[Mailman-Developers] Opening up a few can o' worms here...
Jay R. Ashworth
jra@baylink.com
Tue, 16 Jul 2002 20:57:40 -0400
On Tue, Jul 16, 2002 at 05:21:17PM -0700, Chuq Von Rospach wrote:
> On 7/16/02 3:55 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> > I'm voting in favor of the lynch mobs you mention later.
>
> > And this is a *perfect* case that supports what has been my assertion
> > all along -- you non-Libertarians out there, cover your ears and sing
> > -- *it's the recipient's problem*. This case is exactly the
> > illustration I want: I couldn't have written one better from scratch.
>
> But without rules, you can't teach the recipient what's right (with a cattle
> prod, if necessary), and without rules, the lynch mob has no binding
> authority.
Where, by "rules", here, we mean "rules about what it acceptable mail"?
Why, that's up to the recipients.
To quote Jubal Harshaw: "Who's name is on that envelope, Nurse? ... Oh:
not yours."
> > It's obvious that the answer is: setting up rules *would* *not* *have*
> > *helped* *here*.
>
> Nope. But those rules are what allows you to go and make an example of the
> poor schmuck, in hopes that it'll keep the next person from making the same
> mistake. Wtihout the rules, there is no map you can use to teach people how
> to stay out of the tiger pits.
That sentence seems to assume that the majority of the people *falling
in* the tarpits are people doing it by accident. I don' think that
and I don't think *you* think that.
When mail is outlawed, only outlaws will send mail.
> > So what are you going to do?
> >
> > Outlaw Outlook?
>
> Don't blame outlook here. Lots of mail clients do this 'temporary caching'.
Stipulated, and NS6 does it too, though I think that Moz may not.
It *is* configurable, at least, in Netscape. I've never had to turn it
off, cause none of my clients are that dumb. But Outhouse *did*
originate the idea, so far as I'm aware.
> > The answer is that there is no answer.
>
> The answer is there IS an answer. Just not a complete or fully satisfying
> one.
>
> The answer is multi-faceted:
>
> 1) rules that explicitly and unambiguously call out what is and isn't
> acceptable.
>
> 2) education systems to help users understand the situation and learn how to
> deal with it appropriately.
>
> 3) information that explains (and legally limits your liability for) the
> limits of what you can and can't do given all this technnology, so
> subscribers understand what you're doing and what you can't do anything
> about but (1) and (2) above.
>
> 4) a cattle prod for when all of the above fails.
>
> 5) patience of a saint, reaction times of a ranger.
You forgot to capitalize that. :-)
> > Automatically verifying PGP sigs as a whitelisting technique is merely
> > one approach that springs to mind. There are many more.
>
> Sorry, doesn't really solve the problem. I posted a url to a note I wrote on
> this to barry a few minutes ago.
By which I meant, "sigs of people in your address book." No, this
doesn't solve the "stupid user" problem... but you don't *solve* that
with technology.
You solve it with a LART.
> > Yeah, but the Outhouse and OE teams aren't ever going there, and
> > they're your problem.
>
> Hint: this wasn't a windows box, and it wasn't a microsoft product. IT AIN'T
> MICROSOFT. Lots of clients do this now.
Stipulated, but they're 80-90% of the market. I think even skewing for
"non-Windoze users send more mail, you would still be about 70%,
intuitively.
> > At some point, if you're going to *have* a mailbox, you *have* to take
> > responsibility for it.
>
> Yes, but if you're going to distribute email, that doesn't remove your
> obligation to do what you can to protect the user from abuses in that
> distribution. BOTH sites and obligations and responsibilities.
Chasing spammers is one thing.
Chasing people who directly harvest your listmanagement machine in
person seems quite another.
*That* you can't do on a case by case basis? Are you getting harvested
every 5 minutes?
> > Do you have documentary evidence, Chuq, that web harversters are the
> > *only* way that *a majority* of the spam-complainers addresses could
> > have gotten on those lists? Have you created test-accounts? Not 1 or
> > 2; a couple dozen, in different places?
>
> The person who did this has come clean to me. I know exactly what he did.
> It's about the only reason I've let him live. He hasn't always been, well,
> sending me christmas cards, but he's been fully cooperative.
No, I mean in other cases. You're using webharvesting, it seems, as
your major motivation here; it doesn't seem to me -- please don't take
this wrong -- that there's evidence that it's really a big enough
problem to solve (for people who don't send 40M pieces of email an
hour).
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?"
-- Captain Sensible, The Damned (from South Pacific's "Happy Talk")