On Thu, 21 Dec 2006 10:39:13 -0500, Add Homonym
<EMAIL REMOVED> wrote:

>If someone owns a gun collection, and they keep it somewhere without
>locking it up, and one or all of the guns are stolen and used to commit
>a crime, you can bet your butt that in most jurisdictions the local DA
>would be quite interested in indicting the owner of said gun collection
>with criminal negligence, or possibly even as an accomplice to whatever
>crime was comitted using his guns...

Most jurisdictions? What country are you talking about?

"Accomplice"?

That sound you hear is the collective laughter of DAs in jurisdictions
south of the Manson-Nixon line and west of the Mississippi.

William T***o wrote

> Fleeing from the madness of the Rhyolite Software jungle
> Vernon Schryver <EMAIL REMOVED> stumbled into
> news:news.admin.net-abuse.email,alt.www.webmaster,alt.spam
> and said:

>> But of course anyone who competent to have written the world's
>> easiest PHP form to email script ...
>
> Frankly, I thought the case was well made until the personal attacks
> came in.

Yes, it got personal very early in the argument. Suits me, I win it easily
then.

--
Charles Sweeney
http://CharlesSweeney.com

In article <op.tkworcxbm9g4qz-EMAIL REMOVED>, William T***o <usenet> wrote:

>preventing spam is the tricky part. For my part I like to keep things
>simple (I have not the resources to be an avenging angel) so the ip that
>connects to servers in my control is the ip that gets blocked.

I don't understand that. It's not because those who claim to be avenging
angels of spam are sad posuers, but that blocking all IP addresses can't
be right. Maybe the idea is to block previous senders of spam. But
blacklisting IP addresses that have sent spam in the past is often good,
but often need to be de-listed eventually. A bigger problem is that
unless you are running AOL, you are unlikely to have enough traffic to
blacklist IP addresses quickly enough, and so need to use other tactics.
Even Spamhaus advocates more defenses against spam than DNSBLs against
SMTP client IP addresses, such as checking URLs in message bodies.

Disclaimer: some people might think my views of good spam defenses are
biased by my own enterprises.


>> But of course anyone who competent to have written the world's easiest
>> PHP form to email script ...
>
>Frankly, I thought the case was well made until the personal attacks came
>in.
>
>Oh well.

The possibility that the other person might share significant responsible
for the floods of PHP spam seen until recently seems relevant to his
defense of the innocense of his customers. Even if his code is not
what I suspect, his defense of his competitors' customers use of his
competitors' malware cannot be seen as disinterested.

To be more explicit and personal, someone who feels no shame
advertising as a major claim to fame something as trivial as a
form-to-email PHP script is unlikely to be the most competent hack
I've encountered. Even if his PHP form-to-email script is now safe,
I have dark suspicions of its past.

(I see a lot less PHP spam lately, and have the impression that others
see the same.)


Vernon Schryver EMAIL REMOVED

Add Homonym wrote

> Here is an analogy:
> If someone owns a gun collection, and they keep it somewhere without
> locking it up, and one or all of the guns are stolen and used to
commit
> a crime, you can bet your butt that in most jurisdictions the local DA
> would be quite interested in indicting the owner of said gun
collection
> with criminal negligence, or possibly even as an accomplice to
whatever
> crime was comitted using his guns...

What about the gun manufacturer? If you go down that road, you blame
him too. We see that too in the UK, the feeble-minded taking the soft
route and going after anyone but the real culprit.

I'm sure the spammers will be pleased to learn that you don't hold them
solely responsible for their spam.

> And make no mistake - any host capable of relaying mail *IS* a loaded
> gun. Failing to secure it *IS* criminal negligence. this doesn't
excuse
> the spammers who hijack it, of course, but ignoring the problem of
> insecure mailer scripts is a crime in and of itself.

It strikes me that you have no idea what real crime is.

--
Charles Sweeney
http://CharlesSweeney.com

Vernon Schryver wrote

> To be more explicit and personal, someone who feels no shame
> advertising as a major claim to fame something as trivial as a
> form-to-email PHP script is unlikely to be the most competent hack
> I've encountered. Even if his PHP form-to-email script is now safe,
> I have dark suspicions of its past.

You're not drunk, you're a prick. A libelling prick at that.

--
Charles Sweeney
http://CharlesSweeney.com

Fleeing from the madness of the Rhyolite Software jungle
Vernon Schryver <EMAIL REMOVED> stumbled into
news:news.admin.net-abuse.email,alt.www.webmaster,alt.spam
and said:

> In article <op.tkworcxbm9g4qz-EMAIL REMOVED>, William T***o <usenet>
> wrote:
>
>> preventing spam is the tricky part. For my part I like to keep things
>> simple (I have not the resources to be an avenging angel) so the ip that
>> connects to servers in my control is the ip that gets blocked.
>
> I don't understand that. It's not because those who claim to be avenging
> angels of spam are sad posuers, but that blocking all IP addresses can't
> be right. Maybe the idea is to block previous senders of spam.

The idea is to block IP addresses that I decide are of no benefit to me
and/or my customers. Some Ips get on the list as a direct result of spam.


> But
> blacklisting IP addresses that have sent spam in the past is often good,
> but often need to be de-listed eventually.

sure

> A bigger problem is that
> unless you are running AOL, you are unlikely to have enough traffic to
> blacklist IP addresses quickly enough, and so need to use other tactics.

I do have several tactics - I don't use blocklists made by others because
I simply do not trust their motives although I'd be happy to stand a round
of beers with any list maintainer who wishes to strike up a professional
relationship and convince me of their intentions/integrity. Let me be
clear: that is not to say that I do distrust blacklist maintainers -
simply that I don't know them from Adam - even the rather famous chap just
down river from here.

> Even Spamhaus advocates more defenses against spam than DNSBLs against
> SMTP client IP addresses, such as checking URLs in message bodies.

I don't currently have such a scheme but I may implement something similar
- then again, maybe I wont

> Disclaimer: some people might think my views of good spam defenses are
> biased by my own enterprises.

heh - nothing wrong with discussing ones own products/services when it's
in-context/on-topic.

>>> But of course anyone who competent to have written the world's easiest
>>> PHP form to email script ...
>>
>> Frankly, I thought the case was well made until the personal attacks
>> came
>> in.
>
> The possibility that the other person might share significant responsible
> for the floods of PHP spam seen until recently seems relevant to his
> defense of the innocense of his customers.

It would seem that more is being read into the posts than is actually
present.

> Even if his code is not
> what I suspect, his defense of his competitors' customers use of his
> competitors' malware cannot be seen as disinterested.

It's an opinion - and while I find myself in disagreement with Charles on
this issue I am happy that there are folk prepared to question received
wisdom.

--
William T***o

http://williamt***o.com/words/what-is-usenet.asp

Kevin S. Wilson wrote:
> On Thu, 21 Dec 2006 10:39:13 -0500, Add Homonym
> <EMAIL REMOVED> wrote:
>
>
>>If someone owns a gun collection, and they keep it somewhere without
>>locking it up, and one or all of the guns are stolen and used to commit
>>a crime, you can bet your butt that in most jurisdictions the local DA
>>would be quite interested in indicting the owner of said gun collection
>>with criminal negligence, or possibly even as an accomplice to whatever
>>crime was comitted using his guns...
>
>
> Most jurisdictions? What country are you talking about?

OK. Yah. Shouldn'ta said most. I mean round these parts, NE USA.
Specifically I was thinking of NYC. Ya know, the capital of the whole
world? (<-- sarcasm)

>
> "Accomplice"?

Yup. Knowing your actions (leaving weapons in an accessible place) would
likely aid in the commision of a crime. Makes one an accomplice.
Unlikely one would be charged that way unless one REALLY pissed of the
investigating officers, but it HAS happenned.

Can't remember the names or exact date, but IIRC, some clown round here
told off officers that were investigating a homicide that stemmed from a
liquor store hold up. The idiot had left the keys in his car when he
went in to buy booze, and the crooks who were holding up the same store
ran out and used his car as a getaway car. They charged him as an
accomplice (to capital murder!) when he refused to answer any questions
about what he saw, but dropped the charges after he apologized and
agreed to cooperate with the investigation...

>
> That sound you hear is the collective laughter of DAs in jurisdictions
> south of the Manson-Nixon line and west of the Mississippi.

I'm figuring they'd do it similar to how we do it 'round here in
California. (which is, if I am not mistaken, west of the missisippi).

Should I really be concerned if the states that were dumb enough to
elect Bush think we are silly?

On 21 Dec 2006 17:34:21 GMT, Charles Sweeney <EMAIL REMOVED>
wrote:

>Vernon Schryver wrote
>
>> If you must pick only one guilty party for a spew of spam, then it is
>> the owner of the SMTP client that sends the spam to SMTP servers.
>
>No it's not, it's the spammer. The spammer who will be relaxing in the
>knowledge that you don't hold him solely responsible for his spam.
>
>> But of course anyone who competent to have written the world's easiest
>> PHP form to email script with having simultaneously built and
>> distributed some particularly evil spamware surely knows that.
>> Charles Sweeney's outrage at the notion of holding his customers
>> accountable for their operation of bad form-to-email scripts is
>> intriguing. See the first link on this page to see why
>> http://charlessweeney.com/
>
>Oh dear, oh dear...it's libel now.

We have k00k sign, folks.

Who had "within a dozen posts" in the k00k-sign pool?

On 21 Dec 2006 18:33:51 GMT, Charles Sweeney <EMAIL REMOVED>
wrote:

>Vernon Schryver wrote
>
>> To be more explicit and personal, someone who feels no shame
>> advertising as a major claim to fame something as trivial as a
>> form-to-email PHP script is unlikely to be the most competent hack
>> I've encountered. Even if his PHP form-to-email script is now safe,
>> I have dark suspicions of its past.
>
>You're not drunk, you're a prick. A libelling prick at that.

So sue then, sparky. Or shut up.

On Thu, 21 Dec 2006 15:22:14 -0500, Add Homonym
<EMAIL REMOVED> wrote:

>I'm figuring they'd do it similar to how we do it 'round here in
>California. (which is, if I am not mistaken, west of the missisippi).

In the same sense that Mars is west of the Mississippi. I thought we
were talking about the real world, making California automatically
exempt from consideration.

>Should I really be concerned if the states that were dumb enough to
>elect Bush think we are silly?

I dunno, mostly because I didn't say anything to even suggest such a
thing.