Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FairUCE - the Smart Email Proxy

michael posted more than 9 years ago | from the can't-hurt dept.

Spam 333

Jestrzcap writes "This just posted on Freshmeat: FairUCE (which stands for 'Fair use of Unsolicited Commercial Email') is an SMTP proxy, running between multiple instances of Postfix, that verifies email by attempting to verify the sender through lookups (a user customized challenge/response). It claims to be able to 'stop a vast majority of spam' without the need for content filters, and 'virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look-ups and a couple of if/then statements'."

cancel ×

333 comments

Sorry! There are no comments related to the filter you selected.

(Can't You) Troll Like I Do (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11000248)

I've got the understanding of a four year old
I've got the piece of mind of a killer's soul
I've got the rationale of a New York cop
I've got the patience of a chopping block

I've got the accumen of a seasoned pro
I've got the legacy of a billion souls
I've got the world down my back, but I don't seem to care
I've got the comprehension of a world unaware

Can't you troll like I do?

Laid out on my back, I can't sleep 'cause I'm slumming
Eyes in my teeth, I can't see 'cause I'm eating
Head full of noise, I can't think 'cause it's crushing
Back on my feet, like a freight train I'm cumming

Re:(Can't You) Troll Like I Do (0)

Anonymous Coward | more than 9 years ago | (#11000300)

I liked the Puffy one better.

Re:(Can't You) Troll Like I Do (0)

Anonymous Coward | more than 9 years ago | (#11000419)

BLASPHEMER!!!

At last - a technological solution to spam! (4, Funny)

Anonymous Coward | more than 9 years ago | (#11000249)

No way will the spammers ever find a way around this. It's solid!

Re:At last - a technological solution to spam! (3, Funny)

Anonymous Coward | more than 9 years ago | (#11000306)

No way will the spammers ever find a way around this. It's solid!

I agree .. this will be the death of spam for sure. Hurrah!

That said, I'm selling herbal viagra if anyone's interested.

Re:At last - a technological solution to spam! (2, Funny)

Yaztromo (655250) | more than 9 years ago | (#11000551)

That said, I'm selling herbal viagra if anyone's interested.

Which reminds me -- your new shipment of grass clippings and barber hair is ready for delivery.

Yaz.

Re:At last - a technological solution to spam! (1, Funny)

Anonymous Coward | more than 9 years ago | (#11000653)

As solid as snail mail! I never get any -

wait, sorry.

CR sucks (1)

Spruce Moose (1857) | more than 9 years ago | (#11000251)

Great - another crappy C/R system. Written in Java, no less.

Re:CR sucks (0)

Anonymous Coward | more than 9 years ago | (#11000261)

I still think that someone should make a cross-platform langauge similar to Java that can be compiled and call it Bawls.

Re:CR sucks (0)

Anonymous Coward | more than 9 years ago | (#11000491)

there already is one, it's called ANSI-C

Re:CR sucks (0)

Anonymous Coward | more than 9 years ago | (#11000519)

Surely you jest. C is about as much like Java as Jack Daniels is to Odouls.

Re:CR sucks (0)

Anonymous Coward | more than 9 years ago | (#11000309)

Anus cheeses. Yummy.

Oh crap.... (5, Interesting)

Justice8096 (673052) | more than 9 years ago | (#11000255)

I've already had problems getting email from my government coworkers with spam validators like this. The military really doesn't like broadcasting who their email servers are... So they regularly get sent to Junk Mail.

Re:Oh crap.... (0)

Anonymous Coward | more than 9 years ago | (#11000268)

Just imagine how people working for the Korean government must feel.

Re:Oh crap.... (0, Troll)

gardyloo (512791) | more than 9 years ago | (#11000343)

Just imagine how people working for the Korean government must feel.

So ronery...

Re:Oh crap.... (0)

Anonymous Coward | more than 9 years ago | (#11000359)

Probably pretty old.

Re:Oh crap.... (1)

kayen_telva (676872) | more than 9 years ago | (#11000295)

your email client is smart enough not to filter people in your contact list.....right ?

Re:Oh crap.... (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11000318)

Filtering doesn't belong in the client. That's always been an ugly hack.

Re:Oh crap.... (3, Insightful)

samael (12612) | more than 9 years ago | (#11000660)

Depends what filtering we're talking about. Filtering of viruses and definite spam belong on the server. But when a lot of spam is 'possibles' then I want it filtered as close to me as possible so that I can check myself.

If nothing else I've had friends forward me particularly amusing spam in the past...

Re:Oh crap.... (0)

Anonymous Coward | more than 9 years ago | (#11000391)

because we're all psychic and can predict who's going to send us email? or is there some place to download a complete list of all non-spammers to put in my contact list?

Re:Oh crap.... (0)

Anonymous Coward | more than 9 years ago | (#11000386)

surely the government will come up with a solution .. setting up a special server etc.

Italics!! (0, Offtopic)

linolium (713219) | more than 9 years ago | (#11000265)

You might want to close the italics tag in the post so that the rest of the page doesn't become italic...

Re:Italics!! (4, Funny)

Anonymous Coward | more than 9 years ago | (#11000275)

No kidding, I hate people with slanted views.

forward and reverse (5, Interesting)

gonaddespammed.com (550312) | more than 9 years ago | (#11000266)

If MTA's on the Internet required the forward and reverse DNS lookups to match ~70% of spam (and viruses) would disappear. This requires ISP's to correcty configure their DNS, which unfortunately doesn't happen because people are lazy.

Re:forward and reverse (1)

shufler (262955) | more than 9 years ago | (#11000366)

It would if such a system became standard.

Re:forward and reverse (3, Insightful)

NuclearDog (775495) | more than 9 years ago | (#11000369)

Most ISPs have reverse dns set up already for all their IPs, eg in my case mapping 10.123.123.123 to static10-123-123-123.reverse.myisp.ca, and the A record for that host is the IP 10.123.123.123. Could the virus/spam server/etc not tell the remote mail server it is "static10-123-123-123.reverse.myisp.ca" then?

The remote mail server would find that the host points to 10.123.123.123, which reverses back to... the given hostname!

ND

Re:forward and reverse (1)

tonsofpcs (687961) | more than 9 years ago | (#11000379)

Mine does this to, but reverse DNS doesn't always return back properly, don't ask me why, it just doesn't (maybe its only configured properly for some IPs).

Re:forward and reverse (3, Funny)

Skapare (16644) | more than 9 years ago | (#11000538)

I have a generally very high success rate for reverse DNS lookups ... at least where reverse DNS is actually set up. But there is an occiasional ISP that has such poor service that DNS lookups often fail. And I've even seen ISPs that, for some reason, only have random selections of their IP space set up with reverse DNS (out of a block of 32 there might be 25 with reverse DNS and repeated queries show consistency). One fundamental problem is ISPs hiring the bottom of the barrel in tech talent, especially at the manager level.

Re:forward and reverse (1)

tonsofpcs (687961) | more than 9 years ago | (#11000607)

That's what happens when cable companies think that the people who are installing their coax have the training and expertise as needed to operate Cisco switches and the like.

Re:forward and reverse (3, Insightful)

deranged unix nut (20524) | more than 9 years ago | (#11000374)

Most ISPs won't delegate reverse DNS lookups to their small (8 IP block) DSL customers. I would happily do reverse DNS if my ISP let me. Unfortunately, most people think that reverse DNS is either dead or not-needed so they normally don't even think about using it.

I'd rather see the MTAs all do PKI to authenticate eachother, only issue certs to those that sign non-UCE agreements, and revoke certs when servers start breaking the non-UCE agreements. If a cert issuer starts issuing a large number of certs to MTAs that start sending UCE, revoke the cert of the issuer.

Re:forward and reverse (2)

metlin (258108) | more than 9 years ago | (#11000495)

<Shameless plug>

You mean, something like this [highbrew.com] ?

</Shameless plug>

Re:forward and reverse (0)

Anonymous Coward | more than 9 years ago | (#11000514)

aww man I thought you were going to be offering an ISP that offered cheap DSL and let you control the DNS.

Re:forward and reverse (1)

Skapare (16644) | more than 9 years ago | (#11000528)

Reverse DNS should be a part of the service included with statically assigned IP addresses. Any provider doing any less is providing shoddy service. Reverse DNS is not dead. But being that it is based on a domain name system where spammers own tens of thousands of throw-away domains, it is getting to be of less value.

Re:forward and reverse (1)

pcmanjon (735165) | more than 9 years ago | (#11000670)

I have reverse DNS completley configured on my linux server, but when someones does a reverse lookup to my IP, nothing happens.

I'm using ADSL and its configured on a linux machine.

Don't know why... perhaps the ISP has it set up that way -sigh-

Re:forward and reverse (1)

Peter McC (24534) | more than 9 years ago | (#11000448)

How about it doesn't happen because it breaks completely when you have virtual hosting? When it comes to email, reverse DNS is a useful tool for discovering who's hosting someone's domain, and not much else.

Re:forward and reverse (5, Informative)

Skapare (16644) | more than 9 years ago | (#11000517)

The reverse DNS for email is NOT for determining a match between the sender email address domain, and the server itself. All that needs to match is the hostname of the mail server itself, thus identifying who administers it (not necessarily who gets to use it). If the ISP administers the mail server, then the hostname in the PTR record of the appropriate in-addr.arpa zone will be a unique name in an ISP domain. The forward lookup then prevents forged PTR records by making sure the domain owner acknowledges that name belongs to that IP address.

While most ISPs do have reverse DNS on their mail servers, when you focus on just the servers that spam houses run from, this changes over to most do not. But what would really happen if everyone blocked on lack of matching rDNS is that the spammers would adapt and use it. Then we'd know what domain they are using. But many of them are now registering bulk volumes of domain names (if you're making a million dollars a month abusing other people's networks, registering 100 randomly generated domains a month is just a tiny cost of business).

Re:forward and reverse (2, Interesting)

Anonymous Coward | more than 9 years ago | (#11000539)

required the forward and reverse DNS lookups to match

They can't in many cases - I work at company that has several website that send reminder emails for different free services. There are 8 different domain names that share 5 machines.

Each machine in the load balanced group of 5 can send out emails for any of the services.

If you have a bunch of services, cnamed to IP's the reverse lookup cannot guess which of the cnames you want to have returned to make you feel good about the fact that these are the same machines/owners/domains/groups/people.

A good example might be someone like friendfinder.com, they have "adultfriendfinder.com", alt.com and bigchurch.com they serve 10's of millions of hits per day to their various sites send millions of emails per month (at least). If their load balanced machines have multiple cnames/ips etc. people might find that their squeaky clean blue state church singles site emails are coming from a machine that has a reverse lookup of adultfriendfinder.com or worse alt.com - OMG!

Real Life Example
My aff emails come from ef154.friendfinderinc.com but the IP (216.34.38.114) reverses to e114.friendfinder.com. Again OMG, that isn't the same domain as the From address claims - team@adultfriendfinder.com - so they are lieing! It is a forgery! and the machine is lieing about who it really is, is it ef154.friendfinderinc.com or e114.friendfinder.com. ?

Three different domains for the From, HELO, and reverse lookup and yet as a human I can see they are legit and related - but a program would not be able to discern that. Reverse lookups muddy the waters more often than not.

Will it be better than milter-sender? (4, Informative)

Matt Perry (793115) | more than 9 years ago | (#11000273)

FairUCE looks interesting but I'd be curious if it'd do a better job than milter-sender [milter.info] . About a year ago, before I installed milter-sender, I was receiving about 200-300 spams per day. Since installing milter-sender in March 2004 and adding the spamhaus SBL-XBL checks to sendmail, I've received (checking spam mbox) 1568 spam messages.

Re:Will it be better than milter-sender? (1)

somethinghollow (530478) | more than 9 years ago | (#11000326)

Why is it that mobile phone numbers seem less expendable to me than e-mail addresses. My past habits have been: If I get enough spam that it BOTHERS me, then change my e-mail. This is really easy since I have a web host that allows plenty of pop3 e-mail addresses (esp. if it has "vacation auto-responses" built in). I think only one person in my history has complained about my almost-yearly e-mail addy changes. I think if I were getting over a grand of spam, I'd just kill that e-mail addy and get a new one...

Re:Will it be better than milter-sender? (1)

rabbit994 (686936) | more than 9 years ago | (#11000377)

Cool, I'll change my email. Good idea, let me notify people everyone, I'm sure I'll miss someone but who cares? Changing Email isn't a solution, spam filtering shouldn't have to be a solution (but I do it anyways) How this, I didn't ask for the email, and you shouldn't be sending it to me and 16000000 other people who didn't ask for it either.

Re:Will it be better than milter-sender? (2, Insightful)

Matt Perry (793115) | more than 9 years ago | (#11000431)

I've been using the same email address since 1996 and I'd like to keep using it. Not every one wants to change their primary email address to avoid spam.

Re:Will it be better than milter-sender? (1)

kinema (630983) | more than 9 years ago | (#11000420)

I've been thinking about adding RBL filtering to my personal mail server for some time now. What do you think of Spamhaus' SBL-XBL? Do you use any other lists?

Re:Will it be better than milter-sender? (2, Informative)

Matt Perry (793115) | more than 9 years ago | (#11000470)

SBL-XBL is great. It blocks a lot of stuff. In the last serveral months I added the follow which have also helped:

relays.ordb.org - http://www.ordb.org/ [ordb.org]
combined.njabl.org - http://www.njabl.org/ [njabl.org]
list.dsbl.org - http://dsbl.org [dsbl.org]

I also added ClamAV [clamav.net] with the clamav-milter. That's eliminated all of the viruses that I used to get, although it does nothing for the virus warning messages I get from poorly administrated mail servers out there. Before I added ClamAV I was using the Virus Snaggers [spamless.us] procmail package which was great at catching a lot of that stuff.

BTW, I use this procmail rule to catch all of the DSNs I get and stuff them in a mbox rather than having them clutter my inbox. I didn't write this and I forget who did. I think I got it from a post here on Slashdot sometime in the last year. To whoever wrote this, thanks.

# This recipe catches most DSNs
:0HB
* -1^0
* 1^0 ^FROM_MAILER
* 1^0 ^Status: 4.2.0
* 1^0 ^Status: 4.4.1
* 1^0 ^Status: 4.4.2
* 1^0 ^Status: 4.4.6
* 1^0 ^Status: 4.4.7
* 1^0 ^Status: 5.0.0
* 1^0 ^Status: 5.1.1
* 1^0 ^Status: 5.1.2
* 1^0 ^Status: 5.1.6
* 1^0 ^Status: 5.2.1
* 1^0 ^Status: 5.2.2
* 1^0 ^Status: 5.2.3
* 1^0 ^Status: 5.3.5
* 1^0 ^Status: 5.4.7
* 1^0 ^Status: 5.5.0
* 1^0 ^Status: 5.7.1
* 1^0 ^554 5.0.0 Service unavailable .*
* 1^0 ^Remote host said: 550.*User unknown
* 1^0 ^Remote host said: 554.*doesn't have a yahoo.com account.*
* 1^0 ^User.*not listed in public Name & Address Book
* 1^0 ^Sorry, no mailbox here by that name.
* 1^0 ^<.*>: Unkown user:
* 1^0 ^User mailbox exceeds allowed size:
* 1^0 ^.*No matches to nameserver query
* 1^0 ^A message that you sent could not be delivered
* 1^0 ^.*550 unknown user
* 1^0 ^This is a permanent error; I've given up.
* 1^0 ^The user(s) account is temporarily over quota.
* 1^0 ^Receiver not found:.*
* 1^0 ^Requested action not taken: mailbox unavailable.
* 1^0 ^--AOL Postmaster
* 1^0 ^I'm sorry to have to inform you that the message returned
* 1^0 ^550 5.1.1 <.*>... User unknown
* 1^0 ^550 <.*>\.\.\. User unknown
* 1^0 ^Subject:.*failure notice
* 1^0 ^did not reach the following recipient\(s\):
* 1^0 ^The following recipient(s) could not be reached:
* 1^0 ^.*550 Mailbox quota exceeded
* 1^0 ^.*550 Access Denied
* 1^0 ^550 5.0.0.*Can't create output
* 1^0 ^.*There is no such addressee as
* 1^0 ^Mail Delivery Failed... User unknown
daemon-msgs

in theory.. (1)

wcitechnologies (836709) | more than 9 years ago | (#11000277)

Conceptually it sounds great...

But, spammers will find a way around this. Also, I'd like to know, how much bandwidth does this use? It sounds to me like it'd take a lot.

Re:in theory.. (1)

bryan986 (833912) | more than 9 years ago | (#11000501)

Robots to send the messages, then robots to respond to the challenges, haha!

Pyrrhic Victory? (4, Interesting)

Jaysyn (203771) | more than 9 years ago | (#11000286)

Doesn't this just create more traffic?

Jaysyn

Re:Pyrrhic Victory? (0)

Anonymous Coward | more than 9 years ago | (#11000320)

No.
That would be the spam's job.

Re:Pyrrhic Victory? (0)

Anonymous Coward | more than 9 years ago | (#11000399)

Less traffic than DOSing the spammers, imho...

Re:Pyrrhic Victory? (1)

samael (12612) | more than 9 years ago | (#11000665)

In these days of huge video downloads and P2P music sharing, email is _not_ that big a deal, traffic wise.

Receiving 250 spams a day, on the other hand, is.

Need an end-user version (3, Insightful)

RevJim (564784) | more than 9 years ago | (#11000290)

"End-users cannot install FairUCE at this time; end-users, please direct your mail administrator to this page."

Even though this is an interesting new tool, most e-mail users are tied to whatever backend their ISP supplies, which is a shame... Someone should whip up an end-user desktop version.

Can't wait to get my hands on a copy of the server version though...

Challenge Response Spam (4, Interesting)

SnowZero (92219) | more than 9 years ago | (#11000291)

One problem with challenge response is that Spammers not only send me spam, but send spam purportedly sent by me. I regularly get error messages about mail that could not be delivered. Now I'll get loads of challenge messages instead.

Of course if my MTA signed my messages with a random key, and the challenge message sent the key back, my MTA could filter out anything I didn't actually send. Unfortunately that requires coordination which the various email/spam task groups do not seem to be capable of.

Re:Challenge Response Spam (0)

Anonymous Coward | more than 9 years ago | (#11000368)

That's where SPF comes in. If you set SPF records for your domains, you give other MTAs a chance to decide the mail doesn't come from you.

Note I said 'SPF', not 'Sender-ID', maybe it will save some negative comments.

Re:Challenge Response Spam (5, Insightful)

fyngyrz (762201) | more than 9 years ago | (#11000408)

One problem with challenge response is that Spammers not only send me spam, but send spam purportedly sent by me.

This is very common - and not just with a real users address. I have seen thousands of "bounce" messages come to the various domains I own as spammers use the domain prefixed by various random bogus names at whateverdomainitis.com.

Luckily (for us, anyway) we've now got the proper software written and configured to keep this crap from ever hitting a mailbox we own; however, a more serious problem here is the "do-gooder" problem.

It goes like this. Joe Spammer decides to use several_thousand_names@mydomainname.com as his assumed identity. A do-gooder site gets reports of that mydomainname.com is "sending" this spam to, oh, say a zillion people. They promptly "blacklist" my domain -- from whence, I hasten to point out, no spam has ever been, or will ever be, sent. However, my domain is a valid domain that I depend upon to make my living. Various ISP's, through a compounding of stupidity (but still with the intent to "do good"), promptly bounce our valid emails, because the do-gooders site says we are spammers.

The end result is that because some spammer out on the net has used our domain name, we, not the spammer, are penalized and in a real financial sense.

In the meantime, the spammer, who like any competent spammer watches the do-gooder's sites very carefully, notices that my domain is banned, and promptly switches to a new domain. Meanwhile, I can't send mail to my customers. Meanwhile, I get thousands of "bounce" messages that have to be handled by some layer of software or, Darwin forbid, by one of the legitimate users at my site. Random netizens out there have been temporarily "protected" from (typically) one spam email per email address they have, while our customers are cut off at the knees, as are we.

So what the do-gooder has accomplished is to cause the spammer to take another domain (probably from an automated list, no sweat off the spammer's brow whatsoever) and the do-gooder has hurt a legitimate net citizen who never spams.

Everybody's trying to do good here except the spammer. The do-gooder and the ISPs using the do-gooder list hurt our end users by blocking mail they should be getting; they hurt us by screwing up our commications channel to our customer base; but -- they don't hurt the spammer one flipping bit, and they do no permanent good for the average netizen who gets one of these spams. The spammer just restarts his list at the break point and begins with a new domain; the end user, after a short delay, gets a new spam with a new domain name, and the temporary respite for them is over -- and the net result of the do-gooder's blacklist is no good whatesoever has been done. Some users will get two spams if the spammer restarts the list back a little to make sure he doesn't miss anyone. Great, eh?

Obviously, do gooder blacklisting doesn't work, and cannot work. Mostly, it causes harm to legitimate parties.

IMHO, if Internet mail is going to be unregulated, then it needs to be just that -- unregulated. If spammers are going to be fined and/or jailed, then the govt(s) need/s to get the heck after it (and probably needs to close the international email borders to any non-co-operative country so that such a thing is possible.) The latter seems far too severe; the former is being degraded by do-gooders and the people they confuse into accepting their services in an area they should have no absolutely authority in to a degree that should be unacceptable to any thinking person.

The only good solution to spam I know of is to use whitelists and web submission entry gateways. If someone is on your whitelist, you get email from them. If someone is not on your whitelist, they get an auto-reply email telling them to mail you via a form on a website. The form, which has to be hand-filled out, mails you at a whitelisted address that is not public. If you deem the mail worthy of your attention, you whitelist the sender (with one mouseclick, at least that's the way we do it) and proceed with whatever communications you find worth your while. On the other hand, if the sender does not find it worth their time to fill out your form, you're probably better off without them anyway.

It would be very easy for an ISP to provide this kind of bulletproofing for any user. I wish they did. Maybe the do gooders would go back home and write seat belt laws or helmet laws or no oral sex laws or whatever it is they do when they're not screwing up the Internet.

Re:Challenge Response Spam (5, Interesting)

farnz (625056) | more than 9 years ago | (#11000516)

I'd be interested to know which blacklists are by domain, not by sending IP address; I find that SpamAssassin's use of SPEWS and Spamhaus blacklists is enough to catch virtually all the spam I get, and both of those blacklists are done via sender IP, not by domain name.

So, I'd disagree with your conclusion that blacklisting doesn't work; if a spammer can use one of your IP addresses to spam, then you need to fix up your system to be more secure. A quick browse of mail logs will show any unexpected outgoing e-mail, and you can always feed your mailserver IP to spews.org and see if they list you (they're one of the most aggressive listing places).

If it's not coming from one of your IP addresses, then it doesn't affect mail sent from your domain, only from the spammer's IP addresses. Hence there is no fallout on you unless I use an aggressive list like SPEWS, and you are being blocked because your ISP hosts spammers himself.

Re:Challenge Response Spam (1)

Trepalium (109107) | more than 9 years ago | (#11000635)

There are some URI domain blacklists [surbl.org] that cover URIs that often appear in spam messages, but that's a little different. Symantec Mail Security for Microsoft Exchange's spam filtering consisted of several blacklisted words, and blacklists from any mail from @hotmail.com, @yahoo, etc. This may have changed in later versions, however. The snakeoil anti-spam systems many vendors release has got to be the worst, though.

Re:Challenge Response Spam (0)

Anonymous Coward | more than 9 years ago | (#11000563)

The problem with the challenge/response/whitelist is this.

If you buy goods on-line, you can not always be certain what domain/email address order and shipping confirmations will come from. You might place an order on a website called www-company.com, only to have emails confirming/querying your order coming from company-international.com (or some other annoying variation). I will have added company.com to my whitelist when I ordered, I won't have the random new domain that they have used on my whitelist.

There emails typically come from an automated system, so any challenge response will fall on deaf ears.

This problem is what stops me from implementing anything that replies on challenge/response.

I know this new system only uses challenge/response as a fall back, but missing just one "your credit card payment has failed" message is just too much of a pain to allow me to rely on a system like this.

I just don't know (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11000298)

Yesterday I woke and I saw this guy and he said to me that I needed to go to the store and buy him the biggest, smelliest piece of cheese that I could find in the store. I looked at him quizzicaly, as this is not something that happens to me very often.

"You want the smelly cheese from the grocery store?" I asked.

"Yesssa aaiz wanz da CHEESE SMELLY BIG" he stammered at me, breath reeking of cheap booze. He told me his life story then, I could not help but but dumb struck.

He was born in France during World War II. When the Nazis marched on Paris, his mother (a hungarian whore who had moved to paris because she thought that she could make more money there because she refused to shave her armpits for the last ten years and braided her arm hair into something akin to dreadlocks with perls braided into them) hid him in a big wheel of cheese. He was but a todler at the time, so he could fit inside of the hole she cut out for him, then she placed a piece of cardboard over top of it.

Well, when the Germans came into the room, they saw her and set fire to her armpit hair. Pieces of it fell onto the cheese, smoldering away. From inside, all this man could have known of the outside world would have been burning arm hair and smelly cheese.

"Yoouzzeseee i wan reme me me me me meberrrr my MOMSSS IES MISESS"

Well, I had no choice upon hearing this tale but to go straight away to the store and buy the biggest, smelliest piece of cheese that I could find. When the clerk tallied my bill, it came out to $66.60, and the cheese weighed thirty pounds. I carried it outside and showed it to the bum who had accosted me and told me his woeful tale. I looked at the cheese, then raised my eyes to meet his.

"I hope this makes you happy," I told him.

"Today is your lucky day, Sir" he said to me as he turned into wisps of smoke and faded away.

What the fuck am I going to do with this cheese now? SLASDOT HELP ME!

Re:I just don't know (0, Offtopic)

Bi()hazard (323405) | more than 9 years ago | (#11000441)

He's probably a genie. Unfortunately, we don't know what kind. He may be the kind that only gives you one wish, in which case your wish was for him to be happy. Good karma for the afterlife, but it'll be a while before you find out for sure.

It could also be the kind of genie that only helps when you really need it. In that case, just wait until some disaster befalls you, and then summon the genie to save you. Have you wished for anything out loud since he disappeared? If it's a multiple wish non-emergency genie, that might do the trick. But be careful what you wish for, since you don't know how many chances you'll get. Of course, it could also be the kind of genie that picks the wish itself instead of taking requests, if that's it then something good will happen to you eventually, but we won't know until it does.

As for what to do with the cheese, you may want to consult a psychic. Get several opinions from unrelated ones, there's a lot of fake psychics out there. Take good care of the cheese, but don't seal it airtight or freeze it or anything that would harm a toddler if one were trapped inside it.

Gather as much information as possible before taking action, but don't let the cheese get moldy or dirty.

When seeking further advice, you should figure out the approximate apparent age of the guy (does it match his story, or does he look younger than expected?), and unusual features (such as damage that may have been caused by a fatal injury), or writing or symbols on his clothes. What kind of clothing was he wearing, is it what you'd expect to see here, today or from some past time and place? Did you feel and unusual warm or cold gusts of wind in his presence? Where exactly did you meet him, does the location have any interesting history? If something like this happens again, pick up a video camera while you're out and collect photographic evidence of the visitor, but ask permission first.

So... (2, Interesting)

netsharc (195805) | more than 9 years ago | (#11000303)

Guess I'm asking at the wrong place, but does this mean if I send email using my uni's SMTP server with my Yahoo! E-mail address in the "from" field, I will receive a challenge? A challenge being an email to the sender's address so they know the address is active, I'm guessing..

And I read of a whitelist/blacklist. Does this mean the user having to manage this list? It looks like it's being done so that the user can reactively work about it though (instead of actively), maybe an email that says "You got email from xyz, Do you want this email?" Heh an email about an email, that'd be annoying.

I tried sending email using Yahoo!'s web interface with 3 addresses in the "To" field today, and when I clicked "Send" it asked me to answer a Captcha [captcha.net] , interesting..

Re:So... (0)

Anonymous Coward | more than 9 years ago | (#11000452)

Awesome sig, thanks for tha laugh. ;)

Re:So... (1)

opqdonut (768567) | more than 9 years ago | (#11000644)

According to the standard, the from field should have the email address the mail was sent from (in this case your uni addy). If you want replies to go to another address, use the standard Reply-To: header.

If you violate the mail standard you get labeled as a spammer because spammers frequently use tricks like this.

Interesting.... (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11000305)

...that this is being pushed by a little fly-by-night company in Armonk.

The spam problem solved! (0)

Anonymous Coward | more than 9 years ago | (#11000307)

With a few cached DNS look-ups and a couple of if/then statements.

This is great news! Why didn't someone think of this sooner?

Re:The spam problem solved! (1)

gardyloo (512791) | more than 9 years ago | (#11000346)

Sorry. Won't work until all the if/thens are replaced by GOTOs. :P

Naive at best (3, Interesting)

erice (13380) | more than 9 years ago | (#11000310)

1) Mobile user sets up notebook at new location and sends mail via the local mail relay.
2) FairUCE on recipient end bounces the mail because it can't find a relationship between the sender and the mail relay.

If the ISP blocks outbound port 25 access, you get a real catch 22. Can't use remote relay becuase of the port block. Can't use local relay because FireUCE will see that there is no relationship to the sender and block the mail.

This is an old idea. It can be implimented with procmail and a little perl. Few people do this, not for lack of tools, but simply because it is a bad idea.

Re:Naive at best (1, Funny)

Anonymous Coward | more than 9 years ago | (#11000331)

If the ISP blocks outbound port 25 access, you get a real catch 22.

No, they could block 22 as well.

Re:Naive at best (1)

shufler (262955) | more than 9 years ago | (#11000381)

This is why ISPs shouldn't block outbound port 25, and e-mail providers should provide SMTP servers with SMTP-auth. This won't eliminate spam, but it will eliminate the problem that many mobile users have. I can only use my school's SMTP server if I'm on campus (and on the wired network, no less), and I cannot use any other SMTP server other than my ISP's server. This means I am constantly changing the server settings depending on my location, or, firing up IE to use the web-based mail which is so buggy, I'm forced to use IE to use it.

Of course, this would be too easy, so naturally it's not done. It won't solve the spam problem, since spammers will either have a legitimate account on the SMTP server, or they'd still resort to spoofing.

Re:Naive at best (2, Informative)

farnz (625056) | more than 9 years ago | (#11000515)

Or get e-mail providers to support MSA, which is SMTP for mail being introduced to the network, and is supposed to run on port 587.

What it does.... (2, Interesting)

julesh (229690) | more than 9 years ago | (#11000321)

). It claims to be able to 'stop a vast majority of spam' without the need for content filters, and 'virtually eliminates spoofed addresses, phishing, and even many viruses with a few cached DNS look-ups and a couple of if/then statements'.

Oh, yeah, and completely stop mailing lists from being usable. That, too.

slashdotted? (1)

Bs15 (762456) | more than 9 years ago | (#11000329)

When I try to download it, I get this from IBM: This service is temporarily unavailable. Please try again later. rc: 40

That is soooo last year (1)

timdorr (213400) | more than 9 years ago | (#11000336)

I've had this working with Exim for a long time now. It's actually just a tickbox in cPanel. I actually think it's on by default for any host using cPanel, which are quite a few.

Great, freeze my server with bounce backs (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11000337)

My server receives over 140,000 spam messages a day over 300 domains. So, will this system be running this process several times a second, then sending undeliverable bounce back messages just as often? Great, even more server problems, brilliant idea guys. My favorite solution is a client side filter. Thunderbird is amazing. I'd rather see the world go that way.

Here we go again (5, Funny)

nsayer (86181) | more than 9 years ago | (#11000339)

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
(X) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
(X) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Here we go again (4, Funny)

physicsphairy (720718) | more than 9 years ago | (#11000349)

Modularize this, extend its applicability, and we can replace 90% of slashdotters with a small shell script!

Re:Here we go again (3, Interesting)

LMCBoy (185365) | more than 9 years ago | (#11000447)

what makes you think this hasn't happened already?
you think that's air you're breathing?

Re:Here we go again (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11000648)

God invented open source?

no... Here WE go... (1)

unixbugs (654234) | more than 9 years ago | (#11000473)

I can give anyone a realistic outlook on the problem, from Ground Zero...

Picture Massive Hosting Corporation X, leading entrepreneurialship throughout the company, with an order of X machines, all of which host dozens (hundreds? yes, get over it) of domains each. Everyone is promised X email, usually unlimited, untill someone like AOL blocks them, (us - ouch, my foot...)............

Stupid people register their stupid little domains and we get stupidly stupid passwords like *password* on our mail boxen, supplemented with canned email scripts for the user to choose from, depending on level of stupidity. Ergo, we are left with an effectively massive amount of technically legitmate, open, hax0rable mail relays that get abused as soon as the MX record propagates...

So now what? "Educate the General Public"? Yeah! Hahahahahaa... Until the price of broadband falls into finite pockets, we WILL NOT see an end to SPAM. Really though, for $9.95 a month, any idiot can open a domain up with mail on it and get a good share of the international mail scene...

Now you know...

Re:Here we go again (1)

metlin (258108) | more than 9 years ago | (#11000502)

And...

the Slashdot fortune cookie goes,

"Remember -- only 10% of anything can be in the top 10%."

Go figure :)

Thanks for the idea! Here's your perl script! (2, Funny)

fprog (552772) | more than 9 years ago | (#11000664)

%choice = (
'type' => [ 'technical', 'legislative', 'market-based', 'vigilante' ],

'reason' => [
'Spammers can easily use it to harvest email addresses',
'Mailing lists and other legitimate email uses would be affected',
'No one will be able to find the guy or collect the money',
'It is defenseless against brute force attacks',
'It will stop spam for two weeks and then we\'ll be stuck with it',
'Users of email will not put up with it',
'Microsoft will not put up with it',
'The police will not put up with it',
'Requires too much cooperation from spammers',
'Requires immediate total cooperation from everybody at once',
'Many email users cannot afford to lose business or alienate potential employers',
'Spammers don\'t care about invalid addresses in their lists',
'Anyone could anonymously destroy anyone else\'s career or business', ],

'fail' => [
'Laws expressly prohibiting it',
'Lack of centrally controlling authority for email',
'Open relays in foreign countries',
'Ease of searching tiny alphanumeric address space of all email addresses',
'Asshats',
'Jurisdictional problems',
'Unpopularity of weird new taxes',
'Public reluctance to accept weird new forms of money',
'Huge existing software investment in SMTP',
'Susceptibility of protocols other than SMTP to attack',
'Willingness of users to install OS patches received by email',
'Armies of worm riddled broadband-connected Windows boxes',
'Eternal arms race involved in all filtering approaches',
'Extreme profitability of spam',
'Joe jobs and/or identity theft',
'Technically illiterate politicians',
'Extreme stupidity on the part of people who do business with spammers',
'Dishonesty on the part of spammers themselves',
'Bandwidth costs that are unaffected by client filtering', 'Outlook', ],

'objections' => [
'Ideas similar to yours are easy to come up with, yet none have ever been shown practical',
'Any scheme based on opt-out is unacceptable',
'SMTP headers should not be the subject of legislation',
'Blacklists suck', 'Whitelists suck',
'We should be able to talk about Viagra without being censored',
'Countermeasures should not involve wire fraud or credit card fraud',
'Countermeasures should not involve sabotage of public networks',
'Countermeasures must work if phased in gradually',
'Sending email should be free',
'Why should we have to trust you and your servers?',
'Incompatiblity with open source or open source licenses',
'Feel-good measures do nothing to solve the problem',
'Temporary/one-time email addresses are cumbersome',
'I don\'t want the government reading my email',
'Killing them that way is not slow and painful enough', ],

'about' => [
'Sorry dude, but I don\'t think it would work.',
'This is a stupid idea, and you\'re a stupid person for suggesting it.',
'Nice try, assh0le! I\'m going to find out where you live and burn your house down!' ]);

srand(time);
sub getIndex { return rand( shift() - 1 ); }

$post = "Your post advocates a"
.$choice{'type' }[ getIndex($#{$choice{'type'}}) ]
." approach to fighting spam.\nYour idea will not work. Here is why it won't work.\n"
.$choice{'reason' }[ getIndex($#{$choice{'reason'}}) ] ."\n\n"
."Specifically, your plan fails to account for "
.lcfirst $choice{'fail' }[ getIndex($#{$choice{'fail'}}) ]
."\nand moreover I have the following philosophical objection, \nmainly "
.lcfirst $choice{'objections' }[ getIndex($#{$choice{'objections' }}) ] ."\n\n"
.$choice{'about' }[ getIndex($#{$choice{'about'}}) ]
."\n\nSincerely yours,\nSlashdot anonymous random perl bot\n\n";

$post =~ s/ *\. */.\n/g;
print $post;

Re:Here we go again (2, Insightful)

wirelessbuzzers (552513) | more than 9 years ago | (#11000467)

Sorry to bother you while you're making a joke, but you are supposed to X the appropriate bubbles, not random ones.

And the license sucks, too. (1)

Skapare (16644) | more than 9 years ago | (#11000552)

And the license sucks, too. It is restricted to non-commercial use.

Re:Here we go again (2, Insightful)

johannesg (664142) | more than 9 years ago | (#11000569)

I strongly suspect this list was first devised by spammers to convince people that spam cannot be fought. In fact that is wrong, all it takes is the realisation that instead of a single perfect solution we will need a series of incremental solutions. As solutions multiply the amount of spam will drop, but this will take time. I'm fine with that, as long as we are making progress. Right now thanks to your attitude we are not making much progress.

A law against spam will not actually stop it, but it does allow action to be taken against the spammer after he is found out so he won't do it again.

Similarly, a technical solution that enforces detectability of the spammer will make it possible to find out so he is, so the law can be applied.

Neither law nor technical solution on its own will stop spam, but together they can be used to significantly reduce the volume. And that's all we are asking for, really.

Challenge/Block (3, Insightful)

droleary (47999) | more than 9 years ago | (#11000348)

FYI, any time (which is every time) I get a challenge for an email I didn't send, I immediately block the server because that kind of "solution" is nothing short of dropping their spam problem in my lap. Fair warning to anyone who thinks FairUCE is in any way a "Smart" answer to spam.

The only effective spam solution I've currently found is to have expiring email addresses. One easy way to set that up is to use subdomains that don't even resolve after a certain point. So you might have me@2004.example.com good for only three more weeks, or me@amazon.example.com good for as long as Amazon (or your "healthy" girlfriend) doesn't sell you out. You can get tricky, of course, and use subdomains that are not so easily subject to a dictionary attack or guessing.

Re:Challenge/Block (1)

PigleT (28894) | more than 9 years ago | (#11000630)

Did anyone see this phrase?
FairUCE only sends a challenge when the mail appears to be spoofed.

So, um, right when we *don't* want you to be adding to the spam problem, it goes and makes it worse for everyone else?

As for the description of what it does, well, we already have RBLs (which I generally hate, but they do sort-of fulfil the description "looking up who it claims to be from"), we have reverse/forward DNS lookup ability - in exim and postfix and sendmail already.

Sounds like some DNS hacks (1)

bigberk (547360) | more than 9 years ago | (#11000364)

I've played around with some custom made scripts that do (what sounds like) the same kinds of checks that these fellows do. While it's true that this method is good for flagging suspicious emails, the result is not definitive and shouldn't be used to block mail. It suffers from the same fundamental problem as SPF itself; email is meant as a store and forward system. You can email mail with any return address through any intermediate host (e.g. using .forward or whatever). My guess is that this software does the following checks or something very similar to it, which has also given me good results. Note that this is essentially an SPF-ish lookup, without the need for SPF records. It's not very reliable.
  • Connecting IP (immediate relay) - do a reverse lookup on it. Does the domain name match the domain name as the envelop sender?
  • Take the domain name of the envelop sender and find alll mail exchangers for the domain. Do a reverse lookup on the connecting IP too. Do any of these domains overlap?
  • Compare by network - is the connecting relay on the same network as the domain it claims to originate from (sender address)
Etc. As you can see this will definitely catch spam "forged" to come from domains like AOL, but the trouble point is that very often it's legitimate for mail to arrive from an unrelated network. Nothing about SMTP says it's wrong to put in the return address you want, despite the immediate relay delivering the mail.

yet another waste of time (4, Interesting)

mabu (178417) | more than 9 years ago | (#11000382)

Have we not established a few basic tenets of the spamademic?

1. Spammers make money by using a disproportionate amount of bandwidth than what they pay for. Stopping spam from entering peoples' inboxes is less than half the problem. 70% or more of all SMTP traffic is UCE and everyone pays for that in higher costs and slower performance regardless of whether they have spam filters in place.

2. The majority of the anti-spam solutions (with the exception of RBLs) including the one related to this article, require extra time, bandwidth and resources on the part of innocent networks to deal with the spam problem. This is a step backwards.

If you want to stop spammers you have to stop them from stealing bandwidth. To date, the ONLY effective solution thus far has been relay blacklisting. This has several added benefits including: stopping propagating of worms/viruses, and forcing ISPs to police the illegal activities of their users and shut down nodes which are spamming through their network.

As an ISP, I have no interest in yet another costly anti-spam solution that I have to install that doesn't address the larger issue of the tons of bandwidth spammers waste on my network and every one in between. This system wastes even more resources by attempting to verify the source of every e-mail in an even more detailed manner than before, so the end result is: more computing resources needed, more bandwidth needed and slower mail service.

No thanks.

I'll patiently wait until the *inevitable* SMTP whitelist scheme that is the only true solution to stopping spam (unless the authorities decide to actually start prosecuting spammers for their crimes).

Re:yet another waste of time (2, Interesting)

bigberk (547360) | more than 9 years ago | (#11000416)

To date, the ONLY effective solution thus far has been relay blacklisting.
I'll agree with this, as a small ISP. Blocklists are very easy to use, bandwidth-efficient and highly effective. They are the best solution we have, and do put pressure on bad ISPs to clean up their act. With over 150 public blocklists out there, spammers get nervous. Their attacks against SPEWS, Spamhaus, and Spamcop demonstrate how desperate spammers are getting.

It gets better! (2, Informative)

johannesg (664142) | more than 9 years ago | (#11000575)

Here in the Netherlands the government wants providers to keep a log of all mail (http, ftp, whatever) traffic that goes over their lines. The providers are complaining, but in the end they will simply raise prices to compensate. Effectively I will be paying to be spied upon. And in the case of email, I will be paying to receive spam and then store it for five or ten years.

Re:yet another waste of time (1)

Nephrite (82592) | more than 9 years ago | (#11000645)

> If you want to stop spammers you have to stop them
> from stealing bandwidth

this only can be done by altering SMPT protocol and forbidding setting more than one recipient per email. Thus, spammers will have to send their billion emails one by one instead of specifying a zillion email as recipients and one body.

And that won't work because it's impossible to make such an adjustment to the protocol and make everyone to use it.

Re:yet another waste of time (1)

shish (588640) | more than 9 years ago | (#11000668)

If everyone had a 99% accurate spam-blocker (ie installed at the ISP level), spam would become an inifficient way of making money, so the spammers would have to go elsewhere; bandwidth use then drops off from that.

Anobody notice the BASIC reference (0, Troll)

Jack Schitt (649756) | more than 9 years ago | (#11000390)

If/Then statements? I sure hope this proxy is not written in BASIC. There could be some serious speed issues.

Re:Anobody notice the BASIC reference (1)

dustinbarbour (721795) | more than 9 years ago | (#11000453)

if/then statements automatically mean BASIC? Am I missing something?

How about this:

void duh()
{
if(parent_is_asshat())
{
return 1;
}
else
{
return 0;
}
}

Re:Anobody notice the BASIC reference (0)

Anonymous Coward | more than 9 years ago | (#11000485)

Yeah, you're missing something - the word "then".

Re:Anobody notice the BASIC reference (1)

Flashbck (739237) | more than 9 years ago | (#11000533)

I uh hate to burst your bubble, but that is an if/else statement and not an in/then statement. And yes, there is a tremendous difference.

an example of an if/then in visual basic (I know, I know...but I NEVER program in it!!!!!)
If parent_knows_what_he_or_she_is_talking_about() Then
congratulate_him_or_her()
End If


an example of an if/then/else in VB (again, I apologize)
If parent_knows_what_he_or_she_is_talking_about() Then
congratulate_him_or_her()
ElseIf parent_has_no_clue() Then
ridicule_him_or_her_in_slashdot_fashion()
End If


get it?

I have a question. (1)

Stonent1 (594886) | more than 9 years ago | (#11000540)

But won't challenges look like spam servers probing your system.

My opinion (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11000548)

What did the deaf, dumb and blind kid get for Christmas?

Cancer

Spam filter to the max! (1)

Agret (752467) | more than 9 years ago | (#11000553)

if(sender.domain = spam.com){
Move to spam folder
}

I think using Thunderbird to filter your shit is a lot better than using this :)

Restricted use and restricted download (2, Insightful)

Skapare (16644) | more than 9 years ago | (#11000561)

This package just isn't going to get very popular. It is restricted to non-commercial use (perhaps you can buy a license for commercial use). And you have to sign up with IBM to get a download just to see if it's any good. And then there's a lot of extra stuff you have to have to run it. Maybe I should work on my own GPL open source version of this and do it as a pure TCP proxy front end so it works on any mail server (even for Exchange on Windows if on a different machine or under some emulator).

Re:Restricted use and restricted download (0)

Anonymous Coward | more than 9 years ago | (#11000583)

Correct!!! For all the reasons you gave plus the fact that it is coded in Java leads me to believe it will surely die.

Wait... (1)

dshaw858 (828072) | more than 9 years ago | (#11000652)

[...] verifies email by attempting to verify the sender through lookups (a user customized challenge/response)

Okay, so either (a) a user has to do a challenge/response simulation each time he or she wants to send/receive and email, or (b) it's automated... and a spammer could simply brute force/crack/automate themselves the challenge/response. I don't see how this would really work.

- dshaw
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>