RE: bogofilter ate 3/5

[Chase Venters]

On Thu, 7 Sep 2006, Stuart MacDonald wrote:

> From: On Behalf Of Chase Venters
> > You can check the From: or envelope sender against the subscriber
> > database. Forgery isn't a concern because we're not trying to stop
> > forgery with this method. Subscribers subscribing one address
>
> Forgery is always a concern...
>
> > The perl script behaves as an optional autoresponder.
> > Autoresponders would
> > respond to spam as well (well, unless you put a spam filter
> > in front of
> > them, but I assume that many don't).
>
> ..because autoresponders are always replying to forged addresses:
> http://www.spamcop.net/fom-serve/cache/329.html
>
> > Also note that a number of people (myself included, at work
> > anyway) have
> > perl scripts that respond to all incoming mail and require a
> > reply cookie from original
> > envelope senders. We do it because it almost entirely
> > prevents spam from
> > arriving in our inboxes (I say almost because there is the occasional
>
> Autoresponder by another name, see above URL.

I should also point out that common and regular mailing list software 
already often behaves as an autoresponder, and it is completely 
reasonable! Suppose that you send a message to a mailing list that is 
subscriber-only. What usually happens? You get mail back saying that your 
message has been queued for moderator review!

Naturally, such a system suffers from the same problems described by 
the Spamcop page you linked. But it is unreasonable to ask list managers 
not to respond to unknown traffic, because sending a message to a list and 
having it silently disappear is unacceptable.

Now, I'm sure there are some people that don't run mailing lists that 
would love to call this behavior 'bad'. But there are also people who 
would like to rewrite the rules for Internet mail (see: SPF and the 
problem with mail forwarders, and their so-called 'solution'). Since 
Internet mail was designed in a vacuum where these modern problems don't 
exist, we're all forced to work around them in unusual ways. I find it 
highly ironic that spam blocker services tell you not to use certain 
techniques (autoresponders, bounce messages) that are not only 
commonplace, but precedented and even mandated by RFC on the grounds that 
they may cause you to be blocked. Then they move on to criticize anti-spam 
techniques that fall in these domains with one of their subpoints saying 
'they can cause you to miss legitimate mail!'

Guess what: so does indiscriminately blocking people whose sites don't bow 
down to your unreasonable demands, especially when their behavior (say, 
sending bounce messages) is described in the official protocol 
documentation.

Taking away auto-responders is like taking away hair gel from airline 
passengers: a gross overreaction that diminishes the quality of service 
for everyone.

> ..Stu

Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/