[Mailman-Developers] Opening up a few can o' worms here...

[Jay R. Ashworth]

On Tue, Jul 16, 2002 at 08:11:43PM -0700, Chuq Von Rospach wrote:
> On 7/16/02 5:57 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> >> But without rules, you can't teach the recipient what's right (with a cattle
> >> prod, if necessary), and without rules, the lynch mob has no binding
> >> authority.
> > 
> > Where, by "rules", here, we mean "rules about what is acceptable mail"?
> 
> Well, we're talking past each other a little bit, but at the same time, not.

I'm so glad you've cleared that up, Chuq.  ;-)

> Because I think there's still a responsibility on the list admin, because
> when someone signs up for a list, they're delegating some responsibility
> over who can access their mailbox to the owner of the list, and the
> agreement between the two are the rules set up about acceptable content. So
> you can't duck some responsibility here.

You can document your policies, and the person who wants to sign up can
decide whether they can deal.

> Oh, by the way, there's few ways guaranteed to PISS ME OFF more than someone
> who signs up for a mailing list, and then starts bouncing selected pieces of
> the mail because of filtering systems. Which usually happens because their
> admin installs stupid filters... (I don't care if you throw them away, but I
> hate showing up in the morning to 50 bounce messages because of some flakey
> content filter...)

That's why I never *bounce*.  I either drop, or file.

> Right now, for instance, one of the lists at apple is having a discussion
> about coding problems. And the user starting it served up a code fragment
> that included:
> 
>     int xxx = 0
>     [...]
> 
> You can imagine the chaos that ensues among the STUPID IS FILTER IDIOTS who
> do overly simplistic filtering and assume it actually does something useful.

:-)

> But I'm not bitter.

Naw.  Not at all.

> (and I'll be curious to see just how many bounces that I or barry see from
> THAT simple notation.....)

Yeah, RISKS gets this all the time.

> > That sentence seems to assume that the majority of the people *falling
> > in* the tarpits are people doing it by accident.  I don't think that
> > and I don't think *you* think that.
> 
> Yes, I do. Since I (for the most part, most of the time) have the felons
> locked out of the system pretty well, most of the people who cause problems
> on my systems aren't trying to f--k with the system, they're people who are
> oblivious, confused, or misguided. Even the spammer over the weekend meant
> no harm, which doesn't mean harm wasn't caused. It was a classiv case of "my
> cause is so important it justifies doing this" -- which, he found out the
> hard way, a few hundred people disagreed with him over.

Yeah.  I keep forgetting that not everyone has spent 17 years on
Usenet.

But that brings us almost immediately around to "why use email to do a
Usenet's job"... which *LOTS* of mailing lists are doing, frankly.

In these days where the majority of newsreaders *do* understand
multiple servers, that may no longer be warranted.

> > By which I meant, "sigs of people in your address book."  No, this
> > doesn't solve the "stupid user" problem... but you don't *solve* that
> > with technology.
> > 
> > You solve it with a LART.
> 
> Sometimes, the best solution is a public flogging, to teach everyone else to
> be more careful next time. But if you overdo it, people tune you out, too.

You've jumped ship before.  So have I.

They'll learn, eventually.

> > Stipulated, but they're 80-90% of the market.  I think even skewing for
> > "non-Windoze users send more mail, you would still be about 70%,
> > intuitively.
> 
> We're working on that (a quiet voice whispers: "but a f---ing mac already!
> It has unix inside for all you geeks, too!")

<roar>

> > Chasing people who directly harvest your listmanagement machine in
> > person seems quite another.
> > 
> > *That* you can't do on a case by case basis?  Are you getting harvested
> > every 5 minutes?
> 
> You want to find out? Create a honeypot. Put some email addresses on it.
> Attach it to your home page. See how quickly you start getting e-mail to
> those addresses.
> 
> You'll usually find the answer is "days". Once in a while, it's "hours".

My sister runs a page that's always in the top 3 on Google in her
keyword, on a user-named account on Mind-link.  Been there over 6 years
now.  She's had a pseudo-bogus address in her POP3 domain buried in a
mailto: on there for over a year.

*One* piece of spam.

She's not exactly a low profile target.

You, OTOH, are.  How well "hidden" were your honeypot machines?
"plaidworks.com" is likely not a low-profile domain, neither.

You put your honeypots in *Jellystone*, you get more bears...

> > No, I mean in other cases.  You're using webharvesting, it seems, as
> > your major motivation here; it doesn't seem to me -- please don't take
> > this wrong -- that there's evidence that it's really a big enough
> > problem to solve (for people who don't send 40M pieces of email an
> > hour).
> 
> I don't think you're looking close enough. Run a few honeypot tests and see
> how often people sneak a peek at YOUR system. On mine, it's a few days.

Yaeh, but see above.

Barry?  You've been cowering in the corner there, letting us imitate
Spenser and Hawk working up to it; comments?  :-)

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")