|
Grex > Coop7 > #101: Proposal to limit mail to prevent abuse. | |
|
| Author |
Message |
srw
|
|
Proposal to limit mail to prevent abuse.
| 
Sep 20 06:19 UTC 1995 |
A conversation was started among staffers in email, which should
get a public airing here, so I am creating an item to discuss it in
The question is whether we can do anything to prevent users who are
bent on creating mischief from abusing the privilege of free
email that we grant here on Grex, by sending unwanted mail,
either in the form of mailbombs, or sending spam to a mail->news gateway.
There are several propsals that were suggested. the first was by Jan.
followed by Marcus, me(srw) and STeve. I did not save each of these proposals,
and so I fear to explain what others are proposing, as I might
misremember. My proposal was pretty similar to Jan's, I think.
My proposal was that we take the validation policy we are about to adopt
to control access to usenet (when we get it), and extend its influence
as follows: There will be a list of sites to which we will not send mail
unless it comes from a validated user. I expect to put mail->news gateways
on that list for starters. Validation would not be required for
any other purpose than to access usenet, or be able to send mail to a site
on this list. It would be totally optional. All members would be validated.
Please note that I am not proposing a new tier of membership. It has already
been required that we establish the concept of validated user. I am
only proposing that mail be sensitive to it.
|
| 104 responses total. |
steve
|
|
response 1 of 104:
|
Sep 20 13:03 UTC 1995 |
Having a list of places that we won't send mail to unless we know
who the originator is doesn't solve the nastiest problem, which is
mailbombing. It doesn't address the problem of people sending mail
to mail-news gatways, either, because we don't know even 10% of them.
The fact is, we can't control outgoing mail on Grex, without
resorting to a completely verified-before-using approach. There
are simply too many ways around whatever we might try and come up with.
Remember, we'd have to be constantly scaning the net for new
gateways, and remailer systems. We couldn't prevent "bad" mail
from reaching Newt Gingrich for instance, because we can't know what
that seemingly innocent address is in actuality a remailer system.
Grex handles in excess of 2 million pieces of mail each year
now, and that figure is still rising. We'd had *very few* incidents
so far, and I don't expect the number of problems to magically
rise. Most people on Grex (like 99.5%+) are completely reasonable
and I'd sure not like to come up with a system of restricting things
just because of a few rotten people.
|
chelsea
|
|
response 2 of 104:
|
Sep 20 13:42 UTC 1995 |
Thanks you STeve.
|
chelsea
|
|
response 3 of 104:
|
Sep 20 13:43 UTC 1995 |
Er, *thank* you, STeve. ;-)
|
rcurl
|
|
response 4 of 104:
|
Sep 20 16:45 UTC 1995 |
(now why would STeve be worrying about "bad" mail going to Newty?. :).
|
steve
|
|
response 5 of 104:
|
Sep 20 21:31 UTC 1995 |
Because the USSS is currently investigating at least two death
threats against him, one of which originated in cyberspace, and
they are making an ernest effort to catch the culpret.
What I *would* like to see, would be a way to shunt the mail
that a particular individual uses to wind up in a file or something
as opposed to the intended internet site. That would be useful,
probably six times a year.
I really Really *REALLY* want Grex to avoid punitive rules just
because one or two twits have tried messing things up. That reeks of
school rules.
|
rcurl
|
|
response 6 of 104:
|
Sep 20 21:35 UTC 1995 |
We're talking about rules that will almost *never* be applied, *except* when
a twit messes things up. That's like not having rules, but getting the
benefit of them.
|
steve
|
|
response 7 of 104:
|
Sep 21 04:01 UTC 1995 |
Hmmm. At 1M, we'll have people crashing into that limit probably
once a day, or certainly once every couple of days. I'd rather see
Grex keep as much of it's free and open status as it possibly can,
hence the larger quotas.
|
srw
|
|
response 8 of 104:
|
Sep 21 04:29 UTC 1995 |
Jan posted that he believes we need a tool to control abuse of outgoing
mail. I happen to agree with him. I don't want any punitive rules.
Where did you get "punitive rules" out of what I suggested?
We don't have to know all of the sites to implement this.
We can start with none and add the ones that cause trouble. Just not
knowing all the sites is no reason at all not to implement such a control.
My mailbox occasionally fills with complaints from users who have been
mailbombed or spammed from grex. Why ignore this when you could easily
control it? And you could do so without inconveniencing anyone.
Marcus has not responded here, so I will post what I remember he suggested.
He suggested that when mail to a specific site causes trouble we should
deny access to that site for all users. If I got that wrong, I'm sorry, but I'm
trying to resurrect the discussion we had in mail here.
*That* is what I would call a "punitive rule".
I don't like that suggestion, but it acknowledges we have a problem
which STeve is denying is serious.
|
steve
|
|
response 9 of 104:
|
Sep 21 11:18 UTC 1995 |
Steve, I see the potential rule as "punitive" (maybe there is a
better word, really) when we do something to restrict things because
of the actions of a few (hence my reference to schools which are the
classic place for this).
Now, sometimes, we have to do this. The kernel blocks are an
example of that.
But stopping mail to certain sites, just becuase of a few incidents
of abuse seems overkill to me, and a bad overkill at that.
We simply haven't had many abuses of mail sent from Grex to
elsewhere. Oh, there have been some, like that user from the UK
(kiki) that caused complaints. But even then, there are free
speech issues involved here, and just because someone is a pain,
doesn't mean that they have should be squelched.
And, limiting mail like this doesn't present what is much more
of a problem, namely using Grex as a "mail drop". *That* is far
more serious, in terms of Grex's reputation, and the potential
legal consequences for us.
This doesn't address that problem, and if we are really concerned
about mail abuses, I say lets start there.
But going back to the idea of stopping mail to certain sites--
It's a disaster in the making. Let's say we find a remailer at
user@foo.com which is used for "bad" things. OK, we block it.
Someone then creates another account on another site that
forwards to the user@foo.com remailer. How do we detect that?
THis is tilting at windmills. We can't do it.
|
srw
|
|
response 10 of 104:
|
Sep 21 13:20 UTC 1995 |
I don't accept that, STeve.
I don't see a rule as "punitive" unless it punishes. A rule such as I
have proposed would be a very light touch. Anyone who was already
authorized to use usenet would not even notice the rule. Others could
either go to the trouble of getting authorized, or be locked out of
sending mail but only to sites that have received problem mail from a Grex
user.
What I have proposed is a tool to control the perceived nastiness of Grex
on the internet. Grex can easily get perceived as exceedingly nasty
as the result of a single user running amok.
I can imagine that this is an avenue that someone who really wanted to hurt
us could use. They could send mail to numerous influential local,
government and net mailing lists. I won't even speculate what they could put
in that mail.
Of course this can (and does) happen at every site on the internet.
The receivers of this disgusting mail would not blame Grex for it,
being intelligent people. They would merely ask us to inform our user
that such activity is unacceptable and cannot continue.
This is where we find ourselves in hot water. The user is totally anonymous,
having (let's say) just created the account over a dialup. He/she never
uses the account again, but continues each week, at random intervals,
to call up and run newuser, then send the same mail to the same group
of mailing lists.
I am hesitant to be more specific, but I could write a cookbook explanation
for how to get Grex disconnected from the internet. Maybe we should go back
to staff mail to discuss this issue. To save our internet connection
and our reputation among others in the area and on the net, we would be forced
to block mail in an emergency fashion. We would probably block all mail to
several local sites and certain net and government organizations.
If you want the list of sites I am thinking of, I will send you mail.
So far the attacks have been designed to hurt others on the net, not us.
I hope it stays that way, but I can't see why we should assume it will.
What I have proposed would not stop the initial mailbomb, but would put us
in a position to stop all future ones to the offended site, and do it in
a way that punishes neither our users nor ourselves.
I can't see why you would refer to this as a "disaster in the making".
It is a "disaster avoidance technique". If the would-be spammer has another
site that can redirect the mail, we just turn off that site. We also get a
lead as to who he is, by contacting that site and following up.
We also get to share the problem with another site. My guess is that the
other site can shut this down quickly, but we can't.
You argue that this has been a very small percentage of our mail.
I agree, but that argument doesn't seem to mean much. How big a percentage
is necessary for it to be a problem?
You argue that this hasn't happened very often. Well, it has happened some,
but so far the offender has always come in over the net. This has allowed
us to throttle down the abuse by investigating the source. One day, it could
come from a local user, who wants to cause us real trouble.
My idea of readiness is not to just hope it doesn't happen.
My proposal adds no new tier of user, but is a straightforward extension
of our Usenet validation. I think it merits more consideration.
|
popcorn
|
|
response 11 of 104:
|
Sep 21 14:34 UTC 1995 |
I'm uncomfortable with this proposal, but haven't fully managed to think
through *why* it makes me uncomfortable. Best guess right now is that
it reminds me of censorship, and it also sounds like a bureaucratic hassle
to implement and to explain to people. But I need to do some more
thinking about this....
|
janc
|
|
response 12 of 104:
|
Sep 21 17:39 UTC 1995 |
As I recall the original discussion, STeve raised the issue, Marcus proposed
that all mail from Grex to bothered sites be blocked. I thought that was
over-kill and suggested only mail from unvalidated users to those sites be
blocked.
I see this as a plausible compromise between being a wide open system and
being a good citizen of the net. It is the general rule on the net that
systems are responsible for policing the behavior of their users on the
net. If a Grex user starts causing a lot of problems on other systems, the
operators of those systems will come talking to us.
If our answer is just "Sorry, we are an open system, we can't control our
users" then they will go talk to our ISP instead, endangering our net
connection. If we say "Gee, we'll talk it over with the user" then that is
fine, but only if it works. It doesn't always. We need a way to once and
for all assure another site, that the problem will be fixed. Having a
fall back with teeth in it will also make talking to the user much easier.
I expect that we won't often have to use it.
The point about the user putting a forward file on system B and mailing
through that is valid, but not our problem. The user could just as well
log into system B and send mail directly. It's system B's problem to
police that. Our job is not to make sure the user never bothers anyone
again (though if we can accomplish that by talking to him, that's great
net citizenship too), but to ensure that Grex doesn't become a general
source of disruption on the net.
I also don't think we need to know all the addresses that should be blocked.
We shouldn't block anything in anticipation of a problem. Only when problems
occur and other solutions fail should this be done.
Maybe this is not a problem yet, but it will become a problem, and we need
to think about how we can most smoothly interface Grex society to the
Internet society.
|
steve
|
|
response 13 of 104:
|
Sep 21 18:12 UTC 1995 |
OK: I'm confused.
Are we talking about being able to block certain addresses once
they have become a known problem, instead of making it such that
unverified users can't send to xxxx automatically, all the time?
I could support the notion of blocking mail off to a specific
site, *provided* it was a big problem. I'd still want to go
after the originators of the mail however, and get it stopped
that way.
I need to address srw's points a little later today.
|
janc
|
|
response 14 of 104:
|
Sep 21 20:56 UTC 1995 |
By all means, we should talk to the originators first. I think one of the
purposes of Grex is to help people learn how to behave on the net. Almost
any problem should first be addressed person-to-person, and only later should
technical solutions be used. I'm really impressed by the time and energy
that STeve puts into finding, contacting, and talking with people. Grex is
lucky to have someone willing to do that. But it isn't always going to work.
We need to have a fall back.
|
kerouac
|
|
response 15 of 104:
|
Sep 22 00:46 UTC 1995 |
Why cant there be the option of users setting up mail access lists,
like .cf lists, where they can literally decide if they want who (at
least within grex) can send them mail. Surely it wouldnt be too
hard to set it up so the mailers we have here read a .maillist file and
kill any mail from local addresses not on the list.
You could do a .nomail list file, but that would onluy encourage the
creation of more logins. This way would at least allow users to limit
who they want to recieve mail from within grex. Any mail recieved from
addresses not on the .maillist could be bounced and returned.
|
scg
|
|
response 16 of 104:
|
Sep 22 04:06 UTC 1995 |
I think that is possible. It's called filtering. It's a little more
complicated than the few files you described, but it's definitely doable for
those who feel like doing it.
|
srw
|
|
response 17 of 104:
|
Sep 22 06:16 UTC 1995 |
But it doesn't address the issue, which is to be able to control mail
sent from Grex to other sites where people are justifiably offended
by such mail because it violates generally accepted internet practices.
|
scg
|
|
response 18 of 104:
|
Sep 22 14:01 UTC 1995 |
Let's say we do take to blocking mail to specific sites when we get a
complaint. Then when srw@izzy.net complains because somebody is mailbombing
him from Grex, and asks not to be able to receive any more mail from Grex,
does that also mean that scg@izzy.net can't receive mail from Grex?
|
janc
|
|
response 19 of 104:
|
Sep 22 14:24 UTC 1995 |
It could probably work either way, depending on whether an individual user
asks, or the system administrator asks.
|
popcorn
|
|
response 20 of 104:
|
Sep 22 14:52 UTC 1995 |
(Re 15: Kerouac -- check the info conference, in an item titled something
"filtering you mail", for info about how to do what you are describing.)
|
lilmo
|
|
response 21 of 104:
|
Sep 22 17:16 UTC 1995 |
Re #18: Again, the proposal would NOT block all mail, just that from
unverified users.
|
popcorn
|
|
response 22 of 104:
|
Sep 24 15:46 UTC 1995 |
(In #20, make that "something *like*" not just "something". But you
probably figured that out. And the title "Filtering You Mail" is correct,
if I'm remembering it correctly.)
|
selena
|
|
response 23 of 104:
|
Sep 26 17:35 UTC 1995 |
I really don't like the whole idea of validation for mail at all
..
o
|
lilmo
|
|
response 24 of 104:
|
Sep 27 04:03 UTC 1995 |
Somehow, I'm not surprised to hear that... *friendly smile*
|