|
Grex > Coop8 > #136: Should we Restrict E-mail on Grex? | |
|
| Author |
Message |
janc
|
|
Should we Restrict E-mail on Grex?
| 
Nov 2 20:31 UTC 1996 |
I think we need to take steps to make Grex less attractive as an E-mail
server. Grex's cpu and internet link are being saturated by floods of E-mail.
Some random notes on the issue:
- It appears that we have a few users getting very large quantities of
E-mail, and a very large number getting smaller quantities.
- Many people use Grex as a mail forwarder. They never log on here, but
just have their mail forwarded from "whomever@cyberspace.org" to their
real address, so the mail in over Grex's link, and then immediately
goes right back out again. It's not clear that this is really any worse
than people who telnet in to read their mail, since the mail also gets
sent back out again when they read it too.
- We have people who, to avoid waiting in the telnet queue, use ftp to
grab their mail files off of Grex.
- When Grex has been down for a while, we often have to disable logins
for a while after it is up so that the system can process the hundreds
of accumulated mail messages that systems all over the world fire at it
the instant it comes back on line.
- A large proportion of the day-to-day administrative work on Grex is
mail-related.
About a year ago, STeve estimated that about 25% of Grex's resources are
devoted to mail. I think it is more now. Possibly as high as 50%.
There is a place called "geocities" that gives free web pages to anyone who
can supply a vaild E-mail ID as authentication. I've seen users who take out
accounts on Grex just to have an E-mail address to give to Geocities.
I have the impression that our mail-only users do very little to support Grex
financially.
I don't object to E-mail per se, but I don't think being the free E-mail
server to the world is really Grex's mission. I think this heavy E-mail usage
is bleeding off resources that could be put to uses that do more for the
community.
I wouldn't want to shut of E-mail entirely. I think it plays an important
role here:
- As a private communications channel among people involved in the Grex
on-line community.
- As a cheap E-mail server for Washtenaw county people who either do too
little E-mail to make a commercial account reasonable, or who, because
of youth or poverty, can't afford a commerical E-mail account.
For these classes of usage, I think E-mail is vital to Grex and should remain
free and unrestricted.
APPROACHES:
(1) QUOTAS:
It's tempting to put some kind of limit on total size of number of E-mail
messages people may send or receive each week. But such limits have serious
problems.
- They make people vulnerable to denial of service attacks. All I have
to do is mail you one huge file, and you won't be able to receive any
other mail for a while, because your quota is filled.
- They encourage users to create multiple accounts to multiply their
quotas.
- They are a big administrative headache.
- They are generally obnoxious and disgusting and hard to implement.
I think this is intrinsically a bad approach.
(2) LOCAL ONLY:
You could somehow restrict E-mail use to dial-in users only. Again, this is
a bit difficult to implement. But it also has the problem that many Washtenaw
County users access us only over the net. Maybe they use the terminals at
the library. And it is a very draconian restriction on distant users.
(3) E-MAIL AUTHENTICATION
I had suggested previously that when newuser creates accounts they be set up
with mail (not including Grex-to-Grex mail?) disabled. If users wanted access
to internet E-mail, the would have to get a separate authentication. Dial-in
users could do this immediately via an on-line program, but telnet users would
have to print out, and send in by snail-mail an application form.
The application form would (1) explain that Grex is a charitable organization,
(2) describe the sorts of usage Grex is seeking to support, (3) suggest that
you might want to make a donation to Grex and (4) ask you to sign a statement
saying that you have read and understood these rules.
All applications received would be automatically accepted. There would be no
validation of users or checking of ID. The idea is to make sure that people
understand what Grex is before using it as an E-mail site, and to intimidate
people enough to discourage people who don't have a real need for our service.
I don't know how hard this would be to do technically. It requires that we
have some mechanism for turning mail to particular accounts on and off. Maybe
sendmail would look users up in a different database than /etc/passwd and
validation would be done by adding them to that other database. Maybe you
could just create an un-writable, owned-by-root file in the place of their
mail file.
Probably we'd grandfather in all existing accounts by automatically validating
them for mail.
(4) OTHER IDEAS?
Do people have other suggestions or refinements of these ideas? Or do people
feel we should just let mail continue as it is?
|
| 69 responses total. |
kerouac
|
|
response 1 of 69:
|
Nov 2 20:58 UTC 1996 |
Dont think snail mail authentication is viable because it will just
cause grex's p.o. box to get flooded and some poor staffer to have
to deal with all the paperwork. Anything that causes more paperwork
should be avoided, lest grex need to start buying filing cabinets!
I've said before and will restate that I think outgoing email should
be restricted to members. Grex should be providing email addresses
so that its users can communicate with each other, not with the
outside world. Grex's email should be setup so that non-member users
can receive mail from the outside world, but can only send mail to
other grex addresses.
I think this policy would solve the mail overflow problem, increase
membership, and make it realistic to offer POP email with the same
restrictions. Grex needs to be encouraging its users to
communicat with each other. The same reationale is why
its better not to have usenet. Users using usenet are users not
using grex's conferences. Usenet and outbound email actualy
detract from the growth of the "grex" community.
|
ajax
|
|
response 2 of 69:
|
Nov 2 21:59 UTC 1996 |
Another past suggestion is limiting the size of messages that can be
received or sent off-site, to reduce the use of mail as an easy means
of file transfer. Someone with root access could check a log file to
see whether large messages (say, greater than 5 or 10K) represent a
significant portion of Grex's mail load.
|
scott
|
|
response 3 of 69:
|
Nov 3 00:13 UTC 1996 |
I think I'd like to see mail remain available, since e-mail is the one (IMHO)
really useful application of the Internet that I want people using
universally. I've even told a cousin to look for systems like Grex to do
email from.
What I'd like to see is a way to handle the abusers, like the huge file types.
Some kind of mail message size limit, like ajax mentioned, seems to make
sense.
|
kerouac
|
|
response 4 of 69:
|
Nov 3 03:29 UTC 1996 |
Dont know if its technically feasible, but one idea would be to
set it up so e-mail cant be sent to more than one address at a
time. Too many people do mass e-mails off of grex or forward
their mailing lists through grex. This would surely help
alleviate this. People are less likely to want to send the same
letter to thirty different people if they have to send it thirty
different times.
|
draven
|
|
response 5 of 69:
|
Nov 3 04:42 UTC 1996 |
It would be very difficult (bordering on impossible) to block script
based mailing lists.
|
krj
|
|
response 6 of 69:
|
Nov 3 07:08 UTC 1996 |
As I've mentioned many times, I'm supportive of the idea of
limiting the resources devoted to mail, only because Grex's
resources are not infinite.
A limit on mail message size seems to be a good first cut.
It doesn't favor any class of users, it discourages potentially
abusive transfers of binaries, and it doesn't inhibit the
use of mail for personal or business correspondance.
It also has no administrative overhead and should be easy technically.
What happens to the sites trying to send large mail files to Grex?
|
scg
|
|
response 7 of 69:
|
Nov 3 07:32 UTC 1996 |
Not to mention that it's also often very useful to be able to e-mail something
among three or four people. I woudn't call that mass mailing.
Like Scott, I'm really uncomfortable with the idea of restricting mail,
although I sometiems wonder if that still makes sense. When I first started
using Grex it was because I was looking for a place to do e-mail. I felt itat
the time, and still feel, that it's a very valuable service. The thing that
makes me question that a little bit is that unlike then, there are now plenty
of places in the private sector providing e-mail for $10 or $15 per month,
putting it in most peoples' range of affordability. Providing free e-mail
for Wasthenaw County then becomes a lot less essential, but there are still
some people around here doing low e-mail volumes without much money, who we
are being a huge help to. The other situation we're faced with, that's a much
bigger load, is places like India where finding e-mail access is still
difficult, just as it was here four years ago when I started Grexing. One
of the really neat things about the Internet is that t has made our community
a lot bigger than just Washtenaw County, and places like India are now a
significant part of our community, with a significant need. Just as I thought
four years ago that providing free e-mail to people like me in Ann Arbor was
a good service, so is doing that for people in other parts of the world now.
Of course, that doesn't address the issue of how to cope with that kind of
usage. There are a couple of things that we need to work on. To handle
Grex's growth, the staff really needs to be a bit bigger. We added a new root
and a new partyadm a couple of weeks ago. We've got a couple more people who
are likely to be added to staff in the next month or two, so we're working
on that. The other barrier is financial, in terms of being able to afford
the hardware and net bandwidth to support Grex as it grows. It's often been
pointed out tha we aren't getting much financial support from Indians, but
that's not to say that we haven't gotten lots of Indians asking us how they
can help out. Unfortunately, we haven't been able to come up with a really
good answer for how people in India can send us money. Roupees aren't
directly convertable into dollars, although there are apparrently some banks
that can handle the conversion. It would be good to get information on who
those banks are and what users need to do to exchange money. Even better
might be to get somebody in India who could handle that sort of thing for us,
converting everything at once every month or two.
|
mdw
|
|
response 8 of 69:
|
Nov 3 10:04 UTC 1996 |
I disagree with kerouac's idea of restricting mail to "members only",
but I agree that any scheme that requires people to send in paper mail
that has to be processed by staff here is a really bad idea. That's the
way most freenet's work - and the result is a really horrible backlog of
paperwork that piles up, and has to be processed.
In the long run, I think this problem with disappear. Free e-mail is
an attractive enough concept that more & more places are doing it,
and with better & better software. We've already taken steps to
discourage people from using that "better" software with grex, by
refusing to offer "pop" service.
|
kaplan
|
|
response 9 of 69:
|
Nov 3 12:27 UTC 1996 |
Maybe we could append a .signature type file to each messsage with a
statement like:
This message originated from a free member supported system.
This scheme, like the denial of POP makes it less desirable to use grex
for mail without actually forcing people to stop. Maybe make the statment
should have a plug in it reminding the sender to become a member.
As for ftp, wouldn't it be possible to deny ftpd access to the mail spool
directory?
|
scott
|
|
response 10 of 69:
|
Nov 3 13:24 UTC 1996 |
The membership in the .sig idea sounds interesting. It might have an effect
on people trying to run whole businesses from a Grex email address, for
instance. Wouldn't bother me at all.
|
dang
|
|
response 11 of 69:
|
Nov 3 15:22 UTC 1996 |
Nor me, and would have very little or no staff effort involved. I like it.
I would even be proud to have something like that appeneded to my mail from
grex. :)
|
janc
|
|
response 12 of 69:
|
Nov 3 16:37 UTC 1996 |
Some kind of universal .sig like Jeff suggests would be a neat idea. Of
course, it would also work as advertising, and would likely attract more
mail users. Hmmm...I think the .sig would have to be very carefully worded.
We could just run a program each month identifying heavy mail users who
are not members, and automatically send a message to them reminding them of
Grex's purpose and asking them to donate money. That way we would harrass
heavy users with our advertising.
|
kerouac
|
|
response 13 of 69:
|
Nov 3 18:32 UTC 1996 |
If the idea is to discourage email without doing much else, why
not simply reduce the number of mail programs that grex offers.
Get rid of pine and elm, or make them member perks, and say that
the only email offered free is the standard mail program. I can
imagine any number of people who wont bother to use mail here if
they cant use pine for instance.
|
chelsea
|
|
response 14 of 69:
|
Nov 3 21:50 UTC 1996 |
I think before I'd proceed with a fix I'd want a little more information
on what's behind the problem.
Maybe we should send an e-mail survey to the 30 highest volume mail users
(not members) last month. Explain there is a problem with Grex keeping up
with the demand for mail resources and there is currently a discussion
taking place on how to best manage the load, including possible rationing
or elimination of some services.
Then ask each of these users to help us out by answering a few
questions. Like:
1. Prior to this mail were you aware Grex is totally
funded by generous donations from its users?
2. Do you have an alternate method for sending and
receiving e-mail, other than Grex?
3. How do you think this resource crisis should
be handled?
4. Is e-mail usage important enough to you that
it would be worth supporting Grex with
either a donation or by becoming a member?
There are probably better ways to phrase those questions but I think you
get the drift. I'd be curious to see the responses and go from there.
|
pfv
|
|
response 15 of 69:
|
Nov 3 21:55 UTC 1996 |
Oh yeah, I can envision a lot of information from that.
|
chelsea
|
|
response 16 of 69:
|
Nov 3 21:57 UTC 1996 |
I already see one poorly worded question. Make
the first one more like "donations from its
generous users" rather than generous donations.
|
chelsea
|
|
response 17 of 69:
|
Nov 3 21:58 UTC 1996 |
But maybe we've already canvased these high volume
users before?
|
mta
|
|
response 18 of 69:
|
Nov 3 22:23 UTC 1996 |
I donm't think we have .. and I think the survey is a good idea. Even if
people don't respond, we'll have given them information they almost certainly
didn't have before. I suspect that many of our mail-only users either assume
we get support from some government agency or corporate sugardaddy, or they
never stoppped to wonder about it at all.
|
pfv
|
|
response 19 of 69:
|
Nov 3 22:53 UTC 1996 |
I'm sure they will all feel guilty and relent, too..
|
janc
|
|
response 20 of 69:
|
Nov 3 22:55 UTC 1996 |
I think Mary's idea of surveying the users involved is an excellent one.
I've been using the (somewhat nasty) problem of parsing mail logs as an
exercise in perl programming. I'm not sure that my program works 100% right,
but I think the following statistics for a sample week are pretty near right:
Week of October 13 to October 20:
Mail sent out over network: 15,094 messages / 50,175 kilobytes
Mail recieved over network: 24,692 messages / 97,402 kilobytes
Local mail: 3,138 messages / 6,132 kilobytes
Total mail: 53,924 messages / 153,709 kilobytes
This is messages delivered, not messages sent. If you send mail to multiple
recipients either by specifying several recipients or mailing to an alias or
.forward file that expands to multiple recipients this may result in multiple
deliveries. Each local user is one delivery, and each remote system is one
delivery.
Identifying the mail hogs is a bit of a problem, because the mail logs don't
quite give all the information you need. If I set up a .forward file to
janc@izzy.net and I get mail from gregc@pm-tech.com, then the log shows a
message from gregc@pm-tech.com, to janc@izzy.net, but doesn't mention the
account "janc@cyberspace.org". Thus people with .forward files would be
invisible to any hog-detector based on the mail log files.
|
pfv
|
|
response 21 of 69:
|
Nov 3 23:17 UTC 1996 |
Then, I'd presume the data is skewed and unusable.
|
kerouac
|
|
response 22 of 69:
|
Nov 4 00:36 UTC 1996 |
But Jan's statistics point out a problem...Grex receives nearly
twice as much email as it sends out.
Maybe a solution then is to limit the number of pieces of email
one can receive in a 24 hour period. Say after ten pieces of
email, grex bounces anything else and warns users that:
"sorry, your mailbox quota for the day is filled"
|
pfv
|
|
response 23 of 69:
|
Nov 4 00:59 UTC 1996 |
You'd need better than 10x.... And that too requires coding.
Can you code or are you looking for someone else to write code
to satisfy yerself?
Look it up, folks - the abuses are definable... Where is the
script you use to identify them?
At least Draven reported HOW the data was acquired.
|
krj
|
|
response 24 of 69:
|
Nov 4 01:54 UTC 1996 |
EVERYBODY receives more mail than they send. That's the way the world
works.
On looking for .forward hogs: I think you want to make a list
of the transactions which don't involve Grex as origin or destination,
then sort by destination.
|