[Spambayes] mtaproxy

[David McNab]

On Tue, 2003-08-19 at 03:42, Robert K. Coe wrote:
> I wouldn't. Several objections have been raised in this forum to this
> punishment method, and I think most of them are valid.

Robert, your concerns are noted.

> The most obvious is that it punishes the spammer's ISP, and its
> other users, not just the spammer.

And there's the argument that, with spam-to-signal ratios across the
internet now exceeding 1:1 and growing, ISPs have a duty to do
*everything* within their power to combat this menace.

Spammers have proven themselves to be extremely agile and resourceful.
Most of the major league ones now keep up-to-date versions of
SpamAssassin and other pattern-based filters. With every new release of
the non-bayesian filter programs, it only takes them a couple of weeks
to learn how to compose low-scoring messages that get through the
filters.

There is another real danger here - if the spam problem isn't seriously
mitigated, there's the risk that SMTP - RFC831 - as the email transport
standard - will fall so far into disrepute that an opening emerges for a
non-free protocol, and some well-funded monopolist gets a foothold in
the market, just as M$ did with Windows in '95. Worse than windows, such
a new protocol could be patented, and full of nasties like pay-per-use,
monthly subscriptions, content restrictions (eg premiums on sending zip,
tar.gz, media files etc), whitelist-based DRM and other such atrocities.
It only takes the likes of TWAOL or M$ with vats of marketing budget to
sneak such a monster into the marketplace and further extinguish the
freedom which the internet once represented.

> Another is that it could start a war in which ISPs might begin
> blacklisting each other, to everyone's detriment.

I feel you're seriously exaggerating the scope of the 'punishment'
algorithm. All it does is sends back incomplete response lines for a
configurable amount of time, followed by a failure response line. This
is hardly devastating - but it is enough to cause ISPs to take a less
cavalier attitude towards their enforcement practices.

I don't know the ins and outs of all the MTAs, but I suspect a lot of
them multi-thread their queues, so the net effect of the delay would be
nowhere near as catastrophic as some may fear.

Again, some responsibility *must* be taken by the ISP. For instance, if
people leave their cars parked on the street with the windows open and
the keys in the ignition, and the cars keep  getting stolen and used as
getaway vehicles from crimes, then the community is definitely going to
vest some responsibility in the car owners.

> We all agree that spam is annoying, which is why we're so interested
> in Spambayes. But it isn't the crime against humanity that some
> anti-spam zealots seem to think it is. I don't know Mr McNab, and I
> won't suggest that he belongs in that category.

You're right on that count. I'm just an end user who's gotten sick of
the hundreds of spams per week, knowing that part of my ISP and ADSL
subscription fees are paying for people to profit profusely from
purveying penis enlargement pills.

> But the shoot-the-messenger style of punishment incorporated into his
> program strikes me as childish and out of proportion to the offense.

Your 'shoot the messenger' label is something that I find out of
proportion. It's not 'shoot the messenger' - it's more like 'annoy or
delay the messenger'.

> I hope the Spambayes developers won't accept his suggestion.

That's up to the Spambayes community. No effect on me either way. I
write free software and share it with the world in the hope that some
may find it useful, which many do. I've got whole folders of positive
testimonials to that effect.

> I don't mean to personalize this issue, and I hope you'll all forgive
> me if you think I have.

I think you have, and yes, I do forgive you :)

> But by crossing the line from defense to offense, I think this program
> goes beyond the legitimate scope of the Spambayes project.

Can we please get less emotive about the degree of offense?

And how about some clear-minded discussion on what degree of 
countermeasures are acceptable?

Because we know that the passive-aggressive countermeasures (ie, receive
the email and drop it silently) employed by the (default) spambayes,
spamassassin etc aren't working. Spammers keep hitting the mailboxes
over and over, stealing traffic and wasting people's time, taking joy in
circumventing the filters, and enjoying the fast cars and huge houses
they buy with their ill-gotten gains.

> If mtaproxy, or any form of its punishment algorithm, were to be
> incorporated into Spambayes, I wouldn't let my users take advantage of
> it, because I think it would reflect badly on the city for which we
> work.

I respect your decision Robert. I ask that you also respect the
decisions of those who opt for a more pro-active stance.

Lastly - I have noticed in the 24 hours since I deployed mtaproxy on my
server, inbound spams have dropped more than 90%. Some spamming MTAs
have been dropping the connection during the 'punishment cycle', while
others have endured the punishment. In the last 3 hours, I've received
zero inbound SMTP connections bearing spam.

So it appears that my email addresses are getting removed from the
spammers' databases faster than you can say 'nigerian scam'.

And on that note, the defence rests (for now).

Kindly
David

PS - Maybe 'SpamQueda' is a bit too far 'out there' for a name. Perhaps
something like 'The Spamish Inquisition' would be better, to inject a
bit of Pythonic humour.

PPS - I haven't ruled out bundling SpamBayes and an MTA, with mtaproxy,
into an integrated turnkey product.