From: David Schwartz [mailto:davids@webmaster.com] Sent: Wednesday, May 23, 2001 5:24 PM
From: David Schwartz [mailto:davids@webmaster.com] Sent: Wednesday, May 23, 2001 4:54 PM
In the PURE war, one ONLY shoots confirmed bad-guys and has ZERO collateral damage.
So if someone has a machine gun and is firing randomly, you don't act to stop him until he happens to hit someone?
Lottsa mitigating circumstances here; .Are they shooting spam? .Are they trying to hit anyone?
How can you tell if you don't check? As soon as you have reason to believe they're creating a hazzard to innocent people, you are justified in checking if they really are. This has been standard Internet practice since day one.
I don't need to check because I have a piece of confirmed spam from them. A smoking gun. That's the way MAPS RBL has been working for years. That is the way I expect it to continue to work. The main reason that I posted to this thread is that some of the posts lead me to believe otherwise. They were confused.
One spammer is no justification for nuking their entire city. Targeted response, sir ... targeted response. That's what MAPS is, a laser beam, not a hand granade.
Absolutely. Probe the machine that is of concern, not whole blocks randomly.
Also, only block the proven spam-host. No one else.
That's madness. [I] don't advocate random scanning, as it is unethical to probe random people for vulnerability. However, once you know there is in fact an open relay, you are entirely justified in blocking it.
Agreed, but its open-relay status is irrelevent. The fact that one has proof-positive of spam, from that site, is.
No, its open-relay status is not irrelevant. If you know a site is an open relay, however you know this, and you want to block open relays (which I do) and it's my right to block open relays, then I will block them. How I find out they're an open relay is another story. The usual way is you probe a site when it becomes an actual problem.
I submit that if you have a piece of spam, from a site, and are blocking them, why do you need to probe them?
So let me ask you three questions:
1) If I find out a site is an open relay by legitimate means, do you agree that I have the right to block it if I want to?
Sure.
2) If a site sends me spam or otherwise inconveniences me, do you agree that I have the right to probe it to see if it's an open relay if I wish to do so?
sure
3) Do you think it's unreasonable to block known open relays as a protection against future spam.
Absolutely not. Our entire Norte Americano culture is biased AGAINST apriori restrictions. You DO NOT spank someone for something that they have NOT, in fact, done. It's called prior restraint and there is a reason that it is considered unjust. It violates the PURE WAR ethos. There is no excuse for collateral damage. Innocents should not be involved, period. This is important because we DO have the technology to wage the PURE WAR and are ethically compelled to use it.
And if you have legitimate reason to suspect a site is an open relay, you are entirely justified in probing it to see whether or not it is.
No you are not, by your own ethical standards. Suspicion is not proof. Only a piece of spam, in hand, from that specific site, is sufficient grounds.
If you really believe what I think you're saying, then you would have to object to, for example, the ident protocol.
I think we have [only] a slight disconnect here. ident is part of the protocol. [side note: I'm setting up a new Postfix host (my first Postfix host ... used to doing sendmail). Does Postfix do SMTP AUTH?]
If your neighbor is aiming a gun at you, you are justified in checking to see if it's loaded.
No you are not, you assume that it is and fire first <grin>. But, you are not justified in taking out his whole block, including the other neighbors. You are not allowed ANY collateral damage. Anything less is sloppy anyway. What's the matter, ain't you that good? Can't you aim?
The only collateral damage is that the man's children lose their father. There's nothing you can do about that.
Yes, but with ORBS, they take out the entire town, even if there aren't any spammers there. That's serious collateral damage. It is unacceptable. It is not the PURE WAR.
Similarly, if you block a site that's a known problem, you inconvenience any legitimate mail traffic that might have passed through that site. But that's the kind of collateral damage that's unavoidable.
Not really, since it is the owner of the site that is directly responsible for that site's mail delivery. The atomic unit is the site, not the users of that site. To go effectively below that level of granularity is, IMHO, not technologically feasible.
Unfortunately, you have to make hazardous misconfigurations inconveniencing or they won't be fixed.
There is a major distinction between a spam hazard and a proven spam site.
Roeland Meyer wrote:
I don't need to check because I have a piece of confirmed spam from them. A smoking gun. That's the way MAPS RBL has been working for years. That is the way I expect it to continue to work. The main reason that I posted to this thread is that some of the posts lead me to believe otherwise. They were confused.
I think you're missing the big picture. If you receive a single piece of spam from a site, that's not automatically grounds to block the site. That's a recipe for maximizing collateral damage. Receiving spam from a site is your grounds for investigating the site. Perhaps you file a complaint. Perhaps you do a web search to see if others have complaints about the same site. Perhaps you check if the mailer is an open relay. Perhaps you wait for the site's administrator to respond to you. In some cases, can can't make a rational judgment without all this additional information. In some cases, you can make one immediately based only upon the immediate circumstances. So the receipt of a spam from a site is the beginning of the process, not the end.
Absolutely. Probe the machine that is of concern, not whole blocks randomly.
Also, only block the proven spam-host. No one else.
That's a more complex judgment. In most cases, I agree that this is appropriate, but I can think of (and have personally witnessed) more extreme circumstances. I've seen ISPs who say, "no, we like to spam and we will spam in the future". In those extreme cases, I'll block their entire address space from reaching my mail servers until their policy changes.
No, its open-relay status is not irrelevant. If you know a site is an open relay, however you know this, and you want to block open relays (which I do) and it's my right to block open relays, then I will block them. How I find out they're an open relay is another story. The usual way is you probe a site when it becomes an actual problem.
I submit that if you have a piece of spam, from a site, and are blocking them, why do you need to probe them?
Well, if you're blocking them because they're an open relay and they say they've fixed the problem, it's certainly reasonable to probe them to decide whether you should begin allowing mail from them. Or do you think it's better to block them indefinitely just so that you don't 'trespass' by probing them?
3) Do you think it's unreasonable to block known open relays as a protection against future spam.
Absolutely not. Our entire Norte Americano culture is biased AGAINST apriori restrictions.
Nonsense! This argument would say that you should allow children to bring guns into school provided they haven't yet shot them. Our culture is biased against a priori restrictions upon speech imposed by the government, but there is nothing inherently bad about a priori restrictions.
You DO NOT spank someone for something that they have NOT, in fact, done. It's called prior restraint and there is a reason that it is considered unjust. It violates the PURE WAR ethos. There is no excuse for collateral damage. Innocents should not be involved, period. This is important because we DO have the technology to wage the PURE WAR and are ethically compelled to use it.
I honestly don't understand what you're talking about at this point. If another person puts you at unacceptable risk of harm, you defend yourself from them without waiting for them to shoot you. If you don't want to be shot on your property, you have every right to prevent people from bringing guns onto your property. That this means people who always carry guns can't go to your parties is their problem, not yours.
If you really believe what I think you're saying, then you would have to object to, for example, the ident protocol.
I think we have [only] a slight disconnect here. ident is part of the protocol. [side note: I'm setting up a new Postfix host (my first Postfix host ... used to doing sendmail). Does Postfix do SMTP AUTH?]
Ident is part of what protocl? Ident is a protocol all its own.
Unfortunately, you have to make hazardous misconfigurations inconveniencing or they won't be fixed.
There is a major distinction between a spam hazard and a proven spam site.
Yes, time. But I agree that there's a difference between malicious spammers (those who knowing the issues but send spam anyway), accidental spammers (those who honestly don't understand the problem), spam supporters (those who don't care if their customers spam), those who just haven't secure their sites (perhaps because their operating system installed as an open relay and they never checked or don't know how to), and those who can't easily secure their sites without inconveniencing their customers. I personally treat these five cases differently. I've heard some complaints that MAPS RBL doesn't do a good job of distinguishing these cases, but I don't know enough about them to comment. DS
On Wed, May 23, 2001 at 06:12:56PM -0700, Roeland Meyer wrote:
Absolutely not. Our entire Norte Americano culture is biased AGAINST apriori restrictions. You DO NOT spank someone for something that they have NOT, in fact, done.
Leash laws. Prohibitions on minors buying spray paint. Speeding laws.
I think we have [only] a slight disconnect here. ident is part of the protocol. [side note: I'm setting up a new Postfix host (my first Postfix
Ident is a completely seperate protocol. Saying ident is part of SMTP is like saying TCP/IP is. Ident is optionally used by SMTP, but it's not a part of it.
participants (3)
-
David Schwartz -
Roeland Meyer -
Shawn McMahon