Discussion:
Argghhh.... [Fwd: Your e-mail message was blocked]
(too old to reply)
Simon Byrnand
2003-09-24 11:17:22 UTC
Permalink
Sigh...

Could the owner of this charming little content filter please see if it
has an option to NOT reply to messages that aren't specifically addressed
to the recipient. (EG messages comming in through mailing lists etc) Or
perhaps consider subscribing via another address that isn't filtered.

It gets a little tiring to have every second message I send to this list
get a bounce from an overactive content filter because it might have "bad
words" in it or in this case might be a "hoax and/or chain letter".....
(Huh ??? What in my message looks like a hoax ?)

Regards,
Simon


---------------------------- Original Message ----------------------------
Subject: Your e-mail message was blocked
From: ***@med.govt.nz
Date: Wed, September 24, 2003 11:09 pm
To: ***@igrin.co.nz
Cc: ***@med.govt.nz
--------------------------------------------------------------------------

MailMarshal (an automated content monitoring gateway) has
stopped the following e-mail as it is likely to be a Hoax and/or Chain
Letter.

Message: B00013c776.00000001.mml
From: ***@igrin.co.nz
To: ***@med.govt.nz
Subject: Re: [nznog] SPAM (Fw: PLEASE ASSIST)

If you believe the above e-mail to be business related please
contact ***@med.govt.nz to arrange for the message to be
released to its intended recipients.

The blocked e-mail will be automatically deleted after 30 days.
Frank March
2003-09-25 21:39:53 UTC
Permalink
Apologies for not getting onto this yesterday as I was involved in a meeting
offsite all day.

This Ministry uses MailMarshall. I am not responsible for the way it is set
up and I have complained frequently about the type of email that gets
blocked by it. In the past, it has blocked, inter alia, the monthly
messages outlining this list's AUP and other matters from the redoubtable
Donald Neal. Given Donald's care with language and his email courtesy the
mind fairly boggles at the thought.

On average Mailmarshal as configured here seems to catch 50% of genuine spam
'aimed' at me (but is getting better) and about 25% of the blocking messages
are false positives (despite recent problems with this list, I think this
might also be improving incrementally). Nevertheless, personally, I would
much rather have the spam. The record with virus filtering is, however,
exemplary.

Although I seldom post to this list (and when I do it is arguably off-topic
on occasions), and most of the traffic is of marginal direct interest to me,
I do find this list useful as a gauge of the temperature and general health
of the Net in NZ which is immensely valuable for my job. However, if the
problem persists, and complaints persist, I will remove myself from the
list. I would regard this as being a very unfortunate outcome.

And, by the way, and anticipating a message later in the thread from Juha, I
dont ever recall his swearing at me (about me perhaps....)


--
Frank March Telephone (+64 4) 474 2908
Senior Specialist Advisor Fax (+64 4) 474 2659
Information Technology Policy Group Mobile: (+64) 21 042 9205
Ministry of Economic Development, Wellington, New Zealand


-----Original Message-----
From: Simon Byrnand [mailto:***@igrin.co.nz]
Sent: Wednesday, 24 September 2003 23:17
To: ***@list.waikato.ac.nz
Subject: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]


Sigh...

Could the owner of this charming little content filter please see if it
has an option to NOT reply to messages that aren't specifically addressed
to the recipient. (EG messages comming in through mailing lists etc) Or
perhaps consider subscribing via another address that isn't filtered.

It gets a little tiring to have every second message I send to this list
get a bounce from an overactive content filter because it might have "bad
words" in it or in this case might be a "hoax and/or chain letter".....
(Huh ??? What in my message looks like a hoax ?)

Regards,
Simon


---------------------------- Original Message ----------------------------
Subject: Your e-mail message was blocked
From: ***@med.govt.nz
Date: Wed, September 24, 2003 11:09 pm
To: ***@igrin.co.nz
Cc: ***@med.govt.nz
--------------------------------------------------------------------------

MailMarshal (an automated content monitoring gateway) has
stopped the following e-mail as it is likely to be a Hoax and/or Chain
Letter.

Message: B00013c776.00000001.mml
From: ***@igrin.co.nz
To: ***@med.govt.nz
Subject: Re: [nznog] SPAM (Fw: PLEASE ASSIST)

If you believe the above e-mail to be business related please
contact ***@med.govt.nz to arrange for the message to be
released to its intended recipients.

The blocked e-mail will be automatically deleted after 30 days.



_______________________________________________
NZNOG mailing list
***@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog

http://www.govt.nz - connecting you to New Zealand central & local government services

Any opinions expressed in this message are not necessarily those of the Ministry of Economic Development. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.
Juha Saarinen
2003-09-25 22:11:30 UTC
Permalink
Post by Frank March
Although I seldom post to this list (and when I do it is arguably off-topic
on occasions), and most of the traffic is of marginal direct interest to me,
I do find this list useful as a gauge of the temperature and general health
of the Net in NZ which is immensely valuable for my job. However, if the
problem persists, and complaints persist, I will remove myself from the
list. I would regard this as being a very unfortunate outcome.
And, by the way, and anticipating a message later in the thread from Juha, I
dont ever recall his swearing at me (about me perhaps....)
$&@)#*&$@!!! Did you delete the message??? ;-)

No, seriously, use a Hotmail account for the list instead of your MED
one. Mail Marshal is a blunderbuss approach for dealing with an
admittedly difficult problem and I don't know anyone "protected" by it
who is happy with it.

There's an important issue here to consider as well: as a civil servant,
you presumably need to be accessible to the public. Using a filtering
system with a high false positive rate prevents that.

Oh hi, Donald. Yes, yes, I know, it's OT for the list...
--
Juha
Steve Withers
2003-09-25 22:38:33 UTC
Permalink
Further comments on IP and domain blocking for *personal* mail servers:
Just checked my maillog from yesterday.

70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.

30% came from the 61.* and 218.* Korean IP spaces

10% was rejected by ordb / relay denied / other blocked domains

I have wondered if ISPs want to encourage customers to set up
individually customisable mailservers on broadband connections - some
sort of appliance - that acts as their mail server.

Let the business and competent private users decide what they will and
won't receive....with benefits to the ISP in terms of reduced bandwidth
consumed as spam isn't deliverable to these people. Just lots of
rejected connect attempts. This may even be a managed service an ISP
could offer a customer / business. If payment is on data-volume, this
could help reduce such charges - offsetting any service fee to some
extent.

Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.

The method above prevents delivery.

It would be impossible to do this at ISP level....but it may be a
service line an ISP might like to offer a client who wants to define
what they do and do not receive.
--
Steve Withers <***@mmp.org.nz>
Mark Foster
2003-09-25 22:58:05 UTC
Permalink
I have privately implimented exactly what youre suggesting on my personal
MTA. My rejection is actioned via an iptables script, and when I receive
spam I tend to block at the /24 level at the minimum - manually now,
unfortunately, with the demise of most of the RBLs.... Its all context
driven, though.. Spam from Asian networks often winds up being blocked at
the network level - eg whatever I can pull from whois, I block. (/14 or
bigger in some cases). I havn't blocked anything at the /8 except for
200.* which finally frustrated the hell out of me one day...

The catch is that I have other people who use my mail server, so i've got
to make sure i keep them in mind when i put blocks in place. The system I
use is very rough but when people agree to use my MTA they're made aware
that the call in the end will be mine.

In one case theyve provisioned a secondary MX which doesn't have the
restrictions, and is not restricted by me..

The idea has merit - I reccomend that people who can admin their own mail
services do so - but unfortunately its not something that I would
personally ever reccomend to those people who are not clooful enough to
manage it. That should then become the ISPs responsibility but its always
the difference between - 'trying to hard' and 'not trying hard enough'.
How much is too much? Does the admin of said machine have to then manually
block networks?

Id rather see the networks in question blocked at ISP border routers
personally but I guess that wont happen in the short term. (This is a WAN,
not a LAN.. sigh)

Mark.
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
30% came from the 61.* and 218.* Korean IP spaces
10% was rejected by ordb / relay denied / other blocked domains
I have wondered if ISPs want to encourage customers to set up
individually customisable mailservers on broadband connections - some
sort of appliance - that acts as their mail server.
Let the business and competent private users decide what they will and
won't receive....with benefits to the ISP in terms of reduced bandwidth
consumed as spam isn't deliverable to these people. Just lots of
rejected connect attempts. This may even be a managed service an ISP
could offer a customer / business. If payment is on data-volume, this
could help reduce such charges - offsetting any service fee to some
extent.
Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.
The method above prevents delivery.
It would be impossible to do this at ISP level....but it may be a
service line an ISP might like to offer a client who wants to define
what they do and do not receive.
--
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
Juha Saarinen
2003-09-25 23:12:33 UTC
Permalink
Post by Steve Withers
Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.
The problem with much spam is that while you can decide to drop .cn,
.kr, and .ng, plus 200/8, much of it arrives via seemingly legit
sources. This can be a large ISP's smarthost forwarding spam from
customer hosts that have been trojaned by spammers.

That's why you start filtering after DATA, but even that doesn't always
work and as Mail Marshal has shown, can be prone to false positives. A
further nuisance is that you have to receive the message in order to
filter it.

Basically, neither DNS blacklisting nor filtering work well enough
currently. And no, challenge-and-response systems aren't the answer either.
--
Juha
Keith Davidson
2003-09-26 00:08:46 UTC
Permalink
Post by Juha Saarinen
The problem with much spam is that while you can decide to drop .cn,
.kr, and .ng, plus 200/8, much of it arrives via seemingly legit
sources.
Unless, like me, you need to receive legitimate mail from .cn, .kr and
.ng.... :-(

Keith Davidson
Steve Withers
2003-09-26 01:43:35 UTC
Permalink
Post by Juha Saarinen
Basically, neither DNS blacklisting nor filtering work well enough
currently. And no, challenge-and-response systems aren't the answer either.
Nothing is perfect, I agree. However, it is possible for a given
individual or small group to reduce the amount of spam being received by
over 90%....and that is mail simply not delivered at all.....no further
filtering required.

Whether this is good enough or not depends on expectations.
--
Steve Withers <***@mmp.org.nz>
Simon Byrnand
2003-09-26 00:08:49 UTC
Permalink
Post by Steve Withers
Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.
The problem with much spam is that while you can decide to drop .cn, .kr,
and .ng, plus 200/8, much of it arrives via seemingly legit sources. This
can be a large ISP's smarthost forwarding spam from customer hosts that
have been trojaned by spammers.
That's why you start filtering after DATA, but even that doesn't always
work and as Mail Marshal has shown, can be prone to false positives. A
further nuisance is that you have to receive the message in order to filter it.
I think that from here on in, this is going to be the only way to do it
unfortunately. (Decide after the DATA is already transfered if the message
is spam)

Look at the information spam filtering software has available before the
body of the message is delivered:

IP address of the immediately proceeding mailserver - trusted.
Hello response - untrusted, and largely meaningless.
Claimed envelope sender and recipient - untrusted, easily forgable.

And thats it. The *only* thing that means a hill of beans before you have
the whole message in your lap is the IP address of the sending server. And
I honestly think that alone is not sufficient for fine grained (read, no
collateral damage) differentiation between spam and non-spam.

In other words apart from a couple of trustworthy lists like spamhaus.org,
which can help to "pre-filter" some of the worst offenders with minimal
chance of FP's, I honestly believe that the days of outright blocking based
on server IP address are well and truly over. You simply can't block all
the spam this way without blocking tons of legitimate messages.

Each message needs to be tested on it's own merits if the world is to avoid
baulkanisation of email to the point where it is unusable, which is why I
believe strongly in the approach taken by SpamAssassin, even if it does
have its own flaws. (Mainly implementation flaws, rather than flaws to the
basic approach)
Basically, neither DNS blacklisting nor filtering work well enough
currently. And no, challenge-and-response systems aren't the answer either.
Agreed. Imagine trying to apply challenge response protocols for postal
mail ? Phone calls ? Why do it with email ? :)

Regards,
Simon
Simon Byrnand
2003-09-25 23:23:00 UTC
Permalink
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
Umm, are you sure about that ?

If you look at the message headers you'll find that nearly all of that
(well for hotmail and yahoo anyway) is just spammers forging hotmail and
yahoo addresses, the messages wont actually be passing through hotmail and
yahoo servers...

Anyone in the world can send an email through any server in the world and
make the
Steve Withers
2003-09-26 01:47:22 UTC
Permalink
Post by Simon Byrnand
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
Umm, are you sure about that ?
You're right.

Wherever it comes from, by blocking these domains I do not receive this
mail. :-)
Post by Simon Byrnand
If you look at the message headers you'll find that nearly all of that
(well for hotmail and yahoo anyway) is just spammers forging hotmail and
yahoo addresses, the messages wont actually be passing through hotmail and
yahoo servers...
True......I should have made that distinction. I simply block these
domains.
Post by Simon Byrnand
Anyone in the world can send an email through any server in the world and
make the
Claire Hurman
2003-09-26 00:06:10 UTC
Permalink
Post by Steve Withers
I have wondered if ISPs want to encourage customers to set up
individually customisable mailservers on broadband connections - some
sort of appliance - that acts as their mail server.
Let the business and competent private users decide what they will and
won't receive....with benefits to the ISP in terms of reduced bandwidth
consumed as spam isn't deliverable to these people. Just lots of
rejected connect attempts. This may even be a managed service an ISP
could offer a customer / business. If payment is on data-volume, this
could help reduce such charges - offsetting any service fee to some
extent.
<snip>
It would be impossible to do this at ISP level....but it may be a
service line an ISP might like to offer a client who wants to define
what they do and do not receive.
Actually, at least one ISP in the NZ market already has a 'Virtual Mail
Server' ASP product out there, with Spam and Content Control features
coming in the next few weeks.

Regards
Claire Hurman
PhoneNet
2003-09-26 04:33:11 UTC
Permalink
Post by Simon Byrnand
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
Umm, are you sure about that ?
If you look at the message headers you'll find that nearly all of that
(well for hotmail and yahoo anyway) is just spammers forging hotmail and
yahoo addresses, the messages wont actually be passing through hotmail and
yahoo servers...
Anyone in the world can send an email through any server in the world and
make the
Simon Byrnand
2003-09-26 05:13:01 UTC
Permalink
Post by Simon Byrnand
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
Umm, are you sure about that ?
If you look at the message headers you'll find that nearly all of that
(well for hotmail and yahoo anyway) is just spammers forging hotmail and
yahoo addresses, the messages wont actually be passing through hotmail
and yahoo servers...
Anyone in the world can send an email through any server in the world and
make the
Simon Lyall
2003-09-25 22:16:16 UTC
Permalink
Post by Frank March
On average Mailmarshal as configured here seems to catch 50% of genuine spam
'aimed' at me (but is getting better) and about 25% of the blocking messages
are false positives (despite recent problems with this list, I think this
might also be improving incrementally). Nevertheless, personally, I would
much rather have the spam. The record with virus filtering is, however,
exemplary.
A 25% false positive rate for Spam is bad to the point of being incompetent.
Anything worse than a 1% FP rate except where someone is specifically after
"aggressive" filtering is very bad. That sort of rate forces people to
constantly check their spam folders (I assume they can) to find incorrectly
identified email.

I'd hate to think how many important emails are being lost.

Blocking just 50% of spam isn't very good either, especially considering
the amount of legit email dropped.

I would guess it's another case of the govt paying peanuts and getting
monkeys. Probably they have just installed the software "out of the box"
rather than engaging brain and actually trying to set it to the appropriate
level for the site.
--
Simon J. Lyall. | Very Busy | Mail: ***@darkmere.gen.nz
"To stay awake all night adds a day to your life" - Stilgar | eMT.
Richard Parkinson
2003-09-25 22:23:51 UTC
Permalink
Happy with MailMarshal here :)
Works fine if you put the effort into setting it up properly.


-----Original Message-----
From: Juha Saarinen [mailto:***@saarinen.org]
Sent: Friday, 26 September 2003 10:12 a.m.
To: Frank March
Cc: ActionLine; ***@list.waikato.ac.nz; Jennifer Mortimer
Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]
Post by Frank March
Although I seldom post to this list (and when I do it is arguably
off-topic on occasions), and most of the traffic is of marginal direct
interest to me, I do find this list useful as a gauge of the
temperature and general health of the Net in NZ which is immensely
valuable for my job. However, if the problem persists, and complaints
persist, I will remove myself from the list. I would regard this as
being a very unfortunate outcome.
And, by the way, and anticipating a message later in the thread from
Juha, I dont ever recall his swearing at me (about me perhaps....)
$&@)#*&$@!!! Did you delete the message??? ;-)

No, seriously, use a Hotmail account for the list instead of your MED
one. Mail Marshal is a blunderbuss approach for dealing with an
admittedly difficult problem and I don't know anyone "protected" by it
who is happy with it.

There's an important issue here to consider as well: as a civil servant,

you presumably need to be accessible to the public. Using a filtering
system with a high false positive rate prevents that.

Oh hi, Donald. Yes, yes, I know, it's OT for the list...
--
Juha
Craig Spiers
2003-09-25 23:08:09 UTC
Permalink
Yea, I don't think blocking ranges as large as /14 /8 and so on is the
answer here.. Imagine how many legitimate mailservers your blocking in that
ip range, and for what reason? Just because 1 machine, on 1 IP address.. Was
spamming you.. Isnt it a lot easier to just go.. Ahh shit spam.. Delete
that..



-----Original Message-----
From: Mark Foster [mailto:***@blakjak.net]
Sent: Friday, September 26, 2003 10:58 AM
To: Steve Withers
Cc: NZ NOG
Subject: Re: [nznog] IP / domain blocking for SPAM prevention

I have privately implimented exactly what youre suggesting on my personal
MTA. My rejection is actioned via an iptables script, and when I receive
spam I tend to block at the /24 level at the minimum - manually now,
unfortunately, with the demise of most of the RBLs.... Its all context
driven, though.. Spam from Asian networks often winds up being blocked at
the network level - eg whatever I can pull from whois, I block. (/14 or
bigger in some cases). I havn't blocked anything at the /8 except for
200.* which finally frustrated the hell out of me one day...

The catch is that I have other people who use my mail server, so i've got to
make sure i keep them in mind when i put blocks in place. The system I use
is very rough but when people agree to use my MTA they're made aware that
the call in the end will be mine.

In one case theyve provisioned a secondary MX which doesn't have the
restrictions, and is not restricted by me..

The idea has merit - I reccomend that people who can admin their own mail
services do so - but unfortunately its not something that I would personally
ever reccomend to those people who are not clooful enough to manage it.
That should then become the ISPs responsibility but its always the
difference between - 'trying to hard' and 'not trying hard enough'.
How much is too much? Does the admin of said machine have to then manually
block networks?

Id rather see the networks in question blocked at ISP border routers
personally but I guess that wont happen in the short term. (This is a WAN,
not a LAN.. sigh)

Mark.
Post by Steve Withers
Just checked my maillog from yesterday.
70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.
30% came from the 61.* and 218.* Korean IP spaces
10% was rejected by ordb / relay denied / other blocked domains
I have wondered if ISPs want to encourage customers to set up
individually customisable mailservers on broadband connections - some
sort of appliance - that acts as their mail server.
Let the business and competent private users decide what they will and
won't receive....with benefits to the ISP in terms of reduced
bandwidth consumed as spam isn't deliverable to these people. Just
lots of rejected connect attempts. This may even be a managed service
an ISP could offer a customer / business. If payment is on
data-volume, this could help reduce such charges - offsetting any
service fee to some extent.
Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.
The method above prevents delivery.
It would be impossible to do this at ISP level....but it may be a
service line an ISP might like to offer a client who wants to define
what they do and do not receive.
--
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
Martin
2003-09-26 01:16:26 UTC
Permalink
$author = "Craig Spiers" ;
Post by Craig Spiers
Yea, I don't think blocking ranges as large as /14 /8 and so on is the
answer here.. Imagine how many legitimate mailservers your blocking in that
ip range, and for what reason? Just because 1 machine, on 1 IP address.. Was
spamming you.. Isnt it a lot easier to just go.. Ahh shit spam.. Delete
that..
You reserve that level of blocking for situations where it's more then 1
incident, something proportional to the size of the space your contemplating
dropping and the level of response from ***@.

I had no qualms blocking entire IP space of particular asian ISPs when the
problem got out of hand and didn't look like resolving any time soon.

marty
--
Take these tears
Wash your skin
I'm havin' trouble breathin'
Since you walked in

"Million Tears" - Kasey Chambers
Simon Byrnand
2003-09-25 23:16:06 UTC
Permalink
Post by Frank March
Apologies for not getting onto this yesterday as I was involved in a meeting
offsite all day.
Hi Frank,

Since it was me that sent the original message I feel I should reply so you
don't get the impression that I'm attacking you or anything...
Post by Frank March
This Ministry uses MailMarshall. I am not responsible for the way it is set
up and I have complained frequently about the type of email that gets
blocked by it. In the past, it has blocked, inter alia, the monthly
messages outlining this list's AUP and other matters from the redoubtable
Donald Neal. Given Donald's care with language and his email courtesy the
mind fairly boggles at the thought.
I did pretty much guess that it was the IT department of your organisation
that have the system in place and that it may not be your choice to use it,
which is why my message was more of a general grumble about that type of
system rather than a complaint to you as such.

The fact that someone else's Mailmarshall blocked my second message was
both humourous and incredibly well timed, and helped prove my point how
stupid things like Mailmarshall can be :)
Post by Frank March
On average Mailmarshal as configured here seems to catch 50% of genuine spam
'aimed' at me (but is getting better) and about 25% of the blocking messages
are false positives (despite recent problems with this list, I think this
might also be improving incrementally). Nevertheless, personally, I would
much rather have the spam. The record with virus filtering is, however,
exemplary.
If Mailmarshall claims to be a content filter (eg censorship, basically,
which is the impression I get of what it tries to do) then that kind of
performance can be understood, but if it claims to be a spam filter, then
this is just incredibly poor accuracy, far worse than something like
SpamAssassin.

As the Anti-Spam person here at iGRIN I have a special interest in systems
which block Spam, which is why it frustrates me immensely when I see
systems that make a half hearted effort to block spam but cause more
trouble and annoyance than they're worth. (Particularly when I'm on the
receiving end of that annoyance ;)

(And in that category I include manual blocking of huge swarths of ip
space, outright blocking based on most RBL blacklists, Mailmarshall, and
Challenge response systems, all of which have unacceptable collateral
damage and/or high annoyance factor to those who must work through or
around them)

If your IT department wont allow you to turn off MailMarshal for your email
address then they're not doing their job properly IMHO. Part of the
responsibility of anyone installing a site-wide or system-wide spam
filtering system is to provide at the very minimum a way for individual
users to opt out, and preferably a way to customize their preferences to a
certain degree.

In the case of SpamAssassin the important preferences are the required_hits
threshold, whitelists and blacklists, and what to do with spam. (Don't scan
at all, Just tag, divert to another folder etc)

One thing I learnt when implementing a system wide Spam Filtering system is
give your users choice.

Let them turn it off if they want. Provide sensible defaults that are
conservative. (Just tag, required_hits not too low etc) Err on the side of
false negatives not false positives.

Set up intelligently you can expect SpamAssassin to catch >90% of Spam with
a false positive rate of well under 1%. With that kind of performance from
a "free" program I can't see why people would *want* to set up something
like MailMarshall...
Post by Frank March
Although I seldom post to this list (and when I do it is arguably off-topic
on occasions), and most of the traffic is of marginal direct interest to me,
I do find this list useful as a gauge of the temperature and general health
of the Net in NZ which is immensely valuable for my job. However, if the
problem persists, and complaints persist, I will remove myself from the
list. I would regard this as being a very unfortunate outcome.
I would hate to see that happen too, its unfortunate that you're caught as
the meat in the sandwich, one thing which is certain about the war between
spammers and anti-spam people is that a lot of innocent people get hurt
along the way, and IMHO many people involved in setting up spam filtering
systems are far too militant in their attitude, and just as guilty as some
of the spammers. (Spews anyone ?)

I recently dealt with an ISP in the US who had blocked 202.0.0.0/8 (!)
because "all we ever get from that netblock is spam from China". After
enlightening him to the fact that 202.0.0.0/8 was much more than just
"China" and there were whole countries in the south pacific that were being
arbitarily blocked by this, who have *nothing* to do with China, he kindly
unblocked it... ;)
Post by Frank March
And, by the way, and anticipating a message later in the thread from Juha, I
dont ever recall his swearing at me (about me perhaps....)
Oh dear, you don't read this list enough do you ? Never take anything Juha
says seriously, except when he's being serious, in which case its time for
all of us to worry ;-)

Regards,
Simon
Brian Gibbons
2003-09-26 00:03:04 UTC
Permalink
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
I recently dealt with an ISP in the US who had blocked
202.0.0.0/8 (!) because "all we ever get from that netblock
is spam from China".
And there is the issue.

If ISPs use network blocking as a mechanism to block Spam then the ultimate
outcome will be be a block on all networks and zero email delivery.

A human being can scan down 20 emails in their Inbox and immediately
descriminate between Spam and valid email because they have an educated eye
and brain.

A Spam filter can do the same, but first you have to educate it. Put the
effort into training the filter and it will perform better than a human
being.


Cheers

BG.
Juha Saarinen
1970-01-01 00:00:00 UTC
Permalink
Post by Brian Gibbons
A human being can scan down 20 emails in their Inbox and immediately
descriminate between Spam and valid email because they have an educated
eye and brain.
Now that gives me an idea... Manual Spam Filtering. The new cottage
industry. Earn Money Reading Email!

"I didn't want to believe it at first, but I made $5,000 in just two weeks
on the Manual Spam Filtering Programme. It's great!"
-- B. Gibbons, Auckland NZ
--
Juha Saarinen
Mark Foster
2003-09-26 00:27:51 UTC
Permalink
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
I recently dealt with an ISP in the US who had blocked
202.0.0.0/8 (!) because "all we ever get from that netblock
is spam from China".
And there is the issue.
If ISPs use network blocking as a mechanism to block Spam then the ultimate
outcome will be be a block on all networks and zero email delivery.
A human being can scan down 20 emails in their Inbox and immediately
descriminate between Spam and valid email because they have an educated eye
and brain.
My comment on this is simply that I do not block at the /8 - I use whois,
and DNS, and calculate exactly how wide a block I can put in without
blocking someone *elses* network.. and I do that. If I cant do it by
network then I do it by /32, starting with the offending MTA.

I don't agree with blocks such as 202/8 (been the victim of one of those)
but I think educated, selective blocking is quite acceptable - at least
untill those networks involved actually do something about the whole
'spam' thing. What amazes me is the number of people out there who still
thing opt-out is acceptable..

Mark.
Simon Byrnand
2003-09-26 00:59:18 UTC
Permalink
Post by Mark Foster
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
I recently dealt with an ISP in the US who had blocked
202.0.0.0/8 (!) because "all we ever get from that netblock
is spam from China".
And there is the issue.
If ISPs use network blocking as a mechanism to block Spam then the ultimate
outcome will be be a block on all networks and zero email delivery.
A human being can scan down 20 emails in their Inbox and immediately
descriminate between Spam and valid email because they have an educated eye
and brain.
My comment on this is simply that I do not block at the /8 - I use whois,
and DNS, and calculate exactly how wide a block I can put in without
blocking someone *elses* network.. and I do that. If I cant do it by
network then I do it by /32, starting with the offending MTA.
I don't agree with blocks such as 202/8 (been the victim of one of those)
but I think educated, selective blocking is quite acceptable - at least
untill those networks involved actually do something about the whole
'spam' thing. What amazes me is the number of people out there who still
thing opt-out is acceptable..
That approach (and point of view to the problem) is one that a lot of
people hold, (including Spews, albeit more militant) but it doesn't address
the basic issue of collateral damage.

If you as an individual decide to block ranges like that, so be it, however
a large entitity like an ISP or institution can't do this without the risk
of collateral damage.

At the end of the day *WHY* should someone trying to send a legitimate
message have their message rejected because someone else that happens to
use the same ISP is either spamming or has an insecure machine which is
being exploited to send spam. Hence my comments about how each message
(when processed on an ISP scale) *must* be treated on its own merits. Don't
tar everyone with the same brush.

Before you say "they should just move to another ISP", in some parts of the
world there AREN'T any alternatives to a given ISP. Say you're on ADSL with
the only ISP in your area that provides it (quite common in some areas of
Europe) and your ISP has other customers whose machines keep getting
exploited to relay spam, what are you going to do when you can't send your
email because your ISP is blacklisted ? Move to another ISP and go down to
a dialup connection ?

To give an analogy imagine you live on the same street as a car conversion
racket, and every time the police get a tipoff they come and raid EVERY
house on the street. When you complain that your house keeps getting raided
by the police for no reason they say "well you live on the same street as
them and you're not doing anything about stopping them, so tough".

How rediculous. Do they think that if they raid everyones houses enough
times all the neighbours will finally get so fed up that they'll go and
beat up the crooks themselves ? Or do they expect that people that get sick
of being raided all the time will move house to another street ? :)

Might sound like a silly analogy, but this is *exactly* whats happening to
the innocent bystanders in the "war against spam"....IMHO people
implementing spam filtering, at least on any scale, should be doing their
utmost to minimize collateral damage, and not take a "well if we blacklist
this whole ISP maybe they'll do something about their spammers" approach...

Private individuals that run their own mail servers for themselves and/or a
small group of friends and family are free to block whatever they please of
course :)

Regards,
Simon
DPF
2003-09-26 13:22:37 UTC
Permalink
On Fri, 26 Sep 2003 12:03:04 +1200, "Brian Gibbons"
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
People may be interested that NZ marketing companies (as in operating
100% opt in e-mail lists) have advised that around 20% of their
e-mails are getting blocked by anti spam type technologies (esp Mail
Marshall) which is actually quite shocking that such a high percentage
of e-mails that people want to receive are being blocked.

DPF
--
Blog: http://www.kiwiblog.co.nz
E-mail: ***@farrar.com
ICQ: 29964527
MSN: ***@hotmail.com
Richard Parkinson
2003-09-25 23:37:08 UTC
Permalink
If in saying "filters" you mean, delivers it to a folder along with
hoards of other junk for some poor admin to check to ensure there is no
legitimate mail in the pile... Yep.

I don't find this a great task though. A quick sort by subject, or
sender and you quickly wipe out all the crap, leaving a handful of
legitimate emails to let through. This might be a painful task for
larger sites such as Massey or an ISP.

Cheers,

Richard.






-----Original Message-----
From: Steve Withers [mailto:***@mmp.org.nz]
Sent: Friday, 26 September 2003 10:39 a.m.
To: NZ NOG
Subject: [nznog] IP / domain blocking for SPAM prevention


Further comments on IP and domain blocking for *personal* mail servers:
Just checked my maillog from yesterday.

70% of rejected mail connects came from hotmail, yahoo, earthlink and
aol.

30% came from the 61.* and 218.* Korean IP spaces

10% was rejected by ordb / relay denied / other blocked domains

I have wondered if ISPs want to encourage customers to set up
individually customisable mailservers on broadband connections - some
sort of appliance - that acts as their mail server.

Let the business and competent private users decide what they will and
won't receive....with benefits to the ISP in terms of reduced bandwidth
consumed as spam isn't deliverable to these people. Just lots of
rejected connect attempts. This may even be a managed service an ISP
could offer a customer / business. If payment is on data-volume, this
could help reduce such charges - offsetting any service fee to some
extent.

Am I right in thinking Mailmarshall still allows the spam to be
delivered? It just filters it.

The method above prevents delivery.

It would be impossible to do this at ISP level....but it may be a
service line an ISP might like to offer a client who wants to define
what they do and do not receive.
--
Steve Withers <***@mmp.org.nz>
d***@farrar.com
2003-09-26 00:19:21 UTC
Permalink
Post by Claire Hurman
Actually, at least one ISP in the NZ market already has a
'Virtual Mail Server' ASP product out there, with Spam
and Content Control features coming in the next few
weeks.
Probably an appropriate time for me to mention that one of
the activities that the InternetNZ Spam Taskforce is looking
at is an easy to access website where ISPs and others can
list what spam technologies they use and have available
(both at server level and for clients to use).

Another aspect may be some sort of guide to commercial
solutions. Want to avoid it being an "INZ says this is good
or bad" but something where users can rate and review
solutions so more people are aware of the limitations of
Mail Marshall (as one example) or Mailwasher (great product,
but bounce facility is inappropriate as it forges) as
another example.

Consumers Institute is also looking at doing a survey in the
near future, and we may team up with them to do one combined
survey.

DPF
Drew Whittle
2003-09-26 01:18:58 UTC
Permalink
Post by d***@farrar.com
Probably an appropriate time for me to mention that one of
the activities that the InternetNZ Spam Taskforce is looking
at is an easy to access website where ISPs and others can
list what spam technologies they use and have available
(both at server level and for clients to use).
So the spammers can see what systems that have to beat to get their crap
through, no thanks.

I'd happily list on a page that said "These guys do spam/anti virus
filtering" so long as I didn't have to say in detail what we did.

:D
Michael Bordignon
2003-09-26 01:22:15 UTC
Permalink
Post by Drew Whittle
So the spammers can see what systems that have to beat to get
their crap through, no thanks.
How are others supposed to learn then? trial and error?


Michael
d***@farrar.com
2003-09-26 01:28:56 UTC
Permalink
Post by Drew Whittle
Post by d***@farrar.com
Probably an appropriate time for me to mention that one
of the activities that the InternetNZ Spam Taskforce is
looking at is an easy to access website where ISPs and
others can list what spam technologies they use and have
available (both at server level and for clients to use).
So the spammers can see what systems that have to beat to
get their crap through, no thanks.
I'd happily list on a page that said "These guys do
spam/anti virus filtering" so long as I didn't have to say
in detail what we did.
People can give as much detail as they want. I would agree
you would not want to list for example the exact filters in
place (however noting that at
http://www.mirror.ac.uk/sites/spamassassin.taint.org/spamassassin.org/tests.html
they do list the exact filters and SA works pretty damn well
IMO), but detail such as "Use Brightmail", "Use Bayesian
Filtering", "Use Spews blacklist" may be useful for consumer
choice. Other details I would see as useful if whether the
ISP actually filters or just labels so users can filter on
the labels. Is the spam filter compulsory or opt-in. Does
it cost extra. If they filter is there a spam recovery
folder you can check for false positives etc.

I actually think it is highly unlikely that with the way
spammers work they would try to tailor spam individually for
each ISP to get past what they think are its filters. We
are not big enough for that. They just throw out 100
million of them and hope say 10 million of them get through
and are not too worried if it is 10.0 million or 10.05
million.

DPF
Juha Saarinen
2003-09-26 01:37:35 UTC
Permalink
Post by d***@farrar.com
I actually think it is highly unlikely that with the way
spammers work they would try to tailor spam individually for
each ISP to get past what they think are its filters. We
are not big enough for that. They just throw out 100
million of them and hope say 10 million of them get through
and are not too worried if it is 10.0 million or 10.05
million.
Spammers do try to get past filtering, and use different methods for
AOL, Hotmail, etc. Some try to poison auto-learning filters as well.
--
Juha
d***@farrar.com
2003-09-26 02:00:38 UTC
Permalink
Post by Juha Saarinen
Post by d***@farrar.com
I actually think it is highly unlikely that with the way
spammers work they would try to tailor spam individually
for each ISP to get past what they think are its
filters. We are not big enough for that. They just
throw out 100 million of them and hope say 10 million of
them get through and are not too worried if it is 10.0
million or 10.05 million.
Spammers do try to get past filtering, and use different
methods for AOL, Hotmail, etc. Some try to poison
auto-learning filters as well.
Oh I agree they do - but at the scale of the ISPs with 10
million+ customers or products that are in wide use. I
can't see a spammer adjusting anything just because they
read on a website that Ihug with 80,000 customers uses Spam
Assassin.

DPF
Juha Saarinen
2003-09-26 02:05:06 UTC
Permalink
Post by d***@farrar.com
Oh I agree they do - but at the scale of the ISPs with 10
million+ customers or products that are in wide use. I
can't see a spammer adjusting anything just because they
read on a website that Ihug with 80,000 customers uses Spam
Assassin.
And yes, spammers do try to get past Spam Assassin as well.
--
Juha
Drew Whittle
2003-09-26 02:08:04 UTC
Permalink
Post by d***@farrar.com
Oh I agree they do - but at the scale of the ISPs with 10
million+ customers or products that are in wide use. I
can't see a spammer adjusting anything just because they
read on a website that Ihug with 80,000 customers uses Spam
Assassin.
The key phrase there is "I can't see", it doesn't matter what you can't
see, it matters what the people (the ISP industry) see, if they aren't
comfortable giving out the measures they take then any central page
where people can easily see what people are using will be useless.

:D
Jamie Baddeley
2003-09-26 02:07:39 UTC
Permalink
Hi David,

So are you saying that in your estimation, products like spam assassin are not in wide use?

jamie
Post by Juha Saarinen
Post by d***@farrar.com
I actually think it is highly unlikely that with the way
spammers work they would try to tailor spam individually
for each ISP to get past what they think are its
filters. We are not big enough for that. They just
throw out 100 million of them and hope say 10 million of
them get through and are not too worried if it is 10.0
million or 10.05 million.
Spammers do try to get past filtering, and use different
methods for AOL, Hotmail, etc. Some try to poison
auto-learning filters as well.
Oh I agree they do - but at the scale of the ISPs with 10
million+ customers or products that are in wide use. I
can't see a spammer adjusting anything just because they
read on a website that Ihug with 80,000 customers uses Spam
Assassin.

DPF
d***@farrar.com
2003-09-26 02:17:35 UTC
Permalink
Post by Juha Saarinen
Post by d***@farrar.com
Oh I agree they do - but at the scale of the ISPs with
10 million+ customers or products that are in wide use.
I can't see a spammer adjusting anything just because
they read on a website that Ihug with 80,000 customers
uses Spam Assassin.
And yes, spammers do try to get past Spam Assassin as
well.
This is probably getting to the point of off topic, but I
never said they didn't. But they try to get past spam
assassin because it is a widely used spam filter, not
because they are going to go a NZ website, read that hey
Black Albatross use Spam Assassin, so hey I'd better try and
get around it.

DPF
d***@farrar.com
2003-09-26 02:20:50 UTC
Permalink
Quite the opposite. It is because they are in wide use
spammers will try and get past them. But the NZ market is
so miniscule that a list of what NZ ISP uses what is going
to have IMO zero effect on what products spammers try to
work around.

I have never said that spammers do not try to get around
anti spam filters. I have just said that publicising what
anti spam filter a NZ ISP uses, is not going to affect the
behaviour of the spammer (Unless they were for some reason
targetting that ISP as a revenge thing).

DPF
Post by Jamie Baddeley
Hi David,
So are you saying that in your estimation, products like
spam assassin are not in wide use?
jamie
Post by Juha Saarinen
Post by d***@farrar.com
I actually think it is highly unlikely that with the
way spammers work they would try to tailor spam
individually for each ISP to get past what they think
are its filters. We are not big enough for that.
They just throw out 100 million of them and hope say
10 million of them get through and are not too worried
if it is 10.0 million or 10.05 million.
Spammers do try to get past filtering, and use different
methods for AOL, Hotmail, etc. Some try to poison
auto-learning filters as well.
Oh I agree they do - but at the scale of the ISPs with 10
million+ customers or products that are in wide use. I
can't see a spammer adjusting anything just because they
read on a website that Ihug with 80,000 customers uses
Spam Assassin.
DPF
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
d***@farrar.com
2003-09-26 02:27:18 UTC
Permalink
Post by Drew Whittle
Post by d***@farrar.com
Oh I agree they do - but at the scale of the ISPs with
10 million+ customers or products that are in wide use.
I can't see a spammer adjusting anything just because
they read on a website that Ihug with 80,000 customers
uses Spam Assassin.
The key phrase there is "I can't see", it doesn't matter
what you can't see, it matters what the people (the ISP
industry) see, if they aren't comfortable giving out the
measures they take then any central page where people can
easily see what people are using will be useless.
Well I don't think I have suggested it is going to be
compulsory or anything. In fact it is only one of hundreds
of possible aspects of an overall anti spam campaign. Of
course it is up to ISPs to list whatever details they want.
If no-one lists anything then we just have a very short
page.

I would suggest that more and more consumers will pick an
ISP on the basis of services like spam filtering. I have
helped several people swap ISPs from those who do not have
anti spam technology to those who do. Ihug's spam assassin
(free plug) has been a huge benefit to me and it's the best
$2.50/mth I spend.

Anyway enough bandwidth wasted on this. My last post on the
topic.

DPF
Joe Abley
2003-09-26 14:47:55 UTC
Permalink
Post by DPF
On Fri, 26 Sep 2003 12:03:04 +1200, "Brian Gibbons"
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
People may be interested that NZ marketing companies (as in operating
100% opt in e-mail lists) have advised that around 20% of their
e-mails are getting blocked by anti spam type technologies (esp Mail
Marshall) which is actually quite shocking that such a high percentage
of e-mails that people want to receive are being blocked.
People are persuaded to opt-in to things in all kinds of tricky ways.

I think a better interpretation is that these allegedly opt-in
companies are sending mail which people demonstrably don't want to
receive. (Nobody would endure a spam filtering service which had a 20%
false positive rate, so the only natural conclusion to draw is that the
opt-in messages which are blocked aren't considered false positives by
the subscribers to those spam filtering services).


Joe
DPF
2003-09-27 02:12:17 UTC
Permalink
Post by Joe Abley
Post by DPF
On Fri, 26 Sep 2003 12:03:04 +1200, "Brian Gibbons"
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
People may be interested that NZ marketing companies (as in operating
100% opt in e-mail lists) have advised that around 20% of their
e-mails are getting blocked by anti spam type technologies (esp Mail
Marshall) which is actually quite shocking that such a high percentage
of e-mails that people want to receive are being blocked.
People are persuaded to opt-in to things in all kinds of tricky ways.
I think a better interpretation is that these allegedly opt-in
companies are sending mail which people demonstrably don't want to
receive.
I think making assumptions without any evidence is very dangerous. I
know many people who get e-mail blocked they want to receive but as we
just heard from Frank at MED, they are unable to change company
policies.
Post by Joe Abley
(Nobody would endure a spam filtering service which had a 20%
false positive rate, so the only natural conclusion to draw is that the
opt-in messages which are blocked aren't considered false positives by
the subscribers to those spam filtering services).
You would be right if people had a choice of subscribing but many
people are forced to accept whatever their employer puts in place.

DPF
--
Blog: http://www.kiwiblog.co.nz
E-mail: ***@farrar.com
ICQ: 29964527
MSN: ***@hotmail.com
Andy Linton
2003-09-27 04:14:43 UTC
Permalink
Post by DPF
Post by Joe Abley
(Nobody would endure a spam filtering service which had a 20%
false positive rate, so the only natural conclusion to draw is that the
opt-in messages which are blocked aren't considered false positives by
the subscribers to those spam filtering services).
You would be right if people had a choice of subscribing but many
people are forced to accept whatever their employer puts in place.
He who pays the piper calls the tune?

Surely any business operating an email system does so for the benefit of
the company/enterprise etc. If individuals want to receive emails that
don't match that policy then they need to have a personal account that
allows them to do so. Which brings us back to advice offered for example
to people in Frank's position that they get the mail from this list
directed to a hotmail etc account or run their own server where they can
set policy for themselves.
Hamish MacEwan
2003-09-27 05:19:55 UTC
Permalink
Post by Andy Linton
He who pays the piper calls the tune?
Surely any business operating an email system does so for the benefit
of the company/enterprise etc.
So the tune is the one that suits the enterprise's policy, but in many
cases, Frank's one amongst them, the diversity of even the most narrowly
focussed enterprise is beyond the wit of any filter. Indeed, if we
could train a filter to recognise spam "better than a human," the long
search for AI will be over.
Post by Andy Linton
Which brings us back to advice offered for example to people in
Frank's position that they get the mail from this list directed to a
hotmail etc account or run their own server where they can set policy
for themselves.
Frank's role probably benefits from his NZNOG exposure, at the
Department of Internal affairs there are policy wonks examining
censorship and gamb^Hing issues that go home to do work. The UK
parliament couldn't debate a proposed censorship bill due to MM's
cretinism.

In terms of filtering humiliation, my experience with that recently was
*outbound*, an email containing the word "wealth" too many times, plus
"naked" (in the sense of "without a job in this economy you are naked")
was returned to me by the corporate mail police, with the self-serving
reassurance that I should be grateful they stopped it, as it would
"probably" have been rejected at the destination... Not true, as per
Andy's suggestion, I more or less run my own email.

One thread I have noticed running through this discussion is the scale
issue. The smaller the safer. Perhaps if email was received on each
workstation in the corporate, the human there, who is the final arbiter
of the catch-all term "spam," could handle it, or at least make their
own decisions about it.

And its very reassuring to read there are operators who appreciate the
requirement to serve customer diversity, rather than crush them all into
some homogenised strait-jacket.


Hamish.
--
Only in quiet waters do things mirror themselves
undistorted. Only in a quiet mind is adequate perception of
the world.
-- Hans Margolius
Brian Gibbons
2003-09-27 18:07:23 UTC
Permalink
Post by Hamish MacEwan
So the tune is the one that suits the enterprise's policy,
but in many cases, Frank's one amongst them, the diversity
of even the most narrowly focussed enterprise is beyond
the wit of any filter.
I disagree.
Post by Hamish MacEwan
Indeed, if we could train a filter to recognise spam
"better than a human," the long search for AI will be over.
I am sent somewhere between 150 - 300 Spam messages daily.
A few months ago my daily drudge was delete - delete mark,bound delete.
Unfortunately I would fail to recognise one or two legitimate emails and
delete them - this was a serious problem.

I spent four months developing and training a Spam filter.
Now I get one Spam every day or two, and no false positives.
Juha Saarinen
1970-01-01 00:00:00 UTC
Permalink
Post by Andy Linton
He who pays the piper calls the tune?
In Frank's case, that'd be the taxpayer, who as per usual has precious
little say...
--
Juha Saarinen
Steve Withers
2003-09-27 10:36:12 UTC
Permalink
Post by Juha Saarinen
Post by Andy Linton
He who pays the piper calls the tune?
In Frank's case, that'd be the taxpayer, who as per usual has precious
little say...
The same as any shareholder in a medium/largish private firm does about
daily, operational matters - none.

That is what management is for. :-)

It's a shame that the most popular spam-handling programs still allow
the stuff to be received at all.....what a waste of bandwidth!
--
Steve Withers <***@mmp.org.nz>
Keith Davidson
2003-09-27 07:37:15 UTC
Permalink
Post by Andy Linton
He who pays the piper calls the tune?
Surely any business operating an email system does so for the benefit of
the company/enterprise etc. If individuals want to receive emails that
don't match that policy then they need to have a personal account that
allows them to do so. Which brings us back to advice offered for example
to people in Frank's position that they get the mail from this list
directed to a hotmail etc account or run their own server where they can
set policy for themselves.
It may be that Frank's employer also prohibits the use of hotmail type
accounts. I've seen company policies that state employees may not operate
web based email accounts, and all email must be through the company email
address / server - primarily to control virus traffic etc and probably
secondarily to control / measure / minimise time spent on "non-work" issues.

Frank may be between a rock and a hard place and I'm sure he's capable of
assessing the practicality and legitimacy of running a web based email from
his work.

Keith Davidson
Russell Fulton
2003-09-27 18:59:12 UTC
Permalink
Post by Andy Linton
Surely any business operating an email system does so for the benefit of
the company/enterprise etc. If individuals want to receive emails that
don't match that policy then they need to have a personal account that
allows them to do so. Which brings us back to advice offered for example
to people in Frank's position that they get the mail from this list
directed to a hotmail etc account or run their own server where they can
set policy for themselves.
However, some employers also have policies that forbid access to
alternate mail sources (hotmail & ISP accounts) for legitimate reasons.
This leaves some one like Frank having to follow work related lists that
run foul of the corporate filter in their own time from home.

I think that the real answer is that Corporate policies have to be
flexible enough to work around such problems. This is very obvious in
an academic environment. We tag spam and leave it up to the users to
decide what to do about it, some have filters that simply delete all
tagged messages, some (like me) get all tagged messages dumped in a
folder which a check a couple of times a day (this takes under 30
seconds normally), other don't do anything special and delete them by
hand.

I believe that this is essentially a management issue and has nothing to
do with technology.
Post by Andy Linton
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
--
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.
Simon Byrnand
2003-09-28 21:21:18 UTC
Permalink
Post by Joe Abley
Post by Russell Fulton
However, some employers also have policies that forbid access to
alternate mail sources (hotmail & ISP accounts) for legitimate reasons.
This leaves some one like Frank having to follow work related lists that
run foul of the corporate filter in their own time from home.
He also has the option of finding a new job, if the policies of his
employer don't suit him.
C'mon people (not just Joe) this thread is now getting *way* off topic,
(I'm surprised Donald hasn't stepped in yet) although admitedly my original
message was somewhat off topic as well.

However it did generate some good discussion about Spam Filtering and some
of the technical and pratical considerations of such which could be
considered on-topic, but that part now seems to have run its course...

Regards,
Simon
Chris O'Donoghue
2003-09-27 04:31:04 UTC
Permalink
Post by Frank March
-----Original Message-----
Sent: Saturday, 27 September 2003 2:12 p.m.
Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]
Post by Joe Abley
Post by DPF
On Fri, 26 Sep 2003 12:03:04 +1200, "Brian Gibbons"
Post by Brian Gibbons
[half hearted effort to block spam]
(And in that category I include manual blocking of huge
swarths of ip space, outright blocking based on most RBL
blacklists, Mailmarshall, and Challenge response systems,
all of which have unacceptable collateral damage
Well said.
People may be interested that NZ marketing companies (as in operating
100% opt in e-mail lists) have advised that around 20% of their
e-mails are getting blocked by anti spam type technologies (esp Mail
Marshall) which is actually quite shocking that such a high percentage
of e-mails that people want to receive are being blocked.
People are persuaded to opt-in to things in all kinds of tricky ways.
I think a better interpretation is that these allegedly opt-in
companies are sending mail which people demonstrably don't want to
receive.
I think making assumptions without any evidence is very dangerous. I
know many people who get e-mail blocked they want to receive but as we
just heard from Frank at MED, they are unable to change company
policies.
Post by Joe Abley
(Nobody would endure a spam filtering service which had a 20%
false positive rate, so the only natural conclusion to draw is that the
opt-in messages which are blocked aren't considered false positives by
the subscribers to those spam filtering services).
You would be right if people had a choice of subscribing but many
people are forced to accept whatever their employer puts in place.
Also what we are talking about is a 20% false positive from marketing companies. Not a General 20% false +ve rate.
These types of emails tend to have subjects and content that triggers spam filters.
I know many people that have had false positives from advertising and marketing companies.

Even when the email was not a mass distribution, sometimes just the hyperbole in a requirements email is enough to make you vomit
let alone trigger spam content based spam filtering.

Chris
Joe Abley
2003-09-27 12:28:04 UTC
Permalink
Post by DPF
Post by Joe Abley
(Nobody would endure a spam filtering service which had a 20%
false positive rate, so the only natural conclusion to draw is that
the
opt-in messages which are blocked aren't considered false positives by
the subscribers to those spam filtering services).
You would be right if people had a choice of subscribing but many
people are forced to accept whatever their employer puts in place.
I think you're missing the point. The subscriber in the corporate
scenario is the company, not the employee.


Joe
Joe Abley
2003-09-28 17:48:03 UTC
Permalink
On Saturday, Sep 27, 2003, at 14:59 Canada/Eastern, Russell Fulton
Post by Russell Fulton
However, some employers also have policies that forbid access to
alternate mail sources (hotmail & ISP accounts) for legitimate reasons.
This leaves some one like Frank having to follow work related lists
that
run foul of the corporate filter in their own time from home.
He also has the option of finding a new job, if the policies of his
employer don't suit him.
Michael Hallager
2003-09-28 20:39:58 UTC
Permalink
Thats not nice (It is arrogant). I am sure that he has bills to pay (And
family to support?),
like almost everyone else. Finding a "new job" is not always easy or fair or
as simple as saying "He has an option of finding a new job". How do
you know this?

Michael Hallager
Networkstuff Limited
Post by Joe Abley
He also has the option of finding a new job, if the policies of his
employer don't suit him.
Donald Neal
2003-09-28 22:11:13 UTC
Permalink
Sent: Monday, 29 September 2003 09:21
To: Joe Abley; Russell Fulton
Cc: nznog
Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message
was blocked]
Post by Joe Abley
On Saturday, Sep 27, 2003, at 14:59 Canada/Eastern, Russell
Post by Russell Fulton
However, some employers also have policies that forbid access to
alternate mail sources (hotmail & ISP accounts) for
legitimate reasons.
Post by Joe Abley
Post by Russell Fulton
This leaves some one like Frank having to follow work
related lists that
Post by Joe Abley
Post by Russell Fulton
run foul of the corporate filter in their own time from home.
He also has the option of finding a new job, if the policies of his
employer don't suit him.
C'mon people (not just Joe) this thread is now getting *way*
off topic,
(I'm surprised Donald hasn't stepped in yet) although
admitedly my original
message was somewhat off topic as well.
This is a list for network operators, which doesn't just mean telcos and ISP's. My view is that discussion of spam filtering is appropriate. Granted, by the time we get onto what employees should be allowed to do we may indeed have wandered a bit.

Donald Neal | "And if you think virus
Technical Specialist | writers are scary, you
Operations Engineering | have clearly never met a
Integration & Services Divn. | tort lawyer."
Alcatel NZ Ltd | - The Economist 28/8/03
All opinions mine only. |
Frank March
2003-09-29 04:52:34 UTC
Permalink
This IS an interesting, if somewhat prolonged, discussion and, needless to
say perhaps, I agree with Donald that spam filtering is an operational issue
of relevance to this list.

But it is also a policy issue of interest to the NZ Government, which is
what my job is about. To say that I can change my job as suggested by Joe
(clearly I can and maybe in the fullnss of time I will, but that IS
irrelevant) somewhat misses the point of why I am on this list... it is
because of my *present* job that I think it important.

There are many issues of possible government policy relevance that emerge on
this list in different ways, spam is just one. Which irony has been pointed
out to those who dictate the operational policy for this Ministry.
Unfortunately, they do not subscribe to NZNOG as far as I can determine.

--
Frank March Telephone (+64 4) 474 2908
Senior Specialist Advisor Fax (+64 4) 474 2659
Information Technology Policy Group Mobile: (+64) 21 042 9205
Ministry of Economic Development, Wellington, New Zealand


-----Original Message-----
From: Donald Neal [mailto:***@telecom.co.nz]
Sent: Monday, 29 September 2003 10:11
To: ***@list.waikato.ac.nz
Subject: RE: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]
Sent: Monday, 29 September 2003 09:21
To: Joe Abley; Russell Fulton
Cc: nznog
Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message
was blocked]
Post by Joe Abley
Post by Joe Abley
He also has the option of finding a new job, if the policies of his
employer don't suit him.
C'mon people (not just Joe) this thread is now getting *way*
off topic,
(I'm surprised Donald hasn't stepped in yet) although
admitedly my original
message was somewhat off topic as well.
This is a list for network operators, which doesn't just mean telcos and
ISP's. My view is that discussion of spam filtering is appropriate. Granted,
by the time we get onto what employees should be allowed to do we may indeed
have wandered a bit.


http://www.govt.nz - connecting you to New Zealand central & local government services

Any opinions expressed in this message are not necessarily those of the Ministry of Economic Development. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivery to the intended recipient, be advised that you have received this message in error and that any use is strictly prohibited. Please contact the sender and delete the message and any attachment from your computer.
Joe Abley
2003-09-29 15:04:54 UTC
Permalink
Post by Frank March
But it is also a policy issue of interest to the NZ Government, which
is
what my job is about. To say that I can change my job as suggested by
Joe
(clearly I can and maybe in the fullnss of time I will, but that IS
irrelevant) somewhat misses the point of why I am on this list... it is
because of my *present* job that I think it important.
I didn't actually mean to suggest that you should change your job,
Frank, for the record, although evidently that wasn't particularly
clear.

I was speaking more in general; there seemed to be a suggestion that
having access to personal e-mail while at work was some kind of
fundamental human right, and trumped any other policy put in place by a
company which might conflict with it. I think this is nonsense, hence
my comment.

Progressive, sensible companies (for whom good people will trouble
themselves to work) will not install needlessly restrictive policies,
but that doesn't mean that conservative, unenlightened companies should
not be able to.

Anyway, apologies for prolonging the thread. I will now climb back
under my rock.


Joe
Juha Saarinen
2003-09-29 20:45:05 UTC
Permalink
Post by Joe Abley
Progressive, sensible companies (for whom good people will trouble
themselves to work) will not install needlessly restrictive policies,
but that doesn't mean that conservative, unenlightened companies should
not be able to.
Hold on... Joe, are you saying that the MED is conservative and
unenlightened? That it's running needlessly restrictive policies?
--
Juha
Barry Murphy
2003-09-29 23:12:35 UTC
Permalink
I think this thread is dead... lets maybe look at the sobig damage..

http://www.theregister.co.uk/content/56/33059.html

Barry

----- Original Message -----
From: "Juha Saarinen" <***@saarinen.org>
To: "Joe Abley" <***@isc.org>
Cc: <***@list.waikato.ac.nz>
Sent: Tuesday, September 30, 2003 8:45 AM
Subject: Re: [nznog] Argghhh.... [Fwd: Your e-mail message was blocked]
Post by Juha Saarinen
Post by Joe Abley
Progressive, sensible companies (for whom good people will trouble
themselves to work) will not install needlessly restrictive policies,
but that doesn't mean that conservative, unenlightened companies should
not be able to.
Hold on... Joe, are you saying that the MED is conservative and
unenlightened? That it's running needlessly restrictive policies?
--
Juha
_______________________________________________
NZNOG mailing list
http://list.waikato.ac.nz/mailman/listinfo/nznog
Loading...