On Thu, Oct 14, 2004 at 06:06:19PM -0400, Marco Paganini wrote:
> On Thu, Oct 14, 2004 at 03:25:54PM -0500, Branden Robinson wrote:
[...]
> >Of course there is protection against it.
[my scheme deleted]
> This is a good idea, and implemented to some degree in ASK. The problem is
> that *nothing* is guaranteed to survive a reply. Adding a cookie to the body
> of the email is not 100% foolproof, as there's no guarantee that the reply
> will contain the cookie. Adding a specific header with the cookie will also
> take us nowhere, as headers mostly discarded in replies. One option is the
> Message-ID header, but my experiments showed that a large population of MUAs
> (many versions of MS Out-Of-Luck, for instance) trash the Message-ID and
> don't put it in the "In-Reply-To" field when responding to an email.
I was afraid you'd say something like this. :(
> The only "guaranteed" way to know if an email is a reply to something you
> sent is to use VERPs, but this creates enormous difficulties for users that
> do not have full email control in their servers (users).
Acknowledged.
> In any case, the original problem with the mailing list has nothing to do
> with this, but rather with insanity of one of ASK's users.
>
> ASK has a whitelist, an ignorelist and a blacklist. The blacklist sends back
> a "nastygram" informing the user that we do not want to receive further
> messages from him/her. Unfortunately (and yes, this is my fault), I never
> imagined someone would add a mailing-list to his blacklist (sounds just too
> insane, doesn't it?). Well, it happened, and I'm now dumping the blacklist
> feature entirely to protect the community from people who use it incorrectly.
My original rant was based on two things:
1) You seemed to be unaware of a certain lesson from history[1].
2) Anything that claims to be a "spam killer" is going to attract
apoplectic and irrational people who will stop at nothing to sate their
desire for vigilante justice against spammers. Many of these people are
simply not mature enough to take into account the innocent bystanders
they may inconvenience by using your software to vent their spleens.
In my opinion, it was poor judgement on your part to hand people this
sort of loaded weapon. People *will* be insane. People *will* be
stupid. I realize you've already acknowledged that this was an error on
your part -- I am not trawling for an apology.
I would withdraw my objection if ASK as packaged in Debian will omit
whatever part of the code autoreplies with a nastygram. If dropping the
blacklist entirely will achieve that, then that's fine with me.
I don't want to try to micromanage how your code is written or how its
eventual Debian package maintainer does his or her job -- my position is
simply to exhort people (as strongly as I need to) not to make it easy for
idiots to attack Debian's mailing lists. Things that send automatic
replies to mail messages is, if not designed for abuse, easily perverted to
it -- if one doesn't take fairly elaborate precautions like the one I
described.
Thanks for your patience.
[1] From Jargon File (4.4.4, 14 Aug 2003) [jargon]:
ARMM
n.
[acronym, `Automated Retroactive Minimal Moderation'] A Usenet
{cancelbot} created by Dick Depew of Munroe Falls, Ohio. ARMM was
intended to automatically cancel posts from anonymous-posting sites.
Unfortunately, the robot's recognizer for anonymous postings
triggered on its own automatically-generated control messages!
Transformed by this stroke of programming ineptitude into a monster
of Frankensteinian proportions, it broke loose on the night of March
30, 1993 and proceeded to {spam} news.admin.policy with a recursive
explosion of over 200 messages.
ARMM's bug produced a recursive {cascade} of messages each of which
mechanically added text to the ID and Subject and some other headers
of its parent. This produced a flood of messages in which each header
took up several screens and each message ID and subject line got
longer and longer and longer.
Reactions varied from amusement to outrage. The pathological messages
crashed at least one mail system, and upset people paying line
charges for their Usenet feeds. One poster described the ARMM debacle
as "instant Usenet history" (also establishing the term {despew}),
and it has since been widely cited as a cautionary example of the
havoc the combination of good intentions and incompetence can wreak
on a network. The Usenet thread on the subject is archived here.
Compare {Great Worm}; {sorcerer's apprentice mode}. See also
{software laser}, {network meltdown}.
--
G. Branden Robinson |
Debian GNU/Linux | Ignorantia judicis est calamitas
branden@debian.org | innocentis.
http://people.debian.org/~branden/ |
Attachment:
signature.asc
Description: Digital signature