[Mailman-Developers] Opening up a few can o' worms here...
Jay R. Ashworth
jra@baylink.com
Wed, 17 Jul 2002 00:49:43 -0400
On Tue, Jul 16, 2002 at 08:11:43PM -0700, Chuq Von Rospach wrote:
> On 7/16/02 5:57 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> >> But without rules, you can't teach the recipient what's right (with a cattle
> >> prod, if necessary), and without rules, the lynch mob has no binding
> >> authority.
> >
> > Where, by "rules", here, we mean "rules about what is acceptable mail"?
>
> Well, we're talking past each other a little bit, but at the same time, not.
I'm so glad you've cleared that up, Chuq. ;-)
> Because I think there's still a responsibility on the list admin, because
> when someone signs up for a list, they're delegating some responsibility
> over who can access their mailbox to the owner of the list, and the
> agreement between the two are the rules set up about acceptable content. So
> you can't duck some responsibility here.
You can document your policies, and the person who wants to sign up can
decide whether they can deal.
> Oh, by the way, there's few ways guaranteed to PISS ME OFF more than someone
> who signs up for a mailing list, and then starts bouncing selected pieces of
> the mail because of filtering systems. Which usually happens because their
> admin installs stupid filters... (I don't care if you throw them away, but I
> hate showing up in the morning to 50 bounce messages because of some flakey
> content filter...)
That's why I never *bounce*. I either drop, or file.
> Right now, for instance, one of the lists at apple is having a discussion
> about coding problems. And the user starting it served up a code fragment
> that included:
>
> int xxx = 0
> [...]
>
> You can imagine the chaos that ensues among the STUPID IS FILTER IDIOTS who
> do overly simplistic filtering and assume it actually does something useful.
:-)
> But I'm not bitter.
Naw. Not at all.
> (and I'll be curious to see just how many bounces that I or barry see from
> THAT simple notation.....)
Yeah, RISKS gets this all the time.
> > That sentence seems to assume that the majority of the people *falling
> > in* the tarpits are people doing it by accident. I don't think that
> > and I don't think *you* think that.
>
> Yes, I do. Since I (for the most part, most of the time) have the felons
> locked out of the system pretty well, most of the people who cause problems
> on my systems aren't trying to f--k with the system, they're people who are
> oblivious, confused, or misguided. Even the spammer over the weekend meant
> no harm, which doesn't mean harm wasn't caused. It was a classiv case of "my
> cause is so important it justifies doing this" -- which, he found out the
> hard way, a few hundred people disagreed with him over.
Yeah. I keep forgetting that not everyone has spent 17 years on
Usenet.
But that brings us almost immediately around to "why use email to do a
Usenet's job"... which *LOTS* of mailing lists are doing, frankly.
In these days where the majority of newsreaders *do* understand
multiple servers, that may no longer be warranted.
> > By which I meant, "sigs of people in your address book." No, this
> > doesn't solve the "stupid user" problem... but you don't *solve* that
> > with technology.
> >
> > You solve it with a LART.
>
> Sometimes, the best solution is a public flogging, to teach everyone else to
> be more careful next time. But if you overdo it, people tune you out, too.
You've jumped ship before. So have I.
They'll learn, eventually.
> > Stipulated, but they're 80-90% of the market. I think even skewing for
> > "non-Windoze users send more mail, you would still be about 70%,
> > intuitively.
>
> We're working on that (a quiet voice whispers: "but a f---ing mac already!
> It has unix inside for all you geeks, too!")
<roar>
> > Chasing people who directly harvest your listmanagement machine in
> > person seems quite another.
> >
> > *That* you can't do on a case by case basis? Are you getting harvested
> > every 5 minutes?
>
> You want to find out? Create a honeypot. Put some email addresses on it.
> Attach it to your home page. See how quickly you start getting e-mail to
> those addresses.
>
> You'll usually find the answer is "days". Once in a while, it's "hours".
My sister runs a page that's always in the top 3 on Google in her
keyword, on a user-named account on Mind-link. Been there over 6 years
now. She's had a pseudo-bogus address in her POP3 domain buried in a
mailto: on there for over a year.
*One* piece of spam.
She's not exactly a low profile target.
You, OTOH, are. How well "hidden" were your honeypot machines?
"plaidworks.com" is likely not a low-profile domain, neither.
You put your honeypots in *Jellystone*, you get more bears...
> > No, I mean in other cases. You're using webharvesting, it seems, as
> > your major motivation here; it doesn't seem to me -- please don't take
> > this wrong -- that there's evidence that it's really a big enough
> > problem to solve (for people who don't send 40M pieces of email an
> > hour).
>
> I don't think you're looking close enough. Run a few honeypot tests and see
> how often people sneak a peek at YOUR system. On mine, it's a few days.
Yaeh, but see above.
Barry? You've been cowering in the corner there, letting us imitate
Spenser and Hawk working up to it; comments? :-)
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?"
-- Captain Sensible, The Damned (from South Pacific's "Happy Talk")