Great Circle Associates List-Managers
(May 2000)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Confirmation Required
From: "Ronald F. Guilmette" <rfg @ monkeys . com>
Date: Fri, 05 May 2000 12:01:50 -0700
To: list-managers @ GreatCircle . COM
In-reply-to: Your message of Fri, 05 May 2000 09:50:52 -0700. <p04310102b538a474d204 @ [17 . 216 . 27 . 198]>

In message <p04310102b538a474d204 @
 [17 .
 216 .
 27 .
 198]>, 
Chuq Von Rospach <chuqui @
 plaidworks .
 com> wrote:

>My lists that don't mailback validate do other things to limit the 
>chances of someone getting slammed.

Whatever you _believe_ you are doing, I have direct, first-hand, and
recent experience that it isn't working.

>for instance, I don't have an 
>email access point for subscriptions, so the standard "slam 
>subscribe" tools out there are useless. I can't be part of an 
>automated attack.

Yea.  Right.  Like it is really difficult to write a Perl script that
goes out to a few hundred of these web sites (like your's) that just ask
you to type in your e-mail address to get subscribed.  Uh huh.

>All subscriptions come through a web site (or in my 
>case, one of four web sites, three of which I don't have direct 
>control over, which complicates things. And that's an issue Murr 
>doesn't seem to catch -- not all of these issues are things where you 
>have final say  on the matter)

OK.  I'll buy that.

So which boneheads at Apple actually DO control Apple's mailing lists?
Which boneheads at Apple should I actually be complaining to?

>The subscribe CGI should be protected from automated slam subscribes. 

The operative word there seems to be ``should''.

>How I'm doing this I won't say offhand, but email me privately if you 
>want more details.

I don't care to know how you think your system works.  I just want to know
why it doesn't actually work.

>If you do these things, you limit slams to those where a user 
>physically goes into the web site and types in an email address. 

... or has a Perl script do it for him.

In either case, somebody who doesn't give a tinker's damn about Apple's
products gets slimed with a bunch of unsolicited *commercial* blurbs
about Apple's problems.

Now please remind me Chuq... How exactly is this different from spamming?

>Those still happen -- but the number is tiny.

So that makes it alright then huh?

Only a few people were ever burned to death in rear-end collisions involving
Ford Pintos, so their families should just shutup and quite complaining,
right?

Marvelous self-serving logic there.

>The next level of defense is the welcome message. Every subscription 
>gets one, and the welcome message includes multiple ways of 
>unsubscribing...

Yes.  And the same can be said for better than 90% of the _other_ spams
I have received over the past six months.

The fact remains that I don't feel that it should be incumbant upon *me*
to unsubscribe from something I never signed up for in the first place.

And this ain't hardly just my opinion.  If you travel over to either the
SPAM-L mailing list or the news.admin.net-abuse.email newsgroup, you'll
find at least a few thousand other people who also share this view.

>... including a pre-encoded URL that takes you to the 
>unsub page with the email address pre-loaded. It's literally a 
>two-click operation.

Congratulations Chuq.  You have just made my point for me.

You just argued (and I _do_ agree) that it is trivial... downright simple...
to click on the URL contained in your mailing list greeting message.  Heck!
It's so simple even a moron could do it, right?

Now the only question is ``Who are you going to FORCE to do this simple
thing?  Your subscriber wannabees or people who have been forge-subscribed
to your list and who never wanted to be on in the first place?''

You yourself agree that it is so simple that any idiot can do it, so why
not just ask your subscriber wannabes to do it, rather than abusively
demaning that I and other people who have been forged-subscribed to your
lists do it?

The fact that you prefer to inconvenience _me_ (and other netizens who
don't really give a damn about what products Apple is pushing this season)
just lends credence to the theory that I was _NOT_ in fact forge-subscribed
to any of Apple's mailing lists, but that Apple, the company, is in fact
just doing some good-old-fashioned address harvesting and spamming.

>... Effectively, there IS a mailback 
>validation here; it's opt-out instead of opt-in.

You and the DMA ought to get along famously.

>Finally, the system is set up to allow my to blackhole problem 
>addresses and domains. If someone reports they're being repeatedly 
>subscribed, they can be (and are) blackholed.

OK.  Swell.  Domain level opt-out.  I'll take it.

I have an AOL account that I use sometimes.  It has ten different AOL
``screen names'' associated with it.  And every so often I change a
few of those screen names to something different.

I have been repeatedly forged-subscribed to various Apple mailing lists,
and the targeted addresses were various members of my AOL screen name set
on different occasions.

Because of this ongoing problem, I'm requesting that you ``blackhole''
aol.com and disallow any and all further subscriptions for any/all aol.com
addresses to your Apple mailing lists.

You can probably have that done by this afternoon, yes?

>There is no one true way of doing email systems. Those who think so 
>need to widen their horizons. Life is complicated, email is 
>exceptionally complicated, and simplistic "this is the only way 
>things can work" responses are, oh, non-constructive...

blah blah blah...

And safety locks on guns are pointless because people will take them off
sometimes and shoot themselves (or their family members) accidently
anyway.


I hope you don't mind Chuq.  I just signed you up for the NRA's mailing
list.  I'm sure you'll be right at home there, along with the rest of
the knee-jerk conservative reactionaries insisting on everyone's God-given
right to accidently shoot innocent bystanders, so long as it doesn't happen
too frequently.



References:
Indexed By Date Previous: Re: Confirmation Required
From: SRE <eckert @ climber . org>
Next: Re: Confirmation Required
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Indexed By Thread Previous: Re: Confirmation Required
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: Confirmation Required
From: "Ronald F. Guilmette" <rfg @ monkeys . com>

Google
 
Search Internet Search www.greatcircle.com