RE: How Not To Filter Spam
Dean Anderson <dean@av8.com> Thu, 19 February 2004 03:08 UTC
Received: from asgard.ietf.org (asgard.ietf.org [10.27.6.40]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA10255 for <ietf-archive@odin.ietf.org>; Wed, 18 Feb 2004 22:08:33 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1AteT4-0002mX-2L for ietf-list@asgard.ietf.org; Wed, 18 Feb 2004 22:03:14 -0500
Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 1AteQt-0002Kk-1n for ietf@asgard.ietf.org; Wed, 18 Feb 2004 22:00:59 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id WAA10021 for <ietf@ietf.org>; Wed, 18 Feb 2004 22:00:56 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AteQr-00050Q-00 for ietf@ietf.org; Wed, 18 Feb 2004 22:00:57 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1AtePr-0004wZ-00 for ietf@ietf.org; Wed, 18 Feb 2004 21:59:56 -0500
Received: from [130.105.36.66] (helo=cirrus.av8.net) by ietf-mx with esmtp (Exim 4.12) id 1AtePD-0004rN-00 for ietf@ietf.org; Wed, 18 Feb 2004 21:59:15 -0500
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id i1J2wVRO020269 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 18 Feb 2004 21:58:36 -0500
Date: Wed, 18 Feb 2004 21:58:31 -0500
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@cirrus.av8.net
To: Vernon Schryver <vjs@calcite.rhyolite.com>
cc: ietf@ietf.org
Subject: RE: How Not To Filter Spam
In-Reply-To: <200402182248.i1IMmw23083733@calcite.rhyolite.com>
Message-ID: <Pine.LNX.4.44.0402182034100.18543-100000@cirrus.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
Sender: owner-ietf@ietf.org
Precedence: bulk
On Wed, 18 Feb 2004, Vernon Schryver wrote: > > From: "Tony Hain" > > To: "'Vernon Schryver'" <vjs@calcite.rhyolite.com>, <ietf@ietf.org> > > > So if you had received the mail sent here yesterday claiming to be from > > Alain Durand would you block Sun or IBM? ... > > I should not have responded specifically (if at all) to the other > gentleman's complaint about my blacklists. Whatever I do to mail > directed at stuff I control is irrelevant here, provided I do not > affect any third parties. My freedom to filter access to port 25 (SMTP) > and port 23 (telnet) is equally and completely unfettered. You have a right to make your own decisions. You don't have the right to congregate and act as a group unlawfully. > Two groups oppose that principle. Some people demand SPEWS and other > filters with what they consider too many false positives be outlawed, > because those filters might affect their outgoing mail. They are > unmoved by users knowingly choosing their own filters. They feel their > right to be heard by whomever they choose overrides the rights of their > targets to be left alone. This isn't quite accurate. Not by a longshot. Very frequently, its not "users" choosing their own filters. Frequently, ISPs choose the filters for the users and without their knowledge or consent. Users give consent to blocking spam, not for participation in alternate non-spam boycotts. Even in the relatively rare case when it is chosen by the user, it is often the case that blacklists misrepresent their purposes to unsuspecting users. Often, blacklists aren't about blocking abuse or spam at all. SPEWS and certain groups violate antitrust law, which prohibits group boycotts from harming business. SPEWS and some other blacklists aren't about preventing abuse or spam. They are about harming business, and often not even spam businesses, and such harm has been made illegal by law. For example, Paul Vixie hosts SORBS, an Australian blacklist on his ISC.ORG company. SORBS has been booted from other American ISPs, and the operator, Matthew Sullivan has had other sites (isux.com) booted for AUP violations such as threats of mailbombing "spammers". While the claimed purpose of the SORBS blacklist is to block spam, one thing that distinguishes this list is that it claims that Av8 Internet's IP address space is hijacked. No reasonable person could (or has) made this mistake. When this is brought to the attention of SORBS' users, they invariably quit using SORBS. This isn't what they thought SORBS was blocking. When it was brought to Mr. Sullivan's attention, he first replied that 'he is not responsible for SORBS'. When this was refuted, he said that he had no assets, and challenged me to sue or contribute. As most know, Paul Vixie has his own blacklist at Mail-abuse.org. So what is his interest in hosting SORBS at ISC.ORG after it was booted by other ISPs for abuse reasons? The reason could be seen in exactly the response given by Mr. Sullivan: Vixie has assets, and therefore is motivated to comply with civil law. But it would seem that Mr. Vixie would like to support Mr. Sullivan's irresponsible efforts without entangling himself or Mail-abuse.org. Perhaps he expects he can claim that SORBS is just a customer of ISC, and that he has an arm's-length relationship and isn't responsible for its defamation. Complaints have been made to ISC and ISC's upstream, EP.NET for SORBS continuing unlawful defamatory activity, which is typically an AUP violation. ISC.ORG uses SORBS to filter its abuse email. Bill Manning (EP.NET) didn't want to forward or accept a complaint about ISC or ISC's customer. These complaints have been ignored. But the lack of responsible enforcement allows some statements to be made: It just shows that Mr. Vixie is also irresponsible. It also shows that Mr. Manning is irresponsible as well. Mr. Sullivan, like many of the disreputable blacklist operators claims he has no assets which can be taken by lawsuit, and thus has nothing to lose, and no reason to comply with civil law. Instead of blocking spam, SORBS has gone to extreme lengths to defame and interfere with Av8 Internet's business, and probably the business of other companies for reasons that have nothing whatsoever to do with spam. None of this is made clear to potential SORBS users until they subscribe to the list and block email they don't want to block. For another example, consider Alan Brown of ORBS. ORBS was booted by Canadian ISP for abuse even before Mr. Brown took control of it. Mr. Brown has lost 3 separate lawsuits involving issues of defamation and false statements. 2 of the lawsuits involved ORBS making false statements about ISPs that Mr. Brown did not like. None of this was made clear to ORBS users when they subscribed, and the blacklists blocked email they didn't want to block. The list of disreputable blacklists goes on and on. The common thread is a desire to mislead subscribers into thinking they are blocking spam, and then abusing their subscribers by blocking things their subscribers didn't agree to block. A unique characteristic of SPEWS is that it's operators are anonymous, apparently in order to prevent themselves from being held legally responsible. Mail-abuse (MAPS) was sued in 2000 by a permission-based emailer. This wasn't a spammer, in the abusive sense. It was just a company that sent commercial email to people who had given their addresses for that purpose. MAPS was forced to stop blocking them. It has frequently been said that this company should never have been blocked by MAPS--the company didn't meet the criteria that MAPS was supposed to be using for its blacklist. Besides deceiving their users about their criteria, or violating the criteria, the blacklists seek to be immune from lawsuits by transferring their operations between countries or by having operators with no assets take responsibility. This is just a scam. Abusers and virus operators don't sue. Genuine businesses sue. That's who these abusive blacklists are hiding from. But their users don't want email from these businesses blocked. A number of blacklists have shutdown by blocking all of their subscribers email. This is an irresponsible act, and widely criticized by their users as being irresponsible. No users want to use a blacklist that might shutdown suddenly and block all of their email. These are not responsible organizations, and mostly they are misleading their subscribers about their goals and what email they might block. And things detailed in this message isn't even a fraction of all the abuse that has been conducted by blacklists. There is no reason to have sympathy for blacklists. They have very little to do with fighting spam, and those opposed to blacklists are not trying to be heard by those who want to be left alone. Just the opposite. People quit using the blacklists, and then new blacklists pop up, to mislead them again. --Dean
- Re: How Not To Filter Spam Vernon Schryver
- RE: How Not To Filter Spam Vernon Schryver
- RE: How Not To Filter Spam Dean Anderson
- Re: How Not To Filter Spam william(at)elan.net
- Re: covert channel and noise -- was Re: proposal … Vernon Schryver
- Re: covert channel and noise -- was Re: proposal … John Leslie
- Re: covert channel and noise -- was Re: proposal … Vernon Schryver
- Re: covert channel and noise -- was Re: proposal … Robert G. Brown
- Re: covert channel and noise -- was Re: proposal … Iljitsch van Beijnum
- Re: covert channel and noise -- was Re: proposal … Vernon Schryver
- How Not To Filter Spam Vernon Schryver
- Re: How Not To Filter Spam william(at)elan.net
- RE: How Not To Filter Spam Tony Hain
- Re: How Not To Filter Spam Dave Crocker
- Re: How Not To Filter Spam Robert G. Brown
- Re: How Not To Filter Spam Dean Anderson
- RE: How Not To Filter Spam Vernon Schryver
- RE: How Not To Filter Spam Tony Hain
- Re: How Not To Filter Spam Dave Crocker
- RE: How Not To Filter Spam Robert G. Brown
- Re: How Not To Filter Spam Michael Richardson
- Re: How Not To Filter Spam Iljitsch van Beijnum
- How TO Filter Spam Robert G. Brown
- Re: How TO Filter Spam Dean Anderson
- Re: How Not To Filter Spam Ed Gerck
- Re: How Not To Filter Spam Vernon Schryver
- Re: How TO Filter Spam Iljitsch van Beijnum
- Re: How Not To Filter Spam Ed Gerck
- Re: How TO Filter Spam Doug Royer
- Re: How Not To Filter Spam Vernon Schryver
- Re: How Not To Filter Spam Ed Gerck
- Re: How Not To Filter Spam Iljitsch van Beijnum
- Re: How Not To Filter Spam Robert G. Brown
- RE: How Not To Filter Spam Tony Hain
- remote memory server transaction link protocol ? jfcm
- Re: How Not To Filter Spam Iljitsch van Beijnum
- Re: How Not To Filter Spam Robert G. Brown