RE: How Not To Filter Spam

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 18 Feb 2004, Vernon Schryver wrote:

> > From: "Tony Hain" 
> > To: "'Vernon Schryver'" <vjs@xxxxxxxxxxxxxxxxxxxx>, <ietf@xxxxxxxx>
> 
> > So if you had received the mail sent here yesterday claiming to be from
> > Alain Durand would you block Sun or IBM?  ...
> 
> I should not have responded specifically (if at all) to the other
> gentleman's complaint about my blacklists.  Whatever I do to mail
> directed at stuff I control is irrelevant here, provided I do not
> affect any third parties.  My freedom to filter access to port 25 (SMTP)
> and port 23 (telnet) is equally and completely unfettered.

You have a right to make your own decisions.  You don't have the right to 
congregate and act as a group unlawfully.

> Two groups oppose that principle.  Some people demand SPEWS and other
> filters with what they consider too many false positives be outlawed,
> because those filters might affect their outgoing mail.  They are
> unmoved by users knowingly choosing their own filters.  They feel their
> right to be heard by whomever they choose overrides the rights of their
> targets to be left alone.

This isn't quite accurate. Not by a longshot.  Very frequently, its not
"users"  choosing their own filters. Frequently, ISPs choose the filters
for the users and without their knowledge or consent. Users give consent
to blocking spam, not for participation in alternate non-spam boycotts.  
Even in the relatively rare case when it is chosen by the user, it is
often the case that blacklists misrepresent their purposes to unsuspecting
users. Often, blacklists aren't about blocking abuse or spam at all.  
SPEWS and certain groups violate antitrust law, which prohibits group
boycotts from harming business.  SPEWS and some other blacklists aren't
about preventing abuse or spam. They are about harming business, and often
not even spam businesses, and such harm has been made illegal by law.

For example, Paul Vixie hosts SORBS, an Australian blacklist on his
ISC.ORG company.  SORBS has been booted from other American ISPs, and the
operator, Matthew Sullivan has had other sites (isux.com) booted for AUP
violations such as threats of mailbombing "spammers".  While the claimed
purpose of the SORBS blacklist is to block spam, one thing that
distinguishes this list is that it claims that Av8 Internet's IP address
space is hijacked.  No reasonable person could (or has) made this mistake.  
When this is brought to the attention of SORBS' users, they invariably
quit using SORBS. This isn't what they thought SORBS was blocking.  When
it was brought to Mr.  Sullivan's attention, he first replied that 'he is
not responsible for SORBS'.  When this was refuted, he said that he had no
assets, and challenged me to sue or contribute.  

As most know, Paul Vixie has his own blacklist at Mail-abuse.org. So what
is his interest in hosting SORBS at ISC.ORG after it was booted by other
ISPs for abuse reasons?  The reason could be seen in exactly the response
given by Mr. Sullivan: Vixie has assets, and therefore is motivated to
comply with civil law. But it would seem that Mr. Vixie would like to
support Mr.  Sullivan's irresponsible efforts without entangling himself
or Mail-abuse.org.  Perhaps he expects he can claim that SORBS is just a
customer of ISC, and that he has an arm's-length relationship and isn't
responsible for its defamation.  Complaints have been made to ISC and
ISC's upstream, EP.NET for SORBS continuing unlawful defamatory activity,
which is typically an AUP violation. ISC.ORG uses SORBS to filter its
abuse email.  Bill Manning (EP.NET) didn't want to forward or accept a
complaint about ISC or ISC's customer.  These complaints have been
ignored. But the lack of responsible enforcement allows some statements to
be made:  It just shows that Mr. Vixie is also irresponsible. It also
shows that Mr. Manning is irresponsible as well.

Mr. Sullivan, like many of the disreputable blacklist operators claims he
has no assets which can be taken by lawsuit, and thus has nothing to lose,
and no reason to comply with civil law. Instead of blocking spam, SORBS
has gone to extreme lengths to defame and interfere with Av8 Internet's
business, and probably the business of other companies for reasons that
have nothing whatsoever to do with spam.  None of this is made clear to
potential SORBS users until they subscribe to the list and block email
they don't want to block.

For another example, consider Alan Brown of ORBS.  ORBS was booted by
Canadian ISP for abuse even before Mr. Brown took control of it.  Mr.  
Brown has lost 3 separate lawsuits involving issues of defamation and
false statements. 2 of the lawsuits involved ORBS making false statements
about ISPs that Mr.  Brown did not like.  None of this was made clear to
ORBS users when they subscribed, and the blacklists blocked email they
didn't want to block.

The list of disreputable blacklists goes on and on.  The common thread is
a desire to mislead subscribers into thinking they are blocking spam, and
then abusing their subscribers by blocking things their subscribers didn't
agree to block.

A unique characteristic of SPEWS is that it's operators are anonymous,
apparently in order to prevent themselves from being held legally
responsible.

Mail-abuse (MAPS) was sued in 2000 by a permission-based emailer. This
wasn't a spammer, in the abusive sense. It was just a company that sent
commercial email to people who had given their addresses for that purpose.
MAPS was forced to stop blocking them.  It has frequently been said that 
this company should never have been blocked by MAPS--the company didn't 
meet the criteria that MAPS was supposed to be using for its blacklist.

Besides deceiving their users about their criteria, or violating the
criteria, the blacklists seek to be immune from lawsuits by transferring
their operations between countries or by having operators with no assets
take responsibility. This is just a scam.  Abusers and virus operators
don't sue. Genuine businesses sue.  That's who these abusive blacklists
are hiding from.  But their users don't want email from these businesses
blocked.

A number of blacklists have shutdown by blocking all of their subscribers
email. This is an irresponsible act, and widely criticized by their users
as being irresponsible.  No users want to use a blacklist that might
shutdown suddenly and block all of their email.  These are not responsible
organizations, and mostly they are misleading their subscribers about
their goals and what email they might block.

And things detailed in this message isn't even a fraction of all the abuse
that has been conducted by blacklists.  There is no reason to have
sympathy for blacklists. They have very little to do with fighting spam,
and those opposed to blacklists are not trying to be heard by those who
want to be left alone.  Just the opposite. People quit using the
blacklists, and then new blacklists pop up, to mislead them again.


		--Dean



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]