[GRLUG] Email overload

Adam Tauno Williams adamtaunowilliams at gmail.com
Thu May 1 13:56:38 EDT 2008


> A) Discovery of email address:
> In order for our information to be used by others, it must be ferreted
> out by people with either good or bad intentions.  Whatever we do to
> protect ourselves from mal-use, it must not disadvantage good-use.
> One practice is to obfuscate email addresses on web sites.  For example:
> grlug at grlug.org becomes "grlug at grlug dot org", now simple robots pass
> over such text and come away empty handed.  I have the desire to learn
> more tactics from GRLUG that allow me to put myself out there on the web
> with some safety.

I believe this practice to be (a) a pain and (b) totally bogus.  My
e-mail addresses are trivial to find [search for them on Google] and I
don't get deluged with SPAM.  See - adamtaunowilliams at gmail.com,
awilliam at whitemice.org, and adam at morrison-ind.com.

The purpose of e-mail is communication.  An anti-SPAM practice that gets
in the way of communication isn't a solution, it is a nuscense.

> B) Propagation of mal intent:
> In order for us to blunt the effects of mis-use of our information, we
> might need to be proactive at shutting down distribution.  Our present
> tools include firewalls and spam filters.  I find it good practice to
> shut down abuse, but bad practice to stop at protection and not be
> proactive at prevention because inaction is a self defeating
> proposition.

Agree, SPAM needs to be reported.

> One filter put forward is grey-listing and SPF I find interesting.  Like
> all solutions, isn't there a price?  

Yes.  Greylisting slows down mail and creates problems with old/broken
mail servers that react incorrectly to the 451 response.  It has also,
IMO, had its day.  A couple of years ago it was extremely effective when
SPAMers were using servers to spray messages at the SMTP port.  But now
most SPAM comes from infected bots that seem to dutifully retry after a
451.  It helps,  but not as much as it once did.

> For example, to shut down
> "undeliverable" now disadvantages legitimate users who mis-spell an
> address on valid mail from an organization?  Curious minds...? 

A misspelled address won't get delivered anyway.

> C) What to do later today and tomorrow:
> I guess LWN needs to go into my regular reading? 

Yes.

> I find the comments of practiced experts who chide poorly done firewalls
> amusing but not very instructional. 

A sys-admin needs to understand these things and finding instructions is
pretty easy.

>  My desire is to feel safe so I can
> sleep soundly, and feel participative so tomorrow might be a better day
> than today.  Casey -- for GRLUG meeting would you consider a round table
> on this subject?  I'd love to take notes and post them on wiki.

There is tons and tons of documentation on how to correctly setup DNS,
SMTP (postfix, sendmail, etc...) and firewalls.  The last thing the
world needs is yet-another-Wiki on the subject,  we just need more
people to do it.

-- 
          Consonance: an Open Source .NET OpenGroupware client.
 Contact:awilliam at whitemiceconsulting.com   http://freshmeat.net/projects/consonance/



More information about the grlug mailing list