Searching \ for '[PIC] substandard archiver subscribed to the list' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'substandard archiver subscribed to the list'.

Exact match. Not showing close matches.
PICList Thread
'[PIC] substandard archiver subscribed to the list'
2005\08\26@190719 by James Newton, Host

face picon face
> Why is a substandard archiver subscribed to the piclist when
> there are other, much better ones (like gmane.org) which do
> not barf on 'dangerous' pdf attachments, especially when such
> barfing makes the posting useless. I suppose blogger.com
> accepts .doc attachments ? >;-)>
>
> Peter

The piclist.com archive also has this email, complete with attachment at
http://www.piclist.com/techref/piclist/2005/08/26/155656a.txt

And by the way, that number at the end is the time the post left the mit.edu
mail server so it is in every header of ever copy of the email that is sent.
What that means is that you can always fined the archive copy from the email
based on that date and time. It is also NOT sequential... So you can't just
generate "old number"+1 and know that you will be able to rip the next
email. You have to get the listing for todays posts, then spider that list
to retrieve the posts... And then you might find a spider trap or...
twelve....

> (the article appears with the attachment, alas renamed to .bin, at:

The PICList archive does not rename the attachment. It opens in adobe reader
with one click. The PICList archive DOES, however, put the text of your
email in a separate text file because that is how the email was actually
formatted.

> <http://article.gmane.org/gmane.comp.hardware.microcontrollers.pic/66893>

How did you get from your email to that "66893" number? I guess you browsed
today's posts on gmain?


> (I will email Lars@gmane about the attachment suffix)

Lars is a good guy. I wonder if he gets as few donations for the support of
his copy of the PICList as I do?

I also sort of wonder how he pays his hosting bill... It took me about 5
minutes to put together an index page that referenced all of today's posts
and then rip it with wget. His server is FAST. Which is amazing when you
consider how many posts he is archiving between all those email lists. I was
amazed at how wget could just request one page after another and they came
up really quick. You could get a LOT of posts that way in a short time. I
kept expecting some sort of rate limiting system to kick in, but nothing
did. His thread list comes up a little slower, but you don't need that to
rip.

Then it took a few seconds with "Search and Replace for Windows" from
http://www.funduc.com to change all the "<at>",s to "@"'s and then I ran my
Perl script to extract emails (which I have 'cause I study how people rip
emails in order to stop them doing it) and that gave me a nice list of email
addresses from the people who posted today.

Try that with the piclist.com archive.... Go on. Try it! Tell me what you
find. If you do manage to rip some emails, let me know in private so I can
patch the hole? But I don't think you will get many, I've done a lot to
secure it. Of course, all the work I did to secure it is pretty much useless
when anyone can subscribe to the list and host an archive with no security.

---
James Newton: PICList webmaster/Admin
spam_OUTjamesnewtonTakeThisOuTspampiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com



{Quote hidden}

> -

2005\08\27@132129 by Peter

picon face

On Fri, 26 Aug 2005, James Newton, Host wrote:

> The piclist.com archive also has this email, complete with attachment at
> http://www.piclist.com/techref/piclist/2005/08/26/155656a.txt

Ok,

> And by the way, that number at the end is the time the post left the mit.edu
> mail server so it is in every header of ever copy of the email that is sent.
> What that means is that you can always fined the archive copy from the email
> based on that date and time. It is also NOT sequential... So you can't just
> generate "old number"+1 and know that you will be able to rip the next
> email. You have to get the listing for todays posts, then spider that list
> to retrieve the posts... And then you might find a spider trap or...
> twelve....

very nice, but ...

{Quote hidden}

By clicking on the direct link that appears at the bottom of the page
when looking at an article. The link is a permalink (it leads back to
that article every time), and incrementing it works, but does not
necessarily yield articles from the piclist. This is not about ripping,
it's about access.

Lars has reacted to my email and the attachment is still .bin but its
name is .pdf as it should be. The .bin suffix prevents automatic opening
of possibly virused attachments by clueless users.

{Quote hidden}

Read the FAQ at gmane.

> Then it took a few seconds with "Search and Replace for Windows" from
> http://www.funduc.com to change all the "<at>",s to "@"'s and then I ran my
> Perl script to extract emails (which I have 'cause I study how people rip
> emails in order to stop them doing it) and that gave me a nice list of email
> addresses from the people who posted today.

Again, read the FAQ. Whoever subscribed the piclist had the option to
request encrypted emails but did not.

> Try that with the piclist.com archive.... Go on. Try it! Tell me what you
> find. If you do manage to rip some emails, let me know in private so I can
> patch the hole? But I don't think you will get many, I've done a lot to
> secure it. Of course, all the work I did to secure it is pretty much useless
> when anyone can subscribe to the list and host an archive with no security.

Your fortress has only one wall, with a strong gate in it ? So all
that is needed is a walk around it (to another site) ? ;-) Remember when
the lion is after you, you do not need to break the world record, you
only need to outrun your friends.

Peter

2005\08\28@095659 by Gerhard Fiedler

picon face
Peter wrote:

> Again, read the FAQ. Whoever subscribed the piclist had the option to
> request encrypted emails but did not.
>
>> Try that with the piclist.com archive.... Go on. Try it! Tell me what
>> you find. If you do manage to rip some emails, let me know in private
>> so I can patch the hole? But I don't think you will get many, I've done
>> a lot to secure it. Of course, all the work I did to secure it is
>> pretty much useless when anyone can subscribe to the list and host an
>> archive with no security.
>
> Your fortress has only one wall, with a strong gate in it ? So all that
> is needed is a walk around it (to another site) ? ;-) Remember when the
> lion is after you, you do not need to break the world record, you only
> need to outrun your friends.

I also don't think it makes a lot of sense to keep one archive site
super-secure. Public email lists are quite similar to news groups in that
whatever you send there becomes practically public -- including the
headers. There's not much that can be done about that. Anybody can
subscribe to the piclist from a free email account and rip emails as long
as he wants without them being listed in any archive.

I guess the point is: don't use emails you want to keep spam-free in public
forums (email lists, news groups, web forums etc). Get a separate account
for these that doesn't hurt you much if/when you have to change it.

Gerhard

2005\08\28@125058 by James Newton, Host

face picon face
Wonderful to know that the hours I worked on it in response to all the
people who complained that I shouldn't archive the list because the archive
would be mined are wasted.

---
James.



> {Original Message removed}

2005\08\28@171705 by Russell McMahon

face
flavicon
face
>> I guess the point is: don't use emails you want to keep
>> spam-free in public forums (email lists, news groups, web
>> forums etc). Get a separate account for these that doesn't
>> hurt you much if/when you have to change it.

Indeed.
You can eg open a GMail account and have it auto forward to your
'real' POP3 account. When/if the GMail starts getting spammed badly
enough you can abandon it and subscribe a new one.


       RM

2005\08\28@180402 by James Newtons Massmind

face picon face
Yes, well, that is the way everyone else (every other list) does it.

Somehow, for some reason (probably egocentric or just stupid) I thought we
might be BETTER THAN THAT!

Remind me to lower my expectations.

Don't take me too seriously.. I'm having a REALLY bad week here and it's
probably coloring my expectations.

---
James.



> {Original Message removed}

2005\08\28@184359 by William Chops Westfield

face picon face
On Aug 28, 2005, at 3:03 PM, James Newtons Massmind wrote:

> for some reason I thought we might be BETTER THAN THAT!
>
Illegitimi non carborundum...

The possibility; even the probability; of failure doesn't mean you
shouldn't TRY...

More to the point; it's a common precept in security that solutions
that don't provide "real" security are completely useless.  I disagree
completely.  Any bar, no matter how low, will stop some attackers, and
since maliciousness is not necessarily correlated with technical
expertise,
it might even stop the important attackers...

Keeping email id's out of the officially advertised PIC archive is
a good thing.  Requesting that other publicly accessible archives
do the same (or shutdown) is worthwhile, but you need not be too
obnoxious or worried about it.

Spammers COULD harvest email addresses by subscribing to targeted
lists and getting the mail directly.  But they don't.  They can't
be bothered (in general) figuring out which lists would be worthwhile.
It is essentially definitive of "spam" that the recipients are NOT
"targeted" (merely harvested?) - if all the "spam" I got was both
vaguely of interest and not infinitely repeated, I'd be a happy man!

BillW

2005\08\28@191124 by Gerhard Fiedler

picon face
James Newton, Host wrote:

> Wonderful to know that the hours I worked on it in response to all the
> people who complained that I shouldn't archive the list because the archive
> would be mined are wasted.

I'm really sorry if my comment should have come around this way. I highly
regard what you are doing and respect every single hour (even unbeknownst)
you spend in doing it.

I think there probably was a time where it was more useful than it seems to
be nowadays. And it still may be useful -- I don't know. Mind that I just
expressed my take on this; I simply don't trust that there are enough of
your kind out there so that my email address would be safe.

Gerhard 'we need more Jameses out there' Fiedler

2005\08\29@080202 by olin piclist

face picon face
James Newtons Massmind wrote:
> Yes, well, that is the way everyone else (every other list) does it.
>
> Somehow, for some reason (probably egocentric or just stupid) I thought
> we might be BETTER THAN THAT!
>
> Remind me to lower my expectations.

I think it's reality on the internet.  I have a separate email address I
only use for the PIClist.  I know I've never deliberatly given it out except
to use it here.  I get just as much spam here as I do to my real address.
It was OK for a year or so, but then the spammers found it.  I think that
may have been about the same time Google used a PIClist feed to create its
own public archive without your fancy controls.

You may have been doing a great job guarding the front gate, but the
unwashed hoards have been streaming in and out the back for years now.  It's
a shame, but it appears that's how things are, and that there is little that
can be done about it.  In other words, there is no way to limit what a
subscriber does with the messages he receives, including making them all
public or mining them for email addresses.  It appears some have been doing
just that.


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

2005\08\29@081333 by Gerhard Fiedler

picon face
Russell McMahon wrote:

> You can eg open a GMail account and have it auto forward to your
> 'real' POP3 account. When/if the GMail starts getting spammed badly
> enough you can abandon it and subscribe a new one.

Or you just check them both (you can check gmail through POP). This even
allows you to check them with different schedules.

Gerhard

2005\08\29@132414 by Gerhard Fiedler

picon face
William ChopsWestfield wrote:

> Spammers COULD harvest email addresses by subscribing to targeted
> lists and getting the mail directly.  But they don't.  They can't
> be bothered (in general) figuring out which lists would be worthwhile.

I'm not sure that's how the 'community' works. I don't think that most
spammers do harvest at all -- they probably buy the emails by the millions.
The ones who sell probably themselves just put together collections from
various sources: other harvesters, own harvests, whatever.

If that describes more or less how things work, /one/ harvester that
thought about subscribing to a number of mailing lists (this also can be
automated) would be enough to get the emails in the pond from which they
then get distributed to the spammers. Sooner or later they probably will
end up on some or many such email lists that spammers use.

Gerhard

2005\08\29@135329 by Wouter van Ooijen

face picon face
> I'm not sure that's how the 'community' works. I don't think that most
> spammers do harvest at all -- they probably buy the emails by
> the millions.
> The ones who sell probably themselves just put together
> collections from
> various sources: other harvesters, own harvests, whatever.

I even get spam on an account that is not available anywhere, except on
the server of a from-to-email service. I guess they found this one by
simply enumerating letter combinations.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products
docent Hogeschool van Utrecht: http://www.voti.nl/hvu


2005\08\29@140902 by John Nall

picon face
Wouter van Ooijen wrote:

>> I even get spam on an account that is not available anywhere, except on
>the server of a from-to-email service. I guess they found this one by
>simply enumerating letter combinations.
>  
>
I get spam which is addressed not to me, but to addresses which resemble
mine in some ways but also differ in some ways.  For example, I get mail
from ham friends who write me at .....AF4WMKILLspamspam.....arrl.net, which is forwarded to
my gmail accouont.  Except that I also get SPAM which is not sent to
AF4WM but to other calls which are close but not exact.  I never have
figured that one out.  :-)  But Thunderbird provides a good filter.

John

2005\08\29@155201 by Peter

picon face

On Sun, 28 Aug 2005, James Newton, Host wrote:

> Wonderful to know that the hours I worked on it in response to all the
> people who complained that I shouldn't archive the list because the archive
> would be mined are wasted.

They are not wasted, they protect your investment and keep your
bandwidth cost low. Everyone appreciates your work and your contribution
to the piclist. For example, gmane does not go back 10 years in archive
contents, like you do.

Peter

2005\08\30@021106 by Gerhard Fiedler

picon face
John Nall wrote:

> I get spam which is addressed not to me, but to addresses which resemble
> mine in some ways but also differ in some ways.  For example, I get mail
> from ham friends who write me at EraseMEAF4WMspam_OUTspamTakeThisOuTarrl.net, which is forwarded to
> my gmail accouont.  Except that I also get SPAM which is not sent to
> AF4WM but to other calls which are close but not exact.  I never have
> figured that one out.  :-)  

The "To:" header has not much to do with where the message actually got
sent to. (Think BCC.)

Gerhard

2005\08\30@133753 by Peter

picon face


On Mon, 29 Aug 2005, John Nall wrote:

{Quote hidden}

In general anything coming into your mailbox and having a To: field that
is not one of your addresses should be dropped as spam.

The envelope address (the To: field) and the real delivery address (smtp
protocol 'rcpt to:' line argument) are different in email
(unfortunately). Many mailing lists (including this one) use the To:
field as themselves when sending email out to subscribers.

While this 'feature' makes running mailing lists easier, it also makes
90% of spam email possible. It would be good if this hole would be
closed, at some expense to mailing list operators (expense in the sense
that servers would be loaded a little more by having to send email
individually - maybe they could delegate batches to regional servers by
arrangement).

Peter

2005\08\30@141546 by Jan-Erik Soderholm

face picon face
Peter wrote :

> at some expense to mailing list operators (expense in
> the sense that servers would be loaded a little more
> by having to send email individually...)

How are they sent today, if not "individualy" ?
When and where are they "split" ?

Jan-Erik.



2005\08\30@170351 by Lee Jones

flavicon
face
> In general anything coming into your mailbox and having a To: field
> that is not one of your addresses should be dropped as spam.

That prevents delivery of valid CC (carbon copy) and BCC (blind
carbon copies).  I, for one, use both of those addressing forms.

> The envelope address (the To: field) and the real delivery address
> (smtp protocol 'rcpt to:' line argument) are different in email
> (unfortunately).

This is just like paper mail.  The envelope address does not have
to have any relationship to the contents ... as it should be.
People seem to be able to deal with this with paper mail.

> While this 'feature' makes running mailing lists easier, it also makes
> 90% of spam email possible.

That's plain wrong.  The delivery mechanism already has to make
individual connections to the recipient's system and enumerate
the recipient's name in the envelope portion of the SMTP dialog.
If the recipient's name had to be in the To: line, it would just
require more storage by expanding the header portion.

                                               Lee Jones

2005\08\30@190800 by Gerhard Fiedler

picon face
Peter wrote:

> In general anything coming into your mailbox and having a To: field that
> is not one of your addresses should be dropped as spam.

Sometimes BCC type addressing is used legitimately. I even try to coerce
friends into using this when sending emails to a few dozen acquaintances
(if I can't persuade them to not do it at all) -- so that they don't spill
everybody's email all over.

> The envelope address (the To: field) and the real delivery address (smtp
> protocol 'rcpt to:' line argument) are different in email
> (unfortunately). [...]
>
> While this 'feature' makes running mailing lists easier, it also makes
> 90% of spam email possible. It would be good if this hole would be
> closed,

I think the more important hole is that the From: header is completely
unregulated and can contain anything. If this would have to point to a
verifiable address, spam world would probably be different. But I guess
neither has any chance of being realized...

Gerhard

2005\08\31@221744 by Peter

picon face

On Tue, 30 Aug 2005, Lee Jones wrote:

>> In general anything coming into your mailbox and having a To: field
>> that is not one of your addresses should be dropped as spam.
>
> That prevents delivery of valid CC (carbon copy) and BCC (blind
> carbon copies).  I, for one, use both of those addressing forms.

Yes. You would have to send them in a different way (at some expense to
yourself), one by one. Of course a program would do that for you, just
not the smtp servers. The expense would increase a lot if you would send
spam. That is the point. Currently the expense is borne by the smtp
servers on the internet which explode the bccd message into 100 or more
copies and deliver it to spam catchers (after exploding).

>> The envelope address (the To: field) and the real delivery address
>> (smtp protocol 'rcpt to:' line argument) are different in email
>> (unfortunately).
>
> This is just like paper mail.  The envelope address does not have
> to have any relationship to the contents ... as it should be.
> People seem to be able to deal with this with paper mail.

No, it's not. The header is the envelope. Imho the bug is that one can
fake the address on the envelope (headers) and send the mail wherever
one pleases.

>> While this 'feature' makes running mailing lists easier, it also makes
>> 90% of spam email possible.
>
> That's plain wrong.  The delivery mechanism already has to make
> individual connections to the recipient's system and enumerate
> the recipient's name in the envelope portion of the SMTP dialog.
> If the recipient's name had to be in the To: line, it would just
> require more storage by expanding the header portion.

Yes, but together with the bcc/cc denial feature above it would close
the other hole in RFC822 email: the sender anonimity would be gone. The
next step would be to enforce receiving capability for every sender, by
the first smtp daemon in the path (and by every successive one). No
valid functioning return receiver address, no forwarding. And this would
be checked periodically by the servers by sending messages that can be
responded to only by humans.

Legitimate mailing lists could use cookies or something like it to make
downstream servers accept their messages for distribution.

Peter


'[PIC] substandard archiver subscribed to the list'
2005\09\01@000503 by Lee Jones
flavicon
face
>>> In general anything coming into your mailbox and having a To: field
>>> that is not one of your addresses should be dropped as spam.

>> That prevents delivery of valid CC (carbon copy) and BCC (blind
>> carbon copies).  I, for one, use both of those addressing forms.

> Yes. You would have to send them in a different way (at some expense to
> yourself), one by one. Of course a program would do that for you, just
> not the smtp servers. The expense would increase a lot if you would send
> spam. That is the point. Currently the expense is borne by the smtp
> servers on the internet which explode the bccd message into 100 or more
> copies and deliver it to spam catchers (after exploding).

You are confusing list expansion with CC/BCC.  A CC or BCC address
is specified in the header portion by the user agent when composing
the message.  It may be either a single recipient or a list.

If a single recipient, then when the user agent hands the message to
your SMTP client, the SMTP client extracts all addresses from all To:,
CC:, and BCC: fields appearing in the header.  One connection is made
to each destination system for each single recipient(*).  During the
SMTP dialog, the client uses the "rcpt to:" to specify the recipient
on the SMTP server system.

If an address is a list, then a list expansion mechanism converts it to
single recipients and then connects to each recipients' SMTP server to
deliver a copy of the message (as above).

(*) If a message is addressed to two or more single recipients on one
destination system, the SMTP client may optionally use one connection
to transfer one copy of the message to all recipients on that system.


{Quote hidden}

Incorrect.  The envelope addresses exist in the dialog between the
SMTP client and the SMPT server in the "mail from:" and "rcpt to:".

The header that the user sees is built by the user agent program
before the message is sent.  The To:, CC:, and BCC: fields are lines
that appear in that header.  It travels as the first part of the
"data" portion of the SMTP dialog.  The receiving SMTP server may
add additional information to it, e.g. "received:" lines, but is
not required to do so.


{Quote hidden}

It is unclear here whether you are referring to the "mail from:" envelope
field or the "From:" header field.  They are distinct and different.  One
is required (by the RFCs) to be blank for non-delivery notices to prevent
mail loops.

> Legitimate mailing lists could use cookies or something like it to make
> downstream servers accept their messages for distribution.

Or use the cryptographically signed SMTP dialogs that were proposed
a decade ago ... and which have yet to be accepted or deployed by the
Internet community at large.

                                               Lee Jones

2005\09\01@083544 by John Nall

picon face
I guess that it pays to gripe -- you just never know who might be listening. :-)

On Monday August 29 I wrote:

>> I get spam which is addressed not to me, but to addresses which
> resemble mine
>> in some ways but also differ in some ways. For example, I get mail
> from ham
>> friends who write me at @spam@AF4WMKILLspamspamarrl.net <KILLspamAF4WMKILLspamspamarrl.net>, which
> is forwarded to my gmail
>> accouont. Except that I also get SPAM which is not sent to AF4WM but to
>> other calls which are close but not exact. I never have figured that one
>> out. :-) But Thunderbird provides a good filter.

And, lo and behold, on Tuesday August 30 I received:

> *ARRL.net, the ARRL’s free E-mail Forwarding Service will be adding
> new features…..and will still be free to members! A switch in vendors
> for this popular service allows us to offer both spam filtering and
> virus scanning on messages sent to ARRL.net addresses for forwarding
> on to members’ real e-mail addresses.*

Golly!!

John

2005\09\01@154105 by Peter

picon face

On Wed, 31 Aug 2005, Lee Jones wrote:

>> Yes. You would have to send them in a different way (at some expense to
>> yourself), one by one. Of course a program would do that for you, just
>> not the smtp servers. The expense would increase a lot if you would send
>> spam. That is the point. Currently the expense is borne by the smtp
>> servers on the internet which explode the bccd message into 100 or more
>> copies and deliver it to spam catchers (after exploding).
>
> You are confusing list expansion with CC/BCC.  A CC or BCC address
> is specified in the header portion by the user agent when composing
> the message.  It may be either a single recipient or a list.

To put it shorter: I want the internet to be able to transport *only*
emails with one verifiable origin and one verifyable destination.
Everything else (more than one destination per send), is to be blocked
actively. Mailing lists could be run by appointment with the
administrator of the originating server. There will be exactly one
destination delivered to per mail from/rcpt to/data session. The data in
mail to: and To: will coincide. The data in From: and mail from: will
coincide. Bouncing, mailing list issues, etc can be handled using other
headers, like Reply-To etc etc.

Peter

2005\09\01@162841 by Dave Lag

picon face
How would one go about figuring out why Yahoo tags as "bulk' all mail
received from a colleagues mail server. Is there a list of criteria
somewhere?
D

Lee Jones wrote:
{Quote hidden}

2005\09\01@201326 by William Chops Westfield

face picon face
On Sep 1, 2005, at 12:41 PM, Peter wrote:

> I want the internet to be able to transport *only* emails with
> one verifiable origin and one verifyable destination.

You know, that's the way things behaved on the ARPANet back before
TCP/IP, when mail was a sub-function of the FTP protocol.  It didn't
work very well with mailing lists; nearly melted down the net. :-(
The follow-on protocols ALL recognized the need for a way to transfer
the (large) data portion of a message separately from the list of
recipients at each host.  Of course, they didn't foresee spam, and
the net has changed a lot since then, but I still can't see increasing
the bandwidth requirements of mailing lists by 100x or so :-)  
(Although,
it would be interesting to see statistics on number of recipients per
"data" transaction in the modern internet.)

> Mailing lists could be run by appointment with the
> administrator of the originating server.

NNTP, more or less?  It seems to place a rather heavier burden on the
originating server and administrator.

Even in the early days, it was pretty clear that you needed to be able
to support mailing lists in a "low profile" way that did not require a
lot of administrator support on either the server or (especially) the
recipient's machine...

(we need to move this off of [PIC] tag pretty soon.)

BillW

2005\09\02@155323 by Peter

picon face

On Thu, 1 Sep 2005, William Chops Westfield wrote:

> On Sep 1, 2005, at 12:41 PM, Peter wrote:
>
>> I want the internet to be able to transport *only* emails with
>> one verifiable origin and one verifyable destination.
>
> You know, that's the way things behaved on the ARPANet back before
> TCP/IP, when mail was a sub-function of the FTP protocol.  It didn't
> work very well with mailing lists; nearly melted down the net. :-(
> The follow-on protocols ALL recognized the need for a way to transfer
> the (large) data portion of a message separately from the list of
> recipients at each host.  Of course, they didn't foresee spam, and
> the net has changed a lot since then, but I still can't see increasing
> the bandwidth requirements of mailing lists by 100x or so :-)  (Although,
> it would be interesting to see statistics on number of recipients per
> "data" transaction in the modern internet.)

But the mailing list effort would not increase (it would increase in the
beginning, and then decrease as downstream admins allow bccs). Mailing
lists would function by appointment. A mailing list sender whose load in
a certain direction (domain) would become large would contact the smtp
admins of downstream servers and ask them to enable support for bcc for
his list so he can reduce his load. That would probably only be
necessary for domains with a lot of list subscribers. Those are exactly
the ones where the majority of spam comes from (as identified by the
(fake) domain in the emails). After some time of doing this a network of
trust should appear, which connects legitimate bccers to legitimate
servers which accept their bccs. Data for running such devices exists
(from nntp as you said).

>> Mailing lists could be run by appointment with the
>> administrator of the originating server.
>
> NNTP, more or less?  It seems to place a rather heavier burden on the
> originating server and administrator.

No, one needs to make arrangements only with downstream hosts that have
lots of subscribers under their domain, if and when the burden becomes
large. The process could be automated up to a point. The
different-domain email for a mailing list goes direct from the list
server to the destination mx anyway. That would not change at all.

> Even in the early days, it was pretty clear that you needed to be able
> to support mailing lists in a "low profile" way that did not require a
> lot of administrator support on either the server or (especially) the
> recipient's machine...

The only thing my proposal would do, is require administrator permission
for bccing through a server. And that would only be necessary for large
providers, who have spam concerns anyway.

It would not require any changes in MTAs and MUAs. Only MTA
configuration. Not doing BCCs is very easy in modern MTAs. For example
in Postfix one simply sets smtp_destination_recipient_limit for
outgoing, and smtpd_recipient_limit for incoming in the configuration
file (each can be tuned per-domain and per-transport, and
per-destination). The filtering can be made very exact or very broad.
For example a host that boasts that it will support mailing lists would
impose no limit on bcc addresses on incoming connections from its
subscribers (per-user), and would negotiate with relevant downstream
hosts on an as-needed basis to make arrangements to be trusted with
bcc-ing messages in that direction. The users would see nothing of this
(the negotiation would probably consist in the admin sending an email to
the admin of the downstream server).

Peter

2005\09\02@160853 by Mark Rages

face picon face
On 9/2/05, Peter <RemoveMEplpTakeThisOuTspamactcom.co.il> wrote:
>
> On Thu, 1 Sep 2005, William Chops Westfield wrote:
>
> > On Sep 1, 2005, at 12:41 PM, Peter wrote:
> >

< the same old USENET/email discussion from 1994 >


please, please, PLEASE change the tag!

--
You think that it is a secret, but it never has been one.
 - fortune cookie

2005\09\05@134904 by Martin Klingensmith

flavicon
face


Lee Jones wrote:

{Quote hidden}

Most mailing list software sends messages out to an SMTP server to be
sent to the client. Say you have a mailing list with 10,000 people. It
is possible [though highly unlikely] that the ML software could send
this message to the SMTP server once with 10,000 recipients. It is also
possible that it could send it to any number of recipients, the downside
being that it has to send a complete copy of that email to the SMTP
server for each set of recipients. This is the main reason that Mailman
has a lot of quirks, IMO. Mailman [used to, at least] default to sending
messages having 100 recipients at a time. The way the SMTP server
handles these messages varies on the server type. qmail didn't
particularly like it. Many people utilizing Mailman use postfix, exim,
sendmail, etc. therefore they have different results.
You are correct that the SMTP daemon has to connect to each recipient's
ISP to send the emails, though the ML software does not necessarily do so.
--
Martin Klingensmith

2005\09\06@150640 by Peter

picon face


> Most mailing list software sends messages out to an SMTP server to be sent to
> the client. Say you have a mailing list with 10,000 people. It is possible
> [though highly unlikely] that the ML software could send this message to the
> SMTP server once with 10,000 recipients. It is also possible that it could
> send it to any number of recipients, the downside being that it has to send a
> complete copy of that email to the SMTP server for each set of recipients.
> This is the main reason that Mailman has a lot of quirks, IMO. Mailman [used
> to, at least] default to sending messages having 100 recipients at a time.
> The way the SMTP server handles these messages varies on the server type.
> qmail didn't particularly like it. Many people utilizing Mailman use postfix,
> exim, sendmail, etc. therefore they have different results.
> You are correct that the SMTP daemon has to connect to each recipient's ISP
> to send the emails, though the ML software does not necessarily do so.

In my limited experience the server that runs the mailing list software
is not the main smtp gateway of the site. All outgoing mail on a site is
routed to the main gateway which is a server that does email, and email
*only*. This server then splits the email by domains, finds and contacts
their mxes and eventually sends the mail out, one message per
destination domain, with as many bccd list users as possible. Such a
host can be declared a 'smart host' (sendmail config lingo, in newer
servers it is called relayhost - e.g. in postfix). Several of these can
be selected by destination and by origin and in any other way one
pleases.

The relayhost has a trust relationship with the ML running host (it is
usually the isp provider's main outgoing smtp server(s)).

So the present situation already is that which I was proposing. Only it
is called something else, and anyone is allowed to bcc.

Peter

More... (looser matching)
- Last day of these posts
- In 2005 , 2006 only
- Today
- New search...