EFF speaks out against MAPS

Control-Z has brought our attention to the latest EFF newsletter which speaks out against MAPS ^? and ineffective spam legislation. According to the EFF: "The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future " The EFF is reminding us that freedom isn't always easy. I feel much worse for those who haven't figured out procmail yet though.

Procmail

[Kozz]

For the uninitiated, procmail is a fantastic tool. To learn more about it, check this link for how-tos, documentation, tutorials, and other spam-fighting tools.

Re:Procmail

From the Procmail FAQ:

Q: I want to use Procmail for spam filtering. A: Good luck. Have fun. Have you considered the following? It's really kind of late to stop the spam when it's already on your mail server. Better solutions would involve your mail administrator and IP-level blocks against spam sites (RBL et al.) as well as probably additional server-level filtering. Don't reinvent the wheel. There are good recipe packages out there which you cannot duplicate without serious effort. And it'd be a waste of time anyway. You'll find links to many Procmail spam filtering packages on the links page. Procmail is excellent for fine-tuning and for sorting already identified spam to a separate folder (some sites will just tag suspect messages, but still let them through) but on today's Internet, proper antispam measures belong in the mail server layer (if not in the political layer).

Basically it says Procmail shouldn't be used for this and to use RBL.

How to stop spam :

[Gaijin42]

I highly reccommend all people go out and use sneakemail link.

This is a great utility for stopping spam while not interfereing with your normal email.

It gives you unlimited disposable email addresses to give out whenever you need an email for a website.

If you dont want email from that address anymore, you can turn it off.

On the other hand : Spam is meant to market a good or service. Therefore there must be some way to get in contact with the spammer, otherwise their spam would be ineffective. a task force needs to be created which smacks spammers upside the head with fines, or just plain shuts them down.

Spam should be legal, as long as they include a valid return addy, and have a way to remove people (for real)

Re:How to stop spam :

[mmontour]

Another good service is, of course, spamcop.net.

There's a free tool to de-obfuscate the headers of Spam and send complaint letters to the appropriate abuse departments. They also have a paid filtering service that will hold any possible spam messages until you manually approve the sender (or report it as spam). Money well spent, IMHO.

Spam should be legal, as long as they include a valid return addy, and have a way to remove people (for real)

As for the valid return address, I would say this is necessary (but not sufficient) for a Spam to be "legal" in any sense (along with "ADV:" in the subject line, other standard headers to identify it as spam, and a notification of how they got my email address so that I can badger / LART the upstream company to stop selling my info).

However, the "remove" method doesn't really work because these addresses are often just a way to verify that your address is still "live". One way to test this is to send a removal request using a newly-created address, then wait to start receiving spam on that address.

The only way for "opt-out" to actually work is to have a higher-level, trusted agency maintain the opt-out list (similar to "do-not-call" lists that exist for telemarketing agencies). However, given the nature of the Internet, it's hard to say what agencies should have jurisdiction here.

Of course, the best way to deal with spammers involves a jar of honey and an anthill...

MAPS & ORBS aren't that painful

[fetta]

A few years ago, I came onboard at a small company just in time for their mail server (Exchange 5.0) to get blacklisted (by ORBS, I think). It sucked at the time, but if we hadn't gotten blacklisted the open relay would have remained open for a long time (the problem prompted our move to qmail). Once I closed the open relay and informed ORBS, we were quickly removed from the list.

In theory, I have no problem with the concept of these blacklists. The use of them is voluntary. From what I've heard, there may need to be some serious discussions about how they gather their data and their procedures for getting off their blacklists, but the concept seems to be both effective and practical. Also, mail providers should be up front about their use of these lists so that users can choose to use an "unprotected" mail server if they choose.

Re:EFF is misguided in this

[gorilla]

That's fine, but they are not saying that you are required to read all mail that comes into your server.

Yes they are. They're saying that all the filtering should happen at the end user end, when the spam has already cost money. To give a REAL example, I had someone sending mail to over 30,000 random names @domain in one night, all starting with the letter a, before I blocked them. These were names which had never existed in our system. If I adopted the EFF's position, then all of my users would have had a month of bad service, or I'd have to get a much bigger mail server.

Email is uni/multi cast NOT broadcast

[nyjx]

Whilst I agree that many of the legislative approaches are overblown (and dangerous), expecting all users to block their own spam is (which is what the EFF is clearly advocating) is seriously unrealistic. How many people here have a hotmail, yahoo, lycos.. account - what would that account look like if those companies didn't block spam for you? I'm sure that the average user would see this as a service offered by the ISP. As long as he/she can receive mail from granny it's fine. Most average users just want "email", they don't want the hassle of configuring 1001 spam filters. It similar to virus protection - they will just install Dr. Solomons for SPAM - or use whatever comes in the next version of XP and have Bill limit who sends them email.

The free speech argument isn't invalid its just impractical for most end users. Secondly it is being applied in the following way by the EFF:

- "ANYBODY has the right to say anything to YOU"

and not in what most people consider free speech, which is:

- "ANYBODY has the right to say anything in a public forum."

These are NOT the same thing. You get into the whole "I'm paying time and money becuase idiots keep sending me spam". Email is personal communication (uni or multi cast) it is not broadcast. If people wish to broadcast they should do so in public forums - er, like this one!

It's still an issue if an ISP blocks somebody you do want to hear from - but this is somewhat akin to the fact that millions of people around the world don't even have access to email, a telephone or even a decent postal service to even contact me in any way whatsoever.

Being black listed at least forces those areas that are to try and regulate their users. Of course Eventually this is likely to break down to requiring pretty intelligent software to determine what to block based on message content rather than sender behaviour - and even then people will still pay third parties (ISPs,M$) to perform this for them - how many pieces of software out there still use the default passwords...

John Gilmore (-1 Flamebait)

[Vainglorious+Coward]

I support the EFF (inc. with money) but I can't help suspect that John Gilmore's own personal desire to operate an open relay has significantly influenced the EFF into slamming MAPS and praising Brightmail. Has JG's machine just been added to MAPS or something?

I entirely agree that ISPs should not be filtering email without notice or consent and that "end-user" tools are the best solution, but I disagree vehemently that a spammer's right to "free speech" overrides my right to accept or deny data arriving at the edge of my network, for whatever reason I decide, including irrational reasons. I can and will use any tools at my disposal to control what enters (and leaves) my systems. The problem with end-user solutions that live in the mail client is that by the time spam is deleted, the resource cost has already occured. I much prefer to simply drop connections that I don't want; it still costs me a little bandwidth but I don't waste the disk space and processing cycles that I would if I accepted the spam.

Free speech for everyone is all very well, but the galling thing is that most spam is *deceptive*, using falsified return information or deliberately implicating other innocent third parties. I would settle for allowing all mail to come in iff I can puruse claims for fraud against those who won't play nice. Since this is unlikely to happen any time soon, I'll keep my blocking techniques, thank you very much, and I won't be shedding any tears over the "free speech" rights of spammers - I simply don't recognise any innate "right" to practice deception, especially when it's at my own expense.