Date: Thu, 4 Apr 2002 22:39:02 -0800 From: Benjamin Krueger <benjamin@macguire.net> To: "Philip J. Koenig" <pjklist@ekahuna.com> Cc: questions@FreeBSD.ORG, "Greg 'groggy' Lehey" <grog@FreeBSD.ORG>, Benjamin Krueger <benjamin@macguire.net> Subject: Re: hub.freebsd.org spam policy Message-ID: <20020404223902.G2470@rain.macguire.net> In-Reply-To: <20020405052942787.AAA368@empty1.ekahuna.com@pc02.ekahuna.com>; from pjklist@ekahuna.com on Thu, Apr 04, 2002 at 09:29:42PM -0800 References: <20020405004608582.AAA398@empty1.ekahuna.com@pc02.ekahuna.com> <20020405134520.P93816@wantadilla.lemis.com> <20020405052942787.AAA368@empty1.ekahuna.com@pc02.ekahuna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Philip J. Koenig (pjklist@ekahuna.com) [020404 21:30]: > On 5 Apr 2002, at 13:45, Greg 'groggy' Lehey boldly uttered: > > > On Thursday, 4 April 2002 at 16:46:08 -0800, Philip J. Koenig wrote: > > > On 4 Apr 2002, at 15:26, Benjamin Krueger boldly uttered: > > > > > >> * irado (irado@subdimension.com) [020404 15:11]: > > > > There are many possible reasons for that. In general, we don't have > > too much sympathy for people who have configuration problems and then > > blame us for rejecting their mail. > > I do not have a "configuration problem". If you read what I wrote, > you would have seen that I have been using variations of the same > email client for around 7 years and have NEVER had this problem > before freebsd.org decided to implement this filtering. You are aware of the difference between a Mail Client (MUA) and a Mail Server (MTA), Right? > There are a plethora of methods in use today for blocking spam. The > problem in my view are the methods which PURPORT to be "spam > blockers", but which are actually "wing and a prayer" things based on > faulty and over-generalized assumptions. Inherent in most of these > are the arrogance of site administrators who aren't much concerned > about all the collateral damage they cause. What's with this "collateral damage" you keep bandying about? This is a free resource. Nobody is damaged because they cannot get a free resource being given away. > I'll tell you exactly what the problem was. The filters at > hub.freebsd.org are designed to block *anything* that has a message- > ID that ends in "localhost". EVEN TO POSTMASTER.. which is a very > rude practice. Perhaps you consider it rude. The rest of us will consider it compliant. > I have been using various versions of this email client (Pegasus > Mail) since around 1995, and as far as I know, my messages have been > formatted that way for the last seven years and I have never *once* > gotten a complaint or a bounceback due to that reason... until now. > > Now the guy who answers postmaster@freebsd.org says the reasoning > behind this is that various spammers supposedly use "@localhost" in > their Message-ID headers. But THE PROBLEM with this is that lots of > us who have *nothing to do with spam* also do this.. and have for > years. If your mail server does that, it is broken. Period. End of Story. There is no, I repeat, No reason for a mail server anywhere on the Internet to report itself as the domain "localhost". You do not own @localhost. You Cannot own @locahost. @locahost is not a valid TLD now, nor has it ever been, and likely it never will be. > I cannot think of any other large email list that is so naive to > think that they can operate without any sort of subscriber > verification and still have a handle on spamming and abuse. There > are many "anti-spam" practices which foist undue burdens on users - > asking for list subscription confirmation is NOT one of them as far > as I'm concerned. How can a person consider it to be a 'burden' to > receive and reply to an almost instantaneous return email, when this > is precisely the mechanism which they will have to use to make use of > list traffic to get a question answered anyway? In any event this > last point is moot because the freebsd lists now apparently ask for > confirmation. I tested this myself today. Often, new users will email the list with one or two questions, and have no interest or need to follow it after that. Signing up for a list, confirming, asking your questions, getting your answers, and then unsubscribing, is something of a hassle. Presumably the list postmasters considered this, and opted for user needs. Frankly, the list didn't have much spam when we allowed non-verified subscribers to post, so I fail to see how this screamed "spammers come here". > > No, this is not a utopian fantasy, it works. I monitor how much mail > > rejected due to bad DNS is really spam. It's about 99%. If you're > > talking about other things, it would be nice to hear what they are. > > See above. > > And about this "bad DNS", I assume you are assuming something must > match forward/reverse? What are you testing DNS on, the last-hop > host? What happens if it has several A records or CNAME records? > > I just finished setting up a client today with a well-regarded > web/domain hosting company (matter of fact, they are 100% FreeBSD) > and the hostname they provide for that client to use is actually a > CNAME which doesn't match the PTR record. Are we going to designate > them "spammers" now? (caveat: in this case we're talking about a POP3 > host, but this is also pretty common with MX hosts) Common DNS Operational and Configuration Errors RFC 1912, Section 2.1, Paragraph 2: Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all. Also, PTR records must point back to a valid A record, not a alias defined by a CNAME. > > And your solution? I see a lot of bitching, but no suggestions about > > how to improve it. I'm not surprising you're not getting your > > viewpoint across. > > I haven't gotten to the point of discussing specifics yet because I'm > still trying to get past all the "bitching" about the simple fact > I've pointed these things out. Please, we're all waiting for your wisdom. > In short - and I will continue this later if there is an interest - > "anti-spam" measures must TARGET SPAM, not "something that sorta > looks like spam". So we need filters that target spam, instead of filters that target spam? Here in the real world, spam does not always announce itself as being so. Very few spams say "Here I am, I'm a Spam!". As such, the next best method is to target things that look like spam, and behave like spam. > I'm sure you are aware of DNS email blacklists. The problem with > many of these is that their only criteria is whether a host is an > "open relay" or not. The problem is that a host could sit there as > an open relay for 5 years and never send a single spam message. So > the likelihood of "collateral damage" is high. Likewise site-wide > filters that match on things like "make money fast" strings. While > you might get a low percentage of false positives, you will > undoubtedly eventually block legitimate traffic. False Positives are part of life. Alarms are not fail-proof, the justice system is not fail-proof, your car's safety systems are not fail-proof, etc. Should we throw out all of these safety mechanisms (spam filters are a safety mechanism) simply because they can make mistakes? I'm very sorry that your mail host is broken. If you insist on brokeness, thats your perogative, but don't parade about shouting that folks who reject your mail are causing collateral damage on the internet. Like the great Gord says, "Just because you say it doesn't make it so". -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020404223902.G2470>