Re: SPAM, IEMMC, and Caller ID

[Brian Moore <bem () cmc net>]

> I apologize in advance to the members of this list for answering this flame
> bait.  I will refrain from doing this as much as possible.

Not flame bait.  Statement of opinion.  You've stated yours, I can state mine.

> AGIS is a VERY productive member of the Internet today, and has been since
> before the NSF solicited a competive Internet backbone.

Opinion.

> > Mr Lawlor's insistence on a technical solution to a people-problem is
> > typical of the same old sidestepping he's been doing for months.
>
> I've never sidestepped the issue.  AGIS does not like spam.  It never did
> and it never will.  We are seeking to solve the problem.  The technical
> problem *is* that spamming is done all too easily.  I am afraid that
> Congress could pass more unenforcable legislation, which would waste US
> taxpayers money.  As long as people can make money off of spam, they will.
> If you can't clean up the spammer, than you have to start putting other
> measures in place.

Hosting CyberPromo helped control spam in what way?  Allowing and in fact
encouraging them to spam through your network and host their autoresponders and
web sites helped control spam how?  Clean up their web sites.  Refuse to host
spammers in any way shape or form.  Hosting the sites they run lets them make
money and encourages them.

> > I can positively identify spam coming from Sanford Wallace.  Weee.  So
> > what does that do for stopping spam? 
>
> Then you can refuse it.  You can take responsibility for yourself.  You no
> longer need to send out all those complaints, burdening the system even
> greater.  You have made my point for me.  Thank you.

I can by reading it.  Are you going to pay me for the time to grep for the
hundreds of domains that would signify cyberpromo?

I don't believe I said I did the above by machine.  You can take responsibility
for the time I've had to spend constructing spam traps for our users, for
ignoring the continued complaints of your customers violating the "IEMMC Rules"
by forging addresses and not using the relay machine that was supposed to
filter out addresses.

You haven't addressed the stories Adam or Derek Mason at your NOC have told me.

> > What Mr Lawlor is arguing is that we should all have "white list mail"
> where we
> > list the people whom we accept mail from and discard anything else.  And
> > that we should verify the identity of the sender against that white list.
>
> First of all, I am not arguing.  Secondly, do not put words in my mouth.
> Thirdly, sendmail already has the capability to do just what you are
> talking about.  I am mainly concerned with forgery and hijacking.

You're not arguing?  You're not setting forth a proposal and trying to back it
up?  Arguing a point does not mean putting up fists and yelling at the top of
your lungs.  That you believe it to be so is interesting, though.

Sendmail has the ability to bounce all mail from AOL's mailer daemon to random
addresses at my domain without interfering with real bounces?  It has the
ability to automatically update the list of known spam domains?  It has the
ability to update the list of spam netblocks?  Which MC option is that?  Your
earlier comment about not knowing the capabilities of sendmail was more
accurate.

I've spent many hours tweaking my sendmail with databases of your IP blocks and
the domain names your customers use, but they move to dialups to plug their
services.  As long as that web site, autoresponder or bulk mailer is on the
net, they make money.

"As long as people can make money off of spam", you say... well, deprive them
of that ability by shutting down what they are advertising.

This isn't rocket science.  As long as the web site is there what stops them
from spamming?  What stops them from getting a disposable dialup and spamming
from that?

Hint: authenticated email doesn't unless you white-list mail.

> > That is the world that he lives in, where the mail to anyone at AGIS is
> > most likely discarded and complaints left unheard.  It is NOT the sort of
> > world I want to live in.
>
> Absolutely a patented lie.  I can prove it by sending you back the
> hundreds, if not thousands of complaints you have sent to my email address
> alone, never mind all the other email addresses at AGIS you have been
> abusing by sending to anyone at AGIS other than abuse () agis net.

Not a lie, Mr. Lawlor, a statement of fact.  Mail requested by dmason () agis net
had to be sent five times to abuse () agis net and his own personal address before
I gave up..  Mysteriously he found one of them in the morning.  Perhaps you
don't /dev/null it all, just archive-and-ignore.  You pull it out when asked,
but never actually bother to read it.

Certainly the MANY requests I made to have my domain get a domain opt-out were
ignored, as despite requesting it a multitude of times, I still got mail for
it, and it even passed through relay2.iemmc.org.  I played your little web-page
game, I mailed about violations and never got a response.  I phoned while being
mailbombed with 2500 bounces from AOL and was told it wasn't happening.

> This mailing list is for network operators.  We are discussing operational
> issues, not political ones.

That's very nice.  I have a nice little network in 4 states.  We're about to
add peers at both the north and south ends and replace our basic star with a
neat mesh.

You're not discussing operational issues at all.  You're proposing a secure
mail standard.  Go talk to the IETF about it and write the RFCs.  Be prepared
to get two reference versions of the software and spend years hoping people
upgrade clients (look at the long history of IMAP to see how slow a process
this is when an existing protocol is being superceded).

Operational issues would be unplugging people who abuse the services of others.

> > It's a new wrapper on the same old AGIS song and dance and I'm not
> > impressed. 
>
> I'm *really* sorry I didn't impress you.  Go back to your newsgroup.

Actually, Mr. Lawlor, despite being active in nanae and other groups, I've been
on this list for months.  The list owner can certainly verify that if she
wants.

I just finally got fed up with your claims that having a digital signature on
mail will somehow magically stop spam.  It won't and you have yet to
demonstrate how it will do such.  Again, how does it help me to know that the
disposable-spammer-account-of-the-day is some rented account at bellatlantic or
netcom or whoever.  I don't CARE what they authenticated as.

The -only- way such information would be useful would be to construct white
lists.  Since you seem to think different, explain what use it would be.

> Again, to the rest of the list, I apologize, and I will try to refrain from
> engaging in this type of behavior on this list.

Right.