[Mailman-Developers] Opening up a few can o' worms here...

Jay R. Ashworth jra@baylink.com
Tue, 16 Jul 2002 20:57:40 -0400 

On Tue, Jul 16, 2002 at 05:21:17PM -0700, Chuq Von Rospach wrote:
> On 7/16/02 3:55 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> > I'm voting in favor of the lynch mobs you mention later.
> 
> > And this is a *perfect* case that supports what has been my assertion
> > all along -- you non-Libertarians out there, cover your ears and sing
> > -- *it's the recipient's problem*.  This case is exactly the
> > illustration I want: I couldn't have written one better from scratch.
> 
> But without rules, you can't teach the recipient what's right (with a cattle
> prod, if necessary), and without rules, the lynch mob has no binding
> authority.

Where, by "rules", here, we mean "rules about what it acceptable mail"?

Why, that's up to the recipients.

To quote Jubal Harshaw: "Who's name is on that envelope, Nurse? ... Oh:
not yours."

> > It's obvious that the answer is: setting up rules *would* *not* *have*
> > *helped* *here*. 
> 
> Nope. But those rules are what allows you to go and make an example of the
> poor schmuck, in hopes that it'll keep the next person from making the same
> mistake. Wtihout the rules, there is no map you can use to teach people how
> to stay out of the tiger pits.

That sentence seems to assume that the majority of the people *falling
in* the tarpits are people doing it by accident.  I don' think that
and I don't think *you* think that.

When mail is outlawed, only outlaws will send mail.

> > So what are you going to do?
> > 
> > Outlaw Outlook?
> 
> Don't blame outlook here. Lots of mail clients do this 'temporary caching'.

Stipulated, and NS6 does it too, though I think that Moz may not.

It *is* configurable, at least, in Netscape.  I've never had to turn it
off, cause none of my clients are that dumb.  But Outhouse *did*
originate the idea, so far as I'm aware.

> > The answer is that there is no answer.
> 
> The answer is there IS an answer. Just not a complete or fully satisfying
> one.
> 
> The answer is multi-faceted:
> 
> 1) rules that explicitly and unambiguously call out what is and isn't
> acceptable.
> 
> 2) education systems to help users understand the situation and learn how to
> deal with it appropriately.
> 
> 3) information that explains (and legally limits your liability for) the
> limits of what you can and can't do given all this technnology, so
> subscribers understand what you're doing and what you can't do anything
> about but (1) and (2) above.
> 
> 4) a cattle prod for when all of the above fails.
> 
> 5) patience of a saint, reaction times of a ranger.

You forgot to capitalize that.  :-)

> > Automatically verifying PGP sigs as a whitelisting technique is merely
> > one approach that springs to mind.  There are many more.
> 
> Sorry, doesn't really solve the problem. I posted a url to a note I wrote on
> this to barry a few minutes ago.

By which I meant, "sigs of people in your address book."  No, this
doesn't solve the "stupid user" problem... but you don't *solve* that
with technology.

You solve it with a LART.

> > Yeah, but the Outhouse and OE teams aren't ever going there, and
> > they're your problem.
> 
> Hint: this wasn't a windows box, and it wasn't a microsoft product. IT AIN'T
> MICROSOFT. Lots of clients do this now.

Stipulated, but they're 80-90% of the market.  I think even skewing for
"non-Windoze users send more mail, you would still be about 70%,
intuitively.

> > At some point, if you're going to *have* a mailbox, you *have* to take
> > responsibility for it.
> 
> Yes, but if you're going to distribute email, that doesn't remove your
> obligation to do what you can to protect the user from abuses in that
> distribution. BOTH sites and obligations and responsibilities.

Chasing spammers is one thing.

Chasing people who directly harvest your listmanagement machine in
person seems quite another.

*That* you can't do on a case by case basis?  Are you getting harvested
every 5 minutes?

> > Do you have documentary evidence, Chuq, that web harversters are the
> > *only* way that *a majority* of the spam-complainers addresses could
> > have gotten on those lists?  Have you created test-accounts?  Not 1 or
> > 2; a couple dozen, in different places?
> 
> The person who did this has come clean to me. I know exactly what he did.
> It's about the only reason I've let him live. He hasn't always been, well,
> sending me christmas cards, but he's been fully cooperative.

No, I mean in other cases.  You're using webharvesting, it seems, as
your major motivation here; it doesn't seem to me -- please don't take
this wrong -- that there's evidence that it's really a big enough
problem to solve (for people who don't send 40M pieces of email an
hour).

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")