Re: recent spam to this list

To: debian-devel@lists.debian.org
Subject: Re: recent spam to this list
From: Andreas Metzler <ametzler@downhill.at.eu.org>
Date: Sun, 12 Oct 2003 16:07:17 +0200
Message-id: <[🔎] E1A8gsP-0006YZ-VJ@mid.downhill.at.eu.org>
Mail-followup-to: <debian-devel@lists.debian.org>
References: <200310081257.53344.russell@coker.com.au> <[🔎] 20031010120406.GD2526@balrog.logic.univie.ac.at> <[🔎] bmbcj9$num$2@news.cistron.nl> <[🔎] E1A8eeO-00051f-27@mid.downhill.at.eu.org> <[🔎] bmbjj7$959$1@news.cistron.nl>

Miquel van Smoorenburg <miquels@cistron.nl> wrote:
[...]
>> And it does not help in the first szenario at all
>> (unless you think it to be ok that user a receives the bounces for
>> user b).

Just for a reminder: Two people using different domains with a changing
smarthost on one computer.

> If you read RFC822 and see the distinction between Sender:
> and From: that isn't really as strange as it would seem.

It does not seem strange at all to me that envelope from gets the
bounce.

> Sure, it isn't as flexible as the current "solution" (impersonate
> whoever you want) but that is going to be true of *any*
> better solution, alas.

Probably.

> And I don't think you can get all users
> to sign their e-mail with PGP or use SMTP AUTH exclusively
> overnight. You need something that will work in most cases,
> without end-user changes, on the current Internet.

Agreed, the alternative suggestions who think that forcing anybody to
use authenticated SMTP together with certificate-checked SSL between
SMT-server's totally ignore the complexity of setting up and enforcing
a global "web of trust".

> You need something that will work in most cases,
> without end-user changes, on the current Internet.

I am just not very confident that SPF and similar stuff will work as
well as proposed. I think after a short time spammers will just get
the needed bit smarter, and all we get for going through the pain of
implementing SPF is making abuse work easier.

> This is something that if it breaks, it will most likely be
> for the users who know how to fix it.
[...]

I do not know how to fix the szenario listed above. I can only think
of these possibilties, neither of which is a good enough to be
considered a fix.

* Rewrite envelope from two one user and ignore the privacy concerns
  - me getting somebody else's bounce message.

* Throw away flexibility. Select an internet acces provider who
  offers e-mail addrsses, everybody on the computer has to switch to
  a mailbox by this provider.

* Buy a domain and "root server" (i.e. computer with a fixed IP) and
  host the domain and my own smarthost there. Every local user has to
  use an e-mail on my domain.

* Route by sender, it is manual work, and would not work for me, as
  the smarthosts connected to e-mail addresses don't do SMTP AUTH.

                cu andreas

Reply to:

References:
- Re: recent spam to this list
  - From: Andreas Metzler <ametzler@logic.univie.ac.at>
- Re: recent spam to this list
  - From: "Miquel van Smoorenburg" <miquels@cistron.nl>
- Re: recent spam to this list
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: recent spam to this list
  - From: "Miquel van Smoorenburg" <miquels@cistron.nl>

Prev by Date: Re: Bug#215205: language-chooser: Language order shouldn't be alphabetical
Next by Date: Re: Help needed: builds eating all memory
Previous by thread: Re: recent spam to this list
Next by thread: Re: recent spam to this list
Index(es):
- Date
- Thread