Do you use your real name and email ID on the Internet?

105 responses total.

I currently use a pseduonym online on the Internet.
In my browser I have specified that ID/Name as it cuts down
on 'spam' as sites I visit occasionally 'scarf' that information
to sell to spammers. (When will backtalk support unicode?)
This tends to direct all viagra/natural-viagra and debt-consolidation
email to an account that doesn't fill up my work email.

(Is it just me or do spammers think that folk are financial
deadbeats that can't get it up?)

No, its not porn sites (I prefer TV video quality/frame rate
thankyou) but seemingly 'safe' sites such as local town
newspapers that 'scarf'.  We had a discussion about this at
work and all the 'bit-heads' said they used 'pseudos' on the
Internet but claimed that most people they know actually use
real names online.  What do you do in general (not just
on Grex)?

Spammers are going after stupid people.  Apparently, stupid people get
into financial trouble more easily, and are willing to pay sleazoids for
sexual stimulation.  Can you argue with the spammer's logic?

I use my real name on the internet, but my browser doesn't normally
advertise this.  I think the viagra/debt-consolidation spam addressed to
me comes as a result of my being listed in umich.edu's ldap directory
and having participated in several mailing lists that are probably
publically archived somewhere.  There's not much I can do about ldap;
the people who run it got interested in fixing spam too late.

Desperation breeds this stuff.  Impotency and high debt are both pretty
personal and frustrating problems.  The problem isn't getting people
interested in what you offer it's simply finding the hidden clients. 
Hence spam. 

SInce I subscribed to my online debt consolidation service, I now pay $300
less per month to my creditors. Of course, I have that obligatory $350
"donation" to the debt consolidtation service every month, but no plan is
perfect. =}

I use my real name online. I have a delete button for spam.

I noticed a big increase in spam right after I registered a domain name. 
Unfortunately this is a situation where you pretty much have to use a real
name and email address, and spammers know this and troll the WHOIS database
on a regular basis.  There was some talk of closing it to the general public
a while back but it didn't go anywhere.

I use my real name. I just delete the spam and it is no big deal. I 
have been thinking about maybe using two different email addresses so I 
can have my personal email go to a different box than my spam email and 
all the email from the mailing lists I subscribe to but even that seems 
more bother than just deleting the mass emails. 

I use my real name, and always have.  I don't get that much spam.  It 
doesn't bother me much.

The worst account I have for spam is my ameritech.net one.  Most 
accounts I've had took a while to start getting spam after they were 
created, but that one had spam messages in it the first time I 
connected.  I suspect Ameritech sells their user list.

I use my real name on Yahoo since that's where I receive work-related email.
I use pseudos in some Grex cfs and only my first name in my AOL profile.

I generally use my real name and email address.

Earthlink (aka onemain) account received spam on the day that I changed me
email address to avoid spam from the old account.  I think the larger ISPs
are targeted at random - they find some login and try it with all the likely
@'s.  I have received keesan@XXXXX (about 20 wrong guesses and they missed
my brother at a little-known provider with unix mail).  usol is spam free so
far, for months now.

Marcus, I disagree:  the Directory folks have been worried about mass-mailing
since Day One.  Most of the spam I get goes to addresses that have been used
for Usenet News.

Well, I know you are one of the directory services folks, Joe, and I'm
sure you folks do worry some about spam and other sorts of mass mail,
but from a close but external standpoint, I can say you guys worry more
about basic functionality and ferpa than you do about spam.  I also knew
the "day 1" directory services folks, as you did, whom have since run
away to netscape.  I agree, those folks were perhaps even more worried
about various forms of mass mail than people today.  I also know that
your directory services boss, who was not then in charge of what was
then called X.500, but was in charge of the campus-wide redirection
machines (both then and now), had no effective anti-spam defenses "day
one", and that the current anti-spam rules on those machines are very
limited compared to, say, grex.

UM's relatively lax efforts are is not necessarily unreasonable; I'm
sure grex's relatively draconian rules would draw quite a bit of ire if
they were deployed globally at UM.  Even grex's rules pale in some ways
compared to, say Ford.com, where apparently they like to do things like
block *all* incoming e-mail with attachments.  At UM, I think 90%+ of
the e-mail complaints are about spam.  On grex, I'd say we average about
50% complaints about spam (yes, other, I know) and blocking legitimate
mail.  At ford, I think it may be 90% "lost mail".  Different
organizations, different priorities.  And yes, I need to sharpen
sendmail's fangs.

How does grex attempt to block spam?

At the place I work for, we block all mail with executable attachments.  (A
very long list that includes BAT, EXE, SCR, CMD, COM, VBS, and many other
beasties.) We also have a few anti-spam rules, such as blocking mail with
hotmail.com return addresses that lacks Hotmail's unique header lines.  And
we have a few blocking rules that target specific email virii.  If we
blocked all attachments business would come to a halt, though.

UM could never get away with the kind of rules Grex uses.  It's a fact of life
at an educational institution.

Moi?  Marcus, I don't mean to pester you, honest.  :)  
I really do appreciate the work you do.  Every single one of the dozens 
of emails I have sent to uce@cyberspace.org over the last several weeks 
has been completely unique, despite the identical subject and attached 
file headers, I assure you.  ;)

I sometimes get mail that I want with .exe or .zip files attached.

OK, I can agree that spam filtering is not a (high) priority.  I was mostly
objecting to your statement that being listed in the Directory was cause for
spam.

The Online Directory is a good source for *internal* spam, but it doesn't
seem to attract much *external* spam.  (Exception: groups that get included
in an 'everyone in the world' address list tend to come to the attention of
folks outside the U, and then all bets are off.)

I regularly see spam sent to several X.500 groups I'm a member of,
including ones that are not widely advertised.  I'm pretty sure there
have been spammers that have harvested "X.500" groups from UM, either
via ldap, or via the web.  If you are really curious, I can find and
print examples of such spam.

Grex blocks spam based on a bunch of rules that look for various things.
Some of the simpler rules look for irregularities in RFC 821 protocol
handling (how the mail is shipped).  Another rule looks for sites that
we "block", which are listed in /var/adm/badsys .  This is great for
known spammer sites, but does no good for most spammers who find and use
new relays each time.  Most rules read through the mail and look for
various patterns specific to various spammers or spam software.  Most of
these rules only look for irregularities in RFC 822 header lines.  A few
rules actually read through the body of the message to look for specific
things.  Nearly all of these rules result in bounce messages with bible
quotes in them.  That is because we'd rather not teach the spammers how
to get around our anti-spam rules, but we hope the messages will be
memorable enough that legitimate users will tell us.  (Even so, an
amazing number of users tell us "it didn't get through" and expect us to
use ESP to figure out the details.) Also, because of spammers, I don't
want to get too specific about details.

I suppose the content filtering needs explanation, and this is probably
safe to describe now, so: the most complicated content filtering we do
is to look for the S.1618 paragraph that used to show up in a lot of
spam.  This was never official US law, but spammers wanted you to think
it was, so at one point this showed up in about 50% of spam.  I got
annoyed with this, so I eventually sat down with about 20 variations on
the paragraph and wrote something that would match variations on them,
without rejecting other real mail.  The variations did make it harder to
write the code (I'm sure that was intentional), but it was *so*
satisfying to watch it in action afterwards.  I still very occasionally
see this, but generally only in spam that's been chewed up enough by
html or mime to not match.  It's not very common today anyways, so I'm
sure the spammers have mostly caught on.

Would anyone on grex object to filtering out email with Viagra in the subject
line?  Or the names of Nigerian politicians anywhere in the text?

Yes, I object to that.

Me too.

Learn to use procmail, instead of censoring the rest of us.

I was not censoring the rest of you, I was asking a question.  Would you stop
jumping on me?  Would you like it if I attacked everything you posted?  Does
it make you feel important to call other people stupid?

You tell me.

I'd like to send email to some friend on Grex quoting that S.1618
paragraph so they'll know what to look out for, but I guess I
can't.

*I'd* like to talk about Nigerian political leaders, so I'm glad I still can.

This response has been erased.

Whatever.  Suggestions that everyone's mail should be censored -- and if that
wasn't a suggestion, it sure looked like one to me -- really set me off.  I
tend to respond poorly to them, because it's the kind of thing people should
get to make decisions about for themselves.

Maybe the staff should come up with a template .procmailrc that filters the
more common varieties of spam and includes comments explaining how to add
stuff like what Sindi wants filtered, so people who want the filtering can
have it and the rest of us can talk Nigerian politics in safety.  (Or the
S.1618 thing.)  However, this takes staff effort, because I don't know
procmail well enough to write the thing casually.

  I think you're overreacting Joe.  I don't think it's a particularly good
  idea to go wild with content-based rejection of incoming mail on Grex
  but some filtering already takes place and I don't see you accusing the
  staff of censorship because e-mail above a certain size or with certain
  extensions (?) is blocked.

  Presumably that's because you recognize that there's a legitimate balance
  between system resources, user convenience, and quality of e-mail service
  that can be offered.  Sindi's proposing a different compromise position
  than the one you support but unless you want to stand on absolute principle
  and claim that it's wrong to reject any mail whatever, I don't see a sharp
  line between her position and the status quo that you apparently accept.

yeah, I'm interested, Marcus.  I got one today that I'm going to look into
a bit more.  

Re #30:  Actually, I didn't know about Grex's filtering before this item.
         Since Marcus doesn't want to disclose the filtering rules, I can't
         really say whether I agree with what he's doing or not.  

         Now that you've brought it up, though, I'd like to know *exactly*
         what text content Grex filters.  I'm willing to accept filtering
         of large messages, or even certain types of attachments, but
         nailing stuff based on the *words* in a message bothers me, 
         because I think I should have a right to make decisions about    
         that myself.  (Among other things, I collect net urban legends,
         and I've actually saved one or two of the Nigerian "Spanish
         Prisoner" variants.)  I don't expect that he'll divulge the
         rules, which is understandable but makes it even more important
         to do as little blocking as possible.

         There is, though, a difference between blocking the specific,
         lengthy text of a known spam (which is what it sounds like mdw
         is trying to do) and blocking all messages that include a word
         or two that often shows up in spam but could also appear in
         legitimate email.  The first one  is acceptable if there's a 
         need for it to keep service running; the second is an
         infringement on everyone for the sake of a few people who won't
         learn to either just delete the messages or use procmail to
         protect themselves.  I think that's also a reasonably easy
         line to draw -- is it likely that the blocking rule will kill
         legitimate mails as well?  If so, don't do it.

I sure don't want to block *all* mail that has Viagra in the subject
line, or mentions the names of dead nigerian politicians in the text.  I
think that's definitely going way too far.  My goal (not always met) was
to stop as much spam as possible while stopping as little legitimate
mail as possible.  If I have to compromise, I'd rather let spam through
than stop legitimate mail, but I am willing to stop some legitimate mail
if it also stops a lot of spam.  I'm kinda happy with the 50/50
complaint ratio; it looks sort of like a reasonable solution to a
min-max problem.

I have a theory that if we stop "enough" spam, spammers will find
cyberspace.org mail addresses unattractive and will stop attempting to
send us other spam.  I don't know how much truth there really is in
that, but I did notice that occasional spam started to show for mailing
lists that claimed to have those pesky ".org" addresses cleaned out
because of all the anti-spammers on such systems.  I wish I could take
credit for that, but I don't think we're that big a % of the internet
e-mail traffic.

I've love to stop the nigerian spam too, but so far, I haven't figured
out a good way to do it.

The s1618 logic doesn't match any one paragraph, but it matches 3 word
combinations that showed up in a bunch of them, and it has further
checks for frequency and I think ordering.  A clever person *might* be
able to write a legitimate paragraph that generates a false hit, but I
think it would be both hard and take deliberate effort -- and is not
something that would be at all likely to happen by accident.  A more
likely case is someone sees actual s1618 spam and forwards it for
whatever reason.  I'm not convinced we should encourage this.

In case people have forgotten the s1618 paragraph, here's a sample:
. This message is sent in compliance of the new e-mail
. bill: SECTION 301. Per Section 301, Paragraph
. (a)(2)(C) of S. 1618.  Further transmissions to you by
. the sender of this email may be stopped at no cost to
. you by sending a reply to this email with the word
. "remove" in the subject line.
Like I said, this paragraph can vary, other samples include fragments
like "105th US congress", "cannot be considered spam as long as", "This
is a one time e-mail transmission", "Contact information & a remove
link", etc.  Variations also include how the paragraph was wrapped,
capitalization, the actual removal method, etc.  I presume either there
was some book that told people to put this paragraph in, and/or some
software package that automatically scrambled it a bit on each message
sent, to foil simple regular expression filters.

I copy&pasted the S1618 paragraph from Marcus' response and tried
emailing it in the body of a message to my cyberspace.org address.
Grex indeed bounced it.

In all honesty, I must say I'm not comfortable with that.

As you will all notice if you read my words instead of interpreting them, I
was not 'proposing' or 'suggesting' any anti-spam measures, simply asking a
question about how people would react to Marcus filtering certain words, in
an attempt to start a discussion of how filtering should work and what is or
is not acceptable to the majority of users.  Of course each user wants to
filter different things.  In my case, I have never had email exchanges about
Nigeria or Viagra and would be happy not to receive mails containing those
words, but I DO receive .exe and .zip files and would be unhappy if those were
blocked.  Perhaps there are other things that everyone wants blocked.

Re #34:  I'm not either, and I don't think one person should be making
         decisions like that for all of Grex.  Hell, that logic would block
         responses from abuse handlers at some ISPs, because they include
         the original message.  Plus, for all I know, Marcus wrote the
         logic so that it blocks Section 301 of any Senate bill, or any
         language at (a)(2)(C) of any statute, because he didn't think
         about that.  I can't tell, because the blocking logic isn't open.
         Good intentions, but bad idea.

Re #35:  It sure looked like you were proposing it, but I apologize for 
         not reading it literally.  That's probably safest with your posts.

Please try to read my posts literally.  Thanks for the apology.  Some people
really do try to say what they mean.

People who speak figuratively may also be saying what they mean, because
figurative speech is an accepted part of human communication.  Your
communication style is more literal than that of anyone else I've ever met,
and I need to keep that in mind, but it doesn't make you more honest, or more
interested in saying what you mean, than other people.  It just makes you more
literal-minded, and more prone to having people read content into your posts
that isn't there -- because with almost anyone else, it would be.

Ack.  I probably just did it again.

#36 gets a score of "5" by the s1618 logic.  #33 gets a score of 234,
mainly because of the extra non-dotted text I added to the "same"
paragraph.  Adding 2 blank lines to separate the dotted text makes it
look like a separate pargraph so increases the score to 488.  The
minimum score is 400, below which it's not bounced.  I stand by my claim
that a hit is very unlikely to happen by accident.  Yup, the logic will
bounce spam reports, but it will also bounce spam that people try to
send from grex.

I once thought it was very important to deliver all mail possible.  Then
I got more and more spam.  Now I think in terms of "maximizing"
information content, and "minimizing" complaints.  There are certainly
plenty of other mail providers out there, so I don't think grex has to
be all things to all people.  The current spam filters on grex are
certainly a pain to maintain and update.  I'll probably be doing so no
matter what for myself and a few other volunteers here at work, but I
have no objection if grex chooses to become more spam friendly.  It
would certainly make it easier to update the mail software, or bring
someone else up to speed on doing so.  I don't think either John or Joe
are the right people to decide that though - both read mail elsewhere.
I read mail elsewhere as well, but my mail does go through the same
rules as grex (essentially, I get to be the guinea-pig.)

So how do other people here who do read mail on grex think about spam or
their relative chances of discussing certain activities of the 105th
congress in e-mail?  Would they like to see much dumber spam filtering?
Anyone crazy enough to try to convince staff they can do a better job of
sharpening the fangs in sendmail?

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss