Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!newsfeed.stanford.edu!nntp.cs.ubc.ca!news.killfile.org!not-for-mail From: tskirvin@killfile.org (Tim Skirvin) Newsgroups: news.admin.net-abuse.bulletins,news.admin.net-abuse.usenet,news.admin.net-abuse.sightings,news.admin.net-abuse.misc,news.answers Subject: Cancel Messages: Frequently Asked Questions, Part 3/4 (v1.75) Supersedes: Followup-To: news.admin.net-abuse.usenet Date: Sat, 15 May 2004 00:00:01 -0500 Organization: Killfiles, Unlimited Lines: 574 Approved: news-answers-request@mit.edu Expires: Sat, 26 Jun 2004 05:00:01 GMT Message-ID: Reply-To: tskirvin@killfile.org X-Trace: victor.killfile.org 1084597205 26756 216.43.25.138 (15 May 2004 05:00:05 GMT) X-Complaints-To: usenet@killfile.org Summary: This is a list of Frequently Asked Question about cancel messages on Usenet. It mainly discusses how cancels work, who issues them, their history, and what to do about them. It is more of a general purpose FAQ than anything else; it's not required reading anywhere, just more of a reference. X-Auth: PGPMoose V1.1 PGP news.admin.net-abuse.sightings iD8DBQFApaPSv1i8LqUfqQURAo75AJ9+XGVOAEO+XOANuwvrgUcR2SUUuACdFD4T RLJ4YIp+doXTbucz97nlvZw= =Htbs Xref: senator-bedfellow.mit.edu news.admin.net-abuse.bulletins:34807 news.admin.net-abuse.usenet:610098 news.admin.net-abuse.sightings:1406499 news.admin.net-abuse.misc:222754 news.answers:271285 Archive-name: usenet/cancel-faq/part3 Posting-Frequency: monthly Last-modified: 1999/09/30 Version: 1.75 URL: Cancel Messages Frequently Asked Questions Part 3/4 This document contains information about cancel messages on Usenet, such as who is allowed to use them, how they operate, what to do if your message is cancelled, and the like. It does not contain detailed instructions on how to cancel a third party's posts. It is not intended to be a fully technical document; its audience is the average Usenet user, up to a mid-level administrator. This document is not meant to be a comprehensive explanation of Usenet protocols, or of Usenet itself, but a basic knowledge of these concepts is assumed. Please refer to news.announce.newusers, RFC1036, and/or RFC1036bis if you wish to learn them. Disclaimers: The information contained within is potentially hazardous; applying it without the permission of your news administrator may cause the revocation of your account, civil action against you, and even the possibility of criminal lawsuits. The author of this document is in no way liable for misuse of the information contained within, nor is he in any way responsible for damages related to the use or accuracy of the information. Proceed at your own risk. Table of Contents > = In other parts of the FAQ ================= * = Changed since last update >I. What are cancel messages? >II. How do cancels work? >III. So your post was cancelled... >IV. What does it take to cancel messages? >V. That idiot forge-cancelled my posts! >VI. What moral issues are involved with cancel messages? VII. What's going to happen to cancels in the future? A. What are authenticated cancels? B. Are there any other Usenet methods to delete messages? C. Why are some people turning off cancels altogether? D. What is NoCeM? E. What is PGP? VIII. What about these other things? A. What is Lazarus? B. What is Dave the Resurrector? C. What was the Judges-L mailing list? D. What is the UDP? IX. What are the current cancel issues? A. What are the cancel-on-sight rules? B. Are HTML postings cancellable? C. What happened to copyright cancels? D. What should be done about unaccountable spam cancellers? E. What should be done about open news servers? F. How should hierarchies opt out of spam cancels? Changes To Do Contributors Pointers >Appendix A: Dave the Resurrector >Appendix B: Retromoderation VII. What's going to happen to cancels in the future? ===================================================== A. What are authenticated cancels? Usenet was not built with security in mind; the fact that it's relatively simple to forge a cancel proves this. As time goes on, though, the need for security is becoming more and more obvious. One way of making this security would be to change the software to only accept cancels that include verification of a match between the poster and the canceller; such verification might take the form of a PGP-signature or some other similar method. There have been many methods proposed to accomplish this; at this point, none are in wide use. If anyone would like to write some software to accomplish this, please do so, and discuss it on news.admin. misc; the CancelMoose has a few suggestions for authenticated cancels on his web page at . B. Are there any other Usenet methods to delete messages? Of course. 1. How does the Supersedes: header work? Commonly used for periodic postings and other information updates, the Supersedes: header replaces an old message with a new one. It is especially useful for FAQ maintainers, who use it to replace old versions of the FAQ with more up-to-date ones - this FAQ, for example, uses it. To replace the message <4b6uce$ou7@vixen.cso.uiuc.edu>, you would want to add the header: Supersedes: <4b6uce$ou7@vixen.cso.uiuc.edu> The use of Supersedes: is otherwise basically the same as a cancel message, and third-party superseding should be treated the same as third-party cancels. 2. How does the Expires: header work? By adding the Expires: header to your post, you can override the standard expiration time on most systems and make your message be deleted from most systems at a time of your choosing. This is especially useful for time-dated information and FAQs which are meant to be reposted on a regular basis. If you want your message to expire at 7:50:06pm (PST) on 2/11/96, add the following header (the format must be followed exactly): Expires: Sun, 11 Feb 1996 19:50:06 PST Your message should expire by this date. It may expire earlier, depending on the system setup and expiry times. 3. What is the Also-Control: header? The Also-Control: header acts just like a standard Control: header, except that the post is also filed in whatever groups it was posted to, as opposed to being filed in control. Otherwise, the two are interchangeable, though the former is very rarely used. C. Why are some people turning off cancels altogether? Until authenticated cancels catch on, there are no options to avoid forged cancels and allow unforged ones. One option, advocated by a few, vocal people that don't want to allow such forgery, is to not accept cancels at all. If you want to do so, you're welcome to, but it probably isn't the best option, at least in the near future. D. What is NoCeM? NoCeM, pronounced "No See-Umm", is a piece of news software written to mostly replace cancel messages. Instead of deleting the messages automatically, NoCeM works by allowing anyone to send out a message that basically states "you don't want to read this". Indiviual news systems or users may then act on these messages as they see fit, from deleting the messages or marking them as read, to merely ignoring the advice altogether, to even marking those messages to be read as soon as possible. The idea is being hailed as a worthy replacement for third-party cancels by many news administrators, and it is slowly gaining support. CancelMoose (moose@cm.org) authored the client software, which is currently available for most Unix clients that can use PGP (VII.E). news.lists.nocem has been created for the distribution of NoCeM messages; discussion of the protocol belongs in news.software.misc. For more information on NoCeM, refer to the Moose's homepage at . E. What is PGP? PGP stands for "Pretty Good Privacy", and is a greatly heralded encryption program made for everyday use. It is at the heart of most authenticated cancel schemes, NoCeM, and much other Usenet software. Unfortunately, the import and export laws regarding the software vary, making its availibility questionable in countries other than the USA. PGP is a topic on its own, and as such has several FAQs of its own, as well as several newsgroups. For more information, I recommend you read one of these FAQs, such as the comp.security.pgp FAQ (availible at ). VIII. What about these other things? ==================================== A. What is Lazarus? Lazarus is a program written for use on alt.religion.scientology by Homer Wilson Smith (homer@light.lightlink.com). It monitors control and posts a message to a.r.s whenever it finds a message relating to the group. The basic effect of this is that all cancels are *very* visible. For more information on why this was necessary, refer to Ron Newman's "The Church of Scientology vs the Net" page, at . B. What is Dave the Resurrector? Dave the Resurrector is a program run in news.admin.* and several other newsgroups that reposts cancelled articles. See Appendix A for details on its creation and operation. C. What was the Judges-L mailing list? A while back, a guy named David Stodolsky decided that he was going to be in charge of cancels on Usenet. He set up a mailing list to this effect, Judges-L, and expected to start working. The rest of the world didn't exactly want him to be Emperor of Usenet. After a short flamewar, an early FAQ on Cancel Messages was written as a result of the Judges-L list; while technically accurate, it had little influence on the creation of this FAQ. In the mean time, the Judges-L list was dissolved; David Stodolsky is rarely seen on Usenet anymore. D. What is the UDP? UDP stands for the "Usenet Death Penalty", the final weapon against those that attempt to abuse Usenet. It is never entered into lightly. Originally, the UDP referred to auto-cancellation of all messages from a certain site as a final solution to too much abuse. As Usenet terms tend to change over time, the meaning mutated into meaning to refer to the aliasing out of a certain site by many major sites, thus "shunning" them off of Usenet. This latter method is now more commonly called a "passive UDP", and is widely accepted as being only the decision of the sites involved; the former has been renamed to "active UDP", and is much more controversial. Active UDPs are saved for those sites that absolutely refuse to stop abuse from their systems. Sites which allow abuse of their system for weeks straight are given warnings, culminating in a public discussion of whether a UDP is warranted. If a consensus is reached that it is necessary, the offending site is given a week to fix the problem - after that, all articles from the site are automatically cancelled until the abuse stops. All in all, this tactic is more politically than technically effective, but that doesn't stop the mere threat of an active UDP from being enough to make most ISPs clean up their act. The ethics and morals of active UDPs are, of course, still in debate. IX. What are the current cancel issues? ======================================= A. What are the cancel-on-sight rules? If a message is guaranteed to be spam beyond the cancel thresholds, anybody may issue a cancel for it - the problem comes with confirming that the post is, indeed, beyond the cancel thresholds. Usually, this is done automatically with scanning software by the major spam cancellers; they are not perfect, however, and sometimes the software misses a few messages. Individuals, however, must check the thresholds by hand - which takes a great deal of time and effort. To solve this problem, a certain class of spam has been declared - cancel-on-sight. If a particular spam has stayed above a certain threshold daily, and shows no signs of stopping in the immediate future, the spam is declared cancel-on-sight - from then on, any instances of the spam may be cancelled on sight, without requiring checking by the canceller, on the theory that the spam must have passed the thresholds long ago. Currently, the only spam declared cancel-on-sight is the ongoing "Make Money Fast!" spam/scam in all its forms. Details for declaring other spams cancel-on-sight are still being worked out in news.admin. net-abuse.policy. B. Are HTML postings cancellable? Most modern web browsers allow for posting to Usenet; they also generally offer an option to post messages in HTML, for easier viewing by other browsers - at the expense of significantly larger post sizes and much-increased difficulty of viewing by the rest of the Usenet community. This poor mixing of HTML and Usenet has been fought tooth-and-nail by Usenet readers, moderators, and administrators, but the postings continue. One suggestion to stop HTML posting is to declare HTML posts to be binary messages, and thus cancellable under the bincancel rules. This idea has not been implemented, simply because HTML messages are *not* binary messages, under current definitions, and if the definitions were changed the consensus would probably disappear. In short: no, postings are not cancellable merely for being in HTML. C. What happened to copyright cancels? Copyright cancels were a rarely-used type of third-party cancel where messages are cancelled for being copyright violations. The idea behind the cancels was to stop the violations from spreading; cancels are fairly ineffective in this respect, however, because not all sites honor cancels. This ineffectiveness, combined with a desire by most news administrators to stay out of legal matters, was enough to declare the consensus regarding copyright cancels void. The only remedy for copyright violations on Usenet has again become the real-world legal system. D. What should be done about unaccountable spam cancellers? The current winner of the "most cancels issued" award is Cosmo Roadkill, a 'bot operated by "Uncle Roadkill" that single-handedly cancels most of Usenet's spam. This was, for a time, considered a good thing; still, the 'bot isn't perfect, and over time people have found more and more problems with Cosmo. This too would be okay, except for one thing - Uncle Roadkill never responds to complaints. There still isn't really a true response to this issue, but at least people are outraged. E. Whae should be done about open news servers? Most rogue cancel attacks on Usenet are performed using news servers that allow public reading and posting. This was originally done to allow an "open" Usenet, where people could read and post from other servers to help guarantee better propagation and a nice atmosphere; now, though, the potential for abuse is too great, and so most open news servers are being shut down. This is generally considered a good thing. There are, though, a few that will miss the old open system; as such, there are still ideas floating around for how to allow those servers to remain open and still not allow any significant abuse. F. How should hierarchies opt out of spam cancels? On July 18, 1998, the free.* hierarchy was recreated under the theory of "no control, no cancels, no rmgroups". One of the unexpected shocks caused by this creation was from the spam cancellers - they didn't necessarily want to exclude free.* from their filters, and were outraged that somebody would tell them what to do on the matter without even discussing it ahead of time. Others responded that it was the cancellers' responsibility to follow the wishes of the hierarchy, and that if they wouldn't do so how were they better than the rogue cancellers? While this particular flamewar finally burned out, the underlying embers of the issue are still burning - how should hierarchies opt out from spam cancels? Is it the responsibility of the cancellers to ask permission to cancel the posts? Or must hierarchies request such things, and work with the cancellers to ensure that it works? Changes ======= v1.0 -> v1.01 Updated the style slightly Clarified the meanings of EMP and ECP Added a section in I, "Where can I find cancel messages?" Added some newsreaders' cancel buttons v1.01 -> v1.1 Updated the addresses to have the HTML version Got some information about CNews Got approval for posting to news.answers Fixed a few errors here and there v1.1 -> v1.2 Added slrn to the newsreaders' cancel buttons list Updated the section on NoCeM Added a section on PGP Made a few slight cosmetic changes v1.2 -> v1.25 Added references to the Bincancel FAQ Updated the definition of a spew Added "unauthorized copyrighted material" to the list of valid reasons for cancel messages (with disclaimers). Added Agent's cancel button Added a disclaimer for the CNews information v1.25 -> v1.3 Added references to the Spam Thresholds FAQ Added references to Dave Hayes' "Site of Virtue" page Changed the definition of a 'spew' Updated IV.E. Added a section on the ellisd and pseudosite cancel incidents v1.3 -> v1.31 Updated the newsgroups, based on the recent news.admin. net-abuse.* reorganization Added a link to the news.admin.net-abuse homepage Updated the cancelbot section to warn against publicly distributed ones Updated the information on the psuedosite cancel attack v1.31 -> v1.4 Made lots of cosmetic changes Removed invalid CNews information, updated INews aliasing information Virtually re-wrote IV.G. v1.4 -> v1.5 Added an appendix on Dave the Resurrector Jun 11, 1997 Added an appendix on Retromoderation Updated the rogue cancellers section (V.D.) Clarified the pseudosite section Updated the 'format of a cancel' section (II.C.) v1.5 -> v1.6 Updated I.C. and II.A. to reflect changes in finding Dec 30, 1997 cancel messages Removed section on copyright cancels in I.E., to follow current consensus Added some more readers' cancel buttons Changed V.E. to not require me to give a full history of spam cancellers throug the ages Clarified and updated the UDP definition in VIII.D. Added Section IX. on current cancel issues Minor rewordings and updates in I.E., II.B., II.D., IV.B., IV.D., IV.E., IV.G., V.C., VII.B., VII.C. v1.6 -> v1.7 Standardized the HTML tags to the standard in Aug 10, 1998 the headers, I.C., II.D., VII.A., VII.D., VII.E., and the links section. Minor rewordings - IV.B., IV.G.2., IV.G.5., IV.G.7. Added mention of server-side filtering in I.B. Depreciated the value of RFC1036bis in I.E. Updated the rules to include administrator preference - for example, you can't cancel your posts in free.* even if you want to - in I.E., along with a few other minor wording changes. Added another reader's cancel button. Strengthened the X-Cancelled-By standard to require that the address given must be read by its owner. Reworded II.B.'s stuff on pseudosites a bit. Changed around III.C. to be more clear on what to do with moderators that are "abusing their authority". Mentioned how uncustomizable freely available cancelbots are in IV.E. Strengthened the importance of responding to email about your cancelbiot in IV.G.4. Added "if one may cancel, all may cancel" to the list of popular reasons to cancel in V.B. Added "ignore the cancels" and "write and run a resurrection 'bot" to V.F.'s section on "what can I do?". Mentioned that this FAQ is a good example of Supersedes: and Expires: headers in VII.B. Added IX.[D-F]. v1.7 -> v1.75 Reworded the expiration section of I.B. Sep 30, 1999 Reformatted I.E., IV.G., appendix B, and V.D. to just plain look nicer. Changed the wording of I.E.1. to make it more obvious what a first-person cancel actually is. Updated the spewcancels section of I.E.3. Significantly reworded I.H, IV.G.1 - 5 Added a section on NewsAgent to V.D. Added Appendix C. To Do ===== At some point, there needs to be a version 2.0 of this FAQ. While this will probably happen at some point in the future, it's not going to be any time soon; as such, most of the real changes for the next while are going to merely be cosmetic. Still, for the future: Fill in the technical sections in general, especially with other software. Add a section on things that *shouldn't* be cancelled, and why. Expand the UDP and NoCeM sections a *lot*. Maybe they even deserve their own FAQ... Add a "spew" appendix. Contributors ============ In creating this FAQ, I discovered one important thing: it's a *lot* of work. These are the people that have helped me out in doing it, with suggestions, moral support, or whatever. Thank you all. I couldn't have done this without you. Literally. And, if I missed anyone, don't hesitate to speak up... Johann Beda j-beda@uiuc.edu CancelMoose moose@cm.org Ian Collier imc@comlab.ox.ac.uk Peter Da Silva peter@taronga.com Richard Depew red@redpoll.mrfs.oh.us Frans P. de Vries fpv@xymph.iaf.nl Ernie Diaz trebor@slip.net Arnould Engelfriet galactus@stack.urc.tue.nl J.D. Falk jdfalk@cybernothing.org Follower of the Clawed Albino edmcdo01@terra.spd.louisville.edu The Gentleman gentlman@alinc.com Howard Goldstein hg@n2wx.ampr.org Dave Hayes dave@jetcafe.org Jim Hill jthill@netcom.com Jonathan Kamens jik@mit.edu Joshua Kramer jkramer1@swathmore.edu Don Juneau djuneau@io.com Tom Lewis thomas.lewis@me.gatech.edu Chris Lewis clewis@ferret.ocunix.on.ca Charles H. Lindsey chl@clw.cs.man.ac.uk Guy Macon guymacon@deltanet.com John Milburn jem@xpat.com Bernhard Muenzer mue@gsf.de Ron Newman rnewman@thecia.net Matthew Paden mpaden@emory.edu Joshua Putnam josh@wolfenet.com John Rickard jrr@atml.co.uk Chris Salter chris@loncps.demon.co.uk Wolfgang Schelongowski [removed by request] Bill W Smith Jr bill@srisoft.com Keith Thompson kst@thomsoft.com Jason Untulis untulis@netcom.com Dimitri Vulis dlv@bwalk.dm.com Matthew P Wiener weemba@sagi.wistar.upenn.edu Michael Wise mjwise@unixg.ubc.ca Patricia Wrean wrean@caltech.edu Dick Yuknavech rey@mindspring.com Pointers ======== For more information on cancel messages, or for information on related issues, try checking some of the following pages: Related FAQs ------------ news.admin.net-abuse FAQ Advertising on Usenet FAQ The Spam Thresholds FAQ The Bincancel FAQ The Newsgroup Care Cancel Cookbook The Moderated Newsgroups FAQ Utilities --------- Anti-Spam Software Apollo - News/INN, a set of news related utilities Adcomplain shell script Purge-binaries, an anti-binary script NoCeM RFCs ---- RFC 1036 -- Usenet Guidelines RFC 1855 -- Netiquette Guidelines RFC 1036bis (temporary) Newsgroups ---------- news.announce.newusers news.answers news.admin.announce news.admin.nocem news.admin.net-abuse.bulletins news.admin.net-abuse.email news.admin.net-abuse.misc news.admin.net-abuse.policy news.admin.net-abuse.sightings news.admin.net-abuse.usenet news.admin.misc news.groups Additional/Other ---------------- Fight Spam on the Internet! The Jargon File net.legends FAQ news.admin.net-abuse homepage The Free.* FAQ -- Copyright 1999, Tim Skirvin. All rights reserved.