[Mailman-Developers] Interesting study -- spam on postedaddresses...

Jay R. Ashworth jra@baylink.com
Wed, 20 Feb 2002 20:36:52 -0500

On Wed, Feb 20, 2002 at 01:42:34PM -0800, Chuq Von Rospach wrote:
> On 2/20/02 1:18 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> >> And burglary is not caused by my owning nice things, either. It's caused by
> >> burglars. But that's no excuse to not put locks on the doors.
> > 
> > A mailing list -- a publically accessible mailing list -- isn't your
> > house.  It's the city library.  Those are typically not locked up as
> > tightly your house, during the day.
> You misread my analogy, or perhaps it's a philsophical disagreement. A

A touch of both, I think.

> library is not locked up as tightly as a house, but it also has a person in
> charge of watching the door to make sure stuff doesn't leave if it's not
> checked out, and most of them have door sensors now, too.


> And any decent library also has a rare books room, which IS tightly locked
> up. And while the content of a mail list qualifies as a public library to
> some degree, the subscriber addresses live in that rare book room.


> >> You're right, Jay, but does being right matter? Unless you know how to stop
> >> the spammers, it's a pyhrric victory -- because it does nothing to protect
> >> yourself from the spammers.
> > 
> > *I* protect *myself* from the spammers, actually, thank you very much.
> > 
> > Perhaps that sounds elitist.  So be it.
> So, you're saying because you protect yourself from the spammers, that
> EVERYONE should, too?

As a matter of fact, yes, I am saying that.  There are cost-free, not
especially difficult to set up, facilities for all environments that
will protect you from the major portion of incoming unsolicited
commercial email -- some ISP's run then for you, and are *trading* on
the fact.  So yes, if spam troubles people, they should indeed do
something about it.

That's *not* to say that I don't think something should -- and can --
be done at the source, they're two different topics.

> To move back to the burglary analogy, you've just told me that (a) if you do
> get burgled, you won't call the police, and (b), the police department
> should be shut down, because everyone should take care of themselves. Which,
> I guess, means if you get burgled, you'll pull out the gun, find the
> burglar, and shoot him yourself, right?

Actually, yes.  Gun control is being able to hit your target.  Anyone
foolish enough to burgle my house in the middle of the night is running
(hopefully knowingly) the risk of getting shot.

> Jay, do you see the chaos that causes? You define anarchy, which is, to a
> degree, what we have in email today, but you then go one step further, and
> claim that it should be anarchy. My argument is that central tools that CAN
> do things should do things, because they help a common good -- the
> difference between a trained police force and a hundred citizens with guns
> looking for burglars. You get economies of scale that individuals
> "protecting themselves" can't get, plus, of course, there's nothing keeping
> you from doing MORE. I just don't understand why you seem to be insisting
> that because YOU can do it, everyone has to and mailman shouldn't.

Because I've been around long enough -- not that you haven't certainly --
to see the value in the way things are if the tool does *not*
circumscribe useful things, and I do not see fit to let the Bad Guys
make that utility go away.  Aren't we having this argument with John
Ashcroft right now about US civil rights?

> Mailman's not written for you. It's written for many people with many needs,
> not all of them as competent in these areas as you. Why force them all to do
> it your way? 

Cause my way is right?  :-)

Certainly there are cost benefit analyses to be made here, with many
different constituencies' requirements to be considered.  And certainly,
also, some of these requirements collide head on.  That's not

The customary solution is provide {both,all the} options, and document
the costs and benefits, try to choose a sane default, and let the
operators decide.  I'm sure that is what will happen here, too. 

But I won't let that keep me from stumping for the approach I think is
best, by any means.  And if my approach seems impractical because of
"the way the world is", well, how do we think other changes to make the
world  better have come about..?

> > Well, again: would you deadbolt the public library?
> See above. You don't get the analogy right.

No, I merely don't value the email address's privacy as highly as you
do.  I get about 50 spam a day in 200 new messages including about 14
mailing lists -- I'm entitled to hold that opinion if I want.

You *can't* make addresses overly private; they cease to be usable.

At least, given the supporting tools and infrastructure we have today.

> > When I send a complaint to someone about something, *I want a
> > copy of that message in my outbox*. I *hate* mail forms. With an
> > unbridled, flaming passion. They usually don't spell check; they
> > don't get my sig file, etc, etc, ad nauseum.
> That's nice. But -- does that override the need to protect the admin
> from spammers? Again, do we only do things that you approve of, or for
> the common good, is this something where you compromise your position?

The admin works for me.  Not the other way around.

Apologies if you think that sounds snotty or self-important.  I expect
people who stick their head up outof the foxhole (or, indeed, travel in
questionable areas) to wear a helmet, yes.

> See, my problem here is that you seem to have defined "no good" as "I
> don't like it". Your view is one, but not the only one. And you don't
> seem to be looking at mailman as a global tool, but mailman as your
> tool.

I'm sorry you think that way about what I'm saying.  I'm trying to
explain my motivations for having these opinions; I gather I'm not

> > Personally, I'm a little tired of "But I'm too lazy" (to learn how
> > to set up spam filters) being an acceptable excuse. If you can't
> > find someone to run your list with a clue, then maybe you shouldn't
> > have a list.
> Personally, I find that attitude quite arrogant. Not everyone is you,
> or wants to be you. Or me. Or Barry. If you want to design things
> for you, do whatever you want. When you start designing for an open
> population, you have to start checking the ego at the door. This
> attitude, I'm afraid, doesn't, at least in my mind.

Again, apologies.  If you can convince me that one Right outweighs the
other one, for a sufficiently statistically significant number of
possible cases, I'll change my outlook.  I don't claim to be perfect.

But I don't form my opinions for fun, nor in total ignorance.  And I
*have* been doing this for 18 years. 

No, 19.

-- jra
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")