Double Irony! (was Re: [linux-elitists] ruben's stupid filter)
Sun Mar 24 07:17:01 PST 2002
On Sun, Mar 10, 2002 at 11:51:30AM -0600, Mr. Bad wrote:
> KMS> SA tagged the message as spam and my procmail autoreporting
> KMS> rules (set to trigger at a threshold of 10, not SA's default
> KMS> "5 and you're spam" threshold) sent the mail to his
> KMS> employer's NOC.
> So, I got to say, I really, really, really hate this auto-reporting
> white-list challenging crap. It's goddamned rude to your absolutely
> legitimate correspondents.
Yep, I definitely agree with you here.
Challenging, I *could* maybe deal with depending on the situation (who I'm
Emailing and so forth).
Auto-reporting or semi-auto reporting, I'm getting really tired of.
For that matter, Karsten and I have had this dicussion twice already, even
though he usually knows what he's doing he's already twice reported spam to
me (through svlug and sourceforge) because the machines were in the received
headers (mailing list)
Karsten has some clue, so that tells you about people who don't have one,
and still try to use auto-reporting tools.
I'm getting very tired of auto reporting because it accuses _me_ and I have
to spend my time to say/prove that I'm innocent. Fuck that!
On Wed, Mar 13, 2002 at 07:57:07PM -0800, Dan Wilder wrote:
> If only somebody could somehow get the clue-by-four to the head
> of Seattle consultant Julian Haight * and his spamcop.net effort **
> including its regrettable presence on sourceforge ***. Or better
> yet, his users. Sad to say, the clueless responses you describe
> below, to your own writings on related matters, seem to carry
> the day.
Ahah, spamcop. The system isn't all that bad, but enough of its users are
I've had to deal with them countless times, and they already have marked
sourceforge.net as a domain that should never get reports anymore, because
we were getting just too many errors.
The part that annoys me the most is that their "spamvertised sites"
checkboxes are enabled by default, which means that any moron that send a
spam with a URL pointing to sourceforge.net, or slashdot, or whatever, ends
up as a report in my mailbox.
I've complained loudly to the spamcop folks about this, and at least they
are listening and have made some changes to severely limit the amount of bad
reports I get, but those spamvertised website boxes are still checked by
> Complaints may also go to all of your listed contacts and the
> listed contacts of your upstream provider. At least they have
> for us, for example in response to the mention of our "spamvertised
> website www.linuxjournal.com" in the (obviously abusive) traffic of
> one California LUG.
Yep, yep, my point exactly. Please Email Julian and tell him that it's not
acceptable that you have to set www.linuxjournal.com as an innocent
bystander, even once.
Enough people have to tell him that.
If you respond to spamcop complaints, also make sure to reply to the spam
and Cc firstname.lastname@example.org, if you should never have gotten the report in
the first place, tell them why, and ask them to fix their shit so that it
doesn't happen in the future, on this domain or one of the other ones you
On Sun, Mar 17, 2002 at 03:08:15AM -0800, Karsten M. Self wrote:
> There are different objectives for antispam measures.
> - For most people, it's probably to minimize the amount of spam that
> sneaks into their inbox (or other filtered mailboxes). This is one
> of my objectives.
I'd like to believe that.
Not sure how true it is anymore. People who still read their abuse mail are
largely people who hardly ever spam, if at all.
> The problems have largely concerned not identifying spam, but
> identifying related/associated systems. "Ricochet" is a good tool, but
> does require some tuning. Spamassassin simply rocks. Its false
> negative rate is low, its false positve rate lower. Using a higher
> threshold for automated reporting means I largely don't have to deal
> with the issue of dealing with falsely reported spam, just getting the
> reports to the right place.
That's the problem. You should review your reports carefully before sending
them, especially for every new domain you add to your report list.
In 2 of your 5 examples, it ended up in my mailbox, and I wasn't happy,
because there are two many of you already.
If you are not willing to carefully inspect the reports you send, you
shouldn't send any.
> I'm impresssed that most mainstream ISPs seem to have pretty decent
> automated spam mitigation in place. I'm not saying they're solving the
> problem, but I tend to see a pattern of responses:
> - Automated "we recieved your message and are investigating, don't
> expect any further response" messages from majors (Yahoo, MSN,
> UUNET, etc.).
Can be translated as:
"We receive lots of reports, 3/4th aren't for us and were sent to us anyway
damnit! so we don't bother answering anymore. We may quickly eyeball your
report, and should it actually be correct, we may have a look, but we can't
spend our time answering all these useless reports anymore"
> - Variations on "undeliverable/failed mail", often from Asian ISPs,
> though far too common elsewhere, for abuse@ and postmaster@
> addresses. These get manually forwarded to
My exim callbacks on sourceforge.net simply refuse mail from any domain that
isn't willing to accept mail back for postmaster@ (I can't tell if the mail
would actually get accepted, but at least I took care of basic bounces)
> - Occasionally, mail suggesting that spam from a domain is my problem,
> not theirs, and unless I jump through various hoops (modifications,
> additions, or removals of header formatting, attachment formats, GPG
> signatures, etc.), my mail won't be addressed. I respond that if
Ah, so people have to go through your challenges, but you won't go through
theirs. I see.
On Sun, Mar 10, 2002 at 03:49:37PM -0800, Dan Wilder wrote:
> On the other hand, autoreporting can (and does) get out of hand.
> Autoreporting is much more likely to affect stable organizations,
> where it troubles honest postmasters with false positives,
Yes, thank you.
> I have in the past blacklisted sites which originate excessive
> false or frivolous autoreports. I will do so in the future.
> Such nuisance mail is itself little better than spam.
All that said, because sourceforge.net has been spammed a lot lately, and we
(admins) are getting a lot of flak from our users, even though we're not the
people who sent the spam (it was simply relayed through a mailing list or
your users.sf.net alias), I'm really considering putting spamassassin in the
MTA, and bouncing at SMTP time messages with scores of 8 or more.
I think the bounce will contain instructions on how to add a special header
to resubmit the message if it really wasn't spam. Not perfect, but it's true
that it's a balance and a game of numbers.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger email@example.com for PGP key
More information about the linux-elitists