a bit of lovely news about spam in California

David Wolfskill david at catwhisker.org
Sat Jan 5 05:39:15 PST 2002


>From: Heather <star at betelgeuse.starshine.org>
>Date: Fri, 4 Jan 2002 21:22:18 -0800 (PST)

>But while we're on antispam I have an interesting question - what are your
>preferred methods of proving-beyond-shadow-of-a-doubt to Pointy Haired Boss
>types, that a given site is *not* an open relay / spambait?  And are your
>answers any dif't for internal "bossberts" vs external troublemakers?

First, I'll admit that for the last (one month shy of) 4 years, I've not
really needed to deal with PHBs much, let alone in the contxt of the
posed query.  (That's because I've been fortunate enough to support a
development group, and nearly everything I do is well below the notice
of the PHB types in any case.  It helps a great deal that I'm able to
"get away with" responding to queries about Microsoft-environment-
related things by some variation on "You'll need to talk with the folks
who support that, of whom I am not one" or "I could install FreeBSD on
the machine, if you like."

Of course, since the company that bought my employer had decided to
destroy the organization, that's all coming to an end Real Soon Now.

In any case, it's been long enough ago that I've dealt with PHBs that I
have a little trouble visualizing a PHB who would have as much as a
faint clue what an "open relay" really is.  Thus, to address the
question, it would be necessary to discern what the PHB *thinks* an
"open relay" (or "spambait") is.

And no, I'm not writing this (just) to be perverse, because:

* I have a little trouble with the implicit "guilty until proven
  innocent" assumption -- even if we're discussing spammers.

* It's not clear to me that the assertion is actually provable to
  someone who has sufficient clue (thereby, I presume, excluding a PHB) as
  to the nature of (E)SMTP conversations.

Now, that last statement may seem a little weird, especially given that
I'm not exactly inclined to try to make spammers' lives easier.  But
consider such things as a site providing secondary MX for another site;
this is an (intentional) mail relay.  And consider that MX records, like
anything else in DNS, are mutable (though it is fairly usual for changes
to propagate somewhat irregularly).  So you can determine, to some extent, 
what site(s) a given (other) one relayed for at some point(s) in time, but 
making the characterization "this site is an open relay" is, while
somewhat subjective, a great deal easier than actually proving "this
site is not an open relay".

For example, it is possible in principle to set up a mail relay that
only acts as an open relay for some select group of spammers.  Granted,
I think of nothing positive about someone who would do such a thing, but
my belief that such a thing is possible colors my perception of your
query, and thus, my response(s).

As for the distinction between "internal Bossberts" vs. "external
troublemakers," that is something I've rarely dealt with (lucky me).
The few times I've dealt with outsiders at all, I merely pointed out the
facts.  As for insiders, my answers tend toward the category of "if you
don't want those answers, don't ask those questions."

Then again, I may be failing to grasp your intent, too....  :-}

Cheers,
david (http://www.catwhisker.org/~david for pointers to my resume)
-- 
David H. Wolfskill				david at catwhisker.org
I believe it would be irresponsible (and thus, unethical) for me to advise,
recommend, or support the use of any product that is or depends on any
Microsoft product for any purpose other than personal amusement.



More information about the Baylisa mailing list