From owner-freebsd-questions Thu Apr 4 21:29:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id A57C237B422; Thu, 4 Apr 2002 21:29:43 -0800 (PST) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com; Thu, 4 Apr 2002 21:29:42 -0800 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: questions@FreeBSD.ORG Date: Thu, 4 Apr 2002 21:29:42 -0800 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: hub.freebsd.org spam policy Reply-To: pjklist@ekahuna.com Cc: Greg 'groggy' Lehey , Benjamin Krueger In-reply-to: <20020405134520.P93816@wantadilla.lemis.com> References: <20020405004608582.AAA398@empty1.ekahuna.com@pc02.ekahuna.com> X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020405052942787.AAA368@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 5 Apr 2002, at 13:45, Greg 'groggy' Lehey boldly uttered: > On Thursday, 4 April 2002 at 16:46:08 -0800, Philip J. Koenig wrote: > > On 4 Apr 2002, at 15:26, Benjamin Krueger boldly uttered: > > > >> * irado (irado@subdimension.com) [020404 15:11]: > >>>> Poorly implemented and arbitrary "anti-spam" blocking is worse than > >>>> none at all, and we will continue to see innocent people getting > >>>> unnecessarily inconvenienced as a result. > >>>> > >>>> Meanwhile, if messages like the following are any indication, these > >>>> "anti-spam" measures aren't even particularly effective for their > >>>> primary purpose. > >>>> > >>>> [sent to questions@freebsd.org] > >>>> > >>>>> Date: Thu, 04 Apr 2002 06:30:34 -0600 > >>>>> From: "Phongsin Ch" > >>>>> Subject: Get more money by e-commerce business . > >>> > >>> cool.. very cool. I am being upset by these 'anti-spam' > >>> cause that I am obliged to use my webmail account to deliver > >>> posts to the list, which is boring. > >>> > >>> BTW, will somebody realy take care on this?? > >> > >> If the spam filtering that the lists implement are not to your > >> liking, perhaps you can volunteer to help maintain better ones? > >> Filtering is not a perfect science. It isn't even close. > > > > Well yanno, I'd be glad to contribute, but the attitude of whoever > > answers "postmaster@freebsd.org" has been consistently uninterested > > in my POV on the matter so far. > > There are many possible reasons for that. In general, we don't have > too much sympathy for people who have configuration problems and then > blame us for rejecting their mail. I do not have a "configuration problem". If you read what I wrote, you would have seen that I have been using variations of the same email client for around 7 years and have NEVER had this problem before freebsd.org decided to implement this filtering. > Still, as others have said, the > method we're using isn't ideal, and if you can come up with a better > one, we're all ears. With all due respect, that remains to be seen. If you'd like copies of my correspondence with the freebsd.org postmaster as an example of this alleged 'all ears' policy (and with their approval), I'd be glad to provide them. > But you need to come up with the better one > first before you'll get too much attention. There are a plethora of methods in use today for blocking spam. The problem in my view are the methods which PURPORT to be "spam blockers", but which are actually "wing and a prayer" things based on faulty and over-generalized assumptions. Inherent in most of these are the arrogance of site administrators who aren't much concerned about all the collateral damage they cause. As I mentioned previously, such an attitude is all the more ironic in this case because of all the previous debates about trying to maintain this utopian idea of "anyone can post to the list without being subscribed". You may as well just put up a sign saying "spammers welcome here!". (it now appears that the lists require subscription confirmation, which has been standard practice elsewhere around the net for years) > > I consider myself lucky to have finally gotten the ability to send > > email to the lists or to postmaster without it bouncing back. (and I > > had to make changes to my email client in order to do so -- > > something that has *never* been necessary with any list or recipient > > I have emailed in the last 7 years or so I've been using this email > > client) > > If this is a DNS problem, it has nothing to do with the client. But > is it DNS? What message do you get with the bounce? I'll tell you exactly what the problem was. The filters at hub.freebsd.org are designed to block *anything* that has a message- ID that ends in "localhost". EVEN TO POSTMASTER.. which is a very rude practice. I have been using various versions of this email client (Pegasus Mail) since around 1995, and as far as I know, my messages have been formatted that way for the last seven years and I have never *once* gotten a complaint or a bounceback due to that reason... until now. Now the guy who answers postmaster@freebsd.org says the reasoning behind this is that various spammers supposedly use "@localhost" in their Message-ID headers. But THE PROBLEM with this is that lots of us who have *nothing to do with spam* also do this.. and have for years. As far as I'm concerned, "spam filters" should do just that: FILTER SPAM. Not stuff which just "kinda looks like spam, sorta". I consider such practices net abuse. There are a variety of less arbitrary methods. Nothing is perfect. But such filters as described above are GUARANTEED to block innocent messages. > > Correct me if I'm wrong here, but until very recently the FreeBSD > > lists didn't even require subscription validation to post messages - > > there was a big debate about it recently if I'm not mistaken. If > > true, freebsd.org is so out of touch with modern realities of > > operating public lists that I have little sympathy for their > > problems with spam, whether or not they operate particularly big > > lists or not. > > Well, that's your opinion, and certainly one that will gain you little > sympathy with the postmaster. One of the goals of the public lists is > to allow legitimate users to post messages easily, without being > inundated by messages they don't want or having to subscribe and > unsubscribe every time. If you disagree with that, that's your > prerogative, but to call it "out of touch with reality" is not going > to make friends. Perhaps it will anger someone who just doesn't like to hear opinions of those who happen to disagree with their practices.. but the practices I am talking about are commonly accepted these days. I cannot think of any other large email list that is so naive to think that they can operate without any sort of subscriber verification and still have a handle on spamming and abuse. There are many "anti-spam" practices which foist undue burdens on users - asking for list subscription confirmation is NOT one of them as far as I'm concerned. How can a person consider it to be a 'burden' to receive and reply to an almost instantaneous return email, when this is precisely the mechanism which they will have to use to make use of list traffic to get a question answered anyway? In any event this last point is moot because the freebsd lists now apparently ask for confirmation. I tested this myself today. > > (it's extremely ironic that the debate at the time revolved around > > this utopian fantasy that people should be able to post to the list > > without ever "subscribing"... yet with their current implementation > > of arbitrary filtering, they are in fact intentionally blocking > > various perfectly innocent users and longtime subscribers from using > > the lists, people who have nothing at all to do with "spam") > > No, this is not a utopian fantasy, it works. I monitor how much mail > rejected due to bad DNS is really spam. It's about 99%. If you're > talking about other things, it would be nice to hear what they are. See above. And about this "bad DNS", I assume you are assuming something must match forward/reverse? What are you testing DNS on, the last-hop host? What happens if it has several A records or CNAME records? I just finished setting up a client today with a well-regarded web/domain hosting company (matter of fact, they are 100% FreeBSD) and the hostname they provide for that client to use is actually a CNAME which doesn't match the PTR record. Are we going to designate them "spammers" now? (caveat: in this case we're talking about a POP3 host, but this is also pretty common with MX hosts) > >> Calling the filters poor and abritrary is unfair at best, and > >> ignorant at worst. The filters that the FreeBSD mailing lists use > >> are common, and found in lists across the internet. > > > > You are just plain wrong. I am not at all unfamiliar with antispam > > measures, I have debated them for years and I run mail systems for a > > variety of domains. If these measures were so common, why is it that > > freebsd.org (and only recently) was the only organization out of > > hundreds or thousands that have been recipients of my email messages > > that has ever cared about this particular detail that they used as an > > excuse to not only block me from posting to the lists, but even from > > emailing postmaster? > > Again, you're not being specific enough. We've required reverse DNS > for years. You've required every host to have some kind of PTR record, or you've required that forward/reverse match? (could be the latter, since I don't typically use MTA's which fail that test, it would never have bothered me personally) > > To quote from my last message to the person who answered > > postmaster@freeebsd.org email (and, I might add, never responded to > > these comments and others): > > > >> [freebsd.org person claims their filters are justified by "RFCs"] > >> > >> > >> in particular, using them for "postmaster@domain" email is a highly > >> questionable practice. Since you brought up RFC's, how about this > >> quote from RFC 2821: > >> > >> > >>> SMTP systems are expected to make every reasonable effort to accept > >>> mail directed to Postmaster from any other system on the Internet. > >>> In extreme cases --such as to contain a denial of service attack or > >>> other breach of security-- an SMTP server may block mail directed to > >>> Postmaster. However, such arrangements SHOULD be narrowly tailored > >>> so as to avoid blocking messages which are not part of such attacks. > > > >> If you run a well maintained mail host, you shouldn't have > >> problems. If you're forced to use a mail host which breaks some > >> internet curtosies, is part of a banned netblock, or otherwise > >> misbehaves, I'm very sorry but this is how the internet works (or > >> doesn't work). > > > > Wrong wrong wrong wrong. It's awfully convenient when trying to > > justify one's own unilateral actions, to assert that "that's just the > > way the internet works", but it's not only often just a figment of > > that person's imagination, it's often just damn arrogant. > > Well, the person, whose identity you don't reveal, has explained > things to you. The best you can do to justify your viewpoint is to > repeat yourself with no justification. I am not revealing their identity because my intention is not to publicly humiliate them. The issue here as I see it are freebsd.org policies, not some particular person's execution of them. The justification I just gave above is RFC 2821, after having been previously given the high-handed explanation that the filtering policy in use was somehow justified by "RFC's". How you come to view that as "no justification" on my part is hard to understand. The rest of the "justification" is just common sense. Just like any sysadmin that runs an email system knows these days not to leave them open to relay email from anywhere to anywhere, and just like any competent sysadmin also knows that they should answer "postmaster @domain" mail expeditiously, and just like any competent sysadmin knows that it's not acceptable to "spam", then they should likewise be aware that blocking email to "postmaster@domain" messages with arbitrary filters is not a generally accepted practice. In my case, I had to find and email another list member to forward my complaint to postmaster@freebsd.org, and ultimately go find another computer to email the postmaster. (because they didn't reply to the message I had someone forward to them) Many people have no such options, and it is for that reason that they are being unfairly inconvenienced. (highly ironic, as I've pointed out, given all the noise expended in discussions about this ideal of allowing "access to anyone at any time" on the lists) > > For example, if some over-zealous "parental filter" company decides > > that the word "breast" is evil and therefore blocks it from anyone > > who is using their parental filtering utility, it doesn't give them > > the justification to say to those who complain about not being able > > to reach sites on breast cancer that "it's just the way the internet > > works". > > > > Some sites in the USA are blocking the network address range from > > entire countries like China as an "antispam measure", because they're > > too lazy (or don't consider it important) to go to the effort to use > > a method that doesn't cause so much collateral damage. So when a > > chinese-american customer contacts them to complain that they can no > > longer communicate with their relatives back home, are they going to > > get told "that's just how the internet works"? How arrogant and > > obnoxious that is. > > And your solution? I see a lot of bitching, but no suggestions about > how to improve it. I'm not surprising you're not getting your > viewpoint across. > > Greg I haven't gotten to the point of discussing specifics yet because I'm still trying to get past all the "bitching" about the simple fact I've pointed these things out. In short - and I will continue this later if there is an interest - "anti-spam" measures must TARGET SPAM, not "something that sorta looks like spam". Various general types of filtering are best left to end-users, so they have control over what gets blocked. I'm sure you are aware of DNS email blacklists. The problem with many of these is that their only criteria is whether a host is an "open relay" or not. The problem is that a host could sit there as an open relay for 5 years and never send a single spam message. So the likelihood of "collateral damage" is high. Likewise site-wide filters that match on things like "make money fast" strings. While you might get a low percentage of false positives, you will undoubtedly eventually block legitimate traffic. So for example there are DNS blacklists which only put a host in their block list when they have received a copy of spam which has in fact been relayed through it. This is better. Better yet are systems like Brightmail which have probes feeding spam to a bunch of human-beings that make the decision that it's spam, and then send back rules to the participating sites to block it while it's being sent out. The problem with Brightmail is that it is commercial and it costs money. However there is a public-domain variant that has been put together, I can get details on this if anyone is interested. Even filters can be used if they are used conservatively -- but needless to say I don't consider the one that bit me to be conservative enough. That's all I'm going to go into for now. Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message