RE: bogofilter ate 3/5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 7 Sep 2006, Stuart MacDonald wrote:

From: On Behalf Of Chase Venters
You can check the From: or envelope sender against the subscriber
database. Forgery isn't a concern because we're not trying to stop
forgery with this method. Subscribers subscribing one address

Forgery is always a concern...

The perl script behaves as an optional autoresponder.
Autoresponders would
respond to spam as well (well, unless you put a spam filter
in front of
them, but I assume that many don't).

..because autoresponders are always replying to forged addresses:
http://www.spamcop.net/fom-serve/cache/329.html

Also note that a number of people (myself included, at work
anyway) have
perl scripts that respond to all incoming mail and require a
reply cookie from original
envelope senders. We do it because it almost entirely
prevents spam from
arriving in our inboxes (I say almost because there is the occasional

Autoresponder by another name, see above URL.

I should also point out that common and regular mailing list software already often behaves as an autoresponder, and it is completely reasonable! Suppose that you send a message to a mailing list that is subscriber-only. What usually happens? You get mail back saying that your message has been queued for moderator review!

Naturally, such a system suffers from the same problems described by the Spamcop page you linked. But it is unreasonable to ask list managers not to respond to unknown traffic, because sending a message to a list and having it silently disappear is unacceptable.

Now, I'm sure there are some people that don't run mailing lists that would love to call this behavior 'bad'. But there are also people who would like to rewrite the rules for Internet mail (see: SPF and the problem with mail forwarders, and their so-called 'solution'). Since Internet mail was designed in a vacuum where these modern problems don't exist, we're all forced to work around them in unusual ways. I find it highly ironic that spam blocker services tell you not to use certain techniques (autoresponders, bounce messages) that are not only commonplace, but precedented and even mandated by RFC on the grounds that they may cause you to be blocked. Then they move on to criticize anti-spam techniques that fall in these domains with one of their subpoints saying 'they can cause you to miss legitimate mail!'

Guess what: so does indiscriminately blocking people whose sites don't bow down to your unreasonable demands, especially when their behavior (say, sending bounce messages) is described in the official protocol documentation.

Taking away auto-responders is like taking away hair gel from airline passengers: a gross overreaction that diminishes the quality of service for everyone.

..Stu


Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux