spam?

Marcus Watts (mdw@umich.edu)
Sun, 22 Nov 98 07:13:58 -0500

• Next message: Dave Del Torto: "KRA on ADK vs KR, NAI membership"
• Previous message: ILovToHack@aol.com: "Stop Spam"

I looked through my past month's worth of mail from toad.com
(well, at this point, excepting the past few hours).
I found:

152 "real" messages (including meeting announcements,
        discussion of asteroid probabilities, and other
        "soft" cryptographic material.)
  9 messages wondering if the list was broken, attempts to
        unsubscribe from, or list out the list, and
        discussion pertaining to.
  2 messages (1 from me, 1 to me) with my attempt to
        list out the CodherPlunks list
 21 messages regarding how to control spam on CodherPlunks
  2 possible spam message ("orato")
 16 real spam messages

---
204 messages total
This means I saw more messages about spam, than I saw actual spam,
and a *lot* more real traffic, than spam.
The amount of spam I saw may be slightly less than the actual
amount that was sent to CodherPlunks.  I've started to put logic
into sendmail to recognize certain really obvious kinds of spam
and to reject it sight unseen.  The only thing worse than spam
is the same spam over and over again.  So, for instance, with luck,
I'll never see mail from World Wide Networking Marketing again.
I also did some statistics gathering on this mail.  Looking
at the 185 messages from non-spam people, I found 195 From: lines,
from 89 different e-mail addresses.  Of these 89 adddresses,
I found that 40 of them were apparently not subscribed to the list
under that name.  I think some of these people were subscribed under
another name, or were members of a group that was expanded locally,
or were posting via some anonymous server.  I didn't see many that
looked obviously anonymous, but I'm not sure how to classify
"nobody@hotmail.com" or "dnsmanager@webcorp.com".  My suspicion, off-hand,
is that trying to force a "members-only" policy is going to be a lot
of work, and may not be exactly the best way to think about the problem.
I had originally proposed rejecting mail that didn't contain
"CodherPlunks" in the To: address field.  I looked to see how
well that would work.  Out of about 2944 messages sent since january,
117 of them did not contain "coderpunk" in a To: or Cc: field.
Of these, 55 appear to be real spam, and the rest consist of
messages sent by Robert Hettinga ("Recipient.List.Suppressed:;"),
Robin Lee Powell ("unlisted-recipients:; (no To-header on input)"), a few
random entries to "cryptography@c2.net", "pr_list4@samsara.LAW.CWRU.Edu",
and a random assortment of odd entries (several people listed only
themself in the To: field - to keep "reply-to" from going to the list?)
*Every* entry that was addressed to "(Dear Friend)", "Friend@public.com",
""website@traffic", "Friend@toad.com", and, surprisingly enough,
"<cypherpunks@toad.com>", turned out to be spam.  So, I don't think my
original idea is exactly right, but I think with some fine tuning
(perhaps allowing cryptography@c2.net, mail from people whose first
name starts with R, resent-to/resent-cc (does anyone use this??), etc.)
this could be refined into a useful rule.  I also think that rejecting
mail to "(Dear Friend)" is an obvious good thing to do no matter what
(*I* certainly never intend to receive any such mail ever again.)
There are probably another 100-200 spam messages that do contain
"coderpunk", so this rule, like any other mechanical solution, is
not going to stop all spam.
I have one major qualm with the idea of a moderator.  I don't mind at all
a moderator who cares to undertake the job of getting rid of obvious spam.
I *DO* object to the idea of a moderator who would undertake any other
sort of content control, and I in particular object to the idea of a
moderator that would reject "off topic" postings.  I may not this instant
have any plans to ever attend one of Robert Hettinga's meetings (the ones
that require "proper attire"), but that doesn't mean I mind hearing about
them.  Ditto with asteroids and (at least in *considerable* moderation),
the *very occasional* snarking about GPL and who-did-what/patent/credits stuff.
It at least reminds me that copyleft issues aren't always that simple, and
that cryptographers can be just as petty and selfish as anyone else.
I think one possibility might be to try to reorganize this list
into several successive lists, such that people can choose the
level of editting and moderation they desire, perhaps like this:
	raw input ("CodherPlunks")
	*Everyone* would post messages to this list, and this is
	the visible name the list would generally have.
		|
		v
	input mechanical deleting of *really* obvious bogus
	stuff ("(Dear Friend)") that anyone could get around,
	and shunting aside replies that are almost certainly not
	useful to the general list ("unsubscribe" and "who CodherPlunks").
	No human would be involved at this stage.
		|
		v
	("raw-CodherPlunks-list?")
	First stage distribution of the list.  Anyone who objects
	to any form of censorship (perhaps as described in
	http://www.instantweb.com/~salem/ ?)  [Do we have any such
	people on this list, and how do they feel about "(Dear Friend)"?]
		|
		v
	mechanical aid classifies incoming mail 3 ways:
		clearly spam, possible spam, probably not spam.
		not spam would be forwarded without delay
			("people subscribed to the list"
			+ perhaps more ?)
		clearly spam could be bit-bucketed, perhaps after
			being logged.  (This could be any mail
			with a subject "your site" that
			contains the phone number 916-771-4739.)
		possible spam would be reviewed by a human.
			the human might forward it, if it's not spam,
			and might revise the mechanical rules to better
			classify future such mail into the first 2 groups.
			(This might be, for instance, mail that's properly
			addressed to CodherPlunks@, but doesn't come from
			someone on the list or otherwise "known".)
	(the emphasis at this stage would be for the minimal non-controversial
	editting of the data stream consistent with eliminating most, but
	not all spam, with the *least* amount of human work or delay.)
		|
		v
	("CodherPlunks-list"?)
	second stage distribution of the list.  People who don't like spam,
	but would otherwise prefer to be fairly anarchistic and let ordinary
	social pressures regulate human behavior.
		|
		v
	final stage processing ("editting") or ("moderation").  One
	or more people who have objections to asteroids, patents,
	fuzzy green dinosaurs, or the possibility that a clever spammer
	could forge mail "sent" by a list participant, could prepare
	human reviewed extracts of the list that don't contain such
	extraneous information, and forward them on.
		|
		v
	("cryptography@c2.net"?)
	("summary-CodherPlunks-list"?)
	("schneiers-CodherPlunks-list"??)
	final stage list distribution.  People who only want "on topic" postings,
	and don't mind a bit of delay to get this.
There could be more than one "final stage processing" happening in parallel,
perhaps people with different editorial bents.  A useful "special purpose"
editting list would be a "summary" list that contains no actual raw mail
traffic, just an editted summary of the hightlights that went by, perhaps
with URL's pointing to more complete archived text.
					-Marcus Watts
					UM ITD PD&D Umich Systems Group

• Next message: Dave Del Torto: "KRA on ADK vs KR, NAI membership"
• Previous message: ILovToHack@aol.com: "Stop Spam"