At 06:07 PM 1/10/2004, Daniel Pelstring wrote... > The administrator doing the blocking would be in the clear, since >they are authorized to access this computer (and are in fact authorized to >change this information, even if you disagree with the change.) The law prohibits "intentionally cause[ing] damage without authorization, to a protected computer." The MX is not the "protected computer" in the discussion at hand. The "protected computer" is the computer of the email addressee. The MX is merely an intermediary. By the logic you present, one could argue that no violation (of this law) would be present for hacking a backbone router and inserting a filter which dropped all incoming packets bound for any next hop, since that router would not be "damaged" under the definition given by 18 U.S.C. 1030, the "damage" only occurring external to that router. > The >provider of a blocking list would not have accessed this computer at all, >since they did not make the change. The desires of the intended recipient >do not matter at all under this law, as they do not own the computer on >which the change was made. The change interferes with the delivery of email to a "protected computer," i.e. the computer of the person to whom the email is sent. The ISP's mail exchanger is simply an intermediary. The RBL and DUL are quite clearly (and openly) designed and intended to be used to implement denial of service. Doing so with the explicit authorization of the email recipient would be legal. Using MAPS RBL and/or DUL is an act which "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage ['impairment to the integrity or availability of data, a program, a system, or information'] without authorization, to a protected computer," a violation of 18 U.S.C. 1030. The "protected system" is the email addressee's, not the ISP's. If a recipient is not receiving desired email due to ISP use of the MAPS system, the ISP is guilty of unlawful denial of service. Not only the ISP, but also MAPS, is guilty of knowingly and intentionally damaging a protected computer. A person may authorize, indeed ask, that spam be blocked upstream. With such authorization, an ISP is clearly free to block spam email. As I have already pointed out, it is irrational to claim that a addressee has authorized that _desired_ email be dropped. I have encountered exactly that situation due to use of the MAPS DUL. The MAPS system does not, and cannot, distinguish between spam email and legitimate, addressee desired email. It is a brute force system which throws the baby out with the bathwater.