Spam.

nox plug-discuss@lists.plug.phoenix.az.us
Wed, 2 Oct 2002 10:10:56 -0700 (MST) 

On Tue, 1 Oct 2002, Bill Nash allegedly muttered:

<snip>
> First off, why aren't mail servers talking to each other over encrypted
> streams? Everyone is talking about encrypting mail to each other, and
> exchanging keys, so why not do it with the mail servers themselves as an
> additional step of security?
</snip>

The problem isn't necessarily the mail servers per se. Even if the servers
are all happily key certed in this fashion, you still can't stop a spammer
from going abroad and wreaking havoc from, say, China or Russia. Not to
mention the fact that servers with proper relaying and good credentials
can still be used by morons who will happily sign up for accounts with the
sole purpose of voilating their AUP for the preveledge of spamming *from*
a mail server that's keyed/certed. Even if they get nailed after the first
shot, how many useless bits of clutter did he manage to shoot through the
legitimate channel before being caught? Then, off he goes to another host.
Lather, rinse, repeat. Also, in such a situation, how do you tell your MTA
what is good content and what is spam? Place filters looking for (n)
instances of a subject word or phrase and then locking out an account from
mail privs? That might work for subjects like "guaranteed new method for
milking walruses", but how many spammers use subjects like "hey" or
something equally benign?

There are steps that can be implemented by ISP's/telcos/potted
philodendrons to limit the spam that transits their networks. Many do try,
some could care less as it fluffs their traffic stats for the ol'
shareholder portfolio.

Additionally, end recipents can do many things to eliminate spam. Procmail
is good, and whether you use CLI or GUI mailers, dropping a procmail
recipe in between your MTA and mail spool makes it easy to /dev/null
those annoying spambeasties. Yes, I know, non *nix users are all looking
at their displays going 'what's a procmail?' For those people I say,
"learn how your mailer's filtering functions work and build some solid
antispam filters". Yes, I know, this won't stop all spam, just what slips
through your MTA's net and actually gets to you. However, unless you're a
spam crusader, you probably only care immediately about the spam that's
getting to you directly anyway, right?

Another thing many people overlook is good old human contact. Typically my
first response when I get spam from a friend is to politely ask them not
to forward things to me like that. On a second offense, they get a nice,
long, semiform letter from me telling them how much of my time they've
wasted by forcing me to write a long letter detailing netiquette rules on
mail and spam. I go to great pains to be as condescending and obnoxious as
possible to get my point across. Ask my Mom, she didn't speak to me for
almost a month after she got one, but she doesn't spam stupid things to me
anymore and cc: 725,234 other people as well.

My point here is that education helps too. Many people have no idea about
where or how their email might wind up on a spammers target list. The
internet, to many, many, people is like smoking in the early 20th century.
Hip, trendy, and much more hazardous they they know or care to admit.
(apologies to smokers out there, but at least now you can ignore the
surgeon general in an informed way. :) ) Taking the time to tell people
how they're helping propagate spam might only stop a few people in a
bigger picture, but if it's the few who constatly spam YOU, it's worth it.

Oh, yeah, third offense on spam involves boiling tar, feathers, and a
large sign reading "I'm a spammer!"

Jeez, I really ought to not respond to stuff, I ramble on forever...
********************************************************************************

	        	NoX (nox@drunkenmuppets.org)
  "I want to know God's thoughts. The rest are details." - Albert Einstein

********************************************************************************