Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

INN should NOT require an email address. 

5 views
Skip to first unread message

Jeff-Relf.Me

unread,
May 2, 2013, 3:37:50 PM5/2/13
to
INN requires an email address, so I use <@.>.

INN should NOT require an email address because:

1. Were it real, it'd get trashed.

2. Normally, it's not real; i.e. it's the worst kind of SPAM,
exactly were you'd rather not see it. And it's MISLEADING.

Instead, the "From:" line should contain a "homepage" URL.

By the way, "invalid.com" is a funny website, check it out.

Alfred Fox

unread,
May 3, 2013, 7:18:12 PM5/3/13
to
On Thu, 02 May 2013 12:37:50 -0700, Jeff-Relf.Me wrote:

> INN should NOT require an email address because:
> 1. Were it real, it'd get trashed.
> 2. Normally, it's not real

In this day and age, nobody in his right mind would give
out their email address, lest they wish it to be filled
with spam in short order.

Pan also requires an email address, and, nobody in their right
mind would give theirs out for those very same reasons.

I'm guessing the nntp protocol may require the email address?

If so, the nntp client should ask if the user wants to use a
valid one or not and leave it at that (auto generating an invalid
one if necessary).

Jeff-Relf.Me

unread,
May 3, 2013, 9:49:50 PM5/3/13
to
Yes, Alfred⋅Fox, "the nntp protocol" requires an email address;
but only the INN server app is foolish enough to enforce it.

Other NNTP server apps know better, of course.

Compared to Pan, slrn is better at scoring
and Mozilla Thunderbird is better at displaying UTF⋅8/HTML.

Ray Banana

unread,
May 4, 2013, 4:26:32 AM5/4/13
to
On 7186 September 1993, Jeff-Relf Me wrote:

> Compared to Pan, slrn is better at scoring

I use exactly the same scorefile for slrn and Pan. D'oh.

--
Time flies like an arrow, fruit flies like a Banana.
http://www.eternal-september.org

Jeff-Relf.Me

unread,
May 4, 2013, 4:36:05 AM5/4/13
to
In the right hands, slrn handles UTF⋅8/HTML better than Pan.

I thought maybe it was better at scoring bodies/headers too;
but, as you can see, I don't actually know. I've never used Pan.
Message has been deleted

Michael Moroney

unread,
May 4, 2013, 9:51:52 AM5/4/13
to
Alfred Fox <af...@example.com> writes:

>I'm guessing the nntp protocol may require the email address?

The NNTP protocol itself (RFC 3977) doesn't care about the From: line,
however the standard format for Usenet articles and their headers
(RFC 5536/5537, replacing 1036) does, in fact, require it to be an email
address. The NNTP protocol defines how messages are exchanged between
news servers and only cares about a few headers (such as Message-ID: and
Path:), and From: isn't one of them.

The definition of the From: header probably needs to be revisited,with so
many people messing with it in different ways to avoid spam harvesters.

Sir Gregory Hall, Esq�

unread,
May 4, 2013, 10:46:39 AM5/4/13
to
"I Bought DataBasix" <ow...@databasix.com> wrote in
message news:km3212$b21$1...@blackhelicopter.databasix.com...
> On Fri, 03 May 2013 18:49:50 -0700 (Seattle), Jeff-Relf.Me <@.> wrote:
>
>>Yes, Alfred?Fox, "the nntp protocol" requires an email address;
>>but only the INN server app is foolish enough to enforce it.
>>
>>Other NNTP server apps know better, of course.
>
> INN is the one following standards. Fools hate standards, Fool.

Fools hate standards? Is that why DataBasix is run as an abuse
server?



Steve Bonine

unread,
May 4, 2013, 11:16:57 AM5/4/13
to
On 5/4/13 8:51 AM, Michael Moroney wrote:

> The definition of the From: header probably needs to be revisited,with so
> many people messing with it in different ways to avoid spam harvesters.

The contents of From: is either useful or useless depending on whether
the sender is living in fear of spam. The definition of the header will
not change that.

Defining a standard way of obfuscating the email address would make it
possible to decode it in the client and thus generate an email response
to the sender. Spam harvesters could use the same algorithm, so those
who are aghast that anyone would use their real email address would
still live in fear that spammers might snag their address.

Message has been deleted

Mike Easter

unread,
May 6, 2013, 12:43:04 AM5/6/13
to
One could simplify or define the issues.

There should be a From: Yes; how it is populated depends

There should be a Reply-To: Yes; how and if it is populated depends.

Antispam with no interest in correspondence should simply munge the From
with a proper .invalid

The current 'best practices' for those who do not desire spam and eschew
XOVER harvesters but while encouraging email correspondence might be to
munge the From with an invalid and/but populate the Reply-To with
legitimate, since the Reply-To isn't in the XOVER. However there are
harvesting schemes which can also scrape everything including the Reply-To.

Those who eschew both XOVER while also discouraging news to email
transitioning would not populate the Reply-To.


--
Mike Easter

Shmuel Metz

unread,
May 9, 2013, 10:43:43 PM5/9/13
to
In <km33po$pef$1...@pcls6.std.com>, on 05/04/2013
at 01:51 PM, mor...@world.std.spaamtrap.com (Michael Moroney)
said:

>The definition of the From: header probably needs to be
>revisited,with so many people messing with it in different ways to
>avoid spam harvesters.

That's not the fault of the Netnews specifications, it's because they
didn't RTFRFC. From RFC 5537:

Contrary to [RFC5322], which implies that the mailbox or
mailboxes in the From header field should be that of the poster
or posters, a poster who does not, for whatever reason, wish to
use his own mailbox MAY use any mailbox ending in the top-level
domain ".invalid" [RFC2606].

--
Shmuel (Seymour J.) Metz, SysProg and JOAT <http://patriot.net/~shmuel>

Unsolicited bulk E-mail subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spam...@library.lspace.org

Frank Slootweg

unread,
May 10, 2013, 11:35:32 AM5/10/13
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
> In <km33po$pef$1...@pcls6.std.com>, on 05/04/2013
> at 01:51 PM, mor...@world.std.spaamtrap.com (Michael Moroney)
> said:
>
> >The definition of the From: header probably needs to be
> >revisited,with so many people messing with it in different ways to
> >avoid spam harvesters.
>
> That's not the fault of the Netnews specifications, it's because they
> didn't RTFRFC. From RFC 5537:
>
> Contrary to [RFC5322], which implies that the mailbox or
> mailboxes in the From header field should be that of the poster
> or posters, a poster who does not, for whatever reason, wish to
> use his own mailbox MAY use any mailbox ending in the top-level
> domain ".invalid" [RFC2606].

Most people will understand what RFC 5537 *meant* to say, but a
*bogus* [1] "mailbox ending in the top-level domain ".invalid"
[RFC2606]", i.e. like the one in my From header, is *not* a 'mailbox'.
It's a string of characters which - more or less - has the *format* of a
mailbox, but it *is* not a 'mailbox'.

So despite what RFC 5537 says, the confusion, whining, flaming,
<whatever>, will continue.

[1] Using a real mailbox ending in the top-level domain ".invalid" is of
course rather useless/stupid.

Russ Allbery

unread,
May 10, 2013, 11:52:34 AM5/10/13
to
I'm sure that's true, but I doubt it's because of that reason. Only a few
people are going to care about the difference between a mailbox
conceptually and a mailbox as an ABNF production. (For the record, I
believe the latter meaning was intended.)

Netnews is between a rock and a hard place here, with no particularly
appealing solutions. Compatibility with the mail message format is a core
and mandatory feature of netnews, if for no other reason than the number
of combined clients that break if you break that compatibility is
daunting. However, the mail standardization folks are completely
uninterested in allowing invalid (from their perspective) From headers.
The above was a compromise, and even it was quite controversial at the
time.

(That's putting aside the question of whether private replies should be
actively encouraged by the standard, which is another controversial
question. I realize most of the people reading this particular set of
newsgroups probably feels they shouldn't be, based on past threads, but I
can assure you there was a different breakdown of opinion in the working
group.)

At this point, I'm 95% certain that there are no longer sufficient
resources interested in active development of netnews standards to reopen
the base format document and prepare a revision, so whatever the standards
say now is pretty much what they're going to say, for good or for ill.

--
Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.

Shmuel Metz

unread,
May 10, 2013, 12:52:28 PM5/10/13
to
In <av4ie4...@mid.individual.net>, on 05/10/2013
at 03:35 PM, Frank Slootweg <th...@ddress.is.invalid> said:

> Most people will understand what RFC 5537 *meant* to say, but a
>*bogus* [1] "mailbox ending in the top-level domain ".invalid"
>[RFC2606]", i.e. like the one in my From header, is *not* a
>'mailbox'.

It satisfies the syntax for given in RFC 5321:

mailbox = name-addr / addr-spec

Frank Slootweg

unread,
May 10, 2013, 1:41:31 PM5/10/13
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
> In <av4ie4...@mid.individual.net>, on 05/10/2013
> at 03:35 PM, Frank Slootweg <th...@ddress.is.invalid> said:
>
> > Most people will understand what RFC 5537 *meant* to say, but a
> >*bogus* [1] "mailbox ending in the top-level domain ".invalid"
> >[RFC2606]", i.e. like the one in my From header, is *not* a
> >'mailbox'.
>
> It satisfies the syntax for given in RFC 5321:
>
> mailbox = name-addr / addr-spec

Yes, I said/implied that in the part you snipped, but the RFC says
"MAY use any mailbox", not "MAY use the syntax for a mailbox". You can't
'use' something which *isn't* such a something.

Russ said that he believes the ABNF production was meant, so we three
agree, but my point was that what it says will mean different things for
different people.

So the war goes on! :-)

Jeff-Relf.Me

unread,
May 10, 2013, 4:26:59 PM5/10/13
to
Russ⋅Allbery... Plenty of "From:" lines have no email address.

Only INN ( the server app ) requires an email address.
So newsreaders already handle it, no problem.

The "From:" line should contain a name and/or a URL, not an email address.
INN should stop requiring the '@' character.

bi...@mix.com

unread,
May 12, 2013, 1:47:42 PM5/12/13
to
In news.software.nntp Russ Allbery <r...@stanford.edu> wrote:

> At this point, I'm 95% certain that there are no longer sufficient
> resources interested in active development of netnews standards to reopen
> the base format document and prepare a revision, so whatever the standards
> say now is pretty much what they're going to say, for good or for ill.

So it seems.

On the bright side, I'm glad I lived long enough to see propagation
working as well as it now does. Heh.

As for posting with a non-spammable address, the username "nobody"
is valid, but goes directly to /dev/null on many email systems. I
think this is better than many "fake" addresses I've seen, in which
the domain actually does, or someday could, belong to someone.

My email address has remained the same since before junk email existed,
so concealing it now wouldn't do any good.....

Billy Y..
--
sub #'9+1 ,r0 ; convert ascii byte
add #9.+1 ,r0 ; to an integer
bcc 20$ ; not a number

Russ Allbery

unread,
May 12, 2013, 4:03:20 PM5/12/13
to
bi...@MIX.COM writes:

> My email address has remained the same since before junk email existed,
> so concealing it now wouldn't do any good.....

Yeah, likewise. Honestly, I think it's a bit of a tempest in a teapot,
but that's probably just because I never had a private email address and
was forced to put together the infrastructure to filter out ~1000 spam
messages a day, so it's no longer any big deal. (Personally, I trained
bogofilter, which works quite well and takes care of nearly all of it with
very little attention on my part.)

Jeff-Relf.Me

unread,
May 12, 2013, 5:49:21 PM5/12/13
to
Russ Allbery <r...@stanford.edu>, I sent you an email.

In <news:87ppww5...@windlord.stanford.edu>,
you say your email⋅spam filters work well, so I'm testing it.

If "<r...@stanford.edu>" or "<Cr...@Junk.Invalid>" doesn't work,
then it is itself SPAM, right off the bat.

Again:

"<@.>" or "" ( nothing ) OBVIOUSLY doesn't work;
e.g. "From: Jeff-Relf.Me <@.>" or, better yet, "From: Jeff-Relf.Me".

INN ( the server app ) should stop requiring the '@' character.
The "From:" line should contain a name and/or a URL, not an email address.

Plenty of "From:" lines have no email address; newreaders handle it !

Jeff-Relf.Me

unread,
May 12, 2013, 7:36:28 PM5/12/13
to
I thought you ( Russ Allbery ) never saw my posts.

My email wouldn't get past your spam filters, I assumed.
I was wrong. I sent you no prior emails, by the way.

Re: INN should stop requiring the '@' character.

You replied ( via email ): <<

I do understand your point;
it's just not something that personally interests me. >>

I don't run INN myself and Geoff Brozny ( sysop<@>Glorb.COM )
won't modify INN for me; hence the stupid "<@.>" in my "From:" line.

"From: Jeff-Relf.Me <Nob...@Jeff-Relf.Me>" would be too verbose,
too repetitive; it would be SPAM in its own right.

Were I to use, "From: Nob...@Jeff-Relf.Me",
people would call me "Mr. Nobody" and/or filter me out.
"From: Jeff-Relf.Me" would be MUCH better, INN should allow it.
Message has been deleted

Russ Allbery

unread,
May 12, 2013, 10:21:13 PM5/12/13
to
Jeff-Relf.Me <@.> writes:

> I thought you ( Russ Allbery ) never saw my posts.

No, I actually do read all of them (at least that are posted to
news.software.nntp). I just generally don't have a lot to say -- I'm
still somewhat interested in NNTP and in INN, and I would like to find
time to work on it more, but most of the things that bother you aren't
things that light my personal fire. So even if I had the time, which I
don't have much of right at the moment, I'd probably not be working on
this.

So much virtual ink has been spilled over the role of email addresses in
netnews over the years that I'm basically burned out on the whole topic.
So I just leave people to say their peace and do what they want to do. :)

Unless I'm misremembering, INN has worked the way that it does in this
regard for a very, very long time.

Jeff-Relf.Me

unread,
May 13, 2013, 12:39:28 AM5/13/13
to
How old are you ( Russ Allbery ) ?

Most here ( on Usenet ) are at least 50 years old;
but the photos I've seen of you show a young man.

I was born in Seattle, start of 1960, by the way;
and I'm still here, in Seattle. I program Windows boxen.

I write simulations/games for the ABA✼
( a.k.a. "The Bankers", "Stonier", "Graduate School of Banking" ).
[ ✼ ABA.COM: http://www.aba.com/Pages/default.aspx ]

<< Jeff Relf was the programmer for the project and
contributed to the design of administrative processes. >>
−− BankExec™ 2009 Decision Manual, Copyright © 2011 (PDF)✼
[ ✼: http://bankexec.swgsb.org/manual/BXD_Decision_Manual.pdf ]

Russ Allbery

unread,
May 13, 2013, 12:52:12 AM5/13/13
to
Jeff-Relf.Me <@.> writes:

> How old are you ( Russ Allbery ) ?

> Most here ( on Usenet ) are at least 50 years old;
> but the photos I've seen of you show a young man.

Getting close to 40. :) I started on Usenet as a college student *just*
before the Great September and have just sort of hung around ever since.

> I was born in Seattle, start of 1960, by the way;
> and I'm still here, in Seattle. I program Windows boxen.

I love Seattle. It's a great city.

> I write simulations/games for the ABA✼
> ( a.k.a. "The Bankers", "Stonier", "Graduate School of Banking" ).
> [ ✼ ABA.COM: http://www.aba.com/Pages/default.aspx ]

> << Jeff Relf was the programmer for the project and
> contributed to the design of administrative processes. >>
> −− BankExec™ 2009 Decision Manual, Copyright © 2011 (PDF)✼
> [ ✼: http://bankexec.swgsb.org/manual/BXD_Decision_Manual.pdf ]

Somehow, I wouldn't have figured you for someone who worked in the banking
industry, but I probably should have known better, given the wide variety
of people I know who work in various Wall Street firms. (I mostly do
authentication infrastructure work these days. This seems to be something
of a trend for Usenet developers.)

Jeff-Relf.Me

unread,
May 13, 2013, 1:31:19 AM5/13/13
to
Russ Allbery...

Usenet could use some of your "authentication infrastructure", I suspect.
Something like LinkedIn or Facebook, perhaps.

Obviously, Usenet is more about ENTERTAINMENT than anything else;
so it doesn't matter, I suppose, except as an option for those who want it.

amitie

unread,
May 12, 2013, 11:12:42 PM5/12/13
to
On Mon, 13 May 2013 02:03:13 +0000 (UTC), Lewis
<g.k...@gmail.com.dontsendmecopies> wrote:

>In message <kmokjt$6np$1...@reader1.panix.com>
> bi...@MIX.COM <bi...@MIX.COM> wrote:
>> In news.software.nntp Russ Allbery <r...@stanford.edu> wrote:
>
>>> At this point, I'm 95% certain that there are no longer sufficient
>>> resources interested in active development of netnews standards to reopen
>>> the base format document and prepare a revision, so whatever the standards
>>> say now is pretty much what they're going to say, for good or for ill.
>
>> So it seems.
>
>> On the bright side, I'm glad I lived long enough to see propagation
>> working as well as it now does. Heh.
>
>You don't miss the good ol days when USENET was still often propagated
>over UUCP, usually at night, and a post could take four or five days to
>appear everywhere? Those were some grand old days!

---
Free reading Usenet Access news://nntp.homeip.net
Web Access to usenet http://mccarragher.com/cgi-bin/dnewsweb.exe
UUCP files ftp://mccarragher.com

Steve Crook

unread,
May 13, 2013, 6:54:02 AM5/13/13
to
On Sun, 12 May 2013 16:36:28 -0700 (Seattle), Jeff-Relf.Me wrote in
Message-Id: <Jeff-R...@May.12{16.36.Seattle.2013}>:

> Re: INN should stop requiring the '@' character.
It requires the '@' character because more complex email validation is
expensive. I use a Perl hook to validate the address format and the
TLD (or .invalid) but that's a local customization.

> I don't run INN myself
This is probably the first change to make if you want a customized
service.

--
What shall we use
To fill the empty spaces
Where we used to talk?

Russ Allbery

unread,
May 13, 2013, 10:58:01 AM5/13/13
to
Jeff-Relf.Me <@.> writes:

> Russ Allbery...

> Usenet could use some of your "authentication infrastructure", I suspect.
> Something like LinkedIn or Facebook, perhaps.

Yes, indeed. Distributed authentication is very hard, though. One of the
things that both netnews and email discovered is that if you don't design
the protocol for authentication in the first place, it's extremely
difficult to retrofit it in. It's also much easier to do all sorts of
authentication tricks if you centralize the service, since then part of
the system can see a global view of what's going on. Usenet doesn't offer
that.

There are interesting distributed authentication models (the PGP web of
trust and Monkeysphere built on top of it, the X.509 CA infrastructure,
and a few others), and even some ways in which you can integrate them into
Usenet (PGPMoose, which I still kind of want to write up in an
informational RFC for the record, or signcontrol, likewise, or the various
MIME standards for signed messages). But it's very difficult to change
the existing software base.

And even if you solve the distributed authentication problem, you run into
the distributed authorization problem, which is even harder.

It's a lot easier to handle this sort of thing in a workplace, where you
can make use of existing hierarchy and centralization.

bi...@mix.com

unread,
May 13, 2013, 1:20:12 PM5/13/13
to
In news.software.nntp Lewis <g.k...@gmail.com.dontsendmecopies> wrote,
quoting me:

> > On the bright side, I'm glad I lived long enough to see propagation
> > working as well as it now does. Heh.
>
> You don't miss the good ol days when USENET was still often propagated
> over UUCP, usually at night, and a post could take four or five days to
> appear everywhere? Those were some grand old days!

I still have my trusty Telebit modem - and it probably still works -
but I must say it's quite impressive to post an article now and see it
appear all over the world in just four or five seconds. Speaking of
grand.

Shmuel Metz

unread,
May 20, 2013, 3:10:21 AM5/20/13
to
In <av4pqb...@mid.individual.net>, on 05/10/2013
at 05:41 PM, Frank Slootweg <th...@ddress.is.invalid> said:

>Yes, I said/implied that in the part you snipped, but the RFC says
>"MAY use any mailbox", not "MAY use the syntax for a mailbox". You
>can't 'use' something which *isn't* such a something.

"550 mailbox not found"

Shmuel Metz

unread,
May 20, 2013, 3:02:36 AM5/20/13
to
In <auoqmc...@mid.individual.net>, on 05/05/2013
at 09:43 PM, Mike Easter <Mi...@ster.invalid> said:

>There should be a Reply-To: Yes; how and if it is populated depends.

Why? I know of no historical or operational reason to require a
Reply-To header field/

Shmuel Metz

unread,
May 20, 2013, 2:58:58 AM5/20/13
to
In <aukn3a...@mid.individual.net>, on 05/04/2013
at 10:16 AM, Steve Bonine <s...@pobox.com> said:

>Defining a standard way of obfuscating the email address would make
>it possible to decode it in the client and thus generate an email
>response to the sender. Spam harvesters could use the same
>algorithm, so those who are aghast that anyone would use their real
>email address would still live in fear that spammers might snag
>their address.

WTF? Who asked for "a standard way of obfuscating the email address"?
There is a standard way to indicate that you don't want your e-mail
address in the From header field, defined in RFC 5537.

Now, there may be naïve posters who append ".invalid" to their actual
address, but I didn't see such a suggestion in this thread.

Frank Slootweg

unread,
May 20, 2013, 2:10:06 PM5/20/13
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
> In <av4pqb...@mid.individual.net>, on 05/10/2013
> at 05:41 PM, Frank Slootweg <th...@ddress.is.invalid> said:
>
> >Yes, I said/implied that in the part you snipped, but the RFC says
> >"MAY use any mailbox", not "MAY use the syntax for a mailbox". You
> >can't 'use' something which *isn't* such a something.
>
> "550 mailbox not found"

Nope. This not reading (not comprehending?) and then snipping relevant
material/context is getting really tiresome. But it's not that that bad
habit hasn't been pointed out to you many, many times, is it? Yet you
continue (not) doing it. Your loss.

Shmuel Metz

unread,
May 21, 2013, 4:14:12 PM5/21/13
to
In <avv77u...@mid.individual.net>, on 05/20/2013
at 06:10 PM, Frank Slootweg <th...@ddress.is.invalid> said:

>This not reading (not comprehending?) and then snipping relevant
>material/context is getting really tiresome.

Then cut back on the LSD.

Frank Slootweg

unread,
May 22, 2013, 2:23:28 PM5/22/13
to
Shmuel (Seymour J.) Metz <spam...@library.lspace.org.invalid> wrote:
> In <avv77u...@mid.individual.net>, on 05/20/2013
> at 06:10 PM, Frank Slootweg <th...@ddress.is.invalid> said:
>
> >This not reading (not comprehending?) and then snipping relevant
> >material/context is getting really tiresome.
>
> Then cut back on the LSD.

Yet another dishonest and pathetic (double) post-edit, how 'cute'!

John F. Morse

unread,
May 22, 2013, 6:30:39 PM5/22/13
to
Looks like you need to be plonked in yet another group where your idiotic
trolling has risen.

<plonk>

--
John

When a person has -- whether they knew it or not -- already
rejected the Truth, by what means do they discern a lie?

Shmuel Metz

unread,
May 24, 2013, 9:46:49 AM5/24/13
to
In <b04gov...@mid.individual.net>, on 05/22/2013
at 06:23 PM, Frank Slootweg <th...@ddress.is.invalid> said:

>Yet another dishonest and pathetic (double) post-edit, how 'cute'!

Yes, Message-ID: <b04gov...@mid.individual.net> is pathetic, but
you posted it anyway.
0 new messages