From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#46472: Make lisp/mail/uce.el obsolete Date: Mon, 11 Oct 2021 21:33:31 -0700 Message-ID: References: <83im6we6v8.fsf@gnu.org> <83mtw8cbku.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="28724"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) Cc: Glenn Morris , Stefan Monnier , 46472@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Oct 12 06:34:18 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ma9UY-0007Gz-R1 for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 12 Oct 2021 06:34:18 +0200 Original-Received: from localhost ([::1]:47198 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ma9UX-0007si-4G for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 12 Oct 2021 00:34:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47346) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ma9UI-0007rh-5A for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 00:34:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:49833) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ma9UH-00059q-T0 for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 00:34:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ma9UH-0005In-M1 for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 00:34:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 12 Oct 2021 04:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46472 X-GNU-PR-Package: emacs Original-Received: via spool by 46472-submit@debbugs.gnu.org id=B46472.163401321920355 (code B ref 46472); Tue, 12 Oct 2021 04:34:01 +0000 Original-Received: (at 46472) by debbugs.gnu.org; 12 Oct 2021 04:33:39 +0000 Original-Received: from localhost ([127.0.0.1]:33146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma9Tv-0005IE-AV for submit@debbugs.gnu.org; Tue, 12 Oct 2021 00:33:39 -0400 Original-Received: from mail-pf1-f169.google.com ([209.85.210.169]:43604) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ma9Tt-0005I1-Tz for 46472@debbugs.gnu.org; Tue, 12 Oct 2021 00:33:38 -0400 Original-Received: by mail-pf1-f169.google.com with SMTP id 187so16531583pfc.10 for <46472@debbugs.gnu.org>; Mon, 11 Oct 2021 21:33:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:user-agent :mime-version:date:message-id:subject:to:cc; bh=zt8Fo15OLsHXuPhkEDDx5tTiNAkiqnb7fCVcvHbgssA=; b=jtqzeikBN0Ih8fIyW/SZQkFE41e9eJN8qCuHXlPRByQNix+YypmL+FnH33iLz6QGZg Jf5a1IhE1ByBSzT5O10NJFV2vwmP24w66pOJkHZiUbsUZJUOo8NmUK7EBDWdN+9aLrJc 1cgU+NNUNZ/+emo8vsvfoptK/h+DWqsHD8N9tZM2AHdYKKeBLynpT9702wiTw64G6Gx+ 5nQCUveAzW4+EGWUB83oqDNSv0tZNKf8ZgAvXJJCrU1okoyIkmVphmKlrVb5R+/1b62R H9HGblu9+QwXiQPyr2ABLQ647a7322PJlLf+AN7BVKlbwXa+GxsxEQeggxhCBdf5kIK/ vSkw== X-Gm-Message-State: AOAM531huf9ytang4tXZsyARYs4POHWxZ2nIVEUL9yU89ZYh6FrB9npE xfgq+lYVrcxQ0RBUWoMFCseDNMszmR5gQJ+xTPs= X-Google-Smtp-Source: ABdhPJz8HEuwPv603cIGRZt0xItEQ/3tmbQIxTiDzQWm5QDhHVH9St8v2SAWdlhuzBVfosmvhb4957CWcfvlRLMC16M= X-Received: by 2002:a63:7e11:: with SMTP id z17mr21173403pgc.114.1634013211716; Mon, 11 Oct 2021 21:33:31 -0700 (PDT) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Mon, 11 Oct 2021 21:33:31 -0700 In-Reply-To: <83mtw8cbku.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 13 Feb 2021 16:00:01 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:216987 Archived-At: Eli Zaretskii writes: > The method of "recommendation" you propose is too strong for my > palate, sorry. In general, I believe that people should be left to > their devices unless what they do causes harm to others. > Second-guessing other people under the assumption that we know better > is something I don't like doing, and don't like others doing to me. > > How about adding some warnings to uce.el instead, either in the > commentary or when the main entry point is invoked for the first time > in a session? Is this okay for emacs-28? diff --git a/lisp/mail/uce.el b/lisp/mail/uce.el index b07004de38..611181ca61 100644 --- a/lisp/mail/uce.el +++ b/lisp/mail/uce.el @@ -24,11 +24,53 @@ ;;; Commentary: ;; The code in this file provides a semi-automatic means of replying -;; to unsolicited commercial email (UCE) you might get. Currently, it -;; only works with Rmail and Gnus. If you would like to make it work -;; with other mail readers, see the mail-client dependent section of -;; uce-reply-to-uce. Please let me know about your changes so I can -;; incorporate them. I'd appreciate it. +;; to unsolicited commercial email (UCE) you might get. + +;; -- !!! NOTE !!! -------------------------------------------- +;; +;; Replying to spam is at best pointless, but most likely actively +;; harmful. +;; +;; - You will confirm that your email address is valid, thus ensuring +;; you get more spam. Spammers use tricks like getting you to reply +;; and/or clicking unsubscribe links, etc. to confirm that you +;; should stay on their lists. +;; +;; - You will leak information (e.g. on your email server and setup), +;; thus opening yourself up for further attack. More importantly, +;; they are likely to find your IP, thus your physical location (see +;; "geolocation"), and by combining that data with your name it +;; should be trivial to find e.g. your home address and phone +;; number. +;; +;; - The sender address is likely fake. (For example, you might +;; unwittingly participate in flooding someones mailbox. The +;; abuse@domain and postmaster@domain is unlikely to be able to act +;; on your reply.) +;; +;; - You open yourself up to various kinds of social engineering. +;; This could be the first in a planned exchange where they will +;; attempt to trick you to divulge sensitive information. +;; +;; - You confirm that the email landed in your inbox, and not the spam +;; folder. This confirms to them that their current method of +;; spamming is useful, and helps them continue. +;; +;; - Scammers have been known to threaten, intimidate, and use other +;; forms of criminal manipulation. Be aware that replying to spam +;; can lead down a path that you may not want to be on. +;; +;; Therefore, we strongly recommend that you do not use this package. +;; Use a spam filter instead, or just delete the spam. +;; +;; If you still want to use it, read on. +;; +;; ------------------------------------------------------------ + +;; Currently, it only works with Rmail and Gnus. If you would like to +;; make it work with other mail readers, see the mail-client dependent +;; section of uce-reply-to-uce. Please let me know about your changes so +;; I can incorporate them. I'd appreciate it. ;; The command uce-reply-to-uce, if called when the current message ;; buffer is a UCE, will setup a reply *mail* buffer as follows. It @@ -204,6 +246,12 @@ uce-subject-line "Subject of the message that will be sent in response to a UCE." :type 'string) +(defcustom uce-i-want-to-use-this nil + "Non-nil means that you don't want the warning message about this package. +See `uce-reply-to-uce' for background." + :type 'boolean + :version "28.1") + ;; End of user options. @@ -218,7 +266,44 @@ uce-reply-to-uce "Compose a reply to unsolicited commercial email (UCE). Sets up a reply buffer addressed to: the sender, his postmaster, his abuse@ address, and the postmaster of the mail relay used. -You might need to set `uce-mail-reader' before using this." +You might need to set `uce-mail-reader' before using this. + +-- !!! NOTE !!! -------------------------------------------- + +Replying to spam is at best pointless, but most likely actively +harmful. + +- You will confirm that your email address is valid, thus ensuring + you get more spam. Spammers use tricks like getting you to reply + and/or clicking unsubscribe links, etc. to confirm that you + should stay on their lists. + +- You will leak information (e.g. on your email server and setup), + thus opening yourself up for further attack. More importantly, + they are likely to find your IP, thus your physical location (see + \"geolocation\"), and by combining that data with your name it + should be trivial to find e.g. your home address and phone + number. + +- The sender address is likely fake. (For example, you might + unwittingly participate in flooding someones mailbox. The + abuse@domain and postmaster@domain is unlikely to be able to act + on your reply.) + +- You open yourself up to various kinds of social engineering. + This could be the first in a planned exchange where they will + attempt to trick you to divulge sensitive information. + +- You confirm that the email landed in your inbox, and not the spam + folder. This confirms to them that their current method of + spamming is useful, and helps them continue. + +- Scammers have been known to threaten, intimidate, and use other + forms of criminal manipulation. Be aware that replying to spam + can lead down a path that you may not want to be on. + +Therefore, we strongly recommend that you do not use this package. +Use a spam filter instead, or just delete the spam." (interactive) ;; Start of mail-client dependent section. (let ((message-buffer @@ -358,7 +443,49 @@ uce-reply-to-uce ;; Run hooks before we leave buffer for editing. Reasonable usage ;; might be to set up special key bindings, replace standard ;; functions in mail-mode, etc. - (run-hooks 'mail-setup-hook 'uce-setup-hook)))) + (run-hooks 'mail-setup-hook 'uce-setup-hook))) + (unless uce-i-want-to-use-this + (pop-to-buffer (get-buffer-create "uce-reply-to-uce warning")) + (insert "-- !!! NOTE !!! -------------------------------------------- + +Replying to spam is at best pointless, but most likely actively +harmful. + +- You will confirm that your email address is valid, thus ensuring + you get more spam. Spammers use tricks like getting you to reply + and/or clicking unsubscribe links, etc. to confirm that you + should stay on their lists. + +- You will leak information (e.g. on your email server and setup), + thus opening yourself up for further attack. More importantly, + they are likely to find your IP, thus your physical location (see + \"geolocation\"), and by combining that data with your name it + should be trivial to find e.g. your home address and phone + number. + +- The sender address is likely fake. (For example, you might + unwittingly participate in flooding someones mailbox. The + abuse@domain and postmaster@domain is unlikely to be able to act + on your reply.) + +- You open yourself up to various kinds of social engineering. + This could be the first in a planned exchange where they will + attempt to trick you to divulge sensitive information. + +- You confirm that the email landed in your inbox, and not the spam + folder. This confirms to them that their current method of + spamming is useful, and helps them continue. + +- Scammers have been known to threaten, intimidate, and use other + forms of criminal manipulation. Be aware that replying to spam + can lead down a path that you may not want to be on. + +Therefore, we strongly recommend that you do not use this package. +Use a spam filter instead, or just delete the spam. + +Customize the variable `uce-i-want-to-use-this' if you do not +want to see this message. +"))) (defun uce-insert-ranting (&optional _ignored) "Insert text of the usual reply to UCE into current buffer."