|
Grex > Coop7 > #101: Proposal to limit mail to prevent abuse. | |
|
| Author |
Message |
| 25 new of 104 responses total. |
sidhe
|
|
response 25 of 104:
| 
Sep 27 14:30 UTC 1995 |
What exactly are the problems that have been caused? Have there
actually been problems with people mailing USENET from here?
|
davel
|
|
response 26 of 104:
|
Sep 27 16:37 UTC 1995 |
Yes.
|
sidhe
|
|
response 27 of 104:
|
Sep 28 21:05 UTC 1995 |
As in..? Please elucidate.
|
selena
|
|
response 28 of 104:
|
Sep 29 02:45 UTC 1995 |
Lilmo.. well, what's your take on it?
|
lilmo
|
|
response 29 of 104:
|
Sep 29 07:21 UTC 1995 |
While I am flattered you asked my opnion, I'm not entirely sure what the
question is, but I'll take a stab at answering it anyways.
As I understand the proposal, outgoing mail will go through an extra step,
checking two simple flags: whether the site in the To: field is on a list
of sites, and whether the user is a "verified user". If the site is on the
list and the user is not verified, then the mail delivery is not completed.
If the site is NOT on the list, or if the user is verified, mail delivery will
continue unobstructed. "Verified users" will include all members, and any
other user that goes through the verification process. Sites to be on the
list will be (as I understand it) mail->news gateways, remailer sites, and
other sites to which Grex has agreed to restrict mailings for some reason.
Presumably some standards will be set for putting other sites on the list.
What happens to unverified users' mail to resricted sites is unclear at
the moment (go to staff? bounce back to user? both?)
Probably 99.9% or more of "other sites" will have unrestricted mail access,
so that will most likely not be the sticking point. The problems I see
possibly occurring are technical (can it be done? Will it slow down Grex too
much?), and philosophical (Does this fit with the Grex paradigm?). Most of
the discussion so far has centered on nailing down the proposal and discussing
the philosophical question. Personally, I see this as an extension of the
Internet policy (restricting Usenet posting to verfied users) and being a good
net-citizen (seeking to control abuses of the anonymity Grex provides).
I hope that was what you wanted.
|
selena
|
|
response 30 of 104:
|
Sep 29 15:15 UTC 1995 |
Okay, that's clearer. Still, I'd like to know
what is being called a re-mailer site..
|
lilmo
|
|
response 31 of 104:
|
Sep 30 20:02 UTC 1995 |
A re-mailer site, as I understand it, is a computer(or account) that accepts
mail, and, based upon some info in the subject or body, re-mails it. Some
of these will strip any identifying info in the header, and assign each
account using the system an identification number to be used for
correspondence purposes. For example, user@foobar.edu sends mail to a
re-mailer at foobar.org, instructing foobar.org to send the mail to a
mail->news gateway. Foobar.org does so, stripping all routing and From:
information, and inserting "From: 123456789@foobar.org". If a reader of news
wishes to send and e-mail response to user@foobar.edu, s/he sees only the
foobar.org address, to which mail can be sent. Foobar.org then looks up
123456789, discoverin that that number belongs to user@foobar.edu. the mail
that the reader sent to 123456789@foobar.org is then forwarded to
user@foobar.edu. This allows a great deal of anonymous mischeif.
Some sites do NOT remove identifying information, allowing Grex to be
identified as the originator of any msg's sent from here through those sites;
also, the legality of preserving anonymity if, for example, a subpoena is
issued, has not been established.
|
srw
|
|
response 32 of 104:
|
Oct 1 07:08 UTC 1995 |
#29 is a good summary. I had originally figured we would start the site
list with known mail->news gateways, and implement this as part of
our usenet policy, which disallows posting to usenet from unverified
accounts. If we don't have all the gateways, that's no big deal, because
the real value of the limitation is that we can be in a position to stop
problem mail that originates on Grex, by adding to that list.
Right now we cannot stop such mail, and other sites can get the impression
that we are running amok. Certainly our net-citizenship is called into
question.
Actually, in my memory, we have not had trouble with email sent from grex
to a remailer. The most popular anonymous remailer is in Finland, btw,
so the legality of using it is not so easily established.
We have had people mail to a mail->news gateway, and to mailing lists.
|
chelsea
|
|
response 33 of 104:
|
Oct 1 11:53 UTC 1995 |
So, we haven't had any of the problems that this policy would
address?
|
srw
|
|
response 34 of 104:
|
Oct 1 16:07 UTC 1995 |
Huh? Certainly we have. Everytime grex is abused by using it to send
mailbombs to Usenet, mailing lists, and individuals. We always come
off looking paralyzed by our inability to stop it, since we let
anonymous users create new accounts without verification and then send
mail to anywhere.
Without this policy if someone wanted to be malicious against Grex,
it would be a simple matter to do great damage. Fortunately, so far,
they have only been malicious to others. Grex looks bad in others eyes
when this happens, though.
Remailers are usually used to hide the origin point. If someone sent
mail from grex to remailer, it wouldn't matter at all to us.
I don't know why anyone brought up remailers. This policy has nothing
to do with them.
|
chelsea
|
|
response 35 of 104:
|
Oct 1 18:22 UTC 1995 |
I guess I'm looking for a very specific answer here. Have we experienced
the exact type of problem this policy addresses such that had this policy
been in effect the malicious person wouldn't have been able to do what he
or she did? Would it have prevented anything which happened from
happening?
Just trying to understand the issue better.
|
lilmo
|
|
response 36 of 104:
|
Oct 1 18:35 UTC 1995 |
Re #35: From srw's #32
> We have had people mail to a mail->news gateway, and to mailing lists.
He didn't specify whether there were any problems associated with this, but
there is the fact that the former violates the Internet policy, sort of.
|
chelsea
|
|
response 37 of 104:
|
Oct 1 18:50 UTC 1995 |
Were these users unknown and were they mailing to sites which would have
already been blocked. And were they being malicious?
|
srw
|
|
response 38 of 104:
|
Oct 1 22:20 UTC 1995 |
Unknown users have been malicious, yes. I don't have the details in front
of me, and it is a security matter, anyway. STeve is right that this
doesn't occur often, just several times a year. Every time it happens,
though, our inability to do anything about it is wrong.
THey probably were not writing to sites that would have been blocked
in advance, but we could have blocked the mail if they had chosen to
continue by taking out new accounts every time we nuked their old account.
It never got to that point. Maybe it never will. I wouldn't bet on it.
I can't put a very specific answer in coop, but I would say that the
answer to your question is "yes" that it has happened. To date, nuking
accounts seems to have been sufficient to deal with it, though. I can't see
why it should have though.
|
chelsea
|
|
response 39 of 104:
|
Oct 2 12:56 UTC 1995 |
I'd hate to think Grex is gonna start making heavy-handed rules
to stop problems that may come up. Because once you start
doing that constructing rules starts to feel like some kind of
good nurturing that we do to make Grex healthier. It's seductive.
My feeling is don't do anything until you simply have to do
something and then make the rule fit the problem by being able
to stop the problem.
|
selena
|
|
response 40 of 104:
|
Oct 2 17:37 UTC 1995 |
<Selena backs chelsea>
Even if it does violate the USEnet policy, if it didn't
cause harm, let it be.
|
ajax
|
|
response 41 of 104:
|
Oct 3 01:02 UTC 1995 |
There are two primary, distinct proposals here:
srw: Block unverified users sending mail to mail->news gateways
(#0) as we become aware of them, and other unspecified future sites.
janc: Block unverified users sending mail to individual accounts,
(#12) or to entire systems, if the owners of those accounts or systems
request that as a solution to a problem with Grex users.
(#14) (After trying to reason with the Grex user and complainant).
Regarding srw's proposal, without the info Mary requested on past
problems it would have solved, I can't see pre-blocking sites. Also,
blocking mail->news gateways alone is ineffective; if you don't block
remailers, people can send to remailers that send to mail->news gateways.
As for janc's proposal, it sounds fine. It doesn't pre-judge sites,
and it courteously and effectively addresses complaints people may have
against Grex. If a mail->news gateway or remailer is abused, and the
sysadmin **of that system** doesn't want mail from Grex, we can oblige.
Just direct the complainants on the receiving end of mail/news to the
mail->news gateway or remailer. The people who run those systems aren't
free of net responsibility themselves. I'd leave the solution up to
them: in addition to Grex blocking mail to them, *they* could block
*reception* of mail from Grex, or block spamming, or block mailbombs,
or block remailing to mail->news gateways themselves.
|
chelsea
|
|
response 42 of 104:
|
Oct 3 02:11 UTC 1995 |
There is also a thread here that remailing services that post to Usenet
are somehow malicious by design and simply up to no good. Phooey. They
can be used by malicious people, sure, but mostly they offer a pretty
useful service to well behaved users. I've read news groups where a big
percentage of posts were made through remailing services to protect
anonymity. Interesting active news groups. Maybe not everyone's cup of
tea but that shouldn't matter much to business at our end.
Is there maybe another agenda here having to do with not particularly
liking anonymous mail and posts, whether malicious or not?
|
janc
|
|
response 43 of 104:
|
Oct 3 03:28 UTC 1995 |
A note: Once we have usenet news up, my understanding is that unvalidated
users will be able to read, but not post. I think that would create a much
bigger temptation for unvalidated users to post by using a mail->news gateway
than exists now, when nobody can read news here. The fact that problems with
this have been relatively rare in the past, does not mean they will continue
to be rare once we have a newsfeed.
The problem with making rules is that it creates a need for more rules. We
decided to open USENET to all users, with posting reserved for validated
users. OK. But when you say A, sometimes you have to say B. Once that
rule is really in effect, we are going to have to deal with the fact that the
widely-known existance of mail->news gateways reduces the policy to a joke.
Either we have to abandon that policy, or we have to implement some mailer
restrictions.
|
lilmo
|
|
response 44 of 104:
|
Oct 3 03:53 UTC 1995 |
<lilmo backs janc>
I don't see waiting for the horses to leave the barn before closing the door
to be a wise policy.
|
selena
|
|
response 45 of 104:
|
Oct 3 05:02 UTC 1995 |
Don't wory about it. If people want anonymous USENET,
they do what I do- go to jrod's nether net, and run newuser.
It's that easy, and well known.
|
srw
|
|
response 46 of 104:
|
Oct 3 06:39 UTC 1995 |
Actually I am quite happy with janc's proposal. For precisely the reasons
stated, I think we need something. I think we have needed something in the
past, but have too stubborn to admit it. We don't really need the Usenet
policy to abuse mail. The advantage of waiting until our Usenet policy is
in place, is that we don't need to add a verification policy, because it
already will have to exist.
If there are other systems that are more permissive than us, then all of the
mail/usenet abusers will go there and leave us alone. That is fine with me.
|
mlady
|
|
response 47 of 104:
|
Oct 3 16:44 UTC 1995 |
Well, from what I'm reading, above it looks like they already are
more permissive, and you still have problems, right? I mean, that's why you
want to ban things, riight?
|
janc
|
|
response 48 of 104:
|
Oct 4 03:11 UTC 1995 |
More or less. It's not our job to solve the net's problems. What we want
to do is build the freest possible sustainable system. We want to give as
many users as many rights with as little cost / validation as possible, but
at the same time, we want to be financially sound and we want don't want to
be a continual source of trouble to the whole internet. We could take the
attitude "access should be free to the people, and if anyone on the net
doesn't like it, then screw them." But that's not our game. We want to prove
that things can be made to work in a very free manner, and the sky will not
fall. We want Grex to look like a raving anarchy to the users, and a good
solid citizen to the net. So we are trying to invent the gentilest possible
tools to check the very rare trouble-makers, while placing the fewest possible
constraints on the users.
We have long believed that Grex should primarily be a destination on the net,
not a gateway to the net. We welcome anyone onto our system, and we don't
care if they tell us their real names, or if they pay us any money. As a
gateway to the net, we are still feeling our way out. Currently we allow
net access only to paying, identifiable users, except that we let everyone
use mail and a few boring utilities. We'd like to drop the requirement to
pay for many types of net access, but keep the validation requirements. But
the more liberal you get, the more you invite abuse. It's a fine line. We
disagree a lot about exactly how to walk it. But that's the adventure.
|
lilmo
|
|
response 49 of 104:
|
Oct 4 05:18 UTC 1995 |
And that's part of what we are discussing here. Thank you, janc, I think that
was a very good summary.
|