|
Grex > Coop7 > #101: Proposal to limit mail to prevent abuse. | |
|
| Author |
Message |
| 25 new of 104 responses total. |
janc
|
|
response 75 of 104:
| 
Oct 12 22:17 UTC 1995 |
I think there is, and I think I've been describing it. Sure there are
systems that don't go along, but not many and they tend to cave into outside
pressure (see nyx).
|
selena
|
|
response 76 of 104:
|
Oct 13 02:58 UTC 1995 |
Jan, I've seen a few old stodgy nets running like you describe..
|
mlady
|
|
response 77 of 104:
|
Oct 13 19:25 UTC 1995 |
Well, there are some rules that seem kind of consistant, but
not on what you guys are squabbling about.
|
lilmo
|
|
response 78 of 104:
|
Oct 15 18:26 UTC 1995 |
Debra-- most systems don't have any need for such a policy b/c EVERYONE who
has an account there is verified. .com accounts tend to be employees or
paying customers. .gov and .mil are, of course, all employees. .edu accts
are students or employees. Only .org and .net sites have any significant
fraction of unverified user accounts, and fewer and fewer of them have any.
This "new" policy is just bringing our users into a more accountable
atmosphere in cyberspace (no pun intended).
We will STILL be, by far, among the most open systems of our size. Grex's
reputation is an asset, and I believe that this action is necessary to
maintain the value of that asset.
|
selena
|
|
response 79 of 104:
|
Oct 15 22:51 UTC 1995 |
Our reputation isn't an asset as it stands, and for it to become
one, I don't want to see the changes it would have to undergo!
|
lilmo
|
|
response 80 of 104:
|
Oct 20 02:13 UTC 1995 |
I would think that we are seen as a fairly open system, whose users don't
cause too many problems... yet. I would rather that that not change, except
maybe losing the "yet".
|
selena
|
|
response 81 of 104:
|
Oct 22 09:49 UTC 1995 |
Nice, but that's not what steve and co. keep telling me our
net-reputation is.
|
lilmo
|
|
response 82 of 104:
|
Oct 25 04:25 UTC 1995 |
Well, is someone who is out on the net going to tell me that I am right or
wrong about our net-reputation?????
|
srw
|
|
response 83 of 104:
|
Oct 25 06:43 UTC 1995 |
My personal opinion is that our reputation is good among those sites that
have worked with staff to track down illegal net usage. I have had
users from other sites attack our non-verified mail policy after getting
bombed/spammed, and STeve reported some folks at an internet monitoring
agency who were very surprised that our policy is so open. They were
concerned about these risks, I suspect.
So I think our reputation is quite mixed out there.
I think the momentum to do this has been lost, because of technical problems
in determining the true origin of the mail. without a technical solution
to that problem, the question of limiting mail is academic.
|
lilmo
|
|
response 84 of 104:
|
Oct 25 19:18 UTC 1995 |
Huh? I'm not sure I understand your last paragraph there; has someone raised
technical objections that I am not aware of??
|
sidhe
|
|
response 85 of 104:
|
Oct 26 19:13 UTC 1995 |
It would certainly appear thus. _Ahem_! Translator, please..
|
srw
|
|
response 86 of 104:
|
Oct 27 06:25 UTC 1995 |
At the last staff meeting we discussed implementation of this limitation.
Marcus, our sendmail expert, indicated that he did not know a way to reliably
implement the block in sendmail due to the difficulty of determining the
identity of the account that sent it (if I understood correctly).
It's just too easy to spoof.
He proposes blocking everyone's mail to a site that is having a problem.
I would not support such an action unless there were an emergency.
My interest in this issue is flagging.
|
sidhe
|
|
response 87 of 104:
|
Nov 2 15:44 UTC 1995 |
Ah. I see. I'm with you on that one: unless emergent, the problem
shouldn't be handled so dramatically.
|
lilmo
|
|
response 88 of 104:
|
Nov 3 02:24 UTC 1995 |
On systems where the mail server does no user verification, I can understand
that that might be a problem, but is it really all that easy to spoof the mail
prog into thinking that you are a member? And if so, isn't that ALSO a
problem in the offing?
|
mdw
|
|
response 89 of 104:
|
Nov 4 07:09 UTC 1995 |
There are a large number of different ways where this becomes a pain.
For instance. Suppose 6 nasty people decide they really want to be able
to send mail to some certain site that we've restricted - perhaps it's a
news gateway, perhaps it's a private mailbox. Grex membership for one
month isn't really all that expensive. All they need do is find some
innocent person to be the fall guy, send us $ in that person's name, and
use the acct they've created in that guy's name. Actually, they don't
even have to log in on that account to do stuff - they could setup
"procmail" to act as a proxy on their behalf, and then just mail the
"fall guy" whenever they wanted.
I can think of any number of variations on this basic idea, and most of
them would be a royal pain to sort out. I've seen plenty of evidence
that the sorts of people who we'd want to block, are precisely the sort
of people who are both capable of, and would enjoy being a pain in this
manner. In the cases that have arisen, where we might be tempted to do
this, I've never seen any evidence of legitimate traffic passing
through, either before or after, that would be affected by such a block.
So, the pain is great, and the gain is small from building in any such
specialized logic in sendmail. It's simplier to push the line out a bit
and say "everyone", instead of "everyone but members", accomplishes the
same good, and doesn't put us at the same risk.
|
ajax
|
|
response 90 of 104:
|
Nov 4 20:23 UTC 1995 |
I gotta say, I'd take an extremely dim view of a policy that controlled
who I could send e-mail to on a permanent basis.
Marcus, in the scenario you describe, once the abuse occurs, and the
recipient complains, the member's account could be dropped. I think that's
all the recipient would expect. If they want all mail from Grex blocked,
they should block it themselves. As long as we have verified accounts (even
though they could be forged), we could drop those accounts the same way ISPs
and other closed systems are able to.
Perhaps I don't understand the problem, but your description sounds less
like a technical limitation, and more like disbelief that the policy would
be effective. (Which is perfectly valid - but did I understand that right?)
|
mdw
|
|
response 91 of 104:
|
Nov 5 09:26 UTC 1995 |
The technical & administrative aspects interact to form a system; it's
silly to evaluate one without the other. However, even from a technical
standpoint, it's still not trivial. The mailer software does have a
"notion" of the "control-address"; nominally the sender, but it wasn't
intended for the use you want to make of it. Mail originated by on-site
users is fairly easy to classify - but what about mail originated
off-site? What about .forwards & aliases? And then there are even more
difficult cases, such as mailer daemon messages and the like. These are
all areas which have already received considerable attention from the
"cracker" community; so there is considerable knowledge out there about
how to trick mail software to do all sorts of perverse things. It's
easy to design a mechanism that will block all such mail. It's much
hard to build in a loop-hole, and then to make the promise the loop-hole
won't be misused.
What I'm looking for here is an easy answer for somebody who does, in
fact, want us to "block all mail from grex", but lacks the technical
expertise or know-how to do it themselves. I'm not at all in favour of
a system that I think would in fact expose us to greater risk, both to
the system as a whole, and also to individual legitimate members.
|
lilmo
|
|
response 92 of 104:
|
Nov 5 19:54 UTC 1995 |
OK, I think I understood most of that, so far, at least in the first
paragraph. However, I fail to see how this creates greater risk for Grex.
I didn't see you bring up anything that CREATES risk, just objections that
this will not REDUCE risks as much as we had hoped.
|
ajax
|
|
response 93 of 104:
|
Nov 5 21:44 UTC 1995 |
Marcus, I agree, both admin and tech issues are important; I wasn't
clear which your previous response addressed. #91 clarifies the tech
problems, thanks. What do you mean about mail originated by off-site
users? Aside from .forward files and aliases, can an off-site user
somehow send outbound mail from Grex?
|
mdw
|
|
response 94 of 104:
|
Nov 6 08:59 UTC 1995 |
Certainly - although it would be unusual here. Many packages such as
"mh" lend themselves quite nicely to such use, and at many sites, most
mail is sent in just such a way.
So far as risk - one of the risks is an increased chance somebody would
try to steal a legitimate account. As matters stand, there is actually
little incentive - there are any number of better ways to get internet
access, esp. as most of our users are coming in off the internet in the
first place. The most attractive reason to steal accounts here, in
fact, is not for anything here, but to steal accounts in turn elsewhere
(that's one reason why it's a good idea to use different passwords in
different places.) Another risk is that of legal liability - one of the
reasons we might want to block mail is because somebody has threatened
us with a law suit if any more "obscene" (or otherwise undesirable mail)
appears; I'm not one for living my life in fear of suits, but in these
cases, we're already frequently threatened with the law. I see little
reason not to comply with the express wishes of the complainant in as
complete a fashion as possible.
|
lilmo
|
|
response 95 of 104:
|
Nov 8 06:06 UTC 1995 |
There are stilla ny number of betyter ways to get mail sent; why does this
increase the reward for stealing a Grex account to any significant extent?
|
mdw
|
|
response 96 of 104:
|
Nov 8 06:07 UTC 1995 |
Because of the "asshole" factor.
|
lilmo
|
|
response 97 of 104:
|
Nov 8 21:38 UTC 1995 |
Well, there is that, I suppose, but do we not invite that now, by our open
newuser poicy? I just don't see that all that much difference is made, but
if staff agrees with you, I'll bow to your collective judgement.
|
wisdom
|
|
response 98 of 104:
|
Nov 18 01:04 UTC 1995 |
You know, with or without restrictions, open mail will get you
trouble. I mean, it's just a sad fact of life, and I'm willing to
live with it, 'cause what you guys have going is cool, in general.
|
tsty
|
|
response 99 of 104:
|
Nov 20 08:53 UTC 1995 |
perhaps a blanket "solution" is antiethical to a sporadic problem?
just a question.
|