Thread

  1. OK to send e-mail?

    list@listme.com — 1998-05-04T21:21:41Z

    OK to send an e-mail to pgsql-hackers@postgresql.org? 
    
    
  2. Re: [HACKERS] OK to send e-mail?

    Tom Ivar Helbekkmo <tih+mail@hamartun.priv.no> — 1998-05-05T05:19:25Z

    list@listme.com writes:
    
    > OK to send an e-mail to pgsql-hackers@postgresql.org? 
    
    Intruder alert!
    
    Could someone forge an error reply to that message, so that our list
    doesn't get put on their spam list?  (And, of course, if someone could
    track them down physically and break their legs, so much the better!)
    
    Actually, now that this has started, the proper way to go may be to
    start blocking postings to the lists from anyone not on them.  On the
    down side, this means that people must send their postings from the
    address they're subscribed as.
    
    -tih (who hopes all UCE senders die slow and painful deaths)
    -- 
    Popularity is the hallmark of mediocrity.  --Niles Crane, "Frasier"
    
    
  3. Re: [HACKERS] OK to send e-mail?

    Vince Vielhaber <vev@michvhf.com> — 1998-05-05T15:36:56Z

    On 5 May 1998, Tom Ivar Helbekkmo wrote:
    
    > list@listme.com writes:
    > 
    > > OK to send an e-mail to pgsql-hackers@postgresql.org? 
    > 
    > Intruder alert!
    > 
    > Could someone forge an error reply to that message, so that our list
    > doesn't get put on their spam list?  (And, of course, if someone could
    > track them down physically and break their legs, so much the better!)
    > 
    > Actually, now that this has started, the proper way to go may be to
    > start blocking postings to the lists from anyone not on them.  On the
    > down side, this means that people must send their postings from the
    > address they're subscribed as.
    
    The other downside is that anyone in need of help has to subscribe before
    they can ask their question.
    
    Vince.
    -- 
    ==========================================================================
    Vince Vielhaber -- KA8CSH   email: vev@michvhf.com   flame-mail: /dev/null
           # include <std/disclaimers.h>                   TEAM-OS2
       Online Searchable Campground Listings    http://www.camping-usa.com
                  "I'm just not a fan of promoting stupidity!
                We have elected officials for that job!" -- Rock
    ==========================================================================
    
    
    
    
    
  4. Re: [HACKERS] OK to send e-mail?

    ocie@paracel.com — 1998-05-05T17:06:07Z

    Tom Ivar Helbekkmo wrote:
    > 
    > list@listme.com writes:
    > 
    > > OK to send an e-mail to pgsql-hackers@postgresql.org? 
    > 
    > Intruder alert!
    > 
    > Could someone forge an error reply to that message, so that our list
    > doesn't get put on their spam list?  (And, of course, if someone could
    > track them down physically and break their legs, so much the better!)
    > 
    > Actually, now that this has started, the proper way to go may be to
    > start blocking postings to the lists from anyone not on them.  On the
    > down side, this means that people must send their postings from the
    > address they're subscribed as.
    
    Why don't we make it known (In the periodic developers FAQ posting?)
    that we do not accept unsolicited email and that we will charge a fee
    ($50 per line per subscriber :).  I for one would be more than happy
    to do the detective work to track these down.  As for what to do with
    the money -- perhaps we should see how much we get first.
    
    If we want to do this, we should pick some price and mention it in our
    FAQ.
    
    Ocie
    
    
    
  5. Re: [HACKERS] OK to send e-mail?

    Marc G. Fournier <scrappy@hub.org> — 1998-05-05T20:23:42Z

    On 5 May 1998, Tom Ivar Helbekkmo wrote:
    
    > list@listme.com writes:
    > 
    > > OK to send an e-mail to pgsql-hackers@postgresql.org? 
    > 
    > Intruder alert!
    > 
    > Could someone forge an error reply to that message, so that our list
    > doesn't get put on their spam list?  (And, of course, if someone could
    > track them down physically and break their legs, so much the better!)
    > 
    > Actually, now that this has started, the proper way to go may be to
    > start blocking postings to the lists from anyone not on them.  On the
    > down side, this means that people must send their postings from the
    > address they're subscribed as.
    
    	Even better, I have to get my next set of filters in place...that
    doesn't allow connects from SPAM sites :)
    
    > -tih (who hopes all UCE senders die slow and painful deaths)
    
    	Makes two of us, but closing the lists isn't the way to go...
    
    Marc G. Fournier                                
    Systems Administrator @ hub.org 
    primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 
    
    
    
  6. Re: [HACKERS] OK to send e-mail?

    Marc G. Fournier <scrappy@hub.org> — 1998-05-05T20:24:56Z

    On Tue, 5 May 1998 ocie@paracel.com wrote:
    
    > Why don't we make it known (In the periodic developers FAQ posting?)
    > that we do not accept unsolicited email and that we will charge a fee
    > ($50 per line per subscriber :).  I for one would be more than happy
    > to do the detective work to track these down.  As for what to do with
    > the money -- perhaps we should see how much we get first.
    > 
    > If we want to do this, we should pick some price and mention it in our
    > FAQ.
    
    	*rofl*  I like it...I could never figure out whether or not this
    is something that *is* collectable...I see it in ppls sig's
    periodically...
    
    	Ocie...write up a proposal and let us know :)
    
    Marc G. Fournier                                
    Systems Administrator @ hub.org 
    primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 
    
    
    
  7. Re: [HACKERS] OK to send e-mail?

    Michael Meskes <meskes@topsystem.de> — 1998-05-06T07:08:38Z

    ocie@paracel.com writes:
    > Why don't we make it known (In the periodic developers FAQ posting?)
    > that we do not accept unsolicited email and that we will charge a fee
    > ($50 per line per subscriber :).  I for one would be more than happy
    > to do the detective work to track these down.  As for what to do with
    > the money -- perhaps we should see how much we get first.
    
    This won't work. We have a similar policy with the Debian project. But we
    have yet to see money. No lawyer will help you there. And the spammers won't
    send money because they like the policy. :-(
    
    I think the best way is to install anti-spamming software.
    
    Michael
    
    -- 
    Dr. Michael Meskes, Project-Manager    | topsystem Systemhaus GmbH
    meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
    meskes@debian.org                      | 52146 Wuerselen
    Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
    Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10
    
    
  8. Re: [HACKERS] OK to send e-mail?

    ocie@paracel.com — 1998-05-06T17:49:51Z

    Michael Meskes wrote:
    > 
    > ocie@paracel.com writes:
    > > Why don't we make it known (In the periodic developers FAQ posting?)
    > > that we do not accept unsolicited email and that we will charge a fee
    > > ($50 per line per subscriber :).  I for one would be more than happy
    > > to do the detective work to track these down.  As for what to do with
    > > the money -- perhaps we should see how much we get first.
    > 
    > This won't work. We have a similar policy with the Debian project. But we
    > have yet to see money. No lawyer will help you there. And the spammers won't
    > send money because they like the policy. :-(
    
    No, but if we can figure out who did it and send them a bill for our
    services rendered (reading their spam), which they solicited by
    posting it (as per the conditions in our FAQ, then we can turn them
    over to a collection agency if they don't come through.
    
    Of course tracking down the poster is a trick in the first place.
    
    > 
    > I think the best way is to install anti-spamming software.
    
    I think any such method can be circumvented.  The only long-term
    solution is to make spamming unprofitable.  One thing that would go a
    long way is to reverse-verify the sender's address.  If the sender has
    forged this, the mail is dropped and we get the sound of one spam
    clapping :) The problem is that most sites nowadays won't verify email
    addresses.  This sounds like a good project for a free relational
    database. Anybody know of any good ones out there? :)
    
    Ocie
    
    
  9. Re: [HACKERS] OK to send e-mail?

    Marc G. Fournier <scrappy@hub.org> — 1998-05-06T18:01:37Z

    On Wed, 6 May 1998 ocie@paracel.com wrote:
    
    > I think any such method can be circumvented.  The only long-term
    > solution is to make spamming unprofitable.  One thing that would go a
    > long way is to reverse-verify the sender's address.  If the sender has
    > forged this, the mail is dropped and we get the sound of one spam
    > clapping :) The problem is that most sites nowadays won't verify email
    > addresses.  This sounds like a good project for a free relational
    > database. Anybody know of any good ones out there? :)
    
    	Actually, I currently have two anti-spam filters in place...one of
    which verifies the domain of the poster...its not 100% perfect, but it
    does a pretty good job of it...
    
    
    
    
  10. Re: [HACKERS] OK to send e-mail?

    D'Arcy Cain <darcy@druid.net> — 1998-05-06T20:46:56Z

    Thus spake ocie@paracel.com
    > solution is to make spamming unprofitable.  One thing that would go a
    > long way is to reverse-verify the sender's address.  If the sender has
    > forged this, the mail is dropped and we get the sound of one spam
    > clapping :) The problem is that most sites nowadays won't verify email
    > addresses.  This sounds like a good project for a free relational
    > database. Anybody know of any good ones out there? :)
    
    I am running software that allows me to check for reverse DNS on a
    connection and refuse SMTP connections if they don't have any.  In
    addition I can refuse email from known spam sites and even from sites
    that use known spammers for their DNS so they can't get throwaway
    domains and drop them before the Internic kills them for non-payment.
    
    At home I implement this fully and find it very satisfying.  A lot of
    spam gets dropped.  I tried to do something similar at vex.net, my
    ISP, but the testing I did suggested that customers just wouldn't
    stand for it.  There are a lot of broken sites without proper reverse
    DNS and they just refuse to fix themselves.  I suspect if we had to
    verify addresses we would be hearing echoes up and down our password
    file.
    
    -- 
    D'Arcy J.M. Cain <darcy@{druid|vex}.net>   |  Democracy is three wolves
    http://www.druid.net/darcy/                |  and a sheep voting on
    +1 416 424 2871     (DoD#0082)    (eNTP)   |  what's for dinner.
    
    
  11. Re: [HACKERS] OK to send e-mail?

    Bruce Korb <korbb@datadesign.com> — 1998-05-06T22:47:08Z

    D'Arcy J.M. Cain wrote:
    
    > Thus spake ocie@paracel.com
    > > solution is to make spamming unprofitable.  One thing that would go a
    > > long way is to reverse-verify the sender's address.  If the sender has
    > > forged this, the mail is dropped and we get the sound of one spam
    > > clapping :) The problem is that most sites nowadays won't verify email
    > > addresses.  This sounds like a good project for a free relational
    > > database. Anybody know of any good ones out there? :)
    
    Somebody out there wrote a program that puts new emailers mail into purgatory
    until they respond to an automated request to verify.  After a while, purgatory
    gets purged.  If they reply, tho, then the message is released.
    
    
    
  12. Re: [HACKERS] OK to send e-mail?

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-05-06T23:11:18Z

    > 
    > D'Arcy J.M. Cain wrote:
    > 
    > > Thus spake ocie@paracel.com
    > > > solution is to make spamming unprofitable.  One thing that would go a
    > > > long way is to reverse-verify the sender's address.  If the sender has
    > > > forged this, the mail is dropped and we get the sound of one spam
    > > > clapping :) The problem is that most sites nowadays won't verify email
    > > > addresses.  This sounds like a good project for a free relational
    > > > database. Anybody know of any good ones out there? :)
    > 
    > Somebody out there wrote a program that puts new emailers mail into purgatory
    > until they respond to an automated request to verify.  After a while, purgatory
    > gets purged.  If they reply, tho, then the message is released.
    
    This sounds interesting.
    
    -- 
    Bruce Momjian                          |  830 Blythe Avenue
    maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
      +  If your life is a hard drive,     |  (610) 353-9879(w)
      +  Christ can be your backup.        |  (610) 853-3000(h)
    
    
  13. Re: [HACKERS] OK to send e-mail?

    ocie@paracel.com — 1998-05-06T23:17:21Z

    Bruce Korb wrote:
    > 
    > D'Arcy J.M. Cain wrote:
    > 
    > > Thus spake ocie@paracel.com
    > > > solution is to make spamming unprofitable.  One thing that would go a
    > > > long way is to reverse-verify the sender's address.  If the sender has
    > > > forged this, the mail is dropped and we get the sound of one spam
    > > > clapping :) The problem is that most sites nowadays won't verify email
    > > > addresses.  This sounds like a good project for a free relational
    > > > database. Anybody know of any good ones out there? :)
    > 
    > Somebody out there wrote a program that puts new emailers mail into purgatory
    > until they respond to an automated request to verify.  After a while, purgatory
    > gets purged.  If they reply, tho, then the message is released.
    
    
    That doesn't sound too bad, especially for a mailing list like this.
    We could even "prime" it by adding the current subscribers to the
    list.
    
    Ocie
    
    
    
  14. Re: [HACKERS] OK to send e-mail?

    Marc G. Fournier <scrappy@hub.org> — 1998-05-13T01:07:41Z

    On Wed, 6 May 1998, D'Arcy J.M. Cain wrote:
    
    > At home I implement this fully and find it very satisfying.  A lot of
    > spam gets dropped.  I tried to do something similar at vex.net, my
    > ISP, but the testing I did suggested that customers just wouldn't
    > stand for it.  
    
    	I have the anti-relay spam filter and the reverse DNS ones
    installed on Hub.Org and at work (work has ~5000 mail users, no complaints
    after a year being in place)...the only one I haven't added to Hub.Org yet
    is the 'spam list', which I do have at work.  Next one to move over, I
    guess...
    
    > There are a lot of broken sites without proper reverse
    > DNS and they just refuse to fix themselves.  I suspect if we had to
    > verify addresses we would be hearing echoes up and down our password
    > file.
    	
    	I don't find it too bad...complaints from our users are pretty
    much zero (even from the professors) as far as email and filtering is
    concerned...most ppl are happy because spamming is reduced...
    
    Marc G. Fournier                                
    Systems Administrator @ hub.org 
    primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org