Re the obnoxious Tempting Tearouts spam

Kurt Cockrum kurt at grogatch.seaslug.org
Mon Feb 10 11:03:21 PST 1997 

jj said:
>I am generally inclined towards Kurt's response to spam (returning it 
>with a complaint to the user's postmaster and/or root).  However, an 
>important caveat:  it is possible to spoof the return address.  You would 
>not want to be sucked into mail bombing an innocent party, would you? [...]
>[...]

Sending mail back to the addresses indicated in the header of received
mail is not mail-bombing.  If we desist from action based on the assumption
that the header is lying to us, then when, if ever, do we know if the
header is telling us the truth?  Best to *assume* (in all innocence) the
header is correct (keep the saved message if necessary) and to proceed
on that assumption.

It should never be unethical to *reply* to mail in one's mailbox,
or to protest to apparent senders.  If it *is*, it's a sign that
the operant ethical system is *broken* and maybe needs to be replaced
by one that serves the user better.  In other words, the recipient
of unsolicited e-mail deserves the same presumption of innocence as
the possibly-spoofed sender, and by replying in the manner I've previously
described, that presumption should not go away.
I don't believe that mail recipients have a duty to determine the
authenticity of reply addresses, in the absence of tools that can
reliably do so.  Users shouldn't be blamed for defects of the system.

Moreover, we aren't talking about random spewage from
some anonymous mail-server or random vandal; these are advertising
messages that, for them to work, and do the originator some good, require
an accurate address to respond to, whether snailmail, e-mail, or phone.
It's a *business* doing this, and they can't conduct a business without
leaving tracks.  So it's fair to assume that the reply addresses in
a piece of unsolicited e-mail are authentic.

Be aware that often there is embedded in the header IP addresses that can
provide clues that point to the miscreant, provided one has access to
the right tools.  This is determined not only by the originating site,
but the sites the originator connects to.  So to achieve complete spoofing
requires the *collusion* of multiple sites, not simply an ambitious
root-entrepreneur (AFAIK).

It should be remembered that while "2 wrongs may not make a right",
in a certain absolutist sense, the difference between the pair
and the singleton can be made arbitrarily small, below the threshold of
perception.

Lastly,  for the aesthete, poetic justice is far more satisfying
than absolute justice, which, after all, is only the workings of a rather
crudely designed juggernaut with humans as its parts, lacking all artistic
merit, designed *not* to dispense "justice" but to maintain conditions of
sufficient harmony as not to threaten the existing power structure, the
maintainers of the "justice machine".  Do pay attention to the man behind
the curtain.

Enough philosophy for the day... :)
--kurt
* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
END

More information about the scn mailing list