[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: calling Philip Hands <phil@hands.com> [the long version]

On Thu, Jun 03, 1999 at 12:57:27PM +1000, Craig Sanders wrote:
> On Wed, Jun 02, 1999 at 08:52:55PM -0400, Branden Robinson wrote:
> > Do you assert that I am a spammer?  Yes or no?  Answer the question.
> No.  to my knowledge you are not a spammer.

If you should ever find that I have become one (they'll have to compromise
my PGP key to be believable, as I sign all of my outgoing mails except some
that aren't read by humans), let me know.

In the meantime, do me the courtesy of not CC'ing me on list mail.  I
gather you believe I am stupid, but I do know how to read the debian-devel
mailing list.  Thanks.

> > It is not beside the point in any way, shape or form.  If anti-spam
> > tools affect non-spammers, then they are by definition insufficient
> > specific in their application.
> yes.  shit happens.  nothing is perfect.  that's life, deal with it.

It is *your* prerogative to make that assessment *for yourself*.

You acknowledge that the tools are, by definition, insufficiently
specific in their application.  That's fine for you.  We all decide what
bugs we can live with and what we can't.  You do not want to extend that
privilege to those who disagree with you on this issue.  You are asserting
that if people find misbehavior or misapplication of the RBL, DUL, ORBS,
etc. lists unacceptable, well, that's just their tough shit and they should
deal with it.

I am sure you would not appreciate this attitude from me if and when you
file a bug against one of my packages.  Even then, however, you at least
would have the option of building your own version of the software with the
behavior changed to suit you, if you are willing to invest the effort.

But non-spammers who get blacklisted by anti-spam rules have no such
recourse.  They are told to "live with it."  

> blocking almost all spam for the minor price of requiring end-users to
> use the smtp relay services provided by their ISP is a big win.

Ah, you acknowledge that the end-users are REQUIRED to use the SMTP relay
services provided by their ISP to get reliable electronic mail service.
Below, you say it is an option.

Well, I can exercise my option to go without food or water, but that is not
conducive to the goal of sustained life.

> "innocent bystanders" (to use your zero-content emotionally manipulative
> label) are not prevented from sending mail by the DUL RBL.

"Zero-content emotionally manipulative label"; please explain to me how I
am a guilty party to the transmission of spam messages.

I cannot find an RFC that tells me I have to use a mail relay of any kind
to ensure the reliable transmission of my messages.

> they can get
> their message through by using the smtp relay provided by their ISP.  if
> they choose not to use it, then that's their problem.
> > > ANYONE.
> >
> > That's perfectly true.  Unfortunately, with tools like the DUL, you
> > are effectively asserting something else:
> >
> you are entitled to hold whatever absurd opinions you like, even if they
> have no relationship to reality.

If my ISP purposely refuses delivery to my mailbox of mail that is
addressed to me, how does that fail to be act of interference in my
personal correspondence?  My remarks here are referring to the intended
*recipients* of DUL-rejected messages, not the senders.  I'm sorry if that
wasn't clear from context.

> > I didn't sign up to have my non-spam mail thrown away because it might
> > have been spam.
> tough. other people choose not to receive mail from dialup IPs because
> of the likelihood that it might be spam. if you want to communicate with
> these people, then you know what you have to do.

I see no reason why I should go out of my way to communicate with people
who have solicited my response but who (or whose ISP) bounces my mail back
at me.

It's time to put some responsibility BACK onto the shoulders of those who
administrate the mail servers.  "Spam prevention" is not a blank check you
can use to justify any policy that trashes legitimate mail and interferes
with perfectly valid correspondence between willing participants in full
harmony with the acceptable use policies of all carriers in between.

Well, you can try to use it, as Gordon Fecyk, the ORBS guys, and others
have illustrated, but the very ferocity of their defense raises suspicions
of smokescreening.

Nobody ever said being a system administrator was easy.  Spammers are
indeed a menace, but the minute we start punishing and inconveniencing
legitimate users in the name of spam prevention, we have compromised our
principles.  I'm sure you (and many others) disagree.  I just wonder how
Byzantine ordinary mail transactions are going to get, and how tight we're
going to make the straightjacket, before common sense is restored.

> > Was my message spam or not?  Are all SMTP connections originating from
> > dynamically allocated IP's a priori spam?
> mail from dialup IPs is *probably* spam. the amount of non-spam mail
> coming direct from dialup IPs is statistically insignificant.

Please cite some statistics for me.  Of course, any studies are likely to
be skewed towards spam because many legitimate users have been already
harangued, harassed and/or coerced into using mail relays.  But I'd be
interested in seeing some hard numbers even with that source of error

> any end-user adversely affected by this can trivially avoid any problems
> - all they have to do is use their ISP's mail relay.

I'm not interested in permitting my ISP to queue up and send my mail.  My
machine is perfectly capable of doing that.  Historically there has been no
reason to involve a mail relay from SMTP-speaking hosts for *outgoing*
mail.  You expect legitimate mail users to do this to work around some
administrators' attempts to work around a spam problem.  How convoluted do
things have to get?

Gordon Fecyk says, if you don't like relaying mail through your ISP's relay
because of privacy concerns, just use PGP.

Perhaps he is unfamiliar with public-key cryptography.  To ensure the
privacy of a message, it must be encrypted.  To encrypt a message, one must
have the key.  How am I supposed to PGP-encrypt mail to someone who doesn't
have a PGP key?  But I digress...

By regarding legitimate mail messages --- sent by whatever means are valid
according to the RFC's and other Internet standards --- as unimportant
enough to let them be rejected because they *MIGHT* be spam is a practice
that affords spam higher priority than routine traffic.  This is
ass-backwards.  From most users' point of view, it is better that spam
messages get through than legitimate mail be discarded without them ever
having the chance to read it.  In commercial ISP's, at least, it is the job
of system administrators to serve the needs of the users.

Your refrain, and the refrain of the DUL and ORBS people is, "well, just
stop sending legitimate mail under the following circumstances..."  This is
as much as admitting defeat at the hands of the spammers.  Documents at
www.orbs.org and elsewhere are rife with pessimism.  The spammers will just
move on to exploit and attack thus-and-such anyway, they note.

Rather than beating a constant retreat and placing ever more burdens on
non-spamming mail users, why not invest some of that energy in attacking
spam directly?  Even RFC 2505 acknowledges that the existing efforts are
but a finger in the dike.

But no, let's just force legit users to jump through ever more hoops, while
we come up with more and longer blacklists.  Denial of service is becoming
a policy, not a tactic used by crackers.  And we've especially got to shut
up the damnable few who wonder if there might be some other way.  Rabble

> i see your point. it's irrelevant. it also makes it patently obvious
> that you have never had to administer a mail server for thousands of
> users which was under constant bombardment by spamming vermin.

I see.  The fact that anti-spam policies result in denials of service to
legitimate users is irrelevant.  It's starting to sound like computer
networks are set up for the benefit of the people who administrate them,
not the people who use them.

> Using a DUL does not censor you, it does not prevent you from
> communicating with anyone.

It is also true that if the Panama Canal is closed to boats like mine that
have the color black anywhere in their flags, because pirate ships often
fly black flags with a skull and crossbones on them, then I must sail
around Cape Horn (or drive a submarine under the Arctic ice cap) to get
from the Atlantic to the Pacific.  So I haven't really been prevented from
getting to the Pacific...

I see your point.  It's irrelevant.

Unfortunately, changing my IP address when I use my ISP is a little more
difficult than raising a different flag.

Are you even willing to acknowledge that dialup IP customers are so much as
*inconvenienced* by DUL's?  I would hope so, since the whole point of DUL's
is to inconvenience spammers.

> > > their ISP's mail relay. blocking direct mail from dialup IP addresses
> > > is a GOOD THING, with insignificant side-effects. it blocks spam very
> > 
> > Insignificant to you.  Not insignificant to Dale Scheetz or me.  Dale may
> > choose to work around the problem, and not feel slighted by overbroad rules
> > that trash legitimate mail.  I do, and justifiably.  I've sent mail that
> > was thrown away for being spam...when it wasn't.
> dale can obviously learn from experience.

I've learned things as well.  I've learned that a great many people out
there, who really should know better, are willing to take a hatchet to the
whole spirit of the Internet, and such negligible niceties as reliable mail
transport, in the name of combating a large, but relatively unsophisticated

You'd think we had brains on our side.  But apparently the received wisdom
is that vindictiveness to system abusers is a higher priority than quality
of service to system users.

> > DUL has also proven itself effective at throwing away non-spam mails.
> >
> > Well, damnit, that would be a problem if all the non-spammers would
> > just move out the ghetto, wouldn't it?
> as i said, it has nothing to do with "ghettos". if you want to send
> email to people using a DUL RBL then send it through your ISP's mail
> server. there is no ghetto discrimination involved here.

Then let me explain my analogy.

Consider the IPv4 address space.  Kinda funny how they're called
"addresses", but anyway.  The DUL works, as I'm sure you're aware, by
marking blocks of IP addresses as dynamically-allocated IP pools.  These
blocks are regarded as "bad" because they generate a lot of spam.  In other
words, a lot of bad folks seem to come from these addresses.

I really don't need to belabor the point further, do I?  The "ghetto"
analogy is not farfetched at all.  We're just talking about IP addresses in
"cyberspace" (a term I despise) rather than street addresses in, say, New
York City.

> > Use of a mail relay should be an OPTION, not a necessity.
> it *is* optional.
> it is also optional for a mail server to accept mail from dialup IP
> addresses.
> sometimes these two options may conflict: shit happens, deal with it.

If I didn't take my responsibilities as a package maintainer seriously, I'd
be temped to reply similarly to your next bug report against one of my
packages.  I could even do so more acceptably than you can, since you can
always package XFree86, for instance, for yourself, because it is free
software.  Bandwidth is not free.

> your mail is unacceptable to some sites because you choose to deliver
> it directly from a dialup IP address, rather than via your ISP's mail
> server.

That's *inherently* unacceptable?  Why was this practice ever permitted in
the first place?

My mail is considered unacceptable because it's regarded as spam by the
DUL.  However, the mail I send is not spam.  You do not perceive a
disparity here?

> if you want to send mail to those who have made this choice then you
> know what to do. either do it or not, but quit whining - you have no
> right to tell anyone else that they must accept mail from you or from
> anyone else.

I'm not doing so, and it is irresponsible of you to accuse me of that.

I am railing against poor, half-baked, ad-hoc "solutions" to the problem of
spam mail.  I am opposed to the implementation of this practice without the
knowledge or consent of the people who are affected by it.  Not so much the
people who can't SEND mail because of it (they at least know their
transmission failed), but because of the people who can't RECEIVE mail
because of it.

In addition to the people who can't receive any mail at all (and thus may
conclude the existence of a problem) because spammers choked up their ISP, 
bad solutions like the DUL and ORBS have created a class of people who
can't receive *certain* mails, which may or may not be unwanted, and *may
never know about it*.  That's a mighty fine solution you've got there.

You tell me to use my ISP's mail relay, not because I'm sending spam, but
because of the DUL.  It is our tools that should serve us, not we who
should serve our tools.

> in other words, accept the consequences of your own action or inaction.

I'm perfectly willing to do that.  I don't correspond with people who
refuse my mails (or do by proxy via their ISP).

But administrators in service of other people's mailboxes who use tools
like ORBS or the DUL need to accept the consequences of their actions as
well.  I don't know if the impact on legitimate mail, and the people who
count on receiving it, is ignored due to hysterical blindness, deliberate
neglect of the user base, or some other factor.

After all, a more painstaking solution that blocks spam while permitting
non-spam mail to be delivered unimpeded, regardless of its origin address,
might consume precious moments that could be spent playing Quake 3 in the
machine room (this might be construed as unfair to system admins, until you
consider the fact the admin who neglects the needs of his users to receive
legitimate electronic mail is the likely the same kind who's going to waste
time at work playing games).

But as long as the people who write these tools continue to ignore that
issue, I'm going to continue to regard it as important.

Resposible mail administrators will:
  1) Inform their users of any anti-spam policy that may impact non-spam
  2) Actually study the impact of their anti-spam policies on both spam and
     non-spam mails;
  3) Work towards the improvement and/or replacement of the existing crude
     anti-spam tools;
  4) Communicate to their fellow administrators the importance of the above

The MAPS and ORBS sites do not seem to invest very much space at all on the
above points.  A very great deal of space is instead spent on justifying
the status quo over and over again.  You may be content with it; I'm not.
Aside from telling me to shut up and conform to the contortions imposed on
the Internet by reactionary tools and policies, you seem to have very
little to say on the subject.

G. Branden Robinson              |   The errors of great men are venerable
Debian GNU/Linux                 |   because they are more fruitful than the
branden@ecn.purdue.edu           |   truths of little men.
cartoon.ecn.purdue.edu/~branden/ |   -- Friedrich Nietzsche

Attachment: pgpTBMFa2MeCe.pgp
Description: PGP signature

Reply to: