|FROM ||Rick Moen
|SUBJECT ||Re: [Hangout of NYLXS] Fwd: Re: [Panix #26803] ------> Forget FCC /
|From hangout-bounces-at-nylxs.com Fri May 5 13:26:18 2017
Received: from www.mrbrklyn.com (www.mrbrklyn.com [22.214.171.124])
by mrbrklyn.com (Postfix) with ESMTP id 470B4161312;
Fri, 5 May 2017 13:26:17 -0400 (EDT)
Received: from linuxmafia.com (linuxmafia.COM [126.96.36.199])
by mrbrklyn.com (Postfix) with ESMTP id 888DC160E77
for ; Fri, 5 May 2017 13:26:12 -0400 (EDT)
Received: from rick by linuxmafia.com with local (Exim 4.72)
(envelope-from ) id 1d6gzY-00015W-E5
for hangout-at-nylxs.com; Fri, 05 May 2017 10:26:08 -0700
Date: Fri, 5 May 2017 10:26:08 -0700
From: Rick Moen
Organization: If you lived here, you'd be $HOME already.
X-Mas: Bah humbug.
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: Mutt/1.5.20 (2009-06-14)
X-SA-Exim-Scanned: No (on linuxmafia.com); SAEximRunCond expanded to false
Subject: Re: [Hangout of NYLXS] Fwd: Re: [Panix #26803] ------> Forget FCC /
FTC - they won't help you, although that is supposed to be their job.
List-Id: NYLXS Tech Talk and Politics
Content-Type: text/plain; charset="us-ascii"
Quoting Mancini, Sabin (DFS) (Sabin.Mancini-at-dfs.ny.gov):
> My issue was that I was ( is ) getting tons of spam emails, and unsubscribing was ignored in a number of cases; sometimes resulted in getting even more spam from other sources.
Main lessons from my many years participating on NANAE
1. Spammers lie.
2. Falling for the 'unsubscribe me' trick just gets your address on
the higher-priced list of addresses known to reach a human, and
thus gets you more spam.
> I should look into SORBS and see if they would help with this.
I should explain what a DNS blocklist
(https://en.wikipedia.org/wiki/DNSBL) is, and how they are used, and by
A DNS BL is just a DNS authoritative nameserver with a database back-end
for its zonefile data, say for zone dnsbl.example.com, consisting of 'A'
records mapping to (typically) 127.0.0.2 . The zonefile data houses IP
addresses fed to the databases as recently known sources of SMTP spam.
Any person (or software process) in the outside world wishing to know
whether a specific IP address has been listed in the blocklist need only
do a DNS lookup. Consider for example my MTA for linuxmafia.com,
running on IP address 188.8.131.52 . If for some reason the operator
of the DNS BL thinks my IP has been doing bad things, it will add
184.108.40.206 IN A 127.0.0.2
...to the dnsbl.example.com zonefile. Sometimes, there would also be an
associated TXT record recording the reason why my IP has been recently
believed to be badly behaved.
Although in principle _anyone_ including desktop users could use the
publicly available information in one or more of the many DNS BLs, their
main (and to my knowledge sole) use from the time Paul Vixie started the
first one at the MAPS (Mail Abuse Prevention System) project until today
has been by Internet SMTP mail servers, trying to decide whether to 250
Accept incoming mail, or 554 Reject or 450 Tempreject that mail
(http://www.serversmtp.com/en/smtp-error). It is common to configure
MTA software (e.g., Exim4, Postfix) to consult a number of DNS BLs'
opinions about a delivering IP's reputability before saying 250 Accept.
(As a side-note, it's always, always, always much more effective to do
spam-rejection _before_ the destination SMTP server accepts the mail, as
an integral part of the SMTP conversation. Attempts to do
spam-filtering at any point after delivery suffer a number of problems
such as backscatter spam, and are just not particularly effective. This
is why attempting to block spam at the level of your personal mail
client (MUA) or MDA process such as an IMAP fetch is a losing game.)
If you do operate your own mail server, as I and Ruben do, and choose to
configure your MTA to consult DNS BLs, it's really vital to not just
consult _only one_ DNS BL, and not regard it as an ultimate authority.
For one thing, any one DNS BL can be spectacularly wrong or misguided
about some delivering IP, and also DNS BLs have a tendency to come and
go. Sometimes, they are shut down in particularly troubling ways, like
a few historical ones that were deliberately caused upon being shut down
to return '127.0.0.2' for quite a few months on _any_ query. This
reportedly was the operator's way of getting using systems to wake up
and cease trying to query the blocklist -- by returning 'Yep, that's a
spammer' answers to _any_ query. This certainly got people's attention,
but was pretty disruptive behaviour.
Locally, I have SpamAssassin running as a system daemon (spamd) query a
number of DNS BLs with each answer being factored into spamd's
'spamicity' number that, in turn, gets returned to Exim4, my MTA, before
the MTA decides whether to issue 250 Accept or not. This is one form of
effective architecture, and there certainly are others.
> One of the Federal agencies is responsible for assisting citizens with
> this issue, I forget whether it as FTC or FCC, but you will find
> references to it on their website; BUT, just try and get help from
> them- they are totally useless and it will go nowhere.
Federal Trade Commission has a very limited mandate concerning UCE
(unsolicited commercial e-mail, 'spam') that is often badly misunderstood.
It is charged by Congress with using administrative law to enforce the
CAN-SPAM Act. If FTC can track down violators, it can charge them
big-money penalties, but first the spammers must be tracked down, and
if they're outside the FTC's reach (e.g., in Eastern Europe) as many if
not most are, FTC basically cannot reach them.
FTC _does_ do a great deal of enforcement against major spamhauses,
including criminal prosecution. This is of course overwhelmingly
against domestic spammers. But it's a big world.
The FTC has brought more than 53 actions against spammers who used
deceptive content or used deceptive "from" addresses or subject lines,
among other charges. Last month the Commission requested a federal court
order to shut down a pornographic spammer accused of sending deceptive
e-mails to lure consumers to an adult site. In recent cases, the FTC is
alleging that failing to honor "remove me" messages from an e-mail list
is a deceptive practice.
Hangout mailing list