[Mailman-Developers] Opening up a few can o' worms here...

Jay R. Ashworth jra@baylink.com
Tue, 16 Jul 2002 18:55:52 -0400


On Tue, Jul 16, 2002 at 10:58:00AM -0700, Chuq Von Rospach wrote:
> One thing we're definitely doing is moving to a cloaked archive. Since we
> already distribute all archives out of HTTP, not FTP, we're working on a CGI
> that'll strip all e-mail information out of messages on the fly (among other
> things, like header cleanup and some trivial formatting fixes). The idea is
> simple -- we've finally hit the point where you can't put an e-mail address
> up on a public site under any cirucmstance safely, so we're having to move
> to a system where we simply don't do that.

I'm voting in favor of the lynch mobs you mention later.

No, I mean *really*.

Two or three spammers getting shot; solve the problem right quick. 

:-)

> I'm going to look and see if I can interface TMDA to the subscriber
> databases so that subscribers are by definition whitelisted, but we've hit
> the point where we have to do this. I'm not happy about it, but the war is
> lost, I think.
> 
> And speaking of privacy, harvesting and spamming, a new and disturbing thing
> happened this weekend that I want to bring up -- one for which I have lots
> of questions, but no real answers. A bunch of users on some of our mail
> lists were spammed, and it became very clear very quickly that addresses
> were harvested off of at least one of our mail lists.
> 
> As you might guess, a lynch mob formed, and I lit the first virtual torch
> and we all sharpened the pitchforks. Fortunately, the person who did it came
> forward to me and admitted guilt, and explained what happened.
> 
> And what happened is pretty damn disturbing. See, he had one of those "I
> must tell the masses!" moments, where he finally felt it was time to send
> out a call to arms on a subject he felt strongly about.
> 
> So what he did was open up his address book and send his message to everyone
> in it. And he's running one of these new e-mail clients that happily caches
> addresses it sees in case you want them again. So all of the addresses of
> people posting to the mailing lists he subscribed to were in his address
> book cache, so when he grabbed his address book, he grabbed all of those
> addresses, too.
> 
> So we have a clear violation of our anti-harvesting rules -- yet he didn't
> overtly harvest. He just grabbed what was in his address book at the time.
> 
> This creates a major privacy quagmire. How do you set up rules for something
> like that? Where does ownership and protection end? (I'm talking ethically,
> not technically. I think we all realize that once someone posts email to a
> list, you've given up control to anyone who doesn't feel obligated to follow
> the rules). This wasn't a case of overtly violating the rules, but of a
> piece of technology creating a situation where it wasn't understood there
> were rules being violated.

And this is a *perfect* case that supports what has been my assertion
all along -- you non-Libertarians out there, cover your ears and sing
-- *it's the recipient's problem*.  This case is exactly the
illustration I want: I couldn't have written one better from scratch.

It's obvious that the answer is: setting up rules *would* *not* *have*
*helped* *here*.  Anyone who can demonstrate how it might have is
welcome to post.  If you send a message, it *has* to have a From
address, and, to not violate the standards, that From address has to be
valid.  We all *want* that to be the case, right?

So what are you going to do? 

Outlaw Outlook?

:-)

> I just don't know how to deal with the issues this address caching causes.

The answer is that there is no answer.  This might be the catalyst --
there had to be one eventually -- that inspires people to upgrade to
Mail User Agents with sufficient flexibility to deal with problems like
this.

Automatically verifying PGP sigs as a whitelisting technique is merely
one approach that springs to mind.  There are many more.

> Ultimately, we're going to have to rethink our "no harvesting" rules, and
> likely also write disclaimers explaining what our limits are. We've actually
> considered switching our lists to obscured addresses, turned that down as
> being worse than the disease (for now). But now we're wondering if we have
> to go to some sort of address cloaking ON lists, maybe some kind of address
> remapping through the server for replies, something. And I'm gritting my
> teeth at the developers who created those @#$@$#@$#23 caches (which are nice
> in some ways) for not also creating some way to flag addresses as not
> cacheable. Because, IMHO, that'd solve this problem.

Yeah, but the Outhouse and OE teams aren't ever going there, and
they're your problem.

At some point, if you're going to *have* a mailnbox, you *have* to take
responsibility for it.

I stand on the non-enabler platform I've stood on before, as unpleasant
as it is.  In the end, I'm pretty sure there won't *be* any other
options...

> I'm curious what people think about this latest thing. The good news is he
> wasn't trying to harvest us. The bad news is, he wasn't trying to harvest
> us. And the b-tch of it is, I really don't have a comfortable feeling for
> how to deal with this new situation yet... But I think it's an issue we have
> to come to grips with.

See above.  ;-)

> Are we hitting a point where mail list servers have to act as blind front
> ends for all of the subscribers, where replies are processed by those
> servers, and the server then takes on the job of acting as a
> troll-exterminator and spam blocker? And what does that really mean for
> things like Mailman?

See less-above. 

I've had the same mailbox for 7 years; and *some* mailbox for just
about 20.  Until I was intemperate enough to put that email address
into a poorly chosen slot, I got maybe a couple spams a day... and that
address is on 5 or 6 domains, half a dozen web pages, and *ALL OVER*
Usenet.

And I *still* only got about half a dozen a day.

Now, it's 25-50.

People are known to say "it's not my fault", when, damnit, it *is*
their fault.  I'd say we need to make damned sure the problem is what
we *think* it is before we "fix" that.

Do you have documentary evidence, Chuq, that web harversters are the
*only* way that *a majority* of the spam-complainers addresses could
have gotten on those lists?  Have you created test-accounts?  Not 1 or
2; a couple dozen, in different places?

> Happy Macworld Expo week, all. If you need me, I'll be in the war room,
> beating my head against a wall.

You've got a war room?  Cool.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")