Double Irony! (was Re: [linux-elitists] ruben's stupid filter)

Dan Wilder dan@ssc.com
Sun Mar 24 13:41:30 PST 2002


On Sun, Mar 24, 2002 at 07:17:01AM -0800, Marc MERLIN wrote:

> On Wed, Mar 13, 2002 at 07:57:07PM -0800, Dan Wilder wrote:
> > If only somebody could somehow get the clue-by-four to the head
> > of Seattle consultant Julian Haight * and his spamcop.net effort **
> > including its regrettable presence on sourceforge ***.  Or better
> > yet, his users.  Sad to say, the clueless responses you describe
> > below, to your own writings on related matters, seem to carry
> > the day.
>  
> Ahah, spamcop. The  system isn't all that  bad, but enough of  its users are
> definitely.
> I've had  to deal with  them countless times,  and they already  have marked
> sourceforge.net as a  domain that should never get  reports anymore, because
> we were getting just too many errors.
> 
> The  part  that annoys  me  the  most  is  that their  "spamvertised  sites"
> checkboxes are  enabled by default, which  means that any moron  that send a
> spam with a URL pointing to  sourceforge.net, or slashdot, or whatever, ends
> up as a report in my mailbox.
> 
> I've complained  loudly to the spamcop  folks about this, and  at least they
> are listening and have made some changes to severely limit the amount of bad
> reports I  get, but those  spamvertised website  boxes are still  checked by
> default unfortunately.
>  
> > Complaints may also go to all of your listed contacts and the
> > listed contacts of your upstream provider.  At least they have
> > for us, for example in response to the mention of our "spamvertised 
> > website www.linuxjournal.com" in the (obviously abusive) traffic of
> > one California LUG.
>  
> Yep, yep, my  point exactly. Please Email Julian and tell  him that it's not
> acceptable  that  you  have  to  set  www.linuxjournal.com  as  an  innocent
> bystander, even once.
> Enough people have to tell him that.

We don't facilitate Julian's little game: 

dan@chinacat:/hdhome/dan$ telnet mail.ssc.com 25
Trying 216.39.159.17...
Connected to mail.ssc.com.
Escape character is '^]'.
220 mail.ssc.com ESMTP Postfix
helo spamcop.net
250 mail.ssc.com
mail from: <anybody@spamcop.net>
250 Ok
rcpt to: <dan@ssc.com>
550 <anybody@spamcop.net>: Sender address rejected: Domain blocked due
to excessive false or frivolous reports

> If you respond  to spamcop complaints, also  make sure to reply  to the spam
> and Cc  appeals@spamcop.net, if you should  never have gotten the  report in
> the first place,  tell them why, and ask  them to fix their shit  so that it
> doesn't happen in  the future, on this  domain or one of the  other ones you
> own.

If you're well-known and carry some clout, Julian et al will treat 
you with kid gloves.  That's well established.  What about those who are 
less well known?  The backroom fifth-degree bare-knuckle interrogation?

> If  you are  not willing  to  carefully inspect  the reports  you send,  you
> shouldn't send any.

Amen!!!!

Further, I'd say if you aren't willing to sign your reports, you
shouldn't send any.

I've sent my share of spam reports, and I'm here to say that I've
not once received any response that would have made me wish I'd sent
the report anonymously.  Most often there's been no response at all;
but, when there is a response, it is usually a favorable or at least
neutral one.  Except for a few flames ... sticks and stones, etc etc.

> All that said, because sourceforge.net has been spammed a lot lately, and we
> (admins) are getting a lot of flak from our users, even though we're not the
> people who sent  the spam (it was  simply relayed through a  mailing list or
> your users.sf.net alias), I'm really considering putting spamassassin in the
> MTA, and bouncing at SMTP time messages with scores of 8 or more.
> I think the bounce will contain instructions  on how to add a special header
> to resubmit the message if it really wasn't spam. Not perfect, but it's true
> that it's a balance and a game of numbers.

At least an SMTP-time bounce isn't an autocomplaint to all and sundry.

I'm playing with automating the idea of SMTP blacklisting mail from those 
who refuse bounces from our mailer-daemon.  Have been doing something
like this by hand for a while, and it is amazing how much spam it seems
to turn back.  Combined with refusing (with 450) mail-from that passes 
neither MX nor A record lookup, we've cut down spam at SSC by quite a lot.

It isn't perfect.  For one thing, most such bounced mail comes about
due to address forgery on the part of spammers, meaning that innocent
third parties become bounce targets, and are then blacklisted by
the sort of thing I'm thinking about because they refuse such bounces.

This catches, for example, hotmail, which refuses bounces, but which also 
acts as mail host for a bunch of our paying clients.  People we can't
afford to annoy.  Any such scheme would have to do some careful
qualification based on queries against history, and there would have
to be a whitelist for known offenders who can't be refused.
Possibly multiple refused bounces from spambait addreses listed
on our website as such.

Unfortunately the RFCs appear to prohibit validating the actual
sending host against DNS and then declining mail based on that
validation.  That'd catch a large part of the spam that comes in.   
Aside from RFC considerations, this is not feasible on pragmatic 
grounds: way too many legitimate hosts with broken DNS.

-- 
-----------------------------------------------------------------
 Dan Wilder <dan@ssc.com>   Technical Manager & Editor
 SSC, Inc. P.O. Box 55549   Phone:  206-782-8808
 Seattle, WA  98155-0549    URL http://www.linuxjournal.com/
-----------------------------------------------------------------



More information about the linux-elitists mailing list