Slashdot Mirror
User Not Found, Email Drops Silently
shervinafshar writes with an International Herald Tribune story explaining just why it is failed emails don't always result in a helpful error message for the sender, which also gives some insight into ways that email can be used to spy on recipients. "In last lines of the article, two companies are introduced which provide services that can 'spy' on your email reading habits. They also can 'call home' too: 'Some entrepreneurs have seen that uncertainty and offered senders the ability to obtain receipts that a given message has been read — without the recipient knowing that a confirmation has been sent back to the sender. ReadNotify, based in Queensland, Australia, started in 2000 and promised to report not only on whether a message was read, but also on how long it was opened for reading on the recipient's PC. It can also send the message in "self-destructing" form, preventing forwarding, printing, copying and saving.' IHT also is asking its readers to comment about these kind of services being against user privacy."
What about decent clients that won't automatically load remote images and don't support javascript?
Try to prevent me from forwarding or printing those bits, and I'll do it just to spite your sniveling ass.
And there's NO way to stop me. If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish, and I take offense at any attempts to prevent me from doing just that.
Since their business model depends upon selling their "service" to people who don't know anything about email other than "click to send" ...
browser, email client, IRC...
in the email client it defaults to not automatically load images and always go to prefrences and select to NEVER send a return receipt, it is nobodies business what i read...
Politics is Treachery, Religion is Brainwashing
Thunderbird defaults to asking when someone asks for a return receipt; I always change the setting to not even ask but simply never to send them. It is nobodies business to know whether, not to mention when I have first opened their e-mail (which is also, by the way, not the same thing as actually reading it).
In addition, you should set your client to never download external images. This should solve about 99% of these "exploits". As far as I can remember, the company mentioned uses a transparent/invisible image on an intentionally slowed down server that feeds the image byte by byte; usually, mail clients disconnect/cancel the download once you click another message.
I can only imagine "preventing" forwarding to work with really retarded mail clients (I think we all know the one I'm talking about).
The very valid reason why mail servers don't always return a message when a mail address does not exist, is because this can be used to phish for existing usernames - when you don't get a bounce message, you know you've probably hit a valid username. (because for most systems, login/username = default mail alias)
Every expression is true, for a given value of 'true'
Let me know when this works with Pine or GMail. OTOH, my blackberry seems to support self destructing text messages, or maybe it just looses them randomly.
Follow me
I assume this is true if you open it in a browser-enabled client with hooks to javascript and other such evils?
promised to report not only on whether a message was read, but also on how long it was opened for reading
Also, it can tell which version of windows you were running, what kind of child pr0n you enjoy... you know. metrics.
The other thing I see around here is the people who request a receipt (we use Outlook) when they send a global email to all 1500 users on the system. Most of them only do it once.
it primarily depends upon the recipients who don't know any better than to use all sorts of unsafe mail clients who allow such tricks to be played on them. as long as these comprise the majority, that business model is sustainable.
so this is not a privacy issue but a security issue.. and it's much older than 2000.
I run all my pop accounts through GMail. Images don't load automatically and I keep javascript on a short leash. So, do those services have some kind of techno-magic or are they just spying on the weak, the lame and the infirm?
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Part of the solution to this is the e-mail client needs to measure the rate of transfer of any image and close the connection if it drops too low.
Also, sane e-mail clients should not allow javascript in an e-mail or inline images to be loaded, except from known HTTP servers white-listed in advance, from known white-listed senders.
So the email addresses are Firstname.Lastname@ (although we also accept and deliver FirstnameLastname@).
Phishing for "John@" is easy. Phishing for "John.Adams@" is a lot more difficult.
Too much trouble for everyday use, but most people have a pretty good idea about who they have to watch out for among their business associates.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Here's a good summary of why such plans won't work:
http://theamigo.blogspot.com/2007/07/expiring-email-no-not-really.html
Difference is that the recipient is notified about the return receipt and they can choose to take action from there.
Transparent images embedded in html emails (which never should have been started in the first place) are a different kettle of fish, in that most users won't realize that their email is being monitored
I suppose one way of gaining awareness would be setting up a system (think Sorbs/Spamhaus), which lists domains of people who embed sort of shit in their emails.
Companies frown upon negative publicity and if you can say "Hey, you're listed because jbloggs@example.com sent out an email with this shit in it", then I can't see the company continuing to do that for very long
As various people have pointed out, this would only really work if you sent html-only email, and if the recipient was guaranteed to have client software that executed javascript or something. I use mutt, a text-only email reader, and I have my mail software set up so it bounces html-only email (that it doesn't think is spam) back to the sender with an error message explaining that html-only email violates internet standards. I've never understood why anyone sends html-only email. Seems hard to believe that there would be service providers so clueless that they'd make html-only the default, and it also seems hard to believe that people would be clueless enough to want to send html-only email, but clueful enough to switch to html-only if it wasn't the default.
I have to admit that the concept of being able to get a return receipt for email has a certain allure. Recently, for example, my boss got pissed off at me and made a big scene because he thought I hadn't notified him about something. I happened to have a copy of the email in which I notified him, and I also happened to have saved his reply to it. But what if I hadn't saved the reply, or if he hadn't replied?
A lot of people send CYA emails, e.g., "Okay, this is to confirm that you want me to put the uranium in the crisper drawer of the fridge, and that you take responsibility for the results." But the recipient can pretend he never got it.
Find free books.
I'm surprised the author didn't link to the actual services:
Both seem to be easily defeated; indeed, the ReadNotify FAQ mentions that the "invisible" tracking service (which I assume means that it just includes the tracking images in the message) may be unreliable.
I therefore recommend blacklisting (in your MTA and web proxy) readnotify.com, pointofmail.com, e-mail-servers.com, didtheyreadit.com, mailinfo.com, and msgtag.com. I welcome any additions to this list.
I should also mention that those who use superior mail clients -- e.g., mutt -- can avoid being spied on by these abusers. I strongly recommend using such clients, or configuring other lesser clients so that they do not cooperate.
If you sends bits to MY computer, using MY libraries, and running MY kernel, those bits are mine to do with as I wish,
The copyright still remains with the sender, so, no, they are not yours. Furthermore, you cannot legally do with them as you wish.
The services discussed in TFA look like seriously weak sauce. Like anything that doesn't monkey with the recipient's system, they can be defeated by not loading external material, not executing javascript, and so on.
The more dangerous class of trackers are those that do operate on the recipient's system. In principle those can be defeated, just as DRM systems can; but doing so may be substantially challenging, particularly for joe user. Luckily, requiring the recipient to install a program of some sort just to view an email is pretty inconvenient, so these aren't commonly used; but if an entity that you pretty much have to interact with(employer, distance education system, government, etc.) took up using such a system, there would be a serious danger.
I return bounces for all errors. If it's coming from a spammy host, there are other solutions far more effective and precise to reduce their volume. For one, Postfix drops the connection if several consecutive errors occur, and greylisting is a marvel against the common pump-and-dump spammers. There are a lot of small things that come together in the modern spam fighting arsenal, few of them require breaking the spec.
-Billco, Fnarg.com
I use readnotify. Not on every email, but some important ones. Since I have to deal with continuing education and am constantly taking classes I find that readnotify is useful for covering my ass.
True story, I took an online course in Fall 07. I submitted my final to the prof. via email at his request. Neither the email or the attachment was ever opened and readnotify is extremely reliable for this particular prof. I still got a 4.0 so I'm not complaining.
load "$",8,1
I was very quick to drop the receipt headers in our mail server and forcing all outgoing mail to go through it.
There's not much you can do when they invoke these shitty tracking services though. It just becomes a cat and mouse game of shut one down and another pops up in its place or they find a workaround for your block.
I drink to make other people interesting!
"The sender of this message has requested to be notified when you read this message. Would you like to send confirmation to the sender?" I may be paraphrasing slightly, I don't remember the exact wording.
If an e-mail is dropped in the middle of a server and no one is around to read it, does it make a spam?
... the system isn't the attacker. The end user is the attacker. (Sidenote: if you are using an email system over a dedicated client which was provided for you to ensure system security, accountability, and auditing compliance, you a) aren't using email, sorry and b) presumably knew what you were getting into when you signed up.)
P.S. Wouldn't sending a letter in WoW fall under a "more dangerous class of trackers", since one entity knows the sent and received states of all messages on the system and can view them at will? (Oh noes!) Ditto with AIM... and Facebook... and MySpace... and...
Help poke pirates in the eyepatch, arr.
"My mail client is fine because it doesn't load javascript or images.. however it's possible for someone to nuke my entire filesystem or execute anything!"
What kind of crazy priorities do you have?
Also, I use pine -- would someone please share some proof-of-concept? Otherwise I won't have to write my own goddamn text-based email client! Ye gods.
I think that services such as ReadNotify have their place in the world...
Personally, when I have sensitive information to send I use PositiveDelivery.com (http://www.positivedelivery.com)
The service is still in Beta but I like it. I don't have to worry about CCing to too many people or my file attachments being too large. The best part is, my message stays on the PositiveDelivery server... the people I send to receive an email telling them they have a message waiting.
Not only do I know who opened the email (and who didn't)... I know who downloaded the attachment, etc.
When sending to multiple people... all of the replies go back to everyone. I find this very handy when communicating with board members, managers, etc... (ie. people who don't really know, or care, how email works)
Its certainly not a 100% replacement for email... but its definitely a great tool for when my communications HAVE to be secure and I want confirmation.
I think of it this way... I don't request insurance, return receipt, signature verification on every single letter I send through the post office... but there are SOME letters/packages I need to know are received, when, and that it was the right person.
Andy
Let me see now, I have 4 real email addresses (and a redirector), 3 are various webmail services the other is my ISP (which of course has a webmail interface but is normally read through my mail client. All of them can be set to block external images. Not certain about javascript, but of course I can disable that in my browser so it may be redundant.
... nobody knows I'm there, ever.
So
"I return bounces for all errors."
Then you're an ass... You do realize that spammers use from: addresses of nonsuspecting victims that have nothing to do with the spam, don't you?
... who use Outlook's "recall email" feature :-)
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
For several years, I've set my email accounts (both web-based and Outlook) not to show any images. With Outlook I have to specify with each email whether or not I want to see the images. Even on 'preview' mode, the images aren't visible to me. Why do I go through this semi-hassle? Because of the increasing level of offensive images I was receiving in spam. I laughed my butt off when the 'preview' mode in Outlook showed me a photo of a naked man who was (ahem) very happy to see me. I obviously wasn't stupid enough to ever open any of these emails, and I would just delete them without ever reading them. The level of raunch increased, and still I was fine with just hitting the delete key, until the day I was sent a man with a horse photo, in full color. LOL, it's funny now. But I immediately that day set all of my email accounts to not load any photos, even in preview mode, because I thought okay what's next, some spammer trying to dump child porn images onto my hard drive?
Although if someone sends you a letter, the physical artifact -- the piece of paper with writing on it -- becomes yours, the copyright to unpublished letters remains with the author. Some biographers have gotten in trouble for printing the contents of unpublished letters that were given to them by the recipients, for this reason.
You might find Publication Of An Unauthorized Biography interesting:
Apparently as a result of that case the Copyright Act was amended, but it didn't really change the essential copyright ownership, it just raised the bar for infringement claims somewhat. The copyright to an unpublished work still rests in the author, not the recipient (or whoever they might pass the letter to, or who might inherit it in their estate, etc.). If you want to publish them, either you need to get the permission of the author or the author's estate, or you need to make sure you're covered by one of the Fair Use exemptions (e.g. the "criticism, scholarship or research" exemption).
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Posting it via the net (email) IS publication. There is NO assumption whatsoever of privacy, unlike sealed mail through the post office. It has the same effect as a post card. If you believe your email isn't scanned, backed up on various servers, etc., you're naive. At any one time ther are multiple copies of your email sitting on your machine, the recipient's machine, undeleted mail queues, etc.
Email is not private. Get over it. If you want privacy, use pgp, or gpg. Don't depend on copyright law to "prevent copying", since for email to work, copies MUST be made - your original didn't disappear from your computer when you "sent" it - only a copy of the data was sent, and you gave authorization for that copying to be made in the act of sending.
I blacklist mail servers run like yours, as I can't stand open spam relays (because that's exactly what you are running, grats).
the people wander around and suppose, while the secret sits in the middle and knows.
Several years ago, I helped save someone some money by tracking where a particular person actually was via email. Realizing a tracking image in an email was unreliable, I also added a tracking image into a word document... which doesn't have any protection against loading images from remote servers.
Long story short - the person was on the other side of the world to where they were claiming to be based on their IP address.
You seem to know very little about this topic so I'd suggest you just stop talking about it.
Fix your broken mail protocol if you don't like it.
Just an FYI: AOL has always allowed users on AOL to see if another AOL (or CompuServe..once upon a time) has viewed their e-mail. It would also tell you when they opened it. This is a default capability built into AOL since 2.0 or 2.5 (early-mid 1990's). All one had to do is check their sent e-mail and click to check the status. So long as it was to another AOLer, one could see the status. Keep in mind how large AOL used to be in user base and this was a standard practice.
``Spammers don't care about bounces, they deliver the message and move on. They don't linger around for a bounce, since that would require a valid return path, thus a trace back to the spammer's mail server.''
The "spammer's mail server" is Joe Sixpack's exploited PC.
Please correct me if I got my facts wrong.
I wrote a perl script and cron task that I used to use to send about 30 to 50 read receipts to people who request them. It sends them over the course of a week or two. When people ask about getting all of the read receipts, I tell them, "Every time I open your email it lets you know I read it. Isn't that what you wanted?"
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Now, if Outlook could come configured by default to prevent sending the messages in the first place, that would really help conserve bandwidth.
One of my ex-bosses demanded receipt confirmations one sunny day. In a week, we had all our internal e-mails spammed to death instead of just support@, info@ and such.
As for intended usage... I think he could tell who was actually reading his messages well before even sending them.
WYSIWIG, but what you see might not be what you need
I see what your getting at, but to be Devil's advocate; couldn't this been seen as a service, since person with the compromised address would then know that it was compromised?
I suppose this isn't true in all cases... but...
A patriot must always be ready to defend his country against his government. -edward abbey
A few weeks ago I saw a tag for an image like http://img.msgtag.com/[path omitted].gif in a message I received. My Thunderbird is configured not to display images anyway, but to be sure that I'm not giving away when and if I read mail I promptly added this line into my c:\windows\system32\drivers\etc\hosts
127.0.0.1 img.msgtag.com
Bye bye MsgTag, get out of business soon!
I did not even *mention* spammers, at all. I said it can be used to phish for valid account names. Spammers are not interested in those. Crackers/corporate spies, however, certainly might be..
Every expression is true, for a given value of 'true'
Sure you can, if you are the sysadmin. Just block loading of remote images in emails (I'm sure there must be a policy setting somewhere to do that), and if anyone complains, say it's being used to distribute viruses, used by spammers, phishers etc. (all of which is actually true) and thus it is a necessary security measure.
Every expression is true, for a given value of 'true'
It depends where he's bouncing. If he's bouncing at the SMTP level there will never be any backscatter - only the sending server will receive it.
Hmm, gives me an idea. If I even see an ad for asdjhfgkjbadjghiougscvo or similar, how about I send you lots and lots of clicks on it? Maybe mail the link to a few people. IM it around a bit. Post it on a newsgroup. And a few IRC channels at that.
I mean, if anyone wants to track my reading habits, heh, they might as well pay for the privilege.
Heck, I'm even in a mind to organize some kind of a group of people who automatically send a HTTP get to such links. It'd be just a get, not actually parsed or anything, to minimize the possibility of a security problem. Tracked people unite, so to speak. The kind of PHB who absolutely wants to know when everyone read his emails and exactly how often, won't do it just once. Might as well make sure that the expenses keep it in check a bit, and/or that higher management will eventually ask why is all that marketing money spent on adwords and exactly how much did it improve sales or brand recognition.
A polar bear is a cartesian bear after a coordinate transform.
Poor, poor exchange/outlook users :)
Believe it or not, some people read their bounce messages.
For a spammer who's looking for every low volume avenue this is a gift. If a message is sent from a falsified sender to your mail host and you send the content of the message or some other way to read it back with the bounce to the claimed sender, you've served the spammer by delivering their message to its intended target. Congratulations. You're part of the problem.
Help stamp out iliturcy.
Makes you wonder why people abandonned ELM :-)
html mail is not a big overhead necessarily. All it is a markup language, and it only adds small amounts to emails if used well.
HTML e-mail is also what allows phishing to occur.Attackers can kind put in JS and load corrupt images, as well as hide the true link you're being set to in the REF attribute while showing you a normal looking one in the text.
With plain-text e-mail, you can hide images, and any links that are displayed are the ones you will actually be sent to. Also, links in e-mails will be shorter and nicer looking since they'd have to be less than (roughly) eight characters wide, and you can't hide them under text that says "click here".
All-in-all, I think HTML has caused no end of problems in this area and has actually made e-mail more of a pain to use.
Good point--I was referring only to backscatter messages. Another aggravation is the "click this link to verify you're not a spammer and allow the message into my inbox" message. I click the link, then report the message. I thought that stupid idea had died a justified death until I received such a message yesterday that referenced mail-block.com.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
In 1999, as we were all busy making sure that Y2K bugs weren't going to be a big deal, someone where I used to work created an email account (as a Lotus Notes database) so customers could make direct inquiries about Y2K compliance. Most anyone could browse that email database. One day, I received a blistering email from a customer, whom I did not know, asking why their Y2K inquiries had been repeatedly ignored. That user had enabled a return receipt and the Lotus Notes database server was automatically generating return receipt emails to the sender each time one of those email records was browsed -- without informing the reader. Oops. I quickly put a stop to that.
We recently switched from Novell's groupwise (which we'd been using over a dozen years) to outlook/exchange, and the one thing we don't get that we used to was the ability to see when someone in the system had opened an e-mail. Its still probably the single thing we get asked about the most.
...email.
I just read Slashdot for the articles.
What is actually truly annoying is all those "mail not received" and "blocked by our spam filter" emails that are out there. As a domain portfolio owner, I can say without a doubt that domains we own are joe-jobbed pretty much hourly, with results in huge influxes of bounce mail messages that mean nothing.
The reality is that email is broken, a poor insecure protocol that allows injection of all information in the headers and leads to millions of useless emails a day, followed by millions of useless misdirected bounce messages and spam blocker messages.
Fix the protocol, don't waste time putting a bandaid on the gaping wounds.
Although you are right that HTML is not necessarily a big overhead in email, in real life it almost invariably is.
I have run mail servers for over two decades now. I've looked at thousands of messages, and I have access to archives of literally millions of them.
Email in general carries information in inverse relationship to the size of the mail in bytes - a person sending pure ASCII email almost invariably sends valuable information, and the more formatting the mail carries the less useful it is likely to be. Mail that belongs in a Dilbert cartoon is usually ten or more times "fatter" than it needs to be, due to HTML overhead and corporate double-speak.
Individual email messages do not necessarily follow this pattern... but, once your sample size is large enough, you see that HTML email is quite frequently a titanic waste of human and machine resources.
I find that sending grammatically correct non-HTML mail makes people think you are smart, and looking smart helps with the old paycheck at review time.
If it were otherwise then you're not sending me e-mail, but instead a license agreement to read your words for a limited period of time. If that's the case, then there needs to be a click-through license agreement first.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I am not responding to your post in particular, but it is as convenient a spot as any in the sea of "No HTML email!" posts. I use HTML email for one reason: text formatting. I like including underlines and italics in my emails for emphasis. Yes, I can post like I do here on slashdot and use /slashes/ for emphasis in plain text, but come on, this isn't 1980 anymore, you know?
At work I frequently embed images in my emails because I am discussing engineering problems and it is frequently useful to include pictures to describe the problem.
But the primary reason I use HTML email is for text formatting.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I see what your getting at, but to be Devil's advocate; couldn't this been seen as a service, since person with the compromised address would then know that it was compromised?
A service of WHAT exactly? Telling me spammers are forging messages using my address? Do I REALLY need to be reminded of that 60,000 times per month? What do you want me to do about it? Change my addresses?
1) Sorry, I'm not cutting of my customers access to sales@mydomain and support@mydomain simply because spammers are forging messages from those addresses.
2) Even if I did change them, the spammers could keep using them. Or they could just start using the new ones.
My email addresses aren't 'compromised' in the sense that someone is fraudulently using my accounts, or even relaying mail through my mail servers. They are just sending messages with the "from" address set to my email address. There is NOTHING I can do to prevent that.
I suppose this isn't true in all cases... but...
But NOTHING. I receive literally 1000s of 'bounce' messages per week for mail I didn't send, from people running servers configured like yours.
The only current defense you have against a spammer sending email with YOUR email address as its "from" address is setting up a strict SPF record for your domain. And that ONLY works if you've set up your SPF record correctly, and EVERYONE ELSES mail servers are setup to use SPF, and REJECT and DISCARD messages that do not pass.
If you are checking SPF, and you aren't rejecting/discarding messages that are being relayed through servers that are not authorized by the domain then you are being a complete ASS!
And even SPF isn't foolproof... if your address is @cox.net, bot's sending through cox.net servers would pass validation. But at least SPF has the potential to stem the flow of spam from 'elsewhere'.
Huh... you missed the phrase "but to be Devil's advocate". I'd recommend looking this up before trying to start an emotional flame-war. It means I'm endorsing opinions I don't necessarily agree with, to explore other sides of the issue.
A patriot must always be ready to defend his country against his government. -edward abbey
This is a good model to follow, thats why I'm not going to show any error messages from now on!!! As for whatever error messages I was showing earlier, I'm going to make show them in a language that is different than the one the user is using. That will show them!
Huh... you missed the phrase "but to be Devil's advocate". I'd recommend looking this up before trying to start an emotional flame-war. It means I'm endorsing opinions I don't necessarily agree with, to explore other sides of the issue.
I'm well aware of what it means. And so I responded with an explanation of why the 'opinions you endorsed for the sake of argument' are idiotic. And thus, it wasn't personally directed at you, it was directed at anyone who did agree with those opinions.
I read on some GNU page about how bad 'trusted computing' could be. It said it could be used for corruption by sending self-destruct emails so that evidence could be erased. Funny TC is now actually already being used for that... Hell someone needs to start selling PC's/latops that lack TPM chips, include coreboot, Sun OpenSparc and upcoming ATI cards (DRM on a seperate circuit so that FLOSS devs can circumvent the DRM (read about that on Proronix.com))... I'll be the first one to buy it.
Here be signatures
The Slashdot captcha was "receipt". Very topical.
It may not be a matter of misconfiguration, but of intentional, poor design.
I am one of a very large number of people who have been subjected to using Lotus Notes as an email client at work (fortunately, only at the full-time job and not at the university where I teach part-time).
The Notes client does not contain a configuration option to block return receipts from being sent.
HOWEVER, there is a very easy way to have this exact effect, but it is a minor pain.
1. Once you have replicated your email, switch to "Standalone" in the Location box on the lower right corner of the window.
2. Read your email and watch for the "Return Receipt" notice on the status bar on the bottom of the screen.
3. Click on "Databases" on the list on the left.
4. Click on "Workspace"
5. Click on "Outgoing Mail on Local" on the Workspace.
6. Select the Return Receipt notice and click the "Delete" button. Notice that it doesn't seem to do much. There will be a little mark on the left that indicates that it is slated for deletion.
7. Hit F9. That will refresh the list and then you will see the message deleted from your outbox.
8. Switch back to your "Connected" configuration (often something like "Online" or "ND65" or something like that), and bask in the joy that you have defeated the evil return receipt.
Share and Enjoy!
I have co workers who put return-receipts on EVERYTHING, and even worse are sales people from outside companies who do it.
True, but the greylisting culls a surprisingly large number of those, and the deep-analysis spam filter catches a high percentage of the remainder.
If a bit of backscatter spam gets through, well, tough! Bouncebacks exist for a reason, and if a spammer goes to such great lengths that they can get through my many filters, that's something I can live with. I'd rather let 1% of spam through, than block 100% of legitimate bouncebacks.
-Billco, Fnarg.com
As rightly you should, since they are stupid. My server doesn't create backscatter spam, it either accepts or rejects the sender/recipient/server immediately, before the message body is ever processed. An error is presented to the sending server, and delivery is aborted.
The only instance where I do generate a bounce is when I'm sending mail and I get such an error, because that means one of MY users screwed up, and they should be informed of the problem. This happens a lot with mailing lists, people move around, or they go on vacation/sick leave and their mailbox gets full... it's important that the list manager receives these errors so they can clean up their list, but the bounce messages originate from my server for delivery to my users. They don't ever get relayed to remote mail servers.
That's how bounces are supposed to work, IMO. If you're having delayed failures than return bounces after the fact, you need to turn those delayed failures into instant failures. Either you accept the mail, or you don't - no need for a grace period.
-Billco, Fnarg.com
Really? Ever quoted part of the original message when replying to an email? Did you remember to get a "license" to do that from the original author? Can they now sue you for copyright infringement? Can they sue you if you make a hard copy? I don't think so, Clyde. There's an implied license to make a copy of it on their computer, as well as any backup systems, and to fix it in more permanent form, such as printing a copy.
To receive an email, the user HAS to make a copy of it, as does your mail server. Your "copy" never left your computer. I'm free to publish my copy, in the legal sense of the term (to make it known to others) by printing it up and posting it in a window for the public to see, or by showing it to others on my screen, so trying to keep someone from "publishing" your emails by claiming copyright won't work. If I have a valid copy, I can do what I want with it, including showing it to others, or fixing it in permanent form and pasting it on a bulletin board.
While section 106 (5) does give authors the right to limit:
Section 109 contains a specific exemption to display that trumps section 106.5, when it comes to displaying:
In other words, if you want to claim your email is a "literary work" subject to copyright, I can post it publicly for everyone to view. If it's got embedded video, I can show one image at a time.
I wrote up an entire post arguing that e-mail involves an expectation of privacy, but even if it would not you're not saying anything that would make the GP wrong. If I publish something on my website that does not give you the right to republish it. The only copies of an e-mail that are legal are those that you authorized. This gets a bit hairy when considering forwarding. I'd say forwarding falls under fair use and there's a distinction between forwarding to a select group of people and the entire internet (e.g. via a website) but the case law on that point I do not know and it might not exist yet.
>So why use slashes for emphasis when you post /here/ then? Come on, this isn't 1980 anymore, you know.
The answer, simply, is because Slashdot's text editor is primitive and outdated compared to other, more modern, WYSIWYG BBS text editors.
In order to add text formatting to a post here on slashdot, I have to actually hand-code in HTML tags. Pul-eaze. I could type in the HTML tag for underline, or I could just add a "/" around the world I want to emphasize. Which is easier?
Not to mention that if I chose HTML formatting, then I also have to hand-code in HTML paragraph breaks between paragraphs. What is this, WordPerfect 1.0?
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Of course I know. But it's a pain in the ass. I'm sure all the HTML programmers love it, but the bottom line is if you choose to post in HTML on slashdot it is a real pain in the butt comared to WYSIWYG BBS editors available elsewhere.
I can either put a "/" around words I want to emphasize, or I can switch to HTML mode and have to type full HTML tags to highlight, PLUS I get to code in paragraph breaks to get proper formatting.
Writing in HTML is not pleasant nor modern. I want to highlight a word, and click on the "underline" button. This is what people are used to seeing in Word Processors, and now in their (HTML enabled) email.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
The stance of the courts has been that email is not public, and based on that there's no way that the act of simply sending an email to another individual would meet the definition of 'publication' as defined in 17 U.S.C. Sec. 101 (Definitions section of the Copyright Act). "Publication" is defined as the following:(Emph. mine)
Sending an email to a particular person is not distribution to the public, and I can't imagine it possibly being construed as publication.
There's probably room to argue that in sending an email, the sender gives the recipient an implied license to use it in certain ways simply because of how the medium works (store-and-forward, emails are quoted in reply, etc.), but I doubt you'd have any success trying to expand this implicit permission very far, at the expense of the author's control.
In general, I think you're blurring the line between what people should consider as being private, and what the law considers to be public. Email has seemingly been deemed private by the courts, however a user would be prudent to treat it as though it were completely public, because there's no guarantee that someone isn't going to read it in transit. That doesn't change their copyright on the message, however.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I'd like to see the "self-destructing email that can't be saved, forwarded, or printed" get by the screen shot button.