Subject: RE: SPAM Alert: Email Address Harvesting
To: NetBSD Current <>
From: Conrad T. Pino <>
List: current-users
Date: 01/03/2004 13:15:51
I'm of the opinion the list server policies should be set to meet needs of
the participating user community.  It's a pragmatic market orientation that
I hope will insure the long term success of our community.

> From: Behalf Of Ross Patterson
> Or because the problem is insoluble without losing functions folks like to 
> keep.

Manual and Ross are clear the status quo is their preference.  In retrospect
it seems to me Michael, Daniel and Joel may also concur with the status quo.

> From: Behalf Of Joel Baker
> Doing some number of these things violates the SMTP RFCs. If you really
> care which ones, and just which parts they violate, I can sit down and
> quote you chapter and verse, but it isn't anything so subtle or benign as
> the things about rewriting Reply-To (actually, there's one right offhand -
> you aren't, in theory, supposed to touch that, though many mailing lists
> redirect it to themselves, for various reasons - this is tacitly accepted
> in most cases, but doing things like rewriting the From and Return-Path
> headers to remove useable information means that there are some fairly
> serious violations going on).
> It does, however, appear that you're suggesting a complete double-blind
> setup. It's the only thing that will prevent email harvesting, and the
> reason it hasn't been done (it's *not* a new idea, not even remotely) is
> that it violates the standards like a (insert crude metaphor of choice
> here).

Most of the RFCs were written when the Internet was a closed 100% trusted
community and SMTP reflects this.  Now the Internet is not closed and does
reflect the general population i.e. crooks amongst us.  Does anyone have a
magic wand for turning crooks into good guys. :)

I see the RFCs as tremendously important to the Internet's function BUT
THEY ARE NOT WRITTEN IN STONE and we should continue to update them to
keep up with the evolving environment.

It only takes a few to really foul the general tone of a community enough
to create large market pressures for change.  SMTP as implemented now will
die when an alternative that addresses the current SPAM flood emerges.

> From: Behalf Of Allen Briggs
> In any case, I think you should be lobbying the NetBSD admins, not
> a public mailing list where the vast majority of people can't do
> anything about it even if they had the authority to make a decision
> for the project.

For me this is the right forum because I feel we should form a consensus
amongst ourselves BEFORE lobbying the NetBSD admins.
At this point you all have done a good job of educating the newbie.  I
apologize for being slow on picking up the direction of the tide.  It's
clear Bruce and I are a minority but within my framework that's fine.
I now propose we close this topic and move on to something else.
Thanks again for your time,