When reading my comments, please remember that I was a FAQ author
long before I became a despammer - in fact I was the one who first
seriously proposed making *.answers groups other than news.answers
itself and was the first to use them - before the groups were actually
created.
I'm not the enemy here. I'm simply going to try to describe some of
the reality in this area, and help all of us to come up with the best
possible way of getting our FAQs to our readership, yet, not become
net-abusers ourselves.
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
}From: clewis@ferret.ocunix.on.ca (Chris Lewis)
}>On Feb 4, 11:44, Brad Knowles wrote:
}>} Post the FAQs once a day, separately to each newsgroup (instead
}>} of cross-posting them).
}>Then they'd be spam.
} By the BI & BI2 indexes (via the 45-day window), yes... as currently
}formulated. This obviously means that the BI & BI2 indexes should be revised
}to not include moderated groups in the total. (After all, a non-mechanical
}solution to spam (moderation), especially given that the moderator(s) can
}place limits on crossposting by themselves, means that the rigid/mechanical
}limits can be removed.) Otherwise, I suspect that the news.answers moderation
}team would be more than slightly irritated to find duly approved articles
}being cancelled... an irritation that (with its resulting actions) would be
}completely justified.
When these issues have come up before, the concensus of moderators has
been universally in favour of having the normal spam indexes apply to
moderated groups (with one notable exception ;-). The experience with
spammers (particularly the problematic ones like EROSNET) has shown that
they'll exploit any possible hole. If we exempt articles posted to
*.answers groups, they'll just start forging approvals. We have plenty
of experience with this. Dating all the way back to Canter and Siegel.
[Today's spam trivia: It's just Siegel now. Canter is still fleeing the process
servers. More juicy detail to come.]
Additionally, then we'll get into fights over who is allowed to cross-post
to *.answers (you'll be the FAQ Cabal. ObTINC ;-), and I'm sure that Pat,
Ping et. al. want to avoid that. This war have erupted before (anyone
remember the incessant flaming of jik from a FAQ maintainer who shall
remain nameless?)
You see, by making a special class of postings immune to despamming, the
first thing the spammers will do is scream about discrimination based upon
content. We've fought long and hard to keep despamming content-independent.
The instant it becomes content dependent, then the whole thing will cave
in.
There are technical methods to solve this (ala PGPMoose), but the logistics
become absolutely nightmarish due to the nature of how we post.
} Now, if ISPs such as netcom can be convinced that rigid
}anti-crossposting policies are foolish, then a considerably lower number of
}FAQs are likely to be affected (i.e., those going across many groups that are
}posted on a very frequent basis, such as for alt.binaries.*)... but I suspect
}that at some point an FAQ is going to come up that will exceed the BI2>20 limit
}even on a normal basis.
There already is a FAQ under full blown autocancel. [I duck and put on my
bullet-proof armor ;-)] No, not an official FAQ - simply a person who
seems simply unable to comprehend that my cancellation notices _really_
mean his postings are _gone_, what cross-posting is, and reposts the same
"FAQ" 30 times a week.
[Believe it or not, whether I play favourites with FAQs or not is a very
common flame attack on me. It shuts them up completely being able to prove
that I don't.]
Frankly, anything FAQ that is "relevant" to more than 10 groups is going to
groups that are so insufficiently differentiated, that you could post to
fewer groups and virtually the same people will still see them anyways.
Some of the FAQs are quite literally hitting every group in a subhierarchy.
That's silly.
----------------------------------------------------------------
From: Tom Lane <tgl@sss.pgh.pa.us>
}clewis@ferret.ocunix.on.ca (Chris Lewis) writes:
}> There are a number of extremely rabid sex spammers that are blasting
}> out tens of thousands of massively cross-posted articles per week.
}>
}> The ISPs have relatively little alternative.
}Far be it from me to argue with Chris Lewis on the subject of net abuse
}... but ... I still don't see why discriminating against crossposted
}articles will do anything to control spammers. Won't they just switch
}to blasting out tens (if not hundreds) of thousands of not-crossposted
}articles?
The trackrecord of these policies, at Worldnet, at IBM, at many other
sites demonstrates quite well that they _do_ work for them. These
policies greatly reduce the crap leaving their systems, greatly
reduce the complaint load they have to deal with, and most importantly
greatly reduce the amount of money they have to spend to deal with it.
I've seen ISPs with 5 or more full-time people on the abuse handling
end. One ISP just dropped a cool half-million trying to control
relayed email spam. Doubling their work costs _lots_ of real dollars.
I'm currently chatting with the Worldnet Usenet developers and I've
asked whether they still forward >5 and simply block new postings >5.
If there are other questions you'd like me to ask, please let me know.
}It seems to me that the existing rules against EMP are appropriate for
}controlling spam (although they could do with some better enforcement
}mechanism than after-the-fact cancellation). I don't see how prohibiting
}cross-posting will help, and I do see where and how it will hurt.
That's the point - cross-posting restrictions are before-the-fact.
No matter who you are, blocking an outbound 10x40 (10 posting, 40
groups each) spam in the middle of the night is _far_ superior to
letting a 400x1 spam out during the day, and waiting for someone to
check it out after the fact for true spammishness - even with virtually
instant after-the-fact notification, you still get deluged with complaints.
[To put things in perspective: Mindspring has always been an EXTREMELY
responsive site. When they bought PSI/Interramp's dialup customers,
it took them several weeks before they got the complaint load under
control - it peaked at more than 150Mb per _day_.]
Of course, they could do what Prodigy (apparently) ended up having
to do to stop their extreme spam problem: have extremely aggressive
filters that blocked anything that even smelled of spam, and let
a human scan it before propagating it. No provider of the scale of
AOL or Netcom or IBM or Worldnet would or could do that these days.
I don't think Prodigy can either.
-----------------------------------------------
From: Kent Landfield <kent@landfield.com>
}In your opinion Chris, what would be an acceptable limit of crossposting
}that FAQ authors should consider limiting themselves to ? I was under
}the impression the limits were > 15. Sounds as if I'm mistaken.
I'm sorry to say it, but I believe 9 is the best compromise. Jonathan
Kamens himself (and many others) have been strongly advocating _all_
servers apply >10 restrictions for at least a year. Our server complex
(16+ servers around the world) is also "G10".
}# I have no problem with trying to
}# remind administrators that the *.answers groups should be kept longer,
}# the Expires trusted, and the technology exists to make this trivial on their
}# servers.
}Then instead of a letter that backs the admin into a defensive mood, maybe a
}letter that describes how they can help us would be more appropriate.
Right. I would suggest a careful informal poll _first_, before we
ask them to do anything just so that we have an idea of what we're
facing. ie: ask your own friendly ISP what their expiration policies
are. I can help formulate the questions.
}While many of us understand first hand the problems of spamming and
}excessive/massive crosspostings I think we need to understand the limits
}being put in place and how those controls affect us. We have been taking
}advantage of the news technology for the proper purposes. How do we avoid
}getting lumped in with the trash ?
I don't know. Reassessment of what groups you reach (I know I can
remove one or two from my lists) will help.
Frankly, I don't think we're going to get very far trying to persuade
the ISPs we _do_ know about to spend more money fighting spam. And
we're not going to get anywhere with the ISPs we don't know about.
Aiming things more at WWW will certainly help.
Focussing our emphasis more on spreading the word that "there's a good
reason to trust the expiration in *.answers groups" will be successful.
I don't think lifting cross-posting restrictions will be.
------------------------------------------------
From: David Alex Lamb <dalamb@qucis.queensu.ca>
}We have heard that news administrators are contemplating policy changes such
}as very short expiration times, rapid expiration of cross-posted articles, and
}refusal to propagate articles cross-posted to more than 4 groups.
FYI - a couple of points:
- existing technology doesn't provide a way to base expiration on
cross-postings or not. The only thing that administrators have
is to:
- expire explicitly by name
- wildcard expiration based on group name
- treat moderated groups differently.
- trust or not trust expiration dates.
- Administrators are now starting to run "poison-pill" patches.
This allows them to dump any article on the floor that is
cross-posted to a "poison group". For example, if you
cross-post the alt.binaries.pictures.erotica.d faq to
alt.answers and elsewhere, we silently and quite happily dump
it on the floor. This is partially in response to the
massively-crossposting sex spammers, and partially in response
to the "hidden warez" group problem (which is scaring the
crap out of some sites).
- Administrators are now starting to run the "purge-binaries"
program which allows them to silently dump out-of-place
binaries.
>All these
}policies, while understandable in the context of spam, have the effect of
}rapidly eliminating many useful FAQ postings,
It seems to me that the "rapidly eliminating" is rather excessive. At
a max of 9, less than 10% will hit the limit when it hits a given system.
Remember it's not a global restriction. If netcom decides that it doesn't
want to propagate crosspostings >4, it's _their_ loss, not yours - your posting
still goes virtually everywhere else.
---------------------------------------------------
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
} Umm... automated crossposting limits _might_ be necessary. But
}_rigid_ automated crossposting limits (e.g., including moderated groups)
}are not. Given all the work people have done on various cancelbots, one
}would think that someone could write patches on the crossposting
}limit patches... admittedly, I'm not much of a programmer.
Remember that this is in the server end, this has nothing to do with 'bots.
If we were to write such a patch, it'd still take 6 months or longer to
get it to the sites that would "need" it. That is, if a serious operations
organization is foolish enough to trust modifications some unknown programmer
is trying to foist on them.
---------------------------------------------------
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
} I have considered whether or not I want to bother posting the FAQ
}I've been working on so long to Usenet. I believe I will, ultimately, and
}that I'll do it in such a way that it does get read - that's the point,
}after all. If that requires posting it every 3 days because it's
}crossposted to talk.politics.misc and ISPs have ridiculous expiration
}policies, that will be annoying but I'll do it.
In the end, system owners always get to decide what happens on their
systems. This is called "property rights". This is what most spammers
fail to appreciate, and what differentiates them from the rest of the
world. It's not really any of your business how long an article of
yours resides on my machine, whether it ever resides on my machine, or
whether I pass it on to anyone.
I expire certain groups every four _hours_. Does this mean
you'd post your FAQ every four hours if it was one of the affected
groups? I certainly hope not.
Saying "I know what's best for your users, and I'm going to _force_ you
to expend resources on it just so that it's in front of your users no matter
what you think" is the best way to lose all sympathy whatsoever. You'll
simply be yet another spammer. Yes, you probably won't be spamming for
money. But neither was Clarence Thomas IV.
If, say, you posted to 9 groups every three days, it becomes spam on
the 21st day, and will be cancelled. Indeed, I have no choice in the
matter - the rules do not allow me to play favourites. And if I did
anyways and _not_ cancel it, the kooks crank up about credibility and
content-based cancellation, and they'd be absolutely right. (for once ;-)
As for posting frequency, I believe you simply have to assume that
systems are going to strive to provide the best possible service to their
customers. If that means forcibly expiring everything every three days,
that's what they have to do. Don't prevent them from exercising control
over their own machines.
Assume that administrators are going to at least _try_ for a 14 day
expiration on all their groups. Don't repost any more frequently
than 14 days unless you _really_ have to. Don't try to circumvent
site decisions on expiration. Educate sites on how to increase the
benefits to their users - but don't make their decisions for them.
---------------------------------------------------------
From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
}From: Nathan Tenny <ntenny@qualcomm.com>
}>When this subject has come up in the news.admin.* groups, various folks
}>have pointed out that exempting moderated groups isn't really a good idea.
}>Spammers, flametrollers, meowers, and similar lifeforms could just create
}>alt groups with themselves as moderators and crosspost everything there to
}>protect themselves from cancellation (or whatever sanctions would otherwise
}>accrue).
} Sorry, I don't appear to have been clear enough. Instead of
}removing posts across 5+ groups, remove posts across 5+ _unmoderated_
}groups. In other words, don't count moderated groups in the crossposting
}total.
So they just crosspost in groups of 5, where the fifth is always the same
moderated alt group.
}>Big 8 moderated newsgroups, perhaps, or a specific exemption for
}>news.answers. Or a higher cutoff for posts with followups set to a single
}>group.
} The latter idea would be a good one, yes; such messages aren't
}causing as much problems.
Only from a flame troll perspective. Not from a spamming perspective -
if EROSNET put a followup-to in each of their 40 group cross-posts, it
wouldn't do a darn thing to the spam level.
--------------------------------------------
From: Tom Lane <tgl@sss.pgh.pa.us>
}One thing that just occurred to me --- news administration policies are
}not the only anti-crosspost hazards out there. I have more than once seen
}people recommend using newsreader filters to suppress overly crossposted
}articles. The worst examples of this have been rn filter recipes (that
}zap more than so-many commas in Newsgroups:) posted as "a way to kill
}spam" without any explanation of why or what the recipe actually does.
}An unsuspecting newbie could take the recipe, drop it into his newsreader
}config without any clue as to just what it does, and happily buzz along ...
}ignorant that he's now missing some fraction of FAQ posts ...
Caveat surfer.
Peter da Silva isn't watching this, is he? ;-)
In the context where I've seen it shown, it's obvious what it's for
(Boursy/Grubor/Goat/Vulis/flame troll avoidance).
-- For more information on spam, including countermeasures and resources, see the Internet Spam Boycott, at <URL:http://www.vix.com/spam/>.Chris Lewis: _Una confibula non sat est_
[
Usenet Hypertext FAQ Archive |
Search Mail Archive |
Authors |
Usenet
]
[
1993 |
1994 |
1995 |
1996 |
1997
]
© Copyright The Landfield Group, 1997
All rights reserved