[PLUG] How dangerous is handling my own mail?

Jeme A Brelin jeme at brelin.net
Wed Mar 31 12:56:02 UTC 2004


On Wed, 31 Mar 2004, John Meissen wrote:
> Jeme A Brelin <jeme at brelin.net> said:
> > No, it proves that you can do whatever it is you have done and live.
>
> <sigh> No, you really know nothing about logic. It only proves that I
> can do whatever I've done and that I've lived so far. It says nothing
> about the future.

If I know nothing about logic, then you can't read.

I didn't WRITE anything about the future.  I simply stated that it is
POSSIBLE for a particular situation to arise.

> Around 1998. And you're still not grokking. If I'm a spammer who's
> relaying through someone else, I'm not injecting a million messages -
> I'm injecting a single message with a million addresses. This expands to
> a million messages on the server that has to do final delivery, i.e.,
> the relay server.

So refuse messages with long recipient lists.

The problem with totally closing relays is that it's too drastic a
measure.  There are other ways to achieve the goals you desire to achieve.

And it turns out it has nothing to do with blocking spam.

> > If we provide an easy way for them to send their mail, they won't be
> > looking for malicious ways to do it (e.g., planting trojans) and we
> > can focus on eliminating the real problem -- unwanted email in
> > people's inboxes.
>
> The easiest way for them to do it is to pay for and use their own
> servers and connections.

No, that isn't the easiest way because it results in blackhole lists and
the like.  It's a losing strategy.  Since they are exploitative profiteers
(i.e., capitalists), they will find another way to make their profits at
the expense of others.

> What's wrong with that?

It doesn't work.

> Now that we're forcing them to do that instead of relaying, we ARE
> concentrating on the unwanted email problem.

They are NOT forced to use their own servers, man!  They are using trojans
and bots.

> That's why they use infected systems, target secondary MX hosts and play
> word games to bypass heuristic tests in spam filters.

But they're not using "their own servers and connections" as you assert
above.

> > Theft of services?  We're talking about a few megabytes a day per
> > server tops.
>
> This whole discussion is pointless because you don't pay attention.

Ad-hominem will get you nowhere, sir.  Stick to the issues and there might
actually be progress.

> First of all, if we assume 2K per message and a million messages that's
> more like 2GB. Per relayed spam.

It's trivial to deny large recipient lists with just about any MTA in
modern use.

> Plus it kills your mail server.

PLUS?  You mean THEN, right?  This is a consequence, not a separate
action.

> Your server won't process anything else until it's dealt with those
> million SMTP handshakes.

Again, blocking long recipient lists would solve this without closing the
whole relay.

> Hopefully your server is configured to limit the number of simultaneous
> processes, or your system would trip over itself and die.

I think it might be a couple dozen.  I've never had a system crash under
load... even in large production environments.  I've had pipes saturated
and systems become I/O bound, but those issues eventually resolve
themselves even if you don't intervene.

> With DNS lookups, ident processing, connection filtering on the other
> end, etc., etc., it takes finite time to process each message.

Again, limit the number.

> Then there's the bounces, the flames, etc. I don't know about you, but I
> have better things to do with my time.

Why are you even bothering with the bounces?

The flames are a cultural problem caused by the closed-relay community
that wants to blame the mail server operator for the content that passes
through it.  That can change easily.

> > For you, it's all about making life tough for other people and staking
> > a claim that "what's mine is mine!"
>
> Right. That's why I pay for this out of my own pocket, and provide free
> and unfettered access to my friends, all my relatives and my neighbors.

You have a very narrow view of "friends, all my relatives and my
neighbors".  Any one of those categories could emcompass the entire
planet... especially when we're already narrowed down to human beings on
the internet.

> It's about being responsible.

If you really were concerned with the things you wrote about in this
message alone, you would simply limit the number of recipients a message
may carry or require authentication at certain times of day or process
authenticated mail at a higher priority.  But no, you choose the
all-denying policy that is most destructive to the social fabric -- most
selfish, most limiting to others and most ruthlessly authoritarian.

> > So you're implying that billions of spam messages go across the
> > internet very hour?  I think you need to reassess the scale, there.
>
> You think so? In Taiwan they estimate that 2/3 of all email is spam.
> I've heard estimates of US spam being 50% or more of all email messages.
> One estimate was that spam accounted for over 1/3 of all Internet
> traffic (TCP/IP packets, not email messages).

I've heard all kinds of estimates, too.  But two things lack in your
comments:  citations for quoted numerical data and real numbers instead of
ratios.

It may well be that 1/3 of all internet traffic is spam, but that doesn't
show that there are billions of spam messages sent every hour.  You'd have
to know how much of the traffic is email, generally, and then you could
guess based on the number of packets required per email message on average
and kind of come up with a number from there, but it would be prone to
some error.  If you could show somehow that spam was half of all email
messages transitting an internet backbone (and intranet email just can't
count here), then you'd have to further show that there were 4 billion
total messages each hour.

Billions are really big.

> > That one "problem" isn't spam, though... it's a product of your greed
> > and selfishness.
>
> My greed and selfishness. I see. Preventing someone from hijacking my
> system for their own profit is an indication of MY greed.

It's so deeply ingrained in your thought that you can't even express it
without using derogatory terms for shared use.

You're not JUST prevent spammers from using your systems.  If you only
wanted that, you could implement any of the several schemes I've
suggested.  No, you're preventing EVERYONE ELSE from using your services.

> Years ago I operated a UUCP node. I provided feeds to anyone who wanted
> one. I relayed whatever came through.

Well, you once had the right idea.

> I do what I can now, within limits.

> Communal resources are great, until someone starts abusing them. Then
> those few ruin it for everyone else.

It's only RUINED if you go to negative extremes to prevent the perceived
abuse.

I haven't even HINTED at the POSITIVE responses one could have to systems
being rendered unusable due to congestion:  larger pipes, better hardware,
faster resolvers, etc.

There are plenty of people who would suggest that, if a person cannot give
enough to satisfy others, that person is just not giving enough.  I can
think of one guy in particular... but they nailed him to a tree when he
suggested it.

> > We don't vaccinate for measles and tell people that it's going to cut
> > down on colds.
>
> OK, fine. We vaccinate for flu. But because people can get the flu from
> other strains we don't throw away the vaccines we do have. Sheesh.

Uh... no.  The folks at spamcop.net who go around coercing ISPs into
yanking other people's internet connections because of open relays are NOT
doing it to protect those poor souls from "theft of service".  They're
claiming it stops spam.

So will you join me condemning all people who want to close other people's
relays under the guise of spam prevention?

> > It might be a good reason for YOU to leave YOUR server alone, but your
> > whole argument revolves around a selfish idea of withholding services
> > for your own potential personal use.
>
> You know, you seem to have this notion that what I pay for and maintain
> I should freely share with you and anyone else who wants to use it.

Honestly, you're kind of dodging the issue here.  I'll take up your
comment in a moment, but I have to restate this:  You make arguments for
closing your OWN mail server, but why encourage others to do the same?
What is YOUR motivation THERE?

Personally, I think it's a subconscious desire to squelch sharing and
public-mindedness because it is a threat to the system that allows you to
sit in a superior position to other people and wield power over them.  But
maybe you have a different understanding.

> So tell me, do you have a car?

No, I'm not elderly or otherwise infirm.

> Why don't you leave the keys in it in case someone else has car problems
> and needs to use it to make a quick run to the store?

I lock my bicycle when it's not at home.  Mostly, that's because there is
no assurance that I will ever gain future access if my current access is
lost.  It's kind of a sick little game based on fear and deprivation that
allows those with control of massive resources to keep folks like me in
permanent desperation.

Internet pipes aren't like that AT ALL, though.  You sit atop the valve
and can reclaim it for your own needs whenever you like.  There's really
no reason NOT to allow public use so long as you can assure the use when
you need it.  You can do this with preferential routing and stuff.

> I share pretty much everything. But because of abuse, people have to ask
> first.

There's no reason for that with your mail server.  Your only real argument
here is that mail with large recipient lists bogs down your system.  So
limit recipient lists and give authenticated users higher priority.

Of course, it's not that easy because the self-appointed cops have control
right now and they will get your connection yanked or add you to a
blackhole list if you do anything as helpful as that.

> I have to wonder about your real motivation for encouraging open relays.

My real motivation is a subversion of conventional ideas of authority,
property, and control.

> Given that anyone with an Internet connection has access to a server
> that's more reliable than their physical connection there just isn't any
> valid justification for having open relays.

I don't get your "given" at all.  If your "physical connection" is
wireless, then your access is redundant all over town.  You just have to
go a few blocks further down.

And, quite frankly, you're the one proposing the restriction, so you're
going to have to do better than "no reason to not restrict" as a
justification.

I'm always going to argue for the least destructive policy.

Order Allow,Deny

J.
-- 
   -----------------
     Jeme A Brelin
    jeme at brelin.net
   -----------------
 [cc] counter-copyright
 http://www.openlaw.org




More information about the PLUG mailing list