-----BEGIN PGP SIGNED MESSAGE-----
Steve Bergeon has answered a number of questions that I posed to him, and
I believe his answers. I have removed the block on his site.
I think that it is clear that I had to initially take his action as an
attack until some reasonable alternative were offerred. Going for him was
the fact that there was never any evidence of an attempt to conceal the
source. The incoming mail for example did originate from his properly
Members of this list might be very interested in his stated reason for
his action in light of the recent discussion of exactly this question.
Mass subscribing to lists in an attempt to work out what the envelope
froms look like for bigger and better anti-spam systems will cause panic
among list managers around the world. Also note that many individual list
management tasks are done "manually" by the list managers including the
approval of subscription requests. Trying to gather list information on a
mass basis, no matter how good the cause, this way in general would
cause a tremendous amount of work for listmanagers. I have half a dozen
list managers at Cranfield asking me "who is sbergeon, and why is he
trying to subscribe to ..." So, if people need to gather information
about how different lists provide envelope-froms, this is not the way.
Remember, list subscription, especially for restricted lists, is an
entirely automated processes.
It is true that a number of lists that should be no-advertise for
outside Cranfield are infact advertised. I have been cleaning up those.
As far as I am concerned this is no longer a case of potential abuse.
I know that it seems that I may have over reacted, but two years ago I was
hit by something similar which very much was malicious.
Steve Bergeon <firstname.lastname@example.org> response to a message I sent him
Jeffrey Goldberg +44 (0)1234 750 111 x 2826
Assistant Postmaster Cranfield Computer Centre
Relativism is the triumph of authority over truth, convention over justice.
- ---------- Forwarded message ----------
Date: Sun, 10 Oct 1999 19:21:13 -0500
From: Steve Bergeon <email@example.com>
Subject: Re: Cranfield.ac.uk now blocking mail from encephalon.com
> On Sun, 10 Oct 1999, Steve Bergeon wrote:
> > Sorry for all the ruckus, I was just looking for some lists
> > to sign up for. As list manager, of course it's in your purview
> > to disallow access to me. I just got a little carried away, no
> > nefarious intent.
> Can you please reply (to postmaster) with some more detail.
> (1) Was your subscription scripted or did you manually construct
> and send the necessary subscription messages?
Scripts were used to generate both the initial subscription message
and the reply's with authorization.
> (2) Some of the lists that you attempted to subscribe to were not
> publically advertised/listed. Please describe in detail how you got
> the names of the lists to subscribe to?
They were all publicly available. What was used as input to the scripts
was the output of a 'lists' command to your majordomo. Had I actually
read the list it would have been apparent that many lists were closed.
Again I apologize for that oversight.
> (3) Was Cranfield the only site you did this at or were there others?
> If so, list the others so that I can consult with their mail
> managers. If not, how or why did you pick Cranfield.ac.uk?
> I also have the feeling that your name and address is familiar;
> have we possibly crossed paths before.
There was one other, I have apologized to them as well. They have chosen
to not allow me on restricted lists but have no problem with the rest.
Obviously my mistake was to (yes stupid, and again I apologize) assume
that publicly available lists were for public consumption.
Cranfield was chosen because it showed up on a search result for 'lists'
on either yahoo or excite (I don't remember). If we have crossed paths,
I don't recall. I try not to kick over hornet's nests as a general rule.
> (4) Please explain why when just looking for some lists to subscribe to
> you didn't use the "info" command, but actually subscribed? Your
> search for lists to subscribe to seems indescrimenent. You
> subscribed to lists about usage of particular software at Cranfield
> to lists for students in particular course to lists of participants
> from an on-line conference from a year ago.
Well yes, it was indiscriminate. As I said I just fed the output of the
lists command into a script. My mistake, I apologize.
> I am certainly willing to accept a story involving silly mistakes
> and misunderstandings, but you've got to actually provide me with
> a plausible story, instead of of saying "oops".
If you suspect that I am hostile, clearly you will never accept any explanation
that I could give as it could easily be a fabrication.
> Until I get credible answers to those questions, I will consider your
> activity hostile, and continue the blocking.
As anybody would concede, that is your prerogative.
> Another question
> (5) May I have your permission to quote your message (and our
> exchange on a mailing list managers mailing list where the
> specific incident is being discussed. Note that it is in your
> interest, if innocent, for that to happen, since others are
> discussion blocking your site as well.
Once it is written in an email, there is no reason that you would not
do as you wish with the text. If you feel that some balance can be achieved
by some sort of public camgaign against me, nothing I would do or say
could stop you. I can only keep apologizing...
> > My apologies again for any inconvenience.
> What you have done looks like the prelude to either spamming the lists or
> attempting to harvest list member addresses. It is very hard to imagine a
> benign, even if accidental, purpose. If my imagination is unduely
> limited, then you have to help me out. Your website suggests that you
> are quiet experienced with the Internet, making the likelihood of this
> being a mistake less (but thanks for posting that rc5stats fetch script,
> I've been meaning to write my own for ages!).
There were several goals for this obviously ill considered venture. Mostly
I wanted to amass mail for analysis of both headers and content. To see
what sort, if any, new spam would come with the new lists. To see what
limits procmail had. There are much easier ways to get email addresses.
By the million. At best using this method I could have gotten in the range
of a few hundred.
My mistakes were to be indiscriminate, and to assume that publicly available
lists were in fact available to the public. It was a stupid Saturday night
blunder. Take me off the lists and accept my apologies. If you really want
to take on some kind of crusade against me, well have fun.
> Jeffrey Goldberg +44 (0)1234 750 111 x 2826
> Cranfield Computer Centre FAX 751 814
> J.Goldberg@Cranfield.ac.uk http://WWW.Cranfield.ac.uk/public/cc/cc047/
> Relativism is the triumph of authority over truth, convention over justice.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
-----END PGP SIGNATURE-----