On Wed, 18 Feb 2004, Vernon Schryver wrote: > > From: "Tony Hain" > > To: "'Vernon Schryver'" <vjs@xxxxxxxxxxxxxxxxxxxx>, <ietf@xxxxxxxx> > > > So if you had received the mail sent here yesterday claiming to be from > > Alain Durand would you block Sun or IBM? ... > > I should not have responded specifically (if at all) to the other > gentleman's complaint about my blacklists. Whatever I do to mail > directed at stuff I control is irrelevant here, provided I do not > affect any third parties. My freedom to filter access to port 25 (SMTP) > and port 23 (telnet) is equally and completely unfettered. You have a right to make your own decisions. You don't have the right to congregate and act as a group unlawfully. > Two groups oppose that principle. Some people demand SPEWS and other > filters with what they consider too many false positives be outlawed, > because those filters might affect their outgoing mail. They are > unmoved by users knowingly choosing their own filters. They feel their > right to be heard by whomever they choose overrides the rights of their > targets to be left alone. This isn't quite accurate. Not by a longshot. Very frequently, its not "users" choosing their own filters. Frequently, ISPs choose the filters for the users and without their knowledge or consent. Users give consent to blocking spam, not for participation in alternate non-spam boycotts. Even in the relatively rare case when it is chosen by the user, it is often the case that blacklists misrepresent their purposes to unsuspecting users. Often, blacklists aren't about blocking abuse or spam at all. SPEWS and certain groups violate antitrust law, which prohibits group boycotts from harming business. SPEWS and some other blacklists aren't about preventing abuse or spam. They are about harming business, and often not even spam businesses, and such harm has been made illegal by law. For example, Paul Vixie hosts SORBS, an Australian blacklist on his ISC.ORG company. SORBS has been booted from other American ISPs, and the operator, Matthew Sullivan has had other sites (isux.com) booted for AUP violations such as threats of mailbombing "spammers". While the claimed purpose of the SORBS blacklist is to block spam, one thing that distinguishes this list is that it claims that Av8 Internet's IP address space is hijacked. No reasonable person could (or has) made this mistake. When this is brought to the attention of SORBS' users, they invariably quit using SORBS. This isn't what they thought SORBS was blocking. When it was brought to Mr. Sullivan's attention, he first replied that 'he is not responsible for SORBS'. When this was refuted, he said that he had no assets, and challenged me to sue or contribute. As most know, Paul Vixie has his own blacklist at Mail-abuse.org. So what is his interest in hosting SORBS at ISC.ORG after it was booted by other ISPs for abuse reasons? The reason could be seen in exactly the response given by Mr. Sullivan: Vixie has assets, and therefore is motivated to comply with civil law. But it would seem that Mr. Vixie would like to support Mr. Sullivan's irresponsible efforts without entangling himself or Mail-abuse.org. Perhaps he expects he can claim that SORBS is just a customer of ISC, and that he has an arm's-length relationship and isn't responsible for its defamation. Complaints have been made to ISC and ISC's upstream, EP.NET for SORBS continuing unlawful defamatory activity, which is typically an AUP violation. ISC.ORG uses SORBS to filter its abuse email. Bill Manning (EP.NET) didn't want to forward or accept a complaint about ISC or ISC's customer. These complaints have been ignored. But the lack of responsible enforcement allows some statements to be made: It just shows that Mr. Vixie is also irresponsible. It also shows that Mr. Manning is irresponsible as well. Mr. Sullivan, like many of the disreputable blacklist operators claims he has no assets which can be taken by lawsuit, and thus has nothing to lose, and no reason to comply with civil law. Instead of blocking spam, SORBS has gone to extreme lengths to defame and interfere with Av8 Internet's business, and probably the business of other companies for reasons that have nothing whatsoever to do with spam. None of this is made clear to potential SORBS users until they subscribe to the list and block email they don't want to block. For another example, consider Alan Brown of ORBS. ORBS was booted by Canadian ISP for abuse even before Mr. Brown took control of it. Mr. Brown has lost 3 separate lawsuits involving issues of defamation and false statements. 2 of the lawsuits involved ORBS making false statements about ISPs that Mr. Brown did not like. None of this was made clear to ORBS users when they subscribed, and the blacklists blocked email they didn't want to block. The list of disreputable blacklists goes on and on. The common thread is a desire to mislead subscribers into thinking they are blocking spam, and then abusing their subscribers by blocking things their subscribers didn't agree to block. A unique characteristic of SPEWS is that it's operators are anonymous, apparently in order to prevent themselves from being held legally responsible. Mail-abuse (MAPS) was sued in 2000 by a permission-based emailer. This wasn't a spammer, in the abusive sense. It was just a company that sent commercial email to people who had given their addresses for that purpose. MAPS was forced to stop blocking them. It has frequently been said that this company should never have been blocked by MAPS--the company didn't meet the criteria that MAPS was supposed to be using for its blacklist. Besides deceiving their users about their criteria, or violating the criteria, the blacklists seek to be immune from lawsuits by transferring their operations between countries or by having operators with no assets take responsibility. This is just a scam. Abusers and virus operators don't sue. Genuine businesses sue. That's who these abusive blacklists are hiding from. But their users don't want email from these businesses blocked. A number of blacklists have shutdown by blocking all of their subscribers email. This is an irresponsible act, and widely criticized by their users as being irresponsible. No users want to use a blacklist that might shutdown suddenly and block all of their email. These are not responsible organizations, and mostly they are misleading their subscribers about their goals and what email they might block. And things detailed in this message isn't even a fraction of all the abuse that has been conducted by blacklists. There is no reason to have sympathy for blacklists. They have very little to do with fighting spam, and those opposed to blacklists are not trying to be heard by those who want to be left alone. Just the opposite. People quit using the blacklists, and then new blacklists pop up, to mislead them again. --Dean