james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Bruno.Mell...@nokia.com>
Subject RE: Contributing a mailet
Date Tue, 03 Feb 2004 22:16:05 GMT
Stefano,  I found your questions quite thought-provoking.  Would you
mind answering a couple of questions?

1) I feel that no other solution other than pure whitelisting will work
in the long run.  I have had my personal email address for many years
and there are days when I receive over 1000 spams per day.  I am
currently using several public blacklists and SpamAssassin set at its
most aggressive setting, which worked for years until a few months ago,
but now spammers are getting very smart about bypassing normal anti-spam
tools.  What alternative would you propose to whitelist-only email?

2) I know that creating a new "reply" email directed to the "from" or
"reply-to" address can be abused for relaying.    But wouldn't a reject
of the incoming SMTP transaction itself (with an appropriate error
message) go back ONLY to the real sender?  The point is that if somebody
isn't willing to go through some necessary hassle the first (and only
the first) time he sends email to me, then that person is not someone I
want to hear from - EVER.  I am assuming that the mailet API is called
-->before<-- the transaction is complete.  And of course, there are
situations, like when joining a mailing list, where whitelisting would
have to be done in advance by the recipient.  But please correct me if I
am wrong.

BTW, OT, I hope you manage to avoid software patents in Europe.  Here in
the US they are already being used to kill many open source projects.
RedHat is already leaving key functionality out to avoid lawsuits (like
MP3 playing and other capabilities) and the cacerts.org site was down
for months because of a patent issue (but they eventually returned).


-----Original Message-----
From: ext Stefano Mazzocchi [mailto:stefano@apache.org]
Sent: Monday, February 02, 2004 5:48 PM
To: James Developers List
Subject: Re: Contributing a mailet

On 2 Feb 2004, at 11:44, <Bruno.Melloni@nokia.com> wrote:

> Noel,
> Could you please tell me whether you are replying as a 
> "representative" of the James project, or as a fellow contributor that

> knows the answers?

> Also, I did not see anywhere in the James site a list of contributed 
> mailets... kind of strange considering that mailets are supposed to be

> the "main purpose" of James.  I probably missed it.  Can you point me 
> to the right URL?

I don't think there is a repository for mailets just yet.

> In reply to your questions:
> a)
> I'll preface that the mailet I am implementing is not for everyone.  I

> expect that 10% of administrators will find it too restrictive, while 
> the rest will probably find it ideal.
> The mailet will reject all email from sources that were not 
> preapproved in a whitelist.  Associated tools will handle managing of 
> the list and allow new HUMAN senders to request addition to the list 
> in a manner that is not annoying to the receiving user.

Whitelist are evil! I receive tons of those "are you really you?" 
emails because those bastard warms forge the email address.

Do you realize that by creating a whitelist you are, in fact, becoming 
a spammer yourself?

> c)
> I have read the ASF license and related info (or as much as I could 
> understand), and it seems acceptable since my primary goal is to end 
> spam once and for all,

with whitelists? please

> but I'd like you to clarify a couple of points:
> 1. Will I be able to keep credit as the author of the mailet?  If so, 
> how?

with the @author tag in javadocs.

> 2. If this anti-spam measure is as successful as I expect it to be, I 
> fear that the spammers of the world will try anything to kill it and 
> the Microsofts of the world will try to steal it.

And you think that a software license would stop a corporation from 
taking one of their programmers and reimplement the software you wrote?

What you are looking for is called "software patent". You can't get one 
in europe (yet)... or you can apply for one in the US. It's very 
expensive and takes years. By that time, the spam problem will have 
been solved by somebody else anyway.

> Because of it I have been sitting on this design for 3 years.

[paint puzzled look on my face]

> Is it true that the Apache Software Foundation provides free legal 
> defense for its contributors if they are sued as a consequence of a 
> contribution?

This never happened in the past, but yes, you cannot be sued if you 
contribute the code to the foundation because the foundation is the 
owner and not you. But keep in mind that this only works if you did 
nothing illegal. If the foundation finds out that you did something 
illegal, you are on your own.

> If it is not, I will not be able to contribute it and will have to go 
> make it commercial just to make enough money to defend myself.



View raw message