Spams on Bionet

jerikse at bsd.meddean.luc.edu jerikse at bsd.meddean.luc.edu
Sun Jul 13 11:18:00 EST 1997


Actually, one might consider message cancellation by individuals as an
alternative to group moderation, whereby offending messages are
cancelled on the basis of spam criteria and a lack of relevancy;
alternatively, one might simply say "NO ADVERTISING; ADVERTISING WILL
BE CANCELLED.". 

Currently, there are  automated systems which cancel messages based on
the Breidbart Index (a number based on the square root of the number
of the same crossposted message) and cancel on the basis of binary
postings in text groups.

Although Content-Based Cancels (CBCs) cannot be applied to the alt.*
hierarcy, since these are unchartered groups, we most certainly could
apply CBCs in the bionet.* hierarcy.

Cancelling messages is very easy to someone familiar with the RFCs for
NNTP. I will not disclose how that is done here.  I urge that regular
readers of this group strongly consider rewriting the Bionet charter
to include the capacity for Content-Based Cancels according to
strictly defined criteria. Following passage of the charter, a
monitoring committee should be set up whereby:

1. Up to 10 members (who may or may not be formally recognized) for
each bionet group are given the task of looking for spam and off-topic
commercial messages. They are also given the tools to cancel these
messages. Multiple members ensure that the system is redundant; if one
person goes on vacation or does not check in for a few days, the
system still operates. Multiple members also ensures that
cancellations are propagated more quickly through Usenet.

2. Cancelled messages should be archived by the person cancelling the
messages, in case there is a problem with the cancellation the message
may be restored.

Jason Eriksen
 

On 1 Jul 1997 16:42:39 GMT, aiyar at ebv.oncology.wisc.edu (Ashok Aiyar)
wrote:

>On 30 Jun 1997 07:57:04 -0700,
>brett (brett at BORCIM.WUSTL.EDU) wrote:
>>>Moderation is not much by way of a deterrent for spam.  The somewhat
>>>sophisticated spammer will spoof the "Approved-By:" article header,
>>>and for the less technically adept spammer, there are "spam-posting" 
>>>programs that spoof the "Approved-By:" article header to post to moderated 
>>>newsgroups.  The news.* hierarchy was plagued by these last week ....
>>>
>>>Spam is perhaps best combated at the NNTP protocol level - by configuring
>>>servers not to propagate articles that arise in particular domains.
>>
>>I beg to differ. When I moderated virology, we forwarded approved messages to
>>a secret location which only accepted messages from the moderator's machine.
>>Seemed to work pretty well. The problem of using kill files is the need to
>>program your newsreader for all possible spams. I vote for moderation.
>
>Brett,
>
>I am afraid that you do not know how news articles are propagated and
>how newsgroups are distributed.  I strongly suggest you read IETF RFC-977,
>which describes NNTP (network news transfer protocol), and also has a
>nice description of the distributed nature of Usenet.  The rest of this
>message, as well as my previous message will become more clear at that
>time.  There are several sites that one can retrieve RFCs from; one that
>I have used is ftp://ftp.cis.ohio-state.edu/pub/rfc
>
>Newsgroups are not distributed vertically, i.e. every article posted to
>bionet.* does not necessarily start it's distribution at news.bio.net,
>or net.bio.net.  Instead newsgroups are distributed horizontally.  What
>does this mean?  Imagine 4 news servers, A, B, C, and D.  In this message,
>I hypothesize that A & B are peers, as are A & C and B & D.  Note
>that C & D are not defined as peers.
>
>In a peer-to-peer connection, A and B will routinely poll each other. 
>During these "conversations", they will exchange a list of message-ids 
>(msg-ids) for a previously agreed upon newsgroup (or newsgroups).  B 
>will then  retrieve from A those articles who have msg-ids that B does 
>not have. A will likewise retrieve from B those articles that A does 
>not have.  Needless to add every article posted to any server must have
>a unique msg-id; else we would be lost in a mess of duplicated and
>triplicated messages.
>
>At some later point of time, A will undergo the same transaction with
>C, and B will with D, again synchronizing the contents of their newsgroups.
>Thus although C & D never actually talk to each other, this distributed
>process results in C and D having the same articles for those newsgroups
>that are shared between A, B, C and D.
>
>So where and how does moderation fit in?  In moderated newsgroups, every 
>article must be "signed" by a moderator before A, B, C and D will accept 
>posts to that group.  This "signing" simply adds an "Approved-By:" header 
>to the article.  By spoofing this header, I or a potential spammer, can
>easily post an article to any moderated group at servers A, B, C or D.
>Since this article now appears to be "signed", it will be propagated to
>every news server that carries that particular moderated group.
>
>I repeat therefore my earlier contention that moderation is not an answer
>to Usenet spam.  There are filters that can be applied at the level of
>the NNTP server to prevent spam from being posted or propagated through
>that server; indeed there are sites that already do this.  If the news
>admins at your site are accessible to you, I urge you to request them to
>look into blocking NNTP spams.
>
>Cheers,
>Ashok
>-- 
>Ashok Aiyar, Ph.D.
>McArdle Laboratory for Cancer Research
>aiyar at ebv.oncology.wisc.edu




More information about the Methods mailing list