[Tutor] ethics in programming
kirk Bailey
idiot1@netzero.net
Fri, 11 Jan 2002 11:29:59 -0500
Working on TinyList, I realized that for security reasons I am using
TL's ability to talk to the smtp engine to send out the email, one
envlope per recipient. Good, avoids security issues with many
recipients per envlope. But this does slow down transmisson a little,
mabe more than a little when we are talking LARGE lists.
A way used in majordomo to send lists is to feed ONE copy of the
letter to a special alias and take advantage of the :include: command
to invoke the subscriber file. such a list alias looks like:
listname-outgoing::include:/path/subscriberfilename # no spaces in the
definition PLEASE!
And the Mail Transmission Agent(hereafter MTA, usually sendmail) reads
that file and sends a copy of the letter to each person on it. THERE
IS NO OTHER SERVICE. *ANY* letter landing on that email alais goes
out. Very spam friendly alas. And this is a Very Bad Thing.
Of course, the idea is the name of alias is a secret, and is fed by a
program, in this case majordomo. The manual uses listname-outgoing as
an example, but you are supposed to pick some random name so as to
safeguard the list. THAT alias may be made public, as it feeds into
some kind of security program.
listname:"|/www/cgi-bin/guardian listname" # doublequotes required if
there is a space in the definition!
Such a list lends itself to quick and efficent service of a LARGE
subscriber base, like for instance the managers of every local depo in
the coca-cola universe, all the gas stationmanagers of Chevron, etc.
It needs a guardian of some sort to protect against spam. Although a
headache, majordomo does this. For a simpler service, I wrote a
program called Guardian. For LARGE lists, it receives *1* email, and
feeds it out through the MTA to the entire list of subscribers. This
can be stand alone, or work with TinyList for large list servicing;
simply have only one subscriber in TL, the outbound list guardian, and
let it hand the compiled message over to sendmail for massive
transmission. BTW, the subscriber file for guardian can be the OK2POST
file for TinyList, so only on person can post (only members can post)
and only one copy goes out (the subscriber file contaions only one
email, that of the outbound alias) but EVERYONE is in the ok2port file
fot eh list if you like. don't have to, but I realized you can if you
like. DO NOT put 50,000 names in the TL subscriber file or it will
send it out itself,and talke quite a while to do so.
Guardian extends the abilities of TL to handle LARGE lists conviently;
hundreds of thousands of recipeints are practical and handled with
dispatch (pardon the pun). This also makes it practical and convient
for people to use TL to send out massive spam.
THIS is why I am suspending release of Guardian; I HATE spam.
Now I want to empower LEGITIMATE use, but hamper ILLIGITIMATE use of
TL. Therefore, I encourage discussion of spam, how to hamper it, and
any bright ideas that we can implement in the code of guardian to make
spam easier to fight and punish.
--
-Respectfully,
-Kirk D Bailey
end
___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___ ___
|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|
| _ \___ __ _ __| |_(_)_ _ __ _| |_| |_ ___ / __/ _ \| \| |
| / _ Y _` (_-< _| | ' \/ _` | _| ' \/ -_) (_| (_) | .` |_
|_|_\___|__,_/__/\__|_|_||_\__, |\__|_||_\___|\___\___/|_|\_( )
|___/ |/
Kirk Bailey, consulting loose cannon
www.howlermonkey.net highprimate@howlermonkey.net
http://gipco.webjump.com idiot1@netzero.net
_ _ _ _
___ _ _ ___ _ _ _ _| |_ __ _| |_ __ _| |_(_)_ __ ___
/ _ \ ' \/ -_) ' \ || | _/ _` | _/ _` | _| | ' \/ -_)_
\___/_||_\___|_||_\_,_|\__\__,_|\__\__,_|\__|_|_|_|_\___(_)_ ___
|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|
----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97