False postive for CENTRALCOMMAND.COM newsletter

Vernon Schryver vjs@calcite.rhyolite.com
Sat May 18 00:54:24 UTC 2002

> From: Sean Rima <sean-sender-732ecf@tcob1.net>

> Just notioced that the latest Centralcommand.com newsletter is being
> marked as many.
> the checksums are:
> X-DCC-tcob1-Metrics: tcob1.net 1042; Body=many Fuz1=many Fuz2=many
>                                                       checksum  server
>                                                       wlist
>                  env_From: 51cb1d01 803256f7 54c88978 3cbac0b2
>                      From: 550717fa b8335e44 5a13ae9a 5e254d78
>                Message-ID: f4bdfa7c 0e5d0292 164672eb 4724a6f3
>                  Received: 486c69ae 5c221a50 a9f103cb 441a424c
>                      Body: 388b254b c7b8deb4 611c460a a73eadc3    many
>                      Fuz1: 9263b12e 3cefe27f a9fb4844 de19b541    many
>                      Fuz2: 53b5a154 81c1df13 29bf9e45 f665b93d    many

If it is a "newsletter," then it certainly does not sound like a
"false positive."

`dblist -Vh` says that variations of that particular message have been
seen at more than one DCC server, which makes clear that it is bulk.
It seems to have it a trap or otherwise been noted as extremely bulky
at server-ID 1012.  The data compression mechanisms in the servers
and in the flooding make it impossible to say how many other places
have seen that message or marked it as extremely bulky.

The fact that you issued delete request for some of the checksums for that
message suggests that I should make honoring delete requests off by
default.  Unless you know for a fact that the message was not unsolicited
bulk mail where it was marked as "many", you stepped over the line.

As the DCC documentation says and as I've told you, the DCC detects bulk
mail.  You must add a white list to distinguish between solicited and
unsolicited bulk mail.  Anyone who is rejecting all mail marked "many"
has not read the documentation or is intentionally misusing or at least
not using the DCC as intended if you rejecting all mail marked "many."

Vernon Schryver    vjs@rhyolite.com

