[linux-elitists] linux-elitist and tmda

Karsten M. Self kmself@ix.netcom.com
Mon Sep 22 17:53:11 PDT 2003

on Mon, Sep 22, 2003 at 03:36:26PM -0400, George Georgalis (georgw@galis.org) wrote:
> Hi Folks,
> First off, apologies for the tmda confirm requests some of you have
> received.

Ah, you've entered into the wonderful world of spamming.  Without the
usual incentive of revenue generation.  How altruistic of you.

As a confirmed spam source, you have been /dev/null filtered in my
procmail recipies.  If you recant, please have someone inform me so I
can remove your address.  If I feel like doing so.

> I installed tmda this weekend and all seems okay, accept some
> linux-elitist posts.


I received, let's see... 3,263 spam and virus mails over the past three
days.  4,077 by the end of composing this post.  Assuming your
experience was similar, and you challenged each of these messages,
that's several thousand spams you sent to innocent third parties.

Now of course the Swen virus is somewhat better behaved than the SoBig.F
worm of August, which pulled addresses from the local victim's system to
spoof.   Instead, Swen generates a sending address from fragments most
of which map to Microsoft or an undeliverable domain.  Since Microsoft's
own security failings laid the foundations of this worm, I'd count them
as fair shooting, and if Verisign wants to dedicate its resources to
managing this traffic, well, that's clearly its own choice, which it's
made of its own free will, and against the considered and largely
unanimous advice of the Net community at large.

I really feel for the poor folks at ms.com.  No, that's not Microsoft.
It's Morgan Stanley Deen Whitter & Co., the investment brokerage

The way I figure it, about 5% of Swen viral mails finger ms.com as the
sender.  Which means that of the hundreds of millions of Swen mails
being sent, millions or tens of millions point back to Morgan Stanley.
I'm pretty sure that the folks in the networking division there have a
few choice words for all the MTAs sending misdirected bounce or
nondelivery messages, virus scanner autoresponders, vacation messages,
and, yes, challenge-response systems.

George:  unless you can clearly demonstrate otherwise, you've been an
active, willing, and deliberate participant in a Joe job on ms.com.

What do I have against TMDA and C-R?

  - It's spam.  The basic premise of sending a challenge is "I don't
    know if you're who you say you are".  So you're mailing an address
    you've admitted you can't verify.  Spam in the name of spam
    reduction is still spam -- I've got the spam solution spam to prove

  - TMDA and C-R advocates lie.  A stated assumption on TMDA's hompage
    is that content-based filters are not sufficiently effective:

        2. Content-based filters can't distinguish SPAM from legitimate
           mail with sufficient accuracy.
    Jason R. Mastaler, TMDA's developer, when asked to provide the
    basis of this statement replied "My personal experience":


    Which he refuses to quantify:

        "I'd prefer not to".
    At the same time, *my* personal experience, and third party
    independent tests of various content-based and Bayesian filtering
    systems, shows 80-99.9% efficacy, with very low false positive


  - TMDA and C-R advocates sidestep, handwave, and dismiss legitimate
    criticisms of the system.  Users who can't handle a Joe-job flood ov
    thousands of C-R requests are "mentally ill":

        Bernard Johnson <bjohnson@symetrix.com>

    ...or a "moron"

        Chris Berry <compjma@hotmail.com>

    And spam-reporting services which record misdirected challenges as
    spam are "trigger-happy":
        Jason R. Mastaler <jason@mastaler.com>

    Sending 4,000 challenges to spoofed, and likely legitimate addresses
    warrants "praise":

        Sven Neuhaus <sn@heise.de>

    Generating 187,707 messages to unverified, unauthenticated, and
    likely innocent recipients is the mark of "a great piece of

        Mike Usmar <m.usmar@actrix.co.nz>

  - It's not my problem.  If you've got a mail that says it's from me,
    you'd better damned well do a thorough job of assessing:

     - It's not spam.
     - It's not somebody's virus.
     - It's not mail impersonating me.
     - I haven't already provided a cryptographically strong assurance
       that it is me.  I GPG sign my mail.  You'd better damned well use
       that fact.
     - It's my problem.  Which I publicly state it is not:


> Can anyone give me a clue



Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    A: Because it messes up the order in which people normally read text.
    Q: Why is top-posting such a bad thing?
    A: Top-posting.
    Q: What is the most annoying thing on usenet and in e-mail?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030923/e3c7aa72/attachment.pgp 

More information about the linux-elitists mailing list