Double Irony! (was Re: [linux-elitists] ruben's stupid filter)
Sun Mar 24 13:41:30 PST 2002
On Sun, Mar 24, 2002 at 07:17:01AM -0800, Marc MERLIN wrote:
> On Wed, Mar 13, 2002 at 07:57:07PM -0800, Dan Wilder wrote:
> > If only somebody could somehow get the clue-by-four to the head
> > of Seattle consultant Julian Haight * and his spamcop.net effort **
> > including its regrettable presence on sourceforge ***. Or better
> > yet, his users. Sad to say, the clueless responses you describe
> > below, to your own writings on related matters, seem to carry
> > the day.
> Ahah, spamcop. The system isn't all that bad, but enough of its users are
> I've had to deal with them countless times, and they already have marked
> sourceforge.net as a domain that should never get reports anymore, because
> we were getting just too many errors.
> The part that annoys me the most is that their "spamvertised sites"
> checkboxes are enabled by default, which means that any moron that send a
> spam with a URL pointing to sourceforge.net, or slashdot, or whatever, ends
> up as a report in my mailbox.
> I've complained loudly to the spamcop folks about this, and at least they
> are listening and have made some changes to severely limit the amount of bad
> reports I get, but those spamvertised website boxes are still checked by
> default unfortunately.
> > Complaints may also go to all of your listed contacts and the
> > listed contacts of your upstream provider. At least they have
> > for us, for example in response to the mention of our "spamvertised
> > website www.linuxjournal.com" in the (obviously abusive) traffic of
> > one California LUG.
> Yep, yep, my point exactly. Please Email Julian and tell him that it's not
> acceptable that you have to set www.linuxjournal.com as an innocent
> bystander, even once.
> Enough people have to tell him that.
We don't facilitate Julian's little game:
dan@chinacat:/hdhome/dan$ telnet mail.ssc.com 25
Connected to mail.ssc.com.
Escape character is '^]'.
220 mail.ssc.com ESMTP Postfix
mail from: <email@example.com>
rcpt to: <firstname.lastname@example.org>
550 <email@example.com>: Sender address rejected: Domain blocked due
to excessive false or frivolous reports
> If you respond to spamcop complaints, also make sure to reply to the spam
> and Cc firstname.lastname@example.org, if you should never have gotten the report in
> the first place, tell them why, and ask them to fix their shit so that it
> doesn't happen in the future, on this domain or one of the other ones you
If you're well-known and carry some clout, Julian et al will treat
you with kid gloves. That's well established. What about those who are
less well known? The backroom fifth-degree bare-knuckle interrogation?
> If you are not willing to carefully inspect the reports you send, you
> shouldn't send any.
Further, I'd say if you aren't willing to sign your reports, you
shouldn't send any.
I've sent my share of spam reports, and I'm here to say that I've
not once received any response that would have made me wish I'd sent
the report anonymously. Most often there's been no response at all;
but, when there is a response, it is usually a favorable or at least
neutral one. Except for a few flames ... sticks and stones, etc etc.
> All that said, because sourceforge.net has been spammed a lot lately, and we
> (admins) are getting a lot of flak from our users, even though we're not the
> people who sent the spam (it was simply relayed through a mailing list or
> your users.sf.net alias), I'm really considering putting spamassassin in the
> MTA, and bouncing at SMTP time messages with scores of 8 or more.
> I think the bounce will contain instructions on how to add a special header
> to resubmit the message if it really wasn't spam. Not perfect, but it's true
> that it's a balance and a game of numbers.
At least an SMTP-time bounce isn't an autocomplaint to all and sundry.
I'm playing with automating the idea of SMTP blacklisting mail from those
who refuse bounces from our mailer-daemon. Have been doing something
like this by hand for a while, and it is amazing how much spam it seems
to turn back. Combined with refusing (with 450) mail-from that passes
neither MX nor A record lookup, we've cut down spam at SSC by quite a lot.
It isn't perfect. For one thing, most such bounced mail comes about
due to address forgery on the part of spammers, meaning that innocent
third parties become bounce targets, and are then blacklisted by
the sort of thing I'm thinking about because they refuse such bounces.
This catches, for example, hotmail, which refuses bounces, but which also
acts as mail host for a bunch of our paying clients. People we can't
afford to annoy. Any such scheme would have to do some careful
qualification based on queries against history, and there would have
to be a whitelist for known offenders who can't be refused.
Possibly multiple refused bounces from spambait addreses listed
on our website as such.
Unfortunately the RFCs appear to prohibit validating the actual
sending host against DNS and then declining mail based on that
validation. That'd catch a large part of the spam that comes in.
Aside from RFC considerations, this is not feasible on pragmatic
grounds: way too many legitimate hosts with broken DNS.
Dan Wilder <email@example.com> Technical Manager & Editor
SSC, Inc. P.O. Box 55549 Phone: 206-782-8808
Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
More information about the linux-elitists