User-Agent in spam reporting (was: Locking out domains from spam reporting)

User-Agent in spam reporting (was: Locking out domains from spam reporting)

[Reiner Steib]

[ Adding Ding List ]

On Sun, Nov 06 2005, Steinar Bang wrote:

> And this, if I'm not mistaken, is someone using Gnus to malreport:
> X-Gmane-Queue: spam 1131231912 gmane.comp.python.compiler 73 62.206.45.26 "Emacs/21.4 (gnu/linux) (spam-report.el)"
>
> A sad thing to see.

In Gnus, we could optionally (default should be off) add the mail
address of the reporter to the User-Agent, e.g.:

  spam-report.el (reinersteib+gmane@imap.cc) Gnus/5.110004 (No Gnus v0.4)
  Emacs/22.0.50 (gnu/linux)

This would allow the Gmane admins to get in contact with malreporters.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: User-Agent in spam reporting

[Steinar Bang]

>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:

> In Gnus, we could optionally (default should be off) add the mail
> address of the reporter to the User-Agent, e.g.:

>   spam-report.el (reinersteib+gmane@imap.cc) Gnus/5.110004 (No Gnus v0.4)
>   Emacs/22.0.50 (gnu/linux)

> This would allow the Gmane admins to get in contact with malreporters.

I doubt we would be able to contact many of them, unless the default
was on.

Re: User-Agent in spam reporting

[Reiner Steib]

On Wed, Nov 09 2005, Steinar Bang wrote:

>>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:
>
>> In Gnus, we could optionally (default should be off) add the mail
>> address of the reporter to the User-Agent, e.g.:
[...]
>> This would allow the Gmane admins to get in contact with malreporters.
>
> I doubt we would be able to contact many of them, unless the default
> was on.

Hm, only the Gmane admins will see this information from the request.
What do people think: Is it acceptable to expose `user-mail-address'
it the HTTP request by default?  Other suggestions?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: User-Agent in spam reporting

[Reiner Steib]

On Wed, Nov 09 2005, Reiner Steib wrote:

> On Wed, Nov 09 2005, Steinar Bang wrote:
>
>>>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:
>>
>>> In Gnus, we could optionally (default should be off) add the mail
>>> address of the reporter to the User-Agent, e.g.:
> [...]
>>> This would allow the Gmane admins to get in contact with malreporters.
>>
>> I doubt we would be able to contact many of them, unless the default
>> was on.
>
> Hm, only the Gmane admins will see this information from the request.
> What do people think: Is it acceptable to expose `user-mail-address'
> it the HTTP request by default?  Other suggestions?

There were no other suggestions or protests, so I decided to use a
slightly obfuscated `user-mail-address':

(defcustom spam-report-user-mail-address
  (and (stringp user-mail-address)
       (gnus-replace-in-string user-mail-address "@" "<at>"))
  "Mail address of this user used for spam reports to Gmane.
This is initialized based on `user-mail-address'."

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: User-Agent in spam reporting

[Ted Zlatanov]

On 15 Dec 2005, reinersteib+gmane@imap.cc wrote:

> There were no other suggestions or protests, so I decided to use a
> slightly obfuscated `user-mail-address':
>
> (defcustom spam-report-user-mail-address
> (and (stringp user-mail-address)
> (gnus-replace-in-string user-mail-address "@" "<at>"))
> "Mail address of this user used for spam reports to Gmane.
> This is initialized based on `user-mail-address'."

What do you think about ROT13 of the sender's address?  It's fast,
transparent, and obfuscates enough for any casual snoopers.

Ted

Re: User-Agent in spam reporting

[Maciej Matysiak]

On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:

> What do you think about ROT13 of the sender's address?  It's fast,
> transparent, and obfuscates enough for any casual snoopers.

IMHO that's not a good idea. Using ROT13 on e-mail address can result in
another *working* address. Silly example:
 abc.se -(rot13)-> nop.fr , both domains exist
 abc.it -(rot13)-> nop.vg , both domains exist
  ad.pn -(rot13)->  nq.ca , both domains exist
etc.

Some domains, like .vg, have "catch-all" dns policy, so any mangled domain
(in that case from ".it") can be used for e-mail pollution. Example:
 tiscali.it -(rot13)-> gvfpnyv.vg

phoner@malachai:~$ dnsqr mx gvfpnyv.vg.
15 gvfpnyv.vg:
87 bytes, 1+2+0+0 records, response, noerror
query: 15 gvfpnyv.vg
answer: gvfpnyv.vg 10800 CNAME pjn.qsrch.net
answer: pjn.qsrch.net 86295 MX 0 ix2-mail-gw.new.net

A spammer can use such rot13-ed address and still bother valid domain and its
e-mail server with junk, which would be delivered (in case of accidentaly
valid local-part or catch-all policy) or rejected.

just my 2 (euro)cents,
 m.m.
-- 
 use gnus, not guns!

Re: User-Agent in spam reporting

[Ted Zlatanov]

On  4 Feb 2006, phoner.ding@blah.pl wrote:

On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:
>
>> What do you think about ROT13 of the sender's address?  It's fast,
>> transparent, and obfuscates enough for any casual snoopers.
>
> IMHO that's not a good idea. Using ROT13 on e-mail address can result in
> another *working* address. Silly example:
> abc.se -(rot13)-> nop.fr , both domains exist
> abc.it -(rot13)-> nop.vg , both domains exist
> ad.pn -(rot13)->  nq.ca , both domains exist
> etc.

OK, I see.  The suffix "R13" could be used to remove all doubt.  In
other words, even if nop.fr has a valid MX record, it will never get
used instead of abc.se, because the Gmane spam report says sender is
"vzz@nop.fr.R13".  This is nice also because there's no R13 TLD and
probably never will be, and if there was it would become E13.R13 ;)

Remember, this is just the spam *submitter* and not what's inside the
spam message itself, so it's probably not necessary to over-engineer
it.

Ted

Re: User-Agent in spam reporting

[Frank Ellermann]

Ted Zlatanov wrote:

> there's no R13 TLD and probably never will be, and if there
> was it would become E13.R13 ;)

If you want to be sure use "TLD" .13 (digits only, see RfC 3696)

Re: User-Agent in spam reporting

[Reiner Steib]

On Mon, Feb 06 2006, Ted Zlatanov wrote:

> On  4 Feb 2006, phoner.ding@blah.pl wrote:
> On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:
>>
>>> What do you think about ROT13 of the sender's address?  It's fast,
>>> transparent, and obfuscates enough for any casual snoopers.
>>
>> IMHO that's not a good idea. Using ROT13 on e-mail address can result in
>> another *working* address. Silly example:
[...]
> Remember, this is just the spam *submitter* and not what's inside the
> spam message itself, so it's probably not necessary to over-engineer
> it.

That's the most important point, IMHO.  Only the Gmane admins (or
sniffers in the worst case) can see this address.  I think the current
"<at>"-obfuscation is good enough.  If someone else want to do more,
feel free to change it.  But the Gmane admins must still be able to
build the correct address easily and it remains customizable for the
Gnus user (I prefer to give the real address w/o any obfuscation).

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/