From: Scott A Crosby <scrosby@cs.rice.edu>
Subject: Re: new spam functionality added
Date: 31 Jul 2002 16:07:23 -0500 [thread overview]
Message-ID: <oyd8z3r4nec.fsf@sam.cs.rice.edu> (raw)
In-Reply-To: <873ctztyth.fsf@mail.paradoxical.net>
On Wed, 31 Jul 2002 16:41:30 -0400, Josh Huber <huber+dated+1028579883.ab0915@alum.wpi.edu> writes:
> Scott A Crosby <scrosby@cs.rice.edu> writes:
>
> > Please don't.. TMDA is tragedy of the commons. It only helps one
> > person by putting extra work and effort upon everyone else. If
> > everyone used it, things will turn to crap.
>
> I disagree. With all of TMDA's facilities for tagging messages which
> expire, keyword addresses and sender addresses most people don't even
> know you're using it. (apart from a funny looking dated email
> address).
>
> In practice, over the past 2 weeks the only messages which have
> appeared in my pending queue have been spams. It's worked 100%, with
> 0 false positives. I used an initial seed whitelist based on my
> outbox and a few other sources, and it's been working quite well.
Because its tragedy of the commons, I bitbucket any TMDA user. (and if
I start getting too many of em, I'll make a public blacklist of em.)
>
> What don't you like about it?
>
Well, Jack Twilly phrased one of my problems most elegantly. :) TMDA
''works'' by pushing work onto everyone else.. You know, tragedy of
the commons.
Here's a post I did a while ago on why I don't like it, or any other
scheme requiring autoreply-crap for communication.
++
No.. Think of it carefully.. TMDA works by polluting everyone
else. By forcing everyone else you contact to do extra work. This
is tragedy of the commons.
Imagine a world where everyone uses it (or something similar), but,
say, 10% have it misconfigured. This is a world with mailing lists.
Mailing list maintance functions (including initial requests to
subscribe, or confirmation requests from web-maintance.) either get
accepted automatically, (direct route for spam!), or force the
mailing list admin to deal with the automated 'please reply to me'
messages.. Which they'll ignore, then they'll still get users
asking why email subscriptions don't work.
Mailing list messages... Post to a mailing list the first time and
potentially get tens, hundreds, even thousands of 'please reply to
me' messages. Hey, they only take a second each to deal with!
Now, imagine there's a daemon that autoreplies to such 'please
reply to me' messages.. Well, just forge the spam to appear to come
from a legitimate user, and guess what, the bounces go to them, and
their client helpfully 'authenticates' the spam.. (The daemon can't
be configured to record every email sent and only autoreply to
autoreplies to emails the user actually sent. Many times people
will use many systems and email servers, but only one email
address.)
For more fun, you may even get mail loops of 'please reply to me'
messages.
Now, in the above examples, you can eliminate this undesireable
behavior by automatically accepting, unchecked, mailing list
maintance messages, or autoreply messages, or a blanket opening for
mailing list messages... However, spam can be easily forged to
appear to be a maintance message or an autoreply message.
Under the assumption that there *will* be misconfigured clients,
they'll have to deal with mailing lists that they don't know
about. either by spamming posters to the list (unacceptable), or
filtering them out into a seperate folder that the user will have
to manually check.
In all cases, if the 'please reply to me' messages are mechanically
replyable, then a daemon will be created to deal with that trash
automatically, and most users will use it. (So, spammers can forge
their email to come from almost any user, and the daemon of the
forged address will reply.) Or, those messages can be used to
indicate that an email address is live. (Send a message to someone
using TMDA, confirm that they use TMDA, now you know you can forge
spam from that address and their daemon will authenticate it for
you for free!)
Of course the other option here is to spam from legitimate hosts
that have been cracked by today's IIS/outlook worm. (Or one of the
30,000 *STILL* infected code-red machines.) The cracked systems run
email servers and reply automatically.
Now, if the 'please reply to me' messages are NOT mechanically
replyable, then we've saturated the internet with an even larger
amount of trash and mail pollution that has to be dealt with on a
message-by-message basis. (As per the above scenario's.)
In any case. TMDA is not a solution, its a problem.
TMDA and any other scheme that requires such automated response to
all sent emails is tragedy of the commons. There's no better
example. It superficially helps the user, to the detriment of
everyone else. Ergo, it will proliferate and everyone will be even
worse off.
++
> Well, it's archived on nntp+quimby.gnus.org:gnus.ding, which is where
> I read/post.
Thanks!
Scott
next prev parent reply other threads:[~2002-07-31 21:07 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-31 19:24 Ted Zlatanov
2002-07-31 19:54 ` Scott A Crosby
2002-07-31 20:07 ` Ted Zlatanov
2002-07-31 20:14 ` Simon Josefsson
2002-07-31 20:25 ` Josh Huber
2002-07-31 20:34 ` Scott A Crosby
2002-07-31 20:41 ` Josh Huber
2002-07-31 21:03 ` Stainless Steel Rat
2002-07-31 21:08 ` Stainless Steel Rat
2002-07-31 21:12 ` Josh Huber
2002-07-31 21:38 ` Paul Jarc
2002-07-31 23:19 ` David Masterson
2002-07-31 23:08 ` Frank Schmitt
2002-08-01 17:03 ` Josh Huber
2002-08-01 17:38 ` Harry Putnam
2002-08-01 19:16 ` Scott A Crosby
2002-08-01 22:43 ` Harry Putnam
2002-08-05 17:16 ` Per Abrahamsen
2002-08-01 1:25 ` Stainless Steel Rat
2002-08-01 1:33 ` Scott A Crosby
2002-08-01 2:17 ` Stainless Steel Rat
2002-08-01 19:20 ` David Masterson
2002-08-01 20:00 ` Stainless Steel Rat
2002-08-02 23:37 ` Florian Weimer
2002-08-02 23:45 ` Russ Allbery
2002-08-03 10:23 ` Simon Josefsson
2002-08-03 13:47 ` Stainless Steel Rat
2002-08-03 16:01 ` hashcash (was Re: new spam functionality added) Simon Josefsson
2002-08-04 6:55 ` Stainless Steel Rat
2002-08-01 19:17 ` new spam functionality added David Masterson
2002-08-01 19:59 ` Stainless Steel Rat
2002-07-31 21:07 ` Scott A Crosby [this message]
2002-07-31 21:35 ` Paul Jarc
2002-07-31 21:58 ` Josh Huber
2002-07-31 21:47 ` Josh Huber
2002-07-31 21:54 ` Paul Jarc
2002-07-31 22:05 ` Josh Huber
2002-07-31 22:10 ` Paul Jarc
2002-07-31 22:35 ` Scott A Crosby
2002-07-31 23:10 ` Josh Huber
2002-08-01 16:56 ` Paul Jarc
2002-07-31 23:30 ` Alan Shutko
2002-08-01 19:25 ` David Masterson
2002-08-01 19:33 ` Josh Huber
2002-08-01 22:06 ` Scott A Crosby
2002-08-01 22:13 ` Paul Jarc
2002-08-01 22:18 ` Jack Twilley
2002-08-01 22:23 ` TMDA (was: new spam functionality added) Paul Jarc
2002-08-01 22:40 ` Scott A Crosby
2002-08-01 23:29 ` Josh Huber
2002-08-02 2:11 ` Scott A Crosby
2002-08-01 19:34 ` new spam functionality added Ted Zlatanov
2002-08-01 19:39 ` Paul Jarc
2002-08-01 21:38 ` Simon Josefsson
2002-08-23 1:50 ` Ted Zlatanov
2002-08-23 2:42 ` Katsumi Yamaoka
2002-08-23 3:10 ` Ted Zlatanov
2002-12-30 0:10 ` Lars Magne Ingebrigtsen
2002-12-30 2:31 ` Ted Zlatanov
2002-12-30 2:52 ` Lars Magne Ingebrigtsen
2002-12-30 3:13 ` Ted Zlatanov
2002-12-30 3:27 ` Lars Magne Ingebrigtsen
2002-12-30 3:44 ` Ted Zlatanov
2002-12-30 4:12 ` Lars Magne Ingebrigtsen
2002-12-30 4:48 ` Ted Zlatanov
2002-12-30 5:08 ` Lars Magne Ingebrigtsen
2002-12-30 19:03 ` spam.el now supports blackholes by default Ted Zlatanov
2002-12-30 21:41 ` Matt Armstrong
2002-12-30 22:42 ` Ted Zlatanov
2002-12-30 23:38 ` spam.el proposed group parameters Ted Zlatanov
2002-12-31 0:02 ` Lars Magne Ingebrigtsen
2003-01-05 16:58 ` spam.el now supports blackholes by default luis fernandes
2003-01-05 22:07 ` Ted Zlatanov
2003-01-06 2:15 ` Lars Magne Ingebrigtsen
2002-08-02 2:05 ` new spam functionality added Jason R. Mastaler
2002-08-02 3:43 ` Russ Allbery
2002-08-02 4:29 ` Jason R. Mastaler
2002-08-02 4:34 ` Russ Allbery
2002-08-02 16:17 ` TMDA (was: new spam functionality added) Paul Jarc
2002-08-02 21:46 ` Russ Allbery
2002-08-02 21:53 ` Paul Jarc
2002-08-05 17:38 ` Per Abrahamsen
2002-08-05 17:49 ` Paul Jarc
2002-08-05 17:57 ` Simon Josefsson
2002-08-05 20:18 ` David Masterson
2002-08-05 20:46 ` Stainless Steel Rat
2002-08-05 21:50 ` Russ Allbery
2002-08-06 0:43 ` Stainless Steel Rat
2002-08-06 3:04 ` David Masterson
2002-08-06 14:27 ` Stainless Steel Rat
2002-08-06 17:13 ` David Masterson
2002-08-06 17:26 ` David Masterson
2002-08-06 18:08 ` Stainless Steel Rat
2002-08-07 12:02 ` Lloyd Zusman
2002-12-30 0:22 ` Hashcash (was: TMDA) Lars Magne Ingebrigtsen
2003-01-02 18:33 ` Hashcash Simon Josefsson
2003-01-02 19:25 ` Hashcash Lars Magne Ingebrigtsen
2003-01-02 21:01 ` Hashcash Simon Josefsson
2003-01-02 21:05 ` Hashcash Lars Magne Ingebrigtsen
2002-08-05 18:30 ` TMDA (was: new spam functionality added) Stainless Steel Rat
2002-08-05 20:46 ` David Masterson
2002-08-05 21:33 ` Stainless Steel Rat
2002-08-06 3:28 ` David Masterson
2002-08-06 16:02 ` Paul Jarc
2002-08-08 9:21 ` Steinar Bang
2002-08-08 15:34 ` Paul Jarc
2002-08-08 19:57 ` Steinar Bang
2002-08-08 20:17 ` Paul Jarc
2002-08-08 21:30 ` Steinar Bang
2002-08-08 21:35 ` Paul Jarc
2002-08-08 22:27 ` Steinar Bang
2002-08-08 17:26 ` Matt Armstrong
2002-08-08 20:23 ` Steinar Bang
2002-08-09 19:32 ` Matt Armstrong
2002-08-10 9:23 ` Steinar Bang
2002-08-10 17:21 ` Paul Jarc
2002-08-11 8:41 ` Steinar Bang
2002-08-11 14:58 ` Steinar Bang
2002-08-11 8:47 ` Steinar Bang
2002-08-12 16:04 ` Paul Jarc
2002-08-12 21:38 ` Steinar Bang
2002-08-12 22:40 ` Paul Jarc
2002-08-13 9:21 ` Steinar Bang
2002-08-05 20:11 ` David Masterson
2002-08-06 2:15 ` Scott A Crosby
2002-08-06 10:10 ` Per Abrahamsen
2002-08-06 13:20 ` Scott A Crosby
2002-08-06 16:13 ` Per Abrahamsen
2002-08-16 14:23 ` new spam functionality added clemens fischer
2002-08-05 17:07 ` Per Abrahamsen
2002-07-31 20:46 ` Jack Twilley
2002-07-31 21:01 ` Josh Huber
2002-07-31 21:03 ` Simon Josefsson
2002-07-31 21:51 ` David Masterson
2002-07-31 21:08 ` Simon Josefsson
2002-07-31 22:05 ` David Masterson
2002-07-31 23:32 ` Alan Shutko
2002-08-01 17:00 ` Paul Jarc
2002-08-05 18:07 ` Simon Josefsson
2002-08-05 18:23 ` TMDA (was: new spam functionality added) Paul Jarc
2002-08-05 23:41 ` Simon Josefsson
2002-08-06 10:27 ` Per Abrahamsen
2002-08-06 15:57 ` Paul Jarc
2002-07-31 20:35 ` new spam functionality added Ted Zlatanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=oyd8z3r4nec.fsf@sam.cs.rice.edu \
--to=scrosby@cs.rice.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).