E-mail Scramblers

Re: E-mail Scramblers

JRS: In article <dr98do$uoe$2@b lue.rahul.net>, dated Thu, 26 Jan 2006
01:25:12 remote, seen in news:comp.infos ystems.www.authoring.html, axlq
<axlq@spamcop.n et> posted :[color=blue]
>In article <MPG.1e3f456fce bf64c1989844@ne wsgroups.comcas t.net>,
>saz <saz1958@nospam mersexcite.com> wrote:[color=green]
>>This has been gone over many times in many groups. There is no fool-
>>proof way to prevent email harvesting.[/color]
>
>There isn't? What isn't fool-proof about having a CGI web form that
>someone has to fill out to communicate with you? No email address
>can be seen or derived anywhere in the web page source. I'm not
>talking about the often-abused webmail perl scripts, but a custom
>CGI that you write yourself.
>
>The site I'm developing now uses that method. No email addresses
>anywhere on the site. The "Contact us" link takes you to a form.
>
>Granted, when replying to such email sent via a form, the recipient
>does see an email address. But it's not getting harvested from the
>web site.[/color]

By that method, you get fewer genuine E-mails.

Those who fetch Web pages while connected for reading off-line, and
those who prefer to communicate outbound and inbound by E-mail because
of the filing then provided, may just not bother to start communication.

Commercially, that may be advantageous; you may only want permanently-
connected or determined customers.

But those who publish technical material may lose feedback and
corrections.

Use the form, by all means; but provide in addition the E-address in a
format which a human, but not a robot, can interpret - but not one which
a robot can think it has understood.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk DOS 3.3, 6.20; Win98. ©
Web <URL:http://www.merlyn.demo n.co.uk/> - FAQqish topics, acronyms & links.
PAS EXE TXT ZIP via <URL:http://www.merlyn.demo n.co.uk/programs/00index.htm>
My DOS <URL:http://www.merlyn.demo n.co.uk/batfiles.htm> - also batprogs.htm.

Re: E-mail Scramblers

On Fri, 27 Jan 2006, Dr John Stockton wrote:
[color=blue]
> Nick Kew <nick@asgard.we bthing.com> posted :[/color]
[color=blue][color=green]
> >Dial-up users pick up mail from their ISP's host. And mail that's on
> >the ISP's host is mail that's already been accepted.
> >
> >If you try to reject it when you dial up, you're just spamming the
> >poor sod whose address got forged.[/color][/color]

Quite...
[color=blue]
> My ISP provides what I describe; mail for merlyn is not rejected
> immediately, but only when I connect to the ISP - or, rather, when
> the ISP's SMTP soon afterwards connects to me as a result of an
> ISP-internal tip-off that I've connected - and my software then sees
> and can reject it.[/color]

You can't have it both ways. Either that rejected mail is dropped
into a black hole and forgotten (in which case, bona fide mail that
has been accidentally rated as spam will be lost, and nobody will be
any the wiser), or else, as Nick rightly said, your ISP will compose
bounces to inform some innocent third party/ies that you've rejected
some spam. In the latter case, it won't be long before that leads to
a blacklisting for what's known as backscatter[0] - and rightly so
too.

Bluster as much as you like, but that's the logic of how it works.
[color=blue]
> What happens when mail bounces is another matter.[/color]

Try reading what Nick said.
[color=blue]
> You have asserted that saying that a "Dial-up Internet hosts cannot
> reject until connected" is wrong - I don't understand how a machine
> which is not connected - is perhaps not even powered up - is perhaps
> in pieces, or extinct, can possibly reject mail.[/color]

Try parsing the original statement in accordance with reality, instead
of trying to turn it into some kind of fantasy and then refuting that
fantasy[1]. If you doubt Nick's bona fides, then your ability to
evaluate contributors here is seriously in need of maintenance,
forsooth.


[0] I prefer to call it "collateral spam", which was the term the
JANET folks originally used, and seems to me more appropriate.

[1] otherwise referred to as a "straw man argument".

Re: E-mail Scramblers

Dr John Stockton wrote:
[color=blue]
>
> My ISP provides what I describe; mail for merlyn is not rejected
> immediately, but only when I connect to the ISP[/color]

Whoosh!

What happens between you and your ISP is utterly immaterial.
If it's waiting for you on your ISP's server, then IT HAS ALREADY
BEEN ACCEPTED FROM THE SPAMMER.

Bouncing email that has been accepted by your ISP's server puts YOU
on the level of the spammer - because the recipient of the bounce
(if any) is an innocent victim. And dropping it is also problematic,
because any false positive you get will be dropped without the
sender ever knowing. Just don't do it.

--
Nick Kew

Re: E-mail Scramblers

JRS: In article <jvkqa3-8eb.ln1@asgard. webthing.com>, dated Fri, 27 Jan
2006 22:55:11 remote, seen in news:comp.infos ystems.www.authoring.html,
Nick Kew <nick@asgard.we bthing.com> posted :[color=blue]
>Dr John Stockton wrote:
>[color=green]
>>
>> My ISP provides what I describe; mail for merlyn is not rejected
>> immediately, but only when I connect to the ISP[/color]
>
>Whoosh!
>
>What happens between you and your ISP is utterly immaterial.
>If it's waiting for you on your ISP's server, then IT HAS ALREADY
>BEEN ACCEPTED FROM THE SPAMMER.
>
>Bouncing email that has been accepted by your ISP's server puts YOU
>on the level of the spammer - because the recipient of the bounce
>(if any) is an innocent victim. And dropping it is also problematic,
>because any false positive you get will be dropped without the
>sender ever knowing. Just don't do it.[/color]


When at my ISP, it has not been accepted by the Internet host that it is
directed to.

When at my ISP, it has not reached the Internet host that it is directed
to.

When at my ISP, it is merely being held in an intermediate machine until
it can be passed on to its destination.

My ISP's mail system knows NOTHING about what left-hand parts are valid
with @merlyn.dcu .

Merlyn owns (well, leases) the whole of a dotted quad (though legitimate
stuff for www.merlyn.dcu does not reach here).


Please look back to my first post in this branch of the thread - well,
I'd better repeat the relevant part :-


<QUOTE>[color=blue]
>You can't. Once you are on a list, you're a gonner. You don't even
>need to publish your address anywhere, spammers will target ISPs with
>random addresses to see those that work and those that don't. Any that
>aren't bounced almost immediately must be real.[/color]

They may be considered real, but it's not always a valid assumption.
Dial-up Internet hosts cannot reject until connected.
</QUOTE>


Read carefully, and you will see that I was saying ONLY that the lack of
an immediate bounce does not necessarily mean that the address is valid.

Let X be a 15-character random alphanumeric string.

Then X at aol.com is (almost certainly) a non-deliverable address; a
spammer probing it should receive an immediate bounce.

But X at merlyn.dcu is (certainly) a non-deliverable address; a
spammer probing it will NOT receive an immediate bounce, but will
receive a bounce after I next Connect.


REMEMBER :

The point under consideration is the timing of a bounced probe, and a
probe needs to have a return address such that the spammer will see the
bounce.

The decision as to what happens to each mail sent to @merlyn.dcu is
taken here in this room, by me and my machine; we set our policy before
connecting, but that policy can only be observed from outside this room
while a connection is active.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 MIME ©
Web <URL:http://www.uwasa.fi/~ts/http/tsfaq.html> -> Timo Salmi: Usenet Q&A.
Web <URL:http://www.merlyn.demo n.co.uk/news-use.htm> : about usage of News.
No Encoding. Quotes before replies. Snip well. Write clearly. Don't Mail News.

Re: E-mail Scramblers

On Sat, 28 Jan 2006, Dr John Stockton being his usual obtuse self:

[much bluster omitted]

fx: Whoosh*2
[color=blue]
> REMEMBER :[/color]

Remember: you've just voluminously repeated everything that we already
knew, while studiously avoiding the key point. If you still don't know
what that is, too bad. Try a mail admin's forum.

EOT for me. [f'up proposed.]

Re: E-mail Scramblers

On Sat, 28 Jan 2006 22:51:52 +0000, Dr John Stockton
<jrs@merlyn.dem on.co.uk> wrote:
[color=blue]
>When at my ISP, it has not been accepted by the Internet host that it is
>directed to.
>
>When at my ISP, it has not reached the Internet host that it is directed
>to.[/color]

These points are true but the fact the ISP has not rejected the mail
does indicate that the address is valid. The ISP is an agent and should
only accept mail if it has a user account where the mail can be stored.
If the ISP doesn't have such a account it should reject the attempt to
send the message.

I recently had a problem where mails for a valid user were rejected by
the ISP (error 550, user unknown) even though the user is valid and the
sender is acceptable. It turns out that the ISP always tries to open a
mail channel back to the sender before accepting the incoming message
and then rejects the incoming message if the back channel attempt fails.
This is part of their anti-spam procedure and they definitely don't want
to acknowledge to a suspect sender that an address is valid. The
downside to this approach is that the rejection is fatal and the sender
won't retry the transfer later as it does with some other errors.

An ISP has to reject an undeliverable message immediately as it can't do
so later. So if it accepts mail it is a pretty good indication that the
address is valid. There are exceptions though. I have two previous
ISPs (accounts now closed) and mail sent to these addresses is accepted
but never delivered to me.
[color=blue]
>Read carefully, and you will see that I was saying ONLY that the lack of
>an immediate bounce does not necessarily mean that the address is valid.
>
>Let X be a 15-character random alphanumeric string.
>
>Then X at aol.com is (almost certainly) a non-deliverable address; a
>spammer probing it should receive an immediate bounce.
>
>But X at merlyn.dcu is (certainly) a non-deliverable address; a
>spammer probing it will NOT receive an immediate bounce, but will
>receive a bounce after I next Connect.[/color]

I don't see how you can do an equivalent 'bounce' here. The ISP has
accepted the message and the connection is closed. All you can do is
send a text reply to the advertised sender.

-- Steven

Re: E-mail Scramblers

JRS: In article <l1aqt1teu0e49q 9heeaq7fr6rk6nr k14p4@4ax.com>, dated
Mon, 30 Jan 2006 08:22:37 remote, seen in news:comp.infos ystems.www.auth
oring.html, Steven <Phelum@Syd.a u> posted :[color=blue]
>On Sat, 28 Jan 2006 22:51:52 +0000, Dr John Stockton
><jrs@merlyn.de mon.co.uk> wrote:
>[color=green]
>>When at my ISP, it has not been accepted by the Internet host that it is
>>directed to.
>>
>>When at my ISP, it has not reached the Internet host that it is directed
>>to.[/color]
>
>These points are true but the fact the ISP has not rejected the mail
>does indicate that the address is valid.[/color]

It does not. It means only that the domain, in my case merlyn.dcu, is
valid. Since the whole of merlyn.dcu is leased by me, the ISP does not
retain the authority to object to particular left-hand parts.
[color=blue]
> The ISP is an agent and should
>only accept mail if it has a user account where the mail can be stored.
>If the ISP doesn't have such a account it should reject the attempt to
>send the message.[/color]

Inapplicable concept here, probably based on familiarity with systems
where the valid E-addresses are agreed between USP & user and POP3 is
the mail protocol from ISP to user.
[color=blue]
>An ISP has to reject an undeliverable message[/color]

Only if the ISP knows it to be undeliverable.
[color=blue]
>immediately as it can't do
>so later. So if it accepts mail it is a pretty good indication that the
>address is valid. There are exceptions though. I have two previous
>ISPs (accounts now closed) and mail sent to these addresses is accepted
>but never delivered to me.[/color]

That's another disproof of the flawed assertion "Any that aren't bounced
almost immediately must be real.".

[color=blue][color=green]
>>Read carefully, and you will see that I was saying ONLY that the lack of
>>an immediate bounce does not necessarily mean that the address is valid.[/color][/color]
[color=blue]
>I don't see how you can do an equivalent 'bounce' here. The ISP has
>accepted the message and the connection is closed. All you can do is
>send a text reply to the advertised sender.[/color]

Be aware that my ISP, and the authors of my Internet software, have a
justified reputation for a thorough understanding and a careful
implementation of the RFCs.

My machine, being an Internet host, can in fact act as an ISP to others
(disregarding bandwidth and up-time and terms of my account with my
ISP).

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 MIME ©
Web <URL:http://www.uwasa.fi/~ts/http/tsfaq.html> -> Timo Salmi: Usenet Q&A.
Web <URL:http://www.merlyn.demo n.co.uk/news-use.htm> : about usage of News.
No Encoding. Quotes before replies. Snip well. Write clearly. Don't Mail News.

Re: E-mail Scramblers

On Mon, 30 Jan 2006 13:28:16 +0000, Dr John Stockton
<jrs@merlyn.dem on.co.uk> wrote:
[color=blue][color=green]
>>These points are true but the fact the ISP has not rejected the mail
>>does indicate that the address is valid.[/color]
>
>It does not. It means only that the domain, in my case merlyn.dcu, is
>valid. Since the whole of merlyn.dcu is leased by me, the ISP does not
>retain the authority to object to particular left-hand parts.[/color]

Your ISP relationship here sounds different from what I would call
normal. I posted here because of my recent problems with mail being
incorrectly rejected and the reasons seem relevant to this thread but
apparently not your setup.

[snip]
[color=blue]
>That's another disproof of the flawed assertion "Any that aren't bounced
>almost immediately must be real.".[/color]

I only said "pretty good indication" . I was going to condition my
initial statement with "seem" but "seem to indicate" sounded very wimpy.
[color=blue][color=green][color=darkred]
>>>Read carefully, and you will see that I was saying ONLY that the lack of
>>>an immediate bounce does not necessarily mean that the address is valid.[/color][/color][/color]

No argument. In fact I presented an instance where a rejection occurred
even though the address was valid. But, generally speaking, I still say
that rejection/acceptance indicates an invalid/valid address.
[color=blue][color=green]
>>I don't see how you can do an equivalent 'bounce' here. The ISP has
>>accepted the message and the connection is closed. All you can do is
>>send a text reply to the advertised sender.[/color]
>
>Be aware that my ISP, and the authors of my Internet software, have a
>justified reputation for a thorough understanding and a careful
>implementati on of the RFCs.[/color]

I didn't say you were doing anything wrong.

-- Steven

Re: E-mail Scramblers

JRS: In article <780tt1p717ec60 pe69t638t9poehd 3uuq4@4ax.com>, dated
Tue, 31 Jan 2006 09:00:08 remote, seen in news:comp.infos ystems.www.auth
oring.html, Steven <Phelum@Syd.a u> posted :[color=blue]
>On Mon, 30 Jan 2006 13:28:16 +0000, Dr John Stockton
><jrs@merlyn.de mon.co.uk> wrote:
>[color=green][color=darkred]
>>>These points are true but the fact the ISP has not rejected the mail
>>>does indicate that the address is valid.[/color]
>>
>>It does not. It means only that the domain, in my case merlyn.dcu, is
>>valid. Since the whole of merlyn.dcu is leased by me, the ISP does not
>>retain the authority to object to particular left-hand parts.[/color]
>
>Your ISP relationship here sounds different from what I would call
>normal.[/color]


Of course. ISTM that I indicated clearly enough that my machine is an
Internet host. It owns (well, leases) the whole of a dotted quad.

Apart from the terms of the lease, my intermittent dialup, and the
modest bandwidth, I could offer you all the services you'd expect of an
ISP, if I were to install suitable software. (Except that
www.merlyn.dcu cannot be effectively implemented on this machine, since
for obvious reasons the ISP handles that itself.)

But you'll notice that some of the "Experts" here don't let the
limitations of their expertise limit their pontifications.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk DOS 3.3, 6.20; Win98. ©
Web <URL:http://www.merlyn.demo n.co.uk/> - FAQqish topics, acronyms & links.
PAS EXE TXT ZIP via <URL:http://www.merlyn.demo n.co.uk/programs/00index.htm>
My DOS <URL:http://www.merlyn.demo n.co.uk/batfiles.htm> - also batprogs.htm.

Re: E-mail Scramblers

Stephen Poley wrote:
And anyone who puts a spamtrap in their address is not very[color=blue]
> likely to buy from spammers anyway, so it probably wouldn't be worth the
> effort of cleaning the lists.[/color]

'Which' magazine (IIRC) in the UK did a trial where they set up a large
number of addresses and put them into the public domain somehow.

After a period of time they started to reply to all the spam they
received [to a sub-set of the addresses], trying to buy the goods and
services that were offered.

Apart from the porn sellers, they got next to no responses, except for
an incrase in spam to the addresses they had replied to. They concluded
that everything except the porn was little more than an attempt to
validate addresses for resale to other spammers.

Nik