[Mailman-Developers] Opening up a few can o' worms here...
Jay R. Ashworth
jra@baylink.com
Tue, 16 Jul 2002 18:55:52 -0400
On Tue, Jul 16, 2002 at 10:58:00AM -0700, Chuq Von Rospach wrote:
> One thing we're definitely doing is moving to a cloaked archive. Since we
> already distribute all archives out of HTTP, not FTP, we're working on a CGI
> that'll strip all e-mail information out of messages on the fly (among other
> things, like header cleanup and some trivial formatting fixes). The idea is
> simple -- we've finally hit the point where you can't put an e-mail address
> up on a public site under any cirucmstance safely, so we're having to move
> to a system where we simply don't do that.
I'm voting in favor of the lynch mobs you mention later.
No, I mean *really*.
Two or three spammers getting shot; solve the problem right quick.
:-)
> I'm going to look and see if I can interface TMDA to the subscriber
> databases so that subscribers are by definition whitelisted, but we've hit
> the point where we have to do this. I'm not happy about it, but the war is
> lost, I think.
>
> And speaking of privacy, harvesting and spamming, a new and disturbing thing
> happened this weekend that I want to bring up -- one for which I have lots
> of questions, but no real answers. A bunch of users on some of our mail
> lists were spammed, and it became very clear very quickly that addresses
> were harvested off of at least one of our mail lists.
>
> As you might guess, a lynch mob formed, and I lit the first virtual torch
> and we all sharpened the pitchforks. Fortunately, the person who did it came
> forward to me and admitted guilt, and explained what happened.
>
> And what happened is pretty damn disturbing. See, he had one of those "I
> must tell the masses!" moments, where he finally felt it was time to send
> out a call to arms on a subject he felt strongly about.
>
> So what he did was open up his address book and send his message to everyone
> in it. And he's running one of these new e-mail clients that happily caches
> addresses it sees in case you want them again. So all of the addresses of
> people posting to the mailing lists he subscribed to were in his address
> book cache, so when he grabbed his address book, he grabbed all of those
> addresses, too.
>
> So we have a clear violation of our anti-harvesting rules -- yet he didn't
> overtly harvest. He just grabbed what was in his address book at the time.
>
> This creates a major privacy quagmire. How do you set up rules for something
> like that? Where does ownership and protection end? (I'm talking ethically,
> not technically. I think we all realize that once someone posts email to a
> list, you've given up control to anyone who doesn't feel obligated to follow
> the rules). This wasn't a case of overtly violating the rules, but of a
> piece of technology creating a situation where it wasn't understood there
> were rules being violated.
And this is a *perfect* case that supports what has been my assertion
all along -- you non-Libertarians out there, cover your ears and sing
-- *it's the recipient's problem*. This case is exactly the
illustration I want: I couldn't have written one better from scratch.
It's obvious that the answer is: setting up rules *would* *not* *have*
*helped* *here*. Anyone who can demonstrate how it might have is
welcome to post. If you send a message, it *has* to have a From
address, and, to not violate the standards, that From address has to be
valid. We all *want* that to be the case, right?
So what are you going to do?
Outlaw Outlook?
:-)
> I just don't know how to deal with the issues this address caching causes.
The answer is that there is no answer. This might be the catalyst --
there had to be one eventually -- that inspires people to upgrade to
Mail User Agents with sufficient flexibility to deal with problems like
this.
Automatically verifying PGP sigs as a whitelisting technique is merely
one approach that springs to mind. There are many more.
> Ultimately, we're going to have to rethink our "no harvesting" rules, and
> likely also write disclaimers explaining what our limits are. We've actually
> considered switching our lists to obscured addresses, turned that down as
> being worse than the disease (for now). But now we're wondering if we have
> to go to some sort of address cloaking ON lists, maybe some kind of address
> remapping through the server for replies, something. And I'm gritting my
> teeth at the developers who created those @#$@$#@$#23 caches (which are nice
> in some ways) for not also creating some way to flag addresses as not
> cacheable. Because, IMHO, that'd solve this problem.
Yeah, but the Outhouse and OE teams aren't ever going there, and
they're your problem.
At some point, if you're going to *have* a mailnbox, you *have* to take
responsibility for it.
I stand on the non-enabler platform I've stood on before, as unpleasant
as it is. In the end, I'm pretty sure there won't *be* any other
options...
> I'm curious what people think about this latest thing. The good news is he
> wasn't trying to harvest us. The bad news is, he wasn't trying to harvest
> us. And the b-tch of it is, I really don't have a comfortable feeling for
> how to deal with this new situation yet... But I think it's an issue we have
> to come to grips with.
See above. ;-)
> Are we hitting a point where mail list servers have to act as blind front
> ends for all of the subscribers, where replies are processed by those
> servers, and the server then takes on the job of acting as a
> troll-exterminator and spam blocker? And what does that really mean for
> things like Mailman?
See less-above.
I've had the same mailbox for 7 years; and *some* mailbox for just
about 20. Until I was intemperate enough to put that email address
into a poorly chosen slot, I got maybe a couple spams a day... and that
address is on 5 or 6 domains, half a dozen web pages, and *ALL OVER*
Usenet.
And I *still* only got about half a dozen a day.
Now, it's 25-50.
People are known to say "it's not my fault", when, damnit, it *is*
their fault. I'd say we need to make damned sure the problem is what
we *think* it is before we "fix" that.
Do you have documentary evidence, Chuq, that web harversters are the
*only* way that *a majority* of the spam-complainers addresses could
have gotten on those lists? Have you created test-accounts? Not 1 or
2; a couple dozen, in different places?
> Happy Macworld Expo week, all. If you need me, I'll be in the war room,
> beating my head against a wall.
You've got a war room? Cool.
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"If you don't have a dream; how're you gonna have a dream come true?"
-- Captain Sensible, The Damned (from South Pacific's "Happy Talk")