstrated that this doesn't have to happen. Your
munging scheme seems to broken badly.
>>With these things in place I would have to vote no, and not read the
>>group if passed. I think you're making it WAY too difficult for people
>>to post.
>
>We're just trying to help people realize that munging their addresses has
>a serious and usually-unseen consequence. Every bounce goes *somewhere*,
>and it's usually not to the spammer.
So, you're anti-munge? Unless you mung according to a scheme that
actually defeats munging? I don't follow your logic here.....
Ron Schwarz
On 23 Sep 1997 08:03:01 GMT, Cipher <cip...@mindspring.com> wrote:
>In article <3425D8...@the.raven.com> Never More, qu...@the.raven.com
>writes:
>>I remain a strong supporter of the Cauce goals but am somewhat leery of
>>the people behind it. Some statements in this thread have been - um -
>>interesting.
>
>I'm wondering..... would an Internet Driver's License make 'em happy?
>
>I know Freeh and Clinton would love it.
>
>I totally support the use of munged addresses, tho I don't munge mine,
>and anonymous posting. I will vote against any group that I perceive to
>be chipping away at those rights.
>
>Charters should address content, NOT methodology. HOW I post should be
>my business, WHAT I post can be the moderator's business.
>
>Let's all mind our own business!!
It really is getting weird, ain't it? Regimented Anarchy. Riiiiight.
--
Do you support CAUCE? Do you use a spamblocked address?
If the answer to both of those questions is "yes", you might
want to reconsider your support of CAUCE because of their
radical stance against spamblocked addresses.
Cipher
In article <34287d7f....@news.cmc.net> Ron Schwarz,
s...@sig.to.reply writes:
>Do you support CAUCE? Do you use a spamblocked address?
> If the answer to both of those questions is "yes", you might
> want to reconsider your support of CAUCE because of their
> radical stance against spamblocked addresses.
I am wondering if this RFD is laying the groundwork for another agenda :
the end to anonymous posting. "Hey look at the wonderful model the folks
use that ended all the spam!" "Everything on Usenet should be like
that!" "If we just register our e-mail addresses, we can catch all the
bad guys who spam"
And write dissenting political opinion too!
The old "If you don't have anything to hide" argument that the government
of the U.S. is currently blowing smoke up congresses butt with to get Key
Escrow passed.
I am starting to see a connection between these forces. Will this
newsgroup become the advance guard of a new assualt on the First and
Fourth Amendments?
Did someone cleverly pick UCE as a wedge because everyone hates it? Will
the cure become far worse than the disease? Will this newsgroup further
that end?
Hey, I could get really wacky and suggest that a lot of spam is never
intended to sell anything, just irritate folks until the final solution
arrives. Which solves UCE and implements another agenda. Who opined
that some don't munge because they like to complain? Maybe NEED
something to complain about? Might have something there!
I REALLY don't like this RFD. I'll vote no unless MAJOR CHANGES are made.
I will post my opinions and pointers to the RFD/CFV in a few
privacy/crypto groups I read also. Those with strong objections may wish
to consider similar actions, actions allowable under the rules. I can't
abide vote fraud.
Cipher
In article <3425D8...@the.raven.com> Never More, qu...@the.raven.com
writes:
>I remain a strong supporter of the Cauce goals but am somewhat leery of
>the people behind it. Some statements in this thread have been - um -
>interesting.
I'm wondering..... would an Internet Driver's License make 'em happy?
I know Freeh and Clinton would love it.
I totally support the use of munged addresses, tho I don't munge mine,
and anonymous posting. I will vote against any group that I perceive to
be chipping away at those rights.
Charters should address content, NOT methodology. HOW I post should be
my business, WHAT I post can be the moderator's business.
Let's all mind our own business!!
Cipher
Ron Schwarz
On 23 Sep 1997 08:10:07 GMT, Cipher <cip...@mindspring.com> wrote:
[...]
>So, you're anti-munge? Unless you mung according to a scheme that
>actually defeats munging? I don't follow your logic here.....
You can't follow what ain't there.
--
Do you support CAUCE? Do you use a spamblocked address?
If the answer to both of those questions is "yes", you might
want to reconsider your support of CAUCE because of their
radical stance against spamblocked addresses.
Replies to: c
Colin Douthwaite
Bruce Baugh (ari...@eyrie.org) wrote:
> Excellent, given crossposting's role as one of the greatest banes
> useful Usenet discourse these days.
Not so.
You're reading the wrong newsgroups.
Bye,
David Aronson
(Newsgroups edged to those I read)
s...@sig.to.reply (Ron Schwarz) writes:
> Do you support CAUCE? Do you use a spamblocked address?
> If the answer to both of those questions is "yes", you might
> want to reconsider your support of CAUCE because of their
> radical stance against spamblocked addresses.
"Their"? No, "John Mozena's". He doesn't speak for all of us on this
issue.
-Dave Aronson, Sysop, Air 'n Sun (airnsun.pcbuddy.com), @ (703) 319-0714
SUPPORT REP CHRIS SMITH'S NO-JUNK-EMAIL BILL! GIVE A DAMN, DON'T SPAM!
Opinions MINE, not from Template, Mensa, NRA, SCA, US Gov't, or God!
http://www.webspawner.com/users/DaveAronson/
David Cathey
Ron Schwarz wrote:
>
> On 23 Sep 1997 08:10:07 GMT, Cipher <cip...@mindspring.com> wrote:
>
> [...]
>
> >So, you're anti-munge? Unless you mung according to a scheme that
> >actually defeats munging? I don't follow your logic here.....
>
> You can't follow what ain't there.
Really the only alternative to not munging is proactive
filtering. Those really interested can subscribe to WhiteICE,
but it sucks that you either have to become a procmail guru or
something in order to participate. Most of the victims on this
UBE issue are just regular people who are not high-tech wizards.
Yes, many of us can deal with the problem on our end by writing
this or that, but we are the MINORITY victim-base.
Let the unwashed masses mung (nicely) their addresses and
participate. Don't make rules based upon your talents at the
expense of the legions of people we ought to be encouraging to help!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
David L. Cathey |Inet: dav...@montagar.com
Montagar Software Concepts |Fone: (972)-578-5036
P. O. Box 260772, Plano, TX 75026 |http://www.montagar.com
Junk E-Mail filtered by WhiteICE |http://www.whiteice.com
Ron Schwarz - see sig to reply
On 23 Sep 1997 10:27:05 GMT, Cipher <cip...@mindspring.com> wrote:
>In article <34287d7f....@news.cmc.net> Ron Schwarz,
>s...@sig.to.reply writes:
>>Do you support CAUCE? Do you use a spamblocked address?
>> If the answer to both of those questions is "yes", you might
>> want to reconsider your support of CAUCE because of their
>> radical stance against spamblocked addresses.
>
>I am wondering if this RFD is laying the groundwork for another agenda :
>the end to anonymous posting. "Hey look at the wonderful model the folks
>use that ended all the spam!" "Everything on Usenet should be like
>that!" "If we just register our e-mail addresses, we can catch all the
>bad guys who spam"
>
>And write dissenting political opinion too!
>
>The old "If you don't have anything to hide" argument that the government
>of the U.S. is currently blowing smoke up congresses butt with to get Key
>Escrow passed.
>
>I am starting to see a connection between these forces. Will this
>newsgroup become the advance guard of a new assualt on the First and
>Fourth Amendments?
Perhaps I'm not the only one who wonders if David Sternlight is a
CA/UCENET-II principal?
>Did someone cleverly pick UCE as a wedge because everyone hates it? Will
>the cure become far worse than the disease? Will this newsgroup further
>that end?
>
>Hey, I could get really wacky and suggest that a lot of spam is never
>intended to sell anything, just irritate folks until the final solution
>arrives. Which solves UCE and implements another agenda. Who opined
>that some don't munge because they like to complain? Maybe NEED
>something to complain about? Might have something there!
>
>I REALLY don't like this RFD. I'll vote no unless MAJOR CHANGES are made.
>I will post my opinions and pointers to the RFD/CFV in a few
>privacy/crypto groups I read also. Those with strong objections may wish
>to consider similar actions, actions allowable under the rules. I can't
>abide vote fraud.
>
>Cipher
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 5.0 Charset: noconv
>iQA/AwUBM81uIbKO9JtAv+/uEQKiBACg0InZT+DGQBNFWAZ4/2Rbm4i2X/8AnjkS
>xeNHEHShMX0KgKmIttKbduQn=467z
>-----END PGP SIGNATURE-----
--
Do you support CAUCE? Do you use a spamblocked address?
If the answer to both of those questions is "yes", you might
want to reconsider your support of CAUCE because of their
radical stance against spamblocked addresses.
Replies to: c
Ron Schwarz - see sig to reply
On Tue, 23 Sep 1997 09:06:49 -1300, David Cathey <dav...@montagar.com>
wrote:
>Ron Schwarz wrote:
>>
>> On 23 Sep 1997 08:10:07 GMT, Cipher <cip...@mindspring.com> wrote:
>>
>> [...]
>>
>> >So, you're anti-munge? Unless you mung according to a scheme that
>> >actually defeats munging? I don't follow your logic here.....
>>
>> You can't follow what ain't there.
>
> Really the only alternative to not munging is proactive
>filtering. Those really interested can subscribe to WhiteICE,
>but it sucks that you either have to become a procmail guru or
>something in order to participate. Most of the victims on this
>UBE issue are just regular people who are not high-tech wizards.
>Yes, many of us can deal with the problem on our end by writing
>this or that, but we are the MINORITY victim-base.
Well, my experiment worked (see my new address), but it's hardly
anything applicable to the vast majority of users.
> Let the unwashed masses mung (nicely) their addresses and
>participate. Don't make rules based upon your talents at the
>expense of the legions of people we ought to be encouraging to help!
When "the rules" exhibit the dual qualities of being absolutely
unbendable, and by nature exclusionary, one tends to conclude the
obvious.
If they *wanted* the "unwashed masses" involved in the process, they
would have made room for them.
Instead, they paid lip service to glastnost, but in practice,
maintained an extrememly closed operation.
Wolfgang Schelongowski
> In other
>words, the modbot will reject all _munged_ addresses, except those munged
>in the approved form. What is wrong with that?
That the cost incurring to the posters's site will still be the same or
even higher. Better schemes have been repeatedly proposed.
--
Wolfgang Schelongowski Check _ALL_ headers before sending email.
The man in the silk suit hurries by as he catches the poor old ladies' eyes
Just for fun he says "get a job"
-- B.R. Hornsby, The Way It Is
Ron Schwarz - see sig to reply
>On 23 Sep 1997 10:27:05 GMT, Cipher <cip...@mindspring.com> wrote:
>>In article <34287d7f....@news.cmc.net> Ron Schwarz,
>>s...@sig.to.reply writes:
>>>Do you support CAUCE? Do you use a spamblocked address?
>>> If the answer to both of those questions is "yes", you might
>>> want to reconsider your support of CAUCE because of their
>>> radical stance against spamblocked addresses.
>>
>>I am wondering if this RFD is laying the groundwork for another agenda :
>>the end to anonymous posting. "Hey look at the wonderful model the folks
>>use that ended all the spam!" "Everything on Usenet should be like
>>that!" "If we just register our e-mail addresses, we can catch all the
>>bad guys who spam"
>
>Yes, it is. Their schemes would hold everyone "accountable".
>
>>And write dissenting political opinion too!
>
>There is no need for a dissenting opinion, you know.
All it does is impede the process, after all.
It's *so* counterproductive.
It's an obstacle to Effective Government.
George Curry
In article <606utc$4s7$1...@news1.teleport.com>, Portland Atari Club <at...@user2.teleport.com> wrote:
>In <606l20$4...@server2.mich.com> in news.admin.net-abuse.email John C. Mozena
> <m...@server2.mich.com> wrote:
>JC M> In article <34259fe0...@news.cmc.net>,
>JC M> Ron Schwarz <s...@sig.to.reply> wrote:
>>On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
>>wrote:
>
>>>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>>>use the group?
>>>
>>>I don't think I'm either.
>>
>>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>>server-side filters."
>
>JC M> list mail into folders, that's it.
>
>>This has been answered by other posters in this thread. The
>>requirements are aimed at a select few capable of complying with them.
>
>
>And THAT is precisely the kind of bullshit I have pointed out before.
>
>Joe USer has no idea how to filter anything, but he CAN click on
>Netscape's "Options" dialog and change his posting address from
>"joe....@domain.com" to "joe....@domain.spamblock.com" very easily.
>
>However, the proponents of this RFD have decreed that this simple AND
>EFFECTIVE method of blocking junk email is Politically Incorrect.
>
>THAT's bullshit.
>
>I'll set up a cron job to notify me when the CFV goes out - this proposal
>is unacceptable.
>
The idea that all you need to support the kind of munging suggested in the RFD
is a computer, a modem and Internet access is patently incorrect. Your ISP
has to support it to, not everybody runs their own mail server or has
significant influence over it. I doubt if a large proportion will support
it and even if they do, the stuff will still get to you so what's the point.
This is as ludicrous as the Usenet II peoples suggestions. As long as real
mail address information is supplied with the post a standard munge address
should be allowed to stop replies. e.g. nor...@cauce.org, which can be set
up either with an auto-responder explaining it is a fake address and the
reasons for its use, or piped to /dev/null. I think as long as the real
address is supplied with the mail it should be acceptable. Death to the
mailbots!
George Curry
george at dircon dot co dot uk
Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
at http://www.cauce.org/ and tell your political representative how Spam mailings
hurt you. Help protect genuine Internet commerce: Outlaw UCE Spamming.
Great boobies honeybun, my lower intestine is full of spam...
Monty Python's Flying Circus
WD Baseley
In article <slrn62e29u....@manifold.algebra.com>,
ich...@algebra.com (Igor Chudov @ home) articulated:
>So you would not see, in many emails (depending on te format of Received:
>field) any reference to the destination address used.
I see my address the headers depending upon ISP. See examples below.
----- example 1 -----
Return-Path: <vpt...@odyssee.net>
Received: from r2d2.microtec.net (r2d2.microtec.net [204.50.80.57])
by camel5.mindspring.com (8.8.5/8.8.5) with SMTP id JAA19378
for <wbas...@mindspring.com>; Tue, 23 Sep 1997 09:15:48 -0400
(EDT)
Date: Tue, 23 Sep 1997 09:15:48 -0400 (EDT)
From: vpt...@odyssee.net
Message-Id: <1997092313...@camel5.mindspring.com>
Received: (qmail 25030 invoked by uid 201); 23 Sep 1997 09:15:44 -0400
Received: from as51-7-ppp15.mtl.microtec.net (HELO odyssee.net)
(205.236.248.171)
by r2d2.microtec.net with SMTP; 23 Sep 1997 09:15:44 -0400
To: vpt...@odyssee.net
Subject: DO YOU HAVE AN INK-JET PRINTER?
---- example 2 -----
From 4424...@rose.com Sat Sep 13 02:47:40 1997
Return-Path: <4424...@rose.com>
Received: from mail.his.com (mail.his.com [205.177.25.9])
by emin42.mail.aol.com (8.8.5/8.8.5/AOL-4.0.0)
with ESMTP id CAA11768;
Sat, 13 Sep 1997 02:47:25 -0400 (EDT)
From: 4424...@rose.com
Received: from 205.177.25.9 (ad76-096.compuserve.com [199.174.172.96])
by mail.his.com (8.8.7/8.8.7) with SMTP id CAA28033; Sat, 13 Sep 1997
02:47:52 -0400 (EDT)
Date: Fri, 12 Sep 97 23:16:04 EST
To: New.Ma...@aol.com
Subject: " Sports Casino "
Message-ID: <>
X-PMFLAGS: 128 0
>Hence, it will not be useful for filtering.
This will be true for some people.
-- WD Baseley
Wolfgang Schelongowski
>In article <34259fe0...@news.cmc.net>,
>Ron Schwarz <s...@sig.to.reply> wrote:
>>This has been answered by other posters in this thread. The
>>requirements are aimed at a select few capable of complying with them.
>Yep. You have to have a computer, a modem and Internet access.
^^^^^^^^^^^^^^^
You are confusing Usenet with Internet. That explains all your other
errors but puts you in the position of rich kid who doesn't understand
why other kids call him 'spoilt'.
Ron Schwarz - see sig to reply
On Tue, 23 Sep 1997 17:13:58 GMT, geo...@dircon.co.uk (George Curry)
wrote:
>In article <606utc$4s7$1...@news1.teleport.com>, Portland Atari Club <at...@user2.teleport.com> wrote:
[...]
>>I'll set up a cron job to notify me when the CFV goes out - this proposal
>>is unacceptable.
>>
>The idea that all you need to support the kind of munging suggested in the RFD
>is a computer, a modem and Internet access is patently incorrect. Your ISP
>has to support it to, not everybody runs their own mail server or has
>significant influence over it. I doubt if a large proportion will support
>it and even if they do, the stuff will still get to you so what's the point.
>This is as ludicrous as the Usenet II peoples suggestions. As long as real
>mail address information is supplied with the post a standard munge address
>should be allowed to stop replies. e.g. nor...@cauce.org, which can be set
>up either with an auto-responder explaining it is a fake address and the
>reasons for its use, or piped to /dev/null. I think as long as the real
>address is supplied with the mail it should be acceptable. Death to the
>mailbots!
If I was a betting man, I'd be trying to figure the odds on them doing
an end run on the whole "problem", and going for net.org.cauce. If
they do that, they'll surely avoid all dissent.
--
Do you support CAUCE? Do you use a spamblocked address?
If the answer to both of those questions is "yes", you might
want to reconsider your support of CAUCE because of their
radical stance against spamblocked addresses.
(To reply to me, change devnull to censor)
spam target - see .sig
-----BEGIN PGP SIGNED MESSAGE-----
s...@sig.to.reply (Ron Schwarz) writes:
> Do you support CAUCE? Do you use a spamblocked address?
> If the answer to both of those questions is "yes", you might
> want to reconsider your support of CAUCE because of their
> radical stance against spamblocked addresses.
Why? Those are two separate issues. If CAUCE is going to support
legislation to make munged addresses illegal, let me know and I'll
think about it. Meanwhile, I support the Smith bill and CAUCE's
efforts against UCE (I wouldn't mind efforts against all UBE myself),
so I'm keeping my association with them and my link to them on my web
page.
/JBL
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNCgO7ErBo3M5BSipAQHYkAL/QFN1IMw0LYWrg7PvTlO24yXSuCod8lOI
RgVScpZdoRstcc+WOCYqyvPKPsn9K2MMcuwTSp3DMXpv8ot6g58d9esAQiQ5GSGC
5mpbPGgmVhyfbjNPQEuTZ9K6Q8oUSoC7
=hrIL
-----END PGP SIGNATURE-----
--
Nets: levin (at) bbn.com | Public keys available at
or jbl (at) levin.mv.com | http://www.mv.com/ipusers/levin/pgpkeys.html
* If you send me abusive or threatening e-mail, I will probably post it. *
Ron Schwarz - see sig to reply
On 23 Sep 1997 14:48:26 -0400, jbl0...@hotmail.com (spam target - see
.sig) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>s...@sig.to.reply (Ron Schwarz) writes:
>> Do you support CAUCE? Do you use a spamblocked address?
>> If the answer to both of those questions is "yes", you might
>> want to reconsider your support of CAUCE because of their
>> radical stance against spamblocked addresses.
>
>Why? Those are two separate issues. If CAUCE is going to support
>legislation to make munged addresses illegal, let me know and I'll
>think about it. Meanwhile, I support the Smith bill and CAUCE's
>efforts against UCE (I wouldn't mind efforts against all UBE myself),
>so I'm keeping my association with them and my link to them on my web
>page.
All well and good, but keep in mind that you will be excluded from
posting on comp.org.cauce.
Personally, I have little interest in supporting organizations that by
charter exclude "my kind" from membership.
--
Do you support CAUCE? Do you use a spamblocked address?
If the answer to both of those questions is "yes", you might
want to reconsider your support of CAUCE because of their
radical stance against spamblocked addresses.
(To reply to me, change devnull to censor)
George Curry
In article <slrn62e7nt....@manifold.algebra.com>, ich...@algebra.com (Igor Chudov) wrote:
>22 Sep 1997 23:27:40 GMT, Portland Atari Club <at...@user2.teleport.com> wrote:
>>news.admin.net-abuse.email John C. Mozena <m...@server2.mich.com> wrote:
>>JC M> In article <34259fe0...@news.cmc.net>,
>>JC M> Ron Schwarz <s...@sig.to.reply> wrote:
>>>On 20 Sep 1997 03:55:53 -0400, m...@server2.mich.com (John C. Mozena)
>>>wrote:
>>
>>>>Wasn't your point that you had to be a mail wizard or a clueless newbie to
>>>>use the group?
>>>>
>>>>I don't think I'm either.
>>>
>>>"I'm not 'the elect', I'm just yer typical guy sitting on a fixed
>>>IP|T1|fill-in-the-blanks system that lets me idle away my days tuning
>>>server-side filters."
>>
>>JC M> I don't filter at all. I don't mung. I use procmail to separate mailing
>>JC M> list mail into folders, that's it.
>>
>>>requirements are aimed at a select few capable of complying with them.
>>
>>
>>And THAT is precisely the kind of bullshit I have pointed out before.
>>
>>Joe USer has no idea how to filter anything, but he CAN click on
>>Netscape's "Options" dialog and change his posting address from
>>"joe....@domain.com" to "joe....@domain.spamblock.com" very easily.
>>
>>However, the proponents of this RFD have decreed that this simple AND
>>EFFECTIVE method of blocking junk email is Politically Incorrect.
>>
>>THAT's bullshit.
>>
>>is unacceptable.
>
>
>Thanks
>
>igor
Can you add mine to, I think the people who make these decisions need a good
dose of reality. geo...@dircon.co.uk
Dan Sterner
David Cathey wrote:
>
> Really the only alternative to not munging is proactive
> filtering. Those really interested can subscribe to WhiteICE,
> but it sucks that you either have to become a procmail guru or
> something in order to participate. Most of the victims on this
> UBE issue are just regular people who are not high-tech wizards.
> Yes, many of us can deal with the problem on our end by writing
> this or that, but we are the MINORITY victim-base.
>
> participate. Don't make rules based upon your talents at the
> expense of the legions of people we ought to be encouraging to help!
>
I've stayed out of this thread so far, but the above was well put and I
agree. If they represent us why are they setting it up in a way that
makes a few with the right se up able to munge and most of us unable to
do so?
I don't munge, never have or will. If spammers want to send me
unsolicited trash the least I can do is return the favor and let them
know how much I appreciate it. That aside I think the dual standard
stinks. As far as the CAUCE newsgroup goes, make it all or nothing,
don't set up a flawed system that allows a few to do it and shuts the
rest out. My vote today would be no.
--
Sites to help with the fight against SPAM and UCE
Abuse.net: Home Page -- http://www.abuse.net/ Report abuse
Fight Spam on the Internet! -- http://spam.abuse.net/spam/
Net Abuse Bookmarks -- http://www.teleport.com/~atari/net-abuse.htm
Tommy the Terrorist
In article <607l48$r...@server2.mich.com> John C. Mozena,
m...@server2.mich.com writes:
>I am both the proponent and a moderator. You were most certainly referring
>to me when you talked about "dishonesty in moderators and proponents."
>I work in a field where reputation -- especially for honesty -- is
>everything. If a reader can't trust me, then I'm screwed.
Not only are you screwed, you're screwed up! You're pushing forward the
ABSURD idea that in order to block posts from "@localhost", you have to
block any post that doesn't pass a fancy identification system. A reader
(me) CANNOT trust you.
Your words:
"No, no, no. You misunderstand the issue. It's not mail from the modbot
that's causing the problem, it's bounced spam that has a forged domain in
the headers.
Spammer sends mail to a list including spamblocked addresses harvested
from Usenet. Headers are forged so that "nob...@localhost.com" appears as
the From: and Reply-To: addresses (this actually happened).
Postm...@localhost.com gets a bounce message for each spamblocked
address.
The mail from the modbot is a verification mechanism to ensure that this
isn't happening."
Is it by inference I call you a liar? Certainly! If a soldier comes
over the hill and says there's nobody on the other side, and 5 minutes
later you walk over the hill and find a thousand armies, well, maybe they
were hiding behind the bushes? You infer he was a liar. You always
infer. How do you know if someone is just crazy or stupid? You just
assume they're not THAT crazy or THAT stupid.
You've proposed an explanation that is crazy and stupid, and too crazy
and stupid for me to believe what you have proposed. YOU ARE A LIAR.
This is not olden times of nobility when any charge of "liar" is settled
in a duel, the nobleman using good weapons and training that the peasant
doesn't have. And it is my intention that those days not return - the
first step being to ensure that a person can lay out a charge with the
protection of anonymity if he feels he is threatened otherwise.
Someone, please make sure the CFV gets posted to alt.censorship when the
time comes. It is DEFINITELY an appropriate group for this, because
censorship is EXACTLY what "cauce" is all about, no matter what they
pretend. Spam is an evil, but civil liability suits are a greater evil.
Just imagine when the spammers start spamming themselves from YOUR
address, and then suing YOU for damages, and "PROVING" their case, to a
"preponderance of the evidence", because forgery is "unlikely". And
imagine the goddamned New World Order that the "cauce" members will then
propose, to "save" you from this problem they are working to create!!!
Cipher
2nd RFD: comp.org.cauce moderated
Just say no to a very flawed RFD. The intersection of eltist interests
and hidden agendas is a very weird street corner to be standing on.
The charter essentially says munge your address if you will, but you must
do it in a way as to allow maximum spam to your address, in the name of
protecting postmasters who are far more able to protect themselves than
you will ever be. If you can't do it like the wizards do it, accept the
spam or begone!
Add in elements of an anti anonymous posting sentiment....a desire for
everyone to be known regardless of post content.....
Unacceptable! Vote NO! Post pointers so others can decide if they wish
to vote.
John C. Mozena
In article <6085hp$4...@camel3.mindspring.com>,
Cipher <cip...@mindspring.com> wrote:
>I am wondering if this RFD is laying the groundwork for another agenda :
>the end to anonymous posting. "Hey look at the wonderful model the folks
>use that ended all the spam!" "Everything on Usenet should be like
>that!" "If we just register our e-mail addresses, we can catch all the
>bad guys who spam"
The only thing we're doing to end spam is trying to get HR 1748 passed. If
you disagree with that, fine.
Our moderation proposal isn't going to cut down on the amount of spam sent
by a single message. All it will do is keep spam from being bounced to
postmasters who then either have to filter it or delete it. It's not going
to help us catch anybody, it's not going to help us track down anybody.
Your concerns aren't upheld by the facts of the proposal.
As far as "register[ing] our e-mail addresses," you can register anything
you damn well please, as long as we can be sure that the original poster
owns the address and that it's not going to bounce mail to postmasters. We
don't ask and don't care who the orignial poster is -- we just want to
make sure that the Kook Kabal can't hijack somebody else's address and
post flame bait.
An anon.penet.fi (RIP) address would have been perfectly legal under this
system. I don't know much about anon remailers (my experience ended with
the death of Penet), but any remailer based on this model would work as
well.
>The old "If you don't have anything to hide" argument that the government
>of the U.S. is currently blowing smoke up congresses butt with to get Key
>Escrow passed.
Nowhere do we say that you can't hide your name, age, sex, real ISP, job,
anything you want. All we say is that you can't bounce mail. You don't
need to read it -- you just can't bounce it.
>Hey, I could get really wacky and suggest that a lot of spam is never
>intended to sell anything, just irritate folks until the final solution
>arrives. Which solves UCE and implements another agenda. Who opined
>that some don't munge because they like to complain? Maybe NEED
>something to complain about? Might have something there!
Oh, pardon me. I didn't realize you were a paranoiac.
Ron Schwarz - see sig to reply
On 23 Sep 1997 13:17:20 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
[]
>Nowhere do we say that you can't hide your name, age, sex, real ISP, job,
>anything you want. All we say is that you can't bounce mail. You don't
>need to read it -- you just can't bounce it.
So you are by implication banning vacation notices too?
Note for the record that to remove from the equation any charge that I
am lazy, stupid, have a suck ISP, or any other diversionary tactic, I
have specifically created a bitbucket address.
Now, *I* can argue from a position of purity too.
As long as Those Who Must Be Obeyed insist that the peasants can
either eat cake or shut TF up, I will continue to object.
John C. Mozena
In article <343b0a27....@news.cmc.net>,
Ron Schwarz - see sig to reply <dev...@clubvb.com> wrote:
>If I was a betting man, I'd be trying to figure the odds on them doing
>an end run on the whole "problem", and going for net.org.cauce. If
>they do that, they'll surely avoid all dissent.
The vast majority of CAUCE members don't have U2 access. That invalidates
the whole point of the group.
John C. Mozena
In article <3432921d...@news.cmc.net>,
>wrote:
>
>[]
>
>>Nowhere do we say that you can't hide your name, age, sex, real ISP, job,
>>anything you want. All we say is that you can't bounce mail. You don't
>>need to read it -- you just can't bounce it.
>
>So you are by implication banning vacation notices too?
Realistically, we'd probably make an exception for those. They have a real
utility I can appreciate.
As much as I hate the flood of them I get when I send out a CAUCE News
issue with my cauce.org address as the reply-to.
>Note for the record that to remove from the equation any charge that I
>am lazy, stupid, have a suck ISP, or any other diversionary tactic, I
>have specifically created a bitbucket address.
If, as I assume from the name, it points to /dev/null, then you've created
a perfect example of a valid comp.org.cauce address.
What we ought to do is convince ISPs to create systemwide addresses like
that for their users to use in place of spamblocks. Mungers would be
satisfied, postmasters live in peace, spammers are left with no readers.
>Now, *I* can argue from a position of purity too.
>
>As long as Those Who Must Be Obeyed insist that the peasants can
>either eat cake or shut TF up, I will continue to object.
That continues to be your right and your privilege. I continue to think
you're wrong.
John C. Mozena
In article <609isu$5...@camel3.mindspring.com>,
Cipher <cip...@mindspring.com> wrote:
>Just say no to a very flawed RFD. The intersection of eltist interests
>and hidden agendas is a very weird street corner to be standing on.
OK, what's our hidden agenda?
>Add in elements of an anti anonymous posting sentiment....a desire for
>everyone to be known regardless of post content.....
Show me where it says you can't post from a completely anonymous address.
>Unacceptable! Vote NO! Post pointers so others can decide if they wish
>to vote.
Post pointers, sure, but try and restrain your arguments to the facts
contained in the RFD, please.
Ron Schwarz - see sig to reply
On 24 Sep 1997 00:56:08 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <343b0a27....@news.cmc.net>,
>Ron Schwarz - see sig to reply <dev...@clubvb.com> wrote:
>
>>If I was a betting man, I'd be trying to figure the odds on them doing
>>an end run on the whole "problem", and going for net.org.cauce. If
>>they do that, they'll surely avoid all dissent.
>
>The vast majority of CAUCE members don't have U2 access. That invalidates
>the whole point of the group.
Plenty of CAUCE members don't have unblocked email addresses. That
invalidates the whole point of the group too.
Ron Schwarz - see sig to reply
On 24 Sep 1997 01:06:12 -0400, m...@server2.mich.com (John C. Mozena)
wrote:
>In article <3432921d...@news.cmc.net>,
>Ron Schwarz - see sig to reply <dev...@clubvb.com> wrote:
>>On 23 Sep 1997 13:17:20 -0400, m...@server2.mich.com (John C. Mozena)
>>wrote:
>>
>>[]
>>
>>>Nowhere do we say that you can't hide your name, age, sex, real ISP, job,
>>>anything you want. All we say is that you can't bounce mail. You don't
>>>need to read it -- you just can't bounce it.
>>
>>So you are by implication banning vacation notices too?
>
>Realistically, we'd probably make an exception for those. They have a real
>utility I can appreciate.
They have a utility, bingo.
So do spamblocked addresses.
>As much as I hate the flood of them I get when I send out a CAUCE News
>issue with my cauce.org address as the reply-to.
>
>>Note for the record that to remove from the equation any charge that I
>>am lazy, stupid, have a suck ISP, or any other diversionary tactic, I
>>have specifically created a bitbucket address.
>
>If, as I assume from the name, it points to /dev/null, then you've created
>a perfect example of a valid comp.org.cauce address.
It is a blackhole. Bits check in, but they don't check out. You can
email me War and Peace, and you'll think I received it, and I'll
remain blissfully oblivious that you ever sent it.
Then, you'll ask what I thought of it. I won't respond to that
either, since I'll never know you sent it. Then, you'll start to get
pissed off that I'm ignoring you, so you'll email me and ask what the
problem is. Again, you'll think I received it, but of course, I'll
have no idea that it was ever sent.
At this point, you start to get really pissed, so you email War and
Peace again. Ten times. And, again, I go blissfully along my way,
oblivious to your mounting rage. I won't have any idea that you're
sitting there, knuckles clenched white, fuming about how I'm such a
goddamn passive-aggressive fuck and how I'm not gonna get to you, and
on and on and on. And then, one day, your paranoia enters the
full-blossom stage, and you hunt me down and kill me. My dying words
are "What the fuck?"
The next day, everyone speculates that I must have been a spammer who
drove you over the edge.
>What we ought to do is convince ISPs to create systemwide addresses like
>that for their users to use in place of spamblocks. Mungers would be
>satisfied, postmasters live in peace, spammers are left with no readers.
And what about the U2ers who explain that the replyable-address rule
is for the specific purpose of making sure people can reach you? One
of them posted here tonight.
You can't argue a pointless point from every position. If it's kept
up, it ends up as a manifestly fruitcake idea, if anything reminiscent
of a kangaroo court. The outcome is certain -- it's only how we
arrive at it that varies.
>>Now, *I* can argue from a position of purity too.
>>
>>As long as Those Who Must Be Obeyed insist that the peasants can
>>either eat cake or shut TF up, I will continue to object.
>
>That continues to be your right and your privilege. I continue to think
>you're wrong.
--
jon ivar skullerud
In article <606nmr$6...@server2.mich.com> m...@server2.mich.com
(John C. Mozena) writes:
> In article <uc7bu1l...@wilson.physics.adelaide.edu.au>,
> jon ivar skullerud <jsku...@physix.adelaide.edu.au> wrote:
> >Of course, if you are going to require replyable addresses, you will
> >have to send some kind of mail to that address to verify this.
> >However, this does not mean you have to acknowledge every single
> >article from this address. Would it not be possible to turn
> >acknowledgement off for a particular address once it has been
> >verified?
> The most important reason for the no-spamblock rule is to cut down on the
> number of bounces to innocent postmasters. Confirmation mail, in addition
> to cutting down on the "it hasn't appeared, I'll send it again"
> double-message syndrome, keps verifying that the address is accepting mail
> and not making some poor postmaster's life harder.
In other words, if a person posts from some address, you verify that
this address is indeed replyable, and this person then requests
"Please don't send me any confirmation mails from now on", you will
refuse to honour this request, because you fear that the address may
be made inoperative some time in the future and you cannot trust that
a future article coming from that address has not been forged?
This appears to me to be completely unreasonable. Surely, if an
address has worked in the past, and someone continues to post from
that address, the assumption must be that this address still works.
Why else would they continue to post from that address? Other than
using it as a spamtrap, but in that case redirecting all mail to
/dev/null seems much more logical than disabling the address, so i
don't quite see why anyone would do that.
> You don't have to use the -XXX hash. It was just explicitly mentioned
> because it's the only form of mutating address the bot will recognize.
I still don't get it. Why do you have to mention it explicitly? What
sets this address apart from any other replyable address? Precisely
how will the bot be treating it differently?
--
______ _________________________________________________
/ | jon ivar skullerud |
| jon | jsku...@physix.adelaide.edu.au |
\______ | Correct the spelling of physix to reply |
\ | |
ivar | | http://www.physix.adelaide.edu.au/~jskuller/ |
_______/ |_________________________________________________|
jon ivar skullerud
In article <606mjm$5...@server2.mich.com> m...@server2.mich.com
(John C. Mozena) writes:
> In article <601h2n$1...@xivic.ruhr.de>,
> Wolfgang Schelongowski <skar...@LOCALHOST.ruhr.de> wrote:
> >That your solution still requires the receiver to pay fo the
> >received spam at e.g. $15 per MB (http://www.ins.net/ins/serispf.htm).
> >Note that ins.net is just 5km north of me, so there will be places where
> >it's more expensive. Of course, local calls are payed by connect time,
> >too, and they'll probably double soon, again, due to deregulation.
> Do you pay for mail when it never even makes it to the spool, when it's
> /dev/nulled, for instance?
> In that case, I suggest you get a Hotmail or other free account and use
> that, instead of a service like the one you have.
> Use it for all your mail and save yourself a bundle.
And how do you suggest he get the mail from Hotmail to where he
happens to be sitting, without having a local service provider or
running up huge phone bills?
--
______ _________________________________________________
/ | jon ivar skullerud |
| jon | jsku...@physics.adelaide.edu.au |
\______ | |
\ | |
ivar | | http://www.physics.adelaide.edu.au/~jskuller/ |
_______/ |_________________________________________________|
jon ivar skullerud
jon ivar skullerud <jsku...@physics.adelaide.edu.au> writes:
In article <606nmr$6...@server2.mich.com> m...@server2.mich.com
> You don't have to use the -XXX hash. It was just explicitly mentioned
> because it's the only form of mutating address the bot will recognize.
I still don't get it. Why do you have to mention it explicitly? What
sets this address apart from any other replyable address? Precisely
how will the bot be treating it differently?
Sorry, my mistake. I was assuming that since you send acks to every
article posted and refuse to honour requests for turning this off, you
won't have a list of 'registered posters' which will be treated
differently to 'new posters'. I missed the bit which said that new
posters have to return a token for their article to be accepted, so
the bot will have to be tuned not to treat each hash as a new
address.
Cipher
In article <60a79i$g...@server2.mich.com> John C. Mozena,
m...@server2.mich.com writes:
>Post pointers, sure, but try and restrain your arguments to the facts
>contained in the RFD, please.
Facts only? Like where you said
> Oh, pardon me. I didn't realize you were a paranoiac.
I stipulated that my thought was speculative. I'm surprised it bothered
you enough to draw an ad hominem response from you.
Fact is your mung scheme has been demonstrated to be bogus on the premise
that it protects innocent postmasters. You've had the facts posted in
front of you several times. You choose to ignore the facts, or to
interpret them favorably to your position. Fine with me.
Have you bothered to count the number of opponents you have in this
thread alone? Will you be surprised by the vote outcome?
Most proponents try to address objections and when faced with
overwhelming disagreement, modify their proposal. Some take a hard line.
Some pass, some don't.
Good luck!
Felix
ric...@primus.paranoia.com (Ricardo Hector Gonzales) wrote:
>David Cathey (dav...@montagar.com) wrote:
>:
>: Let the unwashed masses mung (nicely) their addresses and
>: participate. Don't make rules based upon your talents at the
>: expense of the legions of people we ought to be encouraging to help!
>
>I agree. No group should be elitist or exclude people from discussion
>because they are not techo-nerds.
Could you please keep your posts on topic? These forums are for the
discussion of net-abuse.
WD Baseley
On 23 Sep 1997 22:35:42 GMT, ric...@primus.paranoia.com (Ricardo
Hector Gonzales) wrote:
The subject line of this post has been deliberately altered. There
has been **no** 3rd RFD.
>-Ric G.
>Official FAQ Maintainer - news.admin hierarchy
Not.
-- WD Baseley
The Email Abuse FAQ is at
<http://members.aol.com/emailfaq>
Fight UCE - join CAUCE
<http://www.cauce.org>
WD Baseley
On Tue, 23 Sep 1997 16:57:15 -0500, Dan Sterner <dans...@flash.net>
wrote:
>David Cathey wrote:
>> Let the unwashed masses mung (nicely) their addresses and
>> participate.
Or not. That's what the vote will decide.
>... I think the dual standard
>stinks. As far as the CAUCE newsgroup goes, make it all or nothing,
>don't set up a flawed system that allows a few to do it and shuts the
>rest out.
I agree with this; the compromise, -XXX solution, not being
universally available, is useless. Make it all or nothing.
Shmuel Metz
In <608tj0$k...@server2.mich.com>, on 09/23/97
> Nowhere do we say that you can't hide your name, age, sex, real
> ISP, job, anything you want. All we say is that you can't
> bounce mail. You don't need to read it -- you just can't bounce
> it.
How are you planning to enforce that? You want the user to start
playing with sendmail.cf or the like? Well, if he isn't totally
clueless then he's going to set up his filters to bounce things
from people he doesn't like, or even from people he doesn't
recognize. The load on everybody concerned would have been a lot
lower had he just used a from with an impossible domain name.
-----------------------------------------------------------
Shmuel (Seymour J.) Metz, SysProg and JOAT
Atid/2
Team OS/2
Team PL/I
Any unsolicited commercial junk E-mail will will be subject to
legal action.
I mangled my E-mail address to foil automated spammers; reply to
domain os2bbs dot com user shmuel to contact me. Do not reply to
spam...@library.lspace.org
-----------------------------------------------------------
Shmuel Metz
In <3437e4c3....@news.cmc.net>, on 09/22/97
at 09:37 PM, s...@sig.to.reply (Ron Schwarz) said:
> Believe it or not, that's essentially what the gov't here (the
> US) is trying to do with encryption, and the same arguments are
> made against it.
But we know that the government wouldn't illegally obtain the
keys from the escrow agent, any more than they would wiretap a
telphone without a cour order. </sarcasm>
Shmuel Metz
In <606mo7$6...@server2.mich.com>, on 09/22/97
at 05:08 PM, m...@server2.mich.com (John C. Mozena) said:
> It's not the modbot that causes bounces to innocent
> postmasters. It's spammers and people who don't bother to
> inspect addresses before mailing.
How about using from: /dev/null? Will that still cause a bounce?
Ron Newman
John, it appears to me, looking in from the outside, that your
position against spam-blocked addresses lacks widespread support
and that continuing to insist on it endangers CAUCE's ability to
be an effective voice for the Netizenry. Please drop it.
--
Ron Newman rne...@thecia.net
http://www2.thecia.net/users/rnewman/