temp email addresses on usenet for spam minimisation

I've noticed some people on usenet with temporary email addresses -
valid, but only for a set period of time after they post. I was
thinking this would be a good way to minimise spam and want to test it
out for a while.

Just wanted to ask about the methodology adopted from some of those that
use this method. I will be running it on a linux box using procmail.

I am not interested in munging my email address, and this method will
only be a suppliment to my whitelist/blacklist/procmail
filters/spamassassin combination.

So I was thinking about having an email address valid for about one
month - something like 0508-usenet@piggo.com for August 2005. I know
there is potential problem if I post on 31 Aug, but maybe I accept mail
to that address for 2 months instead, and overlap the acceptance of that
address with 0509-usenet@piggo.com.

I'm interested in all comments about the above (email is fine also if
you don't want everyone to know), and to hear how it has been
implemented by others. Also, what about the predictability of my
proposed method? It is quite obvious, I know. But as I said it will
only suppliment my other filters.

Thanks.

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

If you're not married to the idea of doing your own thing, have you
looked into Spamgourmet? I've been using it for years, and it's one of
the coolest services I've ever used. And free.

http://www.spamgourmet.com/index.cgi
--
"I went to the doctor because I'd swallowed a bottle of sleeping
pills. My doctor told me to have a few drinks and get some rest."
- Rodney Dangerfield

Now playing: the radio.

Re: temp email addresses on usenet for spam minimisation

Troy Piggins wrote:
> I've noticed some people on usenet with temporary email addresses -
> valid, but only for a set period of time after they post. I was
> thinking this would be a good way to minimise spam and want to test it
> out for a while.

Why I am responding:
--------------------
I saw this while doing research on the exact opposite question which I
just posted to the nntp newsgrops asking why on earth does an nntp post
require a valid email smtp/pop3 login?

Why do I not with to give my SMTP/POP3 identity away:
-----------------------------------------------------
I did an experiment where I created two email addresses and merely
posted one message with one and did nothing with the other and within
days I had spam on the one (guess which one) and within a couple of
months it was filled with spam.

Had I posted with my real email, the high spam:mail ratio would have
rendered my email address useless.

My response to you:
------------------
Why do you even bother to give a real email address at all (however
temporary)?
Why not just make up a fake one so that the spammers can spam that fake
email to death?

My particular problem:
----------------------
I can't seem to set up Forte Free Agent without giving it a 'real'
email address and that, in the light of the above, is vexing to say the
least!

Amy

Re: temp email addresses on usenet for spam minimisation

On 31 Jul 2005 22:23:50 GMT, Troy Piggins wrote:

> So I was thinking about having an email address valid for about one
> month - something like 0508-usenet@piggo.com for August 2005.

My experience ist that a "+" sign in the address is helpful too (see
my From:) because spammers' scripts often can't handle it.


gregor
--
.''`. http://info.comodo.priv.at/ | gpg key ID: 0x00F3CFE4
: :' : infos zur usenet-hierarchie at.*: http://www.usenet.at/
`. `' member of https://www.vibe.at/ | how to reply: http://got.to/quote/
`-

Re: temp email addresses on usenet for spam minimisation

On comp.mail.misc, in , "Troy
Piggins" wrote:

> I've noticed some people on usenet with temporary email
> addresses - valid, but only for a set period of time after they
> post. I was thinking this would be a good way to minimise spam
> and want to test it out for a while.
>
> Just wanted to ask about the methodology adopted from some of
> those that use this method. I will be running it on a linux
> box using procmail.
>
> I am not interested in munging my email address,
> and this method will only be a suppliment to my
> whitelist/blacklist/procmail filters/spamassassin combination.
>
> So I was thinking about having an email address valid for
> about one month - something like 0508-usenet@piggo.com for
> August 2005. I know there is potential problem if I post on
> 31 Aug, but maybe I accept mail to that address for 2 months
> instead, and overlap the acceptance of that address with
> 0509-usenet@piggo.com.
>
> I'm interested in all comments about the above (email is
> fine also if you don't want everyone to know), and to hear
> how it has been implemented by others. Also, what about the
> predictability of my proposed method? It is quite obvious, I
> know. But as I said it will only suppliment my other filters.
>
> Thanks.
>
> -- Troy Piggins

Hi Troy. The problem with this approach is that the address will be receiving spam for long after you drop it. And generating
bounces, etc.

In fact the _domain_ will probably be flooded with spam forever.

Why don't you want to munge your address?

AC


--
alanconnor AT earthlink DOT net
Use your real return address or I'll never know you
even tried to mail me. http://tinyurl.com/2t5kp
~

Re: temp email addresses on usenet for spam minimisation

* Tarkus wrote:
> If you're not married to the idea of doing your own thing, have you
> looked into Spamgourmet? I've been using it for years, and it's one
> of the coolest services I've ever used. And free.
>
> http://www.spamgourmet.com/index.cgi

Yeah, I have seen that. Not that I am "married", but would just like to
do my own thing. Thanks for the suggestion, though.

How often do you change the address?

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

* mymomsthirddaughter@yahoo.com wrote:
> Troy Piggins wrote:
>> I've noticed some people on usenet with temporary email addresses -
>> valid, but only for a set period of time after they post. I was
>> thinking this would be a good way to minimise spam and want to test it
>> out for a while.
>
> Why I am responding:
> --------------------
> I saw this while doing research on the exact opposite question which I
> just posted to the nntp newsgrops asking why on earth does an nntp post
> require a valid email smtp/pop3 login?

It doesn't. NNTP, SMTP, and POP3 are all different protocols used for
different things.

> Why do I not with to give my SMTP/POP3 identity away:
> -----------------------------------------------------
> I did an experiment where I created two email addresses and merely
> posted one message with one and did nothing with the other and within
> days I had spam on the one (guess which one) and within a couple of
> months it was filled with spam.
>
> Had I posted with my real email, the high spam:mail ratio would have
> rendered my email address useless.

Yep - I have done the same experiment. I posted with an email address
for a few weeks, and never again. I still get spam sent to that address
(well, I don't really, but my logs show attempts).

> My response to you:
> ------------------
> Why do you even bother to give a real email address at all (however
> temporary)?
> Why not just make up a fake one so that the spammers can spam that fake
> email to death?

Well, I see that as the spammers beating me. And there have been cases
where people have sent me legitimate emails resulting from usenet posts.

I will not give in to spammers.

> My particular problem:
> ----------------------
> I can't seem to set up Forte Free Agent without giving it a 'real'
> email address and that, in the light of the above, is vexing to say the
> least!

Haven't used Agent myself, but find it hard to believe you can't use a
fake email address. The email addresses you are trying to use - are
they in a valid email address format? eg amy@email.invalid

Or perhaps it isn't Agent imposing the restriction, but rather your
newserver requiring a valid email address as a login/authentication?

Or could it be the free version you are using, and the paid version
allows you to fake/munge email addresses?

Not sure, as I said I have't used Agent before.

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

* gregor herrmann wrote:
> On 31 Jul 2005 22:23:50 GMT, Troy Piggins wrote:
>
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-usenet@piggo.com for August 2005.
>
> My experience ist that a "+" sign in the address is helpful too (see
> my From:) because spammers' scripts often can't handle it.

Really? I will look into that - hadn't heard that one before. Handy to
know if it is correct. Although I would've thought they had a way
around that by now.

So any other comment? Do you do similar to what I was thinking? I
notice those numbers in your "From" header - is that a disposable
address?

Thanks.

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-29053-1122855625-0002
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Usenet Beavis writes:

> On comp.mail.misc, in , "Troy
> Piggins" wrote:
>>
>> I'm interested in all comments about the above (email is
>> fine also if you don't want everyone to know), and to hear
>> how it has been implemented by others. Also, what about the
>> predictability of my proposed method? It is quite obvious, I
>> know. But as I said it will only suppliment my other filters.
>>
>> Thanks.
>>
>> -- Troy Piggins
>
> Hi Troy.

Hi, Beavis! Where have you been for over a week, visiting Bigfoot? How's
the wife and kids?

> The problem with this approach is that the address will be
> receiving spam for long after you drop it.

Not if you do this right.

> And generating bounces, etc.

Who cares. I'm not the one who's going to be bouncing spam.

> In fact the _domain_ will probably be flooded with spam forever.

Not if the domain part no longer exist, because the variable part is in the
domain portion of the E-mail address.

> Why don't you want to munge your address?

Because he's not a Beavis.


--=_mimegpg-commodore.email-scan.com-29053-1122855625-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC7WrJx9p3GYHlUOIRAsudAJ9mkV5dLL/MmYjoImNwU+YsfOWv/wCd HtAy
YGVD4EbH0qkDw9/vWohGHyo=
=uPHA
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-29053-1122855625-0002--

Re: temp email addresses on usenet for spam minimisation

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Troy Piggins writes:

> So I was thinking about having an email address valid for about one
> month - something like 0508-usenet@piggo.com for August 2005. I know
> there is potential problem if I post on 31 Aug, but maybe I accept mail
> to that address for 2 months instead, and overlap the acceptance of that
> address with 0509-usenet@piggo.com.

Since this is your domain, and you control it, put the variable part in the
domain address. Set up an MX record for 08.2005.piggo.com, and post as
@08.2005.piggo.com.

In two weeks, set up an MX record for 09.2005.piggo.com, begin using
@09.2005.piggo.com to post to Usenet, and remove the MX record for
08.2005.piggo.com at the end of August.

Lather, rinse, repeat.

You can adjust the granularity to any arbitrary level.


--=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC7Wunx9p3GYHlUOIRAuquAJwI20O37mKyTxzqaOdbWoVeLjyWfgCg gMSY
l8kh9pDBOzGC2ifFJnS2/Uw=
=ETiq
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-29053-1122855847-0003--

Re: temp email addresses on usenet for spam minimisation

* Alan Connor wrote:
> On comp.mail.misc, in , "Troy
> Piggins" wrote:
>
>> I've noticed some people on usenet with temporary email
>> addresses - valid, but only for a set period of time after they
>> post. I was thinking this would be a good way to minimise spam
>> and want to test it out for a while.
[snip]
>> I am not interested in munging my email address,
>> and this method will only be a suppliment to my
>> whitelist/blacklist/procmail filters/spamassassin combination.
[snip]
>
> Hi Troy. The problem with this approach is that the address will be
> receiving spam for long after you drop it. And generating bounces,
> etc.
>
> In fact the _domain_ will probably be flooded with spam forever.

G'day Alan. It will and it does. Too late to stop that, it already
happens and will continue to do so. But that happens to anyone who owns
a domain name even if you don't post on usenet.

> Why don't you want to munge your address?

As I've said in some of my other replies, I see that as the spammers
beating me. Screw them. I aint hiding.

And I know that you do munge your addy, and that's cool. You want
usenet kept on usenet, and email kept for personal. That's fine.

Thanks for the comments. I am already most of hte way there with this
system being automatic for me, jsut some tweaking at the moment.

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

["Followup-To:" header set to comp.mail.misc.]
* Sam wrote:
>
> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
> Content-Type: text/plain; format=flowed; charset="US-ASCII"
> Content-Disposition: inline
> Content-Transfer-Encoding: 7bit

I know I know, my newsreader is "broken". You are the only person on
usenet I have ever seen this stuff not processed correctly by slrn.
I'll get there with a filter... eventually.

> Troy Piggins writes:
>
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-usenet@piggo.com for August 2005. I know
>> there is potential problem if I post on 31 Aug, but maybe I accept mail
>> to that address for 2 months instead, and overlap the acceptance of that
>> address with 0509-usenet@piggo.com.
>
> Since this is your domain, and you control it, put the variable part in the
> domain address. Set up an MX record for 08.2005.piggo.com, and post as
> @08.2005.piggo.com.
>
> In two weeks, set up an MX record for 09.2005.piggo.com, begin using
> @09.2005.piggo.com to post to Usenet, and remove the MX record for
> 08.2005.piggo.com at the end of August.

Ok, I see having variable in the domain part versus username part,
although I am a bit much of a mail server noob. What are the benefits of
this? Does mail sent to the "old" domain bounce, or undeliverable?
Wouldn't that also be possible with invalid usernames?

I will just need to figure out how to automate the MX record update
within postfix if I decide to use this method.

> Lather, rinse, repeat.

Thanks Sam "Martha Stewart" V :-)

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

Troy Piggins wrote:

> ["Followup-To:" header set to comp.mail.misc.]
> * Sam wrote:

>> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
>> Content-Type: text/plain; format=flowed; charset="US-ASCII"
>> Content-Disposition: inline
>> Content-Transfer-Encoding: 7bit

> I know I know, my newsreader is "broken". You are the only person on
> usenet I have ever seen this stuff not processed correctly by slrn.
> I'll get there with a filter... eventually.

If you mean the pgp junk, I'm seeing it too, even though I have

set hide_pgpsignature 1


--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

On comp.mail.misc, in , "Troy
Piggins" wrote:

> * Alan Connor wrote:
>
>> On comp.mail.misc, in , "Troy
>> Piggins" wrote:
>>
>>> I've noticed some people on usenet with temporary email
>>> addresses - valid, but only for a set period of time after
>>> they post. I was thinking this would be a good way to
>>> minimise spam and want to test it out for a while.
>
> [snip]
>
>>> I am not interested in munging my email address,
>>> and this method will only be a suppliment to my
>>> whitelist/blacklist/procmail filters/spamassassin
>>> combination.
>
> [snip]
>
>> Hi Troy. The problem with this approach is that the address
>> will be receiving spam for long after you drop it. And
>> generating bounces, etc.
>>
>> In fact the _domain_ will probably be flooded with spam
>> forever.
>
> G'day Alan. It will and it does. Too late to stop that, it
> already happens and will continue to do so. But that happens
> to anyone who owns a domain name even if you don't post on
> usenet.

:-) Pretty much.

>
>> Why don't you want to munge your address?
>
> As I've said in some of my other replies, I see that as the
> spammers beating me. Screw them. I aint hiding.

I don't hide from people, just spambots.

There is a difference.

I don't have to hide from spammers because they can't beat
my filter. But I see no need to be the cause of more spam
than necessary flooding the Internet.

Most of the 'spam' I get is from the fuckwitted spammer-trolls
who are now going to jump in here and claim that my filter
is spamming the Internet.

----> Big Yawn <----

Happy to ignore their Usenet farts as usual.

>
> And I know that you do munge your addy, and that's cool. You
> want usenet kept on usenet, and email kept for personal.
> That's fine.

Not quite. I want stuff that should be posted on the Usenet to
be posted on the Usenet.

A lot of people from the Usenet contact me, and some have become
regular correspondents.

>
> Thanks for the comments. I am already most of hte way there
> with this system being automatic for me, jsut some tweaking at
> the moment.
>
> -- Troy Piggins

Cheers,

AC

--
alanconnor AT
earthlink DOT net. Use your real return
address or I'll never know you even tried
to mail me. http://tinyurl.com/2t5kp
~

Re: temp email addresses on usenet for spam minimisation

["Followup-To:" header set to comp.mail.misc.]
* Blinky the Shark wrote:
> Troy Piggins wrote:
>> * Sam wrote:
>
>>> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
>>> Content-Type: text/plain; format=flowed; charset="US-ASCII"
>>> Content-Disposition: inline
>>> Content-Transfer-Encoding: 7bit
>
>> I know I know, my newsreader is "broken". You are the only person on
>> usenet I have ever seen this stuff not processed correctly by slrn.
>> I'll get there with a filter... eventually.
>
> If you mean the pgp junk, I'm seeing it too, even though I have
>
> set hide_pgpsignature 1

The term "broken" was used because I have corresponded with Sam about
that before, and that was the term he used. His posts with mimegpg
appear to comply with the relevant RFCs (can't remember the actual
no's), but slrn doesn't handle them properly.

I have looked into it in the past, but didn't have the time to fully
handle it. I was thinking about writing a macro to just strip out the
stuff outside the boundaries, but needed to do a lot more learning about
s-lang etc to complete it.

Wanna share the load ;-) ?

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-18432-1122863506-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Troy Piggins writes:

>> In two weeks, set up an MX record for 09.2005.piggo.com, begin using
>> @09.2005.piggo.com to post to Usenet, and remove the MX record for
>> 08.2005.piggo.com at the end of August.
>
> Ok, I see having variable in the domain part versus username part,
> although I am a bit much of a mail server noob. What are the benefits of
> this?

If some spamware tries to spam that E-mail address a year from now, it won't
even find your mail server.

> Does mail sent to the "old" domain bounce, or undeliverable?

Try sending mail to and see for yourself
what happens. Both abracadabra.tld.invalid and 08.2005.piggo.com would be
nonexistent domains, and will suffer the same fate, for the purpose of this
experiment.

> Wouldn't that also be possible with invalid usernames?

The spamware will still connect to your mail server, and attempt to deliver
the message, which you will reject. There are known flavors of spamware
that will repeatedly try to deliver spam even after a permanent delivery
failure. The spamware will make repeated delivery attempts through
different zombies, on the theory that the delivery failure is due to a
blacklisted zombie.

When the domain is invalid, the spamware will not even find your mail
server. So, each spamware attempted delivery attempt will only cause a
failed DNS lookup.

An even better idea is to put in a wildcard MX to 127.0.0.1, so that the
failed DNS lookup gets cached.



--=_mimegpg-commodore.email-scan.com-18432-1122863506-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC7YmSx9p3GYHlUOIRAnRGAJ9vp04Mo/kl3HwU+9/H+aHDRehyWQCf TWS7
zD08t+yA3ZUN+4TMMZDxt2U=
=xSY8
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-18432-1122863506-0001--

Re: temp email addresses on usenet for spam minimisation

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-18432-1122863613-0002
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg

Usenet Beavis writes:

> I don't have to hide from spammers because they can't beat
> my filter.

Right, Beavis. It's difficult to â€=9Cbeatâ€=9D your procmail recip=
e:

:0
/dev/null

> A lot of people from the Usenet contact me, and some have become
> regular correspondents.

Beavis, how long have you been posting to Usenet?


--=_mimegpg-commodore.email-scan.com-18432-1122863613-0002
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC7Yn9x9p3GYHlUOIRAlrwAJ9nb+yuQ4hO/7Cx7zQiPnH3OM+feQCf bbCt
UGWzsRNITb9HLOTjNG2MK5I=
=1SDo
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-18432-1122863613-0002--

Re: temp email addresses on usenet for spam minimisation

Troy Piggins wrote:
> ["Followup-To:" header set to comp.mail.misc.]
> * Blinky the Shark wrote:
>> Troy Piggins wrote:
>>> * Sam wrote:

>>>> --=_mimegpg-commodore.email-scan.com-29053-1122855847-0003
>>>> Content-Type: text/plain; format=flowed; charset="US-ASCII"
>>>> Content-Disposition: inline
>>>> Content-Transfer-Encoding: 7bit

>>> I know I know, my newsreader is "broken". You are the only person on
>>> usenet I have ever seen this stuff not processed correctly by slrn.
>>> I'll get there with a filter... eventually.

>> If you mean the pgp junk, I'm seeing it too, even though I have

>> set hide_pgpsignature 1

> The term "broken" was used because I have corresponded with Sam about
> that before, and that was the term he used. His posts with mimegpg
> appear to comply with the relevant RFCs (can't remember the actual
> no's), but slrn doesn't handle them properly.

> I have looked into it in the past, but didn't have the time to fully
> handle it. I was thinking about writing a macro to just strip out the
> stuff outside the boundaries, but needed to do a lot more learning about
> s-lang etc to complete it.

> Wanna share the load ;-) ?

Sorry -- it's my turn to wash and wax the elephants this week. :)

(I know nothing about s-lang.)

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
The Internet standard for MIME PGP messages, RFC 2015, was published in 1996.
To open this message correctly you will need to install E-mail or Usenet
software that supports modern Internet standards.

--=_mimegpg-commodore.email-scan.com-18432-1122864164-0003
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Troy Piggins writes:

> that before, and that was the term he used. His posts with mimegpg
> appear to comply with the relevant RFCs (can't remember the actual
> no's), but slrn doesn't handle them properly.

Why, it's RFC 2015.

I have a standing open challenge for anyone to identify anything in this
message (or in any one I've posted for many years now) that disagrees with
RFC 2015. If there's something here that's not right, then I'll fix it.



--=_mimegpg-commodore.email-scan.com-18432-1122864164-0003
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQBC7Ywkx9p3GYHlUOIRAg5wAJ4tZPT8K2LkKirDhB5+zWFj92Em8ACf ajIi
1IF3U3rZbjIgQ9n3iZcaFVU=
=x25Q
-----END PGP SIGNATURE-----

--=_mimegpg-commodore.email-scan.com-18432-1122864164-0003--

Re: temp email addresses on usenet for spam minimisation

["Followup-To:" header set to comp.mail.misc.]
* Sam wrote:
> Troy Piggins writes:
>
>> that before, and that was the term he used. His posts with mimegpg
>> appear to comply with the relevant RFCs (can't remember the actual
>> no's), but slrn doesn't handle them properly.
>
> Why, it's RFC 2015.
>
> I have a standing open challenge for anyone to identify anything in this
> message (or in any one I've posted for many years now) that disagrees with
> RFC 2015. If there's something here that's not right, then I'll fix it.

I couldn't see anything non-compliant last time I looked into it with my
inexperienced eyes.

--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

["Followup-To:" header set to comp.mail.misc.]
* Sam wrote:
> Troy Piggins writes:
>>
>> Ok, I see having variable in the domain part versus username part,
>> although I am a bit much of a mail server noob. What are the benefits of
>> this?
>
> If some spamware tries to spam that E-mail address a year from now, it won't
> even find your mail server.
>
>> Does mail sent to the "old" domain bounce, or undeliverable?
>
> Try sending mail to and see for yourself
> what happens. Both abracadabra.tld.invalid and 08.2005.piggo.com would be
> nonexistent domains, and will suffer the same fate, for the purpose of this
> experiment.
>
>> Wouldn't that also be possible with invalid usernames?
>
> The spamware will still connect to your mail server, and attempt to deliver
> the message, which you will reject. There are known flavors of spamware
> that will repeatedly try to deliver spam even after a permanent delivery
> failure. The spamware will make repeated delivery attempts through
> different zombies, on the theory that the delivery failure is due to a
> blacklisted zombie.
>
> When the domain is invalid, the spamware will not even find your mail
> server. So, each spamware attempted delivery attempt will only cause a
> failed DNS lookup.
>
> An even better idea is to put in a wildcard MX to 127.0.0.1, so that the
> failed DNS lookup gets cached.

I see. Thanks for putting it in layman's terms for me. Sounds like the
path I will (attempt to) take.

Thanks again.
--
Troy Piggins

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

Ian Anderson wrote:

> If you use Free Agent for email you have to give Agent your real email
> address. To hide your real address in newsgroups, first highlight all
> your subscribed newsgroups and then click on Properties and enter a
> fake email address. In future when you post with Agent in newsgroups
> your fake email address will be displayed, however if you reply by
> email your real email address will be shown.


Ian, what's the deal with privacy.net? When they (I believe) changed
hands and the new site (definitely) appeared, there was no longer any
mention of the old me@privacy.net (and me[number]@privacy.net) hole(s).
I looked all over the place. Are you sure that's still available in the
form it was before?

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

Ian Anderson wrote:
> On 1 Aug 2005 07:41:13 GMT, "Blinky the Shark"wrote:

>>Ian Anderson wrote:

>>> If you use Free Agent for email you have to give Agent your real email
>>> address. To hide your real address in newsgroups, first highlight all
>>> your subscribed newsgroups and then click on Properties and enter a
>>> fake email address.

>>
>>Ian, what's the deal with privacy.net? When they (I believe) changed
>>hands and the new site (definitely) appeared, there was no longer any
>>mention of the old me@privacy.net (and me[number]@privacy.net) hole(s).
>>I looked all over the place. Are you sure that's still available in the
>>form it was before?

> The web page once said those addresses were available to be used and
> as far as I know there is nowhere on the web pages where it asks
> people to stop using them. If such a request was made I would stop
> using the email address immediately. But those addresses must be in
> wide use to avoid spam in newsgroups by thousands possibly millions of
> people.

I sent a post to me@privacy.net this morning; I haven't seen a bounce.
I take this as a good sign (in terms of the service still being up and
available), since that's the way it worked when we know it was up.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Blinky the Shark wrote:
[deleted]
> I sent a post to me@privacy.net this morning; I haven't seen a bounce.
> I take this as a good sign (in terms of the service still being up and
> available), since that's the way it worked when we know it was up.

Perhaps I remember wrong, but AFAIR, me@privacy.net used to 'bounce',
i.e. give a return message saying something to the effect that it was
a dummy address and that mail to it was not read. IMO, that was the good
thing, i.e. respondents which were not aware of what me@privacy.net
was/meant at least got notification that their mail 'failed'.

Re: temp email addresses on usenet for spam minimisation

Frank Slootweg wrote:
> Blinky the Shark wrote: [deleted]

>> I sent a post to me@privacy.net this morning; I haven't seen a
>> bounce. I take this as a good sign (in terms of the service still
>> being up and available), since that's the way it worked when we know
>> it was up.

> Perhaps I remember wrong, but AFAIR, me@privacy.net used to
> 'bounce', i.e. give a return message saying something to the effect
> that it was a dummy address and that mail to it was not read. IMO,
> that was the good thing, i.e. respondents which were not aware of
> what me@privacy.net was/meant at least got notification that their
> mail 'failed'.

Contrast that to the bounce I just got, that still, along with any
mention of it at the new web site, makes me think the service has been
disabled:



This message was created automatically by mail delivery software (Exim).

A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on
fall-pradero.atl.sa.earthlink.net.

....

The address to which the message has not yet been delivered is:

me@privacy.net




--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Blinky the Shark wrote:
> Frank Slootweg wrote:
>> Blinky the Shark wrote: [deleted]

>>> I sent a post to me@privacy.net this morning; I haven't seen a
>>> bounce. I take this as a good sign (in terms of the service still
>>> being up and available), since that's the way it worked when we know
>>> it was up.

>> Perhaps I remember wrong, but AFAIR, me@privacy.net used to
>> 'bounce', i.e. give a return message saying something to the effect
>> that it was a dummy address and that mail to it was not read. IMO,
>> that was the good thing, i.e. respondents which were not aware of
>> what me@privacy.net was/meant at least got notification that their
>> mail 'failed'.

> Contrast that to the bounce I just got, that still, along with any

Along with there *not being* any mention of it...

My bad writing.

> mention of it at the new web site, makes me think the service has been
> disabled:

>

> This message was created automatically by mail delivery software (Exim).

> A message that you sent has not yet been delivered to one or more of its
> recipients after more than 24 hours on the queue on
> fall-pradero.atl.sa.earthlink.net.

> ...

> The address to which the message has not yet been delivered is:

> me@privacy.net

>




--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Blinky the Shark wrote:
> Frank Slootweg wrote:
> > Blinky the Shark wrote: [deleted]
>
> >> I sent a post to me@privacy.net this morning; I haven't seen a
> >> bounce. I take this as a good sign (in terms of the service still
> >> being up and available), since that's the way it worked when we know
> >> it was up.
>
> > Perhaps I remember wrong, but AFAIR, me@privacy.net used to
> > 'bounce', i.e. give a return message saying something to the effect
> > that it was a dummy address and that mail to it was not read. IMO,
> > that was the good thing, i.e. respondents which were not aware of
> > what me@privacy.net was/meant at least got notification that their
> > mail 'failed'.
>
> Contrast that to the bounce I just got, that still, along with [there
> not being] any mention of it at the new web site, makes me think the
> service has been disabled:
>
>
>
> This message was created automatically by mail delivery software (Exim).
>
> A message that you sent has not yet been delivered to one or more of its
> recipients after more than 24 hours on the queue on
> fall-pradero.atl.sa.earthlink.net.
>
> ...
>
> The address to which the message has not yet been delivered is:
>
> me@privacy.net
>
>

I also sent a test message and got this, more specific, response:

> Reporting-MTA: dns; smtp4.wanadoo.nl
> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)
>
> Final-Recipient: rfc822; me@privacy.net
> Action: delayed
> Status: 4.0.0
> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)

Note the "timed out" bit. So apparently my MSP's mailserver
(smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
out.

Perhaps the more knowledgeable (than I) people in the audience can
indicate which scenario would give this response, in the context of a
me@privacy.net target address. I.e. if privacy.net does not accept mail
to me@privacy.net, then why the time-out instead of an 'immediate'
reject? And if it does accept mail, then why does Blinky's mail fail and
mine time-out (and probably fail later)?

Re: temp email addresses on usenet for spam minimisation

On 04 Aug 2005 10:41:01 GMT, Frank Slootweg
wrote:

>> Reporting-MTA: dns; smtp4.wanadoo.nl
>> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)
>>
>> Final-Recipient: rfc822; me@privacy.net
>> Action: delayed
>> Status: 4.0.0
>> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
>> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)
>
> Note the "timed out" bit. So apparently my MSP's mailserver
>(smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
>out.

No, the thing that is timing out is the TCP/IP connection attempt to
206.207.85.33. That is a temporary error, a mailserver will keep trying
to connect for a period of time... often for around 4 days. What you
guys got was a status report indicating that there was a temporary
delivery problem. After a while (on Aug 8 in your case) you will get a
status report indicating that that the server has given up, that it
considers the message undeliverable.

There are no MX records for privacy.net, but there is an A record
(206.207.85.33). If there was also no A record, you would get an
immediate permanent error of "unknown host" or something like that.

If the address me@privacy.net was an invaild address at a server that
was otherwise accepting email addressed to @privacy.net, there would be
an immediate permanent error when that server said "no such user" in
some fashion.

Steve Baker

Re: temp email addresses on usenet for spam minimisation

>>>>> Frank Slootweg writes:

> Blinky the Shark wrote:
> [deleted]
>> I sent a post to me@privacy.net this morning; I haven't seen a bounce.
>> I take this as a good sign (in terms of the service still being up and
>> available), since that's the way it worked when we know it was up.

> Perhaps I remember wrong, but AFAIR, me@privacy.net used to 'bounce',
> i.e. give a return message saying something to the effect that it was
> a dummy address and that mail to it was not read. IMO, that was the good
> thing, i.e. respondents which were not aware of what me@privacy.net
> was/meant at least got notification that their mail 'failed'.

Privacy.net used to have an MX record which pointed to mail.privacy.net,
which resolved to 127.0.0.1.

I've no idea when this stopped working, but I would assume it was when
ownership changed to its present one.

I think this must have been after the time you mentioned (approximately
a year or so ago).

--
Neil.

Re: temp email addresses on usenet for spam minimisation

Frank Slootweg wrote:
> Blinky the Shark wrote:
>> Frank Slootweg wrote:
>> > Blinky the Shark wrote: [deleted]

>> >> I sent a post to me@privacy.net this morning; I haven't seen a
>> >> bounce. I take this as a good sign (in terms of the service still
>> >> being up and available), since that's the way it worked when we know
>> >> it was up.

>> > Perhaps I remember wrong, but AFAIR, me@privacy.net used to
>> > 'bounce', i.e. give a return message saying something to the effect
>> > that it was a dummy address and that mail to it was not read. IMO,
>> > that was the good thing, i.e. respondents which were not aware of
>> > what me@privacy.net was/meant at least got notification that their
>> > mail 'failed'.

>> Contrast that to the bounce I just got, that still, along with [there
>> not being] any mention of it at the new web site, makes me think the
>> service has been disabled:

>>

>> This message was created automatically by mail delivery software (Exim).

>> A message that you sent has not yet been delivered to one or more of its
>> recipients after more than 24 hours on the queue on
>> fall-pradero.atl.sa.earthlink.net.

>> ...

>> The address to which the message has not yet been delivered is:

>> me@privacy.net

>>

> I also sent a test message and got this, more specific, response:

>> Reporting-MTA: dns; smtp4.wanadoo.nl
>> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)

>> Final-Recipient: rfc822; me@privacy.net
>> Action: delayed
>> Status: 4.0.0
>> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
>> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)

> Note the "timed out" bit. So apparently my MSP's mailserver
> (smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
> out.

> Perhaps the more knowledgeable (than I) people in the audience can
> indicate which scenario would give this response, in the context of a
> me@privacy.net target address. I.e. if privacy.net does not accept mail
> to me@privacy.net, then why the time-out instead of an 'immediate'
> reject? And if it does accept mail, then why does Blinky's mail fail and
> mine time-out (and probably fail later)?

My error message did say it'd keep trying for a while; I didn't realize that
was relevant, and snipped it. (That's implied by the "yet" in the bulk
of the bounce message that I did post, above.) I've received nothing
more from the server as of today.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Steve Baker wrote:
> On 04 Aug 2005 10:41:01 GMT, Frank Slootweg
> wrote:

>>> Reporting-MTA: dns; smtp4.wanadoo.nl Arrival-Date: Wed, 3 Aug 2005
>>> 10:56:24 +0200 (CEST)

>>> Final-Recipient: rfc822; me@privacy.net Action: delayed Status:
>>> 4.0.0 Diagnostic-Code: X-Postfix; connect to
>>> privacy.net[206.207.85.33]: Operation timed out Will-Retry-Until:
>>> Mon, 8 Aug 2005 10:56:24 +0200 (CEST)

>> Note the "timed out" bit. So apparently my MSP's mailserver
>>(smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
>>out.

> No, the thing that is timing out is the TCP/IP connection attempt to
> 206.207.85.33. That is a temporary error, a mailserver will keep
> trying to connect for a period of time... often for around 4 days.
> What you guys got was a status report indicating that there was a
> temporary delivery problem. After a while (on Aug 8 in your case)
> you will get a status report indicating that that the server has
> given up, that it considers the message undeliverable.

> There are no MX records for privacy.net, but there is an A record
> (206.207.85.33). If there was also no A record, you would get an
> immediate permanent error of "unknown host" or something like that.

> If the address me@privacy.net was an invaild address at a server
> that was otherwise accepting email addressed to @privacy.net, there
> would be an immediate permanent error when that server said "no such
> user" in some fashion.

I just sent consumer.net - the contact shown for the privacy.net home
page - a query:



Regarding privacy.net:

Before privacy.net apparently changed hands and a new web site appeared,
it offered email addresses me@privacy.net and me1@privacy.net through
me9@privacy net (and perhaps some other addresses) as spam holes; i.e.,
it made those addresses available to the public to use in situations
where they were likely to be harvested by spammers, with the
understanding that any mail to them would be bounced.

I find nothing on the new privacy.net site about this public service.

Does that imply it's no longer being offered and we should stop using
those addresses as spam holes? Or are they still available and just not
promoted for some reason? Is the new site still incomplete?

I and others who don't know your current intent with regard to this
service await clarification.

Thanks.



Since they don't have the smarts to *either* say the service is closed
or continue to mention it on the site, I doubt that I'll get an answer;
or if I do, it'll probably be of the form "uh...what service?", which I
can't explain any more clearly to the new owners.


--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

On Fri, 05 Aug 2005 11:16:31 +1000, Ian Anderson wrote:

> As you rightly mentioned they originally offered use of addresses from
> "me@privacy.net and me1@privacy.net through to me9@privacy.net" but I
> see others now putting what.ever.they.like@privacy.net.

I thought the original "they" were different from the current "they".

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Re: temp email addresses on usenet for spam minimisation

On 4 Aug 2005 20:02:03 GMT, Blinky the Shark
wrote:

>Since they don't have the smarts to *either* say the service is closed
>or continue to mention it on the site, I doubt that I'll get an answer;
>or if I do, it'll probably be of the form "uh...what service?", which I
>can't explain any more clearly to the new owners.

Why do you care? Using no.spam@box.invalid is a *much* more
net-friendly way to go if privacy.net was indeed refusing email sent to
me@privacy.net; in that case there would be email abusive to third
parties floating around as a result of spam and virus propogations.
Which makes me doubt that there ever was a mailserver associated with
privacy.net.

Steve Baker

Re: temp email addresses on usenet for spam minimisation

Ian Anderson wrote:
> On 4 Aug 2005 20:02:03 GMT, "Blinky the Shark"wrote:

>>I just sent consumer.net - the contact shown for the privacy.net home
>>page - a query:

>>

>>Regarding privacy.net:

>>Before privacy.net apparently changed hands and a new web site appeared,
>>it offered email addresses me@privacy.net and me1@privacy.net through
>>me9@privacy net (and perhaps some other addresses) as spam holes; i.e.,
>>it made those addresses available to the public to use in situations
>>where they were likely to be harvested by spammers, with the
>>understanding that any mail to them would be bounced.

>>I find nothing on the new privacy.net site about this public service.

>>Does that imply it's no longer being offered and we should stop using
>>those addresses as spam holes? Or are they still available and just not
>>promoted for some reason? Is the new site still incomplete?

>>I and others who don't know your current intent with regard to this
>>service await clarification.

>>Thanks.

>>

>>Since they don't have the smarts to *either* say the service is closed
>>or continue to mention it on the site, I doubt that I'll get an answer;
>>or if I do, it'll probably be of the form "uh...what service?", which I
>>can't explain any more clearly to the new owners.

> That sounds very clear to me so it will be interesting to see what
> reply you might receive from them.

> As you rightly mentioned they originally offered use of addresses from
> "me@privacy.net and me1@privacy.net through to me9@privacy.net" but I
> see others now putting what.ever.they.like@privacy.net.

Yes, some people will abuse whatever they can get their hands on.

> It seems to be well and truly out of control.

Perhaps that's why they dropped it, if they did.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

NormanM wrote:
> On Fri, 05 Aug 2005 11:16:31 +1000, Ian Anderson wrote:

>> As you rightly mentioned they originally offered use of addresses from
>> "me@privacy.net and me1@privacy.net through to me9@privacy.net" but I
>> see others now putting what.ever.they.like@privacy.net.

> I thought the original "they" were different from the current "they".

I think that's the assumption we've been working with, here.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Steve Baker wrote:

> On 4 Aug 2005 20:02:03 GMT, Blinky the Shark
> wrote:

>>Since they don't have the smarts to *either* say the service is closed
>>or continue to mention it on the site, I doubt that I'll get an answer;
>>or if I do, it'll probably be of the form "uh...what service?", which I
>>can't explain any more clearly to the new owners.

> Why do you care? Using no.spam@box.invalid is a *much* more

Why is my reason for caring important?

> net-friendly way to go if privacy.net was indeed refusing email sent to
> me@privacy.net; in that case there would be email abusive to third
> parties floating around as a result of spam and virus propogations.
> Which makes me doubt that there ever was a mailserver associated with
> privacy.net.

Then what was sending their custom bounces?

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

On 5 Aug 2005 08:04:27 GMT, Blinky the Shark
wrote:

>> net-friendly way to go if privacy.net was indeed refusing email sent to
>> me@privacy.net; in that case there would be email abusive to third
>> parties floating around as a result of spam and virus propogations.
>> Which makes me doubt that there ever was a mailserver associated with
>> privacy.net.
>
>Then what was sending their custom bounces?

I don't know. Some research indicates that privacy.net had an MX
record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
"localhost", so privacy.net couldn't have been been sending "custom
bounces" in that case. But outgoing mailservers that accepted
me@privacy.net as a valid address would have then sent bounces
indicating that the email was undeliverable. I don't think they should
accept email when the MX record points to 127.0.0.1, but I don't really
know.
I don't know what the setup was, but it's certainly no surprise that
a privately owned outfit would suddenly change their policies or sell
their domain name.

Steve Baker

Re: temp email addresses on usenet for spam minimisation

Steve Baker wrote:
> On 5 Aug 2005 08:04:27 GMT, Blinky the Shark
> wrote:

>>> net-friendly way to go if privacy.net was indeed refusing email sent to
>>> me@privacy.net; in that case there would be email abusive to third
>>> parties floating around as a result of spam and virus propogations.
>>> Which makes me doubt that there ever was a mailserver associated with
>>> privacy.net.

>>Then what was sending their custom bounces?

> I don't know. Some research indicates that privacy.net had an MX
> record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
> "localhost", so privacy.net couldn't have been been sending "custom
> bounces" in that case. But outgoing mailservers that accepted
> me@privacy.net as a valid address would have then sent bounces
> indicating that the email was undeliverable. I don't think they should
> accept email when the MX record points to 127.0.0.1, but I don't really
> know.

Nor do I.

> I don't know what the setup was, but it's certainly no surprise that
> a privately owned outfit would suddenly change their policies or sell
> their domain name.

I don't believe I showed any surprise.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

On 6 Aug 2005 23:19:17 GMT, Blinky the Shark
wrote:

>>>Then what was sending their custom bounces?
>
>> I don't know. Some research indicates that privacy.net had an MX
>> record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
>> "localhost", so privacy.net couldn't have been been sending "custom
>> bounces" in that case. But outgoing mailservers that accepted
>> me@privacy.net as a valid address would have then sent bounces
>> indicating that the email was undeliverable. I don't think they should
>> accept email when the MX record points to 127.0.0.1, but I don't really
>> know.
>
>Nor do I.

Can you show us an example of a "custom bounce"?

Steve Baker

Re: temp email addresses on usenet for spam minimisation

Steve Baker wrote:
> On 6 Aug 2005 23:19:17 GMT, Blinky the Shark
> wrote:

>>>>Then what was sending their custom bounces?

>>> I don't know. Some research indicates that privacy.net had an MX
>>> record of mail.privacy.net which pointed to 127.0.0.1. 127.0.0.1 is
>>> "localhost", so privacy.net couldn't have been been sending "custom
>>> bounces" in that case. But outgoing mailservers that accepted
>>> me@privacy.net as a valid address would have then sent bounces
>>> indicating that the email was undeliverable. I don't think they should
>>> accept email when the MX record points to 127.0.0.1, but I don't really
>>> know.

>>Nor do I.

> Can you show us an example of a "custom bounce"?

Not with the service apparently disabled.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)

Re: temp email addresses on usenet for spam minimisation

Frank Slootweg wrote:
> Blinky the Shark wrote:
>> Frank Slootweg wrote:
>> > Blinky the Shark wrote: [deleted]

>> >> I sent a post to me@privacy.net this morning; I haven't seen a
>> >> bounce. I take this as a good sign (in terms of the service still
>> >> being up and available), since that's the way it worked when we know
>> >> it was up.

>> > Perhaps I remember wrong, but AFAIR, me@privacy.net used to
>> > 'bounce', i.e. give a return message saying something to the effect
>> > that it was a dummy address and that mail to it was not read. IMO,
>> > that was the good thing, i.e. respondents which were not aware of
>> > what me@privacy.net was/meant at least got notification that their
>> > mail 'failed'.

>> Contrast that to the bounce I just got, that still, along with [there
>> not being] any mention of it at the new web site, makes me think the
>> service has been disabled:

>>

>> This message was created automatically by mail delivery software (Exim).

>> A message that you sent has not yet been delivered to one or more of its
>> recipients after more than 24 hours on the queue on
>> fall-pradero.atl.sa.earthlink.net.

>> ...

>> The address to which the message has not yet been delivered is:

>> me@privacy.net

>>

> I also sent a test message and got this, more specific, response:

>> Reporting-MTA: dns; smtp4.wanadoo.nl
>> Arrival-Date: Wed, 3 Aug 2005 10:56:24 +0200 (CEST)

>> Final-Recipient: rfc822; me@privacy.net
>> Action: delayed
>> Status: 4.0.0
>> Diagnostic-Code: X-Postfix; connect to privacy.net[206.207.85.33]: Operation timed out
>> Will-Retry-Until: Mon, 8 Aug 2005 10:56:24 +0200 (CEST)

> Note the "timed out" bit. So apparently my MSP's mailserver
> (smtp4.wanadoo.nl) can connect to privacy.net, but the operation times
> out.

> Perhaps the more knowledgeable (than I) people in the audience can
> indicate which scenario would give this response, in the context of a
> me@privacy.net target address. I.e. if privacy.net does not accept mail
> to me@privacy.net, then why the time-out instead of an 'immediate'
> reject? And if it does accept mail, then why does Blinky's mail fail and
> mine time-out (and probably fail later)?

Today (or perhaps last night) I got the final bounce on my post (above).

Now I can't find it (sorry!), but it was a tried-for-four-days-giving-up
bounce.

--
Blinky Linux Registered User 297263

Killing All Posts from GG: http://blinkynet.net/comp/uip5.html
End Of The Good GG Archive GUI: http://blinkynet.net/comp/gggui.html

Re: temp email addresses on usenet for spam minimisation

* D. Stussy wrote:
> On Sun, 31 Jul 2005, Troy Piggins wrote:
>> I've noticed some people on usenet with temporary email addresses -
>> valid, but only for a set period of time after they post. I was
>> thinking this would be a good way to minimise spam and want to test
>> it out for a while.
>>
>> Just wanted to ask about the methodology adopted from some of those
>> that use this method. I will be running it on a linux box using
>> procmail.
[snip]
>> So I was thinking about having an email address valid for about one
>> month - something like 0508-usenet@piggo.com for August 2005. I know
>> there is potential problem if I post on 31 Aug, but maybe I accept
>> mail to that address for 2 months instead, and overlap the acceptance
>> of that address with 0509-usenet@piggo.com.
>>
>> I'm interested in all comments about the above (email is fine also if
>> you don't want everyone to know), and to hear how it has been
>> implemented by others. Also, what about the predictability of my
>> proposed method? It is quite obvious, I know. But as I said it will
>> only suppliment my other filters.
>
> The real trick is to have a way of generating a non-trivially-revealed
> mailbox address that has a time code in it. This way, your mail
> server can be programmed to automatically reject mail received after
> some time window from the generation time.
>
> Example:
>
> Mailbox generates only a username portion time coded:
> 20050808xxx@x.net
>
> Server recognizes the timestamp as for 08 August 2005, and has a 7
> day window. Therefore, it rejects all mail received on or after 15
> August sent to this mailbox.
>
> Of course, one must somehow encrypt or otherwise obscure the timestamp
> part for it to be useful. Otherwise, some spammer may recognize the
> pattern and send to a logically current mailbox (e.g.
> "20050815xxx@..." for a week later). The encryption needs to generate
> a result that lies in the RFC2822 username part syntax and SHOULD also
> have a one or more randomly generated bits interspersed (at known
> locations) to throw off any guessers. It's even better if this
> results in other than a fixed-length encoding.
>
> Those who have control over their own DNS records can also implement
> part of the timecode into the domain name, especially if they have
> some sub-zone available to them where they can wildcard-cname it to
> their mail server, e.g.
>
> *.domain.com. IN CNAME mail.domain.com.
>
> One day or one week granularity is all that is really needed in the
> timecode - for windowing purposes. Of course, if one want granularity
> up to the second, then no generated mailbox should equal any other.
> Some people may want a reception window as wide as a month and not the
> 1 week I used in the example.
>
> For those with less control, one can vary the "plussed" part to an
> otherwise constant username - but then one needs to reject mail (where
> the sender isn't already whitelisted) that lacks a "+" part.
>
> Remember: Whatever timestamp encoding is done, it must be decodable
> by the mail server (best case) or mail reading client (worst case),
> but not trivially decodable by a person (spammer - so don't simply use
> a "YYYYMMDD"[e.g.] pattern).

Wow - thanks mate. Good advice.

I would think one week is a bit short for me, but I get the idea. I
will also have some fun with the wildcard-cname because I am by no means
a DNS expert, but I do have some control over it so will look into it.

Will also have to look into the syncronising of the timestamp with
postfix, but am loving the challenge :-)

--
Troy Piggins
(playing with disposable email addresses
and message IDs to minimise spam)

Re: temp email addresses on usenet for spam minimisation

Post removed (X-No-Archive: yes)