Great Circle Associates List-Managers
(September 1996)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Help with Forgeries (fwd)
From: Sheryl Coppenger <sheryl @ seas . gwu . edu>
Date: Sun, 8 Sep 1996 14:48:28 -0400 (EDT)
To: list-managers @ greatcircle . com

> 	I know of no tools that let you refuse connections based on parts
> of the "body" of the message (including most of what you and I
> consider to be the headers) while the SMTP connection is open.
> 	In the case of sendmail, it doesn't even begin to examine the
> headers of the message until after it has accepted it from the other
> end, so you couldn't "refuse" the message even if you wanted to.  You
> could try to use something like procmail (or whatever) to /dev/null
> or bounce messages with certain header information, but that's a
> different issue.

I'm just catching up on a couple of weeks' worth of mailing list email,
so first off I want to say that I'm completely with Brad on the issue
of making the laws about junk email parallel the laws about junk faxes.
I'm not just speaking as a user or as an admin frustrated with the really
obnoxious abuses like the KrazyKevin incidents.  But it's really annoying
even the amount of time our mail system spends dealing with trying to
bounce back junk mailings that were sent to user IDs that haven't been
valid in over 2 years.  Generally the return addresses these "unknown
user" messages are bouncing back to are fake or have full boxes or
belong to accounts already closed for spamming.  I get copies in the
postmaster box, it's just a lot to deal with that doesn't happen with
other types of mail.  My users don't want to receive them and complain
to me about it, the whole thing just consumes a lot of hidden resources
that the SPAMer doesn't have to pay for.  My employer does.  I hope
AOL and annoyed users raise enough of a stink to get the law changed.

I'm no lawyer and don't play one on TV but it's my understanding that
examining content can put a person on shaky ground legally -- that
by taking over some responsibility for what content gets through you
are setting yourself up to be held liable for anything that gets through
that you didn't block.

> 	I've argued with Ned Freed (author or co-author of 14 Internet
> email RFCs, and someone you could consider to have literally written
> the book on the subject) that tools of this sort are necessary, but I
> haven't convinced him.  I have convinced some of his co-workers at
> Innosoft (makers of PMDF, the software the White House uses to
> process their Internet email) that the tools that PMDF has already
> are virtually useless, and there's not really much sense in trying to
> use them to block incoming email.

Interesting, because PMDF was recommended to me for the KrazyKevin thing.
We rejected it because it doesn't run on any of our platforms and we 
didn't want to get into another flavor of UNIX for one package that might
or might not do the job.


Sheryl Coppenger    SEAS Computing Facility Staff      sheryl @
 seas .
 gwu .
                    The George Washington University   (202) 994-6853

Indexed By Date Previous: Re: Blocking Domains
From: jeffw @ smoe . org (Jeff Wasilko)
Next: Re[2]: Help with Forgeries
From: "Brian J. Murrell" <brian @ ilinx . ilinx . com>
Indexed By Thread Previous: How To Get Anti-Email-Spamming Laws Enacted
From: Kynn Bartlett <kynn @ idyllmtn . com>
Next: [no subject]
From: Tifra <tifra @ cc . in2p3 . fr>

Search Internet Search