Thread: OK to send e-mail?
OK to send an e-mail to pgsql-hackers@postgresql.org?
list@listme.com writes: > OK to send an e-mail to pgsql-hackers@postgresql.org? Intruder alert! Could someone forge an error reply to that message, so that our list doesn't get put on their spam list? (And, of course, if someone could track them down physically and break their legs, so much the better!) Actually, now that this has started, the proper way to go may be to start blocking postings to the lists from anyone not on them. On the down side, this means that people must send their postings from the address they're subscribed as. -tih (who hopes all UCE senders die slow and painful deaths) -- Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"
On 5 May 1998, Tom Ivar Helbekkmo wrote:
> list@listme.com writes:
>
> > OK to send an e-mail to pgsql-hackers@postgresql.org?
>
> Intruder alert!
>
> Could someone forge an error reply to that message, so that our list
> doesn't get put on their spam list? (And, of course, if someone could
> track them down physically and break their legs, so much the better!)
>
> Actually, now that this has started, the proper way to go may be to
> start blocking postings to the lists from anyone not on them. On the
> down side, this means that people must send their postings from the
> address they're subscribed as.
The other downside is that anyone in need of help has to subscribe before
they can ask their question.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev@michvhf.com flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"I'm just not a fan of promoting stupidity!
We have elected officials for that job!" -- Rock
==========================================================================
Tom Ivar Helbekkmo wrote: > > list@listme.com writes: > > > OK to send an e-mail to pgsql-hackers@postgresql.org? > > Intruder alert! > > Could someone forge an error reply to that message, so that our list > doesn't get put on their spam list? (And, of course, if someone could > track them down physically and break their legs, so much the better!) > > Actually, now that this has started, the proper way to go may be to > start blocking postings to the lists from anyone not on them. On the > down side, this means that people must send their postings from the > address they're subscribed as. Why don't we make it known (In the periodic developers FAQ posting?) that we do not accept unsolicited email and that we will charge a fee ($50 per line per subscriber :). I for one would be more than happy to do the detective work to track these down. As for what to do with the money -- perhaps we should see how much we get first. If we want to do this, we should pick some price and mention it in our FAQ. Ocie
On 5 May 1998, Tom Ivar Helbekkmo wrote:
> list@listme.com writes:
>
> > OK to send an e-mail to pgsql-hackers@postgresql.org?
>
> Intruder alert!
>
> Could someone forge an error reply to that message, so that our list
> doesn't get put on their spam list? (And, of course, if someone could
> track them down physically and break their legs, so much the better!)
>
> Actually, now that this has started, the proper way to go may be to
> start blocking postings to the lists from anyone not on them. On the
> down side, this means that people must send their postings from the
> address they're subscribed as.
Even better, I have to get my next set of filters in place...that
doesn't allow connects from SPAM sites :)
> -tih (who hopes all UCE senders die slow and painful deaths)
Makes two of us, but closing the lists isn't the way to go...
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
On Tue, 5 May 1998 ocie@paracel.com wrote:
> Why don't we make it known (In the periodic developers FAQ posting?)
> that we do not accept unsolicited email and that we will charge a fee
> ($50 per line per subscriber :). I for one would be more than happy
> to do the detective work to track these down. As for what to do with
> the money -- perhaps we should see how much we get first.
>
> If we want to do this, we should pick some price and mention it in our
> FAQ.
*rofl* I like it...I could never figure out whether or not this
is something that *is* collectable...I see it in ppls sig's
periodically...
Ocie...write up a proposal and let us know :)
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org
ocie@paracel.com writes: > Why don't we make it known (In the periodic developers FAQ posting?) > that we do not accept unsolicited email and that we will charge a fee > ($50 per line per subscriber :). I for one would be more than happy > to do the detective work to track these down. As for what to do with > the money -- perhaps we should see how much we get first. This won't work. We have a similar policy with the Debian project. But we have yet to see money. No lawyer will help you there. And the spammers won't send money because they like the policy. :-( I think the best way is to install anti-spamming software. Michael -- Dr. Michael Meskes, Project-Manager | topsystem Systemhaus GmbH meskes@topsystem.de | Europark A2, Adenauerstr. 20 meskes@debian.org | 52146 Wuerselen Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44 Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
Michael Meskes wrote: > > ocie@paracel.com writes: > > Why don't we make it known (In the periodic developers FAQ posting?) > > that we do not accept unsolicited email and that we will charge a fee > > ($50 per line per subscriber :). I for one would be more than happy > > to do the detective work to track these down. As for what to do with > > the money -- perhaps we should see how much we get first. > > This won't work. We have a similar policy with the Debian project. But we > have yet to see money. No lawyer will help you there. And the spammers won't > send money because they like the policy. :-( No, but if we can figure out who did it and send them a bill for our services rendered (reading their spam), which they solicited by posting it (as per the conditions in our FAQ, then we can turn them over to a collection agency if they don't come through. Of course tracking down the poster is a trick in the first place. > > I think the best way is to install anti-spamming software. I think any such method can be circumvented. The only long-term solution is to make spamming unprofitable. One thing that would go a long way is to reverse-verify the sender's address. If the sender has forged this, the mail is dropped and we get the sound of one spam clapping :) The problem is that most sites nowadays won't verify email addresses. This sounds like a good project for a free relational database. Anybody know of any good ones out there? :) Ocie
On Wed, 6 May 1998 ocie@paracel.com wrote:
> I think any such method can be circumvented. The only long-term
> solution is to make spamming unprofitable. One thing that would go a
> long way is to reverse-verify the sender's address. If the sender has
> forged this, the mail is dropped and we get the sound of one spam
> clapping :) The problem is that most sites nowadays won't verify email
> addresses. This sounds like a good project for a free relational
> database. Anybody know of any good ones out there? :)
Actually, I currently have two anti-spam filters in place...one of
which verifies the domain of the poster...its not 100% perfect, but it
does a pretty good job of it...
Thus spake ocie@paracel.com
> solution is to make spamming unprofitable. One thing that would go a
> long way is to reverse-verify the sender's address. If the sender has
> forged this, the mail is dropped and we get the sound of one spam
> clapping :) The problem is that most sites nowadays won't verify email
> addresses. This sounds like a good project for a free relational
> database. Anybody know of any good ones out there? :)
I am running software that allows me to check for reverse DNS on a
connection and refuse SMTP connections if they don't have any. In
addition I can refuse email from known spam sites and even from sites
that use known spammers for their DNS so they can't get throwaway
domains and drop them before the Internic kills them for non-payment.
At home I implement this fully and find it very satisfying. A lot of
spam gets dropped. I tried to do something similar at vex.net, my
ISP, but the testing I did suggested that customers just wouldn't
stand for it. There are a lot of broken sites without proper reverse
DNS and they just refuse to fix themselves. I suspect if we had to
verify addresses we would be hearing echoes up and down our password
file.
--
D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 424 2871 (DoD#0082) (eNTP) | what's for dinner.
D'Arcy J.M. Cain wrote: > Thus spake ocie@paracel.com > > solution is to make spamming unprofitable. One thing that would go a > > long way is to reverse-verify the sender's address. If the sender has > > forged this, the mail is dropped and we get the sound of one spam > > clapping :) The problem is that most sites nowadays won't verify email > > addresses. This sounds like a good project for a free relational > > database. Anybody know of any good ones out there? :) Somebody out there wrote a program that puts new emailers mail into purgatory until they respond to an automated request to verify. After a while, purgatory gets purged. If they reply, tho, then the message is released.
Bruce Korb wrote: > > D'Arcy J.M. Cain wrote: > > > Thus spake ocie@paracel.com > > > solution is to make spamming unprofitable. One thing that would go a > > > long way is to reverse-verify the sender's address. If the sender has > > > forged this, the mail is dropped and we get the sound of one spam > > > clapping :) The problem is that most sites nowadays won't verify email > > > addresses. This sounds like a good project for a free relational > > > database. Anybody know of any good ones out there? :) > > Somebody out there wrote a program that puts new emailers mail into purgatory > until they respond to an automated request to verify. After a while, purgatory > gets purged. If they reply, tho, then the message is released. That doesn't sound too bad, especially for a mailing list like this. We could even "prime" it by adding the current subscribers to the list. Ocie
> > D'Arcy J.M. Cain wrote: > > > Thus spake ocie@paracel.com > > > solution is to make spamming unprofitable. One thing that would go a > > > long way is to reverse-verify the sender's address. If the sender has > > > forged this, the mail is dropped and we get the sound of one spam > > > clapping :) The problem is that most sites nowadays won't verify email > > > addresses. This sounds like a good project for a free relational > > > database. Anybody know of any good ones out there? :) > > Somebody out there wrote a program that puts new emailers mail into purgatory > until they respond to an automated request to verify. After a while, purgatory > gets purged. If they reply, tho, then the message is released. This sounds interesting. -- Bruce Momjian | 830 Blythe Avenue maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 + If your life is a hard drive, | (610) 353-9879(w) + Christ can be your backup. | (610) 853-3000(h)
On Wed, 6 May 1998, D'Arcy J.M. Cain wrote:
> At home I implement this fully and find it very satisfying. A lot of
> spam gets dropped. I tried to do something similar at vex.net, my
> ISP, but the testing I did suggested that customers just wouldn't
> stand for it.
I have the anti-relay spam filter and the reverse DNS ones
installed on Hub.Org and at work (work has ~5000 mail users, no complaints
after a year being in place)...the only one I haven't added to Hub.Org yet
is the 'spam list', which I do have at work. Next one to move over, I
guess...
> There are a lot of broken sites without proper reverse
> DNS and they just refuse to fix themselves. I suspect if we had to
> verify addresses we would be hearing echoes up and down our password
> file.
I don't find it too bad...complaints from our users are pretty
much zero (even from the professors) as far as email and filtering is
concerned...most ppl are happy because spamming is reduced...
Marc G. Fournier
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org