Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink

Spam I Am

I cannot help but respond to Bret A. Fausett's article "Blind Vigilantes" (August 2002). In this article, Fausett makes two flawed conclusions that show he has no business administering a mail server on the Internet.

First, Fausett claims that his mail server was not an open relay. However, he goes on to describe how someone halfway around the world was able to relay mail through his server with a very simple header forgery. Does he not even realize that most spam email contains forged headers? The blackhole list maintainers were simply using the same well-known relaying tricks that spammers use, in order to see if they would work. One of them did, and they rightly kept Fausett's mail server on their open-relay list. He claims that "unless you're a user in my domain, you can't use it," yet the list maintainers used it, and they are not users in his domain. Obviously, his server is not properly authenticating users.

Second, Fausett claims that the maintainers of this list have committed some sort of crime by honoring his own request that they scan his mail server. Fausett asked them to test it, and now he wants to sue them simply because they were successful.

Doug Granzow
dig@comcast.net

Sympathy for the Devil

While I am sympathetic to Bret Fausett's plight, unfortunately I agree that his mail server should be blacklisted. I do not know if his column was written before or after the Klez variants appeared that forge email addresses, but that virus in particular appears designed to seek out mail servers configured like Fausett's. I would think that Fausett would be more upset about individuals or organizations knowingly permitting others to transmit viruses using their mail servers—as Lincoln Stein points out in the same issue, he received twenty-seven copies of Klez in one day. The world would be a better place if we did not need locks, but the reality is that we do.

Steve Yates
steve@teamits.com

Firing Line

I'm sorry, but the description of [Bret Fausett's] mail server is an open relay. I'm a professional email administrator who wholeheartedly agrees with your objections to blacklists. Unfortunately, I believe that the technical misunderstandings in Fausett's column help give ammunition to those who claim they are necessary.

John Coleman
john65@pobox.com

Bret Fausett responds:
When it comes to mail administration, it appears I've been several years behind the curve. My mail server software, circa 1996, was purring along quietly, so I never upgraded it to a version capable of a higher degree of authentication. I'm also old enough to remember when an "open relay" was a relay intentionally left open, not one merely susceptible to misuse. Thanks to all of the readers who wrote to bring me into the new millennium. Both my software and my definition are now upgraded.

At the same time, I labeled the blackhole list operators "vigilantes" for good reason. It was always my understanding that if you lie about your identity to gain access to something that would be closed to you if you told the truth, you've done something wrong. That's true whether you intend to send spam or prevent it. As vile as spam is, the ends don't justify the means. Regardless of whether my mail server used to be "open" or not, I stand by my analysis that placed legal responsibility on the blackhole operators who forged their identity.

Your Own Worst Enemy

I find Lincoln Stein's search for the perfect email spam filter ("A Tidal Wave of Spam," August 2002) to be quite daunting. You may want to warn readers against giving their email address to potential spam-blocking vendors. None of my users ever reported a problem with spam until I went to a vendor show a few weeks ago. I met with a few spam-blocking vendors and gave them my card. On cue, we got hit left and right with some of the worst porn offers out there. A coincidence? Maybe—or maybe not.

Scott Gutauckis
sgutauckis@hollyhillfl.org

GoLive Going Nowhere?

When you write a review of a GUI Web design tool ("Central Hub for Design Assets," August 2002), the first question you should answer is, "Does this tool create sites that are standards-compliant?" If the answer is no, the review should end right there. Does GoLive generate valid HTML, CSS, and JavaScript? No? Then it doesn't do the job it's supposed to do. Period.

Brandon Blackmoor
blackmoor@blackgate.net

Richard Koman responds:
While GoLive does introduce "nonstandard" attributes, I didn't find that they impacted browser performance at all. The use of custom tags and attributes is standard operating procedure for tools trying to tackle the problems of maintaining "standard" HTML, CSS, or JavaScript. Because I did not find that GoLive breaks the standards, but merely adds its own helper tags, I don't have a problem with it. But it would be nice, I grant you, to have an option to output pure HTML.

Comments? Email editors@newarchitectmag.com.

RELATED ARTICLES Code Signing in Adobe AIR Dr. Dobb's Agile Newsletter 08/08 Browser Extension Thwarts Internet Eavesdropping CUDA 2.0 Released Coverity Intros Software Readiness Manager for Java		TOP 5 ARTICLES No Top Articles.