So even before the spammers work around it they'd stop less than half the spam.
OMG! That makes it such utter shit! A spam-fighting solution with no false positives and blocking less than half of all spam before it reaches the server!
It wouldn't work. Spammers actually do test for open relays, but they don't rely on what the server said, they rely on whether or not they got the message.
There are people out there running fake open relays and open proxies that accept all messages and notify them on a relay test, which they manually forward. Then they watch spammers hit their system and trace the IPs and have their accounts canceled.
I actually meant rate-limiting through their own servers, and a total block on outgoing 25. If a customer is going to send mailing lists, they're probably using their own systems, in which case they should be unblocked. I.e., you use their mail server, and are rate limited, or you get unblocked and run your own, and aren't.
However, it certainly could work another way. An ISP could un-rate-limit certain mail accounts, or even provide an entire separate server for specific people, presumably with added cost. Even run mailing list software on it for people who don't want to manage the list itself.
And, yeah, you shouldn't provide instructions on how to bypass the rate limiter, because some people are morons and will go 'Why is this rate-limiting message coming up when I try to send mail? I haven't sent an email in hours! Let me go disable that.'. They certainly need to talk to the ISP.
The danger there is that, once in a blue moon, the intertubes spring a leak and an actual connection to the second MX will fail. So feeding it straight to a blacklist isn't a great idea.
And teergrubing doesn't work as well as you'd think. A lot of spam software connects, dumps the message, and then 'disconnections' in that it won't respond anymore. On some system, it could tie up file descriptors, but it's pretty unlikely to actually hurt them in any way.
Greylisting's especially helpful against the low-quality anklebiter spammers, who haven't bothered buying spamware that handles relatively simple command-response dialogs (hint - Sendmail originally ran on PDP-11s, and the SMTP dialogs are in the easy part, not the turing-complete rewrite-rules stuff.)
Heh. A lot of people aren't grasping what crap spammers run. The utter shitiness of their morality is outweighed only by the quality of the tools they use. If I had to guess, something like 20% of all spam attempts don't get stopped because of blacklisting or complicated tools, they get stopped because spamming software is so bad it can't handle the slightest variation in anything.
Spamming software doesn't put angle brackets on email address after MAIL FROM, it sends raw IPs without square brackets in HELO, etc. There's even a patch for Postfix that continues the SMTP greeting banner from one line to the next, and it stops some spam, to this day. It's expecting '220 blah', it gets '220-blah\n250 blah2', which is perfectly legal and it breaks because it was coded by morons.
People who respond with 'Spammers will just adapt' are not actually mail administrators fighting spammers.;) 10% of spammers will adapt immediately. 50% of spammers will adapt after a year or so, when they buy new software. The rest will keep operating whatever broken-ass software they started with.
It's an arms race, sure, but our side is free and coded by moderately intelligent people, and their side is incredibly overpriced, coded by morons, and we aren't watching our resources, aka, IP addresses, dwindle.
But as other people have said, greylisting also works because it makes the spammer call back later, after there's been time for the spammer's IP address to hit real-time blocklists.
Yup. Or their ISP notices, or, as you said, someone notices bogus IPs, or they trip some sort of automated quota, or something. They are very hit-and-run right now, and a lot of their tricks require it. Making them stay in the same place for even five minutes will screw them pretty badly.
But there's yet another problem for them. It will make them actually record errors and check for temporary ones to try again, because right now, they connect, spew their entire message, and disconnect with no idea if it worked or not. Either they have to spend more time and CPU to watch the connection, or they have to run their entire spam run again. And they can't wait until the end of a spam run to do this, as they don't know when their connection will be dropped or they'll end up in a blacklist.
Greylisting, ironically, would have done almost nothing to block spam six years ago. We fought them to the point where they have to steal connections from people, throw out as much spam as fast as they can, and only get away with it for a few minutes before getting blacklisted and disconnected, and then, haha, we invented greylisting which exactly stops that sort of behavior.
You didn't bounce their email, you had temporary trouble accepting it. If their mail server can't handle temporary troubles, it's broken, period.
That's not to say greylisting is for everyone. Greylisting is dangerous because of changing sender addresses for mailing list software, so it's not a good idea in all circumstances without a whitelist.
And I don't know in what universe you think that spammers retry failed addresses. Spammers don't even keep track of failed addresses or errors at all, or they wouldn't try to send to addresses that have been invalid for five years. Of course, they could start, but that's lot of work on their part and requires a major change in their operation to keep track of various kinds of errors.
And greylisting should be combined with some rbl lookups from automated blacklist, thus if they retry the second time, which they almost never do, their IP is already in the blacklist because they hit spamtraps the first time through their run.
How on earth could they send email if they don't know the domain name of the server? You can't just connect and hand them spam addressed 'to whom it may concern'. You can give them email an address without a domain name, but mail servers stopped automatically appending domains a long time ago, and that's a violation of the RFC anyway(1), and it never worked at all for systems with more than one domain name.
Now, there is a significant fraction of spam sending software that doesn't do MX lookups at all, instead connecting to the A record, but that's not the same thing. And there's another fraction that just caches DNS lookups for years, so implementing nolisting won't gain you anything unless you move your mail server's IP.
1) Mail sent to an unknown domain for role accounts should be addressed to, for example, postmaster@[10.0.0.1] or postmaster@[127.0.0.1], and, yes, with the brackets. Mail sent to just 'postmaster' or 'abuse' is not legal.
The acknowledgements don't say anything about running specific software, or making any changes to software.
I've been doing nolisting for about three months now, and it required:
1) Making three A records, mx1.example.com, mx2.example.com, and mx3.example.com, all of them pointed to my IPs (Don't abuse the internet by directing traffic randomly elsewhere, people.) with mx2 being my already existing mail server and the other two being IPs without mail servers.
2) Set all the domains I felt like it to use those 3 MX records in order.
That was it. I didn't touch my mail server at all, I didn't even bother with firewalls, because my server already has a firewall setup.
It really is quite a successful method, but only until spammers start resending messages.
Greylisting is one of those things that spammers are going to have trouble getting around, simply because their entire method of operation is hit-and-run.
If they have to wait, say, five minutes to retry, that means they're going to have to change some of their behavior.
They're going to have to get more complicated software that can tell errors apart, or can even notice errors at all, which quite a lot of spam software can't, or they're basically going to have to do their entire run again, from the same IP. This will literally cut their spamming ability in half.
And it will really screw the ones on ISPs that are paying attention. If they get cut out halfway through their run, they didn't get past any greylisting at all and just wasted their account.
Secondly, greylisting allows time for blacklists to update, and there's not a damn thing they can do about that. The first time they spammed, they almost certainly hit several spamtraps, including some run by major blacklists. The next time their mail comes in, it might pass greylisting, but that's not very useful if it's now in three blacklists the server uses.
The same applies to duplicate distributed filters like Razor and whatnot, although I don't know enough about how those work to say anything beyond the obvious there.
That's not to say they won't adapt as much as they can to greylisting, but that ability is somewhat limited and requires several changes that will result in them sending less mail, period.
That's not to say greylisting doesn't have a few problems, mainly ones with unique email addresses, but even in the long run, it reduces spam.
I use maRBL and greylist Window machines and/or machines on a dynamic IP.
I get maybe.1% legit email from Window machines and even less than that from dynamic.
And I do the same thing with spamtraps you do. Luckily, I have a domain that literally has hundreds of email address spammers think are valid, but are not and have never been. (I think this is the result of a wildcard server years ago and a dictionary attack.)
First of all, hijacking people's outgoing port 25 connection is stupid and wrong. Block, yes, hijack, no. If they're blocked, people will complain to whoever they're trying to connect to, those people are hopefully smart enough to get them to switch to the SMTP submission port. (Or will do what I did, get so pissed off at 'mail isn't working' emergencies at random times, when their ISP started blocking port 25, that I gave everyone a week's warning before I disabled logging in on port 25, making everyone use the SMTP submission port and thus never having to deal with it again.)
Secondly, any ISP that fails to notice that a single internal customer dumped hundreds of thousands of messages on their server as part of a spam run, and actually tried to deliver them, should lose as many customers as possible. That was acceptable in 1997, not 2007. ISPs not only should be rate-limited, but if people try to exceed the limit, they should check if it was spamming and block whatever customer is at that IP.
If you're at such an ISP, yes, it would suck to get bounces, but I bet you're be more worried because their mail servers were blocked everywhere for spewing spam, and, because they're hijacking your outgoing connections, it's causing all your email to be blocked, even when you think you're connecting to some other server to send mail.
You don't bounce the mail. Bouncing the email would rather obviously not make it try again. You simply give a temporary error during reception, which causes the sending server to try again later.
I'm really surprised he hasn't mentioned the other obvious thing to do.
Some spamming software is 'clever' and tries only the last MX record. Some is not and tries on the first MX record.
What I did: Three MX records. Mail server actually listens on the middle one.
And even if they try the secondary first, even using his scheme unmodified won't add any spam. It's not like they were originally looking up the domain, saying 'There's only one MX record, I guess I won't send them any spam.'
(X) Many email users cannot afford to lose business or alienate potential employers
(x) Dishonesty on the part of spammers themselves
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Asshats
The plan loses no email that is distributed by an actual mail server. Even the crappiest actual mail server out there follows the rules by checking another MX server, and if it doesn't it's going to lose a lot of mail anyway. Supporting multiple MX records isn't some obscure part of the standard, it's a major requirement, and all actual mail servers do.
And spammers can't 'lie' their way around it. They can use software that operates correctly in the first place, but the years have demonstrated exactly how long it takes them to switch. I have no idea how long the spam software pipeline is, but spammers have operated software that is broken in many ways, and people have been consistently using that brokenness to block spam for years.
If this reduces spam for a time and then stops reducing spam, I'm failing to see what the problem is. I'm still checking that the MAIL FROM domain is a real domain, and it's astonishing how much spam doesn't even bother to do that. Or checking that the HELO is not a negative number. (I have no idea what that's about.)
And we won't be 'stuck' with it. It doesn't change anything. People can point to a fake MX server for however as long as they want, and then switch back to just having their one real one, whenever they want.
And the 'asshats' check box is used to mean people can abuse or break the system. I have no idea why it was checked.
About the only one correctly checked complain is:
(X) Eternal arms race involved in all filtering approaches
Yes, it's an arms race, and, yes, it will lose power over time as spammer's crapware adapts. Aaaand? At the very least we cost spammers money, and upgrading spam software is insanely expensive. We didn't hurt ourself in the slightest.
Um, in what universe does the mail server software have anything to do with what MX records you have?
This article says 'Make two MX records for your domain. Point the second at your actual mail server, and the first somewhere else, either to a non-real IP or an IP you have that doesn't get email'.
There's nothing in there about doing anything to any mail server.
Bush is not evil. He's profoundly unsuited to be president, with very little knowledge, no curiosity, excessive pettiness, poor public speaking skills, and no respect for the government. He is, basically, the anti-Clinton, where Clinton was someone who probably was a little too well suited to president, which caused an all-out emergency continual attack on him his entire term in office by the opposition party.
However, several of the people that surround Bush are evil, and reelecting him was also reelecting those people.
They aren't cartoon evil, rubbing their hands together while cackling maniacally. But deliberately imprisoning and torturing innocent people is, simply, evil, no exceptions. There are lesser things I could mention, lesser arguments I could make, but deliberately implementing a system where we purchase people from warlords and imprison and torture them for years is far beyond where any possible line demarcating evil could be draw.
The Bush vs. Kerry election wasn't more evil vs. less evil, it was actual evil vs., possibly, mediocrity.
I understand the idiom, I just think it's incredibly stupid to keep sprouting it after the Bush administration has demonstrated that, apparently, we didn't know what 'evil' was.
Oh, I agree. I was just disapproving of calling him 'The less of two evils', because I didn't see any indication he'd be 'evil' in any way.
Bush is like, say, killing-thousands-of-people evil. A 'lesser' evil is killing maybe a dozen, and we can sit and argue whether it's moral to do that or do nothing instead and let thousands get killed by default.
Kerry, however, was more akin to 'washing your dog'. That's not some great and noble act, nor is it that interesting or fun. However, it's not evil by any regard. If someone said 'You can pick me or him. He'll wash your dog or I'll kill thousands of people', I think we can all agree there's no moral quandary there.
Just because someone wouldn't be a great or even good president doesn't mean they'd be an evil president. Kerry would not have been a great president, and probably wouldn't have been a very good one. He'd definitely gone down in history books as a failure, and the failure of the war would have been unfairly blamed on him.
But that's a hell of a lot better than 'clap your hands and say you do believe in victory in Iraq' non-reality-based Bush, and the evil cabal of people who are around him.
No, he's right, we should be paying more attention, but not for that reason.
See, it's beginning to look, more and more, like Rahm Emanuel, the DCCC head, knew about Foley too.
The problem isn't when he released any information about this, because HE DIDN'T. The right has seized on the fact he knew about Foley to attempt to frame this, again, as being timed for the election, but there's still absolutely no evidence that he had anything to do with the discovery, which had been out there in the media for quite some time with limited evidence, and was just waiting for someone to actually investigate hard enough.
This, in my mind, is a lot worse than the Republicans sitting on the information. At least they have the excuse of protecting their own party. Rahm is a member of the other party. If he didn't want it to look like some sort of election rigging, well, he apparently knew about it for more than a year, so could have told the press about it at any time.
Rahm is a member of the 'old boys club', where he doesn't tell on other members of Congress if they don't tell on him, and he let Foley get away his behavior for a year. It's exactly the kind of backroom crap that everyone is tired of and it's even more absurd since the Republicans stopped playing that game a decade ago, but Democrats apparently have yet to realize that.
Combine that fact with Rahm's insanely bad electioneering that the grassroots and Dean had to fight tooth and nail to get the recent huge sweep, pretty much all Democrats except the ones in Washington want to see Rahm go, NOW. In fact, he can take the DLC along with him.
OTOH, I find it really ironic that the right has seized on the evidence that Rahm knew about it to demand his resignation. Hey, go right ahead with helping us Democrats get rid of that jackass.
The workers made the 3% hand recount match the conditions that would trigger a full machine recount and not a full hand recount. This is still wrong, but isn't going to have a noticeable impact on the results.
If they went to the trouble of manually selecting ballots that matched the machine totals to recount in the machines, than that pretty clearly confirms they had a noticeable problem WRT the machine reading the ballots. Which pretty much confirms the full machine recount would be incorrect.
You dumbass, no one kept Mel Reynolds from being prosecuted from having an affair with a 16-year old campaign intern. He was forced to resign from Congress, charged, and convicted. (I have to point out that 16 is of age, and his affair wasn't technically illegal, so they had to come up with weird charges, hence 5 years instead of the 30 or so he'd have gotten if she was 15.)
He was sentenced August 22, 1995 to five years in prison. Everyone remember that, although I realize the person I'm responding to probably can't count.
While in prison, he was charged and convicted of, like, a dozen counts of fraud and SEC violations. (Which was also from his campaign. Damn, that place was crime central.) He was sentenced to six and a half more years.
In January 2001, Clinton let him be released to a half-way house, that he lived at, leaving only to work, to earn money for him family.
This was technically something like three years into his fraud sentence, because his sex sentence was shortened to 2.5 years, and he'd probably been out early on his fraud sentence too. Also note that he wasn't pardoned, he wasn't even paroled. He was put on a work release program to earn money for his family, which is allowable for up to 15 months before release, but he was still a year away from that. The rules didn't allow work release yet, and Clinton overrode them from a personal plea from the former Congressman so he could 'earn money for his family'.
Even pretending the charges resulting from the affair hadn't been shortened, it would have ended six month before that, on August 21, 2000. At most it can be claimed Clinton got him out of a fraud charge, although that's a pretty silly thing to call 'Work release happened a year early'.
I think it should be a general policy that any sin taxes on addictive substances get corresponding free medical treatments.
It's idiotic to tax people to try to reduce cigarette use, and not provide at least minimum levels of treatment to get them off of it if they want to.
It's really funny, sin taxes are odd leftovers from the progressive era, and are just kinda sitting around without anyone saying anything about them, but imagine how much outcry there would be if someone tries to implement them today.
That said, I don't think there should be sin 'taxes' on cigarettes, because I think tobacco companies should be dismantled, and tobacco products produced and sold by the government. I'm sorry, I believe in the corporate death penalty for companies that have operated in the manner they did. I think we should seize all their asserts and dismantle them, but I realize that is unlikely and I would happy if they, and everyone else, were just barred from producing tobacco products.
I think we should treat tobacco like we should treat heroin, where the government is the only entity allowed to produce products with it in it, because no company can be trusted to sell such an addictive substance, and it should be sold in carefully regulated places to keep it from children, I'm thinking more OTC in pharmacies than gas stations.
(Yeah, I know don't sell heroin like that either.)
However, that wouldn't mean that aluminum cans are intrinsically expensive to make with current technology; it just would mean that production rates aren't big enough to create economies of scale.
This, incidentally, is exactly where the government should step in. Not by giving money away, but by purchasing systems like this for their buildings, driving the price down.
Now that we've got rid of the Republican 'Government suck and we'll prove it' Congress, maybe something will get done.
So even before the spammers work around it they'd stop less than half the spam.
OMG! That makes it such utter shit! A spam-fighting solution with no false positives and blocking less than half of all spam before it reaches the server!
It wouldn't work. Spammers actually do test for open relays, but they don't rely on what the server said, they rely on whether or not they got the message.
There are people out there running fake open relays and open proxies that accept all messages and notify them on a relay test, which they manually forward. Then they watch spammers hit their system and trace the IPs and have their accounts canceled.
I actually meant rate-limiting through their own servers, and a total block on outgoing 25. If a customer is going to send mailing lists, they're probably using their own systems, in which case they should be unblocked. I.e., you use their mail server, and are rate limited, or you get unblocked and run your own, and aren't.
However, it certainly could work another way. An ISP could un-rate-limit certain mail accounts, or even provide an entire separate server for specific people, presumably with added cost. Even run mailing list software on it for people who don't want to manage the list itself.
And, yeah, you shouldn't provide instructions on how to bypass the rate limiter, because some people are morons and will go 'Why is this rate-limiting message coming up when I try to send mail? I haven't sent an email in hours! Let me go disable that.'. They certainly need to talk to the ISP.
The danger there is that, once in a blue moon, the intertubes spring a leak and an actual connection to the second MX will fail. So feeding it straight to a blacklist isn't a great idea.
And teergrubing doesn't work as well as you'd think. A lot of spam software connects, dumps the message, and then 'disconnections' in that it won't respond anymore. On some system, it could tie up file descriptors, but it's pretty unlikely to actually hurt them in any way.
Greylisting's especially helpful against the low-quality anklebiter spammers, who haven't bothered buying spamware that handles relatively simple command-response dialogs (hint - Sendmail originally ran on PDP-11s, and the SMTP dialogs are in the easy part, not the turing-complete rewrite-rules stuff.)
Heh. A lot of people aren't grasping what crap spammers run. The utter shitiness of their morality is outweighed only by the quality of the tools they use. If I had to guess, something like 20% of all spam attempts don't get stopped because of blacklisting or complicated tools, they get stopped because spamming software is so bad it can't handle the slightest variation in anything.
Spamming software doesn't put angle brackets on email address after MAIL FROM, it sends raw IPs without square brackets in HELO, etc. There's even a patch for Postfix that continues the SMTP greeting banner from one line to the next, and it stops some spam, to this day. It's expecting '220 blah', it gets '220-blah\n250 blah2', which is perfectly legal and it breaks because it was coded by morons.
People who respond with 'Spammers will just adapt' are not actually mail administrators fighting spammers. ;) 10% of spammers will adapt immediately. 50% of spammers will adapt after a year or so, when they buy new software. The rest will keep operating whatever broken-ass software they started with.
It's an arms race, sure, but our side is free and coded by moderately intelligent people, and their side is incredibly overpriced, coded by morons, and we aren't watching our resources, aka, IP addresses, dwindle.
But as other people have said, greylisting also works because it makes the spammer call back later, after there's been time for the spammer's IP address to hit real-time blocklists.
Yup. Or their ISP notices, or, as you said, someone notices bogus IPs, or they trip some sort of automated quota, or something. They are very hit-and-run right now, and a lot of their tricks require it. Making them stay in the same place for even five minutes will screw them pretty badly.
But there's yet another problem for them. It will make them actually record errors and check for temporary ones to try again, because right now, they connect, spew their entire message, and disconnect with no idea if it worked or not. Either they have to spend more time and CPU to watch the connection, or they have to run their entire spam run again. And they can't wait until the end of a spam run to do this, as they don't know when their connection will be dropped or they'll end up in a blacklist.
Greylisting, ironically, would have done almost nothing to block spam six years ago. We fought them to the point where they have to steal connections from people, throw out as much spam as fast as they can, and only get away with it for a few minutes before getting blacklisted and disconnected, and then, haha, we invented greylisting which exactly stops that sort of behavior.
You didn't bounce their email, you had temporary trouble accepting it. If their mail server can't handle temporary troubles, it's broken, period.
That's not to say greylisting is for everyone. Greylisting is dangerous because of changing sender addresses for mailing list software, so it's not a good idea in all circumstances without a whitelist.
And I don't know in what universe you think that spammers retry failed addresses. Spammers don't even keep track of failed addresses or errors at all, or they wouldn't try to send to addresses that have been invalid for five years. Of course, they could start, but that's lot of work on their part and requires a major change in their operation to keep track of various kinds of errors.
And greylisting should be combined with some rbl lookups from automated blacklist, thus if they retry the second time, which they almost never do, their IP is already in the blacklist because they hit spamtraps the first time through their run.
Um, no it's not.
How on earth could they send email if they don't know the domain name of the server? You can't just connect and hand them spam addressed 'to whom it may concern'. You can give them email an address without a domain name, but mail servers stopped automatically appending domains a long time ago, and that's a violation of the RFC anyway(1), and it never worked at all for systems with more than one domain name.
Now, there is a significant fraction of spam sending software that doesn't do MX lookups at all, instead connecting to the A record, but that's not the same thing. And there's another fraction that just caches DNS lookups for years, so implementing nolisting won't gain you anything unless you move your mail server's IP.
1) Mail sent to an unknown domain for role accounts should be addressed to, for example, postmaster@[10.0.0.1] or postmaster@[127.0.0.1], and, yes, with the brackets. Mail sent to just 'postmaster' or 'abuse' is not legal.
The acknowledgements don't say anything about running specific software, or making any changes to software.
I've been doing nolisting for about three months now, and it required:
1) Making three A records, mx1.example.com, mx2.example.com, and mx3.example.com, all of them pointed to my IPs (Don't abuse the internet by directing traffic randomly elsewhere, people.) with mx2 being my already existing mail server and the other two being IPs without mail servers.
2) Set all the domains I felt like it to use those 3 MX records in order.
That was it. I didn't touch my mail server at all, I didn't even bother with firewalls, because my server already has a firewall setup.
It really is quite a successful method, but only until spammers start resending messages.
Greylisting is one of those things that spammers are going to have trouble getting around, simply because their entire method of operation is hit-and-run.
If they have to wait, say, five minutes to retry, that means they're going to have to change some of their behavior.
They're going to have to get more complicated software that can tell errors apart, or can even notice errors at all, which quite a lot of spam software can't, or they're basically going to have to do their entire run again, from the same IP. This will literally cut their spamming ability in half.
And it will really screw the ones on ISPs that are paying attention. If they get cut out halfway through their run, they didn't get past any greylisting at all and just wasted their account.
Secondly, greylisting allows time for blacklists to update, and there's not a damn thing they can do about that. The first time they spammed, they almost certainly hit several spamtraps, including some run by major blacklists. The next time their mail comes in, it might pass greylisting, but that's not very useful if it's now in three blacklists the server uses.
The same applies to duplicate distributed filters like Razor and whatnot, although I don't know enough about how those work to say anything beyond the obvious there.
That's not to say they won't adapt as much as they can to greylisting, but that ability is somewhat limited and requires several changes that will result in them sending less mail, period.
That's not to say greylisting doesn't have a few problems, mainly ones with unique email addresses, but even in the long run, it reduces spam.
I use maRBL and greylist Window machines and/or machines on a dynamic IP.
I get maybe .1% legit email from Window machines and even less than that from dynamic.
And I do the same thing with spamtraps you do. Luckily, I have a domain that literally has hundreds of email address spammers think are valid, but are not and have never been. (I think this is the result of a wildcard server years ago and a dictionary attack.)
First of all, hijacking people's outgoing port 25 connection is stupid and wrong. Block, yes, hijack, no. If they're blocked, people will complain to whoever they're trying to connect to, those people are hopefully smart enough to get them to switch to the SMTP submission port. (Or will do what I did, get so pissed off at 'mail isn't working' emergencies at random times, when their ISP started blocking port 25, that I gave everyone a week's warning before I disabled logging in on port 25, making everyone use the SMTP submission port and thus never having to deal with it again.)
Secondly, any ISP that fails to notice that a single internal customer dumped hundreds of thousands of messages on their server as part of a spam run, and actually tried to deliver them, should lose as many customers as possible. That was acceptable in 1997, not 2007. ISPs not only should be rate-limited, but if people try to exceed the limit, they should check if it was spamming and block whatever customer is at that IP.
If you're at such an ISP, yes, it would suck to get bounces, but I bet you're be more worried because their mail servers were blocked everywhere for spewing spam, and, because they're hijacking your outgoing connections, it's causing all your email to be blocked, even when you think you're connecting to some other server to send mail.
You don't bounce the mail. Bouncing the email would rather obviously not make it try again. You simply give a temporary error during reception, which causes the sending server to try again later.
And this is actually called greylisting.
I'm really surprised he hasn't mentioned the other obvious thing to do.
Some spamming software is 'clever' and tries only the last MX record. Some is not and tries on the first MX record.
What I did: Three MX records. Mail server actually listens on the middle one.
And even if they try the secondary first, even using his scheme unmodified won't add any spam. It's not like they were originally looking up the domain, saying 'There's only one MX record, I guess I won't send them any spam.'
Except it wasn't filled in consistently.
These are incorrectly checked:
(X) Many email users cannot afford to lose business or alienate potential employers
(x) Dishonesty on the part of spammers themselves
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Asshats
The plan loses no email that is distributed by an actual mail server. Even the crappiest actual mail server out there follows the rules by checking another MX server, and if it doesn't it's going to lose a lot of mail anyway. Supporting multiple MX records isn't some obscure part of the standard, it's a major requirement, and all actual mail servers do.
And spammers can't 'lie' their way around it. They can use software that operates correctly in the first place, but the years have demonstrated exactly how long it takes them to switch. I have no idea how long the spam software pipeline is, but spammers have operated software that is broken in many ways, and people have been consistently using that brokenness to block spam for years.
If this reduces spam for a time and then stops reducing spam, I'm failing to see what the problem is. I'm still checking that the MAIL FROM domain is a real domain, and it's astonishing how much spam doesn't even bother to do that. Or checking that the HELO is not a negative number. (I have no idea what that's about.)
And we won't be 'stuck' with it. It doesn't change anything. People can point to a fake MX server for however as long as they want, and then switch back to just having their one real one, whenever they want.
And the 'asshats' check box is used to mean people can abuse or break the system. I have no idea why it was checked.
About the only one correctly checked complain is:
(X) Eternal arms race involved in all filtering approaches
Yes, it's an arms race, and, yes, it will lose power over time as spammer's crapware adapts. Aaaand? At the very least we cost spammers money, and upgrading spam software is insanely expensive. We didn't hurt ourself in the slightest.
Um, in what universe does the mail server software have anything to do with what MX records you have?
This article says 'Make two MX records for your domain. Point the second at your actual mail server, and the first somewhere else, either to a non-real IP or an IP you have that doesn't get email'.
There's nothing in there about doing anything to any mail server.
Bush is not evil. He's profoundly unsuited to be president, with very little knowledge, no curiosity, excessive pettiness, poor public speaking skills, and no respect for the government. He is, basically, the anti-Clinton, where Clinton was someone who probably was a little too well suited to president, which caused an all-out emergency continual attack on him his entire term in office by the opposition party.
However, several of the people that surround Bush are evil, and reelecting him was also reelecting those people.
They aren't cartoon evil, rubbing their hands together while cackling maniacally. But deliberately imprisoning and torturing innocent people is, simply, evil, no exceptions. There are lesser things I could mention, lesser arguments I could make, but deliberately implementing a system where we purchase people from warlords and imprison and torture them for years is far beyond where any possible line demarcating evil could be draw.
The Bush vs. Kerry election wasn't more evil vs. less evil, it was actual evil vs., possibly, mediocrity.
I understand the idiom, I just think it's incredibly stupid to keep sprouting it after the Bush administration has demonstrated that, apparently, we didn't know what 'evil' was.
I think you're missing the point here.
I would explain this again, but if you didn't follow it the first time,you are unlikely to this time.
Oh, I agree. I was just disapproving of calling him 'The less of two evils', because I didn't see any indication he'd be 'evil' in any way.
Bush is like, say, killing-thousands-of-people evil. A 'lesser' evil is killing maybe a dozen, and we can sit and argue whether it's moral to do that or do nothing instead and let thousands get killed by default.
Kerry, however, was more akin to 'washing your dog'. That's not some great and noble act, nor is it that interesting or fun. However, it's not evil by any regard. If someone said 'You can pick me or him. He'll wash your dog or I'll kill thousands of people', I think we can all agree there's no moral quandary there.
Just because someone wouldn't be a great or even good president doesn't mean they'd be an evil president. Kerry would not have been a great president, and probably wouldn't have been a very good one. He'd definitely gone down in history books as a failure, and the failure of the war would have been unfairly blamed on him.
But that's a hell of a lot better than 'clap your hands and say you do believe in victory in Iraq' non-reality-based Bush, and the evil cabal of people who are around him.
Election fraud is probably the most common form of treason in today's world.
Of course, that doesn't stop right-wing idiots from calling people with differing political opinions 'treason'.
No, he's right, we should be paying more attention, but not for that reason.
See, it's beginning to look, more and more, like Rahm Emanuel, the DCCC head, knew about Foley too.
The problem isn't when he released any information about this, because HE DIDN'T. The right has seized on the fact he knew about Foley to attempt to frame this, again, as being timed for the election, but there's still absolutely no evidence that he had anything to do with the discovery, which had been out there in the media for quite some time with limited evidence, and was just waiting for someone to actually investigate hard enough.
This, in my mind, is a lot worse than the Republicans sitting on the information. At least they have the excuse of protecting their own party. Rahm is a member of the other party. If he didn't want it to look like some sort of election rigging, well, he apparently knew about it for more than a year, so could have told the press about it at any time.
Rahm is a member of the 'old boys club', where he doesn't tell on other members of Congress if they don't tell on him, and he let Foley get away his behavior for a year. It's exactly the kind of backroom crap that everyone is tired of and it's even more absurd since the Republicans stopped playing that game a decade ago, but Democrats apparently have yet to realize that.
Combine that fact with Rahm's insanely bad electioneering that the grassroots and Dean had to fight tooth and nail to get the recent huge sweep, pretty much all Democrats except the ones in Washington want to see Rahm go, NOW. In fact, he can take the DLC along with him.
OTOH, I find it really ironic that the right has seized on the evidence that Rahm knew about it to demand his resignation. Hey, go right ahead with helping us Democrats get rid of that jackass.
Kerry wasn't evil. He wasn't good, but he wasn't evil.
The workers made the 3% hand recount match the conditions that would trigger a full machine recount and not a full hand recount. This is still wrong, but isn't going to have a noticeable impact on the results.
If they went to the trouble of manually selecting ballots that matched the machine totals to recount in the machines, than that pretty clearly confirms they had a noticeable problem WRT the machine reading the ballots. Which pretty much confirms the full machine recount would be incorrect.
You moron.
You dumbass, no one kept Mel Reynolds from being prosecuted from having an affair with a 16-year old campaign intern. He was forced to resign from Congress, charged, and convicted. (I have to point out that 16 is of age, and his affair wasn't technically illegal, so they had to come up with weird charges, hence 5 years instead of the 30 or so he'd have gotten if she was 15.)
He was sentenced August 22, 1995 to five years in prison. Everyone remember that, although I realize the person I'm responding to probably can't count. While in prison, he was charged and convicted of, like, a dozen counts of fraud and SEC violations. (Which was also from his campaign. Damn, that place was crime central.) He was sentenced to six and a half more years.
In January 2001, Clinton let him be released to a half-way house, that he lived at, leaving only to work, to earn money for him family.
This was technically something like three years into his fraud sentence, because his sex sentence was shortened to 2.5 years, and he'd probably been out early on his fraud sentence too. Also note that he wasn't pardoned, he wasn't even paroled. He was put on a work release program to earn money for his family, which is allowable for up to 15 months before release, but he was still a year away from that. The rules didn't allow work release yet, and Clinton overrode them from a personal plea from the former Congressman so he could 'earn money for his family'.
Even pretending the charges resulting from the affair hadn't been shortened, it would have ended six month before that, on August 21, 2000. At most it can be claimed Clinton got him out of a fraud charge, although that's a pretty silly thing to call 'Work release happened a year early'.
I think it should be a general policy that any sin taxes on addictive substances get corresponding free medical treatments.
It's idiotic to tax people to try to reduce cigarette use, and not provide at least minimum levels of treatment to get them off of it if they want to.
It's really funny, sin taxes are odd leftovers from the progressive era, and are just kinda sitting around without anyone saying anything about them, but imagine how much outcry there would be if someone tries to implement them today.
That said, I don't think there should be sin 'taxes' on cigarettes, because I think tobacco companies should be dismantled, and tobacco products produced and sold by the government. I'm sorry, I believe in the corporate death penalty for companies that have operated in the manner they did. I think we should seize all their asserts and dismantle them, but I realize that is unlikely and I would happy if they, and everyone else, were just barred from producing tobacco products.
I think we should treat tobacco like we should treat heroin, where the government is the only entity allowed to produce products with it in it, because no company can be trusted to sell such an addictive substance, and it should be sold in carefully regulated places to keep it from children, I'm thinking more OTC in pharmacies than gas stations.
(Yeah, I know don't sell heroin like that either.)
However, that wouldn't mean that aluminum cans are intrinsically expensive to make with current technology; it just would mean that production rates aren't big enough to create economies of scale.
This, incidentally, is exactly where the government should step in. Not by giving money away, but by purchasing systems like this for their buildings, driving the price down.
Now that we've got rid of the Republican 'Government suck and we'll prove it' Congress, maybe something will get done.