Back to previous post: Geek test

Go to Making Light's front page.

Forward to next post: “So Muqtada al-Sadr, Abu Musab al-Zarqawi, and Ahmed Chalabi walk into a bar…”

Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)

February 24, 2007

Phishing/Scam
Posted by Jim Macdonald at 11:44 PM *

Two days in a row I’ve received identical emails:

hey man,

What’s up with that negative feedback you left me? I will let negative
too if you don’t cancel it.

please reply asap

Word for word, right down to the typo. Thing is, they purportedly came from different email addresses, and they were sent to different email addresses (that all resolve to me).

Turns out I’m not the only person who’s gotten identical emails.

This is just another spam/scam to try to find out valid email addresses belonging to folks who read and will reply to their mail. The subject line for this particular spam is negative feedback. Don’t reply to it unless you like spam.

Comments on Phishing/Scam:
#1 ::: Avram ::: (view all by) ::: February 25, 2007, 12:21 AM:

It's not unusual for me to look in my inbox and see three or four identical messages with different From addresses.

#2 ::: Alphabeter ::: (view all by) ::: February 25, 2007, 12:30 AM:

They ought to know better.

Their penis enhancer did nothing for my female anatomy. Of course I left negative feedback!

#3 ::: Bart ::: (view all by) ::: February 25, 2007, 12:32 AM:

I got a spam message a few weeks ago from a glassware company that was requesting an affiliate deal with nielsenhayden.com.

And, as if it needs to be said, I don't speak for nielsenhayden.com.

Anybody else get that one?

#4 ::: Andrew Plotkin ::: (view all by) ::: February 25, 2007, 12:34 AM:

One of my friends did in fact reply to it, and got back a reply that begged for help rescuing the (notional) sender's (notional) Ebay reputation. With phishing URL in place.

So it's not just address verification. It's better phishing: once you're in a conversation with the mark, he's more likely to trust your URL than if you just throw a flyer at his head.

#5 ::: Larry Brennan ::: (view all by) ::: February 25, 2007, 12:44 AM:

I got that one too. I don't use eBay, so it clearly wasn't an issue for me.

The email address I use here is the one I use for all of my public web activity, including things like flickr. Currently, I have over 4,339 items in my spam folder. Truth be told, I wonder if real mail lands there, but I do know that about a dozen or so spam and phishing messages hit my regular inbox every day.

The signal-to-noise ratio on that account is about 1:250. Alas.

#6 ::: Stefan Jones ::: (view all by) ::: February 25, 2007, 01:10 AM:

I got it too, and figured it was an eBay rating extortion scam.

I've never bought or sold anything on eBay, so that's not much of a worry.

Do spammers really care about whether there's anyone on the other side of an email address anymore? Checking seems more effort than it's worth.

#7 ::: platedlizard ::: (view all by) ::: February 25, 2007, 01:24 AM:

Whenever I get suspicious email supposedly from ebay or Paypal I always report them to those companies. spoof@ebay.com and spoof@paypal.com. Spam in general should be reported to spam@uce.gov

#8 ::: PixelFish ::: (view all by) ::: February 25, 2007, 01:48 AM:

I got one as well--I wondered briefly about it, but figured I wasn't gonna worry too much, since I don't have an eBay account either. (Eventually one day I'll get one, and then what will I do? Well, actually the same thing I do with the rest of the mail tagged eBay--send it onto spoof@ebay.com or abuse@ebay.com)

#9 ::: Paula Helm Murray ::: (view all by) ::: February 25, 2007, 01:49 AM:

Stephan #6, yes they care. Or their auto-dialers care. It's a computer routine that, if you answer back it passes on the message that the email address is a 'live' one (or stupid one or etc,)

I usually just toss 'em mostly because right now the messages are coming to my work email and I don't use that for eBay or anything else commercial.

Because of who I have to contact in day-to-day transactions, I can't set my junk filter to 'kill'em all if I don't know them'. And if I'm collecting exhibitor data for a show or something like that, I have to actually go 'look' at the junk file to make sure I'm not missing an exhibitor email.

Some fun. (All my work email was caught by a filter until I sent our a broadcast email for a new client. Then all of a sudden I'm getting lots and lots of spam that gets through my junk filter. GRR.)

#10 ::: Bruce E. Durocher II ::: (view all by) ::: February 25, 2007, 02:16 AM:

I've gotten three spam posting attempts on the most popular LiveJournal entry I ever made: fortunately I'm one of those suspicious souls that have comments screened first. A friend just got a tasty bit of spam this week: says it's from a hitman that was hired by a friend of my friend but after a week he's decided my friend is O.K. and will abandon the hit for 100K--but if my friend reports it to the police he'll get hit anyway. Tasty, eh?

#11 ::: Randolph Fritz ::: (view all by) ::: February 25, 2007, 03:31 AM:

So...when are the major e-mail programs going to make these things so visible that they're ignorable? (I am envisioning a big red "FORGED SENDER" displayed across e-mails without a valid signature.)

#12 ::: jonathan versen ::: (view all by) ::: February 25, 2007, 04:02 AM:

I think a lot of blog-associated email addresses are harvested through the paypal link that display an email address when you click through.

incidentally, have any of you ever tried searching for the return email addresses or unusual key phrases from suspicious emails? you'll often find other people commenting on them being spammers.

hold on, I've got an email, gotta go. It's probably a hot Russian babe with my free laptop and rohhhhhlex.

#13 ::: Charlie Stross ::: (view all by) ::: February 25, 2007, 04:27 AM:

Key insight:

This isn't just an address harvester (if you reply they know you're reading mail to that address), it's an *Ebay specific* address harvester.

Wanna bet that if you reply the next thing they're going to do is (a) try to identify your account name and (b) brute-force password attack on it?

This could be endless fun -- especially if they confirm a sneaking suspicion of mine that lots of Ebayers use the same password on their Paypal account as on their Ebay trading account.

#14 ::: Charlie Stross ::: (view all by) ::: February 25, 2007, 04:29 AM:

... And on second thoughts, they don't need to guess your Ebay ID; if they know you're reading mail at a given email address, and that you take Ebay negative seller feedback seriously, then there's about a 90% probability that you've got a Paypal account using that email address as its handle. That's probably the real target of this attack. Send a million or ten spams, get a thousand replies, brute-force 10% of the accounts and lift $1000 from each, and you're in the money.

#15 ::: Karen Funk Blocher ::: (view all by) ::: February 25, 2007, 04:34 AM:

Yes! I got that, too. I was sure it was a scam, since I haven't bought or sold anything on eBay in a decade or so, and never under that particular screen name; but I couldn't figure out how the scam operated. Now I know. Thanks! Incidentally, the same day as the email, I heard from someone who supposedly remembers me from the education program at Unfamiliar Initials University and tracked me down via Whatever. I'm still wondering whether to respond to that one.

#16 ::: Dawno ::: (view all by) ::: February 25, 2007, 04:55 AM:

I got this one too, but it may have taken me a bit longer to figure out this was related to Ebay. As a forum moderator on Absolute Write, I thought it might be from a member objecting to a negative reputation comment. Then I realized that I rarely give them out and have not done so recently. It finally occured to me this was more likely to be a phishing scam related to Ebay.

However, I used the gmail 'report phishing' feature on it instead of reporting it to the abuse email at Ebay. Every time I report a phishing email to Ebay or PayPal, I end up with an inbox full of their form letter responses that are just as annoying as spam.

#17 ::: Larry Brennan ::: (view all by) ::: February 25, 2007, 05:01 AM:

Charlie @ 14 - Which is exactly why I have an email account that is *only* used for PayPal, a service I detest but cannot always avoid using. By leaving no spoor of that address, I figure that it's a bit more secure.

#18 ::: abi ::: (view all by) ::: February 25, 2007, 05:39 AM:

I got it, and did actually check my eBay account. This makes it the most plausible spam I have received.

Points against: it didn't mention my eBay handle (which is not my usual internet handle), I hadn't bought or sold anything in ages, I have never left negative feedback for anyone.

Points for: Well, someone could have hacked my eBay account, and it cost me nothing in time or effort to check.

#19 ::: abi ::: (view all by) ::: February 25, 2007, 05:40 AM:

Alphabeter @2
Their penis enhancer did nothing for my female anatomy. Of course I left negative feedback!

Nonsense! It doubled it in size! Trebled it! Quadrupled it!

Twice nothing, after all, being nothing.

#20 ::: Connie H. ::: (view all by) ::: February 25, 2007, 07:01 AM:

Now I'm wondering if I should establish an email account just for public posting like this. But I'd have to remember to check it on the off chance that somebody real would actually want to contact me via that method....

#21 ::: Jo Walton ::: (view all by) ::: February 25, 2007, 08:06 AM:

I got it too, in both my email accounts and just deleted it as I don't use ebay.

I don't use either eBay or PayPal specifically because I want to be able to just delete spam without worrying about it.

#22 ::: Erik V. Olson ::: (view all by) ::: February 25, 2007, 08:09 AM:

Note that they've halfway confirmed the valid address already -- your mail server accepted it and delivered it to you. That's more than enough for a spammer. That's why filtering doesn't work -- it only encourages more spam, because you keep accepting it. I prefer a nice, *slow* rejection at the SMTP level.

This is more than just an email check -- this is a phish. I'd call it "trolling", in that you drag the bait across the 'net and see who bites, but that verb has a different meaning on the net.


#23 ::: James D. Macdonald ::: (view all by) ::: February 25, 2007, 08:33 AM:

How did all you guys know this was referring to Ebay?

#24 ::: Kate Nepveu ::: (view all by) ::: February 25, 2007, 08:35 AM:

Only place I'm aware of where being left negative feedback is a big thing, and a major place at that.

#25 ::: Dave Luckett ::: (view all by) ::: February 25, 2007, 08:42 AM:

Request for information: I use an email filter that displays address, subject line and the first ten lines or so, but does not accept the email until I authorise it. If I delete it the email is said to be deleted at the ISP, and never reaches my in-tray. Can the spammer get any feedback from this that confirms my address is live? I'm hoping not.

Oh, and I keep getting obvious spams that are sometimes chunks of published text lifted at random and sometimes just gibberish. Why do they do that? How does it profit them? Obviously they must profit somehow, because these are crooks, but how?

#26 ::: James D. Macdonald ::: (view all by) ::: February 25, 2007, 09:15 AM:

Oh, and I keep getting obvious spams that are sometimes chunks of published text lifted at random and sometimes just gibberish. Why do they do that?

They're trying to get around Bayesian spam filters.

It doesn't work.

They do it anyway.

#27 ::: Alter S. Reiss ::: (view all by) ::: February 25, 2007, 09:15 AM:

Dave Luckett 25: Generally, the gibberish is to get through the spam filters, and the payload is carried as an attachment (most typically an image, or images, which have stock spam or suchlike.)

When I got the negative feedback thing, I thought it had to do with an online writing workshop I'm in, as I've left reasonably harsh crits up there. I'm not sure what that says about me.

#28 ::: Mary Aileen ::: (view all by) ::: February 25, 2007, 09:33 AM:

I got that, without the typo. It got past my spam filters, which is the only way I saw it at all. Since I've never left anyone any kind of negative feedback anywhere, I just deleted it.

This was not actually identified as eBay-related, although I assumed it was meant to be. Since I don't use eBay, I assume anything purportedly from them is spam. Also all Paypal-related emails that come into the address that Paypal doesn't have.

#29 ::: Nancy Lebovitz ::: (view all by) ::: February 25, 2007, 09:36 AM:

Unfortunately, I replied once (I've only received one copy of the spam) and got the "please help me save my reputation" reply, which included a non-working url. I'd asked the person what specific transaction it was about. I don't know if I got a default reply.

For what it's worth, I'd recently heard a teacher talk about getting that combination of threats and begging from a student.

#30 ::: Madeline Kelly ::: (view all by) ::: February 25, 2007, 09:38 AM:

Thank you, James! I received the same email a couple of days ago and I've been wondering ever since whether someone else had used my email address to leave negative feedback. It's good to know that ddorothykong doesn't actually exist.

#31 ::: Madeline Kelly ::: (view all by) ::: February 25, 2007, 09:41 AM:

Sorry for the double-post, but I just wanted to add that it hadn't occurred to me that it was anything to do with eBay. The email is worded so vaguely that it could be feedback about anything, really.

#32 ::: Keith ::: (view all by) ::: February 25, 2007, 10:00 AM:

I've gotten a similar spam message, along with ones telling me that if I'm a good moderator i won't delete their comments. The ones that really tweak me though are the Spam messages informing me that I have lots of Spam.

#33 ::: Kate Nepveu ::: (view all by) ::: February 25, 2007, 10:18 AM:

Erik @ #22: Note that they've halfway confirmed the valid address already -- your mail server accepted it and delivered it to you.

Suppose your server's configured to discard incoming mail that isn't properly addressed? Does this look the same from outside, so that either :blackhole: or delivery is sufficient for spammers?

#34 ::: Nancy Lebovitz ::: (view all by) ::: February 25, 2007, 10:19 AM:

Unfortunately, I replied once (I've only received one copy of the spam) and got the "please help me save my reputation" reply, which included a non-working url. I'd asked the person what specific transaction it was about. I don't know if I got a default reply.

For what it's worth, I'd recently heard a teacher talk about getting that combination of threats and begging from a student.

#35 ::: Debra Doyle ::: (view all by) ::: February 25, 2007, 10:37 AM:

Madeleine@#31: The non-specificity is deliberate, I suspect; it makes the phishing attempt into a one-size-fits-all, the equivalent of "I know who you are and I know what you did." Which works, of course, because just about everybody is going to have a little bit of a guilty conscience about something.

#36 ::: Debra Doyle ::: (view all by) ::: February 25, 2007, 10:38 AM:

Sorry -- that should have been "Madeline" in #35 above, not "Madeleine."

#37 ::: punkrockhockeymom ::: (view all by) ::: February 25, 2007, 11:01 AM:

I've been getting about three of those "negative feedback" emails per day for the past two weeks.

Our spam filters at the office are just awful. But whenever they try to tighten the net up a bit, they start preventing real, actual emails (in some cases from clients--in some cases from myself!!) from getting through, which is just unacceptable.


#38 ::: Kip Manley ::: (view all by) ::: February 25, 2007, 11:03 AM:

Unfortunately, the name on my identical email was awful damn reminiscent of someone I think I ordered something from in the last six months or so. From the Amazon marketplace, or something, where you also give feedback. (Haven't done eBay in years.) So I got to the reply-with-the-phishing-lure stage.

Sigh. At least it was my public yes-I'm-resigned-to-the-spam-it-gets email.

#39 ::: Lin Daniel ::: (view all by) ::: February 25, 2007, 11:34 AM:

#22 Note that they've halfway confirmed the valid address already -- your mail server accepted it and delivered it to you.

Actually, almost all email to non-existant addresses goes into the black hole of the bit bucket. Some of you may remember the wonderful bounce-bounce-bounce thing that would go on when an email was rejected, sent back to the originator, who rejected it and sent it back to the original recipient, who bounced it back... I used to run opt-in email lists and that one nearly killed us a couple of times. Fortunately, email programs got a clue and turned that function off. The only time software will/may reply is 1) If the email address used to exist and the program is set up to tell people "we ain't here no mo"; and/or 2) the spam filter gets it and bounces it back. Spam Assassin is good for this. Spam Assassin also bounces 'way too much legitimate email, and we've had to turn it off for a couple of clients. (Chamber of Commerce member MoxyMarketing had all their email to the Chamber bounced by Spam Assassin.)

And yes, I got the email from ddorothykong. I figured someone had typed an email address wrong and I'd only worry about it if they kept bitching. I never thought of the idea in #4. Thanx.

My fav spam seems to be the marketers from either various contries in Africa or Europe who want to sell me suger. (PJ is staring over my shoulder, telling me suger has an 'a' in it. Well, yes it does, except in spam.)

I get quite a number from financial institutions around the country. I track down and forward same to the institution's security department. I've got the personal email of the security guy at one bank who is absolutely delighted with me. I forwarded one email recently and got back an email wail "But we only put that up YESTERDAY!"

#40 ::: James D. Macdonald ::: (view all by) ::: February 25, 2007, 11:34 AM:

PunkRockHockeyMom (#37), may I suggest that you suggest Popfile to your IT guys at work?

For everyone (Windows-based):

AVG Antivirus (freeware)

Zone Alarm firewall (freeware)

AdAware SE anti-adware (freeware)

Windows Defender anti-spyware (freeware)

Greyware Registry Rearguard registry protection (shareware)

And don't, ever, click on a link in an unexpected email or open an attachment to an unexpected email, even if it appears to be from someone you know.

#41 ::: Arwel Parry ::: (view all by) ::: February 25, 2007, 11:55 AM:

I got my first email ostensibly from Her Majesty's Revenue and Customs a couple of days ago, claiming that they owed me £170. Since I got my real notice of coding for 2007-08 from HMRC in the post the very same day, and due to personal circumstances haven't actually had to pay any income tax for several years (it's only payable if you actually have an income, after all), I rather tend to disbelieve them!

#42 ::: Fragano Ledgister ::: (view all by) ::: February 25, 2007, 12:18 PM:

I've received a couple of these myself.

#43 ::: Madeleine Robins ::: (view all by) ::: February 25, 2007, 12:22 PM:

I got it too, but having never bought or sold anything on EBay, I deleted it immediately.

Also, I'm not a Man, therefore I figured it must have been misaddressed.

#44 ::: James D. Macdonald ::: (view all by) ::: February 25, 2007, 12:51 PM:

Also for Windows users: TrendMicro Housecall (free online virus/malware scanner).

#45 ::: Gar Lipow ::: (view all by) ::: February 25, 2007, 12:56 PM:

Depending on how well your e-mail client avoids processing embedded links, javascript and so forth, just opening the email can confirm the existence of your email. Thunderbird and other decent email clients to a fair job of suppressing this - but spammers evolve faster than spam defense.

A good workaround. Set your email to reply in plain text only (a good idea anyway - html mail is from the dark side of the force), and to quote when replying. Use the reply button for your first opening of an email. All the embedded images and crap show up as quoted plain text links and code. If you determine it is not spam, and you have trouble reading in that format you can cancel and open it directly. As long as you don't hit send by accident, it is a pretty fool-proof way of checking stuff you are not sure is spam, or getting quotes to snark at out of a spam email without alerting the spammer you exist.

#46 ::: Faren Miller ::: (view all by) ::: February 25, 2007, 01:44 PM:

I'm another who avoids eBay and PayPal, so I can delete immediately. What bugs me most is spam that's not even sent to my own address. I think one of the offenders here is whoever keeps sending tons of spam from an address that begins "=?koi8-r?B?" but then continues in all sorts of ways. I have no idea how to block that sort of thing through my server.

#47 ::: Clifton Royston ::: (view all by) ::: February 25, 2007, 02:18 PM:

Charlie's nailed it, I think.

Confirming addresses no longer seems to be worth as much to serious spammers. Evidence: some spammers continue to send to addresses that have been dead and bouncing mail for years on end, even to whole domains that have been gone for years. They don't need to worry about efficiency, as they've got the power of thousands of trojanned computers at their fingertips - that's where most spam is sent from these days. There may be a few who try to clean up their lists and determine what's not getting delivered, but it's a very minor concern.

On the other hand, email addresses of people who have eBay accounts - and/or Paypal accounts - and who will momentarily believe complaints about negative feedback to be personally directed to them - that's a valuable resource. Some small fraction of that group will be susceptible to phishing or social engineering attacks - "please log in and check your account!" - and that fraction is rapidly convertible to large cash transfers.

Gar Lipow's advice @ 45 on how to read/reply in plaintext is also good for a different reason - it may help to avoid new email viruses or trojan installations which depend on getting you to load email attachments. Naturally, you should be running AV programs too, but better still to get habits which will help avoid exposure.

Faren @ 46: The email address in the mail headers ("To:", "Cc:") has only the most tenuous connection to where the mail actually gets delivered. I could explain this in depth - Internet email and anti-spam is one of my main professional specialties - but I don't want to bore the heck out of everybody.

#48 ::: Randolph Fritz ::: (view all by) ::: February 25, 2007, 03:09 PM:

Mmmm. I would like to see an e-mail client that:
1. Only shows the header text on a header display, and plain text attachments on an initial open.
2. Looks for a digital signature on all e-mail; without the signature, it puts a big red "unknown source" on top of the message.
3. When opening attachments, does so in a virtualized sandbox and even so does not follow links, or download anything--anything that needs to come from another computer comes through a browser, which also opens pages in a sandbox.

This would take some engineering, and you'd have to deploy a free digital signature infrastructure, but there's nothing impossible about any of it; in principle it could have been done 25 years ago.

#49 ::: James D. Macdonald ::: (view all by) ::: February 25, 2007, 03:20 PM:

I do believe that SMTP is fundamentally flawed, but that fixing it now would be like changing the wheels on a bus while it's rolling down the highway at sixty miles and hour.

Other resources: Blacklight Rootkit cleaner from F-Secure (freeware).

#50 ::: xeger ::: (view all by) ::: February 25, 2007, 03:26 PM:

#48 ::: Randolph Fritz wrote:
This would take some engineering, and you'd have to deploy a free digital signature infrastructure, but there's nothing impossible about any of it; in principle it could have been done 25 years ago.

In theory, deploying a free digital signature infrastructure is easy. In practice, theory and practice differ.

As I'm sure a variety of the geeks involved in this thread are aware, ASN.1, X.509, PGP, and a whole host of less well known attempts are still nowhere near universal - never mind the question of hierachical vs meshed trust vectors, or how to evaluate either.

Hrm. Time for more caffeine, I think. I'm starting to sound stuffy and ranting to myself - never mind how I'm doubtless being read.

#52 ::: Clifton Royston ::: (view all by) ::: February 25, 2007, 03:56 PM:

#48, #50: Progress is being made, albeit slowly, towards the digital mail signatures problem. Yahoo, AOL, and Hotmail are slowly grinding in that direction. They all have the advantage of total control over their users' mail interface, as well as their servers. It helps that an enormous distributed database is already used in the context of mail delivery: DNS.

Yahoo's DK (DomainKeys) takes a step in this direction, and DKIM has just been approved as a proposed draft RFC - no number assigned yet. On the commercial front, the "Goodmail" product which the EFF has hysterically campaigned against is just a 3rd-party digital signature offering, again with buy-in by some major recipient domains like AOL and Yahoo.

On the negative side, Microsoft threw their wait behind SenderID, a rather stupid set of extensions to SPF, and that set everything back. SPF has ended up being used more by spammers than real mail domains.

#53 ::: Randolph Fritz ::: (view all by) ::: February 25, 2007, 04:16 PM:

Xeger #50, Cliff R. #52--Yes, the problems are political, rather than technical. ...maybe it is best tackled as a political problem? Now, if Al Gore was still a senator, he would be the person to go to. But I wonder if there's any other Senators or Representatives who might be willing to tackle it? Or perhaps some industry organizations? I bet the banks could get behind it!

#54 ::: Eleanor ::: (view all by) ::: February 25, 2007, 04:18 PM:

I got around 150 spams in the last 20 hours, and that's pretty normal. I don't think I've had this particular scam, but I had a lot last week-ish with the line "Poor you, i don't even think how much spam you are recive" (sic). There was nothing else meaningful in them, and I wondered what the point was. Who would reply? What would a reply say? Did they just want to know that my address didn't bounce? Because if so, they didn't have to send me 50 of them.

#55 ::: MWT ::: (view all by) ::: February 25, 2007, 04:37 PM:

My work email is through Mozilla, which has a decent set of filtering options of the form "If [from/to/cc/bcc/subject/etc] [is/contains/begins with/ends with] ABC, then [move to XYZ folder/flag in some way/delete]." As blacklisting goes, it works well.

All it needs now is to have it set up in the opposite direction for wall gardens (where all email is rejected unless it's on a whitelist). I have two email addresses that are set up as wall gardens, but they require me to specify the exact email address that is approved. This is bad if I might get a number of different ones from, say, a utility company or bank. Such places tend to have a "send out mass info/no replying" address, a "send out monthly account info/no replying" address, a "confirmation that you've paid us" address, a "what we use to reply to a problem you've initiated a discussion about" address (can be several people), etc. It would work a lot better if I can say "approve anything with a sender that contains 'company-name' somewhere in it."

#56 ::: Martyn Taylor ::: (view all by) ::: February 25, 2007, 04:55 PM:

I'm not sure if I was included in that particular phishing trip, but I've just realised I haven't won a lottery that I haven't entered for a whole week. Wah. Nobody loves me.

#58 ::: Jo Walton ::: (view all by) ::: February 25, 2007, 05:23 PM:

Yes, kill them all, they are attacking the potentiality of communication.

#59 ::: Randolph Fritz ::: (view all by) ::: February 25, 2007, 05:41 PM:

TNH@57: I'd rather see them go bankrupt and then go to jail, personally.

#60 ::: Patrick Nielsen Hayden ::: (view all by) ::: February 25, 2007, 06:12 PM:

#52: "On the commercial front, the "Goodmail" product which the EFF has hysterically campaigned against is just a 3rd-party digital signature offering"

Hmm. Googling on "EFF Goodmail", the top-ranked EFF statement I find on the subject is this.

I don't know if I agree with it, but I certainly don't find its tone "hysterical." Is there some other statement of the EFF's, or some other aspect of their attitude, that would justify such a characterization? Because so far this sounds pretty much like what we call a "smear."

Yes, I'm predisposed to defend the EFF, because they've done and continue to do important work. No, I don't think they're automatically right every time and on every issue. And yes, I'm very much predisposed to skepticism whenever a nonprofit, public-interest group is characterized as "hysterical." Fred Phelps is "hysterical." Arguments, even arguments that include appeals to emotion, don't merit being described as "hysterical" simply because we disagree with them.

#61 ::: Fragano Ledgister ::: (view all by) ::: February 25, 2007, 06:19 PM:

Teresa Nielsen Hayden #57: La peine forte et dure would be best.

#62 ::: Trevin Matlock ::: (view all by) ::: February 25, 2007, 06:46 PM:

Re: eBay Neg feedback and other eBay scams.

I get this and others frequently and I do both buy and sell on eBay. So some could be real. Even so, when an email comes in refering to eBay I delete it without reading it. There is no need to since most legitimate emails will be accessible at a message page linked to your eBay account. If its a real email it will show up there so there is no need to risk a phishing attack by opening it in my email tool.

Cheers,
Trevin

#63 ::: Charlie Stross ::: (view all by) ::: February 25, 2007, 07:07 PM:

My inclination towards killing spammers is tempered only by my principle of objecting to the death penalty. Otherwise ...

Here's a thought. The spammers are these days increasingly criminal, as sending spam is becoming harder and stupid-but-legal businesses are being scared off as people learn that Spam Is Bad (the hard way). So over time, sending spam is becoming evidence of criminal intent. This gives law enforcement agencies more of an incentive to go after them. I'm really hoping that over time this dynamic will militate against spammers -- if spamming brings the FBI sniffing at your door, the smart crooks will look for something safer to do.

(Keep hoping for this. You never know ...)

#64 ::: Del ::: (view all by) ::: February 25, 2007, 07:08 PM:

#61, is that French for "dwarf bread"?

#65 ::: TexAnne ::: (view all by) ::: February 25, 2007, 07:10 PM:

No, "dwarf bread" in French would be "le petit pain fort et dur."

#66 ::: John Hawkes-Reed ::: (view all by) ::: February 25, 2007, 07:25 PM:

Randolph @ 48:

KMail covers enough of your list to work for me, but it's part of KDE, thus Unix.

I gave my parents a copy of Eudora because, much as I enjoy visiting, I'd rather it wasn't work. It doesn't do HTML if you instruct it and Makes A Fuss about opening attachments.

Jim McD. @ 49: SMTP's survived remarkably well, considering. It's certainly much better than any of the alternatives.

If you've root on your incoming mail gateway, you could do an awful lot worse than Postfix + Amavisd + SpamAssassin + ClamAV. (Why yes, this is what I do for work...)

#67 ::: P J Evans ::: (view all by) ::: February 25, 2007, 07:48 PM:

Faren @ 46

For whatever it may be worth, koi8 is a Russian OS, more correctly written KOI-8. (Not that this will be helpful in finding the spammers; it just trivia.)

#68 ::: Dave Kuzminski ::: (view all by) ::: February 25, 2007, 08:11 PM:

I have one account that was used only to submit a sting manuscript to dear ole PA. It regularly gets spam now. Weren't they absolutely generous?

#69 ::: Clifton Royston ::: (view all by) ::: February 25, 2007, 09:03 PM:

#66: you could do an awful lot worse than Postfix + Amavisd + SpamAssassin + ClamAV.

Welcome, kindred spirit! That's exactly the combo I would and do recommend to clients.

#70 ::: Christopher Davis ::: (view all by) ::: February 25, 2007, 09:46 PM:

#66, #69: same here, though on my home system I don't bother with ClamAV; I just have amavisd-new discard banned types.

#71 ::: Clifton Royston ::: (view all by) ::: February 25, 2007, 09:48 PM:

Patrick: Fair enough - I align with the EFF on almost everything except email, where I think their positions are just wacky. For example, they've repeatedly attacked the whole idea of IP DNSBLs, like Spamcop or Spamhaus. As I recall they're on the record as opposing the whole idea that ISPs should try to filter spam from customers' mailboxes. (You should run your own Bayesian filters, and that's the only acceptable solution!) I would like to simply agree with the EFF across the board, and it drives me crazy that I can't.

I'll give you a more detailed and reasoned justification for why I call this particular stance hysterical, when I have a bit of time. However, it wasn't just one press release - the EFF set up a "Dear AOL" website (now vanished) to petition AOL to drop all participation in the Goodmail program, and did a massive campaign to get other sites and organizations to quote their claims word-for-word.

What the hell, I'll steal a colleague's analysis until I can write my own. Try here. Or Snopes.

#72 ::: Clifton Royston ::: (view all by) ::: February 25, 2007, 10:13 PM:

Arrgh. Patrick, I just tried to post an initial reply to you about the EFF and their whole "Dear AOL" mass petition campaign, but got the dread "held for review" response. Too many URLs, no doubt.

Let me summarize by saying that I agree with the EFF on virtually every issue except email, AFAIK, and end up disagreeing with them vehemently about nearly every position relating to email - because AFAICT they are opposed to pretty much every working antispam method. Damn it, I'd like to be able to agree with them across the board.

To give you some idea of how far out they are on email, EFF opposed and still opposes the CAN-SPAM law - which everyone else considers completely ineffectual - because they felt it went too far and will "chill the environment for free speech". (Google EFF + CAN-SPAM.)

#73 ::: Nick O ::: (view all by) ::: February 25, 2007, 10:40 PM:

71 of you - you're not supposed to even open this kind of email for goodness sake! Why on earth do you think it's worth these people's while to try this sort of stunt??!!???
And: how much time do you guys have on your hands anyway? I get 20 to 30 of these a day. For goodness sake just delete without reading, that's the only way this kind of thing will ever end. Seriously.

#74 ::: Wim L ::: (view all by) ::: February 25, 2007, 11:24 PM:

#22: Actually that is the same meaning, pretty much. The image of "trolling" was of dragging some flamebait through the newsgroup hoping someone would bite. Originally "trolling for newbies". The under-the-bridge troll association is a humorous back-formation.

#67: Quibble: KOI8 (-R) is a Russian (Cyrillic) character encoding / character set, not an OS.

As for spam, I highly recommend greylisting as a first line of defense. It will delay some mail, but it should never block legitimate mail, and it blocks a *lot* of spam. And it's one of the very few techniques that actually increases the burden on the spammer. "Just delete without reading" will never make the problem go away --- sending more spam is free, since it's all done by botnets.

#75 ::: P J Evans ::: (view all by) ::: February 26, 2007, 12:03 AM:

Wim @ 73

Correction cheerfully accepted. That makes more sense, as I ran it into while cataloging fonts.

#76 ::: P J Evans ::: (view all by) ::: February 26, 2007, 12:03 AM:

Wim @ 73

Correction cheerfully accepted. That makes more sense, as I ran it into while cataloging fonts.

#77 ::: Jim Satterfield ::: (view all by) ::: February 26, 2007, 01:30 AM:

James,

I agree with you about the resources you cited. My boss really likes Cloudmark as well. Surprisingly, Outlook 2003 does a pretty good job of catching a lot of junk.

I get tons of these kinds of scam-mails. I have several e-mail accounts and find it interesting when I get identical e-mails at two or more of them. I send the eBay and Paypal ones to the companies.

As far as what to do to spammers, worm-coders and virus writers my boss thinks that I overreact when I suggest cutting off their fingers and should they buy voice recognition software let the tongue follow. I just don't see how he could think that it's an overreaction.

#78 ::: abi ::: (view all by) ::: February 26, 2007, 02:24 AM:

Nick @72
I read my emails in safe forms (text only), so "opening" them has no effect except on my brain.

And I don't just hit delete on everything that looks like spam because sometimes it's ham, like the email from a Mexican bookbinder offering to teach me a 19th century Spanish sewing technique. (That was a prize and a half - it's a lovely technique.)

Deleting unread will not cause the spammers to stop sending this crap.

As for the time factor: email is my primary form of communication for a number of close friendships. That makes it worth the time I spend on the channel, and it's why I resent the efforts of a bunch of money-grubbing hacks to pollute it.

#79 ::: inge ::: (view all by) ::: February 26, 2007, 02:56 AM:

Lately, every phish I received has outed itself within one hour max by coming in in triplicate.

#80 ::: Andy Wilton ::: (view all by) ::: February 26, 2007, 04:32 AM:

TexAnne @ 65
Yes indeed, if by "dwarf" Del @ 61 meant "small"; but "bread made by/for dwarves" would be something more like "pain de nain". And if they made it with some of that centuries-old sourdough starter, it would be "pain de nain au levain" (or possibly vice versa). And, if they made it by hand, in a bathtub,...

#81 ::: Meg Thornton ::: (view all by) ::: February 26, 2007, 06:45 AM:

I get spam in my LJ, spam in my home mailbox, and (what's even *more* bloody annoying) spam in my mailbox at work. I think the thing which depresses me most is the lack of variety in the blinkin' stuff.

I get the ones which are asking me to check on the status of the Paypal account I haven't used in about three years (I figure it's long since defunct, if it was ever funct in the first place); the ones asking me to check on my bank accounts in banks I don't even recognise; the ones promising to get me cheap medication (cheaper than Medicare? Yeah, keep taking the pills yourself, chum); the ones promising to enlarge my penis (given I don't have one, this is going to be interesting...); oh, and the ones which are purportedly offering me a job, but which are actually trying to pull me into either a pyramid scheme, or into spamming for the senders. Then there's the nice people from all over the world who want to give me money - whether it be because I've won a prize in a lottery I don't even have a ticket in; or because they think I'll be a better charity than any registered one; or because they're in awe of my sheer business acumen, and think I'll be absolutely wonderful as a business partner; or because I happen to have come up on some kind of search as being the next of kin to someone I've never heard of (yeah, I'll believe it... when I hear about it from both of my parents); or just because the sender thinks I might be the kind of corrupt person who enjoys things like ripping off governments.

I think my favourite one of those was one I got recently from a mob purporting to offer me a job, saying that no fees would be charged (I should bloody hope not!). For sheer chutzpah, that one wins prizes.

#82 ::: Meg Thornton ::: (view all by) ::: February 26, 2007, 06:59 AM:

I also get spam about my non-existent eBay account.

Generally, I filter at the subject line in Eudora. If I don't recognise the sender, it gets dumped in the junk folder, where I'll open it some day if I ever find that round tuit I've been chasing. It helps that I have a lot of filters set up in Eudora so that anything I actually *want* to read gets shoved somewhere other than my default inbox. That means I can go through the inbox and remove all the tinned meat, and still have time to read the stuff which interests me.

#83 ::: Faren Miller ::: (view all by) ::: February 26, 2007, 09:12 AM:

PJ Evans (#67) and Wim L (#74): I thought the texts on those things looked like Cyrillic -- now I wonder why the hell I'm getting Russian spam!

#84 ::: punkrockhockeymom ::: (view all by) ::: February 26, 2007, 10:53 AM:

Jim, re #40, thanks and done.

My favorite spam of late is all in Russian. My co-worker speaks a little, so we try to translate it when we are procrastinating.

#85 ::: P J Evans ::: (view all by) ::: February 26, 2007, 11:14 AM:

I get spam in Russian, Greek, Japanese, and, I think, Thai, judging by the odd character sets. (I do recognize Greek and Cyrillic, and can transliterate if not translate.) I think there may be stuff in other languages with non-Roman scripts, but the characters aren't coming through.

#86 ::: Fragano Ledgister ::: (view all by) ::: February 26, 2007, 12:15 PM:

Del #64: Nope. It's a particularly gruesome form of the death penalty, which I personally favour for spammers and plagiarists (though I am, normally, opposed to the death penalty).

TexAnne #65: Strong teeth, those dwarfs.

#87 ::: MWT ::: (view all by) ::: February 26, 2007, 01:05 PM:

Meg Thornton #81: What, no hot stock tips? How about the notices from Myspace? Or the animated porn images?

Mine is mostly nonsense spam - random words and phrases thrown together for both the sender and subject line. I never open any of them. It breaks my brain enough already just trying to parse meaning out of the subject lines.

Unfortunately, because I check a colleague's email for him when he's out of town, I have to actually look at the spam there to make sure they aren't ham (I don't know who all of his colleagues are). He gets at least ten times more than me. It's how I know what any of them say, because otherwise I wouldn't open those, either. The IT dept has recently put in some new filters, though, so hopefully there will be many fewer of them next time he wants me to check his email. (He likes having me do it so that he doesn't have to filter the spam while he's out of town....)

#88 ::: joann ::: (view all by) ::: February 26, 2007, 02:37 PM:

I've used Eudora for about 15 years now, and the one thing I Really Don't Like is that if there's regexp filtering that isn't for complete words, I've never found it.

(Please, somebody, tell me I'm a complete idiot.)

#89 ::: Jeffrey Smith ::: (view all by) ::: February 26, 2007, 02:50 PM:

I get email "from" PayPal and eBay all the time. All the time. My spam filters catch most of them, but not all. ("How much to ship this item to Scotland?", where you have to click on the link to see what the item is.) Sometimes I'll open the email just to look for typographical errors; there is almost always at least one. They are looking more and more like real mail from the companies all the time.

Of course I never click on a link. Very occasionally something seems almost plausible, and I'll go directly to the site, not via link, assuming that if anything is going on I'll find it there. (Never have, of course, nor do I expect to, but there have been two or three times when I thought there was an outside chance that I might.)

#90 ::: abi ::: (view all by) ::: February 26, 2007, 03:32 PM:

I had a birthday recently, and I found it interesting how badly the eGreeting spams spoof their originals. My spam trap doesn't even bother to show me the spams, but it passed my sister in law's card without a murmur.

Sometimes, when training my Baysian filter, I wanted spam trap treats to reward it for doing so well.

#91 ::: Harriet ::: (view all by) ::: February 26, 2007, 04:01 PM:

I got a really nice example of phishing/spam this afternoon:

Dear Bank Of America Military Bank member, We are sorry to inform you that your online payments and transfers services are expired, and must be renewed immediately,
#92 ::: Randolph Fritz ::: (view all by) ::: February 26, 2007, 06:58 PM:

John@66--which of the items on my list does KMail implement?

abi@90--nice spam catcher! Have a doggie biscuit!

#93 ::: Edward Oleander ::: (view all by) ::: February 26, 2007, 07:36 PM:

Under the category of blind pig finding the occasional acorn... I belong to a few different numismatic watchdog groups on Ebay and send out numerous warning messages to sellers whose coins are suspect. Last week, I got one from someone who could have been one of those sellers, wondering why I was sending her warnings. Although the email was somewhat vague and didn't mention coins, her tone and wording could've been someone protesting one of my nastygrams... I came within an inch of hitting the link before I caught myself. It turned out to be bogus... but the sender accidentally got it almost right... just more proof that we always have to keep our guards up...

#94 ::: Rob Rusick ::: (view all by) ::: February 26, 2007, 10:55 PM:

I'm using Thunderbird as my email reader, and it seems that its spam filtering rarely indentifies the spam when it comes by.

I get a lot more spam on my Gmail account, but it seems to be blocked more effectively; it's almost as rare to see a bit get through.

I hope I haven't just jinxed it...

#95 ::: Barbara Gordon ::: (view all by) ::: February 27, 2007, 12:36 AM:

I kind of enjoy reading the random-lifted-texts and nonsense spams. If I had the energy I'd cut and paste a lot of them and submit the result to PublishAmerica.
-Barbara

#96 ::: Karen Funk Blocher ::: (view all by) ::: February 27, 2007, 04:11 AM:

Barbara #95: I agree. I once managed to base a poem on one of the nonsense phrases, "of previous Anacreon a Well." The only problem is that there's too much of the word salad about to appreciate the whimsy after a while.

#97 ::: John Hawkes-Reed ::: (view all by) ::: February 27, 2007, 12:35 PM:

Randolph @ 92:

I run Kmail in the vaguely-Outlook three-pane mode so I can view the (from|subject|date|et al) lines w/o bringing up the text of the message. By default, it'll show you the plain-text part of the MIME tree if it can find one. Otherwise you get the raw HTML. If you select the right button, it'll render that HTML, and if you click again, it'll fetch the images. There's also a small MIME-tree viewer so one can carefully poke through the attachment(s).

It also spots and complains about invalid/unknown keys. Mostly because the PGP keyservers are firewalled off at $work. It uses gpg/gpgsm as a crypto backend, and I should probably have another crack at making it work with FreeBSD.

http://kmail.kde.org/ used to work...

#98 ::: Randolph Fritz ::: (view all by) ::: February 27, 2007, 04:54 PM:

John@97. I see--thanks for taking the time to explain. I suppose the biggest difference between what I'd like to see and what you have with kmail is that the digital signatures aren't the default--most people don't use them. I'm not familiar the the PGP keyserver network, but I doubt it would survive the whole world deciding to use PGP--I think the service would have to be made universal in the internet infrastructure, just as DNS is, to be what I would like to see it become.

#99 ::: Nicole J. LeBoeuf-Little ::: (view all by) ::: February 28, 2007, 12:27 AM:

Ugh. I got the Bank Of America Military one, too.

Which reminds me of my current lament:

I used to be able to delete anything from Bank of America sight unseen, because I had no dealings with that institution. From the banks I did actually deal with, I got little to no email at all. A nice situation.

Then Bank of America ate up MBNA, with whom I had credit cards. And now I get actual real Bank of America mail in the form of their annoying newsletter that comes all the time and pleads with me to do unsound things such as use more credit than I can afford to pay back and get paycheck advances and such. So there's the BoA spam, and then there's the spam that really comes from BoA and references the last four digits of my credit card number.

Actually, I should continue marking it all as spam, but I'm superstitious as to what that will do to my Beysian filtering.

Stupid Bank of America.

At least I knew that the Military one couldn't possibly apply to me.

#100 ::: John Hawkes-Reed ::: (view all by) ::: February 28, 2007, 10:48 AM:

Randolph @ 98:

You'll be wanting Paul Crowley's piece on why PKI doesn't work: http://ciphergoth.livejournal.com/280821.html

#101 ::: P J Evans ::: (view all by) ::: February 28, 2007, 10:53 AM:

Nicole @ 99

I delete the stuff I don't want but don't want to filter out. These are mostly from places I've done business with, or where I signed up for the newsletter but don't read it any more. It's a nuisance, but not to the level of spam. yet.

#102 ::: Kathryn Cramer ::: (view all by) ::: February 28, 2007, 10:58 AM:

Their penis enhancer did nothing for my female anatomy. Of course I left negative feedback!

And not only that, when I sent them $10,000 to an address in Nigeria, I did not get the plans for the quantum death ray they promised me via return mail.

Negative? I'll show them negative!

#103 ::: Serge ::: (view all by) ::: February 28, 2007, 11:02 AM:

Kathryn @ 102... What were you planning to do with that death ray? Nothing related to your job as an editor, I hope.

"Revise, or disintegrate!"

#104 ::: Nancy Lebovitz ::: (view all by) ::: February 28, 2007, 12:08 PM:

As for the original phish, the odds of the phisher getting anything useful seem pretty low, or at least no one seems to have figured out just what the clever scheme is. Could it have been a practical joke?

#105 ::: Nicole J. LeBoeuf-Little ::: (view all by) ::: February 28, 2007, 02:51 PM:

PJ @ 101 - Well, yeah, I never said I felt obliged to keep it....

Oh. I was sloppy. Instead of saying "I used to be able to delete," I should have said, "I used to be able to JUNK." As in, Mark As Junk. Now I have to actually spend some cycles on whether to hit J or to hit DEL. But it does all get deleted one way or another.

#106 ::: Henry Troup ::: (view all by) ::: February 28, 2007, 03:57 PM:

I had an Amazon Payments phish the other day. Since I do have an Amazon Payments acount, I had to look at it. It was clearly bogus; but the IP address it linked back to was already invalidated. So someone is killing scams, maybe the Shadow?

(I probed the URL via an anonymizer.)

#107 ::: Stephan Brun ::: (view all by) ::: March 01, 2007, 06:35 AM:

Joann, given the way I know regexes, I have to admit that what you are saying sounds very strange. Regexes are usually restricted only on the level of lines, or not at all. Mind you, I don't know Eudora, so what I am saying may not apply.

An expression like '.*' should match an entire line, whatever it contains, and not be tied to word-boundaries. Have you tested whether something like 'h.*o' matches only 'hello' and not 'hell, can do' or even 'achoos'?

#108 ::: Liz ::: (view all by) ::: March 03, 2007, 04:03 AM:

I just got a new version of the same old, same old, this time in Amazon flavor.

Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning.

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Please follow the link below: https: [backslash] [backslash] www.amazon.com[backslash]execobidos[backslash]sign-in[dot]htmland update your account information.
We appreciate your support and understanding, as we work together to keep Amazon market a safe place.

Thank you for your attention on this serious matter.


Other news: I have more than one email address, all of which are forwarded into my main account. My ISP uses postini, which so far is only catching about half of these, which have various subject lines that all include "problem" but have various forms ("work problem"; "re: work problem"; "office problem" "re: office problem" and so on.

Hi, I hate to be the one to mention this, but people continue to talk about your weight issue and it just disgusts me. Whether you know it by now, people are always chattering about each other at work but you come up more than enough.

#109 ::: Neil Willcox ::: (view all by) ::: March 03, 2007, 06:01 AM:

I got the weight problem one, which I found to be pretty incoherent.

My favourite spam email has been one from someone offering email marketing services. I'm not quite sure why using spam to advertise spam amuses me so much, but it does.

#110 ::: David Goldfarb ::: (view all by) ::: March 04, 2007, 07:12 AM:

I can one-up that one: I've gotten spam advertising spam filtering software.

#111 ::: Patrick Nielsen Hayden ::: (view all by) ::: March 04, 2007, 11:50 AM:

Clifton Royston, #s 71 and 72: Sorry you got nailed by the blocker. As you can see, your first post got approved.

I haven't really studied the spam issue enough to have a position on it. I just know the EFF's position doesn't seem to me to merit the description "hysterical". They may be wrong (I dunno) but there's nothing inherently "hysterical" in taking a suspicious view of initiatives to "improve" the internet which are spearheaded by a large corporation which has every vested interest imaginable in damaging the very openness that has made the unwalled Internet preferable, in most users' eyes, to AOL.

On the face of it this would seem to be an issue on which people can take either side without being "hysterical". That's all I was trying to get at.

#112 ::: Stefan Jones ::: (view all by) ::: March 04, 2007, 02:44 PM:

I received a piece of mail today, purportedly from tnh@panix.com, titled "RE: Thank You" and containing an attachment labeled "xxxxxx.jpg"

Think it might be bogus? :-)

#113 ::: Clifton Royston ::: (view all by) ::: March 04, 2007, 02:52 PM:

Patrick:

Sorry I got distracted and didn't follow up with more commentary. I can be more than a bit scatter-brained.

I'll agree to drop the word "hysterically", sure. It probably wasn't the right word in the first place for this particular case. (Parenthetical Q: If Fred Phelps is the yardstick for "hysterical", can anyone else qualify?)

Here's a succinct summary of what I see as the bigger underlying problem:

The EFF's position on email and spam has been visibly driven by John Gilmore's personal opinions. Gilmore's repeatedly stated position is that it is morally unacceptable for anyone to use any antispam software, unless it can be guaranteed that it will never misclassify a single non-spam message as spam. As this goal can't be achieved by mere software, ISPs should be forbidden to filter or block email, and everyone must be permitted to receive all their spam and sort through it manually. Yes, he really says this. To back up his position, Gilmore continued to operate an intentionally "open relay" mailserver at toad.com for years, even after he knew that it was being used to relay spam, and has insisted that nobody had any right to list his server on a DNSBL, or even to reject mail from his server on their own mailserver, merely because spam was being sent from it. When - if I recall correctly - two different ISPs refused to continue service to him because his server was in fact being used to send spam, he campaigned against the "conspiracy" of ISPs to silence him.

As a founder, board member, and major contributor of the EFF, Mr. Gilmore obviously exerts a lot of influence on their policy. I know some people there like Cindy Cohen understand the issues and at least some of the technology reasonably well, and over the last 5 years the EFF's stance has gradually become less extreme. As I did some Googling for the previous post, I noticed that in the last couple years the EFF has quietly toned down or dropped their previous vocal opposition to DNSBLs and to SpamAssassin. However, any new antispam technology tends to draw their immediate ire.

I admire Gilmore's unreasonableness in some areas. "All progress depends on the unreasonable man." (An Aleister Crowley quote, I think.) For example, his challenge to TSA regulations was damn important. However, I vastly resent his trying to tell me what email I must receive.

#114 ::: Clifton Royston ::: (view all by) ::: March 04, 2007, 05:19 PM:

P.S. It should be obvious that all of the above post is my personal opinions, interpretations, cynical observations, fallacious memories, etc. but just in case it's not:

All of the above post is my personal opinions, interpretations, cynical observations, fallacious memories, etc. Contents may have settled during shipping. Product is sold by weight not volume. May contain peanuts or be processed on machinery which also processes peanuts or tree nuts.

#115 ::: Paul A. ::: (view all by) ::: March 05, 2007, 10:24 AM:

"The reasonable man adapts himself to the world. The unreasonable man persists in trying to adapt the world to himself. All progress, therefore, depends upon the unreasonable man."

-- a revolutionary in George Bernard Shaw's Man and Superman

#116 ::: Randolph Fritz ::: (view all by) ::: March 05, 2007, 12:32 PM:

Cliff@113--I haven't thought of Gilmore in a long time until the EFF's spam politics was mentioned, and then I wondered--thanks for confirming my intuition. John Gilmore, who I knew back when, is one of the reasons I'm not an EFF member; I disliked his ideological rigidity and the attitudes it brought to the organization; he had--and I suppose still has--the sort of arrogance that young men get when they become quickly rich and successful; ironically he is a philosophical anarchist.

"All progress depends on the unreasonable man" is George Bernard Shaw, and I don't think it's true.

#117 ::: Patrick Nielsen Hayden ::: (view all by) ::: March 05, 2007, 09:00 PM:

I agree with Randolph. I'm pretty radically pro-privacy, anti-DRM, anti-Fatherland Security, etc., but I'm afraid my attitude toward Gilmore's heroic stances has often been "yeah, you can afford to do that, lucky you."

#118 ::: Randolph Fritz ::: (view all by) ::: March 09, 2007, 02:50 PM:

Thank you Patrick@117 & John@100.

John, I agree with ciphergoth (Paul Crowley) on technical matters; I think there is a need to address the poltical and social matters, however. Time was, in the dawn of the internet, one could arrive at a good technical solution, sell it on its technical merits to the technical administration of the 'net, and get most of the net to adopt it. Those times are gone and now the only way solutions will be adopted is if major organizations adopt them. Perhaps Paul Crowley's approach is a good one--good technical soulutions are needed--, but "marketing" of any solution is also needed.

Choose:
Smaller type (our default)
Larger type
Even larger type, with serifs

Dire legal notice
Making Light copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 by Patrick & Teresa Nielsen Hayden. All rights reserved.