|
Home > Archive > Sendmail support > April 2004 > Re: Challenges from challenge-response systems qualify as unsolicited
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Challenges from challenge-response systems qualify as unsolicited
|
|
| Andrzej Adam Filip 2004-03-03, 3:33 am |
| Malcolm Dew-Jones wrote:
> Alan Connor (zzzzzz@xxx.yyy) wrote:
>
> : There are a bunch of loonies posting all sorts of garbage
>
> (something we can all agree with)
>
> Alan, if you wish to provide sendmail specific code to implement your
> ideas (i.e. a milter, or sendmail rules) then I'm sure that _some_ people
> would be happy to read your posts.
>
> However, there is nothing about sendmail in your post, so please don't
> post it here.
For those who do not know Alan (yet):
He is incredibly persistent in promoting his C/R idea via usenete postings
["diplomatic" version].
Encouraging him to post to any new newsgroup is risky (IMHO).
--
Andrzej [en:Andrew] Adam Filip anfi@priv.onet.pl anfi@xl.wp.pl
http://anfi.webhop.net http://slashdot.org/~anfi
*Random Epigram* :
Excess is excrement. Excrement retained in the body is a poison.
-- Odo in "The Dispossessed" by Ursula Le Guin
| |
| Alan Connor 2004-04-06, 3:33 pm |
| On 6 Apr 2004 09:40:39 -0800, Malcolm Dew-Jones <yf110@vtn1.victoria.tc.ca> wrote:
>
>
> Werehatrack (rault00@earthWEEDSlink.net) wrote:
>: On 5 Apr 2004 09:13:12 -0800, yf110@vtn1.victoria.tc.ca (Malcolm
>: Dew-Jones) may have said:
>
>: >D. Stussy (kd6lvw@bde-arc.ampr.org) wrote:
>: >
>: >: ... Legitimate mail senders should not
>: >: have to "jump through hoops" (i.e. reply to a challenge, even once);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> I meant to cut that part.
>
> It was supposed to just be the philisophical question. "Why should you not
> have to jump through hoops"?
>
> I did not mean to suggest that CR was ok (and i'm sure a few searches of
> my earlier messages would prove that).
Who cares whether you or anyone else thinks CRs are okay?
We don't need your approval or permission to use them.
And there is precisely NOTHING you can do to stop us.
Perhaps you should just wake up and smell the coffee: People are fed up with
spam and mail filters that use CRs are the *only* effective and low-maintenance
option available to the ordinary user.
I love it when all the spammers pretending to be spam haters launch these
anti-CR campaigns: Mail about my own program goes through the roof.
Keep it up, fools.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Scott Dorsey 2004-04-06, 3:33 pm |
| Alan Connor <xxxx@yyy.zzz> wrote:
>
>Who cares whether you or anyone else thinks CRs are okay?
>
>We don't need your approval or permission to use them.
>
>And there is precisely NOTHING you can do to stop us.
>
>Perhaps you should just wake up and smell the coffee: People are fed up with
>spam and mail filters that use CRs are the *only* effective and low-maintenance
>option available to the ordinary user.
Unfortunately, as more and more people start using C/R systems, everyone
has to deal with a huge increase in traffic due to misdirected challenges.
Everyone.
The end result will affect YOU. When your mail starts getting blocked,
when your ISP's mail server melts down because of the volume, you will
be losing mail.
>I love it when all the spammers pretending to be spam haters launch these
>anti-CR campaigns: Mail about my own program goes through the roof.
I am surely a spam hater, but the reason that I hate spam is that spam has
made the mail system almost unusable. C/R systems don't fix the inherent
problems, and they make the symptoms worse for everyone else even though
they might temporarily make things better for you.
This is like taking opiates for a broken arm. It does not cure the problem,
it only makes it feel better for a little while, and in the long run it will
result in even more serious problems.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
| |
| Karl A. Krueger 2004-04-06, 4:33 pm |
| [ Newsgroups and Followups trimmed to deter irrelevant cross-posting. ]
In news.admin.net-abuse.email Alan Connor <zzzzzz@xxx.yyy> wrote:
> On 6 Apr 2004 09:40:39 -0800, Malcolm Dew-Jones <yf110@vtn1.victoria.tc.ca> wrote:
>
> Who cares whether you or anyone else thinks CRs are okay?
>
> We don't need your approval or permission to use them.
Ah, but you -do- need approval and permission to send email into other
people's systems.
If your C/R system can be made to send unsolicited bulk email to third
parties, for instance by causing it to challenge forged mail, then it is
a spammable resource -- just like an open relay or proxy. Just as we
reject email from open relays, proxies, and spammy antivirus software,
we will go on to reject email from spammable C/R systems.
Moreover, if you continue to run a spammable resource, knowing that it
will send spam, then you are willingly complicit in whatever spamming is
done by way of it. Why in the world should anyone accept mail from you?
Why should any ISP sell you service, when your spammable resource is
likely to cause them abuse problems?
--
Karl A. Krueger <kkrueger@example.edu>
Woods Hole Oceanographic Institution
Email address is spamtrapped. s/example/whoi/
"Outlook not so good." -- Magic 8-Ball Software Reviews
| |
| Steven M (remove cola to reply) 2004-04-06, 4:33 pm |
| On 6 Apr 2004 15:34:37 -0400, kludge@panix.com (Scott Dorsey) wrote:
>I am surely a spam hater, but the reason that I hate spam is that spam has
>made the mail system almost unusable. C/R systems don't fix the inherent
>problems, and they make the symptoms worse for everyone else even though
>they might temporarily make things better for you.
>
>This is like taking opiates for a broken arm. It does not cure the problem,
>it only makes it feel better for a little while, and in the long run it will
>result in even more serious problems.
>--scott
I agree with you about C/R, but the analogy about broken arms and
opiates breaks down.
It's true that if you take opiates instead of getting your broken arm
set properly, it won't heal. But the opiates alone taken in
moderation probably won't hurt anything.
And opiates have a legitimate place in some medical treatments,
despite the possibility of overuse and addiction. My wife has had
more surgeries than anybody should have in the past few years. The
ones that went the best were also the ones where the doctors were
generous about prescribing pain meds, include some opiates.
Furthermore, spam is different from a broken arm. A broken arm will
eventually cure itself, with the most rudimentary treatment. Spam
won't stop unless something else happens.
I have been thinking for a few minutes, but I can't find any better
analogy between (a) spam and (b) medical conditions.
C/R is bad enough on its own.
--
Steve M - unspam@houston.rrdirt.com (remove dirt for reply)
"Give up those intimate little dinners for four, unless there are
three other people eating with you." -- attributed to Orson Welles
| |
| Alan Connor 2004-04-06, 4:33 pm |
| On 6 Apr 2004 15:34:37 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
>
> Alan Connor <xxxx@yyy.zzz> wrote:
>
> Unfortunately, as more and more people start using C/R systems, everyone
> has to deal with a huge increase in traffic due to misdirected challenges.
> Everyone.
>
That's complete garbage.
I am not even going to bother posting a rebuttal here, but will just regularly
post the FACTS about mail filters that use CRs on these groups.
Of course, you could post evidence to substantiate your assertion above...
Its absence is rather noteworthy here.
AC
| |
| Peter Köhlmann 2004-04-06, 4:33 pm |
| Alan Connor wrote:
> On 6 Apr 2004 15:34:37 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
> That's complete garbage.
>
Unfortunately, it is not. Your system is good at one thing only: Doing
Joe-Jobs. Everything else (especially what you claim it does) will not work
> I am not even going to bother posting a rebuttal here, but will just
> regularly post the FACTS about mail filters that use CRs on these groups.
>
The "facts" according to Alan Connor?
> Of course, you could post evidence to substantiate your assertion above...
>
> Its absence is rather noteworthy here.
>
Idiot
--
Law of Probable Dispersal:
Whatever it is that hits the fan will not be evenly distributed.
| |
| Alan Connor 2004-04-06, 4:33 pm |
| On Tue, 6 Apr 2004 19:51:10 +0000 (UTC), Karl A. Krueger <kkrueger@example.edu> wrote:
> In news.admin.net-abuse.email Alan Connor <zzzzzz@xxx.yyy> wrote:
>
> Ah, but you -do- need approval and permission to send email into other
> people's systems.
>
> If your C/R system can be made to send unsolicited bulk email to third
> parties, for instance by causing it to challenge forged mail,
Huh?
then it is
> a spammable resource -- just like an open relay or proxy. Just as we
> reject email from open relays, proxies, and spammy antivirus software,
> we will go on to reject email from spammable C/R systems.
>
Where do all these idiots come from?
This person plainly doesn't even know what CRs ARE....
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 4:34 pm |
| On Tue, 06 Apr 2004 20:01:43 GMT, Steven M (remove cola to reply) <unspam@houston.rrcola.com> wrote:
>
>
> C/R is bad enough on its own.
>
>
>
What's so terrible about them? Have you ever signed up for a mailing list?
If you have, they sent you a CR, and a good thing it was too. If they didn't
do that, anyone could sign anyone up for thousands of mailing lists.
There wouldn't be any room in your mailbox(es) for anything else.
Well....That's what spammers do: Sign you up for mailing lists without
asking you.
And CRs can be used to take care of that problem too.
But before you send any CRs, you need to run your mail through a pass list
so that you get all the mail that you KNOW is legitimate, and then run
the balance through a filter like SpamAssassin which will send all the
mail that is *indisputably* spam to /dev/null.
Only the tiny fraction that is left over is sent a CR, and if mail from
that address fails to return a CR twice, any further mail from
that address is sent to /dev/null.
So the number of CRs that you send *decreases* with time.
My filter sends thousands of mails directly to /dev/null every week.
No response of any kind. I never even know it arrived unless I check my logs.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| John-Paul Stewart 2004-04-06, 6:35 pm |
| Scott Dorsey wrote:
> Alan Connor <xxxx@yyy.zzz> wrote:
>
>
>
> Unfortunately, as more and more people start using C/R systems, everyone
> has to deal with a huge increase in traffic due to misdirected challenges.
> Everyone.
Unfortunately for you, the previous poster doesn't seem to realize that
the vast majority of spam has forged "From" addresses, and thus the vast
majority of his challenges wrongly go to innocent third parties. Until
he understands that fact and its ramifications, your arguments are
pointless. (I know this from experience...I tried the same argument
with him several months ago.)
| |
| Vernon Schryver 2004-04-06, 6:35 pm |
| In article <c4v0od$2va$1@panix2.panix.com>,
Scott Dorsey <kludge@panix.com> wrote:
> ...
>Unfortunately, as more and more people start using C/R systems, ...
That assumes something not in evidence and that I think is false.
C/R systems were touted as The Final Ultimate Solution to the Spam
Problem more than a year ago. As far as I can tell, they are not
being used more today than they were then. I suspect C/R systems
are being used less today than they were 6-9 months ago.
In practice, as opposed to naive theory and snake oil salescritters,
C/R are manual whitelisting systems with fancy DSNs. Users must and
do manually whitelist their correspondents, The challenges act as
possible non-delivery status notifications.
My old policy was to never respond to challenges. Based on suggestions
in NANAE, I now respond to all challenges that get past my spam defenses.
Since changing my policy, I've responded to more challenges of likely
spam forged in my name than legitimate mail. The only legitimate
challenge I've recently seen was apparently manually overridden by the
other party before I could respond to the challenge. The only reason
I know it was legitimate is that my mailbox contained first the challenge
from an unfamiliar address and then a response from the same address
to a message of mine.
All but the dimest lusers soon figure out the need to manually whitelist
quarantined legitimate mail awaiting challenge responses, which makes
their C/R systems nothing more than manual whitelist systems.
Note the implications of the fact that the challenge was from an
unfamiliar address, thanks either to my bad memory or to the magic of
mail forwarding at the other party's location. If I did not have a
policy of responding to bogus challenges and if the other party did
not manually examine and whitelist quarantined mail, then the other
party would not have seen my message and I would have added a network
to the DoS defensive blacklist of the public DCC servers.
Note also that when I (and many others) respond to bogus challenges
for forged spam, the luser with the C/R system will receive the spam,
unless the luser would have been better served with greylisting.
Vernon Schryver vjs@rhyolite.com
| |
| Alan Connor 2004-04-06, 6:35 pm |
| On 6 Apr 2004 21:38:17 GMT, Bruce Barnett <spamhater91+U040406173231@grymoire.com> wrote:
>
>
> Alan Connor <zzzzzz@xxx.yyy> writes:
>
>
> Have you ever set up a mailing list, and when your mailbot sends a
> message out asking the user to opt-in, the mail list software gets a
> message from ANOTHER mailbot asking it to respond.
>
Why do all the critics of CRs seem to be utterly ignorant of how they work?
You do not send mail to ANYONE that has not been passlisted. In the case of
list servers, you passlist the obvious strings that any response will have
to contain. Never had a problem. I subscribe to quite a few mailing lists.
Signup is a one time thing...
I have to say that if you honestly think that people who use filters like
this cannot subscribe to mailing lists, then you are truly stupid.
.....as well as being ignorant of the filters you criticize.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 6:35 pm |
| On Tue, 06 Apr 2004 17:26:17 -0400, John-Paul Stewart <jpstewart@binaryfoundry.ca> wrote:
>
>
> Scott Dorsey wrote:
>
> Unfortunately for you, the previous poster doesn't seem to realize that
> the vast majority of spam has forged "From" addresses, and thus the vast
> majority of his challenges wrongly go to innocent third parties. Until
No they don't.
Here you have another spammer trying to convince people not to use the
only filters they can't beat.
Lame.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 7:33 pm |
| On Tue, 6 Apr 2004 16:09:55 -0600 (MDT), Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
>
>
> In article <c4v0od$2va$1@panix2.panix.com>,
> Scott Dorsey <kludge@panix.com> wrote:
>
>
> That assumes something not in evidence and that I think is false.
> C/R systems were touted as The Final Ultimate Solution to the Spam
> Problem more than a year ago. As far as I can tell, they are not
> being used more today than they were then. I suspect C/R systems
> are being used less today than they were 6-9 months ago.
>
I don't remember anyone saying that C/R systems are the ultimate
spam solution, ever.
As long as the *Internet* accepts spam, C/R systems are the only
way to effectively deal with spam at present.
Every week I receive mail from people who have installed my simple
program and love it. Since a child could install and operate it,
I can only assume that a lot more than that are using it.
> In practice, as opposed to naive theory and snake oil salescritters,
> C/R are manual whitelisting systems with fancy DSNs.
That's true, and I don't remember anyone saying differently.
I think you only read the drivel that spammers posing as spam-haters
write.
>Users must and do manually whitelist their correspondents, The challenges act as
> possible non-delivery status notifications.
>
> My old policy was to never respond to challenges. Based on suggestions
> in NANAE, I now respond to all challenges that get past my spam defenses.
> Since changing my policy, I've responded to more challenges of likely
> spam forged in my name than legitimate mail.
You are lying.
>The only legitimate
> challenge I've recently seen was apparently manually overridden by the
> other party before I could respond to the challenge. The only reason
> I know it was legitimate is that my mailbox contained first the challenge
> from an unfamiliar address and then a response from the same address
> to a message of mine.
>
Liar.
> All but the dimest lusers soon figure out the need to manually whitelist
> quarantined legitimate mail awaiting challenge responses, which makes
> their C/R systems nothing more than manual whitelist systems.
>
I don't get any spam and I get all the mail I want to get.
I never have to mess with the program.
If you call that being a "luser", then you are an imbecile as well
as being a liar.
And you most certainly are a liar.
Everything you wrote above is pure BULLSHIT.
<sigh>
Another spammer telling lies about the only filters they can't beat.
Hey spammer:
Kiss my XXX.
You are denied access to my mailbox.
Live with it.
Find HONEST work.
ROTF
AC
| |
| axlq in California 2004-04-06, 7:33 pm |
| In article <c4v9rj$1iu6$1@calcite.rhyolite.com>,
Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
>My old policy was to never respond to challenges. Based on suggestions
>in NANAE, I now respond to all challenges that get past my spam defenses.
Hmm, I never thought of that. Pretty sneaky. Respond to a bogus
challenge, and the luser with the C/R system will end up receiving the
spam, and any future spam with your address forged in the From header.
I think I'll do that from now on instead of just deleting the
challenges. That's one way to show the users of C/R how worthless
it really is.
-A
| |
| axlq in California 2004-04-06, 7:33 pm |
| In article <FtGcc.18424$lt2.1263@newsread1.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>On Tue, 6 Apr 2004 16:09:55 -0600 (MDT), Vernon Schryver
><vjs@calcite.rhyolite.com> wrote:
>
>You are lying.
And you're making a bare assertion you can't back up. Also, you
don't know who you're talking to.
>
>Liar.
Prove it. If you're so blind you can't see his point (that C/R results
in bogus challenges, which *I* have also received), then you truly are a
dumbass, and possibly a liar as well.
In any case, you have proven that you have nothing worth saying about
C/R; you simply cannot be educated. I wash my hands of you.
<plonk>
-A
| |
| John-Paul Stewart 2004-04-06, 8:33 pm |
| Alan Connor wrote:
> On Tue, 06 Apr 2004 17:26:17 -0400, John-Paul Stewart <jpstewart@binaryfoundry.ca> wrote:
>
>
>
> No they don't.
You prove my point (about you not getting it) quite nicely.
About 5 times per day I get bounce messages from mailservers
rejecting e-mail that I did *not* send. Obviously somebody (and
probably more than one entity) is regularly forging my address as their
"From" address.
Better yet, every six months or so I'll get spam from a really clever
spammer who makes sure the "To" and "From" addresses match. Since I'm
not in the habit of trying to sell anything to myself, I'm quite sure
that a spammer has forged the "From" address of that!
I know I'm not the only one either. Plenty of people I know have had
the same thing happen to them. And that is precisely the reason why the
experts tell you to never, ever bounce spam. The challenge from your
system would be at least as much of a problem as the bogus bounce messages.
Just because you don't realize that it happens, that does *not* mean
that it doesn't. It is a very real problem which you're too eager to
blow off, and that quick dismissal costs you a lot of your credibility.
> Here you have another spammer trying to convince people not to use the
> only filters they can't beat.
Never once have I sent spam. But I have received hundreds of bounce
messages for spam that I did not send. The challenges would just add to
the problem.
| |
| Scott Dorsey 2004-04-06, 8:33 pm |
| Alan Connor <xxxx@yyy.zzz> wrote:
Kludge writes:
>
>That's complete garbage.
>
>I am not even going to bother posting a rebuttal here, but will just regularly
>post the FACTS about mail filters that use CRs on these groups.
Well, I'm getting around two hundred messages a day, which are the result
of spammers forging my users' names in the return addresses of spam
messages. They hit the mailboxes of C/R users, and a challenge is
generated, which gets sent to my users. I'd call that a huge increase.
Still a drop in the bucket compared with spam, but that's in part because
not many folks are using C/R systems.
Now, imagine what would happen if my users had C/R systems, and bounced
a challenge back for each one of those misdirected challenges.
>Of course, you could post evidence to substantiate your assertion above...
>
>Its absence is rather noteworthy here.
I can give you mail server stats if you'd like. It's only a couple
hundred a day, but that's up from zero six months ago. I'd call that
a huge increase.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
| |
| Morely 'I drank what?' Dotes 2004-04-06, 8:33 pm |
| While gargling concrete on 06 Apr 2004, "Steven M (remove cola to
reply)" <unspam@houston.rrcola.com> wrote in
news:nu16701r7n70lu705tpsofq76kb54el563@
4ax.com right after begin :
>
> I agree with you about C/R, but the analogy about broken arms and
> opiates breaks down.
Nope, it's perfect.
Spam is the broken arm. C/R is the opiate. For those taking opiates
(using C/R), the problem remains *BUT THEY DON'T NOTICE IT*.
However, because of their choice to take opiates *instead* of fixing the
problem, the problem continues to worsen.
And, unlike a broken arm, their C/R makes the problem worse for *others*.
--
Want a custom-built PC designed by gamers, for gamers?
Visit http://kryptonite.pc-gamereview.com
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
| |
| Alan Connor 2004-04-06, 8:34 pm |
| On Tue, 06 Apr 2004 19:08:56 -0400, John-Paul Stewart <jpstewart@binaryfoundry.ca> wrote:
>
>
> Alan Connor wrote:
>
> You prove my point (about you not getting it) quite nicely.
>
I get it. You are lying.
> About 5 times per day I get bounce messages from mailservers
5 times a day? From C/R systems? Nope.
Don't you know the difference between a client filter and an MTA?
> rejecting e-mail that I did *not* send. Obviously somebody (and
> probably more than one entity) is regularly forging my address as their
> "From" address.
>
You need to use a system like the ones found in my sig.
Then you wouldn't have silly problems like this.
> Better yet, every six months or so I'll get spam from a really clever
> spammer who makes sure the "To" and "From" addresses match. Since I'm
> not in the habit of trying to sell anything to myself, I'm quite sure
> that a spammer has forged the "From" address of that!
>
You don't block mail from your OWN address?
You really are clueless.
rest of this drivel deleted.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 8:34 pm |
| On 6 Apr 2004 20:02:47 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
>
> Alan Connor <xxxx@yyy.zzz> wrote:
> Kludge writes:
>
> Well, I'm getting around two hundred messages a day, which are the result
> of spammers forging my users' names in the return addresses of spam
> messages. They hit the mailboxes of C/R users, and a challenge is
> generated, which gets sent to my users. I'd call that a huge increase.
No. You don't know what you are talking about.
Modern C/R systems use filters like SpamAssassin and send almost all of
the spam directly to /dev/null. No response of any kind is sent out.
Why do you criticize programs you obviously know nothing about?
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 8:34 pm |
| On 7 Apr 2004 00:14:00 GMT, Bruce Barnett <spamhater91+U040406200759@grymoire.com> wrote:
>
>
> Alan Connor <zzzzzz@xxx.yyy> writes:
>
>
> What do you do if you won't know the From address used to TEST the opt-in?
>
> And what do you do when you get e-mail from the list where the From:
> address is one you have never seen before (because it's from one of
> the 40,000 members), the From_/envelope address is unique to track
> bounces, and the name of the list is in the BCC: field?
>
I've never even heard of that happenning.
And I don't think you have either.
Never heard of a mailing list that didn't have a header that made it
easy to pick out of the spam.
Never had a single problem with any of the mailing lists I subscribe
to.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Nick Landsberg 2004-04-06, 8:34 pm |
| John-Paul Stewart wrote:
> Alan Connor wrote:
>
[Everything Snipped]
Pardon for coming into this thread late, but
I have what I think is an honest question.
I thought it was "conventional wisdom" (whatever
that is) that any kind of response to a spammer
only encourages them to send more? ("Hey,
I found a live Email addy, I can sell this
addy to the next spammer down the street!")
The end-result being that more and more SPAM
is generated to your addy for your machine to
filter (wasting CPU cycles while doing so).
Or maybe I don't understand what is meant
by a challenge/response system?
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Scott Dorsey 2004-04-06, 8:34 pm |
| Alan Connor <xxxx@yyy.zzz> wrote:
>Modern C/R systems use filters like SpamAssassin and send almost all of
>the spam directly to /dev/null. No response of any kind is sent out.
>
>Why do you criticize programs you obviously know nothing about?
Because I keep getting all of these misdirected challenges.
If I wasn't getting the stuff, I would not be complaining.
If the filters were indeed effective, then C/R systems wouldn't produce
all of this misdirected junk. But, if the filters were effective, then
you wouldn't actually need any C/R systems at all.
You can't have it both ways. Either the filters work or they don't.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
| |
| Scott Dorsey 2004-04-06, 9:33 pm |
| Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>I thought it was "conventional wisdom" (whatever
>that is) that any kind of response to a spammer
>only encourages them to send more? ("Hey,
>I found a live Email addy, I can sell this
>addy to the next spammer down the street!")
This is true. And early on, spammers tended to forge drop box addresses
into their From: field, so they could check the drop box and see which
addresses were bouncing and which ones were confirmed.
These days you don't see that as often. Instead, you tend to see innocent
third parties culled from lists being used in the From: field. This means
that any response you send is going to an innocent third party who has
nothing to do with the spam. Arguably this is even worse than sending
a complaint or removal to a drop box.
>Or maybe I don't understand what is meant
>by a challenge/response system?
The challenge/response system depends on the return addresses of spam being
invalid.
If the return address is a drop box, the spammer can send an automatic
response with automated software as soon as he gets the challenge message.
If the return address is a nonexistent address, the response never
gets sent because the challenge never makes it out.
If the return address is an innocent third party, the third party gets
annoyed, and may send a response just because he's pissed off at receiving
all of these challenges, or may just block all mail from the senders,
or may do something else.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
| |
| Alan Connor 2004-04-06, 9:33 pm |
|
The design of an effective mail filter using Challenge-Responses
----------------------------------------------------------------
pass-list ---------> block-list (content-filter) ---------> Challenge-Response
Along with many others, I use a filter designed like the above:
I never see any spam.
I send out very few C-Rs.
I don't have to mess with my filter at all.
Spam is just gone from my life, no muss and no fuss.
The only complaint I have ever had was from a domain that turned
out to be on the dnsbl (dns blacklist) for spamming.
Anyone can reach me with no problem if they use their real return
address. And read their mail...
In some ways, Challenge-Responses are like Caller-ID for phones: Someone
who wants to communicate with you must use their real return address, and
actually read the mail there.
The mail must be from someone who wants to establish a *two-way* communications
link with you, not from someone who just wants you to buy something.
(Note that I subscribe, by *choice*, to many commercial mailing lists.)
On the rare occassion that I send a C-R to an innocent party (I have to
assume that his has happenned at least once.) whose address has been forged,
then I have done them the favor of letting them know that it is being forged,
which can cause a person one hell of a lot of trouble.
They have my real address and are told in the C-R that I have a copy
of the mail if they need it.
Like I said: ONE complaint, ever, and from spammers.
C-Rs are only one stage, and the final stage, of an effective mail filter
that is designed like so:
PASSLIST
Where every friend, associate, commercial mailing list, discussion
mailing list, business, and non-profit org is given free access
to my inbox with my consent.
Anyone you send mail to must be passlisted.
This is where you make SURE you get all the mail you REALLY need
to get, or just want.
BLOCKLIST (Content-Filter)
General: to kill most of the spam. You can use SpamAssasin here
called by procmail. Or just use good procmail recipes.
Specific: where domains and addresses are killed for various
offenses, generally repeated C-Rs that aren't returned.
(Do remember to blocklist your own address, or some clown will
send mail to you with your own address on the From: line and
set up a mail loop.)
You just can't catch all the spam with a content-filter like
SpamAssassin. If you even try, you will end up losing mail
that isn't spam, and getting some spam anyway. And you have
to update your filters all the time to keep abreast of the
spammers.
(As well as save the spam to look through to make sure there
isn't any mail you want in there, which rather defeats the
whole purpose of a spam filter, in my opinion. I don't want
to ever see that garbage.)
Better to just kill the mail you KNOW is spam, and send a
C-R to the few that your content filter isn't sure about.
Most people that use these filters block any mail from
non-passlisted addresses that doesn't have a valid local
address alone on the To: line.
This kills, of itself, the vast majority of spam, so that
no un-necessary C-Rs are sent out to whatever address
they have chosen to present as their return address.
If mail is received from an address twice that fails to
return a C-R, that address is blocklisted automatically,
and any further mail from that address is sent to /dev/null.
CHALLENGE-RESPONSE
A little note that asks the receiver to paste a password on the
Subject: line and return it.
The Subject line on the C-R should have Re: original subject
on it.
This forces people to use their actual email address if they want
me to see their posts.
(And to read their mail...)
This is only required once. From then on, it's as if there is no
filter on my mail from their perspective.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 9:33 pm |
| On Wed, 07 Apr 2004 00:30:30 GMT, Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
> John-Paul Stewart wrote:
>
> [Everything Snipped]
>
> Pardon for coming into this thread late, but
> I have what I think is an honest question.
>
> I thought it was "conventional wisdom" (whatever
> that is) that any kind of response to a spammer
> only encourages them to send more? ("Hey,
> I found a live Email addy, I can sell this
> addy to the next spammer down the street!")
> The end-result being that more and more SPAM
> is generated to your addy for your machine to
> filter (wasting CPU cycles while doing so).
>
> Or maybe I don't understand what is meant
> by a challenge/response system?
>
The only people who do here, are all the spammers
posing as spamhaters in order to discredit the
one type of filter they can't beat.
They do this regularly.
No one that I know of uses JUST C/Rs in their filters.
First, they run the mail through a passlist, making
sure that they get all the mail they KNOW they want
to get.
Next, the rest is sent through a filter like SpamAssassin
where the mail that is indisputably spam is sent to
/dev/null.
And LASTLY, the mail that might or might not be spam
is sent a C/R.
Twice. If no return is received from that address the
second time it shows up, it is blocked and any further
mail from that address goes straight to /dev/null.
It is important, when using a system like this to
passlist ANYONE you send mail to, to prevent C/R
loops.
See my lengthier description on this thread.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-06, 9:33 pm |
| On 6 Apr 2004 20:33:55 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
>
> Alan Connor <xxxx@yyy.zzz> wrote:
>
> Because I keep getting all of these misdirected challenges.
> If I wasn't getting the stuff, I would not be complaining.
>
> If the filters were indeed effective, then C/R systems wouldn't produce
> all of this misdirected junk. But, if the filters were effective, then
> you wouldn't actually need any C/R systems at all.
>
> You can't have it both ways. Either the filters work or they don't.
> --scott
Let's see some of these 'mis-directed challenges'.
And DO include *all* the headers.
I think you are a liar.
AC
| |
| Nick Landsberg 2004-04-06, 9:33 pm |
| Thanks for the explanation Scott!
Scott Dorsey wrote:
> Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
>
> This is true. And early on, spammers tended to forge drop box addresses
> into their From: field, so they could check the drop box and see which
> addresses were bouncing and which ones were confirmed.
>
> These days you don't see that as often. Instead, you tend to see innocent
> third parties culled from lists being used in the From: field. This means
> that any response you send is going to an innocent third party who has
> nothing to do with the spam. Arguably this is even worse than sending
> a complaint or removal to a drop box.
OK... to simplify this (for a simpleminded me),
let's say John Doe's computer gets infected.
The spamware sends out an Email from John Doe's
computer and forges the "From:" addy as (e.g.)
"richardroe@yahoo.com" which it got
from John Doe's address list.
Then, as I understand it, the C/R system would
send out a message to "richardroe@yahoo.com"
to see if it was a legitimate address? to see
if "richardroe" had actually sent the original
email? I'm lost here.
>
>
>
>
> The challenge/response system depends on the return addresses of spam being
> invalid.
Ahh.. that answers a part of the above question.
>
> If the return address is a drop box, the spammer can send an automatic
> response with automated software as soon as he gets the challenge message.
>
> If the return address is a nonexistent address, the response never
> gets sent because the challenge never makes it out.
>
> If the return address is an innocent third party, the third party gets
> annoyed, and may send a response just because he's pissed off at receiving
> all of these challenges, or may just block all mail from the senders,
> or may do something else.
> --scott
>
>
I think I have it. It's the "innocent third party" thing
that (hopefully) made me see the light. What I gathered
from this is, as long as spammers can forge "From:" and
"Reply To:" headers, then C/R is for all intents and
purposes, innefective, and may actually be a cure which
is worse than the disease.
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Laurence F. Sheldon, Jr. 2004-04-06, 9:34 pm |
| Nick Landsberg wrote:
> I think I have it. It's the "innocent third party" thing
> that (hopefully) made me see the light. What I gathered
> from this is, as long as spammers can forge "From:" and
> "Reply To:" headers, then C/R is for all intents and
> purposes, innefective, and may actually be a cure which
> is worse than the disease.
Some of us have the unique pleasure of having thousands of messages
per hour enter the system with our addresses as the "From: "
or envelope from address.
Whether that is a bad thing or not I'll leave as a homework assignment.
--
Requiescas in pace o email
| |
| Nick Landsberg 2004-04-06, 9:34 pm |
| Alan Connor wrote:
> On Wed, 07 Apr 2004 00:30:30 GMT, Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
>
> The only people who do here, are all the spammers
> posing as spamhaters in order to discredit the
> one type of filter they can't beat.
My pardons, but there is nothing that is
unbeatable. If you believe there is, you
need a dose of reality. From other
posts here and from personal knowledge,
once one can forge either "From:" headers
or "Reply To:" headers one has beaten it.
>
> They do this regularly.
>
> No one that I know of uses JUST C/Rs in their filters.
>
> First, they run the mail through a passlist, making
> sure that they get all the mail they KNOW they want
> to get.
Easily done.
>
> Next, the rest is sent through a filter like SpamAssassin
> where the mail that is indisputably spam is sent to
> /dev/null.
I don't trust SpamAssassin or anything of that ilk
because it has been known to block Emails about
pending bills I have to pay. While programs such
as this try to "learn" about the spam, the spammers
"learn" how to mimic legitimate emails. What
happens is that legitimate Emails get categorized
as spam. Sending my Visa bill statement to /dev/null
is not an option for me.
>
> And LASTLY, the mail that might or might not be spam
> is sent a C/R.
>
> Twice. If no return is received from that address the
> second time it shows up, it is blocked and any further
> mail from that address goes straight to /dev/null.
And if the "From:" line or the "Reply To:" line is
forged? Or if the bank sending out my Visa bill
specifically says "Do not reply to this Email" because
they have an automated system which is not monitored
and all replies go to /dev/null?
>
> It is important, when using a system like this to
> passlist ANYONE you send mail to, to prevent C/R
> loops.
>
> See my lengthier description on this thread.
>
> AC
IMHO, all these attempts are treating symptoms
rather than causes. Treating the actual
causes may be more than just a technical
problem.
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Alan Connor 2004-04-06, 9:34 pm |
| On 7 Apr 2004 01:16:58 GMT, Bruce Barnett <spamhater91+U040406204122@grymoire.com> wrote:
>
>
> Alan Connor <zzzzzz@xxx.yyy> writes:
>
>
>
> Try majordomo running in non-digest mode where someone sends e-mail to
> the mail list exploder address using a blind carbon copy.
>
> The From: is unchanged.
> The list name isn't in the To: or Cc: list.
> The Subject: field is unchanged.
>
But them mail still has headers unique to the mailing list.
DUH.
> Some lists, like Bugtraq, are like the above and also have a unique
> From_/envelope address for each and every message, to track bounces and
> semi-automatically remove people when e-mail bounces multiple
> times.
>
Same answer. For the third time.
Why do you not know this?
>
>
> Well, they exist.
No they don't.
>Also - you have to know the magic rules of the list
> BEFOREHAND to get it through your C/R system, right?
>
No.
> So if you don't know the unique-per-mailist rules beforehand, it will
> never get through your C/R passlist.
>
Wrong again.
I'd set you straight, but what's the point: You know everything already.
>
> Shrug. What can I say?
Exactly.
> Never expect that you know all the rules. This is the Internet.
>
> For instance, I use unique From: addresses. Guess I can never send you e-mail.
>
>
I receive mail from all sorts of people who are passlisted and mail from computers
all over the place.
You don't know what you are talking about. At ALL.
If you want to learn, then ask questions and listen to the answers.
Otherwise, stay an ignorant XXXX. I couldn't care less.
As for sending me mail? Forget it. I don't want to hear from you.
> --
> Sending unsolicited commercial e-mail to this account incurs a fee of
> $500 per message, and acknowledges the legality of this contract.
Oh that's just brilliant.
And how many times have you collected that $500?
About as many times as you were accurate above: 0.
Now: You claimed in another post that you receive
mis-directed CRs regularly.
Until you post examples of these I will not be responding
to any more of your STUPID posts.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Robert Melson 2004-04-06, 10:33 pm |
| On Tuesday 06 April 2004 18:53, Alan Connor wrote:
> On 6 Apr 2004 20:33:55 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
> Let's see some of these 'mis-directed challenges'.
>
> And DO include *all* the headers.
>
> I think you are a liar.
>
>
> AC
I've just been reading the thread and have this to say to you, Alan: you
diminish, if not completely destroy, your credibility by your name calling
("I think you are a liar.") and hostile attitude. It may well be true that
you have a successful system combining pass lists, block lists/filters and
challenge/response -- I can't dispute that because I'm not using it or
anything like it. At this stage, however, I wouldn't go around the block
to get one at your recommendation. Whether you're right or wrong makes
absolutely no difference at this point because you've poisoned the well
through your own poor behavior. Pity.
Bob Melson
--
Robert G. Melson A society of sheep must in time beget a
Rio Grande MicroSolutions government of wolves.
El Paso, Texas Bertrand de Jouvenal
melsonr(at)earthlink(dot)net
| |
|
|
| Alan Connor 2004-04-06, 11:33 pm |
| On Wed, 07 Apr 2004 02:10:07 GMT, Robert Melson <melsonr@earthlink.net> wrote:
>
>
> On Tuesday 06 April 2004 18:53, Alan Connor wrote:
>
> I've just been reading the thread and have this to say to you, Alan: you
> diminish, if not completely destroy, your credibility by your name calling
> ("I think you are a liar.") and hostile attitude. It may well be true that
> you have a successful system combining pass lists, block lists/filters and
> challenge/response -- I can't dispute that because I'm not using it or
> anything like it. At this stage, however, I wouldn't go around the block
> to get one at your recommendation. Whether you're right or wrong makes
> absolutely no difference at this point because you've poisoned the well
> through your own poor behavior. Pity.
>
> Bob Melson
>
Well, Miz Manners Melson, I guess you haven't noticed that the man has failed
to produce evidence for his claims.
And he has been asked to TWICE since then.
He WAS a liar.
So you aren't going to investigate a tool that could possibly help you out
a great deal because I called a liar a "liar"?
Brilliant.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Nick Landsberg 2004-04-06, 11:33 pm |
| Sam wrote:
> Robert Melson writes:
>
>
>
>
> Here are some previous words of wisdom from Alan Connor:
>
> http://tinyurl.com/23r3f - wherein he claims to be a on a first name
> basis with Bigfoot.
>
> http://tinyurl.com/2gjcy - and here's his tale of getting drugged,
> kidnapped, and molested by Xena, the Warrior Princess.
>
> Alan "Beavis" Connor is our favorite net.kook, in this neck of the
> woods. He pops up every other week or so, blathering about this latest
> fetish of his. ABC inevitably gets thwacked down and lays low for a
> week or so, before popping up in another newsgroup, and performing the
> same shtick.
>
>
Thank you Sam!
I accessed those URL's and the result was (to quote
Mr. Spock) "fascinating."
From now on I will consider the source, ... and ignore it.
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Robert Melson 2004-04-06, 11:33 pm |
| On Tuesday 06 April 2004 20:39, Sam wrote:
> Robert Melson writes:
>
>
>
> Here are some previous words of wisdom from Alan Connor:
>
> http://tinyurl.com/23r3f - wherein he claims to be a on a first name basis
> with Bigfoot.
>
> http://tinyurl.com/2gjcy - and here's his tale of getting drugged,
> kidnapped, and molested by Xena, the Warrior Princess.
>
> Alan "Beavis" Connor is our favorite net.kook, in this neck of the woods.
> He pops up every other week or so, blathering about this latest fetish of
> his. ABC inevitably gets thwacked down and lays low for a week or so,
> before popping up in another newsgroup, and performing the same shtick.
Ah. Kinda like Rev. Don Kool on comp.unix.admin and the various solaris,
linux and bsd groups. Marches around beating a tiny drum for the one
revealed religion.
As I said, it may well be true that he has a successful system as described
-- dunno and probably won't bother trying to find out. Anybody who can so
cavalierly dismiss Vernon S. (I won't even TRY to spell his name :-O ) and
call others uncomplimentary names for daring to disagree with him probably
isn't worth paying attention to. I tried to be gentle in my naivety and
will henceforth return and confine myself to lurk mode.
Bob
--
Robert G. Melson A society of sheep must in time beget a
Rio Grande MicroSolutions government of wolves.
El Paso, Texas Bertrand de Jouvenal
melsonr(at)earthlink(dot)net
| |
| Laurence F. Sheldon, Jr. 2004-04-06, 11:33 pm |
| Alan Connor wrote:
> Well, Miz Manners Melson, I guess you haven't noticed that the man has failed
> to produce evidence for his claims.
>
> And he has been asked to TWICE since then.
I also note that my questions have not been answered--and at the time I
wrote them I was genuinely interested in the answers.
> So you aren't going to investigate a tool that could possibly help you out
> a great deal because I called a liar a "liar"?
I'm certainly not going to consider a water-burning carburetor
whose inventor seems not to be able to focus on the issues raised.
> Brilliant.
"Flash in the pan"
--
Requiescas in pace o email
| |
| Alan Connor 2004-04-06, 11:33 pm |
|
Sam is one of the worst trolls on the Internet, with a hundred (at least) aliases.
He spends his life disrupting newsgroups and posting endless drivel and attacking
anyone who has called him on his twisted lifestyle.
He ought to be locked away in a rubber room under heavy medication.
You have been warned.
AC
| |
| Alan Connor 2004-04-06, 11:33 pm |
| On Tue, 06 Apr 2004 21:57:46 -0500, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
>
>
> Alan Connor wrote:
>
>
>
> I also note that my questions have not been answered--and at the time I
> wrote them I was genuinely interested in the answers.
>
>
> I'm certainly not going to consider a water-burning carburetor
> whose inventor seems not to be able to focus on the issues raised.
>
>
> "Flash in the pan"
>
> --
> Requiescas in pace o email
>
Like I told you before: I posted an article on this very thread that answers
all your questions.
But if you can't read plain English or remember something you read only a few
minutes before, then I am afraid the article won't do you much good.
Flash in the pan?
Been around for a lot of years. Try doing a little research before
making a fool of yourself on the Usenet.
Try spamming me.
<snicker>
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
|
|
| Chris Adams 2004-04-06, 11:33 pm |
| Once upon a time, Alan Connor <xxxx@yyy.zzz> said:
>Modern C/R systems use filters like SpamAssassin and send almost all of
>the spam directly to /dev/null. No response of any kind is sent out.
"almost" all of the spam - so some spam messages still generate
challenges (obviously, since no spam filter is 100% perfect), so you
send challenges to innocent bystanders. If you could filter out all of
the spam so you didn't send bogus challenges, why would you bother with
the C/R system?
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
| |
| DevilsPGD 2004-04-06, 11:33 pm |
| In message <<c4vc5f$r8u$1@blue.rahul.net>> axlq@spamcop.net (axlq in
California) did ramble:
>Hmm, I never thought of that. Pretty sneaky. Respond to a bogus
>challenge, and the luser with the C/R system will end up receiving the
>spam, and any future spam with your address forged in the From header.
>
>I think I'll do that from now on instead of just deleting the
>challenges. That's one way to show the users of C/R how worthless
>it really is.
It's all about cost shifting -- Except this time it's possible to shift
the costs back to the person who sent you the unsolicited mail.
--
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig
| |
| Nick Landsberg 2004-04-06, 11:33 pm |
| Alan Connor wrote:
> On Wed, 07 Apr 2004 02:10:07 GMT, Robert Melson <melsonr@earthlink.net> wrote:
>
>
>
>
> Well, Miz Manners Melson, I guess you haven't noticed that the man has failed
> to produce evidence for his claims.
>
> And he has been asked to TWICE since then.
>
> He WAS a liar.
>
> So you aren't going to investigate a tool that could possibly help you out
> a great deal because I called a liar a "liar"?
>
> Brilliant.
>
> AC
>
I know I came in late into this discussion, but I've
just about had it with the name-calling.
Listen, dipstick. You have consistently engaged in name
calling and baiting of others. You have consistently required
so-called evidence from others to prove their so-called
claims when they were nothing more than questions about
details of how and why your unsupported assertions would
solve the problem at hand. Time for you to put up or shut
up. Prove, rigorously, why we should believe YOU!
You have all the social graces of the "Tasmanian Devil"
in the Bugs Bunny cartoons, and probably the same
degree of intelligence.
You've called almost everyone else a liar. Please note
that the first recourse of an incompetent is to call everyone
else the same. Similarly for the first recourse of a liar.
Prove you are not. Chapter and verse! Statistics
and percentages based on something more than
a universe of a single user (you). State the published articles
with appropriate statistical anlyses
which we may refer to to validate your claims
of effectiveness. State the control conditions for
the experiment, if there was an experiment.
If there wasn't an experiment with a universe
greater than 1, state why not. What you've got
right now is a load of theory and hot-air. Other
posters have tried to point out possible holes,
to which you have responded with personal attacks
upon the posters.
Not a very good way to win friends and influence
people. As Mr. Melson said, after reading YOUR posts
I wouldn't even consider a C/R system at all,
just because your firetrucking attitude towards
everyone else has turned me completely off
from C/R.
Then again, you could be a spammer who is
trying reverse psychology by getting us to
believe that all proponents of C/R are a**holes,
but that's probably above your level of awareness.
(Pour le bon chat, let bon rat, eh?)
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Stephen K. Gielda 2004-04-06, 11:33 pm |
| In article <yiKcc.17983$Dv2.12567@newsread2.news.pas.earthlink.net>,
zzzzzz@xxx.yyy says...
>
> <snicker>
>
>
Out of curiousity, if your system is as bulletproof as you say, why do
you still need to hide your address?
/steve
--
You simply cannot get more server side control of
your e-mail without running your own mail server and
knowing how to program.
http://www.cotse.net/privacyservice.html
| |
| Scott Dorsey 2004-04-07, 12:34 am |
| Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>OK... to simplify this (for a simpleminded me),
>let's say John Doe's computer gets infected.
>The spamware sends out an Email from John Doe's
>computer and forges the "From:" addy as (e.g.)
>"richardroe@yahoo.com" which it got
>from John Doe's address list.
Okay, sounds familiar.
>Then, as I understand it, the C/R system would
>send out a message to "richardroe@yahoo.com"
>to see if it was a legitimate address? to see
>if "richardroe" had actually sent the original
>email? I'm lost here.
When it gets to the end user who is protected by a
C/R system, the C/R system replies with a message
to richardroe with a secret code, asking him to reply
with that code. If he replies, it starts whitelisting
mail from richardroe and doesn't challenge in the future
when additional mail comes with that return address.
>I think I have it. It's the "innocent third party" thing
>that (hopefully) made me see the light. What I gathered
>from this is, as long as spammers can forge "From:" and
>"Reply To:" headers, then C/R is for all intents and
>purposes, innefective, and may actually be a cure which
>is worse than the disease.
Well, it's effective in that spam doesn't make it to the person
whom the original spam is sent to. But it's still a bad thing,
because of the additional damage of all of the misdirected
challenges.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
| |
| Morely 'I drank what?' Dotes 2004-04-07, 12:34 am |
| While gargling concrete on 06 Apr 2004, "Laurence F. Sheldon, Jr."
<LarrySheldon@cox.net> wrote in news:M6Kcc.1683$WF1.104@okepread02 right
after begin :
> Alan Connor wrote:
>
> I'm certainly not going to consider a water-burning carburetor
> whose inventor seems not to be able to focus on the issues raised.
Not to mention his inability to identify water, caburetors, and focus.
--
Want a custom-built PC designed by gamers, for gamers?
Visit http://kryptonite.pc-gamereview.com
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
| |
| Morely 'I drank what?' Dotes 2004-04-07, 12:34 am |
| While gargling concrete on 06 Apr 2004, Nick Landsberg
<hukolau@NOSPAM.att.net> wrote in news:GYHcc.49053$He5.945792@bgtnsc04-
news.ops.worldnet.att.net right after begin :
> John-Paul Stewart wrote:
>
> [Everything Snipped]
>
> Pardon for coming into this thread late, but
> I have what I think is an honest question.
>
> I thought it was "conventional wisdom" (whatever
> that is) that any kind of response to a spammer
> only encourages them to send more? ("Hey,
> I found a live Email addy, I can sell this
> addy to the next spammer down the street!")
> The end-result being that more and more SPAM
> is generated to your addy for your machine to
> filter (wasting CPU cycles while doing so).
>
> Or maybe I don't understand what is meant
> by a challenge/response system?
You understand perfectly.
Of course, Connor is no longer actually using C/R because his ISP told
him to knock it off, or get a new ISP.
--
Want a custom-built PC designed by gamers, for gamers?
Visit http://kryptonite.pc-gamereview.com
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
| |
| Nick Landsberg 2004-04-07, 12:34 am |
| Scott Dorsey wrote:
> Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
>
> Okay, sounds familiar.
>
>
>
>
> When it gets to the end user who is protected by a
> C/R system, the C/R system replies with a message
> to richardroe with a secret code, asking him to reply
> with that code. If he replies, it starts whitelisting
> mail from richardroe and doesn't challenge in the future
> when additional mail comes with that return address.
Thanks for more clarification, Scott. Now, again, because
I need some handholding here... I take it
that my C/R program sends a message to richardroe@yahoo.com
asking for a reply which echoes the secret code.
What is to prevent a spammer from having an autoreply which
does exactly that? Heck, I can cobble up that shell
script in less than 10 minutes given a Unix/Linux based
system and a decent shell and a decent sendmail
implementation.
(I'm probably overstating the case, but less
than a week, for sure.)
The above assumes that the spammer has not spoofed
the "From:" or the "Reply To:" addy. If they have, then
as you point out below, you get lots of "challenge" messages
to innocent third party users who never sent out the
SPAM in the first place.
[If you're trying to sell more network bandwidth to
someone, this might be a good way to do it ]
I also see what I think is a flaw in the reasoning.
Assume that I subscribe to mailing list "endangered pandas"
and JohnDoe has "endangered pandas" in HIS
address book. Assume I have *whitelisted* "endangered pandas".
JohnDoe gets infected with a spambot which sends out
messages to "endangered pandas" which in turn sends
out messages to however many people subscribe to
that list. Therefore, even the "whitelist" concept
is breakable. Not so?
(Note that this is even before the C/R mechanism
proposed by some.)
The solution would rather seem to be to be to
some way to secure computers from becomming SPAMBOTS,
rather than attack the symptoms?
>
>
>
>
>
>
> Well, it's effective in that spam doesn't make it to the person
> whom the original spam is sent to. But it's still a bad thing,
> because of the additional damage of all of the misdirected
> challenges.
> --scott
>
>
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Ed Murphy 2004-04-07, 1:33 am |
| On Wed, 07 Apr 2004 01:37:27 +0000, Alan Connor wrote:
> But them mail still has headers unique to the mailing list.
What if they change the pattern without giving you advance warning? (If
they give you advance warning, then obviously you can whitelist both the
old and the new patterns.)
| |
|
|
| Steven M (remove cola to reply) 2004-04-07, 1:33 am |
| On Wed, 07 Apr 2004 01:14:33 GMT, Nick Landsberg
<hukolau@NOSPAM.att.net> wrote:
>I think I have it. It's the "innocent third party" thing
>that (hopefully) made me see the light. What I gathered
>from this is, as long as spammers can forge "From:" and
>"Reply To:" headers, then C/R is for all intents and
>purposes, innefective, and may actually be a cure which
>is worse than the disease.
Bingo!
--
Steve M - unspam@houston.rrdirt.com (remove dirt for reply)
"Give up those intimate little dinners for four, unless there are
three other people eating with you." -- attributed to Orson Welles
| |
| Vernon Schryver 2004-04-07, 1:33 am |
| In article <4mLcc.50305$He5.969417@bgtnsc04-news.ops.worldnet.att.net>,
Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
> ...
>
>Thanks for more clarification, Scott. Now, again, because
>I need some handholding here... I take it
>that my C/R program sends a message to richardroe@yahoo.com
>asking for a reply which echoes the secret code.
>What is to prevent a spammer from having an autoreply which
>does exactly that? Heck, I can cobble up that shell
>script in less than 10 minutes given a Unix/Linux based
>system and a decent shell and a decent sendmail
>implementation.
>(I'm probably overstating the case, but less
>than a week, for sure.)
You shouldn't need even 10 minutes to create an account and configure
a `vacation` message. Instead of the `vacation` program, you could
probably use the "user had moved" mechanism now in sendmail. There are
also only about half a bazillion available "autoresponse" packages.
However, few spammers do that because it's too much trouble for too
little gain and too risky. Too few people use C/R systems to make
increasing spam hit rates worth the trouble of playing C/R games.
Contrary to dogma spammers are not too stupid to use tools, but are
interested in things other than UNIX and sendmail. The risk to a
spammer comes from having a fixed IP address or domain name that can
be tied to the spammer.
On other hand, CAN SPAM Act compliant spammers with fixed domain
names often have autoresponders that might well accidentally answer
a challenge in a way that the C/R system thinks is a response.
>I also see what I think is a flaw in the reasoning.
>Assume that I subscribe to mailing list "endangered pandas"
>and JohnDoe has "endangered pandas" in HIS
>address book. Assume I have *whitelisted* "endangered pandas".
>
>JohnDoe gets infected with a spambot which sends out
>messages to "endangered pandas" which in turn sends
>out messages to however many people subscribe to
>that list. Therefore, even the "whitelist" concept
>is breakable. Not so?
No, because we should hope that everyone has whitelisted the SMTP
client that sends the "endangered pandas" mail instead of any message
that contains the phrase "endangered pandas."
> ...
>The solution would rather seem to be to be to
>some way to secure computers from becomming SPAMBOTS,
>rather than attack the symptoms?
Some people have made similar observations.
A start would be to suspend the SuperInfoHypeWay driving privileges
of anyone reckless enough to use Outlook (Express) or to connect
any computer running any Microsoft software to the Internet without
the protection of a real firewall (i.e. not "personal firewall"
snake oil but a separate, special purpose box).
Vernon Schryver vjs@rhyolite.com
| |
| Malcolm Dew-Jones 2004-04-07, 2:33 am |
| Ed Murphy (emurphy42@socal.rr.com) wrote:
: On Wed, 07 Apr 2004 00:53:28 +0000, Alan Connor wrote:
: > Let's see some of these 'mis-directed challenges'.
: >
(Numerous lines snipped below)
I would like to see them also, but not for the same reason as "he who
ought not to be named".
The following are the key lines, but I see clearly it's a virus rejection.
The virus engine obviously isn't scanning the mail until after it has been
received onto the server (appears to be typical of qmail, but qmail is far
from the only system where that is common). These days no server should
ever send back an error message for virus detection, at least not without
checking against a list of non-spoofing virus (e.g. you can probably send
back errors for most word documents containing macro virusses). Ideally
the virus check should occur during the initial reception so that this
problem is avoided entirely while still following the RFC's that require
that errors are reported.
(I see hundreds of messages similar to this.)
In any case, sad to say, but this this isn't an example of a misdirected
challenge.
: X-Virus-Scanned: Symantec AntiVirus Scan Engine
: Subject: failure notice
some key headers in this case
: Hi. This is the qmail-send program at wanote.pair.com.
: I'm afraid I wasn't able to deliver your message to the following addresses.
: This is a permanent error; I've given up. Sorry it didn't work out.
qmail telling you it rejected the mail, at this stage I assume due
to a virus
: Content-Type: application/octet-stream;
: name="document.zip"
: Content-Disposition: attachment;
: filename="document.zip"
yes, a standard zip file virus, this name is very common, I don't
imagine I need to check it to know that.
BTW, I can now confirm that various large sites are blocking all zip
files, but I can only hope they aren't sending bounce messages.
| |
| Jim Richardson 2004-04-07, 3:33 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 06 Apr 2004 21:39:00 -0500,
Sam <sam@email-scan.com> wrote:
> This is a MIME GnuPG-signed message. If you see this text, it means that
> your E-mail or Usenet software does not support MIME signed messages.
>
> --=_mimegpg-ny.email-scan.com-2578-1081305538-0001
> Content-Type: text/plain; format=flowed; charset="US-ASCII"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
>
> Robert Melson writes:
>
>
>
> Here are some previous words of wisdom from Alan Connor:
>
> http://tinyurl.com/23r3f - wherein he claims to be a on a first name basis
> with Bigfoot.
>
> http://tinyurl.com/2gjcy - and here's his tale of getting drugged,
> kidnapped, and molested by Xena, the Warrior Princess.
>
> Alan "Beavis" Connor is our favorite net.kook, in this neck of the woods. He
> pops up every other week or so, blathering about this latest fetish of his.
> ABC inevitably gets thwacked down and lays low for a week or so, before
> popping up in another newsgroup, and performing the same shtick.
>
>
Ok, now *that's* funny.
hehehe, Xena and Bigfoot, who'da thunk it?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAc6AHd90bcYOAWPYRApEbAJ9WitJZYf+9
MFEBvCuzuvbDdmwe0wCgpnLH
xSy7OSdy4ehhfpoFIm5J6Fg=
=8KIB
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
Q: How many Microsoft Programmers does it take to screw in a lightbulb?
A: It cannot be done. You will need to upgrade your house
| |
| Peter Peters 2004-04-07, 5:33 am |
| On Tue, 06 Apr 2004 20:36:22 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>What's so terrible about them? Have you ever signed up for a mailing list?
And what happens to the mail the mailling list software sends you? I'll
answer: It gets trapped in your C/R system and your C/R sends a message
back which isn't understood. So you won't get on the list.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
| |
| Peter Peters 2004-04-07, 5:33 am |
| On Wed, 07 Apr 2004 00:29:21 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>Never heard of a mailing list that didn't have a header that made it
>easy to pick out of the spam.
If you decide on that header it is not spam, spam will get through. Heck
even virusses can get through. Someday somewhere some spammer (or virus
infected system) will send spam (of a virus) to the lists address with
as from one of the people allowed to post to the list.
And don't tell me this won't happen. We have even had this with a
moderated list where only one address was allowed to post. And the 8000
people on the list got the nasty message through the list coming from
that one address.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
| |
| Peter Peters 2004-04-07, 5:33 am |
| On Wed, 07 Apr 2004 01:37:27 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>
>No they don't.
Yes, they do. I checked one of the lists I am on and look and behold the
only thing that is known for this list is the system it is running on.
But a whole lot of other e-mail (and spam) is also going through that
server. So I won't know what is from that list and what not.
There are security reasons as not to show evidence a particular message
is coming from that list or not.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
| |
| Alan Connor 2004-04-07, 5:33 am |
| On Wed, 07 Apr 2004 10:50:47 +0200, Peter Peters <P.G.M.Peters@nospam.utwente.net> wrote:
One of Crazy Ben Finney's best sock puppets.
Ben hates CRs like a Southern Cracker hates Black people.
AC
| |
| Peter Peters 2004-04-07, 6:33 am |
| On Tue, 06 Apr 2004 20:36:21 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>This person plainly doesn't even know what CRs ARE....
As far as I understand it works as follows:
Person X sends a message to person A
The C/R system of person A decides he doesn't know the address X is
using.
The C/R system of person A sends a message to the address X is using.
The person Y (who's address X is using) gets a message from the C/R
system person A is using.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
| |
| Robert Bonomi 2004-04-07, 8:33 am |
| In article <NaKcc.17977$Dv2.11872@newsread2.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>
>Sam is one of the worst trolls on the Internet, with a hundred (at
>least) aliases.
Have you got _proof_ of that? Please list the 100 (at least) aliases.
>He spends his life disrupting newsgroups and posting endless drivel and
>attacking
>anyone who has called him on his twisted lifestyle.
>
>He ought to be locked away in a rubber room under heavy medication.
>
>You have been warned.
Either you have proof of your assertations, or you were looking in the
mirror when you wrote the above (with the wrong pronoun). which is it?
| |
| Ronald D. Edge 2004-04-07, 8:34 am |
| In article <rXIcc.18570$lt2.1253@newsread1.news.pas.earthlink.net>,
zzzzzz@xxx.yyy says...
>
>If you want to learn, then ask questions and listen to the answers.
>
>Otherwise, stay an ignorant XXXX. I couldn't care less.
>
>As for sending me mail? Forget it. I don't want to hear from you.
>
>
>Oh that's just brilliant.
>
>And how many times have you collected that $500?
>
>About as many times as you were accurate above: 0.
>
>Now: You claimed in another post that you receive
>mis-directed CRs regularly.
>
>Until you post examples of these I will not be responding
>to any more of your STUPID posts.
>
>AC
>--
>Pass-List -----> Block-List ----> Challenge-Response
>The key to taking control of your mailbox.
>http://www.uwasa.fi/~ts/info/spamfoil.html
>http://tinyurl.com/3c3ag
You know, I just continue to marvel at the professionalism and cogency
of your arguments. And your language. You could tutor diplomats and
probably foster world peace. Tell us, have you considered authoring
a book, you know along the lines of "How to win friends and influence
people". You could share your rhetorical and communication skills
and gosh golly just make the world a better place, yes sir, no
doubt about it.
--
Ron.
http://edgeinfotech.com
http://mainsleazespam.com
http://iuhoosiers.com
| |
| Ronald D. Edge 2004-04-07, 8:35 am |
| In article <2WJcc.18643$lt2.2079@newsread1.news.pas.earthlink.net>,
zzzzzz@xxx.yyy says...
>
....
>
>Well, Miz Manners Melson, I guess you haven't noticed that the man has failed
>to produce evidence for his claims.
>
>And he has been asked to TWICE since then.
>
>He WAS a liar.
>
>So you aren't going to investigate a tool that could possibly help you out
>a great deal because I called a liar a "liar"?
>
>Brilliant.
>
>AC
>
>--
>Pass-List -----> Block-List ----> Challenge-Response
>The key to taking control of your mailbox.
>http://www.uwasa.fi/~ts/info/spamfoil.html
>http://tinyurl.com/3c3ag
Are you sure you are not Jamie Baillie's twin brother, perhaps separated
at birth? Oh, and the Bigfoot and Xena stories, whoo, boy. You know what
would be fun, drop you in the middle of a pack of survivalists in
real life and watch the resulting action.
--
Ron.
http://edgeinfotech.com
http://mainsleazespam.com
http://iuhoosiers.com
| |
| Ronald D. Edge 2004-04-07, 8:35 am |
| In article <PxKcc.50017$He5.963547@bgtnsc04-news.ops.worldnet.att.net>,
hukolau@NOSPAM.att.net says...
>
>Alan Connor wrote:
>
....
failed[color=darkred]
>
>I know I came in late into this discussion, but I've
>just about had it with the name-calling.
>
>Listen, dipstick. You have consistently engaged in name
>calling and baiting of others. You have consistently required
....
>You have all the social graces of the "Tasmanian Devil"
>in the Bugs Bunny cartoons, and probably the same
>degree of intelligence.
>
....
>"It is impossible to make anything foolproof
>because fools are so ingenious"
> - A. Bloch
Sir, I must, on behalf of Tasmanian devils everywhere, who all fans
of Looney Tunes (how appropriate in this context) know are at heart
gentle and well meaning beasts, this slur on the entire race you
propagate by comparing them to the pathetic troll Alan Connor.
--
Ron.
http://edgeinfotech.com
http://mainsleazespam.com
http://iuhoosiers.com
| |
| Norman L. DeForest 2004-04-07, 9:33 am |
|
On Tue, 6 Apr 2004, Alan Connor wrote:
> On Tue, 6 Apr 2004 16:09:55 -0600 (MDT), Vernon Schryver <vjs@[snip]> wrote:
^^^^^^^^^^^^^^^
[snip]
>
> You are lying.
>
>
> Liar.
>
>
> I don't get any spam and I get all the mail I want to get.
>
> I never have to mess with the program.
>
> If you call that being a "luser", then you are an imbecile as well
> as being a liar.
>
> And you most certainly are a liar.
>
> Everything you wrote above is pure BULLSHIT.
>
> <sigh>
>
> Another spammer telling lies about the only filters they can't beat.
>
> Hey spammer:
>
> Kiss my XXX.
>
> You are denied access to my mailbox.
>
> Live with it.
>
> Find HONEST work.
>
> ROTF
>
> AC
You don't have a clue who you are replying to, do you?[0]
Have a look at these RFCs. See anything they have in common?[1]
http://www.faqs.org/rfcs/std/std51.html
http://www.faqs.org/rfcs/rfc1618.html
http://www.faqs.org/rfcs/rfc1661.html
http://www.faqs.org/rfcs/rfc1717.html
http://www.faqs.org/rfcs/rfc1977.html
http://www.faqs.org/rfcs/rfc1990.html
http://www.faqs.org/rfcs/rfc2290.html
http://www.faqs.org/rfcs/rfc3081.html
Vernon has done more to stop spam than you ever will:
"Distributed Checksum Clearinghouses"
http://www.rhyolite.com/anti-spam/dcc/
"Google Search: dcc spam"
http://www.google.ca/search?q=dcc+s...le+Search&meta=
He and I have had disagreements (on sociological issues, not technical
ones) in the past and I think he has me killfiled. If he speaks on social
issues I would take it with a grain of salt. If he speaks on technical
issues, including combatting spam, you can be pretty sure he knows what he
is talking about.
He calls a spade a spade (and not a "multipurpose, manually-operated
granular substance relocation tool") -- even when it's not popular.
And I have never seen him lying.
[0] NANAE regulars might prefer:
s/ who you are replying to//
[1] Hint, look at all of the names mentioned in those RFCs.
--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af380@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002
| |
| Norman L. DeForest 2004-04-07, 9:33 am |
|
On Wed, 7 Apr 2004, Alan Connor wrote:
[snip]
> On the rare occassion that I send a C-R to an innocent party (I have to
> assume that his has happenned at least once.) whose address has been forged,
> then I have done them the favor of letting them know that it is being forged,
> which can cause a person one hell of a lot of trouble.
[snip]
I can assure you that in most cases where it would matter, the forgery
victim already knows his or her address is being forged. One user at my
ISP had to get a new address because of it:
http://www.chebucto.ns.ca/Chebucto/...02/policy.shtml
; Chebucto Community Net
;
; AGM 2002 Policy Committee Report
[snip]
; There were several cases of users being abused however, when viruses
; and spammers used some innocent third party's email address as the
; forged reply address on their junkmail. In one case, the user received
; thousands of bounced messages a day for a three week period due to a
; badly organized spammer bulk mailout. The Policy Committee generally
; gets a complaint or two a month from people spammed with email falsely
; claiming to come from Chebucto and only examining the originating IP
; address of the email in the full message headers tells the true source
; of the spam (which was not Chebucto in each case).
[snip]
--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af380@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002
| |
| Robert Bonomi 2004-04-07, 11:33 am |
| Its a rare day, when I get to validly correct Vernon, but today is one of
those days! Correction below.
In article <c502ke$22ej$1@calcite.rhyolite.com>,
Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
>In article <4mLcc.50305$He5.969417@bgtnsc04-news.ops.worldnet.att.net>,
>Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
>You shouldn't need even 10 minutes to create an account and configure
>a `vacation` message. Instead of the `vacation` program, you could
>probably use the "user had moved" mechanism now in sendmail. There are
>also only about half a bazillion available "autoresponse" packages.
>
>However, few spammers do that because it's too much trouble for too
>little gain and too risky. Too few people use C/R systems to make
>increasing spam hit rates worth the trouble of playing C/R games.
>Contrary to dogma spammers are not too stupid to use tools, but are
>interested in things other than UNIX and sendmail. The risk to a
>spammer comes from having a fixed IP address or domain name that can
>be tied to the spammer.
>
>On other hand, CAN SPAM Act compliant spammers with fixed domain
>names often have autoresponders that might well accidentally answer
>a challenge in a way that the C/R system thinks is a response.
>
>
>
>No, because we should hope that everyone has whitelisted the SMTP
>client that sends the "endangered pandas" mail instead of any message
>that contains the phrase "endangered pandas."
For once Vernon *completely* misses the point! <grin>
The previous poster's scenario was:
a) previous poster is subscribed to the "endangered pandas" _mailing-list_
b) JohnDoe has the submission address for the "endangered pandas" mailing-list
on his machine.
c) previous poster has whitelisted the 'sender' of the "endangered pandas"
mailing-list. (based on some actual, functional, unique identification
of messages from that mailing-list -- not the words 'endangered pandas'
in the content.)
d) JohnDoe gets infected with a virus/spambot, that harvests the email
addressed found on _JohnDoe's_ machine, and fires off it's spam to the
"endangered pandas" mailing-list submission address.
In this scenario *yes* the spam gets through to the C/R "protected" mailbox,
because the whitelist kicks in _before_ the spam filters.
It is debatable as to whether or not this is a 'breaking' of the "whitelist
concept" -- the whitelist _did_ work 'as designed'. It let something through
that (probably) would have been blocked. A "false negative", on classifying
the message as spam.
On C/R in general --
For the "early adopter", challenge/response systems *are* very
effective/convenient for the person who uses it. *AT*THE*EXPENSE* of the
person sending them mail.
If _widely_deployed_, however, it *breaks*. For *any* of the following
reasons:
1) If there is a 'standardized' format for the challenge, it becomes
"trivial" to automate acknowledgement responses. And the spam will
flow, as the spammers _do_ ack the challenge. H*ll, they'll send an
innocent message first, ack the challenge, and then *forge* that same
sender address in mail from 'somewhere else', and "like grass through
a goose", it slides right past the spam filters. So, to be effective,
everybody needs to 'roll their own'. Approximately 99.85% of the
existing internet users are _not_ capable of doing this.
2) When someone who is, themselves, running a C/R system, sends an initial
message to somebody else, who is *also_ running a C/R system, the sender
*does*not*know* what to 'whitelist' so that the 'remote challenge'
will not be greeted with a challenge from *his* system. Challenges
do *not* necessarily come from the same email address, mailserver, IP
address, or even DOMAIN NAME, as the address to which the original mail
was sent. Anyone who has attempted to correspond with a reporter by
the name of Hiawatha Bray is fully aware of this. His challenge-
response system has _exactly_ those characteristics -- the challenge
mail comes from a point that cannot be associated with the address to
which the original mail was sent -- other than by reading the content
of the challenge message, which contains his *name*.
3) a large-scale 'joe job' results in, not only massive numbers of
bounce/undeliverable messages, but an *ADDITIONAL* massive influx
of 'challenges'. The _larger_ the number of people using C/R, the
*more*effective* the "joe job" becomes as a means of harassment.
What's more, if the person that is the -victim- of the "joe job" is
using C/R (remember it _is_ "widely deployed"), they will be *SENDING*
tens or possibly HUNDREDS of thousands of 'challenges', in response
to those 'unsolicited' challenges from the original spam victims.
{ Note: in _this_ situation, it's HARD to argue that the challenges
the joe-job 'victim' is sending are *not* spam -- they are bulk
(substantially identical), they are e-mail, and it is very debatable
that they are 'solicited' -- they are being sent to someone who mailed
a specific query: "Did you send this message? if yes, please confirm.
if not, please do nothing." As they are -neither- a 'confirmation',
or a 'do nothing', it *IS* arguable that they are 'unsolicited'. }
Which begs the question: Should a C/R user respond to a challenge generated
in response to _their_ challenge of an incoming mail?
If the putative original sender did _not_ send the message (as per the example
above), and *is* using C/R, this WILL happen. (note: *one* forged message has
now become _THREE_ complete emails, without any person having seen anything.)
If _not_, why should *anybody* respond to _his_ challenges? He apparently
expects the 'rest of the world' to do more than _he_ is willing to do.
Obviously, this is _unworkable_, if the attitude evinced becomes commonly held.
OTOH, if the answer is "yes", then _how_ does he 'recognize' the incoming
challenge and whitelist it? And we're right back to the issue mentioned
in 1), above. <wry grin>
| |
| John-Paul Stewart 2004-04-07, 1:36 pm |
| Alan Connor wrote:
> On Tue, 06 Apr 2004 19:08:56 -0400, John-Paul Stewart <jpstewart@binaryfoundry.ca> wrote:
>
>
>
> I get it. You are lying.
>
>
>
>
> 5 times a day? From C/R systems? Nope.
I didn't say they were. Read what I wrote. "Bounce messages from
mailservers".
> Don't you know the difference between a client filter and an MTA?
Don't you see the parallels between a mis-directed bounce message and a
mis-directed challenge? In both cases mail is being sent to the wrong
place due to a forged "From".
>
>
> You need to use a system like the ones found in my sig.
>
> Then you wouldn't have silly problems like this.
Hmm...let's see...
1) Spammer sends message forging my address in the "From" field.
2) Recipient's mail server sends bounce message to me
3) My mail system sends challenge to the mail daemon from step #2
Boy...those mail admins will love me, first getting spammed, then
getting hit with my challenges. Nice.
>
> You don't block mail from your OWN address?
a) The above was meant to illustrate that spammers do indeed forge from
addresses. This is a counter proof of the claim you made in message
<%5Gcc.17700$Dv2.10977@newsread2.news.pas.earthlink.net> that they do
not do this.
b) No, I don't block e-mail from myself. Ever hear of "cron"? It sends
legitimate e-mail from me to me all the time. Blocking e-mail from
myself would block all of cron's messages. I also have several custom
admin scripts that send e-mail from me to me on a daily basis. Getting
e-mail from yourself is actually quite useful.
| |
| Kevin S. Wilson 2004-04-07, 1:37 pm |
| On Wed, 07 Apr 2004 00:53:22 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>The only people who do here, are all the spammers
>posing as spamhaters in order to discredit the
>one type of filter they can't beat.
That's twice you've made that claim. Now, please list the names or
posting handles of all these spammers posing as spam-haters.
Or stop bleating about them.
--
Kevin S. Wilson, Tech Writer at a university Somewhere in Idaho
"The telephone, mail system and email were originally meant to be one-
to-one methods of communication and that is the way they should have remained."
--Mark Ferguson, Crusader, longing for the days before conference calls and family Christmas newsletters
| |
| Nick Landsberg 2004-04-07, 1:37 pm |
| Robert Bonomi wrote:
> Its a rare day, when I get to validly correct Vernon, but today is one of
> those days! Correction below.
>
> In article <c502ke$22ej$1@calcite.rhyolite.com>,
> Vernon Schryver <vjs@calcite.rhyolite.com> wrote:
>
[ Much Snippage ]
Thank you both for your explanations, much appreciated.
Further observation below.
[color=darkred]
>
>
> On C/R in general --
>
> For the "early adopter", challenge/response systems *are* very
> effective/convenient for the person who uses it. *AT*THE*EXPENSE* of the
> person sending them mail.
>
> If _widely_deployed_, however, it *breaks*. For *any* of the following
> reasons:
>
> 1) If there is a 'standardized' format for the challenge, it becomes
> "trivial" to automate acknowledgement responses. And the spam will
> flow, as the spammers _do_ ack the challenge. H*ll, they'll send an
> innocent message first, ack the challenge, and then *forge* that same
> sender address in mail from 'somewhere else', and "like grass through
> a goose", it slides right past the spam filters. So, to be effective,
> everybody needs to 'roll their own'. Approximately 99.85% of the
> existing internet users are _not_ capable of doing this.
>
> 2) When someone who is, themselves, running a C/R system, sends an initial
> message to somebody else, who is *also_ running a C/R system, the sender
> *does*not*know* what to 'whitelist' so that the 'remote challenge'
> will not be greeted with a challenge from *his* system. Challenges
> do *not* necessarily come from the same email address, mailserver, IP
> address, or even DOMAIN NAME, as the address to which the original mail
> was sent. Anyone who has attempted to correspond with a reporter by
> the name of Hiawatha Bray is fully aware of this. His challenge-
> response system has _exactly_ those characteristics -- the challenge
> mail comes from a point that cannot be associated with the address to
> which the original mail was sent -- other than by reading the content
> of the challenge message, which contains his *name*.
>
> 3) a large-scale 'joe job' results in, not only massive numbers of
> bounce/undeliverable messages, but an *ADDITIONAL* massive influx
> of 'challenges'. The _larger_ the number of people using C/R, the
> *more*effective* the "joe job" becomes as a means of harassment.
> What's more, if the person that is the -victim- of the "joe job" is
> using C/R (remember it _is_ "widely deployed"), they will be *SENDING*
> tens or possibly HUNDREDS of thousands of 'challenges', in response
> to those 'unsolicited' challenges from the original spam victims.
>
> { Note: in _this_ situation, it's HARD to argue that the challenges
> the joe-job 'victim' is sending are *not* spam -- they are bulk
> (substantially identical), they are e-mail, and it is very debatable
> that they are 'solicited' -- they are being sent to someone who mailed
> a specific query: "Did you send this message? if yes, please confirm.
> if not, please do nothing." As they are -neither- a 'confirmation',
> or a 'do nothing', it *IS* arguable that they are 'unsolicited'. }
>
> Which begs the question: Should a C/R user respond to a challenge generated
> in response to _their_ challenge of an incoming mail?
>
> If the putative original sender did _not_ send the message (as per the example
> above), and *is* using C/R, this WILL happen. (note: *one* forged message has
> now become _THREE_ complete emails, without any person having seen anything.)
In pathological situations, you might even get an infinite loop
here, or until one or both accuse the other of deliberate
spamming put each other in their own "blocked" list.
>
> If _not_, why should *anybody* respond to _his_ challenges? He apparently
> expects the 'rest of the world' to do more than _he_ is willing to do.
> Obviously, this is _unworkable_, if the attitude evinced becomes commonly held.
>
> OTOH, if the answer is "yes", then _how_ does he 'recognize' the incoming
> challenge and whitelist it? And we're right back to the issue mentioned
> in 1), above. <wry grin>
>
What you have described is an almost classic "Catch 22"
scenario. If everyone was a good citizen and played
by the rules, then C/R should work, but, if everyone
was a good citizen and played by the rules,
we wouldn't need it in the first place.
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Vernon Schryver 2004-04-07, 2:33 pm |
| In article <5ag7709ir6irff3hquf98rp8c2g7hmp17d@4ax.com>,
Peter Peters <peter.peters@utwente.nl> wrote:
>
>If you decide on that header it is not spam, spam will get through. Heck
>even virusses can get through. Someday somewhere some spammer (or virus
>infected system) will send spam (of a virus) to the lists address with
>as from one of the people allowed to post to the list.
> ...
It is also true that some mostly legitimate mailing lists are very
difficult to whitelist. Every message for some lists has a unigue
envelope and header sender, comes from any of a large nubmer of IP
addresses that are not listed anywhere (except in blacklists), and
lack any stable identifying header that I and other people have been
able to figure out.
I say based on experience with the DCC. The DCC detects bulk mail.
Rejecting spam with the DCC requires the addition of local, ideally
per-user information about which bulk mail is solicited in the form
of whitelists.
Vernon Schryver vjs@rhyolite.com
| |
| Ed Murphy 2004-04-07, 2:33 pm |
| On Wed, 07 Apr 2004 15:07:05 +0000, Robert Bonomi wrote:
> 1) If there is a 'standardized' format for the challenge, it becomes
> "trivial" to automate acknowledgement responses. And the spam will
> flow, as the spammers _do_ ack the challenge. H*ll, they'll send an
> innocent message first, ack the challenge, and then *forge* that same
> sender address in mail from 'somewhere else', and "like grass through
> a goose", it slides right past the spam filters. So, to be effective,
> everybody needs to 'roll their own'. Approximately 99.85% of the
> existing internet users are _not_ capable of doing this.
Alan explicitly states that users of his system are expected to do
this. Then again, a high percentage of Internet users use Windows,
which typically won't run his system at all.
> 2) When someone who is, themselves, running a C/R system, sends an
> initial
> message to somebody else, who is *also_ running a C/R system, the
> sender *does*not*know* what to 'whitelist' so that the 'remote
> challenge' will not be greeted with a challenge from *his* system.
> Challenges do *not* necessarily come from the same email address,
> mailserver, IP address, or even DOMAIN NAME, as the address to
> which the original mail was sent. Anyone who has attempted to
> correspond with a reporter by the name of Hiawatha Bray is fully
> aware of this. His challenge- response system has _exactly_ those
> characteristics -- the challenge mail comes from a point that
> cannot be associated with the address to which the original mail
> was sent -- other than by reading the content of the challenge
> message, which contains his *name*.
Alan explicitly states that his system cuts off the infinite loop
after (I think) the third message from a single unknown address. Of
course, I wouldn't bet so much as a nickel that he actually implemented
it correctly.
If Bray's C/R system uses a different From: address for each challenge,
then it would indeed draw Alan's system into an infinite loop.
| |
| Morely 'spam is theft' Dotes 2004-04-07, 3:33 pm |
| Bruce Barnett <spamhater95+U040407080011@grymoire.com> wrote in news:c50qlg
$n22$1@208.20.133.66:
> "Morely 'I drank what?' Dotes" <morelydotes@spamblocked.com> writes:
>
>
> Is there where I respond "Cut it out, Ritzman."?
> If you are serious, then we have a definite nomination to KOTM.
I am serious.
Consider the nomination to be open for motions.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Don't spam <A HREF="mailto:remote-printer.Mary_Higgins/Investor_Relations@
12029429634.iddd.tpc.int">this.</a>
| |
| Morely 'spam is theft' Dotes 2004-04-07, 4:33 pm |
| InactiveX666@hotmail.com (Ronald D. Edge) wrote in news:bfScc.357$Hf.190778
@newshog.newsread.com:
> Are you sure you are not Jamie Baillie's twin brother, perhaps separated
> at birth? Oh, and the Bigfoot and Xena stories, whoo, boy. You know what
> would be fun, drop you in the middle of a pack of survivalists in
> real life and watch the resulting action.
Society for Prevention of Cruelty to Survivaliss on line 1, Food and Drug
Administration on Line 2, and some Neanderthal making sexually suggestive
grunting sounds on line 3 - all I can understand is "Bigfoot not molest
kookieboi." Or maybe it was "now."
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Don't spam <A HREF="mailto:remote-printer.Mary_Higgins/Investor_Relations@
12029429634.iddd.tpc.int">this.</a>
| |
| Morely 'spam is theft' Dotes 2004-04-07, 4:33 pm |
| "Norman L. DeForest" <af380@chebucto.ns.ca> wrote in
news:Pine.GSO.3.95.iB1.0.1040407091904.25073A-100000@halifax.chebucto.ns.ca
:
> On Tue, 6 Apr 2004, Alan Connor wrote:
>
>
> You don't have a clue
That was all you needed to say, Norman.
(re: Vernon)
> He and I have had disagreements (on sociological issues, not technical
> ones) in the past and I think he has me killfiled. If he speaks on
> social issues I would take it with a grain of salt. If he speaks on
> technical issues, including combatting spam, you can be pretty sure he
> knows what he is talking about.
<AOL>Knock me off a piece of that.</AOL>
He's an asocial curmudgeon, but on technical issues, he's a god.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Don't spam <A HREF="mailto:remote-printer.Mary_Higgins/Investor_Relations@
12029429634.iddd.tpc.int">this.</a>
| |
|
|
| Laurence F. Sheldon, Jr. 2004-04-07, 7:34 pm |
| Sam wrote:
> Robert Bonomi writes:
>
>
>
> That's not fair! Beavis will quickly run out of fingers.
Can you prove that?
--
Requiescas in pace o email
| |
| Peter Köhlmann 2004-04-07, 7:34 pm |
| Laurence F. Sheldon, Jr. wrote:
> Sam wrote:
>
>
> Can you prove that?
>
Well, Alan will count "one, two, three, many..."
--
Yield to Temptation ... it may not pass your way again.
-- Lazarus Long, "Time Enough for Love"
| |
| Nick Landsberg 2004-04-07, 7:34 pm |
| Sam wrote:
> Robert Bonomi writes:
>
>
>
> That's not fair! Beavis will quickly run out of fingers.
>
Naw, he only gets flummoxed when he has to drop his
drawers to count past 20
--
"It is impossible to make anything foolproof
because fools are so ingenious"
- A. Bloch
| |
| Morely 'spam is theft' Dotes 2004-04-07, 8:33 pm |
| "Laurence F. Sheldon, Jr." <LarrySheldon@cox.net> wrote in news:LV%cc.1284
$wb4.470@okepread02:
>
> Can you prove that?
I could *arrange* it.
<SFX: whetstone on razor-sharp stilleto>
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Don't spam <A HREF="mailto:remote-printer.Mary_Higgins/Investor_Relations@
12029429634.iddd.tpc.int">this.</a>
| |
| Laurence F. Sheldon, Jr. 2004-04-07, 9:33 pm |
| Nick Landsberg wrote:
> Naw, he only gets flummoxed when he has to drop his
> drawers to count past 20
I'm confused. How does that help?
--
Requiescas in pace o email
| |
| Alan Connor 2004-04-07, 9:33 pm |
| On Wed, 07 Apr 2004 19:38:15 -0500, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
>
>
> Nick Landsberg wrote:
>
>
> I'm confused. How does that help?
> --
> Requiescas in pace o email
>
Nah. I can make it all the way to 100....
:-)
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-07, 9:33 pm |
| On Wed, 07 Apr 2004 23:31:21 GMT, Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>
> Sam wrote:
>
>
> Naw, he only gets flummoxed when he has to drop his
> drawers to count past 20
>
> --
> "It is impossible to make anything foolproof
> because fools are so ingenious"
> - A. Bloch
You sure aren't. So there are exceptions to the rule.
Sam is the worst troll on the Usenet.
Sam/+-/Goldilocks/live free/ ... ad infinitum
He should be in a rubber room under heavy medication.
I am NOT kidding.
Nor is it at all surprising that you find his company
congenial.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-07, 9:33 pm |
| On Wed, 07 Apr 2004 18:12:41 -0500, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
>
You REALLY need to do some homework.
Try the websites in my sig.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-07, 9:33 pm |
| On 7 Apr 2004 23:45:03 GMT, Morely 'spam is theft' Dotes <MorelyDotes@spamblocked.com> wrote:
Why do so many spammers pretend to be spam haters?
Do they hate themselves?
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Alan Connor 2004-04-07, 11:33 pm |
| On 8 Apr 2004 01:34:16 GMT, Bruce Barnett <spamhater95+U040407213207@grymoire.com> wrote:
>
>
> vjs@calcite.rhyolite.com (Vernon Schryver) writes:
>
>
> Exactly. The only way a C/R pass filter can work in these cases is to
> fortell the future.
>
> --
> Sending unsolicited commercial e-mail to this account incurs a fee of
> $500 per message, and acknowledges the legality of this contract.
Try spamming me then.
<snicker>
Your hatred of CRs is one that I have only seen in spammers.
They hate them because they can't beat them.
You couldn't spam me if your life depended on it, and I
wouldn't even know you had tried.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Ed Murphy 2004-04-07, 11:33 pm |
| On Wed, 07 Apr 2004 19:38:15 -0500, Laurence F. Sheldon, Jr. wrote:
> Nick Landsberg wrote:
>
>
> I'm confused. How does that help?
"Day 171 of captivity. I've sprouted another finger. Counting the one
from yesterday... <glances down> ...I'm up to eleven."
-Stewie, _Family Guy_
| |
| Seth Breidbart 2004-04-08, 1:43 am |
| In article <ciIcc.18525$lt2.13201@newsread1.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>On 6 Apr 2004 20:33:55 -0400, Scott Dorsey <kludge@panix.com> wrote:
>
>Let's see some of these 'mis-directed challenges'.
>
>And DO include *all* the headers.
>
>I think you are a liar.
I know Scott. He isn't a liar. You are a kook.
Seth
| |
| Seth Breidbart 2004-04-08, 1:43 am |
| In article <zm1dc.657$k05.339@newsread2.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>Sam is the worst troll on the Usenet.
And you're the best?
Seth
| |
| axlq in California 2004-04-08, 1:43 am |
| In article <ciIcc.18525$lt2.13201@newsread1.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>Let's see some of these 'mis-directed challenges'.
>
>And DO include *all* the headers.
I'll show you one, if you show me your email address which is
supposedly so well protected by your C/R system.
Put up or shut up.
-A
| |
| Norman L. DeForest 2004-04-08, 1:43 am |
|
On 7 Apr 2004, Morely 'spam is theft' Dotes wrote:
> "Norman L. DeForest" <af380@chebucto.ns.ca> wrote in
> news:Pine.GSO.3.95.iB1.0.1040407091904.25073A-100000@halifax.chebucto.ns.ca
> :
>
>
> That was all you needed to say, Norman.
Did you miss the footnote?
[snip]
: You don't have a clue who you are replying to, do you?[0]
[snip]
: [0] NANAE regulars might prefer:
: s/ who you are replying to//
[snip]
--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af380@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002
| |
| Alan Connor 2004-04-08, 1:44 am |
| On Wed, 07 Apr 2004 00:53:28 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
Sorry Seth. I have heard all of your bullshit before.
I don't like spammers, even talking to them on the Usenet.
Just have fun and I will regularly post the truth about mail filters
that use CRs and people will decide for themselves.
Have a nice day.
You'll have to find someone else's time to waste.
Done.
AC
| |
| Jochen Bern 2004-04-08, 2:33 am |
| Alan Connor wrote:
> On 8 Apr 2004 01:34:16 GMT, Bruce Barnett <spamhater95+U040407213207@grymoire.com> wrote:
[i.e., pre-whitelisting mailinglist subscriptions][color=darkred]
> Try spamming me then.
That's not *quite* the functionality whose feasability or
non-feasability we're discussing here, is it?
> Your hatred of CRs is one that I have only seen in spammers.
> They hate them because they can't beat them.
WRONG. As long as we're speaking of challenges of the "reply to this
email (using the unique Reply-To: address)" type, all it takes is to
joe-job some address with a poorly set up autoresponder. (Unless, of
course, the C/R system *itself* is not quite up to par and solicits
"responses" even from *proper* autoresponders - in *that* case, even the
subscription address of a mailinglist doing confirmed opt-in will do!)
Don't tell me that malconfigured stuff "shouldn't exist, and will get
culled due to complaints". I've heard that about open relays galore, and
they're *still* in existence. (Matter of fact, I know a certain
non-marginal MTA software that CANNOT be configured so as to completely
close relaying; ORDB knows how to trigger the relaying, and the vendor
openly states in his release notes that they know about it, and are NOT
going to fix it.)
Speaking of spamming ... anyone else wondering whether we could cut down
the crossposting a bit? (I'm butting in via c.m.sendmail.)
Regards,
J. Bern
| |
| Norman L. DeForest 2004-04-08, 3:36 am |
|
On Wed, 7 Apr 2004, John-Paul Stewart wrote:
> Alan Connor wrote:
[snip][color=darkred]
>
> a) The above was meant to illustrate that spammers do indeed forge from
> addresses. This is a counter proof of the claim you made in message
> <%5Gcc.17700$Dv2.10977@newsread2.news.pas.earthlink.net> that they do
> not do this.
>
> b) No, I don't block e-mail from myself. Ever hear of "cron"? It sends
> legitimate e-mail from me to me all the time. Blocking e-mail from
> myself would block all of cron's messages. I also have several custom
> admin scripts that send e-mail from me to me on a daily basis. Getting
> e-mail from yourself is actually quite useful.
Another example:
I am a volunteer user-support person at my ISP. (It's a non-profit
community net operated primarily by volunteers.) When I send a reply
to a user and to the list for the user-support answers archives, I get a
copy of the answer with my address in the "From:" header. Were I to fail
to get those messages, I would be unable to detect when there was a
problem with the list or a particular message to the list.
I have had a few of my own messages flagged as possible spam, most often
when I was telling a user how to get below quota and described how to
tag files "to be removed". I use that phrase because lynx uses the 'r'
command for "remove". If I were to use the term "deleted" instead of
"removed", some users might try to use the 'd' command (which is the
command for "download" in lynx). If I suggest software to a user
and provide a URL that ends in ".exe", that, too, is sometimes flagged
as possible spam. Replies that tell a user how to handle spam that quotes
part of the spam can also get flagged as possible spam.
--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af380@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002
| |
| Chris F.A. Johnson 2004-04-08, 4:33 am |
| On Thu, 08 Apr 2004 at 04:52 GMT, axlq in California wrote:
> In article <ciIcc.18525$lt2.13201@newsread1.news.pas.earthlink.net>,
> Alan Connor <xxxx@yyy.zzz> wrote:
>
> I'll show you one, if you show me your email address which is
> supposedly so well protected by your C/R system.
>
> Put up or shut up.
It's no coincidence that Alan switched from posting with
<alanconnor@earthlink.net> to <xxxxxx@xxxx.xxx> at the same time
that he started promoting his "infallible" spam blocker.
--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
========================================
===========================
My code (if any) in this post is copyright 2004, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License
| |
| Ed Murphy 2004-04-08, 5:33 am |
| On Thu, 08 Apr 2004 07:51:31 +0000, Chris F.A. Johnson wrote:
> On Thu, 08 Apr 2004 at 04:52 GMT, axlq in California wrote:
>
> It's no coincidence that Alan switched from posting with
> <alanconnor@earthlink.net> to <xxxxxx@xxxx.xxx> at the same time
> that he started promoting his "infallible" spam blocker.
A Google search on <alanconnor@earthlink.net> turns up the following
interesting tidbit:
http://www.talkroot.com/archive/topic/3015-1.html
(I'm editing the exchange to fix a typo, and to indicate which parts
are input and which parts are output.)
> telnet mx3.earthlink.net 25
Trying 207.217.125.18...
Connected to mx3.earthlink.net.
Escape character is '^]'.
220 kite EL_3_9_13 /EL_3_9_13 ESMTP EarthLink SMTP Server <date>
> HELO midwestcs.com
250 kite Hello midwestcs.com [206.222.212.237], please to meet you
> MAIL FROM:<clewis@nortelnetworks.com>
250 <clewis@nortelnetworks.com>... Sender ok
> RCPT TO:<alanconnor@earthlink.net>
250 <alanconnor@earthlink.net>... Recipient ok
> DATA
354 Enter mail, end with "." on a line by itself
> From: Chris Lewis <clewis@nortelnetworks.com>
> To: alanconnor@earthlink.net
> Subject: testing C-R systems
>
> Hi.
>
> This is wayne@midwestcs.com and I'm just giving Chris Lewis your
> email address. Yes, this will be unsolicited to Chris, but since I'm
> only sending only message, it is not bulk.
> .
250 1auwZ87kq3NZFkD0 Message accepted for delivery
> quit
221 kite closing connection
Connection closed by foreign host.
| |
| Laurence F. Sheldon, Jr. 2004-04-08, 10:33 am |
| Bruce Barnett wrote:
> Alan Connor <zzzzzz@xxx.yyy> writes:
I'm sorry Bruce. You represent a leak in my filters that must be
plugged.
--
Requiescas in pace o email
| |
| Morely 'spam is theft' Dotes 2004-04-11, 2:38 pm |
| "Norman L. DeForest" <af380@chebucto.ns.ca> wrote in
news:Pine.GSO.3.95.iB1.0.1040408015130.11407B-100000@halifax.chebucto.ns.ca:
> Did you miss the footnote?
Yep.
--
Tired of spam in your mailbox?
Come to http://www.spamblocked.com
Don't spam <A HREF="mailto:remote-printer.Mary_Higgins/Investor_Relations@
12029429634.iddd.tpc.int">this.</a>
| |
| Seth Breidbart 2004-04-11, 2:38 pm |
| In article <lj5dc.937$k05.880@newsread2.news.pas.earthlink.net>,
Alan Connor <xxxx@yyy.zzz> wrote:
>On Wed, 07 Apr 2004 00:53:28 GMT, Alan Connor <zzzzzz@xxx.yyy> wrote:
>
>Sorry Seth. I have heard all of your bullshit before.
That's why you replied to yourself?
>I don't like spammers, even talking to them on the Usenet.
Neither do I, so I reveal their lies when appropriate.
>Just have fun and I will regularly post the truth about mail filters
>that use CRs and people will decide for themselves.
And you will just find others posting the facts that you try to conceal.
>You'll have to find someone else's time to waste.
I'm trying to keep naive newbies from being fooled by your claims. It
looks like I'm succeeding.
(It even looks like your own ISP agrees with the rest of us [tinrou]
that your system is abusive.)
Seth
| |
| Alan Connor 2004-04-11, 2:38 pm |
|
The design of an effective mail filter using Challenge-Responses
----------------------------------------------------------------
pass-list ---------> block-list (content-filter) ---------> Challenge-Response
Along with many others, I use a filter designed like the above:
I never see any spam.
I send out very few C-Rs.
I don't have to mess with my filter at all.
Spam is just gone from my life, no muss and no fuss.
The only complaint I have ever had was from a domain that turned
out to be on the dnsbl (dns blacklist) for spamming.
Anyone can reach me with no problem if they use their real return
address. And read their mail...
In some ways, Challenge-Responses are like Caller-ID for phones: Someone
who wants to communicate with you must use their real return address, and
actually read the mail there.
The mail must be from someone who wants to establish a *two-way* communications
link with you, not from someone who just wants you to buy something.
(Note that I subscribe, by *choice*, to many commercial mailing lists.)
On the rare occassion that I send a C-R to an innocent party (I have to
assume that his has happenned at least once.) whose address has been forged,
then I have done them the favor of letting them know that it is being forged,
which can cause a person one hell of a lot of trouble.
They have my real address and are told in the C-R that I have a copy
of the mail if they need it.
Like I said: ONE complaint, ever, and from spammers.
C-Rs are only one stage, and the final stage, of an effective mail filter
that is designed like so:
PASSLIST
Where every friend, associate, commercial mailing list, discussion
mailing list, business, and non-profit org is given free access
to my inbox with my consent.
Anyone you send mail to must be passlisted.
This is where you make SURE you get all the mail you REALLY need
to get, or just want.
BLOCKLIST (Content-Filter)
General: to kill most of the spam. You can use SpamAssasin here
called by procmail. Or just use good procmail recipes.
Specific: where domains and addresses are killed for various
offenses, generally repeated C-Rs that aren't returned.
(Do remember to blocklist your own address, or some clown will
send mail to you with your own address on the From: line and
set up a mail loop.)
You just can't catch all the spam with a content-filter like
SpamAssassin. If you even try, you will end up losing mail
that isn't spam, and getting some spam anyway. And you have
to update your filters all the time to keep abreast of the
spammers.
(As well as save the spam to look through to make sure there
isn't any mail you want in there, which rather defeats the
whole purpose of a spam filter, in my opinion. I don't want
to ever see that garbage.)
Better to just kill the mail you KNOW is spam, and send a
C-R to the few that your content filter isn't sure about.
Most people that use these filters block any mail from
non-passlisted addresses that doesn't have a valid local
address alone on the To: line.
This kills, of itself, the vast majority of spam, so that
no un-necessary C-Rs are sent out to whatever address
they have chosen to present as their return address.
If mail is received from an address twice that fails to
return a C-R, that address is blocklisted automatically,
and any further mail from that address is sent to /dev/null.
CHALLENGE-RESPONSE
A little note that asks the receiver to paste a password on the
Subject: line and return it.
The Subject line on the C-R should have Re: original subject
on it.
This forces people to use their actual email address if they want
me to see their posts.
(And to read their mail...)
This is only required once. From then on, it's as if there is no
filter on my mail from their perspective.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Spambo 2004-04-11, 2:38 pm |
| Alan Connor <xxxx@yyy.zzz> wrote:
> [snip]
>
> Anyone can reach me with no problem if they use their real return
> address. And read their mail...
Liar.
My mail server continues to claim that xxxx@yyy.zzz is invalid - even
when I use a real return address.
> [snip]
| |
| Alan Connor 2004-04-11, 2:38 pm |
| On Thu, 08 Apr 2004 18:46:18 GMT, Spambo <Spambo83qodg02@sneakemail.com> wrote:
>
The design of an effective mail filter using Challenge-Responses
----------------------------------------------------------------
pass-list ---------> block-list (content-filter) ---------> Challenge-Response
Along with many others, I use a filter designed like the above:
I never see any spam.
I send out very few C-Rs.
I don't have to mess with my filter at all.
Spam is just gone from my life, no muss and no fuss.
The only complaint I have ever had was from a domain that turned
out to be on the dnsbl (dns blacklist) for spamming.
Anyone can reach me with no problem if they use their real return
address. And read their mail...
In some ways, Challenge-Responses are like Caller-ID for phones: Someone
who wants to communicate with you must use their real return address, and
actually read the mail there.
The mail must be from someone who wants to establish a *two-way* communications
link with you, not from someone who just wants you to buy something.
(Note that I subscribe, by *choice*, to many commercial mailing lists.)
On the rare occassion that I send a C-R to an innocent party (I have to
assume that his has happenned at least once.) whose address has been forged,
then I have done them the favor of letting them know that it is being forged,
which can cause a person one hell of a lot of trouble.
They have my real address and are told in the C-R that I have a copy
of the mail if they need it.
Like I said: ONE complaint, ever, and from spammers.
C-Rs are only one stage, and the final stage, of an effective mail filter
that is designed like so:
PASSLIST
Where every friend, associate, commercial mailing list, discussion
mailing list, business, and non-profit org is given free access
to my inbox with my consent.
Anyone you send mail to must be passlisted.
This is where you make SURE you get all the mail you REALLY need
to get, or just want.
BLOCKLIST (Content-Filter)
General: to kill most of the spam. You can use SpamAssasin here
called by procmail. Or just use good procmail recipes.
Specific: where domains and addresses are killed for various
offenses, generally repeated C-Rs that aren't returned.
(Do remember to blocklist your own address, or some clown will
send mail to you with your own address on the From: line and
set up a mail loop.)
You just can't catch all the spam with a content-filter like
SpamAssassin. If you even try, you will end up losing mail
that isn't spam, and getting some spam anyway. And you have
to update your filters all the time to keep abreast of the
spammers.
(As well as save the spam to look through to make sure there
isn't any mail you want in there, which rather defeats the
whole purpose of a spam filter, in my opinion. I don't want
to ever see that garbage.)
Better to just kill the mail you KNOW is spam, and send a
C-R to the few that your content filter isn't sure about.
Most people that use these filters block any mail from
non-passlisted addresses that doesn't have a valid local
address alone on the To: line.
This kills, of itself, the vast majority of spam, so that
no un-necessary C-Rs are sent out to whatever address
they have chosen to present as their return address.
If mail is received from an address twice that fails to
return a C-R, that address is blocklisted automatically,
and any further mail from that address is sent to /dev/null.
CHALLENGE-RESPONSE
A little note that asks the receiver to paste a password on the
Subject: line and return it.
The Subject line on the C-R should have Re: original subject
on it.
This forces people to use their actual email address if they want
me to see their posts.
(And to read their mail...)
This is only required once. From then on, it's as if there is no
filter on my mail from their perspective.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
|
| On 8 Apr 2004 13:29:17 -0400, Seth Breidbart <sethb@panix.com>
wrote in <c5425d$60b$1@panix5.panix.com>:
> In article <lj5dc.937$k05.880@newsread2.news.pas.earthlink.net>,
> Alan Connor <xxxx@yyy.zzz> wrote:
[...]
[color=darkred]
>
> I'm trying to keep naive newbies from being fooled by your claims. It
> looks like I'm succeeding.
I have found this whole exchange thoroughly educational. Having once
wondered if the C/R approach might just be the silver bullet, I'm now
wondering how any rational person who would combat the spam problem
without compounding it could advocate C/R so rabidly and so blindly.
All of the evidence and indeed "proof," which many patient,
knowledgeable people have presented in utter lucidity to Mr. Connor is
met only with ad hominems, frothing insults, and evasiveness. So
thanks, Seth Breidbart and others, for keeping me enlightened.
fbhjr
--
"Never put off till tomorrow what you can do the day after."
--Alphonse Allais
GnuPG key: http://www.fhase.net/~fbhjr/fbhjr-pubkey.asc
Fingerprint = 1BA9 6E1C 6BE1 6521 AA6F 814E 9DC6 254B 6837 0BB1
| |
| Alan Connor 2004-04-11, 2:39 pm |
| On Fri, 9 Apr 2004 01:05:18 -0500, fbhjr <fbhjr@fhase.net> wrote:
<snip>
3 more people contacted me today, thanking me for elrav1.
Keep it up. You headcases are the best thing that has ever
happenned to my program.
And to CRs in general.
AC
--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox.
http://www.uwasa.fi/~ts/info/spamfoil.html
http://tinyurl.com/3c3ag
| |
| Douglas O'Neal 2004-04-11, 2:39 pm |
| Alan Connor wrote:
>
> 3 more people contacted me today, thanking me for elrav1.
>
> Keep it up. You headcases are the best thing that has ever
> happenned to my program.
>
> And to CRs in general.
>
> AC
>
Three new users per day! What a phenomenal growth rate for a piece
of software. You must be ecstatic over your success. Have you
considered selling out to a major software vendor and retiring to
your own south seas island yet?
Doug
| |
|
|
| Sinister Midget 2004-04-11, 2:39 pm |
| On 2004-04-09, Sam <sam@email-scan.com> blubbered:
> This is a MIME GnuPG-signed message. If you see this text, it means that
> your E-mail or Usenet software does not support MIME signed messages.
>
> --=_mimegpg-ny.email-scan.com-4668-1081520668-0002
> Content-Type: text/plain; format=flowed; charset="US-ASCII"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit
>
> The Beavis writes:
>
>
> 15 more people contacted me today, thanking me for making fun of you, and
> giving them the laugh of the week.
Let's up the numbers some. I'll thank you publicly!
> Here are some more yuks:
>
> http://tinyurl.com/ifrt - Beavis plays a net.detective
>
> http://tinyurl.com/2hhdx - Beavis joins a UFO cult
>
> That's all for now.
Keep 'em coming!
I always thought AC was a buffoon. I see now he's a regular comdian
instead.
> --=_mimegpg-ny.email-scan.com-4668-1081520668-0002
> Content-Type: application/pgp-signature
> Content-Transfer-Encoding: 7bit
>
>
> --=_mimegpg-ny.email-scan.com-4668-1081520668-0002--
You realize you'll get dumped in AC's bozo bin for not putting that in
your headers, right?
--
I love the way Microsoft follows standards. In much the same manner
that fish follow migrating caribou.
|
|
|
|
|