|
|
| Author |
Message |
| 25 new of 105 responses total. |
jmsaul
|
|
response 25 of 105:
| 
May 11 17:42 UTC 2002 |
You tell me.
|
remmers
|
|
response 26 of 105:
|
May 11 17:55 UTC 2002 |
I'd like to send email to some friend on Grex quoting that S.1618
paragraph so they'll know what to look out for, but I guess I
can't.
|
jmsaul
|
|
response 27 of 105:
|
May 11 18:57 UTC 2002 |
*I'd* like to talk about Nigerian political leaders, so I'm glad I still can.
|
jp2
|
|
response 28 of 105:
|
May 11 20:35 UTC 2002 |
This response has been erased.
|
jmsaul
|
|
response 29 of 105:
|
May 11 22:39 UTC 2002 |
Whatever. Suggestions that everyone's mail should be censored -- and if that
wasn't a suggestion, it sure looked like one to me -- really set me off. I
tend to respond poorly to them, because it's the kind of thing people should
get to make decisions about for themselves.
Maybe the staff should come up with a template .procmailrc that filters the
more common varieties of spam and includes comments explaining how to add
stuff like what Sindi wants filtered, so people who want the filtering can
have it and the rest of us can talk Nigerian politics in safety. (Or the
S.1618 thing.) However, this takes staff effort, because I don't know
procmail well enough to write the thing casually.
|
mcnally
|
|
response 30 of 105:
|
May 12 02:28 UTC 2002 |
I think you're overreacting Joe. I don't think it's a particularly good
idea to go wild with content-based rejection of incoming mail on Grex
but some filtering already takes place and I don't see you accusing the
staff of censorship because e-mail above a certain size or with certain
extensions (?) is blocked.
Presumably that's because you recognize that there's a legitimate balance
between system resources, user convenience, and quality of e-mail service
that can be offered. Sindi's proposing a different compromise position
than the one you support but unless you want to stand on absolute principle
and claim that it's wrong to reject any mail whatever, I don't see a sharp
line between her position and the status quo that you apparently accept.
|
gelinas
|
|
response 31 of 105:
|
May 12 03:08 UTC 2002 |
yeah, I'm interested, Marcus. I got one today that I'm going to look into
a bit more.
|
jmsaul
|
|
response 32 of 105:
|
May 12 04:14 UTC 2002 |
Re #30: Actually, I didn't know about Grex's filtering before this item.
Since Marcus doesn't want to disclose the filtering rules, I can't
really say whether I agree with what he's doing or not.
Now that you've brought it up, though, I'd like to know *exactly*
what text content Grex filters. I'm willing to accept filtering
of large messages, or even certain types of attachments, but
nailing stuff based on the *words* in a message bothers me,
because I think I should have a right to make decisions about
that myself. (Among other things, I collect net urban legends,
and I've actually saved one or two of the Nigerian "Spanish
Prisoner" variants.) I don't expect that he'll divulge the
rules, which is understandable but makes it even more important
to do as little blocking as possible.
There is, though, a difference between blocking the specific,
lengthy text of a known spam (which is what it sounds like mdw
is trying to do) and blocking all messages that include a word
or two that often shows up in spam but could also appear in
legitimate email. The first one is acceptable if there's a
need for it to keep service running; the second is an
infringement on everyone for the sake of a few people who won't
learn to either just delete the messages or use procmail to
protect themselves. I think that's also a reasonably easy
line to draw -- is it likely that the blocking rule will kill
legitimate mails as well? If so, don't do it.
|
mdw
|
|
response 33 of 105:
|
May 12 05:53 UTC 2002 |
I sure don't want to block *all* mail that has Viagra in the subject
line, or mentions the names of dead nigerian politicians in the text. I
think that's definitely going way too far. My goal (not always met) was
to stop as much spam as possible while stopping as little legitimate
mail as possible. If I have to compromise, I'd rather let spam through
than stop legitimate mail, but I am willing to stop some legitimate mail
if it also stops a lot of spam. I'm kinda happy with the 50/50
complaint ratio; it looks sort of like a reasonable solution to a
min-max problem.
I have a theory that if we stop "enough" spam, spammers will find
cyberspace.org mail addresses unattractive and will stop attempting to
send us other spam. I don't know how much truth there really is in
that, but I did notice that occasional spam started to show for mailing
lists that claimed to have those pesky ".org" addresses cleaned out
because of all the anti-spammers on such systems. I wish I could take
credit for that, but I don't think we're that big a % of the internet
e-mail traffic.
I've love to stop the nigerian spam too, but so far, I haven't figured
out a good way to do it.
The s1618 logic doesn't match any one paragraph, but it matches 3 word
combinations that showed up in a bunch of them, and it has further
checks for frequency and I think ordering. A clever person *might* be
able to write a legitimate paragraph that generates a false hit, but I
think it would be both hard and take deliberate effort -- and is not
something that would be at all likely to happen by accident. A more
likely case is someone sees actual s1618 spam and forwards it for
whatever reason. I'm not convinced we should encourage this.
In case people have forgotten the s1618 paragraph, here's a sample:
. This message is sent in compliance of the new e-mail
. bill: SECTION 301. Per Section 301, Paragraph
. (a)(2)(C) of S. 1618. Further transmissions to you by
. the sender of this email may be stopped at no cost to
. you by sending a reply to this email with the word
. "remove" in the subject line.
Like I said, this paragraph can vary, other samples include fragments
like "105th US congress", "cannot be considered spam as long as", "This
is a one time e-mail transmission", "Contact information & a remove
link", etc. Variations also include how the paragraph was wrapped,
capitalization, the actual removal method, etc. I presume either there
was some book that told people to put this paragraph in, and/or some
software package that automatically scrambled it a bit on each message
sent, to foil simple regular expression filters.
|
remmers
|
|
response 34 of 105:
|
May 12 11:28 UTC 2002 |
I copy&pasted the S1618 paragraph from Marcus' response and tried
emailing it in the body of a message to my cyberspace.org address.
Grex indeed bounced it.
In all honesty, I must say I'm not comfortable with that.
|
keesan
|
|
response 35 of 105:
|
May 12 13:59 UTC 2002 |
As you will all notice if you read my words instead of interpreting them, I
was not 'proposing' or 'suggesting' any anti-spam measures, simply asking a
question about how people would react to Marcus filtering certain words, in
an attempt to start a discussion of how filtering should work and what is or
is not acceptable to the majority of users. Of course each user wants to
filter different things. In my case, I have never had email exchanges about
Nigeria or Viagra and would be happy not to receive mails containing those
words, but I DO receive .exe and .zip files and would be unhappy if those were
blocked. Perhaps there are other things that everyone wants blocked.
|
jmsaul
|
|
response 36 of 105:
|
May 12 14:12 UTC 2002 |
Re #34: I'm not either, and I don't think one person should be making
decisions like that for all of Grex. Hell, that logic would block
responses from abuse handlers at some ISPs, because they include
the original message. Plus, for all I know, Marcus wrote the
logic so that it blocks Section 301 of any Senate bill, or any
language at (a)(2)(C) of any statute, because he didn't think
about that. I can't tell, because the blocking logic isn't open.
Good intentions, but bad idea.
Re #35: It sure looked like you were proposing it, but I apologize for
not reading it literally. That's probably safest with your posts.
|
keesan
|
|
response 37 of 105:
|
May 12 14:17 UTC 2002 |
Please try to read my posts literally. Thanks for the apology. Some people
really do try to say what they mean.
|
jmsaul
|
|
response 38 of 105:
|
May 12 14:24 UTC 2002 |
People who speak figuratively may also be saying what they mean, because
figurative speech is an accepted part of human communication. Your
communication style is more literal than that of anyone else I've ever met,
and I need to keep that in mind, but it doesn't make you more honest, or more
interested in saying what you mean, than other people. It just makes you more
literal-minded, and more prone to having people read content into your posts
that isn't there -- because with almost anyone else, it would be.
Ack. I probably just did it again.
|
mdw
|
|
response 39 of 105:
|
May 13 04:18 UTC 2002 |
#36 gets a score of "5" by the s1618 logic. #33 gets a score of 234,
mainly because of the extra non-dotted text I added to the "same"
paragraph. Adding 2 blank lines to separate the dotted text makes it
look like a separate pargraph so increases the score to 488. The
minimum score is 400, below which it's not bounced. I stand by my claim
that a hit is very unlikely to happen by accident. Yup, the logic will
bounce spam reports, but it will also bounce spam that people try to
send from grex.
I once thought it was very important to deliver all mail possible. Then
I got more and more spam. Now I think in terms of "maximizing"
information content, and "minimizing" complaints. There are certainly
plenty of other mail providers out there, so I don't think grex has to
be all things to all people. The current spam filters on grex are
certainly a pain to maintain and update. I'll probably be doing so no
matter what for myself and a few other volunteers here at work, but I
have no objection if grex chooses to become more spam friendly. It
would certainly make it easier to update the mail software, or bring
someone else up to speed on doing so. I don't think either John or Joe
are the right people to decide that though - both read mail elsewhere.
I read mail elsewhere as well, but my mail does go through the same
rules as grex (essentially, I get to be the guinea-pig.)
So how do other people here who do read mail on grex think about spam or
their relative chances of discussing certain activities of the 105th
congress in e-mail? Would they like to see much dumber spam filtering?
Anyone crazy enough to try to convince staff they can do a better job of
sharpening the fangs in sendmail?
|
bdh3
|
|
response 40 of 105:
|
May 13 05:32 UTC 2002 |
I would suspect that mdw done good as far as spam protection goes.
I don't get any on grex, but that is because I don't refer to the
grex id in any public fashion. (I also read my grex mail once
in a blue moon.) This leads one to the obvious conclusion that
spam directed at grex is not of a random basis (ie no spammer
generates random logins to send mail to). Thus, if you get spam
on grex it is your own 'fault' and somewhat incumbent upon you to
'cure'. Marcus is nice in that he has taken the time to add a
spam filter to the mta here locally, but that is because he is
a nice fellow. I also suspect that what he is doing is 'open
sourced'.
There are also tons - billions and billions...- of web documents
on procmail and sendmail regarding filtering spam. So I don't
think its even necessary for any staff person to re-invent the
wheel for a user.
|
jmsaul
|
|
response 41 of 105:
|
May 13 13:35 UTC 2002 |
If you're worried about Grex users sending spam, why don't you just implement
something that throttles the sending of more than X messages in a Y hour
period?
|
cmcgee
|
|
response 42 of 105:
|
May 13 13:59 UTC 2002 |
I'm happy with the amount of spam I get on Grex. The account that I use
for the "email address" slot on Web forms gets the most spam. An account
that I use for one majordomo-controlled mailing list gets no spam. The mor
invisible my accounts are, the less spam I get. Seems like a good balance
to me.
|
keesan
|
|
response 43 of 105:
|
May 13 14:13 UTC 2002 |
I have never had a spam report bounce unless the address did not exist. I
use grex for all my email (unless it is over 70K). I do not forward as
attachment since the servers says not to do that when sending in spam reports.
I would like to see procmail provided in a simplified form in the change
program, if anyone has the time to do that. So I could exclude particular
Reply-to or From address, and Subject lines, and words in the text. This
would eliminate 90% of my spam.
Recently I got a spam from some address claiming to be Southwestern Bell
trying to sell me something to do with sports, I think. (There was also
various stuff at the bottom about new phone accounts). I reported it to the
originating address as spam but never heard back from them. That sort of spam
would be a bit harder to filter. Today I got one that was going to put me
on a newslist but only if I replied first, which was polite of them and
backwards from the usual procedure (reply if you don't want to hear from us).
I have sent the same small email to 100 addresses at a time and would
appreciate being able to continue doing this. The spams that I get which don't
hide the list of names have shorter lists than that.
Msn says that their addresses never start with numbers so that is a sign of
faked addresses - that sort of thing could be filtered, I think. I got three
of these in two days. (stayhard)
|
gull
|
|
response 44 of 105:
|
May 13 16:11 UTC 2002 |
Re #43: What's your source for the comment that msn addresses can't start
with numbers? If that's reliable, I'd like to add it to the spam filter I
maintain at work. (It's not that I don't believe you've heard that, it's
that I like to be sure about these things before I start blocking mail.)
|
jmsaul
|
|
response 45 of 105:
|
May 13 18:06 UTC 2002 |
I like this idea a lot:
I would like to see procmail provided in a simplified form in the change
program, if anyone has the time to do that. So I could exclude particular
Reply-to or From address, and Subject lines, and words in the text. This
would eliminate 90% of my spam.
|
keesan
|
|
response 46 of 105:
|
May 13 21:34 UTC 2002 |
abuse@msn.com wrote me. I suggest that you write them for the exact details
as I may have got this wrong. Tell them you have been getting a lot of spam
with reply-to addresses at msn and ask how to tell if they are faked.
Other places say something about X- which I did not follow. I can save these
things and post them here as I get many such responses.
jmsaul do you know enough and do you have the time to set up procmail in the
change program? Other people have discussed it but nothing has been done.
|
jmsaul
|
|
response 47 of 105:
|
May 13 21:43 UTC 2002 |
I don't know enough (I've just been learning procmail myself), and I don't
have the time right now to learn what I'd need to know to do what I think that
would take and set it up. I'm not really technical compared to a number of
the people around here; I'm a knowledgeable user rather than a sysadmin
or programmer.
I'm not sure who all the staff around here are, or who it would be best to
ask.
|
oval
|
|
response 48 of 105:
|
May 13 22:22 UTC 2002 |
i don't mean to be a snob here, but i like the fact that grex provides users
with a unix shell account. i think taking a little time to learn the *basics*
about linux is a really good, productive way to spend one's time. it's really
not too hard if you start from the basics. having a procmail option within
the change program would make thinkgs a lot easier for people who don't want
to wast their time with learning how to create a text file with pico and
copy/paste some text and do alittle research, but somehow i have little
sympathy for those people.
in other words, i'm with beady.
|
jazz
|
|
response 49 of 105:
|
May 14 00:04 UTC 2002 |
The ideal solution, I've been convinced for years, is for Sendmail
filtering to open up a opt-out by local userid for those people who are more
concerned with not losing any mail at all then receiving too much spam. I
can't see any other clean solution to managing spam filtering in the face of
strenuous objection by a small portion of the user base.
|