You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Per Jessen <pe...@computer.org> on 2007/07/19 15:35:40 UTC
not everyone is happy with SA
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
/Per Jessen, Zürich
R: not everyone is happy with SA
Posted by Giampaolo Tomassoni <g....@libero.it>.
> -----Messaggio originale-----
> Da: Per Jessen [mailto:per@computer.org]
>
>
> http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
So sorry I can't deploy a CR technology since I have unix systems.
Due to this, I may, eventually, deploy an LF one.
Do you have any link to spare? :)
Giampaolo
>
>
>
> /Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Loren Wilton wrote:
> It occurs to me to wonder how C/R is supposed to establish
> communications between two users of C/R systems.
>
> You send a message to X. His C/R system, not knowing you, doesn't
> deliver the mail to X, it sends a challenge back to you.
>
> Your C/R system, not knowing X, sends him a C/R message, demanding he
> jump through hoops to send YOU a C/R message.
>
> His system recieves the C/R message from your system. Not knowing you,
> it sends you a C/R message...
>
> While this is good for bandwidth providers that charge by the bit, it
> isn't clear to me how you establish communications.
>
> Perhaps the original sender calls the recipient on the phone and asks to
> be pre-authorized to break the loop?
Not that I'm defending C/R systems, as I dislike them, but, I believe
the above is solved by C/R systems that whitelist outbound messages.
So:
1) you send message to X, and your C/R system whitelists X.
2) X's C/R system gets the message, holds it, and sends you a Challenge
3) your C/R system lets the Challenge through because you whitelisted X.
4) you handle the challenge however you want to.
Of course, this depends on X using the a sender address for his
Challenges that matches the recipient address, and that said recipient
address wasn't munged along the path. Any kind of modification due to
masquerading, non-transparent forwarding, etc., will keep that from working.
Re: not everyone is happy with SA
Posted by Loren Wilton <lw...@earthlink.net>.
It occurs to me to wonder how C/R is supposed to establish communications
between two users of C/R systems.
You send a message to X. His C/R system, not knowing you, doesn't deliver
the mail to X, it sends a challenge back to you.
Your C/R system, not knowing X, sends him a C/R message, demanding he jump
through hoops to send YOU a C/R message.
His system recieves the C/R message from your system. Not knowing you, it
sends you a C/R message...
While this is good for bandwidth providers that charge by the bit, it isn't
clear to me how you establish communications.
Perhaps the original sender calls the recipient on the phone and asks to be
pre-authorized to break the loop?
Loren
Re: not everyone is happy with SA
Posted by Luis Hernán Otegui <lu...@gmail.com>.
Funny how the closed-source companies need to base their marketing
policies on FUD, or even worse, user-defined indexes. If I'm allowed
to non-literally quote Homer Simpson here:
"Ah, Kent, everything can be proven these days with statistics. 60% of
the people knows it..."
I used to work as netadmin in a group who did cardiac arrhitmia
research. And everyone had their theories, which they backed up with
indexes kinda "created on the fly" for that sole purpose. I used to
compare this to Madamme Blavatski's theories on how the distance from
Earth to the Sun was related to a side of the Great Piramid of
Gizah...
Plain statistics tells you the real story, IMHO. Five years of SA
usage had convinced me it's a great product.
Backscatter virus and spam warningns do nothing but trash traffic. C/R
does the same.
Luis
2007/7/19, Steve Freegard <st...@fsl.com>:
> Per Jessen wrote:
> > http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
>
> Justin's response is far better reading:
>
> http://taint.org/2007/07/19/122638a.html
>
>
> Kind regards,
> Steve.
>
--
-------------------------------------------------
GNU-GPL: "May The Source Be With You...
Linux Registered User #448382.
When I grow up, I wanna be like Theo...
-------------------------------------------------
Re: not everyone is happy with SA
Posted by Steve Freegard <st...@fsl.com>.
Per Jessen wrote:
> http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
Justin's response is far better reading:
http://taint.org/2007/07/19/122638a.html
Kind regards,
Steve.
Re: not everyone is happy with SA
Posted by Per Jessen <pe...@computer.org>.
JT DeLys wrote:
> "Login required for download."
>
> Heh. There's a surprise ... Marketing wizards at work!
>
http://www.brockmann.com/index.php?option=com_content&task=view&id=847&Itemid=2
/Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by JT DeLys <jt...@gmail.com>.
"Login required for download."
Heh. There's a surprise ... Marketing wizards at work!
--
Thanks,
JTDeLys
[OT] Re: not everyone is happy with SA
Posted by Loren Wilton <lw...@earthlink.net>.
> Love it Loren, justice prevails. :) But don't they eventually take over
> the
> place leading to the purchase of a DR Trimmer and other less neat
> eradication
> methods, like flame throwers and such?
They started from some my mother had planted beside the house that took over
about half an acre and made the house half inaccessible. Took A LOT of work
to finally get rid of those. So far the other stuff is being fairly
managable. I keep the live stuff small, and just distribute lots of dead
branches about.
Loren
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Thursday 19 July 2007, Loren Wilton wrote:
>> Chuckle. Now in that case, a tall chain link fence, with a few "Beware of
>> Mickey" placards might be in order.
>
>It is a 6' fence, variously wood and chain link. And I used to have LOTS of
>problem with people ignoring the "private property" signs on the other side
>and jumping the fence any time they wanted a convenient path from one place
>to another. I finally planted Jeruselem Thorn bushes at the major traffic
>points, and dropped the trimmings (these are prolific plants) along the base
>of the fence in other traffic places. This stopped the "jump over the six
>foot fence" traffic after about a month.
>
> Loren
Love it Loren, justice prevails. :) But don't they eventually take over the
place leading to the purchase of a DR Trimmer and other less neat eradication
methods, like flame throwers and such?
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If you have never been hated by your child, you have never been a parent.
-- Bette Davis
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Friday 20 July 2007, Loren Wilton wrote:
>> I guess that's just another chapter in the proof that there is one born
>> every
>> minute.
>
>When P.T. Barnum made that statement the population of the US was about 60
>million. It is now somewhere north of 250 million.
>
> Loren
Humm, so we must be averaging around 4 a minute in order to keep the curve
rising that steeply?
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Q: What do Winnie the Pooh and John the Baptist have in common?
A: The same middle name.
Re: not everyone is happy with SA
Posted by Loren Wilton <lw...@earthlink.net>.
> I guess that's just another chapter in the proof that there is one born
> every
> minute.
When P.T. Barnum made that statement the population of the US was about 60
million. It is now somewhere north of 250 million.
Loren
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Friday 20 July 2007, Kelson wrote:
>Gene Heskett wrote:
>>> I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
>>> recommending use of appropriate protective gear. But in today's terrorism
>>> atmosphere some idiot might not get it and....
>>
>> Chuckle...
>>
>> Only if they failed introductory chemistry 101, but it should be good for
>> a chuckle even if you did have to explain it to the high school graduate,
>> I know everything crowd. Its when they _still_ don't get it that could be
>> a problem. By then they wouldn't touch a glass of it even with some of it
>> in frozen form on a steaming hot day. Doesn't Darwin have an award for
>> those?
>
>Sadly, this isn't as implausible as one might hope. A few years ago, a
>nearby city council (Aliso Viejo, California) came close to banning
>styrofoam cups based on the fact that they contained a dangerous
>chemical: dihydrogen monoxide.
>
>They blamed it on a paralegal who did "bad research," but somehow
>managed not to catch the joke until after it had been scheduled for a vote.
I guess that's just another chapter in the proof that there is one born every
minute.
And, sometimes one lets such things come to their regular conclusion just so
we can say, while sharpening one finger against another, I told you so...
There is a certain amount of self satisfaction to that when the whole thing
is a matter of public record to be discussed in the media, at length, just
prior to the next election. :-)
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Suspicion always haunts the guilty mind.
-- Wm. Shakespeare
Re: not everyone is happy with SA
Posted by Kelson <ke...@speed.net>.
Gene Heskett wrote:
>> I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
>> recommending use of appropriate protective gear. But in today's terrorism
>> atmosphere some idiot might not get it and....
>
> Chuckle...
>
> Only if they failed introductory chemistry 101, but it should be good for a
> chuckle even if you did have to explain it to the high school graduate, I
> know everything crowd. Its when they _still_ don't get it that could be a
> problem. By then they wouldn't touch a glass of it even with some of it in
> frozen form on a steaming hot day. Doesn't Darwin have an award for those?
Sadly, this isn't as implausible as one might hope. A few years ago, a
nearby city council (Aliso Viejo, California) came close to banning
styrofoam cups based on the fact that they contained a dangerous
chemical: dihydrogen monoxide.
They blamed it on a paralegal who did "bad research," but somehow
managed not to catch the joke until after it had been scheduled for a vote.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Thursday 19 July 2007, jdow wrote:
>From: "Gene Heskett" <ge...@verizon.net>
>
>> On Thursday 19 July 2007, Loren Wilton wrote:
>>>> If someone poops in my swimming pool, I don't find it an acceptable
>>>> solution to chuck it over the fence into my neighbors yard. Why do you?
>>>
>>>Perhaps because most people believe that is the correct solution?
>>>
>>>I have a fairly large yard surrounded by about two dozen newer tract
>>>houses.
>>>I employ a gardener to go around once a week and pick up all the yard
>>>trash
>>>that the neighbors have thrown over their back fences into my yard because
>>>they were two lazy to carry it out to the street for the FREE yard trash
>>>pickup by the city. Generally any time they trim a bush, plant, or tree,
>>>they assume *I* want their dead plant parts. And broken awnings, and
>>>discarded toys, and used up swimming pool treatment containers, etc.
>>>
>>>Out of the 20 or so houses, I'd say this is a major problem with about 16
>>>of
>>>them. So I'd say 4 out of 5 people would prefer C/R systems, as long as
>>>their C/R system filters out all of the Cs from other users before they
>>>see
>>>them.
>>>
>>> Loren
>>
>> Chuckle. Now in that case, a tall chain link fence, with a few "Beware of
>> Mickey" placards might be in order.
>
>That's "Mikey", because he'll eat ANYTHING.
Sorry, I didn't intentionally miss-spell his name. If I run across an extra
door to door salesman I'll send him along as retribution.
>I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
>recommending use of appropriate protective gear. But in today's terrorism
>atmosphere some idiot might not get it and....
Chuckle...
Only if they failed introductory chemistry 101, but it should be good for a
chuckle even if you did have to explain it to the high school graduate, I
know everything crowd. Its when they _still_ don't get it that could be a
problem. By then they wouldn't touch a glass of it even with some of it in
frozen form on a steaming hot day. Doesn't Darwin have an award for those?
>In the past I've toyed with (and used once on an antenna tower) signs
>like "Trespassers will be experimented upon."
Or "Trespassers will be violated by Mikey" :)
Reminds me somewhat of a sign I once saw on the entrance to a ranch road SE of
Farmington NM in 1979 that went in a semi-straight line over several hills in
the distance and it said:
--------------------------------
| No hunting or trespassing, |
| violators will be shot, |
| survivors will be shot again |
| (and again) |
--------------------------------
Obviously I never found out where that road actually went. And to top it off,
I've seen a pix of that sign in print since but google can't find the actual
pix. Silk screened imitations is all.
The neighbors must have been having a 'can you top this' contest because there
was another sign down in the boondocks about 40 miles away approaching
Heurfano Mtn.
<http://www.lapahie.com/Huerfano_Mountain.cfm>
that said his trespasser load for his shotgun wasn't exactly soft pillows. I
did pass that one several times on my way to check a microwave site on the
far end of that sacred ridge in the desert floor. (I had the only 1st phone
in that region at the time so I was in popular demand) Our vehicles were
allowed passage but we weren't allowed to put a foot down until we were past
the sacred portion, not even if the vehicle broke down. I prayed to
the "Bronco, get me there and back" gods when I headed up that trail.
Somehow it always did. The microwave shack was the end of the road, and to
walk 50 feet past it you'd need a parachute or rock crawling gear.
Very very interesting pieces of country to an archeologist, 3rd ranked by me,
with Chaco Canyon and Mesa Verde #1 & #2. I have personally seen the 'ghosts
of time' at Chaco Canyon, and there are some un-explainable in 800 year old
technology things at Mesa Verde. All 3 are magic places to visit if you let
your mind listen to what you see.
>{+_+}
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I'd like MY data-base JULIENNED and stir-fried!
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Thursday 19 July 2007, jdow wrote:
>From: "Loren Wilton" <lw...@earthlink.net>
>
>>> Chuckle. Now in that case, a tall chain link fence, with a few "Beware
>>> of
>>> Mickey" placards might be in order.
>>
>> It is a 6' fence, variously wood and chain link. And I used to have LOTS
>> of problem with people ignoring the "private property" signs on the other
>> side and jumping the fence any time they wanted a convenient path from one
>> place to another. I finally planted Jeruselem Thorn bushes at the major
>> traffic points, and dropped the trimmings (these are prolific plants)
>> along the base of the fence in other traffic places. This stopped the
>> "jump over the six foot fence" traffic after about a month.
>
>Longer than that. I kept the jump spots "fed".
>
>For those who don't know about Jerusalem Thorn we're talking about the
>Mexican variety, Parkinsonia Aculeata.
>
>http://en.wikipedia.org/wiki/Parkinsonia_aculeata
>
>This is a NASTY thorn bush. And the Wikipedia description underestimates
>the thorn size. The trees we had would produce thorns about an inch to
>an inch and a half long that would go through tennis shoe soles. They
>would embed deeply into hard rubber soled walking shoes that had 3/4"
>soles. Around each randomly curved thorn at its base were a collection
>of little thorns about 2 to 4 mm long.
>
>It was a pain, literally, to cut off branches and then pull them loose
>from the other branches. It was only safe to carry a small number at a
>time lest their weight force thorns through thick leather work gloves.
>But I did keep the "traps" seeded. And I am nasty enough to get giggles
>when I think of the reactions of those who jumped the fence into a
>bunch of these monsters.
>
>(Now we have a second fence across the "front" of the property so the
>short cut doesn't work so well, particularly with the easy gate from the
>jump spots seems to have gotten jammed in a Santana wind storm a couple
>years ago.)
Santana wind? I'll bet... And that has worked so well that no effort to
repair it has been spared. :)
>{^_-}
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If you have never been hated by your child, you have never been a parent.
-- Bette Davis
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Loren Wilton" <lw...@earthlink.net>
>> Chuckle. Now in that case, a tall chain link fence, with a few "Beware
>> of
>> Mickey" placards might be in order.
>
> It is a 6' fence, variously wood and chain link. And I used to have LOTS
> of problem with people ignoring the "private property" signs on the other
> side and jumping the fence any time they wanted a convenient path from one
> place to another. I finally planted Jeruselem Thorn bushes at the major
> traffic points, and dropped the trimmings (these are prolific plants)
> along the base of the fence in other traffic places. This stopped the
> "jump over the six foot fence" traffic after about a month.
Longer than that. I kept the jump spots "fed".
For those who don't know about Jerusalem Thorn we're talking about the
Mexican variety, Parkinsonia Aculeata.
http://en.wikipedia.org/wiki/Parkinsonia_aculeata
This is a NASTY thorn bush. And the Wikipedia description underestimates
the thorn size. The trees we had would produce thorns about an inch to
an inch and a half long that would go through tennis shoe soles. They
would embed deeply into hard rubber soled walking shoes that had 3/4"
soles. Around each randomly curved thorn at its base were a collection
of little thorns about 2 to 4 mm long.
It was a pain, literally, to cut off branches and then pull them loose
from the other branches. It was only safe to carry a small number at a
time lest their weight force thorns through thick leather work gloves.
But I did keep the "traps" seeded. And I am nasty enough to get giggles
when I think of the reactions of those who jumped the fence into a
bunch of these monsters.
(Now we have a second fence across the "front" of the property so the
short cut doesn't work so well, particularly with the easy gate from the
jump spots seems to have gotten jammed in a Santana wind storm a couple
years ago.)
{^_-}
Re: not everyone is happy with SA
Posted by Loren Wilton <lw...@earthlink.net>.
> Chuckle. Now in that case, a tall chain link fence, with a few "Beware of
> Mickey" placards might be in order.
It is a 6' fence, variously wood and chain link. And I used to have LOTS of
problem with people ignoring the "private property" signs on the other side
and jumping the fence any time they wanted a convenient path from one place
to another. I finally planted Jeruselem Thorn bushes at the major traffic
points, and dropped the trimmings (these are prolific plants) along the base
of the fence in other traffic places. This stopped the "jump over the six
foot fence" traffic after about a month.
Loren
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Gene Heskett" <ge...@verizon.net>
> On Thursday 19 July 2007, Loren Wilton wrote:
>>> If someone poops in my swimming pool, I don't find it an acceptable
>>> solution to chuck it over the fence into my neighbors yard. Why do you?
>>
>>Perhaps because most people believe that is the correct solution?
>>
>>I have a fairly large yard surrounded by about two dozen newer tract
>>houses.
>>I employ a gardener to go around once a week and pick up all the yard
>>trash
>>that the neighbors have thrown over their back fences into my yard because
>>they were two lazy to carry it out to the street for the FREE yard trash
>>pickup by the city. Generally any time they trim a bush, plant, or tree,
>>they assume *I* want their dead plant parts. And broken awnings, and
>>discarded toys, and used up swimming pool treatment containers, etc.
>>
>>Out of the 20 or so houses, I'd say this is a major problem with about 16
>>of
>>them. So I'd say 4 out of 5 people would prefer C/R systems, as long as
>>their C/R system filters out all of the Cs from other users before they
>>see
>>them.
>>
>> Loren
>
> Chuckle. Now in that case, a tall chain link fence, with a few "Beware of
> Mickey" placards might be in order.
That's "Mikey", because he'll eat ANYTHING.
I've been toying with "DANGER - DIHYDROGEN-MONOXIDE IN USE" signs
recommending use of appropriate protective gear. But in today's terrorism
atmosphere some idiot might not get it and....
In the past I've toyed with (and used once on an antenna tower) signs
like "Trespassers will be experimented upon."
{+_+}
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Thursday 19 July 2007, Loren Wilton wrote:
>> If someone poops in my swimming pool, I don't find it an acceptable
>> solution to chuck it over the fence into my neighbors yard. Why do you?
>
>Perhaps because most people believe that is the correct solution?
>
>I have a fairly large yard surrounded by about two dozen newer tract houses.
>I employ a gardener to go around once a week and pick up all the yard trash
>that the neighbors have thrown over their back fences into my yard because
>they were two lazy to carry it out to the street for the FREE yard trash
>pickup by the city. Generally any time they trim a bush, plant, or tree,
>they assume *I* want their dead plant parts. And broken awnings, and
>discarded toys, and used up swimming pool treatment containers, etc.
>
>Out of the 20 or so houses, I'd say this is a major problem with about 16 of
>them. So I'd say 4 out of 5 people would prefer C/R systems, as long as
>their C/R system filters out all of the Cs from other users before they see
>them.
>
> Loren
Chuckle. Now in that case, a tall chain link fence, with a few "Beware of
Mickey" placards might be in order.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Message will arrive in the mail. Destroy, before the FBI sees it.
RE: Re: not everyone is happy with SA
Posted by Rob Sterenborg <R....@netsourcing.nl>.
Per Jessen wrote:
> Like I said - provided that the objective is to avoid spam, it might
> work for the individual user. The objective of C-R was never (IMO) to
> help reduce or eliminate spam other than for one person.
However, there isn't just one email user; there's a lot of them.
If every private email user used C/R as spam protection that wouldn't be
good either. IMO C/R just shouldn't be used for spam checking, corporate
or private.
--
Rob
Re: not everyone is happy with SA
Posted by Per Jessen <pe...@computer.org>.
Andy Sutton wrote:
> On Thu, 2007-07-19 at 21:35 +0200, Per Jessen wrote:
>> Well, provided the objective is to avoid spam, it still might work
>> well for that individual user.
>
> Avoid? For whom? The objective should be to reduce or eliminate
> spam, not pass filtering costs off on others.
Like I said - provided that the objective is to avoid spam, it might
work for the individual user. The objective of C-R was never (IMO) to
help reduce or eliminate spam other than for one person.
/Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by Andy Sutton <ne...@pessimists.net>.
On Thu, 2007-07-19 at 21:35 +0200, Per Jessen wrote:
> Well, provided the objective is to avoid spam, it still might work
> well for that individual user.
Avoid? For whom? The objective should be to reduce or eliminate spam,
not pass filtering costs off on others. The "individual user" didn't
solve anything, other than proving they fine with wasting others time
and bandwidth. Like it or not you're advocating throwing trash in my
yard for an "individual users" advantage.
If these systems worked as intended, then no email would ever get
delivered since any significant penetration would block challenge
messages too. They were specifically designed to exploit the fact that
most people won't use them.
--
- Andy
This is not the place to ask for a scooby snack or hand holding
without getting attacked with a flamethrower.
- Stack Smasher, Full-disclosure email list
Re: not everyone is happy with SA
Posted by Per Jessen <pe...@computer.org>.
Andy Sutton wrote:
> On Thu, 2007-07-19 at 19:37 +0200, Per Jessen wrote:
>> I think CR can perhaps work quite well for an individual user with
>> the technical insight & time to spare, but such individual users are
>> only an small part of the picture.
>
> No it doesn't. It foists the recipients burden on others, usually due
> to the *lack* of technical insight. Otherwise they'd realize they are
> only making the problem worse.
Well, provided the objective is to avoid spam, it still might work well
for that individual user.
> If someone poops in my swimming pool, I don't find it an acceptable
> solution to chuck it over the fence into my neighbors yard. Why do
> you?
I never said I did. I just said some users might.
/Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by Loren Wilton <lw...@earthlink.net>.
> If someone poops in my swimming pool, I don't find it an acceptable
> solution to chuck it over the fence into my neighbors yard. Why do you?
Perhaps because most people believe that is the correct solution?
I have a fairly large yard surrounded by about two dozen newer tract houses.
I employ a gardener to go around once a week and pick up all the yard trash
that the neighbors have thrown over their back fences into my yard because
they were two lazy to carry it out to the street for the FREE yard trash
pickup by the city. Generally any time they trim a bush, plant, or tree,
they assume *I* want their dead plant parts. And broken awnings, and
discarded toys, and used up swimming pool treatment containers, etc.
Out of the 20 or so houses, I'd say this is a major problem with about 16 of
them. So I'd say 4 out of 5 people would prefer C/R systems, as long as
their C/R system filters out all of the Cs from other users before they see
them.
Loren
Re: not everyone is happy with SA
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Thu, 19 Jul 2007, Dave Pooser wrote:
> Actually I've seen one C/R variant that addresses the backscatter C/R issue
> quite nicely; it dropped the suspected spam in a quarantine folder and
> issued an SMTP fakereject after DATA that included a link to a website where
> the sender could release the spam from quarantine. So no backscatter
> spamming innocent third parties, but you still get a chance for the sender
> to verify sending a message. The backend might be a little involved to set
> up, but the final system looked secure and easy to use.
This breaks as soon as it runs into an Exchange server. Microsoft, in
their infinitely great wisdom, "sanitizes" DSNs, removes the original
error text and replaces it with their 'PC' interpretation of the error
code. Thus Exchange LLusers[1] will not see the link and have
no chance to release their message.
[1] the 'LL' is pronounced in the Spanish style.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
jdow wrote:
> From: "John Rudd" <jr...@ucsc.edu>
>>
>>> If you return a 5xx error, what is to prevent the spammer from
>>> clicking to release? CAPTCHA?
>>
>> I'm actually not concerned about that. While that is a quality issue
>> for the user of the C/R system, it isn't something that pollutes the net.
>
> THAT is where we disagree. C/R pollutes the net. There is no question
> about it. It is the effort of a weak mind to defend itself from knowledge
> as well as spam.
You misunderstood my point. I'm not saying C/R doesn't pollute the net.
I said the exact release mechanism isn't something I'm concerned
about. It is not an extra set of net pollution, above and beyond the
basic C/R system.
Also, the mentioned C/R system is at least less polluting than other C/R
mechanisms: it's rejecting instead of bouncing, so messages from direct
spam sending bots will just disappear instead of being backscattered.
Normal C/R systems would cause backscatter from those same messages.
But, as I pointed out, and as you agreed with me, it still has at least
2 features that remain unacceptable (and as the person who mentioned it
said, he doesn't know if the 3rd one is a problem in that implementation
or not; so it might be 3 features that remain unacceptable).
>>> What if this system was in widespread use? It could be a serious
>>> single point of failure.
>>
>> Again, that's a quality issue for the user of the C/R system, not for
>> the rest of us. And, it's an implementation detail that might be
>> solvable with clustered web servers and databases, so a large scale
>> implementation might not have a single point of failure.
>
> If you intend to email me Challenge/Response sets off a
a) I believe there is supposed to be a comma after "me" ... otherwise
the rant is a bit awkwardly worded.
b) I never said I plan to use C/R systems. I don't like C/R systems. I
never said anything that comes close to saying that I like them or would
use them. You of all people I would expect to intelligently read a
message instead of knee-jerking to a message which simply analyzes a
newly presented C/R mechanism (and still points out its flaws), while
dismissing some of its implementation details* as "not relevant to its
non-users".
(* the captcha question, and the single point of failure question)
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "John Rudd" <jr...@ucsc.edu>
> Ken A wrote:
>> Dave Pooser wrote:
>>>>> I think CR can perhaps work quite well for an individual user with the
>>>>> technical insight & time to spare, but such individual users are only
>>>>> an small part of the picture.
>>>> No it doesn't. It foists the recipients burden on others, usually due
>>>> to the *lack* of technical insight. Otherwise they'd realize they are
>>>> only making the problem worse.
>>>
>>> Actually I've seen one C/R variant that addresses the backscatter C/R
>>> issue
>>> quite nicely; it dropped the suspected spam in a quarantine folder and
>>> issued an SMTP fakereject after DATA that included a link to a website
>>> where
>>> the sender could release the spam from quarantine. So no backscatter
>>> spamming innocent third parties, but you still get a chance for the
>>> sender
>>> to verify sending a message. The backend might be a little involved to
>>> set
>>> up, but the final system looked secure and easy to use.
>
> I think that's the first non-backscatter form of C/R I've seen.
>
> However, it still leaves the problems of:
>
> 1) A user sends me a technical question. I answer, and get back a
> Challenge, forcing me to jump through hoops to get their answer to them.
User never gets the reply if that happens to me. I am rather rigid
about spam like Challenge/Response mailings. I have most of them trained
into my SpamAssassin to simply get treated as spam if I didn't get mad
enough to filter the entire site out in procmail.
> 2) I send email inquiry to a business. They send me a Challenge, making
> me jump through hoops in order to give them money.
I categorically refuse to do business with spammers. Users of Challenge/
Response are spammers. Hence they get dropped on the floor and lose my
business.
> 3) You're still forcing a legitimate sender to do your anti-spam decision
> making for you.
And I take that as a mortal insult from somebody too lazy to do proper
spam filtering.
> All of those are still, IMO, unacceptably rude.
>
>
>> If you return a 5xx error, what is to prevent the spammer from clicking
>> to release? CAPTCHA?
>
> I'm actually not concerned about that. While that is a quality issue for
> the user of the C/R system, it isn't something that pollutes the net.
THAT is where we disagree. C/R pollutes the net. There is no question
about it. It is the effort of a weak mind to defend itself from knowledge
as well as spam.
>> What if this system was in widespread use? It could be a serious single
>> point of failure.
>
> Again, that's a quality issue for the user of the C/R system, not for the
> rest of us. And, it's an implementation detail that might be solvable
> with clustered web servers and databases, so a large scale implementation
> might not have a single point of failure.
If you intend to email me Challenge/Response sets off a pavlovian
reaction after my having had problems with some <censoreds> in Brazil
who sent C/R requests to every message I posted on the Fedora list.
For awhile I had Brazil blocked here. Then I opened it up to one ISP
being blocked (UOL). Then I simply sequestered their C/R messages. If
the <censoreds> who used it wanted help they can bloody well turn off
the C/R before they get help from me. I learned to HATE C/R with a
purple passion. I'd like to find its inventor and insert a through
hole in a fun part of his anatomy. The UOL C/R got to be a REALLY
REALLY annoying phenomenon. It is a concept that is broken and cannot
be fixed.
{`_'}
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "John Rudd" <jr...@ucsc.edu>
> Graham Murray wrote:
>> John Rudd <jr...@ucsc.edu> writes:
>>
>>> However, it still leaves the problems of:
>>>
>>> 1) A user sends me a technical question. I answer, and get back a
>>> Challenge, forcing me to jump through hoops to get their answer to
>>> them.
>>
>> That sounds like a very badly designed system. While I do not like C/R
>> systems so would never implement one, surely it is only common sense to
>> expect responses to emails which are sent out and therefore to accept
>> such responses without issuing a challenge.
>
> I agree. But the proposed design didn't mention whitelisting the
> recipients of your own outbound traffic. And there are C/R systems that
> are deficient in this area.
HOw do you know all the intended recipients of emails sent to mailing
lists. Sometimes it is most polite to reply off list. A C/R loses at
that point. It becomes spam and an insult.
> But, there's also the simple case that the recipient of the message
> might not be the person who replies to it. You might send a message to
> it.help@example.com, which is a mailing list or multi-delivery alias,
> and get an answer back from joe.smith.in.support@example.com ... same
> problem, but not easily whitelisted.
Precisely.
{^_^}
RE: not everyone is happy with SA
Posted by Michael Scheidell <sc...@secnap.net>.
> -----Original Message-----
> From: John Rudd [mailto:jrudd@ucsc.edu]
> Sent: Thursday, July 19, 2007 6:06 PM
> To: Graham Murray
> Cc: users@spamassassin.apache.org
> Subject: Re: not everyone is happy with SA
>
> Graham Murray wrote:
> > John Rudd <jr...@ucsc.edu> writes:
> >
> >> However, it still leaves the problems of:
> >>
> >> 1) A user sends me a technical question. I answer, and get back a
> >> Challenge, forcing me to jump through hoops to get their answer to
> >> them.
> >
And, if yahoo used CR, and gmail used CR, and someone on gmail sent an
email to someone on Yahoo, who they had never sent an email to before,
what happens? (does anyone remember bofh.bot?
Also, there was at least ONE CR company that gathered the 'willing
participants who volunteered their email addresses to be harvested for
spam'.
See: ' anti-spam company is spamming'
www.techdirt.com/articles/20030213/091225.shtm
When (two years ago?) IBM stated they had the best solution to spam
(CR), they got laughed at.
CR is a plague, and should be outlawed by every civilized country in the
world.
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: not everyone is happy with SA
Posted by Nix <ni...@esperi.org.uk>.
On 20 Jul 2007, jdow@earthlink.net spake thusly:
> Um, captcha? Then I'd doubly never respond to the abortion. It wasted
> bandwidth on the captcha AND I CANNOT READ THE CAPTCHA IN PLAIN TEXT.
>
> I use plain text for security reasons.
What, are you worried about Langford basilisks?
More significant is the disability problem, and the problem that
spammers have long since defeated captcha anyway (what you do is, you
put up the captcha images on a nasty porn site run by your affiliate and
the drooling masses fill them in for you).
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Dave Pooser" <da...@pooserville.com>
>>> That sounds like a very badly designed system. While I do not like C/R
>>> systems so would never implement one, surely it is only common sense to
>>> expect responses to emails which are sent out and therefore to accept
>>> such responses without issuing a challenge.
>>
>> I agree. But the proposed design didn't mention whitelisting the
>> recipients of your own outbound traffic. And there are C/R systems that
>> are deficient in this area.
>
> Let me be more clear: I'm not proposing this system, merely describing one
> I
> encountered. My presumption is that the system whitelisted recipients of
> outbound traffic and only applied this fakereject to messages that hit
> some
> sort of spam threshold, but I don't know for sure. (And I REALLY wish I
> remembered where I encountered this system!)
>
>> If you return a 5xx error, what is to prevent the spammer from clicking
>> to release? CAPTCHA?
>
> Yes, it used a CAPTCHA. And if we can design a system where sending spam
> requires more effort from the spammer (reading the error message, browsing
> to the site, reading the CAPTCHA, typing it in, and then clicking
> "Release"
> for each message) than clicking "delete" requires from the recipient, we
> just won the spam war anyway.
Um, captcha? Then I'd doubly never respond to the abortion. It wasted
bandwidth on the captcha AND I CANNOT READ THE CAPTCHA IN PLAIN TEXT.
I use plain text for security reasons. If somebody is arrogant enough to
feed me a captcha I have to fill in before I can email with him he never
speaks to me. That is a triple massive insult, waste bandwidth, waste
my time, and force me to change to HTML mode before I can reply.
fsck'em.
{^_^}
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "John Rudd" <jr...@ucsc.edu>
> David B Funk wrote:
>> On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
>>
>>> Jonas Eckerman wrote:
>>>
>>>> What do they think will happen when someone who doesn't know english
>>>> tries to send to a user of such a system that outputs english error
>>>> mesages that directs the sender to web pages with english instructions?
>>> One possibility is, it could just spit out a url, with no other text,
>>> and assume that the sender will understand that they're intended to view
>>> the URL to find out why the message was rejected.
>>
>> Umm, if -you- got a message that you didn't expect written in a language
>> that you couldn't read which contained a link, would you click on it?
>
> That's not what will happen here.
>
> What will happen here is that the sender's own system will generate the
> error report, so it will be in that user's own system's language. If they
> can't read the language used by their own mailadmin/ISP/etc., then there's
> a larger issue here, and again an issue that is not specific to this
> technology.
>
> Within that message that we can safely assume is readable by the sender,
> because it came from their own mail system, will be the one line SMTP
> return code, which only has "5xx 5.y.y some://url". They will know that
> this is the error returned by their intended recipient exactly because
> that's what the rest of the message told them (in the languages their ISP
> supports, because the message came from their ISP, and presumably they
> understand their own ISP, or, again, we're back to a problem that is not
> specifically the fault of this technology).
>
> So, the real question here is not the one you asked. The real question
> is:
> would you follow a url that is unknown to you, but clearly presented and
> explained to you by your own ISP?"
>
> And, if I had a reasonable browser (to protect me against anything
> nefarious that might be in various web pages), and a reasonable mail
> provider (which I do, since I run my own mail server at home, as well as
> being the postmaster at work), then the answer is "if I knew it wasn't
> spoofed, yes".
>
> If you don't have a reasonable browser, then you shouldn't be clicking on
> _ANY_ urls other than ones that go to web pages you wrote.
>
> If you don't have a reasonable mail provider ... well, then, it doesn't
> matter if you can read the message or not, does it?
>
>
>
>> It's hard enough trying to teach safe internet usage to our Lusers, now
>> I have to go and tell them "in this -one- particular case just do it"?
>
> What you should be teaching them is to understand and analyze what's in
> front of them. Encouraging them to _never_ pay attention to the messages
> is just encouraging them to be lazy ignorant sheep instead of energetic
> ignorant sheep. It's certainly easier to corral lazy ignorant sheep than
> energetic ones, but the problem is still the "ignorant sheep" part.
>
> The willingly ignorant and lazy are hopeless. Just be sure you've lots of
> firewalls up between you and them, because you can't really predict what
> they're going to do no matter what inputs you give them.
>
>
>>> If the site which rejected the message is multi-lingual, then they can
>>> have the resulting webpage offer multiple translations.
>>>
>>> If they're not multi-lingual, and only speak english, then there wasn't
>>> any point in the non-english speaker trying to contact them, was there?
>>> :-)
>>
>> OK, and the IT staff a some-big-name university speaks all the languages
>> that their constituents/visitors speak? I would be surprised if you
>> didn't have some people on your campus who couldn't speak English.
>
> It doesn't matter. If they're contacting me, and I only speak english,
> and they don't speak english, then there's no point in them directly
> contacting me. It doesn't matter if they're on my campus or on Mars. They
> will need to contact an intermediary.
>
> And, as I pointed out, this isn't an issue that is specific to the
> technology being discussed.
>
>
>>> Though, I would also point out that it seems most such error messages
>>> are in english anyway. But there's no necessity, in what's been
>>> described so far, that the web page the URL leads to would be english
>>> only.
>>
>> Do you mean to tell me that you've never gotten any "mailer-daemon"
>> messages from China, Russia, etc that you couldn't read?
>
> From China or Russia? No.
>
> I have received a VANISHINGLY SMALL number from spanish and german
> speaking countries, however. Certainly not enough to threaten the claim
> that "most such error messages are in english".
>
> And, again, because it happens in the SMTP session between the sender's
> ISP and the C/R using ISP, the error is most likely to come from the
> sender's own ISP. Hopefully the sender is already able to communicate
> with their own ISP in the ISP's supported languages.
John, I don't care HOW a challenge is worded, documented, presented I
cannot understand the language in which it is written. I don't speak "Duh",
the language of simpletons - the language of email challenges regardless of
what language they SEEM to be written in. Feed it to me with a $20 pay pal
deposit and I might be willing to spend the time to find a translator so I
can read it and deal with it. But presuming *MY* time is less important
than *YOUR* (generic) time is "foolish", particularly for mailing list
messages, which is where most of the challenges I see come from.
{^_^}
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Skip Brott" <sb...@dmp.com>
>I have found this whole line of debate somewhat interesting, but it has
> clearly strayed from the real core question:
>
> Who is responsible?
>
> Is it the responsibility of the sender to verify that they indeed intended
> to send the email?
> Or is it the responsibility of the recipient to verify senders?
>
> My personal opinion is that it is the latter. If I send an email to a
> valid
> address, I find it a bit offensive that they send a challenge back. Why
> is
> it my responsibility as the sender to teach another system to accept mail
> from me?
>
> Would it not seem a lot more appropriate for the recipient to be the one
> to
> manage this? The premise is the same, but it places the burden on the
> recipient to make the determination - which, imho, is where the ultimate
> responsibility lies.
>
> I don't utilize blacklists on our system based on the same rationale. I
> don't want something completely outside of my control (i.e. spamhaus,
> spamcop, etc) determining whether or not my email server should accept
> email
> from a particular host. While this adds some additional load to our
> system,
> I would much rather allow the filtering rules to make the determination
> based on content not strictly on a host address.
Using block lists without scoring is utterly stupid. Using block lists
without secondary criteria is utterly stupid. As part of SpamAssassin
block lists work remarkably well, especially if you select the block
lists carefully, as is the default SA configuration.
Of course, if you use blocklists, or for that matter rules, it is very
wise to use sa-stats.pl to monitor the SpamAssassin performance to find
which rules are particularly effective and which rules have decayed into
being useless. I've removed rules and block lists on that basis before.
(And no amount of mass checking can adequately tune rules for use with
block lists simply because masses that are checked against are not as
"fresh" as the mail coming through your site. They can approximate. But
over time you can get a sense that there are tuning errors that need to
be tweaked.)
(Of course, if you have customers and you become "too good" they will in
time demand you maintain that level of "too good" even when the spammers
adopt clever new techniques - one such I may have just defeated here with
some meta-rules.)
{^_^}
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Robot Terror wrote:
> On 7/20/07 12:55 PM, "Skip Brott" <sb...@dmp.com> ostensibly wrote:
>
>> If I send an email to a valid
>> address, I find it a bit offensive that they send a challenge back. Why is
>> it my responsibility as the sender to teach another system to accept mail
>> from me?
>
> Why is it my responsibility as a holder of a valid email address to accept
> mail from anyone who wants to send me the mail? As the owner of the email
> address or, as the admin of the domain's mail server, I have no obligation
> to accept your mail at all.
>
> Obligations should be on the sender.
>
Nor am I obligated to accept and read messages from you. Including your
C/R challenges.
You're also not obligated to be a good "net citizen", but if you're not,
then you can and should expect to have your mail server black listed by
people who consider that to be important. After all, just as you are
not required to accept and read someone's email, the internet at large
is also not required to accept and read yours. And things like C/R and
SAV are both good criteria of "not being a good net citizen".
Re: not everyone is happy with SA
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 23 Jul 2007, jdow wrote:
> With snail mail it is nigh on to impossible to interrupt the
> reception process and reject a piece of mail. I simply place it
> into the trash on my way into the house. (Some things, like
> unwanted subscription offers or credit card offers, I tear in
> half. One half goes out this week in recylecables and the other
> goes out next week in the cat poop.)
You feed credit card solicitations to your cats? How cruel! How much
penance must they do for peeing on the couch? :)
> I've been tempted more than once to respond to somebody's
> challenge and then forward a week's worth of spam to them as
> punishment. That's also too much work.
That's what scripting languages were invented for.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
adware architecture incorporating spyware, profiling, competitor
suppression and delivery confirmation (U.S. Patent #20070157227)
-----------------------------------------------------------------------
11 days until The 272nd anniversary of John Peter Zenger's acquittal
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "John D. Hardin" <jh...@impsec.org>
> On Fri, 20 Jul 2007, Robot Terror wrote:
>
>> Why is it my responsibility as a holder of a valid email address
>> to accept mail from anyone who wants to send me the mail?
>
> Who ever said *that*?
Anyone who holds to the snail mail analogy certainly would.
At the very least any email recipient has the responsibility to
handle incoming messages as they see fit WITHOUT bothering other
people with their decisions.
If you decide my address is not good and elect to simply drop emails
from me on the floor or issue a permanent error as the initial mail
exchange takes place, that's fine. But if you challenge me, that
violates the "without bothering other people with their decisions."
With snail mail it is nigh on to impossible to interrupt the reception
process and reject a piece of mail. I simply place it into the trash
on my way into the house. (Some things, like unwanted subscription
offers or credit card offers, I tear in half. One half goes out this
week in recylecables and the other goes out next week in the cat poop.)
That is to say I make the decision myself as a multitasking project as
I walk the 250' from the mailbox to the house. No particular loss to
me there. If I wanted to perform a snail mail challenge/response it
would cost me time, money (bandwidth waste on the Internet), and bother
the sender. To do it right I'd have to waste the same time it'd take
to figure out it is junk as to figure out I need to challenge. So I do
not bother. And if the mail has a forged return address I'd bother
somebody innocent if I sent a cat poop to the return address.
I treat email the same way. *I* decide what I want to see. I do not
delegate this to some third party, even the purported sender. For
snail mail my brain is performing the SpamAssassin duties reasonably
quickly. The volume of spam snail mail is light; and, it is usually
VERY easy to distinguish. (If it isn't in an envelope or have postage
on it the destination is the trashbin. That covers the loose collections
of trash with separate address cards, for example. And I do keep musing
about sending it all back to PennySaver with an enclosed cat poop, too.
But it's less work to simply drop it in the trash on the way in the
door.)
I've been tempted more than once to respond to somebody's challenge
and then forward a week's worth of spam to them as punishment. That's
also too much work.
{^_^}
RE: not everyone is happy with SA
Posted by Robert Taylor <ro...@rackspace.com>.
So incredibly funny to have Stub Email referenced in an email to me.
I was in on the original specification (by Nathan Cheng to CircleID)
regarding this idea.
I wish that it would be quickly adopted!
Robot Terror
(IRL: Robert Taylor)
-----Original Message-----
From: Robot Terror [mailto:tinman@robotterror.com]
Sent: Monday, July 23, 2007 5:26 PM
To: John D. Hardin
Cc: Skip Brott; spamd
Subject: Re: not everyone is happy with SA
The ridiculousness of that sentiment that prompted my first post to this
list came from the following comments:
I have found this whole line of debate somewhat interesting, but
it has
clearly strayed from the real core question:
Who is responsible?
Is it the responsibility of the sender to verify that they
indeed intended
to send the email?
Or is it the responsibility of the recipient to verify senders?
My personal opinion is that it is the latter. If I send an
email to a valid
address, I find it a bit offensive that they send a challenge
back. Why is
it my responsibility as the sender to teach another system to
accept mail
from me?
I admit I don't know the full context of the comments, but based on the
preamble ("the real core question") these comments assert a stand-alone
absoluteness. It is to that "absolute standard" of recipient is
responsible to verify sender that I made my reply.
In fact, I am adamant that no sender should expect their message to be
delivered by another's service. The Post Office (in real world terms)
exists outside any recipient's ability to pay. In that world, the sender
pays so the PO services the sender. In electronic mail many parties
outside the sender PAY for the service. Therefore the PAYER has the
right to put up roadblocks to delivery as he/she sees fit. Let the
sender pay for my infrastructure costs and I'll gladly bear the
responsibility to auto-trash his messages to me.
Otherwise, get used to difficulty sending messages of any kind to
others. The world is turning on SMTP and people are realizing the most
common scenario is that a sender is illegitimately sending a message to
a recipient (that is, spam out numbers ham).
That the current system defaults in favor of carrying every message, no
matter how inane or large, through the entire infrastructure of the
Internet and then puts the onus on the client to "filter" the message is
stupid. Instead of such a sender-preferential system, a recipient-biased
system would result in lower bandwidth utilization and reduced
processing needs (therefore exposing that, perhaps, spam benefits the
bandwidth sellers, processor sellers, and storage sellers ultimately!).
As an aside, such a proposal to put the responsibility for
bandwidth/processing use on the sender is on the table and is called
"Stub Email" or "Hypertext Mail Transport Protocol":
http://www.circleid.com/posts/hypertext_mail_protocol_aka_stub_emaill/
http://techrepublic.com.com/5208-6230-0.html?forumID=9&threadID=194716&s
tart=0
http://icl.pku.edu.cn/bswen/_old_stuff/Email++/index.html
http://autodesk.blogs.com/between_the_lines/2006/10/misc_interestin.html
Of course, such a proposal will be ignored as the spammers have the
money to prop-up the status quo.
--
Robot Terror
"Always a treat, never a threat"
http://robotterror.com
tinman@robotterror.com
On 7/23/07 12:27 PM, "John D. Hardin" <jh...@impsec.org> ostensibly
wrote:
> On Fri, 20 Jul 2007, Robot Terror wrote:
>
>> Why is it my responsibility as a holder of a valid email address to
>> accept mail from anyone who wants to send me the mail?
>
> Who ever said *that*?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>
-----------------------------------------------------------------------
> Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
> adware architecture incorporating spyware, profiling, competitor
> suppression and delivery confirmation (U.S. Patent #20070157227)
> ----------------------------------------------------------------------
> -
> 12 days until The 272nd anniversary of John Peter Zenger's acquittal
>
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@rackspace.com, and delete the original message.
Your cooperation is appreciated.
Re: not everyone is happy with SA
Posted by "John D. Hardin" <jh...@impsec.org>.
On Mon, 23 Jul 2007, Robot Terror wrote:
> It is to that ³absolute standard² of recipient is responsible to
> verify sender that I made my reply.
Okay, but that is vastly different from:
> "[it is] my responsibility as a holder of a valid email address
> to accept mail from anyone who wants to send me the mail"
To me the latter says "you have to accept email whether you want to or
not!" which nobody here is proposing.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
adware architecture incorporating spyware, profiling, competitor
suppression and delivery confirmation (U.S. Patent #20070157227)
-----------------------------------------------------------------------
12 days until The 272nd anniversary of John Peter Zenger's acquittal
Re: not everyone is happy with SA
Posted by Robot Terror <ti...@robotterror.com>.
The ridiculousness of that sentiment that prompted my first post to this
list came from the following comments:
> I have found this whole line of debate somewhat interesting, but it has
> clearly strayed from the real core question:
>
> Who is responsible?
>
> Is it the responsibility of the sender to verify that they indeed intended
> to send the email?
> Or is it the responsibility of the recipient to verify senders?
>
> My personal opinion is that it is the latter. If I send an email to a valid
> address, I find it a bit offensive that they send a challenge back. Why is
> it my responsibility as the sender to teach another system to accept mail
> from me?
I admit I don¹t know the full context of the comments, but based on the
preamble (³the real core question²) these comments assert a stand-alone
absoluteness. It is to that ³absolute standard² of recipient is responsible
to verify sender that I made my reply.
In fact, I am adamant that no sender should expect their message to be
delivered by another¹s service. The Post Office (in real world terms) exists
outside any recipient¹s ability to pay. In that world, the sender pays so
the PO services the sender. In electronic mail many parties outside the
sender PAY for the service. Therefore the PAYER has the right to put up
roadblocks to delivery as he/she sees fit. Let the sender pay for my
infrastructure costs and I¹ll gladly bear the responsibility to auto-trash
his messages to me.
Otherwise, get used to difficulty sending messages of any kind to others.
The world is turning on SMTP and people are realizing the most common
scenario is that a sender is illegitimately sending a message to a recipient
(that is, spam out numbers ham).
That the current system defaults in favor of carrying every message, no
matter how inane or large, through the entire infrastructure of the Internet
and then puts the onus on the client to ³filter² the message is stupid.
Instead of such a sender-preferential system, a recipient-biased system
would result in lower bandwidth utilization and reduced processing needs
(therefore exposing that, perhaps, spam benefits the bandwidth sellers,
processor sellers, and storage sellers ultimately!).
As an aside, such a proposal to put the responsibility for
bandwidth/processing use on the sender is on the table and is called ³Stub
Email² or ³Hypertext Mail Transport Protocol²:
http://www.circleid.com/posts/hypertext_mail_protocol_aka_stub_emaill/
http://techrepublic.com.com/5208-6230-0.html?forumID=9&threadID=194716&start
=0
http://icl.pku.edu.cn/bswen/_old_stuff/Email++/index.html
http://autodesk.blogs.com/between_the_lines/2006/10/misc_interestin.html
Of course, such a proposal will be ignored as the spammers have the money to
prop-up the status quo.
--
Robot Terror
³Always a treat, never a threat²
http://robotterror.com
tinman@robotterror.com
On 7/23/07 12:27 PM, "John D. Hardin" <jh...@impsec.org> ostensibly wrote:
> On Fri, 20 Jul 2007, Robot Terror wrote:
>
>> Why is it my responsibility as a holder of a valid email address
>> to accept mail from anyone who wants to send me the mail?
>
> Who ever said *that*?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
> adware architecture incorporating spyware, profiling, competitor
> suppression and delivery confirmation (U.S. Patent #20070157227)
> -----------------------------------------------------------------------
> 12 days until The 272nd anniversary of John Peter Zenger's acquittal
>
Re: not everyone is happy with SA
Posted by "John D. Hardin" <jh...@impsec.org>.
On Fri, 20 Jul 2007, Robot Terror wrote:
> Why is it my responsibility as a holder of a valid email address
> to accept mail from anyone who wants to send me the mail?
Who ever said *that*?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Where We Want You To Go Today 07/05/07: Microsoft patents in-OS
adware architecture incorporating spyware, profiling, competitor
suppression and delivery confirmation (U.S. Patent #20070157227)
-----------------------------------------------------------------------
12 days until The 272nd anniversary of John Peter Zenger's acquittal
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Friday 20 July 2007, jdow wrote:
>From: "Steven Stern" <su...@sterndata.com>
>
>> John Rudd wrote:
>>> Further, I as the sender have no obligation to participate in your
>>> anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
>>> it, your CPU cycles are spent on it. I have no obligation to
>>> participate in the program you use for deciding "is this spam or not". I
>>> have no obligation to devote my time and my CPU cycles to your anti-spam
>>> program. It's rather rude for you to assume otherwise.
>>
>> My company's website has a "click here and we'll send you your password"
>> (or something similar). You'd be amazed how many calls we get claiming
>> it doesn't work. When I track through the logs, I find most come from
>> people with CR systems. You can't use a CR when you're talking to a
>> robot. These things make me sooooooo mad.
>
>I wonder how many "I can't get off this #)$(*#@% mailing list!" messages
>are due to a recently installed C/R system.
>
>C/R systems CAN be their own punishment.
>
>{^_-}
Not CAN my dear girl, ARE...
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Whistler's Law:
You never know who is right, but you always know who is in charge.
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Steven Stern" <su...@sterndata.com>
> John Rudd wrote:
>
>>
>> Further, I as the sender have no obligation to participate in your
>> anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
>> it, your CPU cycles are spent on it. I have no obligation to
>> participate in the program you use for deciding "is this spam or not". I
>> have no obligation to devote my time and my CPU cycles to your anti-spam
>> program. It's rather rude for you to assume otherwise.
>>
>
> My company's website has a "click here and we'll send you your password"
> (or something similar). You'd be amazed how many calls we get claiming
> it doesn't work. When I track through the logs, I find most come from
> people with CR systems. You can't use a CR when you're talking to a
> robot. These things make me sooooooo mad.
I wonder how many "I can't get off this #)$(*#@% mailing list!" messages
are due to a recently installed C/R system.
C/R systems CAN be their own punishment.
{^_-}
Re: not everyone is happy with SA
Posted by Steven Stern <su...@sterndata.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Rudd wrote:
>
> Further, I as the sender have no obligation to participate in your
> anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
> it, your CPU cycles are spent on it. I have no obligation to
> participate in the program you use for deciding "is this spam or not". I
> have no obligation to devote my time and my CPU cycles to your anti-spam
> program. It's rather rude for you to assume otherwise.
>
My company's website has a "click here and we'll send you your password"
(or something similar). You'd be amazed how many calls we get claiming
it doesn't work. When I track through the logs, I find most come from
people with CR systems. You can't use a CR when you're talking to a
robot. These things make me sooooooo mad.
- --
Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFGoURoeERILVgMyvARAgeSAJ9Cwu/vRWEgskKwXF5QAg4QbpDB+QCfRNU0
Ya/NuKWXYspVpCIzNvN8zxs=
=oLbD
-----END PGP SIGNATURE-----
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Gene Heskett wrote:
> On Friday 20 July 2007, John Rudd wrote:
> All very well stated. So if "you" send me a C/R, for any reason whatsoever,
> if it actually gets past SA, it either is fed back as spam to train my bayes
> or deleted and promptly forgotten about. But don't expect any of us to be
> happy when, after composing a 4 kilobyte response from scratch in response to
> your plea for help, something that took half an hour of my time typing with
> 72 year old fingers, and looking up the data so that my answer might be
> correct, only to be greeted 90 seconds later on my next mail suck, with a C/R
> from you. Then, because you're an ass, you didn't get the answers you asked
> for, so you keep on flooding the list with your question. At that point,
> I'll not reply again, but I will add your email address to my procmailrc file
> as one to be delivered to /dev/null.
>
> And you had better believe me when I say I am not the only one here who will
> do that, there are far more knowledgeable people here than I who will do
> that, maybe even quicker. And I do not make it a habit to expire those
> entries in my procmailrc. Once you are there, goodbye. And no one but you
> gave me reason to put you there.
>
> Oh, did I mention I don't like C/R systems? I don't...
>
uh... did you actually read my message? You're attacking me for being
anti-C/R, and then stating some of my exact same arguments against me?
Did you have a few too many beers while out on Friday night?
Re: not everyone is happy with SA
Posted by Gene Heskett <ge...@verizon.net>.
On Friday 20 July 2007, John Rudd wrote:
>someone that Skip Brott didn't attribute wrote:
>>> Why is it my responsibility as a holder of a valid email address to
>>> accept mail from anyone who wants to send me the mail? As the owner of
>>> the email address or, as the admin of the domain's mail server, I have no
>>> obligation
>>
>> to
>>
>>> accept your mail at all.
>>> Obligations should be on the sender.
>
>You are correct that you have no obligation to accept email from me (nor
>anyone else for that matter), the issue of "obligations upon the sender"
>depends on which obligations you're talking about, and which sender
>you're talking about.
>
>
>If I'm replying to a question you asked, then you are the _original_
>sender, and no, it is not my obligation to jump through your C/R hoops
>in order to get the answer to you. If you want the answer to your
>question, it's YOUR obligation to make sure you can receive my answer.
>
>
>If I didn't send the message at all, but this is backscatter, then it is
>your obligation to prevent backscatter to innocent bystanders. It's not
>my obligation to deal with your challenge messages, and it's entirely my
> digression as to whether or not I'm going to report you to a blacklist
>for producing backscatter. At that point, it becomes YOUR obligation to
>get yourself off of a blacklist.
>
>
>Further, I as the sender have no obligation to participate in your
>anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
>it, your CPU cycles are spent on it. I have no obligation to
>participate in the program you use for deciding "is this spam or not".
>I have no obligation to devote my time and my CPU cycles to your
>anti-spam program. It's rather rude for you to assume otherwise.
All very well stated. So if "you" send me a C/R, for any reason whatsoever,
if it actually gets past SA, it either is fed back as spam to train my bayes
or deleted and promptly forgotten about. But don't expect any of us to be
happy when, after composing a 4 kilobyte response from scratch in response to
your plea for help, something that took half an hour of my time typing with
72 year old fingers, and looking up the data so that my answer might be
correct, only to be greeted 90 seconds later on my next mail suck, with a C/R
from you. Then, because you're an ass, you didn't get the answers you asked
for, so you keep on flooding the list with your question. At that point,
I'll not reply again, but I will add your email address to my procmailrc file
as one to be delivered to /dev/null.
And you had better believe me when I say I am not the only one here who will
do that, there are far more knowledgeable people here than I who will do
that, maybe even quicker. And I do not make it a habit to expire those
entries in my procmailrc. Once you are there, goodbye. And no one but you
gave me reason to put you there.
Oh, did I mention I don't like C/R systems? I don't...
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Q: What do Winnie the Pooh and John the Baptist have in common?
A: The same middle name.
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "John Rudd" <jr...@ucsc.edu>
> someone that Skip Brott didn't attribute wrote:
>>> Why is it my responsibility as a holder of a valid email address to
>>> accept
>>> mail from anyone who wants to send me the mail? As the owner of the
>>> email
>>> address or, as the admin of the domain's mail server, I have no
>>> obligation
>> to
>>> accept your mail at all.
>>> Obligations should be on the sender.
>
> You are correct that you have no obligation to accept email from me (nor
> anyone else for that matter), the issue of "obligations upon the sender"
> depends on which obligations you're talking about, and which sender you're
> talking about.
>
>
> If I'm replying to a question you asked, then you are the _original_
> sender, and no, it is not my obligation to jump through your C/R hoops in
> order to get the answer to you. If you want the answer to your question,
> it's YOUR obligation to make sure you can receive my answer.
>
>
> If I didn't send the message at all, but this is backscatter, then it is
> your obligation to prevent backscatter to innocent bystanders. It's not
> my obligation to deal with your challenge messages, and it's entirely my
> digression as to whether or not I'm going to report you to a blacklist for
> producing backscatter. At that point, it becomes YOUR obligation to get
> yourself off of a blacklist.
>
>
> Further, I as the sender have no obligation to participate in your
> anti-spam mechanism. It's YOUR mechanism. You feed it, you configure it,
> your CPU cycles are spent on it. I have no obligation to participate in
> the program you use for deciding "is this spam or not". I have no
> obligation to devote my time and my CPU cycles to your anti-spam program.
> It's rather rude for you to assume otherwise.
John, let's go to the snail mail analogy for email. In the light of
snail mail it is your responsibility to make a determination to read
or not to read any given piece of mail. It is your responsibility to
create a filter in your mailbox that tosses snail mail spam into a
trashbucket mounted thoughtfully just beneath your filtering mail box.
It still gets delivered. You delete it. You filter, mark, and sort it.
Or you simply read it.
The analogy breaks down a little when you can filter mail in the process
of delivery as the postal person places the mail into your mailbox. You
can let some of them through and mash the others back into the postal
person's hand, as it were. In the real world "this ain't gonna happen"
for snail mail. It can happen for real mail. Temporarily rejecting mail
and sending a "who are you" message back just does not fly with the post
office, with any efficiency. (They'd welcome the wasted postage if you
want to do it - up to the point the challenges swamped them or the first
challenge loop happened.)
Any way you look at it challenge/response is just plain evil and insulting.
There is no conceivable help for it.
{^_^}
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
someone that Skip Brott didn't attribute wrote:
>> Why is it my responsibility as a holder of a valid email address to accept
>> mail from anyone who wants to send me the mail? As the owner of the email
>> address or, as the admin of the domain's mail server, I have no obligation
> to
>> accept your mail at all.
>> Obligations should be on the sender.
You are correct that you have no obligation to accept email from me (nor
anyone else for that matter), the issue of "obligations upon the sender"
depends on which obligations you're talking about, and which sender
you're talking about.
If I'm replying to a question you asked, then you are the _original_
sender, and no, it is not my obligation to jump through your C/R hoops
in order to get the answer to you. If you want the answer to your
question, it's YOUR obligation to make sure you can receive my answer.
If I didn't send the message at all, but this is backscatter, then it is
your obligation to prevent backscatter to innocent bystanders. It's not
my obligation to deal with your challenge messages, and it's entirely my
digression as to whether or not I'm going to report you to a blacklist
for producing backscatter. At that point, it becomes YOUR obligation to
get yourself off of a blacklist.
Further, I as the sender have no obligation to participate in your
anti-spam mechanism. It's YOUR mechanism. You feed it, you configure
it, your CPU cycles are spent on it. I have no obligation to
participate in the program you use for deciding "is this spam or not".
I have no obligation to devote my time and my CPU cycles to your
anti-spam program. It's rather rude for you to assume otherwise.
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Skip Brott" <sb...@dmp.com>
>> Why is it my responsibility as a holder of a valid email address to
>> accept
>> mail from anyone who wants to send me the mail? As the owner of the email
>> address or, as the admin of the domain's mail server, I have no
>> obligation
> to
>> accept your mail at all.
>> Obligations should be on the sender.
>
> I will respectfully disagree. I believe you are pushing the burden onto
> the
> sender rather than have your system accept the reponsibility of reviewing
> messages for you. The C/R basically works the same way except the
> challenge
> goes to the recipient. Just a different concept. Personally, I won't
> employ either one.
>
> And if the sender acknowledges the C/R, if the sender is not a "bot" but
> is
> still from a source you don't want sending you email - what control do you
> have over that?
The recipient does not have any responsibility to actually read any email
that comes in any more than the recipient of snail mail must read any
snail mail that comes in. (I trashcan lots of it without bothering to open
the envelopes if I recognize a sender who is annoying.)
In that light the recipient of either email or snail mail has the
responsibility of determining for themselves or delegating that
responsibility to another of THEIR choice and PAY for "spam filtering"
of snail mail or email.
Sending a challenge response snail mail becomes amusing as a concept.
The thought of doing so with email is equally absurd.
{^_^}
RE: not everyone is happy with SA
Posted by Skip Brott <sb...@dmp.com>.
> Why is it my responsibility as a holder of a valid email address to accept
> mail from anyone who wants to send me the mail? As the owner of the email
> address or, as the admin of the domain's mail server, I have no obligation
to
> accept your mail at all.
> Obligations should be on the sender.
I will respectfully disagree. I believe you are pushing the burden onto the
sender rather than have your system accept the reponsibility of reviewing
messages for you. The C/R basically works the same way except the challenge
goes to the recipient. Just a different concept. Personally, I won't
employ either one.
And if the sender acknowledges the C/R, if the sender is not a "bot" but is
still from a source you don't want sending you email - what control do you
have over that?
Re: not everyone is happy with SA
Posted by Robot Terror <ti...@robotterror.com>.
On 7/20/07 12:55 PM, "Skip Brott" <sb...@dmp.com> ostensibly wrote:
> If I send an email to a valid
> address, I find it a bit offensive that they send a challenge back. Why is
> it my responsibility as the sender to teach another system to accept mail
> from me?
Why is it my responsibility as a holder of a valid email address to accept
mail from anyone who wants to send me the mail? As the owner of the email
address or, as the admin of the domain's mail server, I have no obligation
to accept your mail at all.
Obligations should be on the sender.
--
Robot Terror
³Always a treat, never a threat²
http://robotterror.com
tinman@robotterror.com
RE: not everyone is happy with SA
Posted by Skip Brott <sb...@dmp.com>.
I have found this whole line of debate somewhat interesting, but it has
clearly strayed from the real core question:
Who is responsible?
Is it the responsibility of the sender to verify that they indeed intended
to send the email?
Or is it the responsibility of the recipient to verify senders?
My personal opinion is that it is the latter. If I send an email to a valid
address, I find it a bit offensive that they send a challenge back. Why is
it my responsibility as the sender to teach another system to accept mail
from me?
Would it not seem a lot more appropriate for the recipient to be the one to
manage this? The premise is the same, but it places the burden on the
recipient to make the determination - which, imho, is where the ultimate
responsibility lies.
I don't utilize blacklists on our system based on the same rationale. I
don't want something completely outside of my control (i.e. spamhaus,
spamcop, etc) determining whether or not my email server should accept email
from a particular host. While this adds some additional load to our system,
I would much rather allow the filtering rules to make the determination
based on content not strictly on a host address.
- Skip
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
David B Funk wrote:
> On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
>
>> Jonas Eckerman wrote:
>>
>>> What do they think will happen when someone who doesn't know english
>>> tries to send to a user of such a system that outputs english error
>>> mesages that directs the sender to web pages with english instructions?
>> One possibility is, it could just spit out a url, with no other text,
>> and assume that the sender will understand that they're intended to view
>> the URL to find out why the message was rejected.
>
> Umm, if -you- got a message that you didn't expect written in a language
> that you couldn't read which contained a link, would you click on it?
That's not what will happen here.
What will happen here is that the sender's own system will generate the
error report, so it will be in that user's own system's language. If
they can't read the language used by their own mailadmin/ISP/etc., then
there's a larger issue here, and again an issue that is not specific to
this technology.
Within that message that we can safely assume is readable by the sender,
because it came from their own mail system, will be the one line SMTP
return code, which only has "5xx 5.y.y some://url". They will know that
this is the error returned by their intended recipient exactly because
that's what the rest of the message told them (in the languages their
ISP supports, because the message came from their ISP, and presumably
they understand their own ISP, or, again, we're back to a problem that
is not specifically the fault of this technology).
So, the real question here is not the one you asked. The real question is:
would you follow a url that is unknown to you, but clearly presented and
explained to you by your own ISP?"
And, if I had a reasonable browser (to protect me against anything
nefarious that might be in various web pages), and a reasonable mail
provider (which I do, since I run my own mail server at home, as well as
being the postmaster at work), then the answer is "if I knew it wasn't
spoofed, yes".
If you don't have a reasonable browser, then you shouldn't be clicking
on _ANY_ urls other than ones that go to web pages you wrote.
If you don't have a reasonable mail provider ... well, then, it doesn't
matter if you can read the message or not, does it?
> It's hard enough trying to teach safe internet usage to our Lusers, now
> I have to go and tell them "in this -one- particular case just do it"?
What you should be teaching them is to understand and analyze what's in
front of them. Encouraging them to _never_ pay attention to the
messages is just encouraging them to be lazy ignorant sheep instead of
energetic ignorant sheep. It's certainly easier to corral lazy ignorant
sheep than energetic ones, but the problem is still the "ignorant sheep"
part.
The willingly ignorant and lazy are hopeless. Just be sure you've lots
of firewalls up between you and them, because you can't really predict
what they're going to do no matter what inputs you give them.
>> If the site which rejected the message is multi-lingual, then they can
>> have the resulting webpage offer multiple translations.
>>
>> If they're not multi-lingual, and only speak english, then there wasn't
>> any point in the non-english speaker trying to contact them, was there? :-)
>
> OK, and the IT staff a some-big-name university speaks all the languages
> that their constituents/visitors speak? I would be surprised if you
> didn't have some people on your campus who couldn't speak English.
It doesn't matter. If they're contacting me, and I only speak english,
and they don't speak english, then there's no point in them directly
contacting me. It doesn't matter if they're on my campus or on Mars.
They will need to contact an intermediary.
And, as I pointed out, this isn't an issue that is specific to the
technology being discussed.
>> Though, I would also point out that it seems most such error messages
>> are in english anyway. But there's no necessity, in what's been
>> described so far, that the web page the URL leads to would be english only.
>
> Do you mean to tell me that you've never gotten any "mailer-daemon"
> messages from China, Russia, etc that you couldn't read?
From China or Russia? No.
I have received a VANISHINGLY SMALL number from spanish and german
speaking countries, however. Certainly not enough to threaten the claim
that "most such error messages are in english".
And, again, because it happens in the SMTP session between the sender's
ISP and the C/R using ISP, the error is most likely to come from the
sender's own ISP. Hopefully the sender is already able to communicate
with their own ISP in the ISP's supported languages.
Re: not everyone is happy with SA
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Fri, 20 Jul 2007, John Rudd "@ucsc.edu" wrote:
> Jonas Eckerman wrote:
>
> > What do they think will happen when someone who doesn't know english
> > tries to send to a user of such a system that outputs english error
> > mesages that directs the sender to web pages with english instructions?
>
> One possibility is, it could just spit out a url, with no other text,
> and assume that the sender will understand that they're intended to view
> the URL to find out why the message was rejected.
Umm, if -you- got a message that you didn't expect written in a language
that you couldn't read which contained a link, would you click on it?
It's hard enough trying to teach safe internet usage to our Lusers, now
I have to go and tell them "in this -one- particular case just do it"?
> If the site which rejected the message is multi-lingual, then they can
> have the resulting webpage offer multiple translations.
>
> If they're not multi-lingual, and only speak english, then there wasn't
> any point in the non-english speaker trying to contact them, was there? :-)
OK, and the IT staff a some-big-name university speaks all the languages
that their constituents/visitors speak? I would be surprised if you
didn't have some people on your campus who couldn't speak English.
> Though, I would also point out that it seems most such error messages
> are in english anyway. But there's no necessity, in what's been
> described so far, that the web page the URL leads to would be english only.
Do you mean to tell me that you've never gotten any "mailer-daemon"
messages from China, Russia, etc that you couldn't read?
I've seen cases where even the SMTP conversation was in encoded
Chinese. Asian countries are fast becoming the largest community on
the net.
This is not meant as a criticism, just to point out that simplistic
'solutions' often run into the reality buzz-saw.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Jonas Eckerman wrote:
> John Rudd wrote:
>
>> If they're not multi-lingual, and only speak english, then there
>> wasn't any point in the non-english speaker trying to contact them,
>> was there? :-)
>
> The fact that the mail system and it's supporting sites aren't
> multilingual does not mean that the mail users aren't. A typical
> national ISP for example might well have many users that are fluent in a
> number of languages that the ISP's pages are not available in.
My use of "they" was more inclusive than you're reading. I wasn't
referring to just the ISP/mailadmin. I was also referring to the
original recipient.
>> But there's no necessity, in what's been described so far, that the
>> web page the URL leads to would be english only.
>
> Of course there isn't. There is a very real possibility though.
>
> For a mail service provider it could mean quite a lot of work to first
> find out what languages all of their users might receive (and be able to
> understand) mail in, and then to make sure that they instructions
> available in all those languages.
They already have to bear that burden in providing documentation, don't
they? They either pick a one or a few standard languages to support, or
they try to come up with a huge base of documentation in every language
they can conceive. If they choose the former, then some percentage of
users (their own, and remote people trying to figure out things) will be
out in the cold if they don't speak one of the supported languages.
This isn't a problem specific to the technology being discussed.
Re: not everyone is happy with SA
Posted by Jonas Eckerman <jo...@frukt.org>.
John Rudd wrote:
>> What do they think will happen when someone who doesn't know english
>> tries to send to a user of such a system that outputs english error
> One possibility is, it could just spit out a url, with no other text,
> and assume that the sender will understand
They can, but my *guess* is that lots of senders won't.
> If they're not multi-lingual, and only speak english, then there wasn't
> any point in the non-english speaker trying to contact them, was there? :-)
The fact that the mail system and it's supporting sites aren't
multilingual does not mean that the mail users aren't. A typical
national ISP for example might well have many users that are
fluent in a number of languages that the ISP's pages are not
available in.
> But there's no necessity, in what's been
> described so far, that the web page the URL leads to would be english only.
Of course there isn't. There is a very real possibility though.
For a mail service provider it could mean quite a lot of work to
first find out what languages all of their users might receive
(and be able to understand) mail in, and then to make sure that
they instructions available in all those languages.
Of course, a company could provide a system that is allready
translated to a huge number of languages, but then the price
would probably reflect that.
IAC, it is one of the problems one should be aware of when one
thinks about this kind of system.
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
Re: not everyone is happy with SA
Posted by Ken A <ka...@pacific.net>.
Leonardo Rodrigues Magalhães wrote:
>
>
> John Rudd escreveu:
>>
>> If they're not multi-lingual, and only speak english, then there
>> wasn't any point in the non-english speaker trying to contact them,
>> was there? :-)
>>
>
> And what about non-english companies that host their domains
> worldwide, sometimes in USA servers or even in other countries ....
>
Well, you could put the language based on the email's character set into
the url as a query string.
But, it's still a very unfriendly practice. Email is email, and should
not require a browser of any kind. So, you are back to sending a
challenge email, which is broken for all the other reasons already
stated by many here. Stick a fork in it, it's done.
Ken
--
Ken Anderson
Pacific.Net
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Leonardo Rodrigues Magalhães wrote:
>
>
> John Rudd escreveu:
>>
>> If they're not multi-lingual, and only speak english, then there
>> wasn't any point in the non-english speaker trying to contact them,
>> was there? :-)
>>
>
> And what about non-english companies that host their domains
> worldwide, sometimes in USA servers or even in other countries ....
>
I think if you re-read what I said, you'll see that it addresses your
question completely.
What you quoted specifically says "if they're not multi-linguagel, and
only speak english". If they're a non-english company, no matter
whether they're worldwide or not, and no matter where they're hosted,
then the fact that they are non-english alone clearly says they don't
conform to the condition I set, right?
Re: not everyone is happy with SA
Posted by Leonardo Rodrigues Magalhães <le...@solutti.com.br>.
John Rudd escreveu:
>
> If they're not multi-lingual, and only speak english, then there
> wasn't any point in the non-english speaker trying to contact them,
> was there? :-)
>
And what about non-english companies that host their domains
worldwide, sometimes in USA servers or even in other countries ....
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Jonas Eckerman wrote:
> What do they think will happen when someone who doesn't know english
> tries to send to a user of such a system that outputs english error
> mesages that directs the sender to web pages with english instructions?
One possibility is, it could just spit out a url, with no other text,
and assume that the sender will understand that they're intended to view
the URL to find out why the message was rejected.
If the site which rejected the message is multi-lingual, then they can
have the resulting webpage offer multiple translations.
If they're not multi-lingual, and only speak english, then there wasn't
any point in the non-english speaker trying to contact them, was there? :-)
Though, I would also point out that it seems most such error messages
are in english anyway. But there's no necessity, in what's been
described so far, that the web page the URL leads to would be english only.
Re: not everyone is happy with SA
Posted by Jonas Eckerman <jo...@frukt.org>.
Dave Pooser wrote:
> Yes, it used a CAPTCHA. And if we can design a system where sending spam
> requires more effort from the spammer (reading the error message, browsing
> to the site, reading the CAPTCHA, typing it in, and then clicking "Release"
Ah. Of course. A system that prevents all blind users from
sending mail.
(And before someone mentions CAPTCHAs with audio, I'll mention
that deafblind people can't hear the audio...)
What do they think will happen when someone who doesn't know
english tries to send to a user of such a system that outputs
english error mesages that directs the sender to web pages with
english instructions?
Regards
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/
Re: not everyone is happy with SA
Posted by Dave Pooser <da...@pooserville.com>.
>> That sounds like a very badly designed system. While I do not like C/R
>> systems so would never implement one, surely it is only common sense to
>> expect responses to emails which are sent out and therefore to accept
>> such responses without issuing a challenge.
>
> I agree. But the proposed design didn't mention whitelisting the
> recipients of your own outbound traffic. And there are C/R systems that
> are deficient in this area.
Let me be more clear: I'm not proposing this system, merely describing one I
encountered. My presumption is that the system whitelisted recipients of
outbound traffic and only applied this fakereject to messages that hit some
sort of spam threshold, but I don't know for sure. (And I REALLY wish I
remembered where I encountered this system!)
> If you return a 5xx error, what is to prevent the spammer from clicking
> to release? CAPTCHA?
Yes, it used a CAPTCHA. And if we can design a system where sending spam
requires more effort from the spammer (reading the error message, browsing
to the site, reading the CAPTCHA, typing it in, and then clicking "Release"
for each message) than clicking "delete" requires from the recipient, we
just won the spam war anyway.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting GERONIMO!!!" -- Bill McKenna
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Graham Murray wrote:
> John Rudd <jr...@ucsc.edu> writes:
>
>> However, it still leaves the problems of:
>>
>> 1) A user sends me a technical question. I answer, and get back a
>> Challenge, forcing me to jump through hoops to get their answer to
>> them.
>
> That sounds like a very badly designed system. While I do not like C/R
> systems so would never implement one, surely it is only common sense to
> expect responses to emails which are sent out and therefore to accept
> such responses without issuing a challenge.
I agree. But the proposed design didn't mention whitelisting the
recipients of your own outbound traffic. And there are C/R systems that
are deficient in this area.
But, there's also the simple case that the recipient of the message
might not be the person who replies to it. You might send a message to
it.help@example.com, which is a mailing list or multi-delivery alias,
and get an answer back from joe.smith.in.support@example.com ... same
problem, but not easily whitelisted.
Re: not everyone is happy with SA
Posted by Graham Murray <gr...@gmurray.org.uk>.
John Rudd <jr...@ucsc.edu> writes:
> However, it still leaves the problems of:
>
> 1) A user sends me a technical question. I answer, and get back a
> Challenge, forcing me to jump through hoops to get their answer to
> them.
That sounds like a very badly designed system. While I do not like C/R
systems so would never implement one, surely it is only common sense to
expect responses to emails which are sent out and therefore to accept
such responses without issuing a challenge.
Re: not everyone is happy with SA
Posted by John Rudd <jr...@ucsc.edu>.
Ken A wrote:
> Dave Pooser wrote:
>>>> I think CR can perhaps work quite well for an individual user with the
>>>> technical insight & time to spare, but such individual users are only
>>>> an small part of the picture.
>>> No it doesn't. It foists the recipients burden on others, usually due
>>> to the *lack* of technical insight. Otherwise they'd realize they are
>>> only making the problem worse.
>>
>> Actually I've seen one C/R variant that addresses the backscatter C/R
>> issue
>> quite nicely; it dropped the suspected spam in a quarantine folder and
>> issued an SMTP fakereject after DATA that included a link to a website
>> where
>> the sender could release the spam from quarantine. So no backscatter
>> spamming innocent third parties, but you still get a chance for the
>> sender
>> to verify sending a message. The backend might be a little involved to
>> set
>> up, but the final system looked secure and easy to use.
I think that's the first non-backscatter form of C/R I've seen.
However, it still leaves the problems of:
1) A user sends me a technical question. I answer, and get back a
Challenge, forcing me to jump through hoops to get their answer to them.
2) I send email inquiry to a business. They send me a Challenge, making
me jump through hoops in order to give them money.
3) You're still forcing a legitimate sender to do your anti-spam
decision making for you.
All of those are still, IMO, unacceptably rude.
> If you return a 5xx error, what is to prevent the spammer from clicking
> to release? CAPTCHA?
I'm actually not concerned about that. While that is a quality issue
for the user of the C/R system, it isn't something that pollutes the net.
> What if this system was in widespread use? It could
> be a serious single point of failure.
Again, that's a quality issue for the user of the C/R system, not for
the rest of us. And, it's an implementation detail that might be
solvable with clustered web servers and databases, so a large scale
implementation might not have a single point of failure.
Re: not everyone is happy with SA
Posted by Ken A <ka...@pacific.net>.
Dave Pooser wrote:
>>> I think CR can perhaps work quite well for an individual user with the
>>> technical insight & time to spare, but such individual users are only
>>> an small part of the picture.
>> No it doesn't. It foists the recipients burden on others, usually due
>> to the *lack* of technical insight. Otherwise they'd realize they are
>> only making the problem worse.
>
> Actually I've seen one C/R variant that addresses the backscatter C/R issue
> quite nicely; it dropped the suspected spam in a quarantine folder and
> issued an SMTP fakereject after DATA that included a link to a website where
> the sender could release the spam from quarantine. So no backscatter
> spamming innocent third parties, but you still get a chance for the sender
> to verify sending a message. The backend might be a little involved to set
> up, but the final system looked secure and easy to use.
If you return a 5xx error, what is to prevent the spammer from clicking
to release? CAPTCHA? What if this system was in widespread use? It could
be a serious single point of failure.
--
Ken Anderson
Pacific.Net
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
From: "Dave Pooser" <da...@pooserville.com>
>>> I think CR can perhaps work quite well for an individual user with the
>>> technical insight & time to spare, but such individual users are only
>>> an small part of the picture.
>>
>> No it doesn't. It foists the recipients burden on others, usually due
>> to the *lack* of technical insight. Otherwise they'd realize they are
>> only making the problem worse.
>
> Actually I've seen one C/R variant that addresses the backscatter C/R
> issue
> quite nicely; it dropped the suspected spam in a quarantine folder and
> issued an SMTP fakereject after DATA that included a link to a website
> where
> the sender could release the spam from quarantine. So no backscatter
> spamming innocent third parties, but you still get a chance for the sender
> to verify sending a message. The backend might be a little involved to set
> up, but the final system looked secure and easy to use.
STILL not going to get "responsed" from here no how no way. AND I will
mark the site as a spammer.
{^_^}
Re: not everyone is happy with SA
Posted by Dave Pooser <da...@pooserville.com>.
>> I think CR can perhaps work quite well for an individual user with the
>> technical insight & time to spare, but such individual users are only
>> an small part of the picture.
>
> No it doesn't. It foists the recipients burden on others, usually due
> to the *lack* of technical insight. Otherwise they'd realize they are
> only making the problem worse.
Actually I've seen one C/R variant that addresses the backscatter C/R issue
quite nicely; it dropped the suspected spam in a quarantine folder and
issued an SMTP fakereject after DATA that included a link to a website where
the sender could release the spam from quarantine. So no backscatter
spamming innocent third parties, but you still get a chance for the sender
to verify sending a message. The backend might be a little involved to set
up, but the final system looked secure and easy to use.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting GERONIMO!!!" -- Bill McKenna
Re: not everyone is happy with SA
Posted by Andy Sutton <ne...@pessimists.net>.
On Thu, 2007-07-19 at 19:37 +0200, Per Jessen wrote:
> I think CR can perhaps work quite well for an individual user with the
> technical insight & time to spare, but such individual users are only
> an small part of the picture.
No it doesn't. It foists the recipients burden on others, usually due
to the *lack* of technical insight. Otherwise they'd realize they are
only making the problem worse.
If someone poops in my swimming pool, I don't find it an acceptable
solution to chuck it over the fence into my neighbors yard. Why do you?
--
- Andy
This is not the place to ask for a scooby snack or hand holding
without getting attacked with a flamethrower.
- Stack Smasher, Full-disclosure email list
Re: not everyone is happy with SA
Posted by Per Jessen <pe...@computer.org>.
John Thompson wrote:
> Perhaps C-R users are so satisfied because they seldom have to deal
> with the backscatter their "solution" causes?
I think CR can perhaps work quite well for an individual user with the
technical insight & time to spare, but such individual users are only a
small part of the picture.
/Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by John Thompson <jo...@vector.os2.dhs.org>.
On 2007-07-19, Per Jessen <pe...@computer.org> wrote:
> Jim Maul wrote:
>
>> Thats retarded. Might as well say, "Uplugging my mail server from
>> the internet is the best method because I received 0 spam since I did
>> it!"
>>
>> Challenge response is fundamentally broken. It can not and should not
>> be considered an anti-spam solution.
> Completely agree.
Perhaps C-R users are so satisfied because they seldom have to deal with
the backscatter their "solution" causes?
--
John (john@os2.dhs.org)
Re: not everyone is happy with SA
Posted by Per Jessen <pe...@computer.org>.
Jim Maul wrote:
> Thats retarded. Might as well say, "Uplugging my mail server from the
> internet is the best method because I received 0 spam since I did it!"
>
> Challenge response is fundamentally broken. It can not and should not
> be considered an anti-spam solution.
Completely agree.
/Per Jessen, Zürich
Re: not everyone is happy with SA
Posted by Jim Maul <jm...@elih.org>.
Per Jessen wrote:
> http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
>
>
>
> /Per Jessen, Zürich
>
>
>
Thats retarded. Might as well say, "Uplugging my mail server from the
internet is the best method because I received 0 spam since I did it!"
Challenge response is fundamentally broken. It can not and should not
be considered an anti-spam solution.
-Jim
Vbounce and Shortcircuit hitting read receipts ?
Posted by neil <ne...@supanet.net.uk>.
Hi;
Any one else seeing random FPs with VBounce rules and short circuit
as described here:
http://wiki.apache.org/spamassassin/ShortcircuitingRuleset
# bounce messages: always ignored if the vbounce plugin is active
priority ANY_BOUNCE_MESSAGE -700
shortcircuit ANY_BOUNCE_MESSAGE spam
score ANY_BOUNCE_MESSAGE 20
On another box without the short circuit rule, the message gets a low
score as would be expected.
I have whitelist_bounce_relays configured with my mail servers.
(I have replaced the sender and recipients names and email addresses and
removed a couple of others in the receipt list.)
spamassassin -D < /tmp/recipt.txt1
<snip>
[7710] dbg: shortcircuit: s/c spam due to ANY_BOUNCE_MESSAGE, using
score of 100
[7710] dbg: check: is spam? score=20.1 required=15
[7710] dbg: check: tests=ANY_BOUNCE_MESSAGE,BOUNCE_MESSAGE
[7710] dbg: check: subtests=__BOUNCE_CTYPE,__HAVE_BOUNCE_RELAYS
<snip>
from 20_vbounce.cf
body __HAVE_BOUNCE_RELAYS eval:have_any_bounce_relays()
tflags __HAVE_BOUNCE_RELAYS nice
header __BOUNCE_CTYPE Content-Type =~ /\bmultipart\/report\b/
Content analysis details: (20.1 points, 15.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 BOUNCE_MESSAGE MTA bounce message
20 ANY_BOUNCE_MESSAGE Message is some kind of bounce message
Received: from aamtaout01-winn.ispmail.ntl.com ([81.103.221.35])
by mtaout03-winn.ispmail.ntl.com with ESMTP
id
<20...@aamtaout01-winn.ispmail.ntl.com>
for <re...@example.com>; Fri, 20 Jul 2007 11:12:01 +0100
Received: from sendershome ([82.19.189.159])
by aamtaout01-winn.ispmail.ntl.com with SMTP
id
<20...@sendershome>
for <re...@example.com>; Fri, 20 Jul 2007 11:12:01 +0100
Message-ID: <00...@sendershome>
From: "Some Sender" <se...@senderdomain.example.com>
To: "Some Recipient" <re...@example.com>
References: <00...@user8b4965acfc>
Subject: Read: My e mail
Date: Fri, 20 Jul 2007 11:11:59 +0100
MIME-Version: 1.0
Content-Type: multipart/report;
boundary="----=_NextPart_000_003F_01C7CABE.CA6E6D20";
report-type=disposition-notification
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
This is a multi-part message in MIME format.
------=_NextPart_000_003F_01C7CABE.CA6E6D20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
This is a receipt for the mail you sent to
"Sender Sender" <se...@senderdomain.example.com> at 20/07/2007 10:55
This receipt verifies that the message has been displayed on the =
recipient's computer at 20/07/2007 11:11
------=_NextPart_000_003F_01C7CABE.CA6E6D20
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Final-Recipient: rfc822;recipient@example.com
Original-Message-ID: <00...@user8b4965acfc>
Disposition: manual-action/MDN-sent-manually; displayed
------=_NextPart_000_003F_01C7CABE.CA6E6D20--
------=_NextPart_000_00C9_01C7CAC7.493F3410--
Re: not everyone is happy with SA
Posted by Dave Pooser <da...@pooserville.com>.
> Any C/R I recieve automatically gets deleted.
Back when we were running a catchall account at $DAYJOB I used to confirm
every C/R message that hit the catchall. I figured if they wanted me to be
their unpaid filter-boy, I was going to give them exactly the service they
were paying me for.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"Every bad turn I've made, you've been at the helm, sowing
chaos and stupidity through the landscape of my days like
some sort of retarded Johnny Appleseed." -- Goats 8-31-2005
Re: not everyone is happy with SA
Posted by Duane Hill <d....@yournetplus.com>.
On Thu, 19 Jul 2007 at 15:35 +0200, per@computer.org confabulated:
>
> http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
>
Any C/R I recieve automatically gets deleted.
-------
_|_
(_| |
Re: not everyone is happy with SA
Posted by jdow <jd...@earthlink.net>.
So THIS Is where the idiot thread started.
Please don't troll with this crap.
{^_^}
----- Original Message -----
From: "Per Jessen" <pe...@computer.org>
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/07-17-2007/0004626829&EDATE=
/Per Jessen, Zürich