On Thu, 7 Sep 2006, Stuart MacDonald wrote:
From: On Behalf Of Chase Venters
You can check the From: or envelope sender against the subscriber
database. Forgery isn't a concern because we're not trying to stop
forgery with this method. Subscribers subscribing one address
Forgery is always a concern...
The perl script behaves as an optional autoresponder.
Autoresponders would
respond to spam as well (well, unless you put a spam filter
in front of
them, but I assume that many don't).
..because autoresponders are always replying to forged addresses:
http://www.spamcop.net/fom-serve/cache/329.html
Also note that a number of people (myself included, at work
anyway) have
perl scripts that respond to all incoming mail and require a
reply cookie from original
envelope senders. We do it because it almost entirely
prevents spam from
arriving in our inboxes (I say almost because there is the occasional
Autoresponder by another name, see above URL.
I should also point out that common and regular mailing list software
already often behaves as an autoresponder, and it is completely
reasonable! Suppose that you send a message to a mailing list that is
subscriber-only. What usually happens? You get mail back saying that your
message has been queued for moderator review!
Naturally, such a system suffers from the same problems described by
the Spamcop page you linked. But it is unreasonable to ask list managers
not to respond to unknown traffic, because sending a message to a list and
having it silently disappear is unacceptable.
Now, I'm sure there are some people that don't run mailing lists that
would love to call this behavior 'bad'. But there are also people who
would like to rewrite the rules for Internet mail (see: SPF and the
problem with mail forwarders, and their so-called 'solution'). Since
Internet mail was designed in a vacuum where these modern problems don't
exist, we're all forced to work around them in unusual ways. I find it
highly ironic that spam blocker services tell you not to use certain
techniques (autoresponders, bounce messages) that are not only
commonplace, but precedented and even mandated by RFC on the grounds that
they may cause you to be blocked. Then they move on to criticize anti-spam
techniques that fall in these domains with one of their subpoints saying
'they can cause you to miss legitimate mail!'
Guess what: so does indiscriminately blocking people whose sites don't bow
down to your unreasonable demands, especially when their behavior (say,
sending bounce messages) is described in the official protocol
documentation.
Taking away auto-responders is like taking away hair gel from airline
passengers: a gross overreaction that diminishes the quality of service
for everyone.
..Stu
Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
