User-Agent in spam reporting (was: Locking out domains from spam reporting)

Gnus development mailing list
 help / color / mirror / Atom feed

* User-Agent in spam reporting (was: Locking out domains from spam reporting)
       [not found]               ` <87zmoi7hg3.fsf@dod.no>
@ 2005-11-09 13:38                 ` Reiner Steib
  2005-11-09 16:27                   ` User-Agent in spam reporting Steinar Bang
  0 siblings, 1 reply; 9+ messages in thread
From: Reiner Steib @ 2005-11-09 13:38 UTC (permalink / raw)


[ Adding Ding List ]

On Sun, Nov 06 2005, Steinar Bang wrote:

> And this, if I'm not mistaken, is someone using Gnus to malreport:
> X-Gmane-Queue: spam 1131231912 gmane.comp.python.compiler 73 62.206.45.26 "Emacs/21.4 (gnu/linux) (spam-report.el)"
>
> A sad thing to see.

In Gnus, we could optionally (default should be off) add the mail
address of the reporter to the User-Agent, e.g.:

  spam-report.el (reinersteib+gmane@imap.cc) Gnus/5.110004 (No Gnus v0.4)
  Emacs/22.0.50 (gnu/linux)

This would allow the Gmane admins to get in contact with malreporters.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2005-11-09 13:38                 ` User-Agent in spam reporting (was: Locking out domains from spam reporting) Reiner Steib
@ 2005-11-09 16:27                   ` Steinar Bang
  2005-11-09 17:07                     ` Reiner Steib
  0 siblings, 1 reply; 9+ messages in thread
From: Steinar Bang @ 2005-11-09 16:27 UTC (permalink / raw)
  Cc: ding

>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:

> In Gnus, we could optionally (default should be off) add the mail
> address of the reporter to the User-Agent, e.g.:

>   spam-report.el (reinersteib+gmane@imap.cc) Gnus/5.110004 (No Gnus v0.4)
>   Emacs/22.0.50 (gnu/linux)

> This would allow the Gmane admins to get in contact with malreporters.

I doubt we would be able to contact many of them, unless the default
was on.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2005-11-09 16:27                   ` User-Agent in spam reporting Steinar Bang
@ 2005-11-09 17:07                     ` Reiner Steib
  2005-12-15 17:16                       ` Reiner Steib
  0 siblings, 1 reply; 9+ messages in thread
From: Reiner Steib @ 2005-11-09 17:07 UTC (permalink / raw)


On Wed, Nov 09 2005, Steinar Bang wrote:

>>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:
>
>> In Gnus, we could optionally (default should be off) add the mail
>> address of the reporter to the User-Agent, e.g.:
[...]
>> This would allow the Gmane admins to get in contact with malreporters.
>
> I doubt we would be able to contact many of them, unless the default
> was on.

Hm, only the Gmane admins will see this information from the request.
What do people think: Is it acceptable to expose `user-mail-address'
it the HTTP request by default?  Other suggestions?

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2005-11-09 17:07                     ` Reiner Steib
@ 2005-12-15 17:16                       ` Reiner Steib
  2006-02-03 19:18                         ` Ted Zlatanov
  0 siblings, 1 reply; 9+ messages in thread
From: Reiner Steib @ 2005-12-15 17:16 UTC (permalink / raw)


On Wed, Nov 09 2005, Reiner Steib wrote:

> On Wed, Nov 09 2005, Steinar Bang wrote:
>
>>>>>>> Reiner Steib <reinersteib+gmane@imap.cc>:
>>
>>> In Gnus, we could optionally (default should be off) add the mail
>>> address of the reporter to the User-Agent, e.g.:
> [...]
>>> This would allow the Gmane admins to get in contact with malreporters.
>>
>> I doubt we would be able to contact many of them, unless the default
>> was on.
>
> Hm, only the Gmane admins will see this information from the request.
> What do people think: Is it acceptable to expose `user-mail-address'
> it the HTTP request by default?  Other suggestions?

There were no other suggestions or protests, so I decided to use a
slightly obfuscated `user-mail-address':

(defcustom spam-report-user-mail-address
  (and (stringp user-mail-address)
       (gnus-replace-in-string user-mail-address "@" "<at>"))
  "Mail address of this user used for spam reports to Gmane.
This is initialized based on `user-mail-address'."

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2005-12-15 17:16                       ` Reiner Steib
@ 2006-02-03 19:18                         ` Ted Zlatanov
  2006-02-04 15:59                           ` Maciej Matysiak
  0 siblings, 1 reply; 9+ messages in thread
From: Ted Zlatanov @ 2006-02-03 19:18 UTC (permalink / raw)
  Cc: Ding List

On 15 Dec 2005, reinersteib+gmane@imap.cc wrote:

> There were no other suggestions or protests, so I decided to use a
> slightly obfuscated `user-mail-address':
>
> (defcustom spam-report-user-mail-address
> (and (stringp user-mail-address)
> (gnus-replace-in-string user-mail-address "@" "<at>"))
> "Mail address of this user used for spam reports to Gmane.
> This is initialized based on `user-mail-address'."

What do you think about ROT13 of the sender's address?  It's fast,
transparent, and obfuscates enough for any casual snoopers.

Ted



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2006-02-03 19:18                         ` Ted Zlatanov
@ 2006-02-04 15:59                           ` Maciej Matysiak
  2006-02-06 19:01                             ` Ted Zlatanov
  0 siblings, 1 reply; 9+ messages in thread
From: Maciej Matysiak @ 2006-02-04 15:59 UTC (permalink / raw)
  Cc: Ding List

On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:

> What do you think about ROT13 of the sender's address?  It's fast,
> transparent, and obfuscates enough for any casual snoopers.

IMHO that's not a good idea. Using ROT13 on e-mail address can result in
another *working* address. Silly example:
 abc.se -(rot13)-> nop.fr , both domains exist
 abc.it -(rot13)-> nop.vg , both domains exist
  ad.pn -(rot13)->  nq.ca , both domains exist
etc.

Some domains, like .vg, have "catch-all" dns policy, so any mangled domain
(in that case from ".it") can be used for e-mail pollution. Example:
 tiscali.it -(rot13)-> gvfpnyv.vg

phoner@malachai:~$ dnsqr mx gvfpnyv.vg.
15 gvfpnyv.vg:
87 bytes, 1+2+0+0 records, response, noerror
query: 15 gvfpnyv.vg
answer: gvfpnyv.vg 10800 CNAME pjn.qsrch.net
answer: pjn.qsrch.net 86295 MX 0 ix2-mail-gw.new.net

A spammer can use such rot13-ed address and still bother valid domain and its
e-mail server with junk, which would be delivered (in case of accidentaly
valid local-part or catch-all policy) or rejected.

just my 2 (euro)cents,
 m.m.
-- 
 use gnus, not guns!

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2006-02-04 15:59                           ` Maciej Matysiak
@ 2006-02-06 19:01                             ` Ted Zlatanov
  2006-02-06 21:56                               ` Frank Ellermann
  2006-02-14 10:33                               ` Reiner Steib
  0 siblings, 2 replies; 9+ messages in thread
From: Ted Zlatanov @ 2006-02-06 19:01 UTC (permalink / raw)
  Cc: Ding List

On  4 Feb 2006, phoner.ding@blah.pl wrote:

On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:
>
>> What do you think about ROT13 of the sender's address?  It's fast,
>> transparent, and obfuscates enough for any casual snoopers.
>
> IMHO that's not a good idea. Using ROT13 on e-mail address can result in
> another *working* address. Silly example:
> abc.se -(rot13)-> nop.fr , both domains exist
> abc.it -(rot13)-> nop.vg , both domains exist
> ad.pn -(rot13)->  nq.ca , both domains exist
> etc.

OK, I see.  The suffix "R13" could be used to remove all doubt.  In
other words, even if nop.fr has a valid MX record, it will never get
used instead of abc.se, because the Gmane spam report says sender is
"vzz@nop.fr.R13".  This is nice also because there's no R13 TLD and
probably never will be, and if there was it would become E13.R13 ;)

Remember, this is just the spam *submitter* and not what's inside the
spam message itself, so it's probably not necessary to over-engineer
it.

Ted

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2006-02-06 19:01                             ` Ted Zlatanov
@ 2006-02-06 21:56                               ` Frank Ellermann
  2006-02-14 10:33                               ` Reiner Steib
  1 sibling, 0 replies; 9+ messages in thread
From: Frank Ellermann @ 2006-02-06 21:56 UTC (permalink / raw)
  Cc: ding

Ted Zlatanov wrote:

> there's no R13 TLD and probably never will be, and if there
> was it would become E13.R13 ;)

If you want to be sure use "TLD" .13 (digits only, see RfC 3696)

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: User-Agent in spam reporting
  2006-02-06 19:01                             ` Ted Zlatanov
  2006-02-06 21:56                               ` Frank Ellermann
@ 2006-02-14 10:33                               ` Reiner Steib
  1 sibling, 0 replies; 9+ messages in thread
From: Reiner Steib @ 2006-02-14 10:33 UTC (permalink / raw)


On Mon, Feb 06 2006, Ted Zlatanov wrote:

> On  4 Feb 2006, phoner.ding@blah.pl wrote:
> On the 3rd of February 2006 at 20:18, "Ted Zlatanov" <tzz#lifelogs.com> wrote:
>>
>>> What do you think about ROT13 of the sender's address?  It's fast,
>>> transparent, and obfuscates enough for any casual snoopers.
>>
>> IMHO that's not a good idea. Using ROT13 on e-mail address can result in
>> another *working* address. Silly example:
[...]
> Remember, this is just the spam *submitter* and not what's inside the
> spam message itself, so it's probably not necessary to over-engineer
> it.

That's the most important point, IMHO.  Only the Gmane admins (or
sniffers in the worst case) can see this address.  I think the current
"<at>"-obfuscation is good enough.  If someone else want to do more,
feel free to change it.  But the Gmane admins must still be able to
build the correct address easily and it remains customizable for the
Gnus user (I prefer to give the real address w/o any obfuscation).

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2006-02-14 10:33 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <874q7gislv.fsf@dod.no>
     [not found] ` <m3u0fccfwd.fsf@quimbies.gnus.org>
     [not found]   ` <87d5m03rro.fsf@dod.no>
     [not found]     ` <m3u0fc3rcw.fsf@quimbies.gnus.org>
     [not found]       ` <874q7c3qpw.fsf@dod.no>
     [not found]         ` <m3hdbb527p.fsf@quimbies.gnus.org>
     [not found]           ` <87d5lw7i2f.fsf@dod.no>
     [not found]             ` <m3oe5g5qwj.fsf@quimbies.gnus.org>
     [not found]               ` <87zmoi7hg3.fsf@dod.no>
2005-11-09 13:38                 ` User-Agent in spam reporting (was: Locking out domains from spam reporting) Reiner Steib
2005-11-09 16:27                   ` User-Agent in spam reporting Steinar Bang
2005-11-09 17:07                     ` Reiner Steib
2005-12-15 17:16                       ` Reiner Steib
2006-02-03 19:18                         ` Ted Zlatanov
2006-02-04 15:59                           ` Maciej Matysiak
2006-02-06 19:01                             ` Ted Zlatanov
2006-02-06 21:56                               ` Frank Ellermann
2006-02-14 10:33                               ` Reiner Steib

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).