Mailing List Archive: Do these domains merit blocking?

Do these domains merit blocking?

sausers-20150205 at billmail

Dec 15, 2021, 8:39 AM

Post #1 of 10 (1054 views)

There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study.

Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist.

I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence...

A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam?

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: Do these domains merit blocking? [ In reply to ]

ahodgson at lists

Dec 15, 2021, 8:45 AM

Post #2 of 10 (1054 views)

Permalink

On Wed, 2021-12-15 at 11:39 -0500, Bill Cole wrote:
>
> A customer has expressed mild dismay at the concept that a fine
> research institution should be "punished for doing research." I'm
> less attached to Princeton than my NJ-based customer and (having
> worked in a NIH-funded lab) less idolizing of the Ivory Tower in
> general. I have no difficulty explaining my position, but I am
> rather surprised that I need to in 2021. Am I missing something
> special that makes such research spam somehow not spam?

No.

And that's about the stupidest "study" I've ever heard of. It's not
like they're going to get any responses other than "fsck off" (which
is what I added to my header_filters after getting the second one).
It's hard to imagine anyone being that naive in 2021, but here we
are.

Re: Do these domains merit blocking? [ In reply to ]

rob at invaluement

Dec 15, 2021, 8:51 AM

Post #3 of 10 (1054 views)

Permalink

On 12/15/2021 11:39 AM, Bill Cole wrote:
> Am I missing something special that makes such research spam somehow
> not spam?

Everyone thinks that their own unsolicited bulk email - isn't spam. But
a line must be drawn somewhere. In this case, the sender has absolutely
no preexisting relationship to the recipient, and Raymond's statement
about them sending to "scraped addresses" is, imo, devastating to their
case. The closest argument that might have been possible is the idea
that the email might potentially be of more benefit to the recipient
than it is to the sender (e.g., sort of like a notification about a
class action lawsuit) - but I can't find that argument anywhere in this
situation either. But even class action lawsuit notifications are rarely
sent to scraped addresses.

It's on my "to do" list to add those domains as permanent additions to
invaluement's URI/domain bl sometime this week, when I get some more
time. (I'm in the middle of some intense upgrades, so I barely had time
to type this message.)

-- Rob McEwen, invaluement

Re: Do these domains merit blocking? [ In reply to ]

kmcgrail at apache

Dec 15, 2021, 9:17 AM

Post #4 of 10 (1054 views)

Permalink

You can quote me: If the pope itself is sending me the cure to cancer but
he doesn't have my consent then it IS spam and I would block it and
depending on the way the domain manager handles it I would block the domain.

KAM

On Wed, Dec 15, 2021, 11:40 Bill Cole <
sausers-20150205@billmail.scconsult.com> wrote:

> There has recently been a spate of odd spams to harvested addresses asking
> hypothetical questions about domains' privacy practices. It turns out this
> is a grad student enrolling human subjects in a study without informed
> consent... The explanation is at
> https://measurement.cs.princeton.edu/privacystudy/ and there is a list of
> domains there which were created to run this maldesigned study.
>
> Many of the early batch compounded the consent problem with outright
> fraud, claiming to be from people who do not exist.
>
> I am curious about what the SA user world thinks of such domains. My
> personal opinion is that the grad student, his faculty advisors, and his
> IRB should all be forced to find new careers and the domains should have a
> null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus
> DBL have all noticed the domains unflatteringly, which I suppose
> constitutes a more balanced consequence...
>
> A customer has expressed mild dismay at the concept that a fine research
> institution should be "punished for doing research." I'm less attached to
> Princeton than my NJ-based customer and (having worked in a NIH-funded lab)
> less idolizing of the Ivory Tower in general. I have no difficulty
> explaining my position, but I am rather surprised that I need to in 2021.
> Am I missing something special that makes such research spam somehow not
> spam?
>
> --
> Bill Cole
> bill@scconsult.com or billcole@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire
>

Re: Do these domains merit blocking? [ In reply to ]

spork at bway

Dec 15, 2021, 10:24 AM

Post #5 of 10 (1054 views)

Permalink

Does anyone have a sample of one of their emails?

I’m composing a brief nastygram and would like to get my eyes on one before finishing up.

Thanks,

Charles

> On Dec 15, 2021, at 11:39 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>
> There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study.
>
> Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist.
>
> I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence...
>
> A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam?
>
> --
> Bill Cole
> bill@scconsult.com or billcole@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire

Re: Do these domains merit blocking? [ In reply to ]

bert at ulyssis

Dec 15, 2021, 10:53 AM

Post #6 of 10 (1054 views)

Permalink

You can find the email we received from them here
http://paste.debian.net/1223611/ (just the body, idk if anyone also want
headers)

Must admit I thought it was a scam, just because it was its own domain,
out of the blue and as many have mentioned unsolicited.

Bert

On 15/12/2021 19:24, Charles Sprickman wrote:
> Does anyone have a sample of one of their emails?
>
> I’m composing a brief nastygram and would like to get my eyes on one before finishing up.
>
> Thanks,
>
> Charles
>
>> On Dec 15, 2021, at 11:39 AM, Bill Cole <sausers-20150205@billmail.scconsult.com> wrote:
>>
>> There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study.
>>
>> Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist.
>>
>> I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence...
>>
>> A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam?
>>
>> --
>> Bill Cole
>> bill@scconsult.com or billcole@apache.org
>> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
>> Not Currently Available For Hire

Re: Do these domains merit blocking? [ In reply to ]

ahodgson at lists

Dec 15, 2021, 10:55 AM

Post #7 of 10 (1054 views)

Permalink

On Wed, 2021-12-15 at 13:24 -0500, Charles Sprickman wrote:
> Does anyone have a sample of one of their emails?
>
> I’m composing a brief nastygram and would like to get my eyes on
> one before finishing up.
>

I got a couple to an actual human who answered abuse@princeton.edu. I
can forward them privately.

Re: Do these domains merit blocking? [ In reply to ]

ahodgson at lists

Dec 15, 2021, 10:57 AM

Post #8 of 10 (1054 views)

Permalink

On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote:
>
> I got a couple to an actual human who answered
> abuse@princeton.edu.?I can forward them privately.

Let me rephrase that; I complained to abuse@princeton.edu?and
actually heard back from a human, to whom I have since sent copies of
the spam messages.

Re: Do these domains merit blocking? [ In reply to ]

gtaylor at tnetconsulting

Dec 15, 2021, 1:35 PM

Post #9 of 10 (1054 views)

Permalink

On 12/15/21 9:39 AM, Bill Cole wrote:
> There has recently been a spate of odd spams to harvested
> addresses asking hypothetical questions about domains' privacy
> practices. It turns out this is a grad student enrolling human
> subjects in a study without informed consent... The explanation is
> at https://measurement.cs.princeton.edu/privacystudy/ and there is a
> list of domains there which were created to run this maldesigned study.

Insert obligatory $Postmaster...Liberty...Filter...Discression message here.

I've added rejections for policy reasons to systems that I administer.

> A customer has expressed mild dismay at the concept that a fine
> research institution should be "punished for doing research."

I want to support research. But I can't stand research that takes a
cavalier attitude because it's research. To whit I saw some comments on
another mailing list, mailop?, that indicated that the researcher
admitted that s/he was sending the messages and the attitude was "so
what". I feel like the institution needs to be held accountable for this.

This is now (at least) the 2nd mailing list where I've seen this
discussed and engineer hours are being consumed. There are real world
costs to the purported research.

So I say not on the systems that I administer.

--
Grant. . . .
unix || die

Re: Do these domains merit blocking? [ In reply to ]

spork at bway

Dec 16, 2021, 9:48 AM

Post #10 of 10 (1052 views)

Permalink

> On Dec 15, 2021, at 1:57 PM, Alan Hodgson <ahodgson@lists.simkin.ca> wrote:
>
> On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote:
>>
>> I got a couple to an actual human who answered abuse@princeton.edu. I can forward them privately.
>
> Let me rephrase that; I complained to abuse@princeton.edu and actually heard back from a human, to whom I have since sent copies of the spam messages.
>

Well, this was the result of sending to the email address published on their info page…

----------
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<rapt+privacystudy@princeton.edu>: host
mxa-00005701.gslb.pphosted.com[205.220.160.168] said: 550 5.1.1 User
Unknown (in reply to RCPT TO command)
Reporting-MTA: dns; mail.morefoo.com
X-Postfix-Queue-ID: AECB8B0031
X-Postfix-Sender: rfc822; css@sporklab.com
Arrival-Date: Thu, 16 Dec 2021 12:30:27 -0500 (EST)

Final-Recipient: rfc822; rapt+privacystudy@princeton.edu
Original-Recipient: rfc822;rapt+privacystudy@princeton.edu
Action: failed
Status: 5.1.1
Remote-MTA: dns; mxa-00005701.gslb.pphosted.com
Diagnostic-Code: smtp; 550 5.1.1 User Unknown

----------

Mailing List Archive

Mailing List Archive

Attached Files: