RE:Re: The spam problem.

RE:Re: The spam problem.

[Hell.Surfers]

[-- Attachment #1: Type: text/plain, Size: 197 bytes --]

YES THEY ARE SENT TO THE LIST, WOULD YOU LIKE COPIES? T hey are dangerous, they have gotten people KILLED.



On 	Sun, 11 Aug 2002 18:36:21 -0700 (PDT) 	"David S. Miller" <davem@redhat.com> wrote:

[-- Attachment #2: Type: message/rfc822, Size: 2224 bytes --]

From: "David S. Miller" <davem@redhat.com>
To: Hell.Surfers@cwctv.net
Cc: linux-kernel@vger.kernel.org
Subject: Re: The spam problem.
Date: Sun, 11 Aug 2002 18:36:21 -0700 (PDT)
Message-ID: <20020811.183621.07790287.davem@redhat.com>

   From: <Hell.Surfers@cwctv.net>
   Date: Mon, 12 Aug 2002 02:44:14 +0100

   I know this is offtopic, but the spam problem is getting worse,
   could the linux-kernel mail guy/gal, do something, the nigerian
   scams are actually dangerous.

They never make it to the lists, if they are sending these
spams to you privately that is your problem to resolve :-)

Look we simply cannot control what web site archives of these
lists choose to do with the sender's email address.  If you
post here, you will almost certainly get on a spam list.
There is zero we as postmasters can do about this.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

RE:Re: The spam problem.

[Hell.Surfers]

[-- Attachment #1: Type: text/plain, Size: 158 bytes --]

what about just asking them to confirm that would cut out mass spam



On 	Mon, 12 Aug 2002 01:50:12 -0300 (BRT) 	Rik van Riel <riel@conectiva.com.br> wrote:

[-- Attachment #2: Type: message/rfc822, Size: 2138 bytes --]

From: Rik van Riel <riel@conectiva.com.br>
To: Jim Roland <jroland@roland.net>
Cc: Hell.Surfers@cwctv.net, <linux-kernel@vger.kernel.org>
Subject: Re: The spam problem.
Date: Mon, 12 Aug 2002 01:50:12 -0300 (BRT)
Message-ID: <Pine.LNX.4.44L.0208120147400.23404-100000@imladris.surriel.com>

On Sun, 11 Aug 2002, Jim Roland wrote:

> I want to suggest to the listserver admin (again) that this list and
> others on vger.kernel.org be restricted so that you can only post to the
> list if you are a member.

That's a sure way to cut down on the number of bug reports ;)

Not to mention that it makes cross-posts between various lists
pretty much impossible.

Also, considering the amount of spam I've received "from myself"
and "from" linux-kernel regulars it's pretty obvious that restricting
the posting to list members just isn't going to work any more to
prevent spam.  It might still work for the next few months, but
the trend of spammers harvesting from/to address _pairs_ to get
around people's spam filters is definately getting explosively
more popular...

regards,

Rik
-- 
Bravely reimplemented by the knights who say "NIH".

http://www.surriel.com/		http://distro.conectiva.com/

Re: RE:Re: The spam problem.

[Jim Roland]

Now there's a good thought!  Post, Confirm, gets posted.  If member, no
confirmation necessary.


----- Original Message -----
From: <Hell.Surfers@cwctv.net>
To: <riel@conectiva.com.br>; <jroland@roland.net>;
<linux-kernel@vger.kernel.org>
Sent: Monday, August 12, 2002 12:01 AM
Subject: RE:Re: The spam problem.


> what about just asking them to confirm that would cut out mass spam
>
>
>
> On Mon, 12 Aug 2002 01:50:12 -0300 (BRT) Rik van Riel
<riel@conectiva.com.br> wrote:
>

Re: RE:Re: The spam problem.

[David Schwartz]

On Mon, 12 Aug 2002 00:15:53 -0500, Jim Roland wrote:

>Now there's a good thought!  Post, Confirm, gets posted.  If member, no
>confirmation necessary.

	You could also put them in a manual hold queue. Give a large number of 
people ability to approve posts from that queue so latency would be 
reasonable.

	The problem with confirmation is that a person might fire off a bug report 
where they happen to be, via something like

dmesg > foo
joe foo
cat foo + mail -s "Bug report blah blah" linux-kernel@vger.kernel.org

	A confirmation sent to the source address of that might not be noticed until 
the next time they happen to log into that account on that machine.

	You could do both, I guess. A hold queue that can be manually processed with 
confirmation posting the message and removing it from the hold queue.

	DS

Re: The spam problem.

[David S. Miller]

Nobody has mentioned the fact that spammers can forge the
From: field just like anyone else can.

If you enforce that the first sender at the Received: headers
have to match the From: or some rule like that, then I could
not post to these lists for example.

This is why enforcing that subscribers only can post to the lists is
totally unacceptablt.  It doesn't stop spam, it's merely a deterrant
and it serves mostly to piss off legitimate users of these lists.

Re: The spam problem.

[Rik van Riel]

On Mon, 12 Aug 2002, David S. Miller wrote:

> Nobody has mentioned the fact that spammers can forge the
> From: field just like anyone else can.

It's already happening.  You have no idea how much spam I've
received "from" Ingo Molnar, Bill Davidsen, Stephen Tweedie
and you ...

You probably also have no idea from which countries the spam
with you in the From: address has been sent ;)

Recently an anti-spam mailinglist (with members-only posting)
got flooded by a spammer who wanted to take revenge for his
N-th cancelled account.  Of course he used From: headers with
the addresses of many of the list regulars.

cheers,

Rik
-- 
Bravely reimplemented by the knights who say "NIH".

http://www.surriel.com/		http://distro.conectiva.com/

Re: The spam problem.

[Thunder from the hill]

Hi,

On Mon, 12 Aug 2002, David S. Miller wrote:
> If you enforce that the first sender at the Received: headers
> have to match the From: or some rule like that, then I could
> not post to these lists for example.

This is quite a bad idea.

If we go after the hostname, things like Puretec or our Hawkeye will be 
shot. Imagine the domain ngforever.de. It's hosted on kundenserver.de, and 
the smtp host is smtp.kundenserver.de. How can we guess?!

If we go after MX entries, most people will be shot. T-Online, Yahoo, 
Netscape... all have different smarthosts for users and incoming mail. 
T-Online, for example, has mailin00 through mailin07.sul.t-online.de for 
the incoming messages, while users use fwd00 through 
fwd07.sul.t-online.com in order to send mail.

We'll break things either way. I send mail via hawkeye.lightweight.adm 
(not an internet address, but the realname, and yes, it's a large 
network.) for the domain lightweight.ods.org, where's the connection? In 
order to find out that hawkeye.lightweight.adm is the mail host of 
lightweight.ods.org you'll have to ask a domain server on our side. 
However, Hawkeye signs things with his realname.

			Thunder
-- 
--./../...-/. -.--/---/..-/.-./..././.-../..-. .---/..-/.../- .-
--/../-./..-/-/./--..-- ../.----./.-../.-.. --./../...-/. -.--/---/..-
.- -/---/--/---/.-./.-./---/.--/.-.-.-
--./.-/-.../.-./.././.-../.-.-.-

Re: RE:Re: The spam problem.

[Peter Chubb]

>>>>> "Jim" == Jim Roland <jroland@roland.net> writes:

Jim> Now there's a good thought!  Post, Confirm, gets posted.  If
Jim> member, no confirmation necessary.

It'd be impractical because you'd need to merge not only the people
directly on the list as members, but also the people who get LKML as
digest via Dell, as news, or via a mail exploder.

Peter C

RE: RE:Re: The spam problem.

[Matt_Domsch]

> directly on the list as members, but also the people who get LKML as
> digest via Dell, as news, or via a mail exploder.

The digests on lists.us.dell.com are run through SpamAssassin upon receipt
from vger.  It's caught an amazingly small number of spams (2 this month) -
thanks to Matti and DaveM's efforts.


Thanks,
Matt

--
Matt Domsch
Sr. Software Engineer, Lead Engineer, Architect
Dell Linux Solutions www.dell.com/linux
Linux on Dell mailing lists @ http://lists.us.dell.com
#1 US Linux Server provider for 2001 and Q1/2002! (IDC May 2002)

RE:Re: The spam problem.

[Bill Davidsen]

On Mon, 12 Aug 2002 Hell.Surfers@cwctv.net wrote:

> YES THEY ARE SENT TO THE LIST, WOULD YOU LIKE COPIES? T hey are
> dangerous, they have gotten people KILLED. 

Oh? Do you mean they will come and get you if you don't take their money,
or that someone has found a way to be removed from their mailing list?

-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

RE: RE:Re: The spam problem.

[Mike Galbraith]

At 04:09 PM 8/12/2002 -0500, Matt_Domsch@Dell.com wrote:
> > directly on the list as members, but also the people who get LKML as
> > digest via Dell, as news, or via a mail exploder.
>
>The digests on lists.us.dell.com are run through SpamAssassin upon receipt
>from vger.  It's caught an amazingly small number of spams (2 this month) -
>thanks to Matti and DaveM's efforts.

It would be interesting to see a count of spam posts vs posts talking about 
spam
over the last couple years.  Even more interesting would be to see the spam 
count
compared to what was blocked.  I bet we'd all be impressed :)))

         -Mike

Re: RE:Re: The spam problem.

[Matti Aarnio]

  (cutting down the recipient list..)

On Mon, Aug 12, 2002 at 04:09:17PM -0500, Matt_Domsch@Dell.com wrote:
> > directly on the list as members, but also the people who get LKML as
> > digest via Dell, as news, or via a mail exploder.
> 
> The digests on lists.us.dell.com are run through SpamAssassin upon receipt
> from vger.  It's caught an amazingly small number of spams (2 this month) -
> thanks to Matti and DaveM's efforts.

  Quite so.  We don't aim for 100% blocking, we can tolerate a few
  leaking thru each month.  A few each day would be too much.

  I have been monitoring what our filters do catch;  sometimes
  there are things I prefer not to be captured, which means we
  have to fine-tune the filters a bit..  I am also sometimes
  (rarely) sending a note to the message originators that their
  traffic is being captured.

  Lately I have been hammering problems with HOTMAIL - which
  internally uses some software telling "from mail pickup service"
  (or something like that), which appears also in a number of
  LOOPED messages.    I have now removed that loop-signature
  from being blocked, but I am worried...


> Thanks,
> Matt
> --
> Matt Domsch

/Matti Aarnio

Re: RE:Re: The spam problem.

[bill davidsen]

In article <20020813064215.GZ32427@mea-ext.zmailer.org>,
Matti Aarnio  <matti.aarnio@zmailer.org> wrote:

|   Quite so.  We don't aim for 100% blocking, we can tolerate a few
|   leaking thru each month.  A few each day would be too much.
| 
|   I have been monitoring what our filters do catch;  sometimes
|   there are things I prefer not to be captured, which means we
|   have to fine-tune the filters a bit..  I am also sometimes
|   (rarely) sending a note to the message originators that their
|   traffic is being captured.

If you have a human to do a little of the work, you can build filters to
do a three category triage; pass, fail, and human review. This allows
the filters to be be MUCH tighter, but assumes 7*24 moderation of some
sort.

Not a recommendation, just a thought. I have this set up on lists and
posting hosts, and it works reasonably well, taking about five minutes a
few times a day on the weekend.
-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

Re: The spam problem.

[Benjamin LaHaise]

On Mon, Aug 12, 2002 at 10:50:35AM -0300, Rik van Riel wrote:
> It's already happening.  You have no idea how much spam I've
> received "from" Ingo Molnar, Bill Davidsen, Stephen Tweedie
> and you ...
> 
> You probably also have no idea from which countries the spam
> with you in the From: address has been sent ;)
> 
> Recently an anti-spam mailinglist (with members-only posting)
> got flooded by a spammer who wanted to take revenge for his
> N-th cancelled account.  Of course he used From: headers with
> the addresses of many of the list regulars.

The problem requires action on a wider scale where the IETF needs to 
propose a new standard that enforces crypto signatures of message 
content and From: that is tied into DNS.  The current mail standards 
do not have any means to prevent forgeries, even for those organizations 
that want to avoid such abuses.

		-ben
-- 
"You will be reincarnated as a toad; and you will be much happier."

RE:Re: The spam problem.

[Hell.Surfers]

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

One trick is to get the person to travel there with passport, steal it and blackmail their family, go research 419 scams..



On 	Mon, 12 Aug 2002 23:19:38 -0400 (EDT) 	Bill Davidsen <davidsen@tmr.com> wrote:

[-- Attachment #2: Type: message/rfc822, Size: 1936 bytes --]

From: Bill Davidsen <davidsen@tmr.com>
To: Hell.Surfers@cwctv.net
Cc: davem@redhat.com, linux-kernel@vger.kernel.org
Subject: RE:Re: The spam problem.
Date: Mon, 12 Aug 2002 23:19:38 -0400 (EDT)
Message-ID: <Pine.LNX.3.96.1020812231643.7583E-100000@gatekeeper.tmr.com>

On Mon, 12 Aug 2002 Hell.Surfers@cwctv.net wrote:

> YES THEY ARE SENT TO THE LIST, WOULD YOU LIKE COPIES? T hey are
> dangerous, they have gotten people KILLED. 

Oh? Do you mean they will come and get you if you don't take their money,
or that someone has found a way to be removed from their mailing list?

-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: RE:Re: The spam problem.

[Denis Vlasenko]

On 12 August 2002 18:32, Peter Chubb wrote:
> >>>>> "Jim" == Jim Roland <jroland@roland.net> writes:
>
> Jim> Now there's a good thought!  Post, Confirm, gets posted.  If
> Jim> member, no confirmation necessary.
>
> It'd be impractical because you'd need to merge not only the people
> directly on the list as members, but also the people who get LKML as
> digest via Dell, as news, or via a mail exploder.

It may be very nice to ask confirmation for suspicious posts only.
Filter can discriminate messages into:

1.Obvious spam: drop on the floor
2.Possible spam: ask sender to confirm
  (with reason why robot thinks it may be a spam)
3.Not a spam: post without confirmation

This avoids problems with good messages being lost
and does not require human admins to read the messages.
--
vda