From: Russ Allbery (rra@stanford.edu)
Date: Sun Sep 10 2000 - 04:48:46 CDT
Charles Lindsey <chl@clw.cs.man.ac.uk> writes:
> Russ Allbery <rra@stanford.edu> writes:
>> Some folks are currently including cookies that aren't actually IP
>> addresses or hostnames but that serve the same filtering purpose in
>> their NNTP-Posting-Host headers. I don't have any problems with that;
>> it means they still fulfill the same purpose. But with a stricter
>> definition of what goes where, I'm worried those people will just not
>> put a posting-host attribute in Injector-Info, thus making it much
>> harder to filter their posts and requiring special-casing.
> Can you give me an example of such a cookie? Do they have the syntactic
> form of an FQDN or an IP address?
Sure. From my current dynamic spam filter, here's an excellent example:
NNTP-Posting-Host: !^n=[1k-Y6Rq8'HG]aa3EF<4_ (Encoded at Airnews!)
Mindspring uses hex IP addresses (long story). I think Barry's currently
experimenting with an encoded token for the hostname portion of what looks
like a domain address. Some of them look like FQDNs and some of them
don't.
> Presumably the intention of filtering of NNTP-Posting-Host is to reject
> everything fome some named site (or class of sites). Is that correct, or
> can the filtering do more than that?
That's not correct.
The purpose of most NNTP-Posting-Host filtering is to dynamically adjust
to and start rejecting spam. The way this is done is by using rate
limiting on particular NNTP-Posting-Host content, generally combined with
the number of lines in the article to not get false positives from
off-line readers and similar bursts of posting.
> And presumably, if you are trying to filter out a particular site, you
> will first observe what that site's injector currently put in,
No, it's done automatically by the spam filter without any human
observation.
-- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>