Will New Sendmail Block Remailers?
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery. The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program. What are the chances that this will affect remailers or other means of eternal anonymity? Except Sualk, GL, UB and Nuh, all of whom we now know are Otot GinPu Tca as those crazy Syug Irtmid Irun.
On Tue, 17 Mar 1998, John Young wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
Depends on how the remailer is set up. For example, I own the domain "geek.net". If I set up a remailer and messages resolve to "anonymous@geek.net", I suspect it will get through. I may need to also have an alias that /dev/nulls messages to anonymous@geek.net, but that is still a legitimate mailing address. I think what they are trying to stop are spammers that have a return address like "fakename@fakedomain.com" or "your@best.friend". Those wouldn't resolve and would just get shitcanned. IMHO, there's nothing _toooo_ sinister here, yet. But vigilance is suggested. =-=-=-=-=-= Robert Hayden rhayden@means.net UIN: 3937211 IP Network Administrator http://rhayden.means.net MEANS Telcom (612) 230-4416
In <Pine.LNX.3.95.980317085417.19255A-100000@geek.net>, on 03/17/98 at 08:58 AM, "Robert A. Hayden" <rhayden@means.net> said:
On Tue, 17 Mar 1998, John Young wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
Depends on how the remailer is set up.
For example, I own the domain "geek.net". If I set up a remailer and messages resolve to "anonymous@geek.net", I suspect it will get through. I may need to also have an alias that /dev/nulls messages to anonymous@geek.net, but that is still a legitimate mailing address.
I think what they are trying to stop are spammers that have a return address like "fakename@fakedomain.com" or "your@best.friend". Those wouldn't resolve and would just get shitcanned.
IMHO, there's nothing _toooo_ sinister here, yet. But vigilance is suggested.
Well I think this may add to the problem. All the spamers need to do is start faking real e-mail addresses in the headers. So now you will have alot of users bearing the brunt of anti-spam attacks and complaints who had nothing to do with it. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html --------------------------------------------------------------- Tag-O-Matic: PATH=C:\DOS;C:\DOS\RUN;C:\WIN\CRASH\DOS;C:\ME\DEL\WIN
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
As long as this feature isn't turned on, on the remailers, not at all. All the remailers use a replyable e-mail as the from field, they ust dumpe anything e-mail to that, so if Sendmail goes out and does a VRFY on an e-mail, it'll work, but not mean a heck of a lot.. All it really does is force spammers to search for someone's real address to spoof and harass. (They can just scan usenet, and pick on random people if they want..) Ryan Anderson - Alpha Geek PGP fp: 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 "With this word of power, I cast thy soul into the void: (void)soul" print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
In <Pine.GSO.3.96.980317115554.5195B-100000@pawn.michonline.com>, on 03/17/98 at 11:58 AM, Ryan Anderson <ryan@michonline.com> said:
All it really does is force spammers to search for someone's real address to spoof and harass. (They can just scan usenet, and pick on random people if they want..)
Yep, it's not like they are short on valid e-mail addresses. -- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/esecure.html --------------------------------------------------------------- Tag-O-Matic: Program call to load Windows- "Here_piggy_piggy_piggy"
On Tue, 17 Mar 1998, John Young wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
I doubt it. NYT is probably referring to the integration into the sendmail package of rules that nix incoming mail with forged From headers, e.g. "you.want.to@buy.this" and prevent unauthorized relaying. Remailers generally use a From header that includes their own legitimate domain, so they likely won't be blocked. However, while the anti-relay-hijacking rules are useful (and LONG overdue), I see the the From-domain-validity change as a Bad Thing, as it will encourage spammers to deliberately choose existing domains to spoof in their From lines, leading to an increase in the incidences of sites being subjected to fragmented denial-of-service attacks, i.e. being mailbombed by the collective complaints of all those shit-stupid AOLers who don't bother to read the Received headers. I've been lucky enough never to have been subjected to one of those attacks, but from the sheer volume of complaints I once got when a luser sent a MMF spam to USENET, I can sympathize with the victim of a spoof. Yet another instance of "protection for the masses" actually providing no real benefit and simultaneously negating the protection afforded to those few who had previously used the defense. A similar thing has happened/is happening with the previously-useful "Comments: Authenticated sender is" check for spam, which used to be nearly 95% effective at nixing spam because most known spamming packages included the header, and only one legitimate mailer did likewise, but was easy to make exceptions for because it included an identifying X-Mailer header. -- Brian Buchanan brian@smarter.than.nu Never believe that you know the whole story.
John Young wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
The report claims that spam is up to 10% of e-mail worldwide, And that Sendmail is used on 75% of the computers that route e-mail, all of which are being fitted with the new program.
What are the chances that this will affect remailers or other means of eternal anonymity?
Except Sualk, GL, UB and Nuh, all of whom we now know are Otot GinPu Tca as those crazy Syug Irtmid Irun.
WRT remailers, sendmail only checks the validity of a domain. So if a "From " address is "anonymous@replay.com", the message would be passed on. I have read the Sendmail announcement from sendmail.org. The new version is very nice and friendly to everyone except spam relayers. - Igor.
At 8:58 AM -0800 3/17/98, Ryan Anderson wrote:
Markoff in the NYT reports today on the release of a new Sendmail upgrade by author Eric Allman that will block spam by checking the legitimacy of the originating address before delivery.
...
All it really does is force spammers to search for someone's real address to spoof and harass. (They can just scan usenet, and pick on random people if they want..)
The ultimate end of this line of measure/countermeasure is code that sniffs out peoples passwords so spammers can "borrow" their accounts to send a million or so messages. ------------------------------------------------------------------------- Bill Frantz | If hate must be my prison | Periwinkle -- Consulting (408)356-8506 | lock, then love must be | 16345 Englewood Ave. frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
All it really does is force spammers to search for someone's real address to spoof and harass. (They can just scan usenet, and pick on random people if they want..)
The ultimate end of this line of measure/countermeasure is code that sniffs out peoples passwords so spammers can "borrow" their accounts to send a million or so messages.
But that can be defeated with encryption. Another possible "ultimate end" for the spammer wars would be making spamming illegal, like fax spamming, and having the cops hunting down the spammers. But that can be defeated with truly anonymous markets, still assuming that encryption will be legal. To really beat spamming we probably need filters that only allow messages from inside our web of trust. Don't you agree?
Yupin Mungdee enscribed thusly:
All it really does is force spammers to search for someone's real address to spoof and harass. (They can just scan usenet, and pick on random people if they want..)
The ultimate end of this line of measure/countermeasure is code that sniffs out peoples passwords so spammers can "borrow" their accounts to send a million or so messages.
But that can be defeated with encryption.
Another possible "ultimate end" for the spammer wars would be making spamming illegal, like fax spamming, and having the cops hunting down the spammers. But that can be defeated with truly anonymous markets, still assuming that encryption will be legal.
Oh yeah right... Just like gambling being illegal has eliminated it from the Internet. We need to make it UNPROFITABLE and the scum will slink back under the rocks they came from.
To really beat spamming we probably need filters that only allow messages from inside our web of trust. Don't you agree?
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
So I'm told that the new version of sendmail (8.9) has the same antispam features as 8.8 -- only difference is in defaults. True? -Declan
On Thu, 19 Mar 1998, Declan McCullagh wrote:
So I'm told that the new version of sendmail (8.9) has the same antispam features as 8.8 -- only difference is in defaults. True?
The closest to a noticeable change I've spotted is that the simple anti-relaying rules (check_rcpt) are now part of the sendmail.cf by default. (No longer do they have to be downloaded separately and hacked in by hand.) There are more complex anti-relaying configurations that can be specified now, also (for permitting certain parties/domains to relay, or to only restrict certain groups from relaying). In other words, not much has changed. dave ----- David E. Smith, P O Box 324, Cape Girardeau MO 63702 http://bureau42.base.org/people/dave/ dave@bureau42.ml.org Random IRC Quote: [topic(#linux)] New MS motto: "Gehirnwesche die Kinder, wenn sie jung sind. In ihren Erwachsensein sind sie Ihre bereiten Sklaven. [TM]" (Brainwash the children. When they are adults they will be your slaves) topic set by Bascule [Sat Jan 24 05:57:42 1998]
Yupin Mungdee wrote:
Another possible "ultimate end" for the spammer wars would be making spamming illegal, like fax spamming, and having the cops hunting down the spammers. But that can be defeated with truly anonymous markets, still assuming that encryption will be legal.
Spamming is an 'imaginary' felony, as are anonymity and encryption. The only real crime taking place on the InterNet is the marriage of an underage technology to a polygamous pen full of Sheeple whose dowry consists of an evolutionary heritage of worshipping whatever it is that they don't understand and following the Ram(it up your ass) with the biggest horns and the loudest bleat.
To really beat spamming we probably need filters that only allow messages from inside our web of trust. Don't you agree?
Complaining about 'spamming' is the equivalent of going to a Reservation and complaining that "there's too damn many Indians" around. "Doctor, it hurts when I do *this*..." "Then don't do *that*!" I don't post under my own name on USENET for a simple reason. When I do, I get mountains of spam. I do subscribe to cypherpunks through an unfilted toad.com and I get a few niggling spams a day that merely serve to remind me that the 'spammers' are out there, laying in wait. I don't live in Los Angelos for a simple reason. Within the first week of driving in traffic there, I would take out an Uzi and start blowing the other drivers away at random. I do make occassional forays into large cities such as LA and Phoenix when I want/need to do business or pleasure there, but when merely passing through, I do so at 4 a.m., in order to avoid the 'road spam'. The WorldWide Web is just that...a 'web'. If you want to traverse every part of it, just 'surfing' without using any kind of judgement or discrimination, then you can expect to get 'stuck' with whatever kind of substance is being used by those constructing that particular part of the web. When I go into the part of the web that John Perry has thrown his Net over and marked as his territory, my gut-reaction is to think of him as a dickhead, Nazi censor. Realistically, this would be true if he trod over to my few strands of webspace and tried to rule over it, but my willfully traversing into his domain and whining about how he acts within it is nothing more than egoism. Those who choose to participate with John Perry in the construction and maintenance of the web of trust/competency that he is involved in have certain expectations of free communications versus limitations of speech and action. Those who choose to participate in the construction/destruction of the CypherPunks lists can expect to be barraged by all manner of sanity/insanity, and to have to judge the value of the list for themselves in deciding whether to stay or to leave. (Relying on the CypherPunks Complaint Department to 'solve' this or that 'problem' is not a viable option.) "Doctor, I get 'spammed' when I go there..." "Then don't go there..." OldDocMonger
On Fri, 20 Mar 1998, TruthMonger wrote:
Spamming is an 'imaginary' felony, as are anonymity and encryption.
Spamming is theft of services, sir. I am forced to pay for a "service" that I did not request. I, and everyone else, pays for spam either directly in connect time, or because my ISP wastes bandwidth handling the stuff. I am not that much bothered by that it is advertising, or pure junk, but that I pay for it.
To really beat spamming we probably need filters that only allow messages from inside our web of trust. Don't you agree?
Make people bear the true cost of spam, and it will stop.
Spamming is an 'imaginary' felony, as are anonymity and encryption. No, its actually theft of services.
Generally, it's neither one, but it is a rude imposition on the reader's attention, and may also increase costs to the user or the user's service provider. So what's an anarchist like me doing saying that the government can help? Well, they can help by getting out of the way. Currently, there are laws against breaking into computer systems and against denial of service attacks; they can be Federal felonies. As a modest proposal, I would suggest that the government allow anyone who's been sent unwanted bits by a spammer to send any unwanted bits they feel like in return. Maybe Spamford doesn't want chain letters about "Make Pings Of Death Fast" or "Free Live Chat With Real Spammers!" but spammers really aren't in any position to complain. ---------------- There's also http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
David Scheidt wrote:
On Fri, 20 Mar 1998, TruthMonger wrote:
Spamming is an 'imaginary' felony, as are anonymity and encryption.
Spamming is theft of services, sir. I am forced to pay for a "service" that I did not request. I, and everyone else, pays for spam either directly in connect time, or because my ISP wastes bandwidth handling the stuff. I am not that much bothered by that it is advertising, or pure junk, but that I pay for it.
The thievery is taking place at the ISP level. I live in the boondocks where the phone company charged $5.00 per hour for InterNet access, until they lost their monopoly, after which their rates magically dropped to $1.00 per hour. My hook-up rate remains around that rate because of competing ISP's being required to pay vigorish to the government-owned teleco, far beyond their actual costs. If I lived in the 'big city', then I would be able to avail myself of the $19.95-unlimited-connection charges. Thus, any 'spam' I received would only cost me my time and energy, as opposed to the money that the teleco robs me of under cover of their government-supported monopoly. NEWS FLASH!!! You were born into a world where even your momma's tit competed for your attention, time and energy. When your mother's breast-milk dried up, did you petition the government to have her tit imprisoned under 'Truth In Advertising' laws? Did you demand that the government force her to refrain from bringing her tit into your presence, where it would compete for your time, attention and energy? When my mother's breast-milk dried up, I learned to reach for the bottle (as Anheiser-Busch will gladly verify). In all of my time on the InterNet, I have responded to and enriched only one (count 'em, *1*) of the personages who have sent an unsolicited email to my account. In doing so, however, I have effectively endorsed the value (be it in an exceedingly minor way) of those who bring their UCE/Spam to my attention. You take the position that your ISP 'wastes bandwidth' handling 'spam'. If you are paying them to do so, without requiring that they provide you with an option in return for the money that you are paying them, this is not the fault of those who deem that you may be interested in their product/cause/bullshit. As well, since the 'spammers' are obviously receiving a response that makes it worth their while to continue their efforts, it is obvious that others on your ISP may not regard their missives as wasted bandwidth. Sometime ago, plaidworks.com complained about someone 'abusing' their system by subscribing the CypherPunks list, among others, to their massive mailings. The fact of the matter was, they left their system open to being 'used' in the manner it was, in order to gain maximum profit without going to the expense of putting safeguards in place which would prevent others from using the resources they made available to the InterNet for their own purposes. NEWS FLASH!!! The InterNet is a communal endeavor. Resources are shared among those who choose to actively participate in the infrastructure and the technologies of which it is composed. Those who wish to participate in only a portion of the activity and resources shared on the InterNet can do so if they are willing to take the actions required to limit their participation and/or exposure on the InterNet. I do not use Gopher. The use that others make of the program is not a 'theft of services' that 'wastes' the bandwidth of my ISP. My ISP does not provide Telnet access. They do so in order to prevent me from availing myself of cheaper services which are available at ISP's which are not restrained by their monopoly To me, *this* is 'denial of service.' Because of the armed robbery of the government-monopoly ISP that is available to me, it costs me an unacceptable amount of money to go to USENET. I don't go there. Spammer
Spamming is an 'imaginary' felony, as are anonymity and encryption.
No, its actually theft of services. Imagine if I called you collect anytime I was out and about and your phone automatically accepted the charge. Then I spent a couple minutes filling you in on my day, and how I felt. The end of the month you get a couple hundred dollar collect bill. Not to mention that you don't have call waiting and there may have been important phone calls that will have to call back later. Then imagine I stole your cell phone to call you collect while I roamed around other cities and filled you in on how I felt about the day so far. And you used your Cell phone for work, and lots of people were calling you but you weren't getting the messages, and you ended up loosing customers. 1. ISP pay for bandwidth. If your outside the US 128Kbps lines can go upwards of several thousand a month. 2. Spammers relay through other ISP mail servers. This usually kills their mail server, or they get added to Paul Vixie's blackhole list. 3. It wastes ISP time. ISP get dozens of complaints a day and have to explain to every newbie exactly what spam is, why they got it, etc. etc. I know, im an ISP. Ian
Ian Briggs wrote:
Spamming is an 'imaginary' felony, as are anonymity and encryption.
No, its actually theft of services.
Imagine if I called you collect anytime I was out and about and your phone automatically accepted the charge. Then I spent a couple minutes filling you in on my day, and how I felt.
Then I would be a fucking idiot for willingly giving my business to a phone company that would allow this. The fact is, the only phone company available to me is a monopoly who will no doubt institute this 'feature' because of your suggestion. I will have them forward my bill to you...
1. ISP pay for bandwidth. If your outside the US 128Kbps lines can go upwards of several thousand a month.
Then they should expend the time, energy and resources that will enable them to deny the use of their commonly shared resources with members of the InterNet community which they do not wish to support.
2. Spammers relay through other ISP mail servers. This usually kills their mail server, or they get added to Paul Vixie's blackhole list.
The InterNet is a shared resource. If the ISP does not want to share certain resources with this-or-that entity on the communal resource of the Net, then they can configure their system to deny reciprocal services to their fellow Netizens.
3. It wastes ISP time. ISP get dozens of complaints a day and have to explain to every newbie exactly what spam is, why they got it, etc. etc.
Perhaps they should spend their time configuring their systems to allow what they feel is most useful to their customers, and tell those who complain to go somewhere else.
I know, im an ISP.
I will petition the government to pass laws to prevent your ISP from spamming me with posts such as this, which reflect nothing more than the standard Sheeple position that anything which you do not personally desire should be outlawed. "That which is not permitted, is forbidden." ~ Animal Farm Spammer
I will petition the government to pass laws to prevent your ISP from spamming me with posts such as this, which reflect nothing more than the standard Sheeple position that anything which you do not personally desire should be outlawed.
"That which is not permitted, is forbidden." ~ Animal Farm
Whine Whine Whine. You want some cheeze? Sweaping generality, yes those of us that want everything we don't agree with put under penalty of death. Instantly. No, wait. Lets change that, we put those that don't agree with us on work projects for the 4th Reich. Yeah, thats what I really meant but you have to look really hard into the message to find that undertone or you have to be a shitneck. Anyways. 1. Its theft of services because its using my bandwidth to "harrass" my customers. 2. It may destroy my mail server. 3. It may detrimentally effect the quality of my business. 4. It destroys other ISP mail server. So back to your normal ranting, as I doubt anyone doesn't have an entrenched opinion concerning this. Im not the happiest person to be inviting the U.S. Goverment into this media, im pretty opposed to the U.S. Goverment in general and specific terms. You want to know who we currently call for situations like this? FBI, executive order gave them all venue over crimes on the Internet via an executive order. So guess what, the U.S. goverments already here. I just don't want Joe Smoooze Dick the Marketing stud starting up his garage business selling e-mail lists for $99, cause he can. Ian by the way, putting @dev.null in your return address thats pretty tricky, I bet you have a business card that says 31337. I bet they teach that in all canadian schools. Elite 101.
Ian Briggs wrote:
Sweaping generality, yes those of us that want everything we don't agree with put under penalty of death. ..... No, wait. Lets change that, we put those that don't agree with us on work projects for the 4th Reich.
Right on, Ian! I'm tired of these anonymous cowards, hiding behind a fake address such as dev.null, putting down those of us who recognize the need of petitioning our government to put an end to using the InterNet for purposes which are against the wishes of the majority.
1. Its theft of services because its using my bandwidth to "harrass" my customers.
Exactly. I have been complaining to my ISP about their forwarding posts from the CypherPunks list that I disagree with. Despite my complaints, they allow this harrassment to continue.
2. It may destroy my mail server.
Right on! If the anonymous cowards can make points that seem to lack any sort of logic and sense, then they cannot whine when you do so, as well.
3. It may detrimentally effect the quality of my business.
Say, Ian...this is beginning to sound like 'whining'...
4. It destroys other ISP mail server.
Although grammatically incorrect and seemingly nonsensical, I am confident that you are trying to make a valid point.
So back to your normal ranting, as I doubt anyone doesn't have an entrenched opinion concerning this.
Exactly. There are no anti-spammers in foxholes.
Im not the happiest person to be inviting the U.S. Goverment into this media, im pretty opposed to the U.S. Goverment in general and specific terms.
As long as they only pass legislation infringing on the rights of those who are not in agreement with you and I, then our position could only be seen as hypocritical by those who disagree with us.
You want to know who we currently call for situations like this? FBI, executive order gave them all venue over crimes on the Internet via an executive order.
So guess what, the U.S. goverments already here.
And we can't fight City Hall, eh?
I just don't want Joe Smoooze Dick the Marketing stud starting up his garage business selling e-mail lists for $99, cause he can.
This is every bit as despicable as people who sign up as an ISP provider on the InterNet and then deny others the use of the shared resources of the Net, because they can. Some of these evil people interfere with the propogation of Holocaust propoganda, instead of interfering with anti-Holocaust propoganda, as is proper to those who oppose censorship.
by the way, putting @dev.null in your return address thats pretty tricky, I bet you have a business card that says 31337. I bet they teach that in all canadian schools. Elite 101.
Those fucking FrostBacks think that they can crawl across the 49th virtual parallel and insult the memory of Dave Null, Defender of the Void, with impunity. As soon as I look that word up, I'm going to give them a piece of my mind. (This is a generous offer, seeing as how I don't have much left). ~~~~ Toto <toto@dave.null> ~~~~
participants (17)
-
Bill Frantz -
Bill Stewart -
Brian W. Buchanan -
David E. Smith -
David Scheidt -
Declan McCullagh -
Ian Briggs -
ichudov@algebra.com -
John Young -
Michael H. Warfield -
Robert A. Hayden -
Ryan Anderson -
Spammer -
Toto -
TruthMonger -
William H. Geiger III -
Yupin Mungdee