Early mornin' rant:
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also suggests "It's probably a good idea to use less filtering on your anti-spam mailing list messages, or even to whitelist them". I think that's a much better idea, and everyone here should be doing that anyway, since live spams do often appear on this list. I know I do.
The MUNGED is largely unnecessary, takes time to deal with, and (just as it is supposed to) stops automatic URI parsing, and even severely impairs human URI parsing, to the point that I go cross-eyed after spending half an hour reading the finer points on why "someMUNGEDwebsite.com" should be whitelisted.
Oh, by the way, SpamAssassin, at least (and all others that I'm aware of), will not even parse body tokens of the form domain.com or 127.0.0.2 as URIs. And, again, "use less filtering on your anti-spam mailing list messages", if you aren't already.
I see no reason to MUNGE domains posted to this list. Unless someone has some really compelling evidence to the contrary, could we please curb this silly practice before it really becomes a silly collective habit? :-)
- Ryan
Hi Ryan, At 06:37 01-09-2004, Ryan Thompson wrote:
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also
It is silly and it shows that some people running antispam filters are not able to configure their system to whitelist antispam mailing lists they are subscribed to.
Regards, -sm
SM wrote:
Hi Ryan, At 06:37 01-09-2004, Ryan Thompson wrote:
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also
It is silly and it shows that some people running antispam filters are not able to configure their system to whitelist antispam mailing lists they are subscribed to.
I agree. We're all, or should be, pretty good at configuring our systems. Even if one does come up as "SPAM" on mine it isn't filtered into anyplace but this box.
Of course, on the other hand, maybe we all really like to -MUNGED things! MUNGED-HAR!
-MUNGED-Doc (SA/SARE/SURBL Ninja)
Hi!
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also
It is silly and it shows that some people running antispam filters are not able to configure their system to whitelist antispam mailing lists they are subscribed to.
Keep in mind that some people DO work and try to helo out with antispam, but are bound to filters that are applied, for example since their ISP does this, or simply as its for some 'company policy'. I would suggest to keep using the -MUNGED, if not, dont be surprised that people will miss your postings...
Bye, Raymond.
Hi Raymond, At 10:05 01-09-2004, Raymond Dijkxhoorn wrote:
Keep in mind that some people DO work and try to helo out with antispam, but are bound to filters that are applied, for example since their ISP does this, or simply as its for some 'company policy'. I would suggest to keep using the -MUNGED, if not, dont be surprised that people will miss your postings...
If it is 'company policy', then they should not subscribe to the list from that email address as they may also miss postings with spam-like content.
Regards, -sm
Hi!
Keep in mind that some people DO work and try to helo out with antispam, but are bound to filters that are applied, for example since their ISP does this, or simply as its for some 'company policy'. I would suggest to keep using the -MUNGED, if not, dont be surprised that people will miss your postings...
If it is 'company policy', then they should not subscribe to the list from that email address as they may also miss postings with spam-like content.
The world isnt just 1 and 0, there is more. These situations exist, and the people i know in thses situations are VERY helpfull antispam soldiers.
Bye, Raymond.
Raymond Dijkxhoorn wrote to SURBL Discussion list:
Hi!
If it is 'company policy', then they should not subscribe to the list from that email address as they may also miss postings with spam-like content.
The world isnt just 1 and 0, there is more. These situations exist, and the people i know in thses situations are VERY helpfull antispam soldiers.
Sure. These helpful antispam soldiers should also know that, regardless of whether domains are munged or not (SURBL is just one aspect of most comprehensive filters), that other spammy list messages might wind up in their spam filter just as quickly.
In general, folks (especially smart helpful ones) should already be aware that, if they (or their ISP) filter spam related list mail, they're eventually going to FILTER SPAM RELATED LIST MAIL. ;-)
I'm advocating making our job easier. We don't send example spams with munged headers and spam phrases, because it just shovels more work on the sender and the recipients to de-munge everything. Why bother with domains?
- Ryan
Raymond Dijkxhoorn wrote to SURBL Discussion list:
Keep in mind that some people DO work and try to helo out with antispam, but are bound to filters that are applied, for example since their ISP does this, or simply as its for some 'company policy'. I would suggest to keep using the -MUNGED, if not, dont be surprised that people will miss your postings...
I wouldn't be surprised if people miss postings *anyway*, regardless of the level of munging we impart on poor spams. As stated earlier (and by others), we don't munge *other* equally damning components of spams, so why munge domains?
- Ryan
Good morning, Ryan,
On Wed, 1 Sep 2004, Ryan Thompson wrote:
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also suggests "It's probably a good idea to use less filtering on your anti-spam mailing list messages, or even to whitelist them". I think
Please remember that discussion of blacklisted domains also happens outside of this mailing list. I've had experiences where my emails to an sa-blacklist contributor about a blacklisted domain got relegated to a spam folder.
The MUNGED is largely unnecessary, takes time to deal with, and (just as it is supposed to) stops automatic URI parsing, and even severely impairs human URI parsing, to the point that I go cross-eyed after spending half an hour reading the finer points on why "someMUNGEDwebsite.com" should be whitelisted.
Then how about a compromise? Instead of someMUNGEDwebsite.com, how about "somewebsite .com". Still completely human readable, but skips past spam filters. A win for everybody?
Oh, by the way, SpamAssassin, at least (and all others that I'm aware of), will not even parse body tokens of the form domain.com or 127.0.0.2
Spamassassin doesn't, but less sophisticated filters may not be so smart. Cheers, - Bill
--------------------------------------------------------------------------- Like the ad says, at 300 dpi you can tell she's wearing a swimsuit. At 600 dpi you can tell it's wet. At 1200 dpi you can tell it's painted on. I suppose at 2400 dpi you can tell if the paint is giving her a rash. (So says Joshua R. Poulson) (Courtesy of Bob Taylor brtaylor@qtpi.lakewood.ca.us) -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
William Stearns wrote to SURBL Discussion list:
Good morning, Ryan,
On Wed, 1 Sep 2004, Ryan Thompson wrote:
I know the SURBL.org FAQ documents the use of "MUNGED" to munge URIs for discussion. Personally, I think it's silly to do that while sending to this list, especially since, in the same heading, SURBL.org also suggests "It's probably a good idea to use less filtering on your anti-spam mailing list messages, or even to whitelist them". I think
Please remember that discussion of blacklisted domains also happens outside of this mailing list. I've had experiences where my emails to an sa-blacklist contributor about a blacklisted domain got relegated to a spam folder.
Agreed. Thus my comment (still quoted) of "it's silly to do that _while sending to this list_". What happens in private email is really up to the sender and recipient, and not within my intended scope of discussion.
Then how about a compromise? Instead of someMUNGEDwebsite.com, how about "somewebsite .com". Still completely human readable, but skips past spam filters. A win for everybody?
I'd rather not have *any* munging on mailing list mail. If you need to munge domains in private correspondence (and I do think *that* is still a good practice), that's really a separate discussion.
Oh, by the way, SpamAssassin, at least (and all others that I'm aware of), will not even parse body tokens of the form domain.com or 127.0.0.2
Spamassassin doesn't, but less sophisticated filters may not be so smart.
Right, and I'll even advocate spending some time to help fix them. :-)
- Ryan
William Stearns wrote:
On Wed, 1 Sep 2004, Ryan Thompson wrote:
Oh, by the way, SpamAssassin, at least (and all others that I'm aware of), will not even parse body tokens of the form domain.com or 127.0.0.2
Spamassassin doesn't, but less sophisticated filters may not be so smart.
Several MUA's in common use take a bare www.example.com/pills.html and make it a "clickable" link.
So how is it being more smart and sophisticated to miss these URIs? :)
ds
On Wednesday, September 1, 2004, 11:49:16 AM, David Sparks wrote:
William Stearns wrote:
On Wed, 1 Sep 2004, Ryan Thompson wrote:
Oh, by the way, SpamAssassin, at least (and all others that I'm aware of), will not even parse body tokens of the form domain.com or 127.0.0.2
Spamassassin doesn't, but less sophisticated filters may not be sosmart.
Several MUA's in common use take a bare www.example.com/pills.html and make it a "clickable" link.
So how is it being more smart and sophisticated to miss these URIs? :)
IIRC SA 3 may treat www.domain.com as a URI. The SA folks probably know if this is the case, or one could check the source code.
However domain.com probably is not treated as a URI.
Jeff C.
On Wednesday, September 1, 2004, 9:30:50 AM, William Stearns wrote:
Then how about a compromise? Instead of someMUNGEDwebsite.com,how about "somewebsite .com". Still completely human readable, but skips past spam filters. A win for everybody?
Actually if we are going to munge, I prefer something really visible. Munging with a space will work, but it might be missed during a copy and paste, for example.
By the way, I believe it's only necessary to munge things that would likely be interpreted as a URI such as www.somedomain.com, http://host.somedomain.com, http://somedomain.com, etc.
Most mail URI parsers probably aren't interpreting raw domains as URIs. Therefore it's probably not necessary to munge plain somedomain.com . That said, behavior of URI parsers may vary.
Jeff C.
On Wed, 1 Sep 2004 12:51:27 -0700, Jeff Chan jeffc@surbl.org wrote:
By the way, I believe it's only necessary to munge things that would likely be interpreted as a URI such as www.somedomain.com, http://host.somedomain.com, http://somedomain.com, etc.
Most mail URI parsers probably aren't interpreting raw domains as URIs. Therefore it's probably not necessary to munge plain somedomain.com . That said, behavior of URI parsers may vary.
gmail does :-)
OK. Good discussion so far! By all means, keep the comments coming. Right now, though, I'd like to formalize my current thinking into two cases:
1. This mailing list traffic ought to be exempt from spam filters, and we ought not to be required to munge domains sent to this mailing list. So, I suggest we send bare domains to this list, without munging.
2. Domains sent via private email may or may not be filtered, so munging may be appropriate. It's up to the sender and the recipient, but the assumption, when policies aren't known in advance, is that one should probably munge domains sent privately.
And, I'd propose the following as a replacement to the text in http://www.surbl.org/faq.html#munge :
<H3><A NAME="munge">How can I mail or receive spam URIs for discussion? </A></H3>
<H4>For Mailing Lists</H4>
<P>When sending domains to <EM>mailing lists</EM> such as the <A HREF="http://lists.surbl.org/mailman/listinfo/discuss">SURBL Discuss list</A>, simply include the domain (or full URI, only if path information is relevant) in your message. <EM>You do not need to munge the domain when posting to these public lists.</EM></P>
<H4>For Private Email</H4>
<P>However, when sending domains via <EM>private email</EM>, it may be necessary to munge the domain to prevent the recipient's filter from hitting your email. Use a simple munging system that preserves the human readability of the domain, while preventing filters from picking up the URI. For example:</P>
<PRE>spamdomain.com-MUNGED</PRE>
<P>Note that the -MUNGED should appear at the end (or the beginning) of the URI, not in the middle, as this makes it difficult to read, and copy/paste the domain.</P>
And, the following addition (possibly condensed) to the Discuss charter:
Since these lists exist, in part, for the discussion and dissection of spam, spammy messages will often be posted. As such, participants are strongly encouraged to prevent any spam filtering of list traffic, to avoid discussions being blocked, or (worse yet) poisoning automatic learning systems.
- Ryan
Good afternoon, Ryan,
On Wed, 1 Sep 2004, Ryan Thompson wrote:
OK. Good discussion so far! By all means, keep the comments coming. Right now, though, I'd like to formalize my current thinking into two cases:
- This mailing list traffic ought to be exempt from spam filters, and we ought not to be required to munge domains sent to this mailing list. So, I suggest we send bare domains to this list, without munging.
I get the impression you're pushing hard for no munging at all to this list. Are you using an automated script to extract domains? If so, how hard would it be to add:
sed -e 's/-MUNGED//'
to the beginning?
<P>However, when sending domains via <EM>private email</EM>, it may be necessary to munge the domain to prevent the recipient's filter from hitting your email. Use a simple munging system that preserves the human readability of the domain, while preventing filters from picking up the URI. For example:</P> <PRE>spamdomain.com-MUNGED</PRE> <P>Note that the -MUNGED should appear at the end (or the beginning) of the URI, not in the middle, as this makes it difficult to read, and copy/paste the domain.</P>
Those may still be caught by other filters. That's the whole point of sticking "-MUNGED" in the middle, or my suggestion of a single space before ".com", which won't affect human readability. What was your opinion of that idea? Perhaps you didn't see the last time I proposed it because my last message ended up in you spam folder. *griiiiiin* Cheers, - Bill
--------------------------------------------------------------------------- "Freedom of the press is limited to those who own one." -- A. J. Liebling -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
William Stearns wrote to SURBL Discussion list:
Hi Bill,
I get the impression you're pushing hard for no munging at all to this list.
"Pushing hard" might be a bit strong, but, yes, I made the suggestion.
Are you using an automated script to extract domains? If so, how hard would it be to add:
sed -e 's/-MUNGED//'
to the beginning?
Nope, I use no automation for this list. For those that feel they *must* munge, it'd be best to at least employ something with readability and copy/paste-friendliness. spam-MUNGEDdomain.com does neither for me. :-)
Actually, I expected a *lot* more apathy on this topic. In truth, *I'm* a lot more apathetic to this than this thread would suggest :-)
<P>Note that the -MUNGED should appear at the end (or the beginning) of the URI, not in the middle, as this makes it difficult to read, and copy/paste the domain.</P>Those may still be caught by other filters. That's the whole point of sticking "-MUNGED" in the middle, or my suggestion of a single space before ".com", which won't affect human readability. What was your opinion of that idea? Perhaps you didn't see the last time I proposed it because my last message ended up in you spam folder. *griiiiiin*
;-) I saw it, but, honestly, I don't really care *how* domains are munged. I'd just rather they not be munged at all for this list. :-)
- Ryan
-
David Sparks -
Doc Schneider -
Jeff Chan -
Mariano Absatz -
Raymond Dijkxhoorn -
Ryan Thompson -
SM -
William Stearns