|
Grex > Coop7 > #117: mail abuse and membership | |
|
| Author |
Message |
popcorn
|
|
mail abuse and membership
| 
Oct 19 03:36 UTC 1995 |
Generally when someone gets tons and tons of mail on Grex, to the point that
it's starting to fill up the mail spool that we all share, I or another
staffer will move their mail to their home directory. The partition with
the home directories has a lot more free space than the mail spool does.
When I move people's mail, I also send them a message explaining what I did,
how they can read the mail that I moved, and saying that if they make a
habit of leaving these vast amounts of mail in Grex's mail spool (ie. if it
happens more than 2 or 3 times) their account will be deleted for mail
abuse. Accounts get deleted this way fairly regularly, usually because the
account's owner subscribed to an active mailing list and then forgot that
the account existed.
Recently, for the first time, a member reached this threshhold where her
account would have been deleted for mail abuse. I went ahead and deleted
her account, just like I'd do with any other account, member or not.
Did I do the right thing?
Should members have special consideration for account deletion?
|
| 72 responses total. |
scg
|
|
response 1 of 72:
|
Oct 19 05:04 UTC 1995 |
I was the one who noticed that the user in question was a member, and
complained about it in the staff conference. I did not do that because I
think members should get special consideration in this sort of thing, but
because we have a general do not reap policy for members, due to the
membership being tied to an account. I'm not ready to make a decision on this
yet, but I think Valerie probably did the right thing. I don't believe that
members buy the right to abuse the system.
But, there is a rather serious problem when a member is reaped, for any
reason. In paying membership dues, that person has a right to vote, which
is done with an online vote program and is done through their Grex account.
I also worry a bit about Grex becoming known as a system where we'll take
peoples' money, and then kick them off the system, although I don't think that
will happen. I see the voting issue as the more serious problem, which
probably means that when an account of a member is reaped, some staff person
should probably then get in touch with them and tell them what happened, and
how to get voting rights assigned to a new account if they still want to Grex
and/or vote. It's not clear to me that this is desirable, since it would
probably take more work than moving their mail again.
|
rcurl
|
|
response 2 of 72:
|
Oct 19 05:33 UTC 1995 |
Grex should have set limits on the use of limited resources, which
apply to members and nonmembers alike, and which are made so that they
cannot be violated. These limits should be known by all. If this
were the case here, no mail spool could exceed the agreed upon limit,
and further mail would be automatically refused. The user that reaches
limits should reasonably be warned before the limit is reached, but I
see no reason not to enforce the limit when it is reached. However I
do not see that account deletion is the appropriate "punishment" for
exceeding an unpublished limit. I recommend that necessary limits
on resources be established and enforced equitably and with due process.
(And that provisions be made for exceptions in justifiable cases.)
|
davel
|
|
response 3 of 72:
|
Oct 19 10:36 UTC 1995 |
I think I'd be in favor of NOT removing members under these circumstances,
but of letting their mail get thrown away. I also would sure like to see
this particular janitorial job - in all its phases - be automated.
The advantage to deleting accounts is that the mail (in some cases, *huge*
amounts of it) need not come through Grex's internet link at all - the
*other* system bounces it back to sender if no account exists. I think.
<waits for someone to stomp on mistake> I'd rather see us taking this
step for members only when and if this becomes a real problem for members.
|
popcorn
|
|
response 4 of 72:
|
Oct 19 13:56 UTC 1995 |
Right: Deleting the account is a very efficient way for Grex not to have to
process their mail anymore. This saves mail spool space, internet link
bandwidth, and staff time for dealing with the person's mail the next 17 times
it grows to gargantuan proportions. It's not meant so much as a punishment,
but rather it's a very efficient way of unsubscribing the person from their
mailing lists, and otherwise getting their attention.
Also, most people who accumulate tons of unread mail have already stopped
using Grex for whatever reason (lost password, lost net access, etc.), and
won't at all miss their account if it is reaped.
|
selena
|
|
response 5 of 72:
|
Oct 19 15:40 UTC 1995 |
No way! If I abused mail like that, I'd be outta here! Newuser
doesn't say "don't subscribe to mailing lists and forget about them,
unless you become a member". So, nix the account. The idiot should have
been more careful!
|
n8nxf
|
|
response 6 of 72:
|
Oct 19 16:50 UTC 1995 |
If attemps were made to contact the person in question over a period of
time without results, I feel you did the right thing considering the
situation. Put a policy in place now so that there will be no feeling
of guilt in the future.
|
janc
|
|
response 7 of 72:
|
Oct 19 18:10 UTC 1995 |
So if we nuke member "janc" and someone else newusers themself a "janc"
account, do they become an instant member?
|
ajax
|
|
response 8 of 72:
|
Oct 19 18:28 UTC 1995 |
Whose account was reaped? I'll find out! >:)
I think it was a good call. That sort of problem is usually caused by
ignorance, not maliciousness, but account removal was practical, not
punitive. If the user recreates an account and proves their identity,
the account should be relisted as a member's.
Curious: was the person was no longer logging on, logging in but not
reading mail, or reading mail but ignoring requests sent to them?
Reaping seems easiest, but a non-reap alternative might be reading the
member's mail to find the mailing list sources, and unsubscribing them.
Is that too invasive, or does staff sometimes do that to active accounts?
Better yet would be automatic mail spool quotas...some day! :-)
|
janc
|
|
response 9 of 72:
|
Oct 19 18:31 UTC 1995 |
hint: staff reaps close to home.
|
rcurl
|
|
response 10 of 72:
|
Oct 19 19:45 UTC 1995 |
Perhaps what is needed here is not a "reap" per-se, but making the
account invisible to incoming mail by, say, renaming it. The owner
should be informed of this, and the reason. I can see some problems
in doing this. Can an account be made invisible to external mail
while permitting the transmission of internal mail?
|
sidhe
|
|
response 11 of 72:
|
Oct 19 21:21 UTC 1995 |
Hm. That woul sound complicated.. but it may work.
What is the feasability of said visible/invisibleness?
|
janc
|
|
response 12 of 72:
|
Oct 19 22:38 UTC 1995 |
Could you just enter a system alias redirecting their mail to
"no_such_account"? This would cause their mail to bounce just as nicely as
nuking them, I think.
|
popcorn
|
|
response 13 of 72:
|
Oct 20 03:26 UTC 1995 |
I don't think there's a built-in mechanism for doing that.
I do know that sending their mail to /dev/null means that the mail
has to all come in over the internet link, wasting bandwidth, while
nuking the account means that the mail is refused before it comes
through the link.
Re 8: I have no idea whether she wasn't reading the warning messages
I sent her, or whether she was reading them but didn't know what to do
about them.
Sometimes I do look at mail headers and unsubscribe people from their
lists, but generally that's a lot more work, and, since unsubscribe
requests don't always work, it's less effective than just deleting the
account.
Re 5: Actually, for several months now, newuser *does* say "please don't
subscribe to mailing lists and forget about them". So people *have* been
asked not to do this.
|
ajax
|
|
response 14 of 72:
|
Oct 20 03:55 UTC 1995 |
(Selena's point in #5 was that it says the above in newuser, but does
not say "except if you're a member," so members should obey newuser's
request as well. Seems reasonable.)
|
wisdom
|
|
response 15 of 72:
|
Oct 20 19:01 UTC 1995 |
Yeah, $6 a month ain't enough to pay anywehere if you're going
to be an ignoramious abuser.
|
mdw
|
|
response 16 of 72:
|
Oct 21 23:38 UTC 1995 |
I don't think reaping accounts is a very good way to deal with mail
abuses. Actually, I've put a fair amount of work into teaching the mail
software about a better way to deal with this, in a largely automated
manner. Currently, sendmail is capable of refusing mail that is on a
special list of "mailbox full" people. I have a version of "mail.local"
that is capable of detecting "mailbox full" conditions, and posting
people to the list when this happens. The part that's missing is stuff
to tell people their mailbox is full, and a method of allowing them to
get themselves off the list after they've cleaned up their mailbox.
Finishing this up got queued up behind dealing with other issues
including httpd & the sun-4. But I hope to get around to finishing it
up sooner or later...
|
ajax
|
|
response 17 of 72:
|
Oct 22 03:17 UTC 1995 |
Cool, that sounds great, Marcus! Thanks for working on it.
What do you think of reaping meanwhile, until it's in place?
Seems like there aren't any other quick-and-easy solutions.
|
selena
|
|
response 18 of 72:
|
Oct 22 12:17 UTC 1995 |
I mean, a patio's great marcus, but what's wrong with the
umbrella, for keep rain off our backs, ntil the patio is complete?
|
steve
|
|
response 19 of 72:
|
Oct 23 01:43 UTC 1995 |
Marcus really does have a wondererful idea here, with regard
to how to handle seemingly endless streams of mail.
Once that is running, all mailboxes will be allowed to get to
a certain size (including staff--no differences) and thats that.
I was the one who put the "don't subscribe to mailing lists
and forget" message in newuser; I'm not entirely sure it has
been a success. I think that the problem people now fall into
two catagories: those who just don't care, and those who are
completely clueless about how the underlying systems work and
thus have no concept that what they've done is 'bad'.
|
davel
|
|
response 20 of 72:
|
Oct 23 10:40 UTC 1995 |
That last includes people who don't understand how to remove mail from
their in boxes, sometimes eventually complaining about how long it takes
to get to their new mail, I think. X=exit, right?
|
tsty
|
|
response 21 of 72:
|
Oct 25 18:19 UTC 1995 |
dpends on thje amiler, davel.
i also am seriously dis-inclined to reap under these circumstances *except*
after a +lot+ of patience ... a whole lot of patience with persistance
included. Having the power and not using it is leadership. Newusers
need leadership - and a hell of a lot more help flags flying, and a staff
that (someone(s) or other) runs watch for the problem logins.
This is nota new suggestion from me, btw, it has just been ignored for
a year or so. Maybe it's time to think again.
|
lilmo
|
|
response 22 of 72:
|
Oct 25 19:53 UTC 1995 |
Is there any way to automate moving mail from the spool to personal
directories?
|
steve
|
|
response 23 of 72:
|
Oct 26 03:54 UTC 1995 |
Sure--but there are better ways to handle things, like using
Marcus's sendmail that limits a mailbox to nn megs in size.
|
sidhe
|
|
response 24 of 72:
|
Oct 26 19:35 UTC 1995 |
A point of curiosity- how many megs?
|