Re: Famous Hacker Uses Challenge-Responses

On comp.mail.misc, in , "Alan Connor" wrote:

This is the Original Post on this thread, which the
fuckwitted spammer-troll losers are allegedly discussing.

They don't want you to see this.

>
>
> http://spamarrest.com/pressoffice/news/index.jsp
>
>
>
> Famed hacker endorses Spam Arrest
> Toronto Star - August 4, 2003
> So what does [Kevin] Mitnick, former
> hacker supremo, use to guard against
> spam? "I use Spam Arrest," he told
> The Guardian. "Any legitimate person
> who wants to send me a message has to
> jump through hoops before they can be
> added to my opt-in list." Read
> more...
>
>

Spam Arrest is a Challenge-Response System.

Kevin Mitnick is one of the leading computer
security consultants in the world.

Me thinks that he knows better than a bunch
of spammer/trolls.

Just a hunch.

These petty criminals hate Challenge-Response
Systems because they can't beat them.

Which is why these systems are becoming more and more popular,
with even major ISPs like Earthlink offering them to their
regular customers as a part of their spam-fighting package.

I haven't read a single post on this re-incarnated thread.

I don't read trollshit.

I use a Challenge-Response System. You can mail me, but
if you don't use your real return address, I'll never even
know you tried to mail me.

alanconnor AT earthlink DOT net

AC


--
Please visit my home page:
http://angel.1jh.com./nanae/kooks/alanconnor.html

Re: Famous Hacker Uses Challenge-Responses

· Alan Connor :

> I use a Challenge-Response System. You can mail me, but
> if you don't use your real return address, I'll never even
> know you tried to mail me.
>
> alanconnor@earthlink.net

I'm curious: If your system is so great and powerful,
why do you munge your adress in the From: header of
every posting you send out?

Further: How do you prevent, that your system is spamming
other people (scenario: idiot with forged adress sends
mail to a "protect" adress, your system then sends out a
probe)?

Alexander Skwar
--
we:
The single most important word in the world.

Re: Famous Hacker Uses Challenge-Responses

In message <1456211.d84kGAACmt@m-id.message-center.info> Alexander Skwar
wrote:

>· Alan Connor :
>
>> I use a Challenge-Response System. You can mail me, but
>> if you don't use your real return address, I'll never even
>> know you tried to mail me.
>>
>> alanconnor@earthlink.net
>
>I'm curious: If your system is so great and powerful,
>why do you munge your adress in the From: header of
>every posting you send out?
>
>Further: How do you prevent, that your system is spamming
>other people (scenario: idiot with forged adress sends
>mail to a "protect" adress, your system then sends out a
>probe)?

He doesn't -- He just pretends it's not a problem. He even goes as far
as to claim it isn't a problem sometimes.

The 500 odd C/R messages I received last week, mostly in response to the
German crap, would seem to disagree.

Most were from a small set of C/R products, I have already automated
positive responses to two of them and I manually confirmed a bunch of
the rest as I added SpamAssassin rulesets to keep their C/R crap away
from my users.


--
Oh well, I guess this is just going to be one of those lifetimes.

FAQ: Canonical list of questions Beavis refuses to answer (V1.20) (was Re: Famous Hacker Uses

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-24916-1116808092-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Beavis writes:

> On comp.mail.misc, in , Beavis wrote:
>

Beavis, listen to your doctor and stop talking to yourself.

It took -- what, two days? -- for you to get over your latest
bitch-slapping, and this is the best that you could come back with?

> This is the Original Post on this thread, which the
> fuckwitted spammer-troll losers are allegedly discussing.
>
> They don't want you to see this.

If you're not taking your meds, Beavis, you better start taking them soon.
If you are taking some meds, you should stop taking them.

But, speaking of things you don't want others to see:

http://tinyurl.com/ifrt - Beavis hot on the trail of the author of MSBlast.

http://tinyurl.com/ys6z4 - Beavis offering hacking advice.

http://tinyurl.com/5qqb6 - Beavis recommends rsh for remote login access
over the Internet.

http://tinyurl.com/3swes - Beavis describes his sooper-dooper slrn
configuration; strangely enough he's silent as to where one might find this
amazing code.


> Kevin Mitnick is one of the leading computer
> security consultants in the world.
>
> Me thinks that he knows better than a bunch
> of spammer/trolls.

That's where you went wrong, Beavis. That's your fatal error: you tried to
think. Cut it out. You can't do that, you should know that by now.

> These petty criminals hate Challenge-Response
> Systems because they can't beat them.
>
> Which is why these systems are becoming more and more popular,
> with even major ISPs like Earthlink offering them to their
> regular customers as a part of their spam-fighting package.

Beavis FAQ question #8.

> I haven't read a single post on this re-incarnated thread.

FAQ #6

> I don't read trollshit.

FAQ #12

> I use a Challenge-Response System. You can mail me, but
> if you don't use your real return address, I'll never even
> know you tried to mail me.

FAQ #2


FAQ: Canonical list of questions Beavis refuses to answer (V1.20)

This is a canonical list of questions that Beavis never answers. This FAQ is
posted on a semi-regular schedule, as circumstances warrant.

For more information on Beavis, see:

http://angel.1jh.com/nanae/kooks/alanconnor.shtml

Although Beavis has been posting for a long time, he always remains silent
on the subjects enumerated below. His response, if any, usually consists of
replying to the parent post with a loud proclamation that his Usenet-reading
software runs a magical filter that automatically identifies anyone who's
making fun of him, and hides those offensive posts. For more information
see question #9 below.

============================================================ ================

1) If spammers avoid forging real E-mail addresses on spam, then where do
all these bounces everyone reports getting (for spam with their return
address was forged onto) come from?

2) If your Challenge-Response filter is so great, why do you still munge
when posting to Usenet?

3) Do you still believe that rsh is the best solution for remote access?
(http://tinyurl.com/5qqb6)

4) What is your evidence that everyone who disagrees with you, and thinks
that you're a moron, is a spammer?

5) How many different individuals do you believe really post to
comp.mail.misc? What is the evidence for your paranoid belief that everyone,
except you, who posts here is some unknown arch-nemesis of yours?

6) How many times, or how often, do you believe is necessary to announce
that you do not read someone's posts? What is your reason for making these
regularly-scheduled proclamations? Who do you believe is so interested in
keeping track of your Usenet-reading habits?

7) When was the last time you saw Bigfoot (http://tinyurl.com/23r3f)?

8) If your C-R system employs a spam filter so that it won't challenge spam,
then why does any of the mail that passes the filter, and is thusly presumed
not to be spam, need to be challenged?

9) You claim that the software you use to read Usenet magically identifies
any post that makes fun of you. In http://tinyurl.com/3swes you explain
that "What I get in my newsreader is a mock post with fake headers and no
body, except for the first parts of the Subject and From headers."

Since your headers indicate that you use slrn and, as far as anyone knows,
the stock slrn doesn't work that way, is this interesting patch to slrn
available for download anywhere?

10) You regularly post alleged logs of your procmail recipe autodeleting a
bunch of irrelevant mail that you've received. Why, and who exactly do you
believe is interested in your mail logs?

11) How exactly do you "enforce" an "order" to stay out of your mailbox,
supposedly (http://tinyurl.com/cs8jt)? Since you issue this "order" about
every week, or so, apparently nobody wants to follow it. What are you going
to do about it?

12) What's with your fascination with shit? (also http://tinyurl.com/cs8jt)?


--=_mimegpg-commodore.email-scan.com-24916-1116808092-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCkSOcx9p3GYHlUOIRAl9EAJsEp5gCWDBV722zX2zbifYPZiC0kACe Ntn1
htHLa1hMCCodBHOSyWo93Pg=
=LLIw
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-24916-1116808092-0002--

Re: Famous Hacker Uses Challenge-Responses

Post removed (X-No-Archive: yes)

Re: Famous Hacker Uses Challenge-Responses

In message Alan
Connor wrote:

>Spam Arrest is a Challenge-Response System.
>
>Kevin Mitnick is one of the leading computer
>security consultants in the world.
>
>Me thinks that he knows better than a bunch
>of spammer/trolls.
>
>Just a hunch.
>
>These petty criminals hate Challenge-Response
>Systems because they can't beat them.
>
>Which is why these systems are becoming more and more popular,
>with even major ISPs like Earthlink offering them to their
>regular customers as a part of their spam-fighting package.
>
>I haven't read a single post on this re-incarnated thread.
>
>I don't read trollshit.
>
>I use a Challenge-Response System. You can mail me, but
>if you don't use your real return address, I'll never even
>know you tried to mail me.
>
>alanconnor AT earthlink DOT net

So why all the munging of your address if your C/R system is so awesome?


--
If you can remain calm, you just don't have all the facts.

Re: Famous Hacker Uses Challenge-Responses

On 2005-05-23, DevilsPGD wrote:

> In message Alan
> Connor wrote:
>
>>Spam Arrest is a Challenge-Response System.
>>
>>Which is why these systems are becoming more and more popular,
>>with even major ISPs like Earthlink offering them to their
>>regular customers as a part of their spam-fighting package.

Then why were most of the German neo-nazi spams I got last week sent
through earthlink?

--

John (john@os2.dhs.org)

Re: Famous Hacker Uses Challenge-Responses

On comp.mail.misc, in , "Alan Connor" wrote:



From: DevilsPGD

$ host -a be0bb553.authen.white.readfreenews.net
be0bb553.authen.white.readfreenews.net does not exist, try again

$ whois be0bb553.authen.white.readfreenews.net

Whois Server Version 1.3

No match for "BE0BB553.AUTHEN.WHITE.READFREENEWS.NET".

IP hidden...

From: DevilsPGD

Spammers always try to make people think that they
are anti-spam so that they will share their spam-
fighting secrets with them....

So do trolls who can't send their crap to people's
mailboxes if they use good spam filters.

No way I am even bothering to read this person's
article.

Anyone stupid enough to believe a word they say is too
stupid to be of interest to me.

Post what you want, fool.

But stay out of my mailboxes.

That's an order, not a request.


AC

--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
~

Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Alan Connor wrote:
>
> Post what you want, fool.
>
> But stay out of my mailboxes.
>
> That's an order, not a request.
>
>

I agree with that one principle!
"Post what you want, but stay out of my mailbox" is a good way to sum it
up....

....Too bad you don't practice what you preach!

It really IS the ONLY criterium I need to determine whether something is
spam. If I didn't ask for it, either directly or indirectly, then it
certainly qualifies something as spam, particularly when I have no
affiliation whatsoever with anyone behind the mail.

Because of self-serving clowns like you, who think they can ignore those
things presented to them to the contrary until they miraculously vanish, I
get way too many clueless C/R challenges in my inbox to ever justify its
widespread use.

You refuse every opportunity to just address the questions put before you,
because you know yourself, there are NO GOOD ANSWERS.

You curiously refer to ISPs, who still haven't addressed their own spam
complaints adequately, as reputable examples of C/R employers. (Enough said
on that one.)

Anyone who thinks it's OK to direct things into my mailbox, knowing there's
a better chance that I had nothing to do with the process, is guilty of
spamming me, and gets classified along with those who willfully spam.

There really is no difference.
The internet has been banging its collective head against the wall asking
spammers to respect its mailboxes. Now we have to add C/R advocates to this
list of people who refuse to honour the same request, while saying they're
doing it to fight spam. (Luckily, there's only a few out there who think
C/R is that workable, none of which have shown a verifiable respect for the
internet anyway.)

As you said yourself...
Think what you want, and fight what you want.
Just don't do either in MY mailbox.

C/R-generated mail in MY inbox IS spam, because *I* say it is.
End of story.
(Too bad you and the other 3 who think like you are not part of that story!)

- One of Many Fed-up Users

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Unsubscribe Here! wrote:

> Because of self-serving clowns like you, who think they can ignore those
> things presented to them to the contrary until they miraculously vanish, I
> get way too many clueless C/R challenges in my inbox to ever justify its
> widespread use.

I must say that in my 10+ years of Internet use I have only ever
recieved one challenge. I certainly found it irritating and decided the
person wasn't that important to talk to, but I have not noticed this
widespread use of CR systems cramming my email box full either.

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In message <11955f256vm9e3c@corp.supernews.com> Noah Roberts
wrote:

>Unsubscribe Here! wrote:
>
>> Because of self-serving clowns like you, who think they can ignore those
>> things presented to them to the contrary until they miraculously vanish, I
>> get way too many clueless C/R challenges in my inbox to ever justify its
>> widespread use.
>
>I must say that in my 10+ years of Internet use I have only ever
>recieved one challenge. I certainly found it irritating and decided the
>person wasn't that important to talk to, but I have not noticed this
>widespread use of CR systems cramming my email box full either.

I received over a hundred misdirected challenges in the last two weeks,
virtually all as a result of this German spam, and *all* directed to
addresses which have never sent mail *ever* and have a SPF record ending
in -all.

I automated responses to one format of C/R message, and am blacklisting
the rest locally. *shrugs*

I've received a few to messages I actually sent, I don't believe I've
answered any although I may have once or twice.


--
What's orange, brown, black, and red? Give up?
They're COLOURS, idiot!

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Noah Roberts wrote:

> I must say that in my 10+ years of Internet use I have only ever
> recieved one challenge. I certainly found it irritating and decided the
> person wasn't that important to talk to, but I have not noticed this
> widespread use of CR systems cramming my email box full either.

I've received a fair number - not hundreds, but quite a few - because one of my
domain names is apparently pretty frequently forged as part of a return address.

For every single one I receive, I respond appropriately to the challenge, so that
the spam can go through. If there's any opportunity to send a message along with
the response to the challenge, I send one stating that I didn't send the original
mail, and suggesting that they turn off their C/R tool, whatever it is, because
it's spamming me.

I haven't seen any that are obviously from Alan-Connor-ware - they mostly seem to
come from Earthlink. Thank goodness that not all their users are using their
broken C/R option!

--
u wi zat clue stick dotorg

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In message "Unsubscribe
Here!" wrote:

>Alan Connor wrote:
>>
>> Post what you want, fool.
>>
>> But stay out of my mailboxes.
>>
>> That's an order, not a request.
>>
>>
>
>I agree with that one principle!
>"Post what you want, but stay out of my mailbox" is a good way to sum it
>up....

I should take this opportunity to point out that I have never emailed
Alan Connor.



--
I'd give my right arm to be ambidextrous.

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

D. Stussy wrote:
> On Mon, 23 May 2005, Unsubscribe Here! wrote:
>>
>> It really IS the ONLY criterium I need to determine whether
>> something is spam. If I didn't ask for it, either directly or
>> indirectly, then it certainly qualifies something as spam,
>> particularly when I have no affiliation whatsoever with anyone
>> behind the mail.
>
> Careful: Not everything you receive is asked for, or is spam. If
> you never asked for it, then an e-mail exchange initiated by your
> friend or relative (I will assume that you have one or the other)
> would be unsolicited and therefore spam according to your definition,
> and likewise, anything you initiated would be spam to them. Being
> "unsolicited" is not a sufficient definition of spam; it's incomplete
> - there's much more to it.

1) What part of "when I have no affiliation... with" did you miss?

2) I believe I simply stated that if *I* say it's spam, that's enough for
me. The term "spam", after all, is ultimately applied by the recipient.

>
> C/R itself is at best "noise" and at worst, spam in its own right.

Wasn't the latter at least part of my point?

>> The internet has been banging its collective head against the wall
>> asking spammers to respect its mailboxes. Now we have to add C/R
>> advocates to this list of people who refuse to honour the same
>> request, while saying they're doing it to fight spam. (Luckily,
>> there's only a few out there who think C/R is that workable, none of
>> which have shown a verifiable respect for the internet anyway.)
>
> Few? There's only one C/R nut-job here. Everyone else has since
> long ago realized that it's not only not workable but also that C/R
> systems can be tricked by spammers and are thus effectively open
> spammer relays.

I wish I could agree with you, but such is obviously not the case.
And, the C/R spam I get comes from a variety of sources, not just providers.

As well, the same clueless principle is used for a variety of softwares
people are using from antivirus to network configuration. Now, you don't
just get "You sent us a virus, you asshole!", you get "Please confirm for my
anti-spam filter that the message was sent by you", and other nuisances
directly from someone's PC.

The server-applied, automated C/R is just the "industrial strength" version
of that same stupidity. And aren't there a few major ISPs that are playing
with it right now?

Some are just calling it something else.

>
>> As you said yourself...
>> Think what you want, and fight what you want.
>> Just don't do either in MY mailbox.
>>
>> C/R-generated mail in MY inbox IS spam, because *I* say it is.
>
> No arguing with that, but MANY others also say it is too. You are
> not the sole or final authority (except perhaps for your own mailbox).

And I emphasized "MY mailbox".
That WAS the point.

- Brent

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

DevilsPGD wrote:
> In message "Unsubscribe
> Here!" wrote:
>
>> Alan Connor wrote:
>>>
>>> Post what you want, fool.
>>>
>>> But stay out of my mailboxes.
>>>
>>> That's an order, not a request.
>>>
>>>
>>
>> I agree with that one principle!
>> "Post what you want, but stay out of my mailbox" is a good way to
>> sum it up....
>
> I should take this opportunity to point out that I have never emailed
> Alan Connor.

Oh, I had absolutely no question about that!

All I was pointing out was his blatant disregard for his own words.
(Notwithstanding the blatant disregard he has for the opinions of the users
who have bothered to give him the feedback.)

- Brent

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

D. Stussy wrote:

> Just wait until you get a message claiming to be a challenge that is really
> spam - caused by the spammer forging your address as sender and sending it to a
> known C/R system. Perhaps then you will make the jump from C/R messages not
> being merely "noise" but spam in their own right.

Yes, I guess I will wait until that happens.

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

On comp.mail.misc, in , "D. Stussy" wrote:

That's right. Stay out of my mailboxes.

This isn't a request, it is an order, and one my
Challenge-Response System does a fine job of enforcing.

As for your opinion of these systems?

It and a dollar will get you a cup of coffee.

Earthlink likes them. I like them. Anyone who
really wants to get spam and trollmail out of
their lives likes them.



I know it pisses you off that you can't fill my mailboxes
with your abusive posts and spam.

But you COULD if you weren't a little criminal weasel
that can't use his real return address.

YOUR problem, not mine. I don't even know when you
TRY to violate my mailboxes.

And keeping you out takes 0 minutes of my time every
week.

You are a little spot of dried shit on the bottom of
my shoe.

http://tinyurl.com/2t5kp

AC


--
Please visit my home page:
http://angel.1jh.com./nanae/kooks/alanconnor.html

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re:Famous Hacker Uses Challenge-Responses")

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-22867-1117031076-0003
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Beavis writes:

> On comp.mail.misc, in , "D. Stussy" wrote:
>
> That's right. Stay out of my mailboxes.

Beavis, how many times did I order you to stop shitting in your pants?

> This isn't a request, it is an order,

Take your order, and stick it up your port 25.

> and one my
> Challenge-Response System does a fine job of enforcing.

And that's why Earthlink told you to cut this shit out.



--=_mimegpg-commodore.email-scan.com-22867-1117031076-0003
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBClIqkx9p3GYHlUOIRAtiBAJ0TSpJJSrxuocG4vJP8ML5M0fpySgCf e+Kv
DlBAq53u+Hk/hYTX5uzZKJc=
=8AoJ
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-22867-1117031076-0003--

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

D. Stussy wrote:
>
> Having "no affiliation" doesn't apply to all the cases your statement
> encompassed. What usage of "particularly" (in context, "specifically
> but not necessarily limited to") did you mean if you wished to limit
> your statement to ONLY those cases where you had no affiliation with
> the sender?
>
> I am not a mind reader. If you can't express yourself by saying
> precisely what you mean, then you need to rewrite your statements so
> that it does reflect your intended meaning (hopefully, unambiguously).

There's no reason to dissect the original statement so finely. It really
isn't rocket science, but here's the crux of the point in a much more
pointed manner...

An e-mail in MY inbox is "spam" when I say that it is. Nobody else has to
give me the "permission" to define it that way, and there is no room for
argument from anyone else - especially the one who sent it!

What triggered this comment was this whole (non-)debate about C/R and
whether or not it should be considered a spam-generator, when, in fact, the
recipients already classify it as such.

>
>> 2) I believe I simply stated that if *I* say it's spam, that's
>> enough for me. The term "spam", after all, is ultimately applied by
>> the recipient.
>
> Communication only works when everyone has the same dictionary.

No thesaurus needed here.
You simply misssed the point.
(No offense intended.)

>
>>> C/R itself is at best "noise" and at worst, spam in its own right.
>>
>> Wasn't the latter at least part of my point?
>
> Not stated. Regardless, a challenge that is sent IN RESPONSE TO an
> email that YOU DID SEND would not meet your definition of unsolicited
> - as you would [presumedly] be expecting a reply of some sort from
> the party you mailed - just not an automatically generated one.
>

If I transmit an e-mail, that action (and anything that results from it)
would not fall under the same umbrella as "something I didn't ask for". The
challenge would still be annoying, but at least it would be acting within
the realm of what it was designed to do. (That's not an approval, just an
acknowlegement that, in such a case, I would have had some involvement.)

>>
>> I wish I could agree with you, but such is obviously not the case.
>> And, the C/R spam I get comes from a variety of sources, not just
>> providers.
>
> Why not agree? Alan Connor is the only nut-job advocating C/R
> systems on "comp.mail.misc". Everyone else dismisses the solution as
> soon as they learn how a spammer can turn a C/R system into an open
> relay.

While I agree AC is a nut-job, and that very few others seem to be pushing
C/R, I can't dismiss the evidence in my mailbox that others are playing with
the concept. That's all.

>
> You mean that there are versions of C/R that aren't integral to the
> MTA? If the idea is not to deliver a message until a response to the
> challenge is received, then how do the non-MTA based C/R systems
> work? Where are they holding the pending (under challenge) messages?

I have no idea or interest in what role the C/R was playing in relation to
anyone's MTA, as it's outside the point I was making. That point being, I
have received challenges to mail I didn't send. The only responses I ever
sent to those were direct complaints.

>
>> ... And aren't there a few major ISPs that are playing with it right
>> now?
>
> I have no personal knowledge of any that are. I have not seen any
> challenges from AOL - nor have I ever received one from earthlink -
> of which others have posted that they DO.

I have had a few from Earthlink and AOL, but I've actually seen more from
smaller, maybe more private operations. A few of them I recall were from
schools and corporate projects.

>
> Once, I did see that someone's SMALL ISP did send a challenge back to
> an e-mail I sent them. The only reason I know of this is from the
> review of my server's logs. My SpamAssassin module saw it, classifed
> it as spam (on a point system), and auto-deleted it. It never made
> it to my mailbox.
>
>
>> Some are just calling it something else.
>
> Under what other names is "challenge/response" masquerading as?

Truthfully, I can't recall the exact names I read. I think it's because of
all the other terms that are coming into play that are not exactly C/R, such
as "Sender Verification", and "SMTP Authentication". I just can't remember.
I haven't really been following this stuff enough to know all its
terminology.

All I'm trying to do is talk about what one user sees from where he is, and
why that's all that's really needed sometimes when classifying something as
net-abuse.

>
>>>> As you said yourself...
>>>> Think what you want, and fight what you want.
>>>> Just don't do either in MY mailbox.
>>>>
>>>> C/R-generated mail in MY inbox IS spam, because *I* say it is.
>>>
>>> No arguing with that, but MANY others also say it is too. You are
>>> not the sole or final authority (except perhaps for your own
>>> mailbox).
>>
>> And I emphasized "MY mailbox".
>> That WAS the point.
>
> Just as "particularly" meant all cases? :-)

I don't know where you got that.
The word was clearly used to add a criterium to the statement.
I said "particularly when I have no affiliation..."

The "statement" itself was pretty clear as well...
"If I didn't ask for it, either directly or indirectly, then it certainly
qualifies something as spam..."

Note (particularly) the word "qualifies".
That one alone is a hint that I have other variables I would apply if I
needed to be so exact. Exactness, however, wasn't required there.

> Due to your misusage of diction above, I couldn't reasonably conclude
> that.

You dissected a statement where it wasn't required.
The diction was fine for the point intended.

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Alan Connor wrote:
> On comp.mail.misc, in
> , "D. Stussy" wrote:
>
> That's right. Stay out of my mailboxes.
>
> This isn't a request, it is an order, and one my
> Challenge-Response System does a fine job of enforcing.
>
> As for your opinion of these systems?
>
> It and a dollar will get you a cup of coffee.
>
> Earthlink likes them. I like them. Anyone who
> really wants to get spam and trollmail out of
> their lives likes them.
>
>
>
> I know it pisses you off that you can't fill my mailboxes
> with your abusive posts and spam.
>
> But you COULD if you weren't a little criminal weasel
> that can't use his real return address.
>
> YOUR problem, not mine. I don't even know when you
> TRY to violate my mailboxes.
>
> And keeping you out takes 0 minutes of my time every
> week.
>
> You are a little spot of dried shit on the bottom of
> my shoe.
>
> http://tinyurl.com/2t5kp
>
> AC

Well, Alan...

Since everything is sooo in order on your end, and you have soooo little
worry about all us evil little NANAEites and what we do, you really don't
have any need to be posting here, then, do you??!

Go on!
Off ya go!!

Enjoy your inevitable little intranet, won't you!

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

D. Stussy wrote:
>> What triggered this comment was this whole (non-)debate about C/R and
>> whether or not it should be considered a spam-generator, when, in
>> fact, the recipients already classify it as such.
>
> C/R systems ARE spam REFLECTORS because any spammer can trick them
> into delivering his drivel. All he has to do is forge the mailbox of
> his intended recipient as if it were the originator of the message
> that goes to the C/R system's server. The C/R system then issues the
> challenge - thus spamming the forged mailbox. QED.
>
> [Note: If a C/R system doesn't include or otherwise make reference
> to the incoming message under challenge in a MEANINGFUL WAY TO A
> PERSON, then there is no way for a sender of a legitimate message to
> know that it is a challenge to a message he actually sent - and thus
> it's "noise." (A spammer can test a C/R system by looking at the
> challenge sent back to himself and arrange his payload accordingly.)
> Remember that mail can be forwarded or list-expanded....]
>
>> You simply misssed the point.
>
> Actually, you failed to clearly state your point.

It seems the point has come across regardless, so let's put it to rest.

>>
>> While I agree AC is a nut-job, and that very few others seem to be
>> pushing
> ^^^^^^^^^^^^^^^
>> C/R, I can't dismiss the evidence in my mailbox that others are
>> playing with the concept. That's all.
>
> Only in Alan Connor's mind. There is NO ONE ELSE pushing C/R [here].

(You just said, indirectly, that AC has a mind.)

>>
>> Truthfully, I can't recall the exact names I read. I think it's
>> because of all the other terms that are coming into play that are
>> not exactly C/R, such as "Sender Verification", and "SMTP
>> Authentication". I just can't remember. I haven't really been
>> following this stuff enough to know all its terminology.
>
> SMTP Authentication is not C/R. That's when one logs into the server
> by username and PW, usually inside a SMTPS session.
>
> Sender verification is SPF and Yahoo's DomainKeys. Neither of these
> are C/R - as they both use public/private keys and DNS records.

Yes, I know what these are.
My reluctance to try and remember the "alternative" names to C/R was because
I didn't want to end up saying things like the above terms when I know they
don't apply to C/R.

(Really wish I could remember what a few others were trying to call it.)

Anyway, regardless of how few are "pushing" C/R, whether "here" (tinh) or
anywhere else, the challenges are still showing up here and there in
mailboxes such as mine. It's interesting to see that others don't get these
as often as I seem to. Granted, I'm not talking about a big shitload, and
the volume has been going down these last few months, but even a couple a
week makes me scratch my head at how clueless and annoying some people's
"solutions" can be, and the impact they can have.

Regards!
- Brent

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Unsubscribe Here! wrote:
[deleted]
> Yes, I know what these are.
> My reluctance to try and remember the "alternative" names to C/R was because
> I didn't want to end up saying things like the above terms when I know they
> don't apply to C/R.
>
> (Really wish I could remember what a few others were trying to call it.)

Perhaps you were looking for terms like "SMTP 5yz C/R system" which
for example RobertMaas (no space) used? (Other similar terms were
"SMTP-5yz-reject C/R system", "SMTP reject", etc..) If so, these *were*
C/R systems, just (supposedly) 'better' (read: somewhat less abusive)
ones.

[deleted]

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Frank Slootweg wrote:
> Unsubscribe Here! wrote:
>>
>> (Really wish I could remember what a few others were trying to call
>> it.)
>
> Perhaps you were looking for terms like "SMTP 5yz C/R system" which
> for example RobertMaas (no space) used? (Other similar terms were
> "SMTP-5yz-reject C/R system", "SMTP reject", etc..) If so, these
> *were* C/R systems, just (supposedly) 'better' (read: somewhat less
> abusive) ones.
>

That kind of naming convention sounds a little familiar.
Truthfully, I don't remember.

For sure, "If it quacks like a duck..."

: )

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re:Famous Hacker Uses

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-5899-1117369806-0002
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

D. Stussy writes:

> On Thu, 26 May 2005, Unsubscribe Here! wrote:
>> D. Stussy wrote:
>> > ...
>> > Only in Alan Connor's mind. There is NO ONE ELSE pushing C/R [here].
>>
>> (You just said, indirectly, that AC has a mind.)
>
> Perhaps a Faux Paus. However, nowhere did I say that it works. Even worm=
s and
> squid have nervous systems. :-)

Counting down to the forthcoming Beavis post where he will assert that
you're me; 5â€=A6 4â€=A6 3â€=A6 2â€=A6 1â€=A6



--=_mimegpg-commodore.email-scan.com-5899-1117369806-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCmbXOx9p3GYHlUOIRAn/aAJ0QWA5q3AcDzrzPovZ9qSWSBtcwmgCb BDpl
xTmzvb8Fp5UkGXeDIapuA7I=
=4tV1
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-5899-1117369806-0002--

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In article ,
Unsubscribe Here! wrote:

>An e-mail in MY inbox is "spam" when I say that it is.

No. It's _unwanted_ if you say that it is. But the word "spam" has a
specific definition, and it isn't "the recipient says so". That would
be a useless definition.

> Nobody else has to give me the "permission" to define it that way,
>and there is no room for argument from anyone else

If there's no room for argument then you're just plain wrong, because
I say so.

>What triggered this comment was this whole (non-)debate about C/R and
>whether or not it should be considered a spam-generator, when, in fact, the
>recipients already classify it as such.

But that doesn't make it spam. What makes it spam is that it's bulk
unsolicited email.

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

In article ,
D. Stussy wrote:
>On Sat, 4 Jun 2005, Seth Breidbart wrote:
>> >What triggered this comment was this whole (non-)debate about C/R and
>> >whether or not it should be considered a spam-generator, when, in fact, the
>> >recipients already classify it as such.
>>
>> But that doesn't make it spam. What makes it spam is that it's bulk
>> unsolicited email.
>
>What makes C/R challenges spam is that they can be used by spammers to deliver
>their message.

No, what makes them spam is that they're bulk unsolicited email.

> In that case, it's not BULK because the spammer must send one
>message to the [defective] C/R system for every intended recipient.

So what? The spammer can send one message directly to each intended
recipient, and if there are many of them, it's spam. Why does
bouncing them off a C/R system or an open forwarder or any other
reflector make them less bulk?

> However,
>it's still unsolicited advertising sent to multiple recipients (even if one at
>a time) - and that's what constitutes spam for the individual recipient.

There's no such concept as "spam for the individual recipient".
Something either is spam or is not spam.

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Seth Breidbart wrote:

>> However,
>> it's still unsolicited advertising sent to multiple recipients (even
>> if one at a time) - and that's what constitutes spam for the
>> individual recipient.
>
> There's no such concept as "spam for the individual recipient".
> Something either is spam or is not spam.
>
> Seth

I don't care if it was only sent to me...
If I receive something I consider to be spam, it's spam!

AFAIC, the term "spam" should be applied by the recipient anyway, as the
term itself is arbitrary in nature. And it sure takes the argument away
from those that try to tell you what they send "isn't spam".

- Brent

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In message "D. Stussy"
wrote:

>On Tue, 7 Jun 2005, Seth Breidbart wrote:
>> In article ,
>> D. Stussy wrote:
>> >On Sat, 4 Jun 2005, Seth Breidbart wrote:
>> >> >What triggered this comment was this whole (non-)debate about C/R and
>> >> >whether or not it should be considered a spam-generator, when, in fact, the
>> >> >recipients already classify it as such.
>> >>
>> >> But that doesn't make it spam. What makes it spam is that it's bulk
>> >> unsolicited email.
>> >
>> >What makes C/R challenges spam is that they can be used by spammers to deliver
>> >their message.
>>
>> No, what makes them spam is that they're bulk unsolicited email.
>
>How can a challenge be bulk mail? Since the incoming mail can have only one
>sender, the challenge has only one recipient. Therefore, how can a challenge
>message with a single recipient be bulk in nature, let alone be unsolicited (as
>a reply to a message sent to it)?

*sigh* This again.

Bulk, because a large number of substantially identical messages are
sent out. Spam is still bulk even with hashbusters.

Unsolicited because if *I* didn't send the original email, then *I* did
not solicit the response.


--
do not creep a coconut
-- NANAE

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
Unsubscribe Here! wrote:

>I don't care if it was only sent to me...
>If I receive something I consider to be spam, it's spam!

Then the term "spam" is useless when applied by you.

>AFAIC, the term "spam" should be applied by the recipient anyway, as the
>term itself is arbitrary in nature.

Then it's worthless.

> And it sure takes the argument away
>from those that try to tell you what they send "isn't spam".

And you can consider a single message, individually typed, from your
ex-girlfriend to be "spam". Thus, nobody else (specifically, not the
abuse desk of the sender's ISP) has any reason to care that you called
something "spam".

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

In article ,
D. Stussy wrote:
>On Tue, 7 Jun 2005, Seth Breidbart wrote:
>> In article ,
>> D. Stussy wrote:
>> >On Sat, 4 Jun 2005, Seth Breidbart wrote:
>> >> >What triggered this comment was this whole (non-)debate about C/R and
>> >> >whether or not it should be considered a spam-generator, when, in fact, the
>> >> >recipients already classify it as such.
>> >>
>> >> But that doesn't make it spam. What makes it spam is that it's bulk
>> >> unsolicited email.
>> >What makes C/R challenges spam is that they can be used by spammers to deliver
>> >their message.
>> No, what makes them spam is that they're bulk unsolicited email.
>How can a challenge be bulk mail?

If it's one of many, it's bulk.

> Since the incoming mail can have only one sender, the challenge has
>only one recipient. Therefore, how can a challenge message with a
>single recipient be bulk in nature,

So according to you, if a spammer sends each copy of its message
individually, then they aren't spam?

> let alone be unsolicited (as
>a reply to a message sent to it)?

If someone else (e.g. another spammer, email worm, etc.) forged my
address as the sender, then _I_ didn't solicit any sort of response.

Or are you acting the way spammers do: "My affiliate solicited me to
send the message to the Millions CD so the messages aren't
unsolicited"?

>You're obviously an idiot who doesn't deserve any further recognition or
>acknowledgment of your existence.

You're obviously a hypocrite who will keep responding to my postings.

>> > In that case, it's not BULK because the spammer must send one
>> >message to the [defective] C/R system for every intended recipient.
>> So what? The spammer can send one message directly to each intended
>> recipient, and if there are many of them, it's spam. Why does
>> bouncing them off a C/R system or an open forwarder or any other
>> reflector make them less bulk?
>Bulk is one message to many recipients. This is many messages to many
>recipients, with each message having only ONE recipient. That does not make it
>bulk.

"Substantively identical" is the qualifier for messages being "the
same". Or are you using a claim that even spammers fail to make, that
by sending each message individually with hashbusters, they become
single messages and therefore not spam?

>> There's no such concept as "spam for the individual recipient".
>> Something either is spam or is not spam.
>
>As long as you keep insisting that spam must be in bulk, then I counter: As an
>individual, there is no way for you to confirm just by looking at a message you
>receive that anyone else has also received it - and without that component, you
>cannot determine that any message you received was originally a bulk message
>(one sender and multiple [many] recipients).

So what?

> You insist that spam is unsolicited BULK email. How do you PROVE
>it was bulk when you are a single recipient?

I find other single recipients. That's easy for anyone with a brain.
You should ask for help from someone who can read.

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

On Mon, 13 Jun 2005 16:53:38 +0000 (UTC), sethb@panix.com (Seth
Breidbart) wrote:

>In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
>Unsubscribe Here! wrote:
>
>>I don't care if it was only sent to me...
>>If I receive something I consider to be spam, it's spam!
>
>Then the term "spam" is useless when applied by you.
>
>>AFAIC, the term "spam" should be applied by the recipient anyway, as the
>>term itself is arbitrary in nature.
>
>Then it's worthless.

Of course this is OK since no laws should be based on spam :-)

>> And it sure takes the argument away
>>from those that try to tell you what they send "isn't spam".
>
>And you can consider a single message, individually typed, from your
>ex-girlfriend to be "spam". Thus, nobody else (specifically, not the
>abuse desk of the sender's ISP) has any reason to care that you called
>something "spam".

I thought that defining spam was given up on :-)

I would never support an anti-spam laws when it makes spam illegal.

Just too damn hard to prove for the average end user.

>Seth

--
Mark

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Seth Breidbart wrote:
> In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
> Unsubscribe Here! wrote:
>
>> I don't care if it was only sent to me...
>> If I receive something I consider to be spam, it's spam!
>
> Then the term "spam" is useless when applied by you.

So are the terms "pornographic", "offensive", "undesireable", etc., if
you're goal is to get everyone else to agree with you and make rules/laws
around them.

But we still all use such terms for our own purposes. Without personal
opinion, there would be no desire to "classify" anything for any reason.

"spam" is just another arbitrary term.
That's why there's no consensus on what it means.
The true meaning of it exists differently in each of us.

Therefore, it is "useless" to apply the term when communicating with anyone
else.

But, what the term represents to ME is still important.

>
>> AFAIC, the term "spam" should be applied by the recipient anyway, as
>> the term itself is arbitrary in nature.
>
> Then it's worthless.

As the individual recipient develops more say on what he can block himself
(and I really believe this option will come down the line), the term will no
longer be "worthless".

>
>> And it sure takes the argument away
>> from those that try to tell you what they send "isn't spam".
>
> And you can consider a single message, individually typed, from your
> ex-girlfriend to be "spam". Thus, nobody else (specifically, not the
> abuse desk of the sender's ISP) has any reason to care that you called
> something "spam".
>

Such a scenario may not have any "bearing" on my ISP, but if that
ex-girlfriend continued to send me messages against my expressed wishes, I
certainly could say "she is spamming me". I would just have to be content
with saying such a thing to myself only.

But that's referring to someone I have already established a "personal"
relationship with.

What about a 1-time, typed e-mail from a company I have never dealt with or
given permission to mail me for any reason? It's not "bulk", but I can
still tell them I consider that spam and "not to spam me" if I want to.

Notice, too, that I didn't even include whether or not the message was
personal in nature or commercial. That's because I consider that detail
irrelevant as well.

- Brent

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

That's right: Stay out of my mailboxes unless you wish to
discuss something with me personally, in a civil and intelligent
and honest manner.

Please note that the above is not a request, it is an order
that is enforced silently by my spam-troll filter.

I speak for MANY others here, 10s of thousands and more
every day.

Our mailboxes belong to me, and no one else in the world has
any say over what sort of mail we will accept or reject.

Any responses to this post will be ignored (because you are all
boring and obnoxious, juvenile and dishonest), and I didn't even
read what the dickless feeb hiding behind yet another alias wrote
here.

If you don't like Challenge-Response-Systems, then eat shit.

Big, steaming piles of it.

AC


--
alanconnor AT earthlink DOT net
Please visit my home page:
http://angel.1jh.com./nanae/kooks/alanconnor.html

Meet the Beavis! (was Re: Stay Out of MY Mailbox!)

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-commodore.email-scan.com-2147-1118799849-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> *SLAP*

Beavis's entire previous kookfart can be compressed down to his FAQ:

#11, #5, then finally #12.

And now, presenting Beavis's theme song:


MEET THE BEAVIS
(sung to the theme song of "The Flintstones")

Beavis,
meet our Beavis,
He's the wanking troll of comp.mail.misc,
Beavis,
reading Beavis,
Endless laughter is your only risk.

Watch him,
spew his blather all day long,
Never,
does it dawn on him how he's wrong.

When you
read our Beavis,
Make sure your bladder's empty,
Because it's laughs a-plenty,
And try not to wet your pants!

STAY OUT OF MY MAILBOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOX!!!


--=_mimegpg-commodore.email-scan.com-2147-1118799849-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBCr4fpx9p3GYHlUOIRAgHDAJ9hCIRUbKnQJTEiPleyyAf/xmDKDwCf WKeA
xKhprN1jwMj5tpi9+zV7y8w=
=t3f7
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-2147-1118799849-0002--

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Alan Connor wrote:
>
>
> That's right: Stay out of my mailboxes unless you wish to
> discuss something with me personally, in a civil and intelligent
> and honest manner.
>


You should practice what you preach in the newsgroup as well.
What you did there was just as rude as your clueless C/R systems!

You completely snipped the active thread just to once again insert your
tired bullshit, which had no direct bearing on what was being discussed. Do
us all a favour and start a new thread if you're gonna toss the one in
progress... At least those that haven't KFed you already can ignore it and
move on to the next thread.

If you're gonna stick around, why don't you be a man and answer Sam's
questions?
(As if...)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In article <_UJre.3140$Qr3.651804@news20.bellglobal.com>,
Unsubscribe Here! wrote:
>Seth Breidbart wrote:
>> In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
>> Unsubscribe Here! wrote:
>>
>>> I don't care if it was only sent to me...
>>> If I receive something I consider to be spam, it's spam!
>>
>> Then the term "spam" is useless when applied by you.
>
>So are the terms "pornographic", "offensive", "undesireable", etc., if
>you're goal is to get everyone else to agree with you and make rules/laws
>around them.

Except there _are_ laws about those things.

>But we still all use such terms for our own purposes. Without personal
>opinion, there would be no desire to "classify" anything for any reason.

Without agree-upon definitions, there can be no communication.

>"spam" is just another arbitrary term.

Do you consider _all_ terms arbitrary?

>That's why there's no consensus on what it means.

Except there _is_. It's only a few (most kooks and spammers) who
disagree.

>The true meaning of it exists differently in each of us.

Sorry, I don't hold with your religious philosophy.

>Therefore, it is "useless" to apply the term when communicating with anyone
>else.

Some of us wish to communicate with others.

>But, what the term represents to ME is still important.

You, apparently, are happy contemplating your own navel. That's fine,
but why are you posting here?

>>> AFAIC, the term "spam" should be applied by the recipient anyway, as
>>> the term itself is arbitrary in nature.
>> Then it's worthless.
>As the individual recipient develops more say on what he can block himself
>(and I really believe this option will come down the line), the term will no
>longer be "worthless".

It's still worthless. You can block whatever you want for any reason
(or none), subject only to your own ability to do so. I block lots of
stuff that isn't spam because I just don't want to see it.

>What about a 1-time, typed e-mail from a company I have never dealt with or
>given permission to mail me for any reason? It's not "bulk", but I can
>still tell them I consider that spam and "not to spam me" if I want to.

You can tell them anything you want. They can pay as much attention
as they want.

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

Seth Breidbart wrote:
> In article <_UJre.3140$Qr3.651804@news20.bellglobal.com>,
> Unsubscribe Here! wrote:
>> Seth Breidbart wrote:
>>> In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
>>> Unsubscribe Here! wrote:
>>>
>>>> I don't care if it was only sent to me...
>>>> If I receive something I consider to be spam, it's spam!
>>>
>>> Then the term "spam" is useless when applied by you.
>>
>> So are the terms "pornographic", "offensive", "undesireable", etc.,
>> if you're goal is to get everyone else to agree with you and make
>> rules/laws around them.
>
> Except there _are_ laws about those things.

In the same context, there are laws about spam.

To enforce such laws in all of these cases, you need to prove to the court
that the term applies. Sometimes you'll win. Quite often you won't because
the defense is successful in illustrating the arbitrary nature of the terms
themsleves, and only has to press the "lack of intent" to get it thrown out.

>
>> But we still all use such terms for our own purposes. Without
>> personal opinion, there would be no desire to "classify" anything
>> for any reason.
>
> Without agree-upon definitions, there can be no communication.

You've just expanded what I said.
You first have to start with a personal opinion.
Once you have enough sharing this personal opinion, you can move on to
having a "mass" opinion.

That was the point.

>
>> "spam" is just another arbitrary term.
>
> Do you consider _all_ terms arbitrary?

Of course not.
But any term that relies on opinion is, by nature "arbitrary".

The fact that there can be so much disagreement on the use of certain terms
proves they are arbitary and that they may never successfully achieve a
universal application.

That has been my point all along.

>
>> That's why there's no consensus on what it means.
>
> Except there _is_. It's only a few (most kooks and spammers) who
> disagree.

I won't speak for kooks and spammers.
I will say there seems to be a wide range of opinions on what is considered
"spam".

Some say every commercially-generated e-mail is spam.
(Some of them say "only what's commercial".)
Others say it has to be sent in bulk to be considered spam.
Then there are those that say it's all about sending something without
consent (and that's all).

I think what I've been saying all along is I agree with the last one the
most.

And from what I see in a group like this, that seems to be the most common
statement.

>
>> The true meaning of it exists differently in each of us.
>
> Sorry, I don't hold with your religious philosophy.

There's nothing "religious" about what I said.
It just means we all have our own concept of what constitutes spam, and we
all follow our own wims when dealing with it anyway, regardless of the
standards offered.

>
>> Therefore, it is "useless" to apply the term when communicating with
>> anyone else.
>
> Some of us wish to communicate with others.

Yes, but if you're going to render a personal opinion as "useless", don't
expect an arbitrary term to be any more helpful.

>
>> But, what the term represents to ME is still important.
>
> You, apparently, are happy contemplating your own navel. That's fine,
> but why are you posting here?

Let's see.
We're discussing spam, and what constitutes it.
I've been saying the term itself is arbitrary and that not giving enough
weight to one's own personal opinion may be part of the problem.

You obviously think there's no point in that.

But what are the chances that any one personal opinion on such a subject
would not be shared by many others?

>
> It's still worthless. You can block whatever you want for any reason
> (or none), subject only to your own ability to do so. I block lots of
> stuff that isn't spam because I just don't want to see it.

Worthless to whom?
If enough people voice the same motivation, it can become protocol.

>
>> What about a 1-time, typed e-mail from a company I have never dealt
>> with or given permission to mail me for any reason? It's not
>> "bulk", but I can still tell them I consider that spam and "not to
>> spam me" if I want to.
>
> You can tell them anything you want. They can pay as much attention
> as they want.
>

Indeed, I can tell them and I can legitimately complain about them if they
persist enough, as I will have established the lack of consent.

I'm not saying I would pursue things like that, but there is a point there.
If enough people push the "consent" part, there may not be a need to dwell
on the "bulk" and/or "commercial" parts of the paradox.

My whole perception here is that, on the surface, the terms "unsolicited",
"bulk" and "commercial" appear to be pretty definite, so people seem to
cling to those terms when trying to concoct a "universal" definition of
spam, or prove that something was or wasn't spam.

But when you apply the labels "UCE" or "UBE", there's still arguments, not
only from the sender of the mail, but among the various recipients as well.
The labels fail!

That's why I think CONSENT may end up being the "new" definer. Not that
many in this group haven't already been applying it on our own for quite
some anyway. Should there ever be an "official legal redefinition" of spam,
I'm sure we'd see "consent" being a proposed element.

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker Uses Challenge-Responses")

In article ,
Unsubscribe Here! wrote:
>Seth Breidbart wrote:
>> In article <_UJre.3140$Qr3.651804@news20.bellglobal.com>,
>> Unsubscribe Here! wrote:
>>> Seth Breidbart wrote:
>>>> In article <3lLpe.10839$_n2.887395@news20.bellglobal.com>,
>>>> Unsubscribe Here! wrote:
>>>>
>>>>> I don't care if it was only sent to me...
>>>>> If I receive something I consider to be spam, it's spam!
>>>> Then the term "spam" is useless when applied by you.
>>> So are the terms "pornographic", "offensive", "undesireable", etc.,
>>> if you're goal is to get everyone else to agree with you and make
>>> rules/laws around them.
>> Except there _are_ laws about those things.
>In the same context, there are laws about spam.

No, there aren't. There are laws about stuff that is spam. None of
the laws I've ever heard of is about "spam" per se; they all very
carefully define precisely what they apply to (e.g. "Advertising email
with misleading headers").

>To enforce such laws in all of these cases, you need to prove to the court
>that the term applies.

Since the term isn't used in the law, you don't.

> Sometimes you'll win. Quite often you won't because
>the defense is successful in illustrating the arbitrary nature of the terms
>themsleves, and only has to press the "lack of intent" to get it thrown out.

Give one example of that happening.

>>> But we still all use such terms for our own purposes. Without
>>> personal opinion, there would be no desire to "classify" anything
>>> for any reason.
>> Without agree-upon definitions, there can be no communication.
>You've just expanded what I said.
>You first have to start with a personal opinion.
>Once you have enough sharing this personal opinion, you can move on to
>having a "mass" opinion.
>
>That was the point.

That's not the way things work. There's a concept; somebody comes up
with a term to describe that concept, and other people adopt that term
because it's easier to use the term than to describe the concept every
time you want to talk about it.

>>> "spam" is just another arbitrary term.
>> Do you consider _all_ terms arbitrary?
>Of course not.
>But any term that relies on opinion is, by nature "arbitrary".

But the meaning of "spam" (in the email context) doesn't rely on
opinion.

>The fact that there can be so much disagreement on the use of certain terms
>proves they are arbitary and that they may never successfully achieve a
>universal application.

Terms such as "God"?

>>> That's why there's no consensus on what it means.
>> Except there _is_. It's only a few (most kooks and spammers) who
>> disagree.
>I won't speak for kooks and spammers.
>I will say there seems to be a wide range of opinions on what is considered
>"spam".

Aside from kooks and spammers, they range all the way from
"Unsolicited Bulk Email" to "Unsolicited Broadcast Email". That
doesn't seem like a very wide range.

>Some say every commercially-generated e-mail is spam.
>(Some of them say "only what's commercial".)
>Others say it has to be sent in bulk to be considered spam.
>Then there are those that say it's all about sending something without
>consent (and that's all).

They're all kooks.

>I think what I've been saying all along is I agree with the last one the
>most.
>
>And from what I see in a group like this, that seems to be the most common
>statement.

I offer that you don't see very well.

>>> The true meaning of it exists differently in each of us.
>> Sorry, I don't hold with your religious philosophy.
>There's nothing "religious" about what I said.

Yes, there is.

>It just means we all have our own concept of what constitutes spam,

Do you also have your own concept of what constitutes salad? (Do you
have a lot of fun in restaurants?)

> and we
>all follow our own wims when dealing with it anyway, regardless of the
>standards offered.

Sure; we can do whatever we want with incoming email, including
calling it by inapplicable names.

>>> Therefore, it is "useless" to apply the term when communicating with
>>> anyone else.
>> Some of us wish to communicate with others.
>Yes, but if you're going to render a personal opinion as "useless", don't
>expect an arbitrary term to be any more helpful.

But an arbitrary term _is_ helpful because it describes something;
that is, it states that an arbitrary definition applies to that
thing. Calling something "salad" tells you a bit about what it is.

>>> But, what the term represents to ME is still important.
>> You, apparently, are happy contemplating your own navel. That's fine,
>> but why are you posting here?
>Let's see.
>We're discussing spam, and what constitutes it.
>I've been saying the term itself is arbitrary and that not giving enough
>weight to one's own personal opinion may be part of the problem.
>
>You obviously think there's no point in that.
>
>But what are the chances that any one personal opinion on such a subject
>would not be shared by many others?

So there are 50 different meanings, each shared by some number of
people; one by 90+%, the other 49 by very small groups. Claiming that
the meaning is "personal opinion" is useful for communication among
the majority.

>> It's still worthless. You can block whatever you want for any reason
>> (or none), subject only to your own ability to do so. I block lots of
>> stuff that isn't spam because I just don't want to see it.
>Worthless to whom?
>If enough people voice the same motivation, it can become protocol.

And the definition of spam has reached precisely that stage.

>>> What about a 1-time, typed e-mail from a company I have never dealt
>>> with or given permission to mail me for any reason? It's not
>>> "bulk", but I can still tell them I consider that spam and "not to
>>> spam me" if I want to.
>> You can tell them anything you want. They can pay as much attention
>> as they want.
>Indeed, I can tell them and I can legitimately complain about them if they
>persist enough, as I will have established the lack of consent.

Ah, but what about that _first_ email that you consider spam, but
which isn't? Can you suggest anybody with any power (e.g. the
maintainer of any non-kook blocklist, postmaster at any site with real
users, etc.) who will add the sender to a list of spammers because you
didn't like a single non-bulk email?

>My whole perception here is that, on the surface, the terms "unsolicited",
>"bulk" and "commercial" appear to be pretty definite, so people seem to
>cling to those terms when trying to concoct a "universal" definition of
>spam, or prove that something was or wasn't spam.
>
>But when you apply the labels "UCE" or "UBE", there's still arguments, not
>only from the sender of the mail, but among the various recipients as well.
>The labels fail!

Given that there are multiple recipients, the mail is clearly bulk.

It's quite possible for some of them to have solicited it, and others
not.

>That's why I think CONSENT may end up being the "new" definer. Not that
>many in this group haven't already been applying it on our own for quite
>some anyway. Should there ever be an "official legal redefinition" of spam,
>I'm sure we'd see "consent" being a proposed element.

"Consent" is the opposite of "unsolicited" (unless you take the
spammers' viewpoint that someone consented to the spam by existing or
having an email address).

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

In article ,
D. Stussy wrote:
>On Mon, 13 Jun 2005, Seth Breidbart wrote:
>> In article ,
>> D. Stussy wrote:

>> If it's one of many, it's bulk.
>
>Since each one has but a SINGLE recipient, how can you tell that there were any
>others let alone MANY others? You can't - and you know it.

The issue at hand is the _definition_, not whether I can determine how
many there were (which, if there were a lot, I generally can determine
that there were a lot).

>> > Since the incoming mail can have only one sender, the challenge has
>> >only one recipient. Therefore, how can a challenge message with a
>> >single recipient be bulk in nature,
>> So according to you, if a spammer sends each copy of its message
>> individually, then they aren't spam?
>By your definition, no - because you cannot determine that it was sent to
>others based only on the copy that you received.

That's not my definition. It's your strawman. My definition doesn't
require me to do anything, it's about reality.

> You need more information
>than was given to determine that other people indeed received it also.

"determine" isn't part of my definition.

>> > let alone be unsolicited (as
>> >a reply to a message sent to it)?
>> If someone else (e.g. another spammer, email worm, etc.) forged my
>> address as the sender, then _I_ didn't solicit any sort of response.
>Just because YOU didn't solicit it doesn't mean that it's
>unsolicited.

Every spammer solicits himself (or his partners) to send me email.
Solicited *by a legitimate user of the recipient email address* is
what counts.

> C/R systems are autoresponders; they don't INITIATE exchanges. The
>system thinks that you did.

I don't care what your system thinks.

>> Or are you acting the way spammers do: "My affiliate solicited me to
>> send the message to the Millions CD so the messages aren't
>> unsolicited"?
>
>Message initiation is usually unsolicited - even between those parties where
>consent or permission has been given.

That's why either solicitation or consent renders a message non-spam.

That's as much of your nonsense as I feel like dealing with right now.

Seth

Re: Stay Out of MY Mailbox! (Was "Re: Famous Hacker UsesChallenge-Responses")

Post removed (X-No-Archive: yes)