I don't think we have much of a policy yet on how to grant
access to outbound email on Grex.
I propose that we use the "request" account that I just
created to take requests from new users to give access.
The obvious problem here is that a really determined
spammer might try to get an account here for an email
campaign. I'm betting that this is going to be enough
of a barrier that we're not going to get many requests
from them.
The next question is what we might ask of them,
and then who is going to help out in reading such
requests.
So I propose
- we hammer out some guidelines here
- we put a notice in the motd and newuser stating how
to request outbound access
- some set of people to look at them and then act
- we review this policy one or two months from now
I don't know how many people still want email on Grex.
Certainly there are enough other sources these days.
Comments?
24 responses total.
Is there a method of tracking how many emails are sent by each user?
There could be; we have log, so we could trawl through that and tally up what people sent.
You could probably also inject some logic into exim's outbound mail processing
and set some sort of quota. That seems hokey to me, though. Some people are
just prolific writers; any artificial limit to stop spammers would probably be
limiting for at least some legitimate users. Any limit that wouldn't penalize
legitimate users would be too porous to stop spammers. So what to do, then?
I think that the technical solution is to create a whitelist of users who can
send outbound email. The social part of the solution is to require users to
paypal a one-time donation to grex to set it up. Set the limit low (say,
$1.00) and require paypal so that (a) the user in question is in some way
"verified" and (b) the whole process can be automated. Further, require
positive acknowledgement of an acceptible use policy that explicitly prohibits
spam. Then, in the event of abuse, you have some sort of financial entity
that it can be tracked back to.
This could all be encapsulated in some program that could be run from the
command line, thus minimizing the impact on grex's staff to keep the system
running once it's set up. Ie, run:
% iwantmail
Grex email verifier, version 1.0
You are requesting access to offsite email on our server,
grex.cyperspace.org. Please note, our acceptable use policy
specifically prohibits the use of our resources for the
distribution of unsolicited commercial email (UCE, more
commonly known as "spam"). Email access will only be granted
if you acknowledge that you have seen this message and understand
and are willing to comply with the acceptable use policy.
Have you read, do you understand, are are you willing to agree
to the terms of our acceptible use policy?
[yes/no]:
Sorry, the only valid responses are "yes" or "no."
[yes/no]: yes
Your request has been recorded. In order to verify your identity,
we require that you send US$1.00 to emailaccess@cyberspace.org refering
to token 45cd019023cda87f. We will then email you when you're set up.
Thank you.
% whoami
jruser
%
You have new mail.
% mail
>N 1 emailaccess@grex.cy Fri Aug 4 17:25 13/445 Your grex email access.
& 1
From emailaccess@grex.cyberspace.org
To: jruser@cyberspace.org
Subject: Your grex email access.
[Token 45cd019023cda87f]
Hi jruser,
We have received and verified receipt from PayPal that you
(or someone acting on your behalf) has verified your request for
access to grex's outbound email system. Access has been granted
for your account. If you have any problems, please send mail
to "help@cyberspace.org." Thank you,
The Grex Staff
&
% mail whomever@wherever.com
...
As a rough example of what's possible and how I see it running. In the
background, one would get an poll paypal once an hour or so to see if new
members have joined or verification payments have been received, and update
the database according. I'm pretty sure PayPal has an API for doing such
querying; maybe via SOAP or WebServices or something. For additional
security, run it on a satellite machine and update grex once an hour from
there (whatever happened to grpys?). It wouldn't be much work to put
together a few Perl, Python, or Ruby scripts to do all of the above. I may
even volunteer to work on such a project.
I don't think it would be beyond grex's nonprofit charter, either, as the
expenses could easily be justified as part of covering the cost of
verification of users, as part of due diligence for allowing access to an
abusable resource.
Does it *eliminate* the potential for abuse? Not at all. But it does
provide a pretty strong deterent (it'd probably be cheaper to create a
trillion hotmail accounts and spam from there) and it provides an audit
trail to follow back to a source if abuse *does* occur. It's certainly
an improvement over the status quo.
Of course a side-effect of your scheme is that it effectively precludes about 80% of the world's population from being eligible for outgoing Grex e-mail. Getting funds into a PayPal account isn't trivial for people in many countries.
We have the whitelist already--accounts not in that list can't send outbound mail. I'll comment more when I'm not stuck with a problem at work. But we do need some kind of verification system I think.
I think the original idea of a capcha was not a bad one, we just never implemented it.
re #6 I agree with that idea.
Actually capchas are bad.
speaking of email, i am not a newuser in the sense that i have just come to grex, however, this userid is new and i would like it to have access to email (outgoing) please. triluda!
Just send $6 and id.
no. and shut up.
Regarding #4; That doesn't seem to be much of an issue. I have yet to see hordes of people in 3rd world countries beating down grex's doors for email access. Everyone I *have* seen ask is from the US or another country where access to paypal isn't such an issue. Regarding #6; The thing about a capcha is that it doesn't stop a motivated human spammer from logging in, creating an account, running the "mail granting program" and then getting out 10,000 or so messages before they're shut down. If you attach a price tag to outgoing mail, and make it tracable back to someone, then that's a much stronger barrier. Assuming a captcha will do it assumes that the spammers have figured out a way to automate the account creation and spam production process, but in the case of grex, I kind of doubt that.
unlucy
I think we should remove outbound E-mail access for users who, acting as official representatives of Grex, send false and libelous abuse reports to other systems.
Okay, okay. We get it, scholar.
As of February 5, 2006, Grex's staff includes: ********************************************* STeve Andre' (steve) - root doesn't look like you have!
My point is, you're not doing yourself any good by continuing to harp on it.
Re #12:
Require a capcha response for each recipient to an email. In the case
of sending while logged in with telnet or ssh, generate the capcha letters
as ascii art and display on stdout; require the response of course from
stdin.
accousing someone of libel is so mundane. I heard you got banned from tonsters IRC server too.
Regarding #18; you mean do a captcha for *every* email? That's unlikely to work; what if I just invoke sendmail directly? Does that require a captcha, too? If yes, then what if a program does it on my behalf? Are we going to modify every possible MUA on grex to do a challenge and response, passed on to the user, for interfacing with sendmail? For that matter, what if a local user telnet's to the SMTP port? Etc, etc, etc....
Chmod sendmail so that users can't invoke it directly, but let mail programs run with an appropriate suid for the task. Telnet to the SMTP port??? Why in the name of Bob would this be allowed?
re. 19: i'm not sure if it was his server, but, yeah, i got banned from it because i went into a channel and started asking about how to donate to m-net. i didn't do anything abusive and i can post a log if you want. also, my fact finding mission came up with the following: 1) tonster's no longer the treasurer, and apparently no-one's filled his place so any money you send is likely to sit there collecting dust; and 2) no-one gives a shit about M-Net donations anymore.
just send your money to rex A roof
Regarding #21; You *could* do that, but again, you'd have to modify all the MUA's to do the captcha thing. And then make sure to modify them again every time you upgrade either the system or them. telnet'ing to the SMTP port is probably allowed because we allow users to connect to any port on the local host; this is how some MUA's send email. Of course, something is listening to that port because, again, that's how some MUA's send mail (early versions of MH come to mind, but so does fetchmail). I suppose some hokey thing with pf could be done to prevent unprivileged processes from connecting to port 25....
You have several choices: