Jim Conklin | 5 Feb 11:21 1996
Picon

Restricting the list

  Well, we've been caught!  I assume that most of you don't wish ads for
nude models (and whatever may follow) in your ietf list mail, and that
those of you who do can find them elsewhwere.
  I'm going to take the immediate steps of removing this list from its
globally published status, which may or may not help.
  I'm also considering making restricting posting to the subscribers to the
list, which is more restrictive than the normal situation for ietf lists,
so I'd like to get your reactions to that before I do so.  I propose that
such a restriction is not overly troublesome because (1) anyone can still
subscribe if posting is that important) and (2) postings are really
meaningful only from people that are fimiliar to the list.
  Finally, I must note that if such postings continue, CREN will probably
have to ask for some other site to host the lists, because of the legal
liabilities involved.
  What's your pleasure?

Jim

Ned Freed | 5 Feb 19:19 1996

Re: Restricting the list

>   I'm also considering making restricting posting to the subscribers to the
> list, which is more restrictive than the normal situation for ietf lists,
> so I'd like to get your reactions to that before I do so.  I propose that
> such a restriction is not overly troublesome because (1) anyone can still
> subscribe if posting is that important) and (2) postings are really
> meaningful only from people that are fimiliar to the list.

This is not acceptable. I routinely post from a variety of different
addresses, not just from the address I happen to be subscribed under.
I have neither the time nor interest in figuring out the address I happen
to be subscribed under in order to get my postings accepted.

Deleting the occasional advertisment that makes it through is an extremely
minor nuisance by comparison.

My participation in these lists will end the minute such a policy is
instituted.

				Ned
From dee <at> cybercash.com Mon Feb  5 16:27:02 1996
Received: from callandor.cybercash.com (callandor.cybercash.com [204.178.186.70]) by
list.cren.net (8.6.12/8.6.12) with ESMTP id QAA16569; Mon, 5 Feb 1996 16:27:01 -0500
Received: by callandor.cybercash.com; id QAA00849; Mon, 5 Feb 1996 16:31:25 -0500
Received: from cybercash.com(204.254.34.52) by callandor.cybercash.com via smap (g3.0.3)
	id xma000847; Mon, 5 Feb 96 16:31:06 -0500
Received: by cybercash.com.cybercash.com (4.1/SMI-4.1)
	id AA27886; Mon, 5 Feb 96 16:23:17 EST
Date: Mon, 5 Feb 1996 16:23:16 -0500 (EST)
From: "Donald E. Eastlake 3rd" <dee <at> cybercash.com>
To: Jim Conklin <conklin <at> info.cren.net>
(Continue reading)

Roger Fajman | 6 Feb 03:16 1996
Picon

Re: Restricting the list

>   I'm going to take the immediate steps of removing this list from its
> globally published status, which may or may not help.

Can't hurt.  Might help.

>   I'm also considering making restricting posting to the subscribers to the
> list, which is more restrictive than the normal situation for ietf lists,
> so I'd like to get your reactions to that before I do so.  I propose that
> such a restriction is not overly troublesome because (1) anyone can still
> subscribe if posting is that important) and (2) postings are really
> meaningful only from people that are fimiliar to the list.

I don't think that's a good idea for reasons already mentioned.

>   Finally, I must note that if such postings continue, CREN will probably
> have to ask for some other site to host the lists, because of the legal
> liabilities involved.
>   What's your pleasure?

Once we have our new LISTSERV system in production, I'll be willing to
host more IETF lists.  It will be a few more weeks though.
From jwn2 <at> qualcomm.com Tue Feb  6 02:43:04 1996
Received: from mage.qualcomm.com (mage.qualcomm.com [129.46.50.61]) by list.cren.net
(8.6.12/8.6.12) with ESMTP id CAA04506; Tue, 6 Feb 1996 02:43:03 -0500
Received: from [129.46.54.43] (annex-p3.qualcomm.com [129.46.54.43]) by mage.qualcomm.com
(8.7.3/8.7.2/1.4) with ESMTP id XAA00428; Mon, 5 Feb 1996 23:41:57 -0800 (PST)
X-Sender: jwn2 <at> mage.qualcomm.com
Message-Id: <v03004a00ad3c858b7d47 <at> [129.46.54.71]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
(Continue reading)

Nathaniel Borenstein | 6 Feb 12:54 1996
Picon
Picon

Re: Restricting the list

Kudos to John Noerenberg for this extremely clear statement:

> I wish it no more than I seek ads for magazine subscriptions I have no
> interest in.  Nevertheless, I'm not about ask the US postmaster to validate
> everyone who might send a message to my postal box.  There is no reason to
> think my email address should be treated any differently.

There is a middle ground worth considering, however.  FV has faced a
similar problem on our "fv-users" list.  We wanted this list to be
available for free & open discussion.  Moderating it would make it look
like we were censoring anti-FV comments, which we certainly weren't. 
Restricting access to FV customers was useless, because some of our
customers are the  very people who would post inappropriate
announcements.  So we evolved another solution:  a bozo list.  The list
operates freely, except that anyone who has developed a history of abuse
is added to a bozo list, and posts from THAT person are re-routed to the
list owner, who can post them or not.

The combination of a strong presence by the list owner, the THREAT of
bozo status, clear explanations of what is and is not appropriate, and
occasional USE of the bozo mechanism can go a long way towards solving
problems like this one.  -- NB
--------
Nathaniel Borenstein <nsb <at> fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq <at> nsb.fv.com
From nsb <at> nsb.fv.com Tue Feb  6 06:57:08 1996
Received: from zloty.fv.com (zloty.fv.com [204.250.90.12]) by list.cren.net (8.6.12/8.6.12) with
ESMTP id GAA06948; Tue, 6 Feb 1996 06:57:07 -0500
Received: from nsb.fv.com (nsb.fv.com [152.160.80.42]) by zloty.fv.com (8.7.3/8.7.3) with SMTP id
(Continue reading)

Dave Crocker | 7 Feb 16:40 1996

Re: PS -- Re: Restricting the list

At 8:58 AM 2/6/96, Ned Freed wrote:
>1. I've already pointed out that filtering on specific origin addresses is
>   totally ineffective.

Ned,

	What about the following set of mechanisms, each of which I believe
I've seen in operation.  In combination, they would seem to create a rather
powerful filter and control mechanism, I would think.

1.  To subscribe to a list, the user sends a request.  The list server
sends back a verification request.  The subscriber returns a confirmation.
This provides reasonable assurance that the registered email address is
valid.

2.  Those who are registered can send messages freely.  Those who are not
have their messages channeled to the list moderate who decides whether to
forward the message or not.  One could elaborate this, further, by having
non-registered email ALSO get a verification request from the server before
sending it on to the moderator.  This would filter deprivation of service
attacks, I suppose.

	Thoughts?

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                 fax: +1 408 249 6205
675 Spruce Dr.                                     dcrocker <at> brandenburg.com
(Continue reading)

Tim Kehres | 7 Feb 17:13 1996

Re: PS -- Re: Restricting the list

On Wed, 7 Feb 1996, Dave Crocker wrote:

> 	What about the following set of mechanisms, each of which I believe
> I've seen in operation.  In combination, they would seem to create a rather
> powerful filter and control mechanism, I would think.
> 
> 1.  To subscribe to a list, the user sends a request.  The list server
> sends back a verification request.  The subscriber returns a confirmation.
> This provides reasonable assurance that the registered email address is
> valid.
> 
> 2.  Those who are registered can send messages freely.  Those who are not
> have their messages channeled to the list moderate who decides whether to
> forward the message or not.  One could elaborate this, further, by having
> non-registered email ALSO get a verification request from the server before
> sending it on to the moderator.  This would filter deprivation of service
> attacks, I suppose.
> 
> 	Thoughts?

I personally think that this is most practical solution to the problem, 
however not without it's drawbacks.  Many years back I managed a few 
Internet distribution lists along with the USENET gateways for them.  We 
decided at the time for no moderation on the Internet side, while 
maintaining full moderation on the USENET side (for many of the same 
reasons that we are having this discussion today).

As many current lists are both gatewayed to environments like USENET as 
well as feeding downstream distribution lists, the above solution will 
have the effect of directing potentially a significant amount of traffic 
(Continue reading)

Ned Freed | 7 Feb 21:33 1996

Re: PS -- Re: Restricting the list

> At 8:58 AM 2/6/96, Ned Freed wrote:
> >1. I've already pointed out that filtering on specific origin addresses is
> >   totally ineffective.

> Ned,

> 	What about the following set of mechanisms, each of which I believe
> I've seen in operation.  In combination, they would seem to create a rather
> powerful filter and control mechanism, I would think.

> 1.  To subscribe to a list, the user sends a request.  The list server
> sends back a verification request.  The subscriber returns a confirmation.
> This provides reasonable assurance that the registered email address is
> valid.

I've already described this mechanism and commented on it in some detail on the
IETF list.

Simply put, the problem is that list subscribers hate it and therefore most
list managers cannot reasonably use it. As such, it's a nonstarter more often
than not. It also has nothing to do with spamming; it's a mechanism intended to
defeat personal "subscribe him to every list in the world" attacks like the one
directed at Mark Crispin recently.

> 2.  Those who are registered can send messages freely.  Those who are not
> have their messages channeled to the list moderate who decides whether to
> forward the message or not.  One could elaborate this, further, by having
> non-registered email ALSO get a verification request from the server before
> sending it on to the moderator.  This would filter deprivation of service
> attacks, I suppose.
(Continue reading)

Dave Crocker | 8 Feb 03:50 1996

Re: PS -- Re: Restricting the list

At 4:09 PM 2/7/96, John W. Noerenberg wrote:
>audience.  With good targeting tools his ads would reach only those likely
>to be interested.  Dunno 'bout this, it sounds vaguely Orwellian to me...

	Sorry, not good enough.

	As the recipient of a an unsolicited solicitation, I don't much
care whether you get one or whether Ned gets one.  I care about the
imposition on my time and effort.

	(Yes, I do find that a very, very carefully done solicitation can
often get past my desire to rip the innards from the sender, but this
involves high-level marketing skills on their part and not the presence or
absence of email/news tools.)

d/

--------------------
Dave Crocker                                                +1 408 246 8253
Brandenburg Consulting                                 fax: +1 408 249 6205
675 Spruce Dr.                                     dcrocker <at> brandenburg.com
Sunnyvale CA 94086 USA                           http://www.brandenburg.com

Internet Mail Consortium                   http://www.imc.org, info <at> imc.org

John W. Noerenberg | 8 Feb 10:55 1996

Re: PS -- Re: Restricting the list

At 12:13 AM 2/8/96, Tim Kehres wrote:

>
>As many current lists are both gatewayed to environments like USENET as
>well as feeding downstream distribution lists, the above solution will
>have the effect of directing potentially a significant amount of traffic
>the direction of the moderator.  As most list moderators do so out of the
>kindness of their hearts (in other words on their own time as opposed to
>being part of their job function), the probability of noticable delays in
>the propogation of the message through the moderator are high.  Depending
>upon the people involved, this may or may not have a significant effect
>on the usefulness of the list.

This is precisely the behavior we observed with mailing lists that we
maintained for a while for Eudora discussions (before the news groups we
accepted).  Our problem with the lists is that we just sunk under the
onslaught of messages.  Even when we assigned someone the job of full-time
moderation (and he was being paid just for that), there was no way to keep
up.

Fortunately for our sake (and the sanity of our poor moderator), the news
groups were approved, and we put everyone out of their misery by
terminating the lists.

As long as the traffic volume is low, then Dave's plan will work.  If its
not, there is no way a moderator can cope.  This same scaling problem
applies to moderated news groups as well.

john noerenberg
<mailto:jwn2 <at> qualcomm.com>
(Continue reading)

Robert Moskowitz | 8 Feb 13:15 1996

Re: PS -- Re: Restricting the list

At 06:56 AM 2/6/96 -0500, Nathaniel Borenstein wrote:
>To pre-empt an obvious objection:  My guess is that very few people are
>both technologically sophisticated enough to know how to change their
>Email address and culturally unsophisticated enough to use that
>knowledge to inappropriately spam mailing lists.  But there will
>undoubtedly be a few.  -- NB

Any Eudora freeware user that spends the time reading the FAQ can figure
this one out, and they do....

Robert Moskowitz
Chrysler Corporation
(810) 758-8212


Gmane