On Thu, Jun 03, 1999 at 12:57:27PM +1000, Craig Sanders wrote: > On Wed, Jun 02, 1999 at 08:52:55PM -0400, Branden Robinson wrote: > > Do you assert that I am a spammer? Yes or no? Answer the question. > > No. to my knowledge you are not a spammer. If you should ever find that I have become one (they'll have to compromise my PGP key to be believable, as I sign all of my outgoing mails except some that aren't read by humans), let me know. In the meantime, do me the courtesy of not CC'ing me on list mail. I gather you believe I am stupid, but I do know how to read the debian-devel mailing list. Thanks. > > It is not beside the point in any way, shape or form. If anti-spam > > tools affect non-spammers, then they are by definition insufficient > > specific in their application. > > yes. shit happens. nothing is perfect. that's life, deal with it. It is *your* prerogative to make that assessment *for yourself*. You acknowledge that the tools are, by definition, insufficiently specific in their application. That's fine for you. We all decide what bugs we can live with and what we can't. You do not want to extend that privilege to those who disagree with you on this issue. You are asserting that if people find misbehavior or misapplication of the RBL, DUL, ORBS, etc. lists unacceptable, well, that's just their tough shit and they should deal with it. I am sure you would not appreciate this attitude from me if and when you file a bug against one of my packages. Even then, however, you at least would have the option of building your own version of the software with the behavior changed to suit you, if you are willing to invest the effort. But non-spammers who get blacklisted by anti-spam rules have no such recourse. They are told to "live with it." > blocking almost all spam for the minor price of requiring end-users to > use the smtp relay services provided by their ISP is a big win. Ah, you acknowledge that the end-users are REQUIRED to use the SMTP relay services provided by their ISP to get reliable electronic mail service. Below, you say it is an option. Well, I can exercise my option to go without food or water, but that is not conducive to the goal of sustained life. > "innocent bystanders" (to use your zero-content emotionally manipulative > label) are not prevented from sending mail by the DUL RBL. "Zero-content emotionally manipulative label"; please explain to me how I am a guilty party to the transmission of spam messages. I cannot find an RFC that tells me I have to use a mail relay of any kind to ensure the reliable transmission of my messages. > they can get > their message through by using the smtp relay provided by their ISP. if > they choose not to use it, then that's their problem. > > > > NOBODY IS EVER UNDER ANY OBLIGATION TO RECEIVE MAIL FROM ANYWHERE OR > > > ANYONE. > > > > That's perfectly true. Unfortunately, with tools like the DUL, you > > are effectively asserting something else: > > > > YOUR ISP HAS THE RIGHT TO INTERFERE IN YOUR PERSONAL CORRESPONDENCE IN > > ANY WAY IT SEES FIT. > > you are entitled to hold whatever absurd opinions you like, even if they > have no relationship to reality. If my ISP purposely refuses delivery to my mailbox of mail that is addressed to me, how does that fail to be act of interference in my personal correspondence? My remarks here are referring to the intended *recipients* of DUL-rejected messages, not the senders. I'm sorry if that wasn't clear from context. > > I didn't sign up to have my non-spam mail thrown away because it might > > have been spam. > > tough. other people choose not to receive mail from dialup IPs because > of the likelihood that it might be spam. if you want to communicate with > these people, then you know what you have to do. I see no reason why I should go out of my way to communicate with people who have solicited my response but who (or whose ISP) bounces my mail back at me. It's time to put some responsibility BACK onto the shoulders of those who administrate the mail servers. "Spam prevention" is not a blank check you can use to justify any policy that trashes legitimate mail and interferes with perfectly valid correspondence between willing participants in full harmony with the acceptable use policies of all carriers in between. Well, you can try to use it, as Gordon Fecyk, the ORBS guys, and others have illustrated, but the very ferocity of their defense raises suspicions of smokescreening. Nobody ever said being a system administrator was easy. Spammers are indeed a menace, but the minute we start punishing and inconveniencing legitimate users in the name of spam prevention, we have compromised our principles. I'm sure you (and many others) disagree. I just wonder how Byzantine ordinary mail transactions are going to get, and how tight we're going to make the straightjacket, before common sense is restored. > > Was my message spam or not? Are all SMTP connections originating from > > dynamically allocated IP's a priori spam? > > mail from dialup IPs is *probably* spam. the amount of non-spam mail > coming direct from dialup IPs is statistically insignificant. Please cite some statistics for me. Of course, any studies are likely to be skewed towards spam because many legitimate users have been already harangued, harassed and/or coerced into using mail relays. But I'd be interested in seeing some hard numbers even with that source of error uncorrected. > any end-user adversely affected by this can trivially avoid any problems > - all they have to do is use their ISP's mail relay. I'm not interested in permitting my ISP to queue up and send my mail. My machine is perfectly capable of doing that. Historically there has been no reason to involve a mail relay from SMTP-speaking hosts for *outgoing* mail. You expect legitimate mail users to do this to work around some administrators' attempts to work around a spam problem. How convoluted do things have to get? Gordon Fecyk says, if you don't like relaying mail through your ISP's relay because of privacy concerns, just use PGP. Perhaps he is unfamiliar with public-key cryptography. To ensure the privacy of a message, it must be encrypted. To encrypt a message, one must have the key. How am I supposed to PGP-encrypt mail to someone who doesn't have a PGP key? But I digress... By regarding legitimate mail messages --- sent by whatever means are valid according to the RFC's and other Internet standards --- as unimportant enough to let them be rejected because they *MIGHT* be spam is a practice that affords spam higher priority than routine traffic. This is ass-backwards. From most users' point of view, it is better that spam messages get through than legitimate mail be discarded without them ever having the chance to read it. In commercial ISP's, at least, it is the job of system administrators to serve the needs of the users. Your refrain, and the refrain of the DUL and ORBS people is, "well, just stop sending legitimate mail under the following circumstances..." This is as much as admitting defeat at the hands of the spammers. Documents at www.orbs.org and elsewhere are rife with pessimism. The spammers will just move on to exploit and attack thus-and-such anyway, they note. Rather than beating a constant retreat and placing ever more burdens on non-spamming mail users, why not invest some of that energy in attacking spam directly? Even RFC 2505 acknowledges that the existing efforts are but a finger in the dike. But no, let's just force legit users to jump through ever more hoops, while we come up with more and longer blacklists. Denial of service is becoming a policy, not a tactic used by crackers. And we've especially got to shut up the damnable few who wonder if there might be some other way. Rabble rousers. > i see your point. it's irrelevant. it also makes it patently obvious > that you have never had to administer a mail server for thousands of > users which was under constant bombardment by spamming vermin. I see. The fact that anti-spam policies result in denials of service to legitimate users is irrelevant. It's starting to sound like computer networks are set up for the benefit of the people who administrate them, not the people who use them. > Using a DUL does not censor you, it does not prevent you from > communicating with anyone. It is also true that if the Panama Canal is closed to boats like mine that have the color black anywhere in their flags, because pirate ships often fly black flags with a skull and crossbones on them, then I must sail around Cape Horn (or drive a submarine under the Arctic ice cap) to get from the Atlantic to the Pacific. So I haven't really been prevented from getting to the Pacific... I see your point. It's irrelevant. Unfortunately, changing my IP address when I use my ISP is a little more difficult than raising a different flag. Are you even willing to acknowledge that dialup IP customers are so much as *inconvenienced* by DUL's? I would hope so, since the whole point of DUL's is to inconvenience spammers. > > > their ISP's mail relay. blocking direct mail from dialup IP addresses > > > is a GOOD THING, with insignificant side-effects. it blocks spam very > > > > Insignificant to you. Not insignificant to Dale Scheetz or me. Dale may > > choose to work around the problem, and not feel slighted by overbroad rules > > that trash legitimate mail. I do, and justifiably. I've sent mail that > > was thrown away for being spam...when it wasn't. > > dale can obviously learn from experience. I've learned things as well. I've learned that a great many people out there, who really should know better, are willing to take a hatchet to the whole spirit of the Internet, and such negligible niceties as reliable mail transport, in the name of combating a large, but relatively unsophisticated threat. You'd think we had brains on our side. But apparently the received wisdom is that vindictiveness to system abusers is a higher priority than quality of service to system users. > > DUL has also proven itself effective at throwing away non-spam mails. > > > > Well, damnit, that would be a problem if all the non-spammers would > > just move out the ghetto, wouldn't it? > > as i said, it has nothing to do with "ghettos". if you want to send > email to people using a DUL RBL then send it through your ISP's mail > server. there is no ghetto discrimination involved here. Then let me explain my analogy. Consider the IPv4 address space. Kinda funny how they're called "addresses", but anyway. The DUL works, as I'm sure you're aware, by marking blocks of IP addresses as dynamically-allocated IP pools. These blocks are regarded as "bad" because they generate a lot of spam. In other words, a lot of bad folks seem to come from these addresses. I really don't need to belabor the point further, do I? The "ghetto" analogy is not farfetched at all. We're just talking about IP addresses in "cyberspace" (a term I despise) rather than street addresses in, say, New York City. > > Use of a mail relay should be an OPTION, not a necessity. > > it *is* optional. > > it is also optional for a mail server to accept mail from dialup IP > addresses. > > sometimes these two options may conflict: shit happens, deal with it. If I didn't take my responsibilities as a package maintainer seriously, I'd be temped to reply similarly to your next bug report against one of my packages. I could even do so more acceptably than you can, since you can always package XFree86, for instance, for yourself, because it is free software. Bandwidth is not free. > your mail is unacceptable to some sites because you choose to deliver > it directly from a dialup IP address, rather than via your ISP's mail > server. That's *inherently* unacceptable? Why was this practice ever permitted in the first place? My mail is considered unacceptable because it's regarded as spam by the DUL. However, the mail I send is not spam. You do not perceive a disparity here? > if you want to send mail to those who have made this choice then you > know what to do. either do it or not, but quit whining - you have no > right to tell anyone else that they must accept mail from you or from > anyone else. I'm not doing so, and it is irresponsible of you to accuse me of that. I am railing against poor, half-baked, ad-hoc "solutions" to the problem of spam mail. I am opposed to the implementation of this practice without the knowledge or consent of the people who are affected by it. Not so much the people who can't SEND mail because of it (they at least know their transmission failed), but because of the people who can't RECEIVE mail because of it. In addition to the people who can't receive any mail at all (and thus may conclude the existence of a problem) because spammers choked up their ISP, bad solutions like the DUL and ORBS have created a class of people who can't receive *certain* mails, which may or may not be unwanted, and *may never know about it*. That's a mighty fine solution you've got there. You tell me to use my ISP's mail relay, not because I'm sending spam, but because of the DUL. It is our tools that should serve us, not we who should serve our tools. > in other words, accept the consequences of your own action or inaction. I'm perfectly willing to do that. I don't correspond with people who refuse my mails (or do by proxy via their ISP). But administrators in service of other people's mailboxes who use tools like ORBS or the DUL need to accept the consequences of their actions as well. I don't know if the impact on legitimate mail, and the people who count on receiving it, is ignored due to hysterical blindness, deliberate neglect of the user base, or some other factor. After all, a more painstaking solution that blocks spam while permitting non-spam mail to be delivered unimpeded, regardless of its origin address, might consume precious moments that could be spent playing Quake 3 in the machine room (this might be construed as unfair to system admins, until you consider the fact the admin who neglects the needs of his users to receive legitimate electronic mail is the likely the same kind who's going to waste time at work playing games). But as long as the people who write these tools continue to ignore that issue, I'm going to continue to regard it as important. Resposible mail administrators will: 1) Inform their users of any anti-spam policy that may impact non-spam mail; 2) Actually study the impact of their anti-spam policies on both spam and non-spam mails; 3) Work towards the improvement and/or replacement of the existing crude anti-spam tools; 4) Communicate to their fellow administrators the importance of the above points. The MAPS and ORBS sites do not seem to invest very much space at all on the above points. A very great deal of space is instead spent on justifying the status quo over and over again. You may be content with it; I'm not. Aside from telling me to shut up and conform to the contortions imposed on the Internet by reactionary tools and policies, you seem to have very little to say on the subject. -- G. Branden Robinson | The errors of great men are venerable Debian GNU/Linux | because they are more fruitful than the branden@ecn.purdue.edu | truths of little men. cartoon.ecn.purdue.edu/~branden/ | -- Friedrich Nietzsche
Attachment:
pgpj4X3xQH_gQ.pgp
Description: PGP signature