Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Anti-Spam or pro DDOS?

By The Artificial Kid in Internet
Wed Aug 06, 2003 at 07:19:51 AM EST
Tags: Internet (all tags)
Internet

The staff of Somethingawful.com complained to SPEWS, providers of anti-spam IP blacklists for email servers, after they discovered that their IP range had been blocked by the group. SPEWS says somethingawful's hosting arm provided hosting to a customer who subsequently promoted his or her site with spam. Somethingawful says that SPEWS shouldn't be blacklisting such large ranges simply to ensure that no spam gets through. Now SA's admin says that he has been receiving DDOS and possibly account bruteforcing attacks from SPEWS-affiliated IPs since the first complaints were lodged.


SPEWS operates "spam traps", email addresses designed to capture spam. When spam mail is detected, SPEWS sends a complaint to the originating network. In theory SPEWS sends staged complaints as more and more spam is received from a given source, culminating in a listing for the network on the SPEWS blacklist. The listing, in turn, expands further and further as more spam arrives. This can result in the blocking of large ranges of IPs, even whole hosts.

Unfortunately nobody seems to want to take responsibility for the content of the list. A visit to news.admin.net-abuse.email shows numerous examples of requests for removal from blacklists being ignored or scorned by admins who support SPEWS. The prevailing attitude is that spammers and people who look like spammers can go to hell.

In the case of somethingawful this attitude has been compounded by a somewhat juvenile campaign of message spamming on news.admin.net-abuse.email, which has probably undermined what little hope the site had of being delisted. The spamming was carried out by somethingawful forum members incensed by what they saw as the unfair blocking of the site's email. Obviously this is the wrong response, if only from a PR point of view. But the whole string of events raises a number of important questions about who controls the internet and what they want it to be.

Like any community, many email admins, or at least those who take an active approach to spam-fighting, regard themselves as something of an in-group. Mre importantly they hold a special power that is in some respects unassailable. Short of hacking a provider or breaking into their network centres, most people haveonly supplicant status with respect to the admins who keep their data flowing. The responses to spamming and trolling by SA "minions" in the net-abuse.email newsgroup show that perhaps the worst thing you can do is piss off an admin.

Is there any way to make the power of admins subject to some universal principle or law of the internet? It's hard to say. What separates the internet from so many other aspects of our lives is the fact that it is so heavily mediated. From person to computer to cable to network there is constant control and redirection exerted over data. The equipment and software needed to keep the internet running has to be maintained by somebody, and those people must necessarily have privileged access to the guts of the system.

perhaps what this illustrates best is not the danger of having the system controlled, but the danger of allowing ideology to control the system. When blocking spam becomes more important than maintaining the smooth and effective operation of the system then the system is breaking down. When administrators are concerned more that spammers be punished than that users enjoy reasonably uncluttered access to email, the system is breaking down. And when admins are so zealous about stopping spam that they are prepared to threaten retribution against spammers by both legal and illegal means, the system is breaking down.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o news.admin .net-abuse.email
o Also by The Artificial Kid


Display: Sort:
Anti-Spam or pro DDOS? | 899 comments (783 topical, 116 editorial, 0 hidden)
SPEWS is strong medicine for strong sickness (3.50 / 14) (#4)
by grout on Tue Aug 05, 2003 at 12:01:26 AM EST

Spam is a threat to the very operation of mail. SPEWS is an ever bigger mallet applied to the nads of spammers -- and those who support them. In the process, people who didn't realize they were supporting spammers (directly or indirectly) get inconvenienced. This is necessary, because without the application of adequate pain to a beast, it won't move.

I know what it's like to be collateral damage. Because my colo company (HE.NET) was slow to boot one spammer, my server got listed in SPEWS for a while. Yes I was pissed ... at my colo for letting their greed interfere with my quality of service. Not at SPEWS. SPEWS is just keeping a list of who's naughty and nice.
--
Chip Salzenberg, Free-Floating Agent of Chaos

Well... (4.75 / 4) (#7)
by The Artificial Kid on Tue Aug 05, 2003 at 12:08:16 AM EST

I'm not sure that this is the right place to be arguing about it, but I don't think the collateral damage is acceptable. But what is even less acceptable is the use of personal power by admins to prosecute e-grudges. In the threads on net-abuse.email, for example here http://navaash.aineias.com/04.txt, there are a number of cases where the admins talk about banning ip ranges because they don't like what is being said by certain posters or the manner in which they say it. But the admin's likes and dislikes have nothing to do with good email service. They aren't doing their clients a favour when they block email just to soothe their frayed tempers.

[ Parent ]
General vs. Specific Distribution of Assholes (5.00 / 4) (#8)
by grout on Tue Aug 05, 2003 at 12:44:06 AM EST

Some sysadmins are assholes. Or, perhaps better said, some assholes are sysadmins. And just because you see people posting 'I am a sysadmin and I'm gonna blackhole you because you're ugly and your mother dresses you funny' you should not assume that the phenomenon is statistically significant. Admins like anyone else are blowhards specifically because they are small fry. Big fish swim quietly.

Until you can show that a specific SPEWS listing is motivated by a personal grudge, you can't even say SPEWS (whoever they are) are assholes, let alone dangerous. Conflating 'asshole administrators' and 'SPEWS' is sloppy thinkng.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

I don't think that's what I'm saying (4.00 / 5) (#11)
by The Artificial Kid on Tue Aug 05, 2003 at 12:56:01 AM EST

I'm not saying that SPEWS is malicious, I'm saying that it's overzealous. I'm not saying that "admins are assholes", I'm asking "who guards the guards?" On the subject of collateral damage, I think the logic of collateral damage is morally bankrupt. To use punishment to try to force the innocent to attack the guilty is unquestionably wrong.

[ Parent ]
SPEWS has users, not victims (4.80 / 5) (#13)
by grout on Tue Aug 05, 2003 at 01:04:20 AM EST

People - human beings who run ISPs and other services - chose to use SPEWS, or don't. If using SPEWS improves the service, then the customers are happy and the ISP prospers. If not, then they don't, and it doesn't.

Free markets. Live them and learn.

PS: Motivating the innocent to attack the guilty has a long and glorious history. Sometimes it's even done by inconveniencing the innocent. Maybe you've heard of it. It's called a "strike". You know, power to the workers, and all that. Analogies with other pickets and boycott campaigns may also help you understand who exactly has the power here.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Strikes aren't about attacking the innocent (4.00 / 4) (#14)
by The Artificial Kid on Tue Aug 05, 2003 at 01:30:47 AM EST

Actually the best strikes are directed only against the guilty, for example when bus drivers refuse to collect fares but drive their routes as normal. The idea of a strike should not be to force the innocent to turn on the guilty, it should be to force the guilty to strech to cover their losses. Besides, a strike is merely the withdrawal of labour. SPEWS is actively used to hamper people's online activities. Yes, it has to be used by admins in order to have any effect, but given that admins do use it, blocklisting on SPEWS is tantamount to damaging any businesses and individuals that use the block in order to achieve the list's goal of stopping spam. That is the goal of the list. If its goal were merely to stop spam getting through then it could block only those IPs or very small ranges that actually produce spam. Besides, you refuse to address the wider issue. Who has power over email and to what uses should that power be put? The answer is that admins have power over email out of all proportion with their actual stake in it, and the behaviour on net-abuse.email demonstrates that it can be and is abused.

[ Parent ]
If that's your bottom line... (4.66 / 3) (#15)
by grout on Tue Aug 05, 2003 at 02:02:57 AM EST

... that admins have power and that power can be abused ... well, can I get a "duh!" from the congregation?

Admins get their power from property rights. Either they own their machines (as I do mine) or they are delegated their power by the people who own them. Take that away, and you're saying that I must carry traffic from such-and-such IP address whether I want to or not. Is that truly what you want?

In any case, it would seem that SPEWS isn't your hobby horse, so I'll drop that.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Abuse of power (5.00 / 3) (#479)
by winnetou on Wed Aug 06, 2003 at 08:22:38 AM EST

The answer is that admins have power over email out of all proportion with their actual stake in it, and the behaviour on net-abuse.email demonstrates that it can be and is abused.

Indeed, some admins (like the proxy abusers hosted by cogentco.com) have too much power over the contents of my mailbox. Cogentco doesn't want to spend time to stop those criminals and some people don't want to pay the higher fees of an ISP with a functioning abuse desk.

[ Parent ]

Suuuuuuure (3.50 / 4) (#170)
by pyramid termite on Tue Aug 05, 2003 at 04:37:24 PM EST

PS: Motivating the innocent to attack the guilty has a long and glorious history.

Oh, yes - especially when it motivates the innocent to attack the "motivators" instead. The American Revolution comes to mind ...

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Well, that's the danger, of course. (4.50 / 2) (#187)
by grout on Tue Aug 05, 2003 at 05:25:46 PM EST

Of course you'll catch flack from the people who didn't realize they were funding the spam. But the only way to avoid pissing anyone off is to emulate a doormat, and that's not feasible WRT spam -- either emotionally or economically.

BTW, I see in another message that you're a fellow oldbie. Brother! Would that the Freedom Kniggits were now, or then, our biggest problem.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

All I can really say ... (4.00 / 2) (#191)
by pyramid termite on Tue Aug 05, 2003 at 05:32:24 PM EST

... is that it's time to go back to the drawing board. Spam and UCE continue to increase. It just isn't working.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Treatment may not cure, but it has its place [n/t] (4.00 / 3) (#194)
by grout on Tue Aug 05, 2003 at 05:42:00 PM EST


--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
what you have to remember (2.66 / 3) (#71)
by phred on Tue Aug 05, 2003 at 02:08:12 PM EST

is that sysadmins are often college grads who cannot manage a decent coding load, this dissappointment often turns them into assholes.

[ Parent ]
On the topic of acceptable collateral damage (4.50 / 2) (#9)
by grout on Tue Aug 05, 2003 at 12:48:49 AM EST

You should remember that each ISP or other service that uses SPEWS does so of its own free will. If they lose customers as a result, then they are the ones who will pay the price.

Remember, the net interprets censorship as damage and routes around it. If SPEWS becomes a censor rather than a shield, well, people will route around it. (I did.) And life will go on.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

You see... (2.60 / 5) (#36)
by Nova Reticulis on Tue Aug 05, 2003 at 08:02:11 AM EST

...collateral damage is acceptable because people who are in charge with deciding if its acceptable or not decided that it is.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Poor logic (5.00 / 2) (#600)
by esad on Wed Aug 06, 2003 at 09:18:16 PM EST

That's horrible logic; just because those with power have concluded something does not mean it is the right decision.

[ Parent ]
Everyone has their own level (4.40 / 5) (#62)
by gordonjcp on Tue Aug 05, 2003 at 12:54:33 PM EST

I don't want spam, and I don't care if SA can send me mail or not. If SA want to share hosting with some of the most prolific spammers out there, that's their own lookout. If their mailserver happens to be blocked, tough shit. Either move, or fix your hosting company. Either way, shut up and piss off.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Monopoly (2.66 / 3) (#550)
by pin0cchio on Wed Aug 06, 2003 at 06:23:09 PM EST

Does your opinion apply only to commercial colo services, or do you assume that every residential customer can afford to move?


lj65
[ Parent ]
Residential customers... (none / 0) (#893)
by gordonjcp on Mon Aug 11, 2003 at 02:04:28 PM EST

... shouldn't be running their smtp server at home.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Why not? (none / 0) (#896)
by simon farnz on Tue Aug 12, 2003 at 09:13:23 AM EST

I run an SMTP server at home on a DSL line; it accepts all my incoming mail, and it is configured to forward all my outgoing mail to my ISP's SMTP relay. If I wanted to, I could configure it not to forward mail to the relay; I have not done so on the grounds that my ISP's relay is less likely to be blacklisted than my server.

Why, as a responsible mail admin, should I be penalised for running on a cheaper domestic connection? I have checked, both manually, and through the various automated services, that my mailserver does not act as an open relay; the only users who can relay through my mailserver are on my LAN. All other mail is either rejected, or delivered to local accounts.
--
If guns are outlawed, only outlaws have guns
[ Parent ]

Solution (3.80 / 5) (#68)
by CaptainSuperBoy on Tue Aug 05, 2003 at 01:34:09 PM EST

I don't think the collateral damage is acceptable

Look, all you have to do is subscribe to a responsible ISP that doesn't use SPEWS. That's it! SPEWS will never affect you or your traffic. Gee, did you ever think of trying that? Or are you a spammer?

--
jimmysquid.com - I take pictures.
[ Parent ]

Monopoly (3.00 / 2) (#546)
by pin0cchio on Wed Aug 06, 2003 at 06:07:08 PM EST

all you have to do is subscribe to a responsible ISP that doesn't use SPEWS.

Please read this comment.


lj65
[ Parent ]
Administrators holding mail hostage (3.00 / 2) (#597)
by Eater on Wed Aug 06, 2003 at 09:07:11 PM EST

The root of the problem is not e-mail spammers or networks that allow spam. It's admins on a power trip. Just by reading the link in the previous article, it's quite clear that these people cannot handle the power provided to them. Their job is not to reign supreme over the e-mail of those they serve but to provide a service. The only reason they still hold their jobs is because those in charge of them do not have the technical know-how to understand what they are doing. I realize that there are many admins that read K5, and I ask you to understand why this is wrong. The job of an admin is to maintain connectivity, filtering out spam is secondary at most, and should never, ever interfere with connectivity, because all a handful of spam messages will cause is inconveniance, but undelivered mail can cause irreperable damage. How would you like it if your local mailman took it upon himself, without telling you, to filter out mail he thought questionable? What if he tossed out mail from your employer because your employer sends out junk mail? A mailman would go to jail for that, which is why he doesn't have such equivalent power.

Eater.

[ Parent ]
Okay, let's see a show of hands. (none / 0) (#850)
by DavidTC on Sun Aug 10, 2003 at 08:16:54 AM EST

Who's had an mail service they administor crash on them because of spam?

*raises his hand*

Who's had some other service besides email go down because of spam?

*raises his other hand*

Spam is not a joke, it is not an annoyance, it was that 5 years ago. Spam has reach the level of a fucking assault, and unless you're an email admin you have no idea what's going on.

I get thousands of rejected spam connections a day...and I have less than 30 users over a dozen domains. It's two order of magnitudes more spam than legit email.

And It Will Only Continue To Get Worse Unless We Force Spam Supporting ISPs Off The Internet.

-David T. C.
Yes, my email address is real.
[ Parent ]

Bloody extremists. (5.00 / 2) (#854)
by it certainly is on Sun Aug 10, 2003 at 10:25:32 AM EST

Question: why is having your mail service go down due to spam bad?
Answer: because it stops legitimate mail getting through.

Question: why is deliberately blocking legitimate mail bad?
Answer: because it stops legitimate mail getting through.

You've aligned yourself with vigilantes, dedicated to causing the financial ruin of any ISP you don't like. Can't you see the madness here? "The nations of Brazil, Korea and China Must Be Forced Off The Internet. Bell Cananda, AOL and Verizon Must Be Forced Off The Internet."

Why don't you make a preemptive strike? Make a list of all your SPEWS using buddies. You guys are the only people who will never allow spammers on your networks, no matter how many millions of dollars they offer you. You're the most moral business on the planet. Because every other ISP in the world could concievably harbour those spammers once your crusade smites the evil spammer-harbouring ISPs of today, it would be best to launch a preemptive strike against those ISPs. Blacklist the entire internet, whitelist only your buddies. That'll show 'em! Fuck your customers, they didn't read their contracts anyway. A victory against spam!

Spam is destroying email as a viable form of communication. You are accelerating that destruction! The Internet was designed to route around damage, but the one thing it can't cope with is DELIBERATE damage at the endpoints. You are causing deliberate damage, wilfully blocking out legitimate email because you're so hung up on petty revenge against spammers that you've decided it's more important to play some fucking power games against ISPs than it is to ensure the reliable functioning of email.

The only day you'll realise this is when every last ISP on the planet has blocked out every other ISP in a continual cycle of destruction. Nobody can email anyone else. Thanks, guys, email is dead and YOU killed it.

kur0shin.org -- it certainly is

Godwin's law [...] is impossible to violate except with an infinitely long thread that doesn't mention nazis.
[ Parent ]

Perspective... (none / 0) (#865)
by Dimensio on Sun Aug 10, 2003 at 03:04:01 PM EST

! The Internet was designed to route around damage, but the one thing it can't cope with is DELIBERATE damage at the endpoints. You are causing deliberate damage

I don't consider damaging the e-mail capabilities of spamhausen as damaging the Internet. If anything, it helps the 'net by helping the signal-to-noise ratio.

You just can't understand that there are ISPs that have turned themselves into cesspits and it's to the advantage of a responsible 'net prodier to just block all of their mail.

[ Parent ]
Incredulous. (none / 0) (#880)
by it certainly is on Mon Aug 11, 2003 at 12:39:26 AM EST

I don't consider damaging the e-mail capabilities of spamhausen as damaging the Internet.

Oh? That's an interesting perspective. To cut off email communications to thousands of non-spamming people, and giving them highly unreasonable (to them, not you) conditions as a precondition of permitting them to email your customers, instead of simply allowing them back because they've never wronged you? That's not damaging Internet email?

Let's be honest here. You are damaging the internet, deliberately, for the political effect it has. You want to get peoples' attention that the ISP you're blocking is doing something you politically disagree with. So you've blocked every one of that ISP's customers, spammers or not, from your servers. You WANT them to be blocked and remain blocked, so you look "strong" to them, and you will use the fact that you control the email server (and neither they nor their recipient do) to force them to bargain with you. Either THEY do as YOU tell them to, or they will never get their email through to your customer again. They must either leave the ISP you politically disagree with, which financially hurts both them and the ISP, or they must convince their ISP to agree to your demands.

However, there is another option, especially if you are openly hostile to these blocked people, and that is they find some non-censored path to your customer, tell your customer what you have been doing, and your customer leaves you. No amount of "you deserve it, I'm allowed to censor your mailbox for my own political goals, it was in the contract" will bring them back, and they may even badmouth you into the bargain.

You just can't understand that there are ISPs that have [done things I politically disagree with] and it's to the advantage of [myself, and it is my belief that it also benefits the entire world] to just [coerce them towards my views of how they should run their business by using whatever legal powers I have that could convince them].

It's OK, I understand WHY you think what you're doing is right. It's just that my opinion of the same situation is that what you're doing is wrong. The reason why I don't blackhole you for that reason is... because I think blackholing entities because of grieviances and political association is the wrong thing to do! Simple, isn't it?

kur0shin.org -- it certainly is

Godwin's law [...] is impossible to violate except with an infinitely long thread that doesn't mention nazis.
[ Parent ]

Blocking crimeridden ISPs is routing around damage (5.00 / 1) (#885)
by Dimensio on Mon Aug 11, 2003 at 02:43:51 AM EST

Let's be honest here. You are damaging the internet, deliberately, for the political effect it has.

Here's the problem.

You have an ISP that openly tolerates -- perhaps even encourages -- criminal activity amongst its customers (cogentco). These customers start to hammer your network with all kinds of garbage traffic, spiking your bandwidth, reducing your network efficiency and costing you money.

What to do?

How about block the IP address at which the criminals are hosted? Sounds like a good idea. Drastically reduces your costs. Unfortunately, these criminals are SO friendly with their ISP that after a bit of whining, they get moved to a new IP addres on cogentco's network.

What to do now? Block the new IP? They'll just move again. It doesn't take long to see this pattern. The easiest way to deal with it proactively is to block the entire ISP and be done with it.

In other words, it's not "damaging" anything. Cogentco damages the 'net by allowing criminals to have free reign and even accomidating them (it is DOCUMENTED that they moved spammers around to avoid SPEWS listings). Blocking is just a means of protecting my own network.

[ Parent ]
Short-term thinking (none / 0) (#889)
by synaesthesia on Mon Aug 11, 2003 at 07:32:23 AM EST

They must either leave the ISP you politically disagree with, which financially hurts both them and the ISP, or they must convince their ISP to agree to your demands.

(Emphasis mine). You're not thinking long-term enough. Spam costs a great deal of money to deal with. Your notion that it should be dealt with by law enforcement officers simply shifts the financial burden to people who don't use the internet.


Sausages or cheese?
[ Parent ]

More questions (5.00 / 1) (#869)
by DavidTC on Sun Aug 10, 2003 at 03:34:24 PM EST

Question: Why is having your mail service go down due to spam bad?

Answer: Because it stops all legitimate mail getting through.

Question: Why is having your mail service go down due to spam good?

Answer: No reason

Question: Why is deliberately blocking legitimate mail from spamming networks bad?

Answer: Because it stops some legitimate mail getting through.

Question: Why is deliberately blocking legitimate mail from spamming networks good?

Answer: Because it puts pressure on the spamming ISPs to stop, and is in fact the only way anyone's found to do that. Because it stops network abuses from as-yet blocked areas of the provider's networks.

You've aligned yourself with vigilantes, dedicated to causing the financial ruin of any ISP you don't like. Can't you see the madness here? "The nations of Brazil, Korea and China Must Be Forced Off The Internet. Bell Cananda, AOL and Verizon Must Be Forced Off The Internet."

I fail to see how it's 'vigilantism' to set up my server so that it remains functional. But, hey, if the government's willing to do that for me, by all means I'll stop.

And, for the record, Bell Canada, AOL, and Verizon actually terminate spammers' connections. (Well, Verizon is a bit clueless and slow last I heard, but at least they aren't maliciously moving spammers around to dodge IP blocks.)

And no one wants to remove these people from the internet. OTOH, no one wants to have their machines continually attacked. Eventually I decide to stop visting friends who live places that I get mugged every time I go there. I decide even sooner if the reason I get mugged is that the neighborhood beat cops think that's a reasonable way to make a living, and thus don't do anything about the muggers.

Why don't you make a preemptive strike? Make a list of all your SPEWS using buddies. You guys are the only people who will never allow spammers on your networks, no matter how many millions of dollars they offer you. You're the most moral business on the planet. Because every other ISP in the world could concievably harbour those spammers once your crusade smites the evil spammer-harbouring ISPs of today, it would be best to launch a preemptive strike against those ISPs. Blacklist the entire internet, whitelist only your buddies. That'll show 'em! Fuck your customers, they didn't read their contracts anyway. A victory against spam!

Yes, let's set up a nice strawman to show how evil everyone who uses SPEWS is.

However, you're almost right. Eventually there will be three 'internets'. There will be the 'spam internet', where only spammers live (because that internet can't contact anyone), there will be the 'spamless internet', where anyone who spams is immediately removed, and cannot be reached from the 'spam internet', and there will be the 'dead internet', which doesn't use filtering and where fifteen people get email, once they wade through eight million spam messages. (What, you thought the volume of spam would go down when the number of accounts reachable did?. As far as anyone can tell, the amount of spam never goes down.)

Spam is destroying email as a viable form of communication. You are accelerating that destruction! The Internet was designed to route around damage, but the one thing it can't cope with is DELIBERATE damage at the endpoints. You are causing deliberate damage, wilfully blocking out legitimate email because you're so hung up on petty revenge against spammers that you've decided it's more important to play some fucking power games against ISPs than it is to ensure the reliable functioning of email.

Unless we come up with some way to stop spam, email is dead, period. There are two ways to stop:

Harm the spammers enough so that they stop (or never start)

Harm the spammers' provider's enough so they stop (or never start)

Everything else besides blacklisting has been tried and failed. Blocking just spammer IPs fails, spammers are moved, and it doesn't stop the traffic. C&R is failing, and is ironically leading to an even bigger abuse of the network than spam. Greylisting has promise, but it's too little too late, and spammers can really easily get around it, once they realize what's going on. Legal means have been amazingly slow to get off the ground, and are just causing spammers to commit more crimes to avoid being traced. Even the murder of two spammers hasn't seemed to deter them. (Now that I'm condoning that, if it was indeed for spamming, and not just mafia-related gambling.)

The only method that has ever reduced the amount of spam sent (vs. the amount of spam seen) is to blacklist the 'wrong' people. (And it's the amount of spam sent that's crippling the internet.) Some lists, like the SBL, blacklist corperate mail servers of the ISPs, so the ISP itself can't send mail. Some lists, like SPEWS, blacklist the ISP in continually increasing chunks, hoping at some point the ISP will decide hosting spammers isn't worth it.

In short, blacklisting peole who then whine to their ISP, or company presidents who then whine to their server admin, is the only thing that works, period. Well, that, and if they still remain completely clueless, just blocking their entire network and forgetting about them. If you have any other suggestions, you're welcome to make them. Be sure to google for them first, because almost every one of them that makes any sense has been tried.

-David T. C.
Yes, my email address is real.
[ Parent ]

David? Just call me Che. (5.00 / 1) (#877)
by it certainly is on Sun Aug 10, 2003 at 09:52:05 PM EST

I fail to see how it's 'vigilantism' to set up my server so that it blocks legitimate email from people I have no grievance with, in an attempt to cause financial harm to their ISP.

Sorry for editing your post there, Che, but I assume "remains functional" is some sort of codeword you use for "blocking legitimate email from people I have no grievance with, in an attempt to cause financial harm to their ISP". You revolutionaries like to use weasel words to describe your actions, but we can easily see what you're doing -- deliberately causing collateral damage in an attempt to aggravate customers off of the targetted ISP.

Unless we come up with some way to stop spam, email is dead, period.

Translation: the infidels must be crushed. They bring a plague to our planet. The Great Mail Admins' Party must prevail.

Here's another bullshit statement. "Unless we come up with some way to stop credit card fraud, credit cards are dead, period." Credit card fraud still goes on. Credit card use and acceptance by consumer and merchant alike is unabated. Credit card companies are defrauded by millions. They put the financial responsibility for that on their merchants. Merchants pass that on to their customers, or go bankrupt. Yet customers are still signing up for credit cards every day. Merchants are signing up for merchant accounts every day. We have international police cooperation to catch the fraudsters. Some of the biggest fraudsters go to jail, but the economy itself has to suffer all the fraud that didn't get caught.

This is how it is with email, too. Why do spammers spam? Because there's money in it. We're not talking about misguided but otherwise respectable businesses here. They can be educated. We're talking about the bulk of people who pay for spam -- criminals. There are millions of people out there, reachable via email, and some of them are gullible enough to respond to spam, get defrauded by Nigerians, sign up for ponzi schemes, buy porn/penis enlargers/illegal drugs with a credit card just asking to be raped, whatever. If these people did not exist, there would be no spam. But there's one born every minute. And, human nature being what it is, there will always be people willing to exploit gullibility. And there will always be people willing to leech off that profitable act of parting a fool from his money, by acting as middle men.

As has already been seen with drugs: if you raise the stakes, some traffikers drop out, but demand is still identical, it just means more profits for the traffikers who remain. Your only chance of stemming the illegal drug trade is to reduce demand. If you can't do that, make it legal and restrict the hell out of it, like tobacco and alcohol. Do anything to lower the general public's exposure to criminals, even if you can't get them off the drugs.

At the end of the day, spammers get enough back in referal payments to make the job of continually signing up with new ISPs, paying college students and DSL/cable subscribers a pittance to use their machines as open relays and cranking out viruses worthwhile. This is the only point of attack. Very few ISPs actively advertise for spammers. Spammers choose ISPs to sign up to, and pretend like hell that they're not spammers until they're caught, then they flee in the night to avoid apprehension.

What you're doing, by blacklisting entire ISPs until they "clean up their act", is just making spammers flit more often. You seem to be under the delusion that when you block an entire ISP, harming the use of email for thousands to millions of people, that spammers just give up at that point. They don't. It's still profitable. Changing ISP once a day is still profitable. Taking deceptive adverts out in the newspapers asking for college students/DSL/cable internet users to hire out their connections for spamming is profitable. Launching network worms that compromise hosts and turn them into spam zombies is profitable.

Given this situation, how do we stop the spammers? Can we apply political pressure to all ISPs in the world to make them kick spammers? Let's say the Glorious Mail Admin Revolution succeeded; after financially crippling their enemies and pissing off millions of innocent people, every ISP in the world now fears the anonymous, unaccountable people that run SPEWS so much, they terminate customers within 20 seconds of a SPEWS listing, no questions asked. Certainly, the anonymous, unaccountable SPEWS people are now kings of the email world. But has it made any difference to spam? Sadly, no. All those gullible fools are still there. All those crooked scammers are still there. There's still no policemen or FBI agents beating down their door. So spam continues. Spammers now realise they only have one chance at spamming per ISP. So they run two operations: one scanner that tries out open relays and monitors the RBLs to ensure they weren't spam traps, and one bulk mailer that spams the hell out of verified open relays, everything else it can get its hands on, and infects all the computers it can find with viruses and worms with spamming payloads. The only people who gain from vigilantism are the vigilantes. The rest of the world suffers from the attack on justice and law and order.

There is only one way out of this, Che. Accountable, non-anonymous, internationally cooperating law enforcement officers, tracing spammers, arresting them, trying them in a court of law, and having them jailed. Yes, the wheels of justice turn slowly. Yes, the general public still thinks credit card fraud and burglary are worse than email spam. You want an end to spam? It'll never happen. You want the long-term solution to fixing spam? Raising spam's importance on the law enforcement agenda. Pissing off people by holding mailboxes to ransom isn't going to work.

kur0shin.org -- it certainly is

Godwin's law [...] is impossible to violate except with an infinitely long thread that doesn't mention nazis.
[ Parent ]

Things can have more that one motive. (none / 0) (#892)
by DavidTC on Mon Aug 11, 2003 at 12:51:29 PM EST

Sorry for editing your post there, Che, but I assume "remains functional" is some sort of codeword you use for "blocking legitimate email from people I have no grievance with, in an attempt to cause financial harm to their ISP". You revolutionaries like to use weasel words to describe your actions, but we can easily see what you're doing -- deliberately causing collateral damage in an attempt to aggravate customers off of the targetted ISP.

Putting pressure on someone who is doing something you don't like is called a boycott. Blocking 'legitimate' mail from ISPs who host spammers is partially a boycott, although a reversed one where you stop providing services to them.

However, that's not the only reason to block them, and anyone who thinks so hasn't been paying attention. The main reason people are blocking Cogentco is, duh, they are spammers! We're paid to block spammers off the machines!

That's really where the different between our viewpoints comes down to. You see Cogentco and people using it as some sort of legitimate ISP that some spammers happen to be running around on.

That couldn't be farther from the truth.

Cogentco are causing spam. They are attacking other computers on the internet, near continually.

Cogentco does not 'have' a spam problem, they do not 'have' spammers. Spammers are their entire means of business. You don't 'accidently' get and keep a dozen hardcode and known spammers for months, and, no, these guys cannot just move...no one else will take them. Spammers do not get 'one' chance of spammer at Cogentco, they get infinite chances.

It's not some crazy accident they all ended up on Cogentco, or a wacky misunderstanding that resulted in Cogentco moving some of them into the same block as SomethingAwful when they got blocked elsewhere...Cogentco honestly sees nothing wrong with spamming, and they see nothing wrong with harming SomethingAwful to keep spamming customers.

Claiming they have some legitimate customers is insane. The only reason they have or want legit customers is to use as human shields, so everyone will see the 'harm' of blacklisting them. They want you guys to run around whining, and, congratulations, you played right into their hands.

If SomethingAwful didn't apparently have some idiotic users who thought the best thing to do was to piss off mail admin, you might possibly have some holes punched for you. I read SA on occassion, and while I don't get mail from there, I might have stupidly whitelisted. And the next trick would be for Cogentco to move you guys and put spammers at that IP. That is how they operate. That is the entire purpose of having 'legit customers'. You are not customers, you are weapons.

You talk about how we can't educate users, and you're right...but maybe we can educate you guys.

Some ISPs deserve to die, and I'm not saying that out of vindictiveness or some pretty revenge issue. Cogentco have been continually abusing the internet for months, because they make more money that way. They have been continually harming their 'legit users' by delibrately moving spammers around to avoid blocks...and their 'legit users' end up in that space afterwards. They are not participating in this cooperative venture known as the internet, they are abusing it, simply to make more money.

Cogentco are playing a game to see how much space they can keep un-blacklisted...and I'll be damned if I'm playing along. So are quite a few people, including SPEWS. Everyone need to get the hell off Cogentco...if everyone did, they would immediately die.

There is only one way out of this, Che. Accountable, non-anonymous, internationally cooperating law enforcement officers, tracing spammers, arresting them, trying them in a court of law, and having them jailed. Yes, the wheels of justice turn slowly. Yes, the general public still thinks credit card fraud and burglary are worse than email spam. You want an end to spam? It'll never happen. You want the long-term solution to fixing spam? Raising spam's importance on the law enforcement agenda. Pissing off people by holding mailboxes to ransom isn't going to work.

Why are you calling me 'Che'?

Anyway, many places don't even have laws against spam...so what are we supposed to do? My server is located in CA, which has laws against it...but we can't go around privately bringing suit against people over there, we don't have anywhere near that kind of cash.

Pretending laws will solve the problem is crazy...but there is a valid point there. Cogentco is knowingly assisting a crime against my company, aka, spamming me. Pretending I shouldn't block them from any of our sevices is completely absurd. If someone sits and throws rocks at your business's van each night, and you know it but the police won't do anything, or insist you privately bring suit...do you let them into your business to wander around and do god knows what? Of course not, you ban them from the premises.

And that's not to mention that Cogentco are knowingly assisting felony computer misuse, which is, of course, itself a felony, as plenty of their spammers are hijacking other computers and turning them into open proxies. While they are not personally doing that against me, I still feel it's bad policy to let unrepentant felons from walking around the store I'm doorman at, especially when the aforementioned felons also enjoy throwing rocks at our vans.

-David T. C.
Yes, my email address is real.
[ Parent ]

Collateral damage and happy clients (5.00 / 1) (#655)
by Pac on Thu Aug 07, 2003 at 01:34:17 AM EST

First, collateral damage is acceptable. The spam problem has reached a point where any email server administrator worth his salt will do what needs to be done to stop it. And blacklists are an acceptable and traditional way to deal with it. Instead of fighting the messenger, SA should be thinking about moving to a clean ISP. But they seem happy to keep giving their money to a spam harbour.

As for BOFHs, there are indeed a lot of people whose egos are larger than live itself in this business. Neverheless, most admins are calm and reasonable beings who will always do their best to keep their networks running well. The childish ones are a minority that does not represent the whole community (and who doesn't last much - alas, there's a long line of new teenagers to replace them).

And, yes, if they have clients then those must be happy with their services. By definition.

Evolution doesn't take prisoners


[ Parent ]
Same happened to me... (4.80 / 5) (#53)
by simul on Tue Aug 05, 2003 at 11:46:10 AM EST

And I, too, realize how necessary it was. We put a lot of pressure on our colo. And our colo cleaned up their act. This would never have happened otherwise.

Read this book - first 24 pages are free to browse - it rocks
[ Parent ]
It has happened to many, they are jsut not vocal (4.33 / 6) (#269)
by RipCurl on Tue Aug 05, 2003 at 08:27:28 PM EST

I was hosted with Interland. They became a cesspool for spammers...actually they still are. I left as soon as I got my first bounce of an email message I sent, to someone who's system was using a private blocklist at the time (SPEWS didn't exist yet ). So did i get mad at the isp who bounced me? No, I search the net and found out that Internald is a cesspool, and my money was going to slummy landlords. Luckily, I was up for renewal and i spoke with my wallet and move my services off of Interland and never looked back. Why "we" are in the minority as far as the claims go? Its because what happened to us happens to many; people will move when they are inconvenienced. Its jsut more powerful statement to make it look like blocklisting is a bad thing. When it so happens that because of blocklisting, many customers come to realize what kind of business they are dealing with; an subsequently move. We dont hear from them often enough. What sounds better to you? Glorify the BAD in a press/media and overstating how bad it is? Or actually seeing the many of those who actually thank blocklists for helping them make the right decisions?

[ Parent ]
Very Nice. (3.18 / 16) (#5)
by Motekye on Tue Aug 05, 2003 at 12:02:10 AM EST

Looking past a few spelling/gramar and consistency indescrepencies, I thought this article was insightful and informative.

I never really pegged system admins as the corrupt-politician type — nor did I think that they would abuse their black-listing power. This is another example of internet-bullyism which turns potential new-comers off the social aspects of the net and makes me sick to the stomach.

Besides, I thought Denial of Service attacks were illegal; desipte the moral side the war on spam that the admins may be on. Methinks some 'real' law enforcement should be brought in to curb these attacks and punish these stray admins.


Grrr....

DoS != blacklisting (3.75 / 4) (#22)
by Nova Reticulis on Tue Aug 05, 2003 at 04:24:47 AM EST

Denial of Service is a malicious attack. Party X abuses the equipment of Party A to prevent Party B from reaching it because Party X is a dick.

Blacklisting is neither malicious nor an attack. Party B refuses to give service to Party A because Party B wants to protects its customers and chooses to believe Party A is scum that harbors Party C which happens to be a spammer. The fact that Party A's customers are bitchings about not being able to reach Party B's customers does not compensate for Party A being spam supporting assholes.

Am I clear?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I know. (none / 0) (#899)
by Motekye on Fri Aug 22, 2003 at 03:44:15 PM EST

But they abuse both.


Grrr....
[ Parent ]
No. (3.83 / 30) (#17)
by Nova Reticulis on Tue Aug 05, 2003 at 03:10:23 AM EST

You are misrepresenting the anti-spam community as a whole and SPEWS in particular. SPEWS does not communicate with anyone . Not with somethingawful.com, not with anyone else. No one knows who SPEWS is or where it resides. SPEWS admin did not complain about being DDOSed simply because SPEWS administration does not ever communicate with anyone outside of SPEWS. You have not executed due diligence. The specific post that says "SPEWS apologizes", as well as all other posts with people commenting on SPEWS, always contains "I am not SPEWS" or something similar. Unless you hang around in NANAE long enough to be able to recognize Tok Pisin jokes, I suggest you do not comment on matters that you haven't studied sufficiently. Who said SPEWS operates spamtraps? In fact, we do not even know how exactly SPEWS work. The concept of SPEWS expanding listings is misrepresented. Please spend a couple of months in NANAE before making devastating comments in public. Also read the FAQ at the SPEWS website. There is no reason whatsoever for you or anyone else to try and keep network administrators in check. You're not one and you won't be telling them how to do their job. You especially have no rightful claim against SPEWS. Please read the following carefully because many people fail to understand what is it all about (and it's something that gets explained in NANAE about 10 times a day to different new posters, too bad you didn't care to find out before posting to K5).
  1. SPEWS is a privately operated and maintained blacklist that adheres to specific regulations that are published on SPEWS website. As far as I know, there's no known case where SPEWS made a mistake or deliberarely ignored its own regulations. SPEWS operates exactly as it says. All attempts to blame SPEWS always turn out to be due to laziness, cluelessness or malicious intent of people who blame SPEWS
  2. The blocking is done by the mail servers themselves because your network administrators chose to use SPEWS. SPEWS does not block anyone. Your network administrators do by way of trusting to SPEWS. If you don't like what they do, change ISPs.
  3. Not only the argument about SPEWS being guilty of anything is ridiculous, but even the question itself can not be raised because, again, SPEWS is an advisory list. If SPEWS were that bad, admins wouldn't be using it. SPEWS is by far the most effective tool we have against spammers, short of Internet Death Penalty.
  4. No network other than your own ISP has a contractual obligation to you or anyone else to carry your email. My network, my rules. Yes, you heard it right. You buy connectivity from your ISP and that's it. No one else is required, neither by law nor by logic, to carry your traffic. Internet is a voluntary cooperation of networks.
You fail to understand that controlling spam *IS* maintaining smooth and clear operation of the networks. You do not understand the extent of damage the spammers do. The only way to prevent it is to punish rogue ISPs who encourage spammers. With all said above, I am voting this article up in hope that other people will read it and understand your mistake.

Internet is not a charity for morons who can't run a well planned business

Heh... (2.66 / 3) (#19)
by Nova Reticulis on Tue Aug 05, 2003 at 03:44:18 AM EST

I am a dumbass. That's the editing queue. No voting the article up for me ^_^

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

You're decontextualising (4.88 / 9) (#24)
by The Artificial Kid on Tue Aug 05, 2003 at 05:08:11 AM EST

It's all very well to say that "SPEWS doesn't block anyone", and you are technically correct. But SPEWS does not operate in a vacuum. It is known that SPEWS blacklists are used by many email admins, therefore additions to the SPEWS blacklist must be assume to result in the blocking of traffic between many destinations and the affected IPs.

You may also be technically correct when you say "there's no known case where SPEWS made a mistake or deliberarely ignored its own regulations" but this is, again, irrelevant. What must be questioned is the entire concept of SPEWS which, I believe I am correct in saying, involves mass blocking IPs (eventually) in order to create difficulty for those who support hosts that support spam. It is not enough to formulate a set of rules and stick by them. Your rules must also be ethically defensible.

SPEWS is openly touted as a way of fighting back against spammers by attacking the networks that host them and the other users of those networks. Another way of putting this is that SPEWS is an attempt to save email admins from having to do their jobs anymoe. They don't want to keep spam out, they want to end it, and they're happy to take down innocent people with them.

In my adventures through net-abuse.email I saw countless examples of email admins saying, effectively, "if you buy connectivity from one of these networks you're part of the problem and deserve what you get. Be angry at them, not at us". The same brutally simplistic logic lies behind the use of mass executions to shut down underground resistance movements. You make the innocent resonsible for the actions of the guilty by punishing them and maybe they'll help you stop sheltering the guilty.

There's no reason for receiving admins to stop using the lists because they don't care if they get a couple of days or a week of email bouncing back from legitimate senders while those senders arrange alternative access. The consequences for any individual or company caught up in a mass block can be quite serious. Using only the example of somethingawful, they were unable to send confirmation emails to new registrants. This could have resulted in complaints to paypal about non-delivery of services, which would in turn have undermined somethingawful's entire forum business.

Those who participate in mass blocking are happy for others to shoulder these risks to further their fight against spam. That takes serious callousness and the responsibility falls equally on those who use lists that return large numbers of false positives and those who produce lists that return large numbers of false positives. I find it hard to believe that spam is such a serious problem that it is no longer possible to restrict punitive activities only to spammers, that instead others must be punished en masse for the worthy goal of shutting down spam. Of course this ignores the fact that it is essentially impossible to shut down spam without shutting down the internet, since spam is just a declaredly invalid use of valid tools.

SPEWS may perform its assigned function flawlessly, but its assigned function is unethical and those who use it are unethical. Their job is first and foremost to provide smooth traffic of legitimate email, and then to reduce noise.

As for the free market argument, the logical extenstion of that is either "nobody should write about anything if there's any way they could simply stop it from being a problem for them" or "one client of every ISP on earth should write an article for kur05hin on this subject".

I think you should also ask yourself this question: would you stay with an ISP that blocked email you wanted to receive?

If the answer is no then I wonder that you can argue in favour of the use of blocking systems that will probably make that happen to you at some point in the future.

[ Parent ]

Correct but (3.50 / 8) (#28)
by Nova Reticulis on Tue Aug 05, 2003 at 05:49:16 AM EST

therefore additions to the SPEWS blacklist must be assume to result in the blocking of traffic between many destinations and the affected IPs

Still, SPEWS is an advisory list. In each particular case the disputable subject is the due diligence of each particular admin trusting SPEWS, not SPEWS itself. You want to take the choice away from admins. Not going to work.

Your rules must also be ethically defensible.

They must not. SPEWS is a private endeavour that reports to no one and especially not to end users. I see it the same way most NANAE regulars do: A paying customer of in ISP that refuses to cease business with it as soon as he finds out that his ISP harbors spammers is an accessory to spam and as such we do not want his mail here. It just happens so that SPEWS has the very same ideology that I do and provides me exactly with the information I want by exactly the criterias I want. I choose to trust it. Yes, SPEWS provides me with a centralized way to find out whose mail I don't want. Who are you to tell me which mail I want and which I don't? If you were my customer, I'd discuss with you. Otherwise, shalom.

"if you buy connectivity from one of these networks you're part of the problem and deserve what you get. Be angry at them, not at us".

Precisely. We have no other way to punish burstnet or UUnet other than depriving them of access to our customers. We intend to continue doing so. You're not my customer, your opinion on how I perform my job is of no value to me. No one at UUnet is innocent. UUnet is a pro-spamming operation. UUnet must cease or die. Those who knowingly pay UUnet money make it possible for UUnet to ignore us and continue spamming. No one at UUnet is innocent.

There's no reason for receiving admins to stop using the lists because they don't care if they get a couple of days or a week of email bouncing back from legitimate senders while those senders arrange alternative access.

There's no reason for receiving admins to stop, but it has nothing to do with bounces. All it has to do with is how they do their jobs.

SPEWS is openly touted as a way of fighting back against spammers by attacking the networks that host them and the other users of those networks

SPEWS is not attacking anyone. SPEWS is an advisory list. If a community of network administrators uses SPEWS as a base for a distributed rejection then its their right and their choice. Every administrator, until fired, represents their users. Screw you, democracy in action.

The consequences for any individual or company caught up in a mass block can be quite serious. Using only the example of somethingawful, they were unable to send confirmation emails to new registrants. This could have resulted in complaints to paypal about non-delivery of services, which would in turn have undermined somethingawful's entire forum business.

And what the fuck do I care about SA business? Last time I checked there was no country in the world that made it a constitutional right to have profit. On the other hand, it was always common sense to check whom you're dealing with. SA failed to execute due diligence in choosing their peer and are paying the price. No one cares. It's not my problem.

I find it hard to believe that spam is such a serious problem that it is no longer possible to restrict punitive activities only to spammers, that instead others must be punished en masse for the worthy goal of shutting down spam.

That's because you're not a postmaster of a large ISP. That's also why your opinion doesn't matter to postmasters of large ISPs.

Of course this ignores the fact that it is essentially impossible to shut down spam without shutting down the internet, since spam is just a declaredly invalid use of valid tools.

Post proof.

SPEWS may perform its assigned function flawlessly, but its assigned function is unethical and those who use it are unethical. Their job is first and foremost to provide smooth traffic of legitimate email, and then to reduce noise.

Really? So why don't you ditch your ISP in protest? You're telling people much more experienced, skilled and probably talented than you how to do their jobs. You want to decide what's ethical and what's unethical for them. Well the reality of Internet is, as I said above, that you have no right to "legitimate email". Let me make it very clear:

Your traffic outside of your ISP is a privilegy, not a right.

I think you should also ask yourself this question: would you stay with an ISP that blocked email you wanted to receive?

I don't want to receive email from anyone who hosts at spam supporting ISPs. If I really had to, I'd ask my ISP to whitelist it. If an ISP is incompetent to blacklist excessively, I'd drop them. SPEWS is not. I fully agree with SPEWS policy and I would only welcome my uplink to implement mandatory SPEWS L1 blocking. Besides, I am my own email provider, so its my god damn business anyway, I can afford a choice.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Hypothetical Situation... (3.66 / 3) (#54)
by jeremy on Tue Aug 05, 2003 at 11:57:02 AM EST

>>Of course this ignores the fact that it is essentially impossible to shut down spam without shutting down the internet, since spam is just a declaredly invalid use of valid tools.

>Post proof.

I have a disease.  As a result of a horrific incident in the Amazon, I've contracted a malicious strain of flesh eating bacteria.  Currently, the affected areas are on my arms, and a few areas on my left leg.  The doctors can do little at the moment but bandage the wounds.  They do not know where the bacteria will spread next, so I have to visit them nightly to readminister the bandages.  Each time, the bandages are applied to my body in a different shape and pattern.

The doctors have told me two things.

1. There is nobody working on a cure for this bacteria.  It doesn't seem fatal, and only affects me, so the demand to produce an effective remedy is not too great.

2. The only method of effectively stopping the exposure of the wounds is to bandage my entire body.  Doing so will completely immobilize me, however, none of the wounds will be exposed to air, and as a result, secondary infections which may prove to be lethal will never occur.

As my doctor, do you believe it's possible to cure me by only using bandages?  If so, then how?

[ Parent ]

A bogus analogy (3.00 / 5) (#80)
by Nova Reticulis on Tue Aug 05, 2003 at 02:37:38 PM EST

Spammers are not a disease. They are not nearly as efficient as any decent disease. As a matter of the fact it's been proven many many times that spammers are stupid. The nowaday boom of spam is made possible not due to sudden growth of spammer numbers but because of broadband explosion in third world countries. Spammers are not getting smarter. In fact, according to my personal observation, they are stupider than ever. Google for "C&C" in NANAE and you'll see what I'm talking about.

Anti-spam movement is a natural response to spam and it will eventually outrun and subdue spammers. Anti-spammers are much more intelligent, educated, and have vast resources at their disposal. Moreover: they cooperate. Of course spam is a social problem and it can not be rooted out without major changes in society. However it can be subdued sufficiently to make it improfitable.

Yes, SMTP is fundamentally flawed. However, we have a number of ad-hoc solutions that have proven sufficiently efficient. SPAM is at its peak; but the anti-spam movement is not dreaming either.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

But your methods block legit mail (4.33 / 6) (#508)
by The Artificial Kid on Wed Aug 06, 2003 at 09:01:47 AM EST

And have therefore failed the most important test of any email system.

[ Parent ]
Nope. (4.00 / 1) (#848)
by DavidTC on Sun Aug 10, 2003 at 08:06:55 AM EST

It all rather depends on how you define 'legit', doesn't it?

Mail from spammers is not legit. Cogentco owns the IP block, and Cogentco is a spammer. Ergo, mail from Cogentco netspace is not legit.

-David T. C.
Yes, my email address is real.
[ Parent ]

online terrorism (3.00 / 6) (#61)
by skelter on Tue Aug 05, 2003 at 12:44:44 PM EST

>>>>Precisely. We have no other way to punish burstnet or UUnet other than depriving them of access to our customers. We intend to continue doing so. You're not my customer, your opinion on how I perform my job is of no value to me. No one at UUnet is innocent. UUnet is a pro-spamming operation. UUnet must cease or die. Those who knowingly pay UUnet money make it possible for UUnet to ignore us and continue spamming. No one at UUnet is innocent. Sounds like Al Queda attacking US civilians because they pay taxes to the US gov't.

[ Parent ]
A reminder (1.25 / 8) (#391)
by Nova Reticulis on Wed Aug 06, 2003 at 05:06:01 AM EST

Spam is very very real. Iraqi WMD, Al Qaeda, terror against americans and friends seem to be rather far from real to me though.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Oh, boy (4.80 / 10) (#177)
by pyramid termite on Tue Aug 05, 2003 at 05:02:38 PM EST

Your rules must also be ethically defensible.

They must not.

Sorry, guy, but by making that statement, you've lost the argument right there. Why should ANYONE trust a list or a a person who uses a list if they publically admit they don't have to be ethical?

It's my observation, which was gleaned by several years of actually reading the constant debates in the nana* heirarchy, that there are a lot of self righteous and destructive individuals acting in this field. What we're arguing about here is collateral damage - you defend it as a necessary means to stop the spam and UCE problem. I say that it's proven to be woefully ineffective, as the problem continues on. It ought to be obvious to anyone that the tactics you're espousing are not being used very widely - otherwise, the majority of internet users wouldn't be cleaning out their mailboxes of trash on a daily basis, would they? In the best case, the best case, mind you, the UCE'er is forced or simply decides to leave one provider for another and you get to play whack a mole trying to shut down all their accounts or blackhole their providers. Meanwhile, the complaints from the innocents on both ends - those whose communications are blocked and those who want to receive the commucations are such that a small minority actually dare to USE the SPEW list.

In short it's been tried for years and it simply hasn't worked. Period. The people in the nana* groups represent a very small minority of admins. I doubt VERY much that most admins READ the group on a regular basis. Why? Because you represent a minority, a highly vocal, self-righteous, impracticable and eminently TROLLABLE minority. I remember S.P., Grubor, Skippy the Kangaroo and all the Kook Kabal. Good lord, but they made fools out of many people in those groups.

And those who weren't made fools out of by them, were made fools out of by us.

MEOW!

Your old pal from the 'nose and the 'flame
The Grand Wombat

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
The problem is SPEWS has too good a reputation (4.75 / 4) (#40)
by squigly on Tue Aug 05, 2003 at 09:19:03 AM EST

SPEWS is a privately operated and maintained blacklist that adheres to specific regulations that are published on SPEWS website.

Where?  There doesn't seem to be a hugely obvious link to the regulations on the front page.  Was I looking at the right place?  The typical assumption is that SPEWS is simply a list of the originating IP addresses of spam emails.  The general belief is that it is there to list spammers in order to passively prevent the inconvenience of their spam.  The actual situation appears to be that they wish to actively punish spammers.  

I still can't find it, so I apooligise if I'm making false assumptions here, but as far as I understand it, SPEWS receives spam mail from an external source.  It determines whether it is actually spam by some mechanism, and adds the IP address of the sender to a list, and the IP address of any website contained withing to another blacklist.  

The blocking is done by the mail servers themselves because your network administrators chose to use SPEWS. SPEWS does not block anyone.

But SPEWS is directly used by administrators to determine which IP addresses to block.  If it has a good reputation, (which it seems to have), it will quite predictably result in the IP address being blocked by admins.  This is after all the whole idea.

Your network administrators do by way of trusting to SPEWS. If you don't like what they do, change ISPs.

I have no idea whether my ISP uses SPEWS, and if they are, I don't know if they're fully aware of the implications.  

Not only the argument about SPEWS being guilty of anything is ridiculous, but even the question itself can not be raised because, again, SPEWS is an advisory list. If SPEWS were that bad, admins wouldn't be using it. SPEWS is by far the most effective tool we have against spammers, short of Internet Death Penalty.

We are assuming that admins are fully aware of the blocking policy.  Many of them are, and are happy about it.  Many are not, and think that it is only blocking legitimate spam, with potentially some collatoral damage which will soon be fixed.

No network other than your own ISP has a contractual obligation to you or anyone else to carry your email. My network, my rules.

But they have a moral obligation to ensure that the internet functions effectively.  They could eliminate 100% of spam by blocking all email.  This would be an inconvenience to all other ISPs, and their own customers.  Alternatively, they could use SPEWS, which appears to cause a lot of collatoral damage.  

You fail to understand that controlling spam IS maintaining smooth and clear operation of the networks. You do not understand the extent of damage the spammers do. The only way to prevent it is to punish rogue ISPs who encourage spammers. With all said above, I am voting this article up in hope that other people will read it and understand your mistake.

This doesn't create justice though.  Its a lynch mob mentality.  SPEWS has said that they're spammers!  Lets kill them!  Everyone takes SPEWS' judgement as gospel, and proceeds as is.  There is no right of appeal, no way for the accused spammer to defend himself in the first place.  Who actually decides  whether an address goes in there in the first place?  The FAQ seems to mention a shady organisation, but they don't seem hugely accountable.  

The thing is, SPEWS will not go away.  I feel that what it does is wrong, but SPEWS itself is the wrong target.  What we relly need to do is tell people not to use it.  There are many good reasons not to.  

[ Parent ]

Here you are sir! (3.16 / 6) (#44)
by Nova Reticulis on Tue Aug 05, 2003 at 10:19:11 AM EST

Where? There doesn't seem to be a hugely obvious link to the regulations on the front page.
The SPEWS FAQ explains the idea pretty clear.
The actual situation appears to be that they wish to actively punish spammers.
Who doesn't?
...as far as I understand it, SPEWS receives spam mail from an external source. It determines whether it is actually spam by some mechanism, and adds the IP address of the sender to a list, and the IP address of any website contained withing to another blacklist.
We don't know. There appears to be a general consensus among the NANAE regulars but I do not believe it is a matter of public discussion.
I have no idea whether my ISP uses SPEWS, and if they are, I don't know if they're fully aware of the implications.
Then you've got nothing to worry about, right?
But they have a moral obligation to ensure that the internet functions effectively. They could eliminate 100% of spam by blocking all email. This would be an inconvenience to all other ISPs, and their own customers. Alternatively, they could use SPEWS, which appears to cause a lot of collatoral damage.
I imagine it still outweights the rest of considerations otherwise we'd not be doing it.
This doesn't create justice though. Its a lynch mob mentality. SPEWS has said that they're spammers! Lets kill them! Everyone takes SPEWS' judgement as gospel, and proceeds as is. There is no right of appeal, no way for the accused spammer to defend himself in the first place. Who actually decides whether an address goes in there in the first place?
It does create justice, just that the justice isn't fair, but then again it's justice, it's not supposed to be fair. If guns are outlawed, only outlaws will bear guns, remember? Unfortunately law does nothing to prevent spammers from doing their thing, so we can only take the law in our own hands. Lynch mobs can gather and pursue not only because of absurd religious convictions but also because of lack of law enforcement and government involvement. I leave it to you as an exercise to find out, all things considered, which one is the most likely reason for existence of SPEWS and, most important, network administrators delegating their power of diligence to SPEWS.
The thing is, SPEWS will not go away. I feel that what it does is wrong, but SPEWS itself is the wrong target. What we relly need to do is tell people not to use it. There are many good reasons not to.
SPEWS does right what its designed to do. You don't have to do anything about it and you can't do anything about it. People who are trained to make such decisions made them, I doubt its worth wasting your time to try and convince them otherwise. As in, it's been tried thousand times before.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

It needs to be clearer (4.50 / 4) (#66)
by squigly on Tue Aug 05, 2003 at 01:12:57 PM EST

The SPEWS FAQ explains the idea pretty clear.

Not hugely clear.  A21 sort of explains what is listed, but really we need a "How does SPEWS work"  right at the top, explaining whether its there as a spam blocking mechanism or a punishment mechanism.  

The actual situation appears to be that they wish to actively punish spammers.

Who doesn't?

Me.  

Okay, that's not totally true.  I wand to rip their toenails off and boil them in vinegar for several days, but really, as with all other crimes, I want to prevent them from doing it in the first place.  I guess we're probably not going to see eye to eye on this matter.

Unfortunately law does nothing to prevent spammers from doing their thing, so we can only take the law in our own hands. Lynch mobs can gather and pursue not only because of absurd religious convictions but also because of lack of law enforcement and government involvement.

Thats true, but governments and legal systems are formed for exactly the same reasons.  Vigilante justice is generally frowned upon.  The actual means that spammers are being attacked should be made exteremely clear.  SPEWS needs a big link on the front page to a brief explanation of its listing policy.  The users need to be adequately informed of what's happening.

Yes, I DO want a huge explanation in big letters saying "This Is What SPEWS Does".  At least.  

SPEWS does right what its designed to do. You don't have to do anything about it and you can't do anything about it. People who are trained to make such decisions made them, I doubt its worth wasting your time to try and convince them otherwise. As in, it's been tried thousand times before.

It does what its designed to do, and does it very well.  I'm not so sure it does what the users want it to do.  Does it really help me if I can't get to a website that is on the same server as another one that was advertised by spam?  I refuse to blame the spammers.  It was SPEWS that listed it, and they have a duty to make their lists punish only the spammers.  

[ Parent ]

What does SPEWS do? (none / 0) (#868)
by Dimensio on Sun Aug 10, 2003 at 03:10:13 PM EST

Yes, I DO want a huge explanation in big letters saying "This Is What SPEWS Does". At least. Read the SPEWS FAQ. It's all there.

[ Parent ]
You lose, again. (5.00 / 3) (#796)
by harik on Fri Aug 08, 2003 at 12:40:15 PM EST

Lynch mobs can gather and pursue not only because of absurd religious convictions but also because of lack of law enforcement and government involvement.
Lynch mobs form because the government won't do anything about those goddamm dirty niggers. Or those faggots. Or the jews.

Being black isn't illegal, being black and sitting in the front of the bus isn't illegal. Fuck that shit! If the government won't do anything about the damm niggers sitting in the front half of the bus we'll take some of them out and hang their ass! Who's up for a cross burning!

Shit, That guy joe wouldn't move when a nigger moved into his neighborhood! Hell, I've even seen him paying him to mow the yard! Let's burn a cross on his lawn until he realizes that niggers are the scum of the earth!

... Yes. By being near a spammer, you are unclean. Just like anyone who does buisness with a jew.

[ Parent ]

That's not true (3.80 / 5) (#65)
by autopr0n on Tue Aug 05, 2003 at 01:11:24 PM EST

Actually, most ISPs would probably the responsibility to a) pass along mail I send, and b) deliver mail to me that's addressed to me. The SA people were unable to send mail to people that they were in a business relationship with, and It's unlikely that those individuals expected SA's mail to be bounced.

I think a lot of this is the result of ego-inflated admins who think they are god


[autopr0n] got pr0n?
autopr0n.com is a categorically searchable database of porn links, updated every day (or so). no popups!
[ Parent ]
Nay (2.33 / 6) (#84)
by Nova Reticulis on Tue Aug 05, 2003 at 02:44:14 PM EST

No ISP can assure the delivery of email outside of its WAN. Moreover, a quick look through the contract will most likely inform you that ISP disclaims responsibility for pretty much everything and especially value added services that are only traditionally provided to the end user in a bundle.

An ISP can promise its users that it will *try* to deliver email outside, not that the email will reach the destinations. So there's no much point in pulling that string.

The fact that SA has business relationship with anyone does not make SA emails more or less valid, interesting, legitimate or even relevant to the current conversation, to utter dismay of those pursuing the "American Dream". In other words, it doesnt mean jack shit if SA suffered monetary damages. No one cares.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

However (4.00 / 5) (#538)
by leviramsey on Wed Aug 06, 2003 at 05:39:05 PM EST

If SPEWS blocks a legitimate email sent to a customer of your ISP, you do have something of a responsibility to deliver it, irrespective of what the actual TOS may say (because it's trivial, given a good lawyer, to cut any contract to shreds). And even if you don't win against the ISP, you can still subpoena the ISP's employment records and file suits against the individual sysadmins at the ISP, and (through liens and ruining their credit rating) get them to pay you a million bucks out of their pocket.



[ Parent ]
Find a case where that happened... (none / 0) (#867)
by Dimensio on Sun Aug 10, 2003 at 03:09:03 PM EST

Go on. Surely SPEWS has done so much damage so far that it must have happened many, many times or we wouldn't be hearing so many people whining about how effective it is. Surely one of these people had the sense to file the appropriate legal action. Why hasn't this happened yet?

[ Parent ]
SPEWS has made some mistakes... (4.00 / 1) (#866)
by Dimensio on Sun Aug 10, 2003 at 03:07:12 PM EST

...not many, but a few, where IP space was accidentally listed because it looked like it was owned by a spamfriendly ISP, when really it wasn't. Enough to show that either there are humans running the system, or that the sentient machines (I've a hypothesis that SPEWS is actually networked computers that have become self-aware and are trying to defend against the damage done by criminal spammers) are trying to make us all beileve that humans are running the system. In any case, when mistakes are pointed out, they are very quickly corrected.

[ Parent ]
Reading between the lines (3.78 / 14) (#21)
by mewse on Tue Aug 05, 2003 at 04:19:24 AM EST

Are you honestly claiming that I don't have the right to decide from whom to receive e-mail on my own server? Please tell me that's not what you're saying.

Because that's idiotic.

"Law of the Internet"? "Universal Principle"? How about: It's my damn computer, and I'll accept your e-mail or not at my own discretion, and if you don't like my choice, then that's too bad. I'm not damaging your person, your property, or breaking any laws. So I don't see how you can cry foul and expect to be taken seriously.

And incidentally, if you're going to claim that SPEWS DDOSed somebody in large alarmist letters in the story title, you might want to back that up with a little evidence inside the article.

Just a thought.

You're confusing the issue (4.25 / 4) (#31)
by The Artificial Kid on Tue Aug 05, 2003 at 07:19:45 AM EST

I have no problem with people banishing spam from their own computers. I have a problem with admins subscribing to blocklists that contain false positives, thus affecting hundred or thousands of computers managed by people with no direct access to the mail system and no immediate knowledge of the blocking policy. And I especially have a problem with it when they threaten to or do deliberately block an individual or site not because the individual or site has abused email but because they personally consider the individual or site to be an "accessory" to spam". And finally, if they do it simply for a personal grudge then it is utterly unacceptable.

Internate services are businesses, yes, but they are also a public good.

[ Parent ]

No, again (4.12 / 8) (#33)
by Nova Reticulis on Tue Aug 05, 2003 at 07:57:47 AM EST

SPEWS does not contain false positives. SPEWS listings that cover "innocent" parties are as deliberate as the judgement of admins who resort to SPEWS as their advisor.

People who have no "direct access to the mail system and no immediate knowledge of the blocking policy" are not authorized administrators of such systems and have no business questioning much less administrating it,

And no, I am not threatening anyone with blacklisting. I will just blacklist whomever I like, when I like, without prior warning or explicit consent and you're not going to be able to do a damn thing about it. My customers are thankful to me. You're not my customer. The only reason SA didn't hit my private blacklist is because I missed the entire endeavour, I don't have the time to read 1000 messages in NANAE every day and I especially dont have the time to study old posting thoroughly. I have a job that I intend to do, and blacklisting dumbasses who dare spamming my systems is an indiscriminate (and, I must say, pleasant) part of it.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Your definition of false positives (5.00 / 2) (#35)
by The Artificial Kid on Tue Aug 05, 2003 at 08:00:40 AM EST

is completely screwed. I'm going to keep referring to people who have never sent spam but who are on spam blacklists as false positives. Your ideology is affecting your vision.

[ Parent ]
Let's try it this way. (4.66 / 3) (#37)
by Nova Reticulis on Tue Aug 05, 2003 at 08:27:09 AM EST

And I am going to call people who knowingly and willingly encourage ISPs that support spammers "accomplices" as opposed to "innocent victims". I am also going to keep reminding that it's not anyone's right to have their traffic sent outside of their ISP's WAN.

Wanna bet who's right?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

How do you know it's knowing and willing"? (3.00 / 2) (#142)
by The Artificial Kid on Tue Aug 05, 2003 at 03:47:55 PM EST

I, for one, would not think first about whether or not a company had hosted spam when choosing a host. It's really not important to me. What right do you have to try to MAKE it important to me through punitive listing?

[ Parent ]
Because (4.50 / 2) (#152)
by Nova Reticulis on Tue Aug 05, 2003 at 04:01:37 PM EST

I am a network administrator, and I know very well both how hard it is to set up a well configured email backend and what happens to those incompetent ones trying to do so and failing.

Despite of the popular trend, email administration is not a job for clueless. And I don't know a person who operates an email service that I can call clueless (I can name a few that *sold* email service and disappeared from sight that are as clueless as it gets with romanian hax0rs)

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Well, ... (5.00 / 2) (#186)
by Simon Kinahan on Tue Aug 05, 2003 at 05:25:07 PM EST

I've been reading this argument with some interest, and, to be honest, SPEWS seem somewhat arbitrary and elitist in their policies.

However, this post of yours demonstrates exactly the problem SPEWS are trying to solve by punishing the customers of ISPs who support spammers (and lets be honest - that is what they are doing). When you say your ISPs policies towards spammmers are not important to you: *that* is the problem. Are you one of those lucky souls who doesn't receive upwards of 20 offers of penis extentions, herbal viagra, porn (all varieties), incredible business opportunities, refinancing schemes for people in other countries, tax dodges, debt dodges, extraordinary bargains and so on, and so on and so on every day ? Or is it just other people's resources you don't give a shit about ?


Simon

If you disagree, post, don't moderate
[ Parent ]

well (5.00 / 1) (#605)
by /dev/trash on Wed Aug 06, 2003 at 09:50:24 PM EST

Until you can prove that each and every user of these ISPs known and understand that they are helping the SPAMMERs then I can't really agree with you.

---
Updated 07/20/2003!!
Summer Tour!
[ Parent ]
Your definition of false positive would be correct (5.00 / 4) (#50)
by L Satyl on Tue Aug 05, 2003 at 10:57:53 AM EST

if the SPEWS blacklist was defined as "a blacklist of ip's of known spammers". It is not. The definition of the SPEWS list is "a blacklist of ip's of known spamfriendly isp's". Therefore any mail sent from such an IP is correctly identified as an "e-mail from an ip address of a spam-firendly isp", not as spam. The admins implementing SPEWS should be aware of that distinction. If they are not, that is the problem of the admin in question, not SPEWS.

[ Parent ]
The point I was trying to make (5.00 / 1) (#83)
by Nova Reticulis on Tue Aug 05, 2003 at 02:39:40 PM EST

...is that the admins are aware of it.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I don't get it (4.00 / 4) (#39)
by L Satyl on Tue Aug 05, 2003 at 09:12:05 AM EST

I have a problem with admins subscribing to blocklists that contain false positives, thus affecting hundred or thousands of computers managed by people with no direct access to the mail system and no immediate knowledge of the blocking policy.
Why do you have a problem with "admins subscribing to blacklists that contain false positives"? I understand if you have a problem with *your* admin filtering *your* e-mail through a blacklist that contains false postives, but why do you care which blacklist *I* use? If I don't want to receive your mail, that's my business. Apart from that, your false positive is my collateral damage.

And finally, if they do it simply for a personal grudge then it is utterly unacceptable.
I have blacklisted somethingawfull.com on every server I maintain (I currently block about half the world). And yes, that is out of pure spite. Why should that be unacceptable to you? That is something for me and my users to decide, I couldn't care less what either somethingawfull.com or you think about that. Do you think anyone has the right to force me to receive e-mail?

[ Parent ]
Blocking (5.00 / 1) (#43)
by oconnoje on Tue Aug 05, 2003 at 10:16:14 AM EST

That is something for me and my users to decide...
Did you consult your users before blocking each subnet on your list? Are they aware that you currently block "half the world"?
--
KTHXBYE
[ Parent ]
Hell yes, they thank me for it. (4.50 / 2) (#47)
by L Satyl on Tue Aug 05, 2003 at 10:34:35 AM EST

I run a small server for me and my friends. About 80% of the e-mail on that server used to be spam. Currently, using spews & sbl & orbs & local blacklists, I get exactly 0 spams.

I also use an anti-spam option offered by my isp for my original e-mail address. It adds headers based on the sbl to the messages, which I can use in my mail client to filter the unwanted crap. Zero false positives, and about 1 spam every two weeks which gets through.

Finally I use SpamAssassin on the servers I maintain for work to quarantine suspected spam, again zero false positives, but about one spam a week.

There are plenty of blacklists and plenty of ways to use each blacklist. As an admin you have to weigh the false positives against the unstopped spams. There is no golden bullet. But to say SPEWS is unethical, is to miss the point entirely.

[ Parent ]
I don't care what you do for you and your friends (3.66 / 3) (#138)
by The Artificial Kid on Tue Aug 05, 2003 at 03:46:18 PM EST

Do anything you like. In fact if you're in direct contact with your users then you might as well use private lists since they'll be able to request access to anything they want. My problem is with people who manage large numbers of computers for people with whom they are not in direct contact and choose to bar email from whole ranges out of spite or as part of an ideological crusade against spam. I keep seeing people say "this is the only way to srike at hosts that allow spam". Why do you need to strike at hosts who allow spam?

[ Parent ]
They aren't supposed to be (4.00 / 4) (#148)
by Nova Reticulis on Tue Aug 05, 2003 at 03:56:27 PM EST

Network administrator is a damn hard and exhausting job. One of benefitting rewards is freedom of operation and no accountability.

I need to strike at hosts who allow spam because I have no means of striking at spammers. Spammers abuse the legal system (flawed society), get away with fraud (flawed society), enjoy privacy protections (flawed society), lie and don't get punished (flawed society), and on top of that, earn money on all of the above. I find it my obligation to eradicate the parasites by all means possible. Murder can be excused. With some complicated and twisted argument, even rape can be attempted to be excused. But there's no excuse for spam. And no punishment, as it happens.

Spammers are the purest form of parasites (communist parties dont even get close) ever known to humanity. If spammers were exempt from legal protection, I'd be getting a 12 gauge, and I don't care if the spammer is a pregnant woman. In fact, I know one pregnant woman spammer.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Wait, hold on. (5.00 / 1) (#736)
by 1019 on Thu Aug 07, 2003 at 10:59:57 AM EST

Did you just profess your willingness to shoot a pregnant woman with a shotgun because she's a spammer?

You certainly have been very vehement in this discussion, but it suddenly became very hard for me to take anything you say seriously when you casually connect sending spam e-mail and taking someone's life (or two, in this case.)

Alright, here's what you do. Turn off your monitor, and go get a breath of fresh air. I think you're in a little too deep, now.
---
"Voon", said the mattress.
[ Parent ]

YOU are confusing the issue (5.00 / 2) (#58)
by hanno on Tue Aug 05, 2003 at 12:25:36 PM EST

I have a problem with your users flooding the news.admin.net-abuse.email newsgroup in an attempt to make it unusable. You guys are shooting your own feet.

[ Parent ]
You have no idea what you're talking about. (3.66 / 3) (#67)
by CaptainSuperBoy on Tue Aug 05, 2003 at 01:21:19 PM EST

You have no idea what you're talking about - it's clear that you haven't done your homework on spam-fighting, or possibly you're just a spammer.

The fact that you suggest private blacklists over SPEWS shows your inexperience. Hosts usually go into private lists, but never come out, even if the ISP cleans up its act, or if the IP space becomes the property of a different company. This is a real problem affecting the usability of the Internet - private lists are bad! SPEWS, on the other hand, reviews its list and removes listings for ISPs that clean up. I should also point out that they make exceptions for collateral damaged sites such as SA - all SA had to do was promise SPEWS that it would change hosting providers by a certain date, and they would remove the block.

--
jimmysquid.com - I take pictures.
[ Parent ]

That's ransom! (4.00 / 4) (#78)
by Work on Tue Aug 05, 2003 at 02:35:00 PM EST

all SA had to do was promise SPEWS that it would change hosting providers by a certain date, and they would remove the block.

WTF? How could this ethical monstrosity ever possibly be considered a good answer? SA has the right to choose whoever they want to use. Because a few asshole nerds with too much time and power at their fingertips disagree with their provider is no way SA's fault, nor should it EVER have been or will be.

[ Parent ]

No it's not (4.00 / 4) (#95)
by ph317 on Tue Aug 05, 2003 at 02:56:23 PM EST


Think of this analogy:

Some people don't want to be around porn stores, and don't want their children around porn stores.  These people won't go to a strip-mall that has a porn store in it.  If you choose to open your dry-cleaning business in the same strip-mall as a porn store, you should expect less business than had you done otherwise.  Conscientious porn objectors either won't use your services just because of the proximity to porn, or they may actually think on the level of "by paying rent here, this dry-cleaner is supporting a property developer who allows porn stores, whcih I don't approve of".

If you want to be on everyone's whitelist, then don't associate with other business that make it onto a "blacklist" for a lot of people out there.

[ Parent ]

That's a poor analogy (3.66 / 3) (#146)
by The Artificial Kid on Tue Aug 05, 2003 at 03:50:32 PM EST

The means exist to block only the spammers. SPEWS is a deliberate effort to block anyone who is associated with anyone who is associated with the spammers. It's not so much like me building my dry cleaner's in a mall with a porn store. It's like I got my dry cleaner's built by the same company that built the porn store.

[ Parent ]
If you don't like how SPEWS operates... (3.66 / 3) (#287)
by Dimensio on Tue Aug 05, 2003 at 11:02:53 PM EST

Don't use it.

[ Parent ]
Dear ISP, (4.25 / 4) (#312)
by Zerotime on Wed Aug 06, 2003 at 12:42:12 AM EST

Please stop using SPEWS.

--Customer.


Dear Customer,

No.

--ISP.


Dear ISP,

Okay.

--Customer.

Yeah. Now you're going to give that hokey "change providers" response, aren't you?


[ Parent ]

Yes, I am... (3.33 / 3) (#319)
by Dimensio on Wed Aug 06, 2003 at 12:57:17 AM EST

What, you don't think that privately owned ISPs have the right to reject mail as they see fit?

[ Parent ]
Well, actually... (5.00 / 3) (#358)
by djotto on Wed Aug 06, 2003 at 03:21:41 AM EST

I know that in the UK, ISPs would love to have "common carrier" status - that is, to not be responsible for the content of their networks, like a telco or the Royal Mail.

Currently they're more like publishers - liable, at least in theory, for anything within their network.

It does strike me that if an ISP started filtering email, blocking on undesirable content (or origin), then they have abandoned common carrier status. They can't have it both ways.

Of course, I don't know of an ISP that forces filtering on it's customers - that's just a red herring. This is mostly about private businesses and users.

[ Parent ]

In the US... (3.66 / 3) (#565)
by Dimensio on Wed Aug 06, 2003 at 07:02:29 PM EST

ISPs are not considered "common carriers". I believe that this has been addressed in a few court cases.

If ISPs were granted "common carrier" status, then they would have little legal ability to filter spam (though an argument could be made that it's still legal because they're not filtering based upon actual content, but simply because it's well-established that they're blocking network abuse). Some spammers have tried to argue in the past that ISPs really are "common carriers" and that filtering is illegal as such, but then remember that all spammers are incredibly stupid.

[ Parent ]
In my ideal world (4.00 / 1) (#692)
by djotto on Thu Aug 07, 2003 at 06:41:11 AM EST

[Note: this is about ISPs, not private individuals or companies who can do whatever the hell they want within their own networks as far as I'm concerned.]

an ISP would be a common carrier (a phrase that doesn't occur in UK law AFAIK, but it's handy). They would have a duty to pass data unmolested to a customer, and in exchange they wouldn't be liable for that data. That includes hosting - if a page is libelous the customer who put it up should get nailed for publishing it, not the ISP.

Filters (child safety, anti-spam, whatever) would be an additional service an ISP could offer (something like how the post office offers mail redirection), but it would be the customer's decision to use that service, it wouldn't be forced on them.

I know the libertarian-leaning among us would prefer that such things are decided by contracts rather than legislation, but I'm not so naieve as to believe the market cures all ills. I would rather see fundamental rights like communication subject to some basic minimum-service requirements.



[ Parent ]
In MY ideal world... (4.00 / 1) (#743)
by Dimensio on Thu Aug 07, 2003 at 07:17:43 PM EST

identified deliberate e-mail spammers would be excecuted in a public square.

We don's always get what we want. It is much more cost effective to prevent spammers from making a connection to a mailserver than to let them send their crap and filter it after the fact. Blocking connections from known spam havens reduces costs for ISPs. I'm all for letting ISPs act as the private businesses that they are when it comes to denying incoming connections to third parties with whom they have no agreements. Apparently you believe that they should be forced to eat the cost of spamming from ISPs that allow criminals to run rampant on their networks.

[ Parent ]
Re (4.66 / 3) (#782)
by djotto on Fri Aug 08, 2003 at 05:10:04 AM EST

I doubt I'm going to get anywhere here, because it all comes down to whether you want a pure market, or you prefer a system with checks and balances. I've seen a pure market in operation, and I didn't like it much.

However... take a look at the US Telecommunications Act (1996). That law places a requirement on telcos to interconnect with each other, allow right-of-way, number portability, colocation, etc etc.

Internet access seems to have approached the importance of other utilities like phone service and gas - I probably couldn't find a job without net access, and I use email and IM more than I use a mobile phone, for example.

Again, I think legislating basic service levels - as happens with other utility companies - would be rather useful, and the telecommunications industry is probably the natural place to look for a model. The ISPs have to play nice with each other in the market, and in exchange they can't be pulled up on child porn charges. Seems like a fair deal to me.

Apparently you believe that they should be forced to eat the cost of spamming from ISPs that allow criminals to run rampant on their networks.

I believe the choice to block should be that of the end-user, not the ISP. That is all. I suspect 75%+ of end-users would choose to run with blocking on, if the choice was offered to them.

BTW, do you know of any ISP that forces SPEWS-based blocking on it's customers? It's just that I can't seem to find one, in which case most of this discussion is moot. I can't imagine any ISP whose customers trade into Asia using it, for example.



[ Parent ]
Thought that I replied earlier... (5.00 / 1) (#808)
by Dimensio on Fri Aug 08, 2003 at 10:24:41 PM EST

...apparently not.

Anyway...

If you want ISPs to be considered "common carriers" in the US, then write to Congress. Make your complaints known. Just understand that you might not like the end result -- as it could result in higher prices and lowered service quality. It could also result in higher taxes, since some locales would need to upgrade their telco equipment to handle the network traffic.

BTW, do you know of any ISP that forces SPEWS-based blocking on it's customers?

Forces? Well, given that SPEWS is a DNSBL, I'm not sure how it could be implemented on a user-by-user basis, though I suppose that a mailserver could be configured to drop a connection if a SPEWSlisted IP tried to "RCPT TO" a 'using' address, but not if the RCPT TO address wasn't on the list.

Also, if an ISP does a lot of business with Asia, they could whitelist those IPs while still filtering the other SPEWS listed domains.

[ Parent ]
Re: (none / 0) (#897)
by djotto on Tue Aug 12, 2003 at 09:46:01 AM EST

It's a little late, but for anyone who ends up here via Google or whatever, I came across this piece on Salon (access after viewing a commercial) about the Coalition of Broadband Users and Innovators.

"The Coalition and several of its member firms, acting separately, have already submitted to the Federal Communications Commission a number of proposals intended to bring to the broadband world a concept the Coalition calls "net neutrality." Proponents of the neutrality rules describe them as simple and straightforward: if the proposals are enacted, broadband providers would essentially be prohibited from "discriminating" between the various types of content that come into your home."

And a press release: The group [...] said in a letter to the FCC that "the Government must ensure that transmission network operators do not encumber relationships between their customers and destinations on the network."



[ Parent ]
Of course it's a poor analogy (none / 0) (#751)
by ph317 on Thu Aug 07, 2003 at 08:19:28 PM EST


Almost all analogies are :)  But consider someone maintaining a spam list, and you have an ISP which has netblocks for around a hundred thousand distinct IP addresses.  You have 1,000 of their IPs in your database already, you add new ones every day, and you know you're still not catching all the spam IPs from that big provider.  At what point do you say "fuck it, block the whole ISP"?  I don't think they've chosen bad points to do so.

[ Parent ]
I'm not suggesting private lists (5.00 / 2) (#132)
by The Artificial Kid on Tue Aug 05, 2003 at 03:42:34 PM EST

I'm suggesting public lists that don't list entire ranges like this. Can none of you understand that what I object to is the use of lists that attack the innocent along with the huilty? You're falsely identifying anyobdy who purchases hosting from a company that also hosts spam as worthy of targeting, because in your opinion your fight against spam is something so importany that it should be everybody's first consideration when choosing a host.

[ Parent ]
Those are useless (3.66 / 3) (#143)
by CaptainSuperBoy on Tue Aug 05, 2003 at 03:48:44 PM EST

I'm suggesting public lists that don't list entire ranges like this

Again you demonstrate your complete lack of research. Don't you think people would use those if they worked? ISPs are in SPEWS for a reason - because they are sleazy spam supporters. These ISPs are happy to move customers around within netblocks in order to avoid blacklists. This has happened.

These lists are also worthless in convincing ISPs to deal with their spam problem. You have to smack these idiots across the face and threaten their revenue in order to get them to boot their spammers.

--
jimmysquid.com - I take pictures.
[ Parent ]

Utterly useless (4.20 / 5) (#481)
by Jarad on Wed Aug 06, 2003 at 08:24:38 AM EST

Those kinds of lists have tried and failed.

Example:
  1. Cogent has a spammer on 192.168.0.33.
  2. 192.168.0.33 gets blacklisted.
  3. Cogent moves the spammer to 192.168.0.84.
  4. 192.168.0.33 gets delisted and 192.168.0.84 gets listed.
  5. Cogent moves spammer to 192.168.0.23.
  6. 192.168.0.84 gets delisted and 192.168.0.23 gets listed.
Repeat steps 5 to 6 ad infinium, inserting different IP addresses as you go. Do you understand now why SPEWS came about? SPEWS was created because some admins got sick and tired of ISPs like Cogent either ignoring complaints or just moving the spammer around inside their IP blocks and the regular RBL's being powerless to stop them.

[ Parent ]
All SA has to do (3.33 / 3) (#264)
by RipCurl on Tue Aug 05, 2003 at 08:14:58 PM EST

Actually all SA has to do is tell their hoster to get rid of the spammers and smarthost their email for the time being. And put a deadline on their host to boot within 48 hours or they themselves will be in breach of contract; SA can take their money owed to them by Cogentco and find suitble hosting elsewhere in less spam infested waters.

[ Parent ]
This SPEWS nonsense... (4.54 / 11) (#26)
by ti dave on Tue Aug 05, 2003 at 05:21:39 AM EST

will come to a screeching halt once Jeff K. gets involved.

Word on the street is that he's *pissed*.

I'm almost drunk enough to go on IRC. ~Herring

From news.admin.net-abuse.email: (3.83 / 18) (#30)
by L Satyl on Tue Aug 05, 2003 at 06:57:53 AM EST

I had nothing against somethingawful.com until you asshats showed up here in news.admin.net-abuse.email (and to a much lesser extent news.admin.net-abuse.blocklisting) representing them.

You fools are doing more damage to somethingawful.com than SPEWS ever could have done. By attacking this newsgroup, read regularly by people who manage some of the world's largest (and smallest and everywhere in between) mail servers, you have managed to get somrthingawful.com (and in many cases, all of 66.117.0.0/19 ) dropped into more "set it and forget it" local blacklists than you can POSSIBLY imagine.

Cogent might eventually clean out its spam sewers and the SPEWS listing may eventually go away; but somethingawful.com (and NHICOLO.COM) will live forever in the DENY lists I maintain.

All because of this atttack, initiated by Zack Parsons.

Wanna shoot your other foot now?
There are people who get it. For all the other people, there's the blacklist. My server, my rules, my blacklist. Get it?

Ha (3.33 / 3) (#101)
by The Turd Report on Tue Aug 05, 2003 at 03:02:07 PM EST

Every time I hear an 'admin' say this, I imagine some nerd sitting in his basement with his two networked computers furiously entering the network to be blocked in to his firewall. As if anyone from there visited his 'network' in the first place.

[ Parent ]
LOL (3.00 / 2) (#216)
by coryking on Tue Aug 05, 2003 at 06:22:26 PM EST

Exactly. The comic book store guy!!

Worst. Admin. Ever.

/lame, i know...

[ Parent ]

It's like I said to Nova R. ... (5.00 / 1) (#180)
by pyramid termite on Tue Aug 05, 2003 at 05:11:48 PM EST

... you guys are so eminently TROLLABLE.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
the funny part (5.00 / 1) (#558)
by Delirium on Wed Aug 06, 2003 at 06:55:27 PM EST

SomethingAwful coined the term "asshat." I was contemplating the possibility that the guy using the term knew that, but it seems more likely that he did not.

[ Parent ]
Not quite. (3.88 / 18) (#45)
by talorin on Tue Aug 05, 2003 at 10:23:21 AM EST

The problem SPEWS has is with SA's hosting, not with SA itself. Somethingawful happens to be a customer of a fairly well-known spamhaus, which is why they got caught in the blacklist. SA's admins complained, and when SPEWS wouldn't give them a special dispensation (read the newsgroups and tell me how often that happens) they ordered the Charge of the Retard Brigade on NANAE. You can argue all day about whether blacklists are good or bad, but ordering that newsgroup flood was a big mistake. I'm just surprised anyone thought that would work. Those newsgroups have been flooded and spammed by professionals.

The spamming of NANAE... (3.33 / 3) (#110)
by WolfSkunk RedWolf on Tue Aug 05, 2003 at 03:12:05 PM EST

...is marking SA as spammers themselves. Cox.net already kicked off several abusers from their network. Just read the group, they're not tolerating Usenet spam.

[ Parent ]
Heh. (3.66 / 3) (#120)
by talorin on Tue Aug 05, 2003 at 03:31:02 PM EST

I love their tactics.

1) Screaming gibberish
2) Pointless threats
3) Wailing about how this is somehow akin to genocide, racism, or fascism
4) Making fun of e-mail admins

Lather, rinse, repeat.  "This will convince everyone that our contribution to the internet is worthwhile!"  

[ Parent ]

What does usenet spam have to do with (4.00 / 3) (#147)
by The Artificial Kid on Tue Aug 05, 2003 at 03:55:12 PM EST

email spam? Some people from the SA forums were incensed about this and decided to act like idiots on nanae. That doesn't mean that somethingawful deserved its listing. Perhaps yo should think about a system that turns completely non-abusive, happy internet users into enraged assholes. You don't have the right to go around riling people up like that by blocklisting them for no good reason. It isn't NECESSARY to blocklist them. Listing of spammer addresses is perfectly adequate. SPEWS deliberately and knowingly lumps the innocent in with the guilty, sowing outrage and unhappiness as it does so, and then when people vent their frustration at such arbitrary punishment they are called "spammers".

[ Parent ]
You've missed the point (5.00 / 2) (#162)
by hawthorne on Tue Aug 05, 2003 at 04:24:19 PM EST

Somethingawful isn't listed - or at least not by SPEWS (there's no way of knowing how many private blocklists they've landed in). Their provider, however, is.

[ Parent ]
USENET abuse didn't start this... (3.33 / 3) (#285)
by Dimensio on Tue Aug 05, 2003 at 10:55:00 PM EST

SomethingAwful's leased IP space is not listed on SPEWS because of the SA Goons' attack on nanae.  It was listed on SPEWS because it is owned by a notorious criminal outfit known as "cogentco".

The USENET attack was a response to the perfectly valid and legitimate listing.  As a result of the attack, a number of admins are personally adding somethingawful.com's IP space to their deny filters.

[ Parent ]

I just pushed a very special button (2.50 / 8) (#46)
by debacle on Tue Aug 05, 2003 at 10:27:49 AM EST

And, by that, you should be able to note that I am anti-Spam.

It tastes sweet.
I'm Sorry. (5.00 / 1) (#70)
by The Turd Report on Tue Aug 05, 2003 at 01:57:31 PM EST

You seem to have confused being pro-'non-spam-getting-delivered' with pro-spam. I am also sorry that you can't see past your zealotry.

[ Parent ]
SpamCop (4.77 / 9) (#49)
by starsky on Tue Aug 05, 2003 at 10:39:51 AM EST

provides a similar service, but domains are removed from the blacklist 48 hours after the last spam report. Seems a good solution to this problem?

Your ISP supports spam... and you support your ISP (3.00 / 13) (#52)
by simul on Tue Aug 05, 2003 at 11:41:53 AM EST

You clearly don't understand SPEWS and why it's the only solution, right now, that works to put pressure on ISP's to remove spammers.

When laws change, maybe we won't need spews.... but then the government themselves would be in the process of shutting down your ISP anyway... and you'd be no better off..

Read this book - first 24 pages are free to browse - it rocks

Get a baysian filter (4.42 / 7) (#55)
by autopr0n on Tue Aug 05, 2003 at 12:01:28 PM EST

Preventing real people from sending email to people who want to get email from them is much worse then spam.


[autopr0n] got pr0n?
autopr0n.com is a categorically searchable database of porn links, updated every day (or so). no popups!
[ Parent ]
exactly (5.00 / 2) (#73)
by reklaw on Tue Aug 05, 2003 at 02:22:27 PM EST

That's what all the idiots running around here saying it's their own fault for using an ISP that supports spam don't seem to get.

Spam filtering should never stop people sending legitimate email -- if it does, then it has failed.
-
[ Parent ]

Yes (3.80 / 5) (#149)
by The Artificial Kid on Tue Aug 05, 2003 at 03:57:53 PM EST

The failed logical step is "we must fight spammers" rather than "we must stop spam". Suddenly penalising the users of spam-supporting networks becomes more important than actually maintaining email services.

[ Parent ]
Stopping spam support is part of stopping the spam (5.00 / 4) (#283)
by Dimensio on Tue Aug 05, 2003 at 10:52:35 PM EST

If spam-supporting networks are driven into bankruptcy or forced to reform, then the spam problem will be siginificantly reduced.

I see no problem with driving cogentco into bankruptcy given that they willingly allow their customers to perpetuate network abuse onto others.

[ Parent ]

Those work (4.66 / 3) (#74)
by djotto on Tue Aug 05, 2003 at 02:26:47 PM EST

at the end-point. They do nothing about the costs of forwarding and storing this junk across the network.

Spews and its ilk block nothing - they're just lists. Those who use them to block addresses do so purely voluntarily, working on the principle "my server, my property, my rules". If these people are so desperate to avoid spam that they're prepared to block legitimate email... surely that's their right?

[ Parent ]

Unless They Don't Know (3.00 / 2) (#96)
by The Turd Report on Tue Aug 05, 2003 at 02:57:15 PM EST

Many end users never know that their ISP is blocking wanted mail. You never hear that mentioned in all the 'Ra! Ra!' about various agressive dnsBLs.

[ Parent ]
Re: Unless They Don't Know (5.00 / 2) (#472)
by Jarad on Wed Aug 06, 2003 at 08:16:48 AM EST

That is because it is between the ISP and their users, and nothing whatsoever to do with SPEWS. If an ISP decides to use an RBL to block spam, that is that ISP's decision, not the RBL's.

I decided to use SPEWS on my mail servers. My customers are informed of this under the terms and conditions when they sign up. If they do not read the T&Cs, that is their problem. If they do have a problem with legitimate email being blocked, they come to me, not SPEWS.

Oh, and for your information, SPEWS has blocked 400,000 emails for me in the last 6 months, and I've had one complaint.

[ Parent ]
It's not (3.66 / 3) (#127)
by Nova Reticulis on Tue Aug 05, 2003 at 03:36:12 PM EST

because you are accountable to them. I mean, to your customers. But hey, you're not a customer of my company or anyone I know!

So why should everyone get a bayesian filter? Is it the same reason frea speach k00ks suggest to "just opt out" from a spam list I never subscribed to in first place?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Let's make this perfectly clear (3.00 / 3) (#151)
by The Artificial Kid on Tue Aug 05, 2003 at 03:59:43 PM EST

Somethingawful got bounced emails from advertisers and forum subscribers. Obviosuly SPEWS failed the customers of the admins who use it in bouncing somethingawful's mail. The question is whether or not the admins in question did anything about it. If "fighting" spam is more important to an admin than getting legitimate mail to customers then the admin isn't doing the job he or she is paid for.

[ Parent ]
Over and over. (3.80 / 5) (#156)
by Nova Reticulis on Tue Aug 05, 2003 at 04:12:51 PM EST

No.

SA got their email bounced. Beyond this point, no one cares. Internet is not a charity for morons who can't run a well planned business.

Hell, this is the best thing I ever said on the topic. Gotta put it in my sig.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Who Is Your ISP? (4.20 / 5) (#56)
by The Turd Report on Tue Aug 05, 2003 at 12:13:46 PM EST

All backbones support spam to some degree. Which spam supporter does your $ go to?

[ Parent ]
Interesting (1.80 / 5) (#567)
by awgsilyari on Wed Aug 06, 2003 at 07:07:44 PM EST

You clearly don't understand suicide bombing and why it's the only solution, right now, that works to put pressure on the Israelis to remove the settlements.

When the system changes, maybe we won't need suicide bombings... but then God himself would be in the process of shutting down the Israelis anyway... and we'd be no better off..


--------
Please direct SPAM to john@neuralnw.com
[ Parent ]

More about SA's provider (3.58 / 12) (#60)
by hanno on Tue Aug 05, 2003 at 12:36:22 PM EST

[Oh boy. K5 has changed and I wasn't used to the new form. Me sorry, very much.]

But now, more about SA's provider. Good lord, what a bunch spam-breeding dungpits this company is:

http://groups.google.com/groups?selm=vitf3gem9mrva2%40corp.supernews.com

Clueless and unoriginal (3.35 / 14) (#63)
by CaptainSuperBoy on Tue Aug 05, 2003 at 12:55:22 PM EST

You don't get it. Every single point you make in this article is posted by well-meaning newbies and spammers trying to be persuasive on nanae, every day. There is absolutely zero new thought in this article.

Think for a second how SPEWS subscribers are endpoints on the network, and it is their policy that determines what mail they accept. The accountability of SPEWS doesn't matter. Your right to frea speach doesn't matter.

--
jimmysquid.com - I take pictures.

Contact The ISP Blocking You (5.00 / 2) (#69)
by The Turd Report on Tue Aug 05, 2003 at 01:47:19 PM EST

You are correct as far as subscribers. This is why anyone who finds themselves in the middle of a collateral dammage listing on SPEWS to contact the ISP that is blocking you. Posting in NANAE is worthless, they will only tell you that it is your fault because you are supporting spam by paying $ to a ISP they do not approve of.

Contacting the end ISP, or the actual end user that you are emailing, (via hotmail or phone, if needed) and letting them know that legit mail is being blocked and that they may want to whitelist your servers IP or stop using SPEWS all together. If the ISP won't listen, contact the end user you are sending to. ISPs won't listen to any random peon off the street, but they will listen to their paying customers. Since SPEWS is wrapped up into a larger zone on Osirus, may admins do not even know they are blocking mail based on a list that aims to block legit mail from non-spam sources. Upon hearing that they are blocking legit mail, they will start using a more sane list.

[ Parent ]

+5; Funny (5.00 / 1) (#122)
by Nova Reticulis on Tue Aug 05, 2003 at 03:31:39 PM EST

"Frea Speach".

They just don't get it.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Not mine, sadly -NT (5.00 / 1) (#123)
by CaptainSuperBoy on Tue Aug 05, 2003 at 03:32:49 PM EST



--
jimmysquid.com - I take pictures.
[ Parent ]
Oh (5.00 / 1) (#129)
by Nova Reticulis on Tue Aug 05, 2003 at 03:37:24 PM EST

The "frea speach" is a widely known classical joke of NANAE. We actually have a live k00k using it right now (google for ``freespeechstore'' in nanae)

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

you have to remember (2.61 / 18) (#72)
by phred on Tue Aug 05, 2003 at 02:11:34 PM EST

that "email admins" are really low on the skills ladder, additionally, often grep personal email folders of their users for personal tidbits. If your organization has an entire position devoted to maintenance of email, you can bet theres a loser sitting in that seat. Of course they're gonna be an asshole.

Hope this clears some things up.

That's as lame as it gets. (3.50 / 2) (#137)
by Nova Reticulis on Tue Aug 05, 2003 at 03:45:36 PM EST

But then again you are a troll. No further response.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I like these kinds of posts (5.00 / 2) (#161)
by phred on Tue Aug 05, 2003 at 04:21:41 PM EST

no refutation, just a little bit of name calling. touche!

[ Parent ]
Moron (4.00 / 3) (#321)
by ender81b on Wed Aug 06, 2003 at 12:59:04 AM EST

Harsh language for a badly designed troll post.

I don't know what world you live in but here email is the single most critical part of an isp's business. The email guys are almost always long term employees who know their shit. They have to be because of the sheer volume of email that passes through mail servers nowadays.

 A friend of mine works for a local ISP as a sysadmin and their servers get roughly 2 million email messages a day (20,000 customers or so). You try building a machine(s) and system to handle that kindof load and have enough flexibity to handle the ever-increasing load which doubles every 6 months. Oh, also, the system has to have 100% uptime otherwise you will lose customers with every second of downtime their email can't get through.

Nothing nowadays for an ISP is harder to design and implement effectively than a effective email system. And nothing is more important in most cases.

[ Parent ]

my home machine (5.00 / 2) (#473)
by phred on Wed Aug 06, 2003 at 08:16:49 AM EST

can do well in excess of 2 million integer ops a second.

So anyways, this machine you built by hand, where'd you get your raw silicon? BTW, thanks for biting!

[ Parent ]

Integer ops aren't relevent (5.00 / 1) (#504)
by squigly on Wed Aug 06, 2003 at 08:55:16 AM EST

We're really looking at bandwidth - memory and disk, plus number of times data is copied.  

And I should hope your machine can do at least that.  My Amiga could do almost 1 million;)

[ Parent ]

SPEWS is destructive. (3.95 / 20) (#75)
by Work on Tue Aug 05, 2003 at 02:30:14 PM EST

There's a good exchange on FARK between zack parsons and a long winded SPEWS supporter.

The argument goes like this:

Zack: Why can't our IP simply be whitelisted? All we want to do is send out forum e-mails and contact our advertisers. We don't send spam. This is going to put us out of business. Real people will lose their jobs.

Other guy: Your ISP supports spammers. I advocate the vigilante murder of spammers (seriously, this guy went on and on about how he really wanted to kill them...). Get a new ISP, your ISP supports criminals.

The 'Get a new ISP' argument is the most illogical and asinine of them all. I choose an ISP for the service and price of it. What other people do with the ISP is their business. If someone sends spam through it, yeah that sucks, but in no way am *I* responsible for this. To use an analogy about 'criminal ISPs', since thousands of copyrighted file sharers use time warner (my ISP) is time warner a criminal ISP? Am I a criminal also for using them, even if I don't share files? So why are non-spammer users of ISP's that have a few spammers automatically criminals? This twisted fascist logic is prevalent among the SPEWS.

This is akin to the police rounding up an entire neighborhood because theres a single criminal amongst them.

Further, SPEWS has zero accountability. There is noone to turn to if you are accidentally listed, or in the case of SA, simple caught up in one of their long blocks.

This is destructive, both to the anti-spam cause and to the internet in general. The fascist control freak attitudes of some of these admins is appalling to think they have positions of power where they can block innocent users and entire legitimate small companies - where jobs and livlihoods are on the line. All in the name of preventing a few penis pump ads from getting to their inboxes, when in fact the spammers will simply pick up and move on and get through anyway.

The complete lack of ethics among these people is shocking. This is not how to solve the spam problem. You are quickly doing more to harm the internet, and people's lives in general, than the spammers are.

Well.... (3.75 / 4) (#77)
by djotto on Tue Aug 05, 2003 at 02:34:49 PM EST

Lets say I run a little server for a half-dozen domains. Just email accounts for friends and family, really. I own the hardware, pay for the connectivity, etc etc.

Are you suggesting I should be forced to accept all incoming email, regardless of it's source?

[ Parent ]

Privately no. (3.20 / 5) (#81)
by Work on Tue Aug 05, 2003 at 02:37:57 PM EST

Theres a big difference between a private list, and a public list. The operators of the public list, especially a popular one, have an ethical responsibility to see that innocent and legimate users are not blocked, and further, should not treat them as criminals just because they have a beef with their choice of ISP.

SPEWS wouldnt be a problem if there was a system of accountability and a way to handle the issue in an adult, rational manner.

[ Parent ]

Ethics (5.00 / 2) (#87)
by CaptainSuperBoy on Tue Aug 05, 2003 at 02:47:27 PM EST

SPEWS doesn't have an ethical responsibility to run their list in a certain way. The only responsibility they have is to be open and truthful about their listing criteria - and they do this. If they said they were a list of spammers, that would be wrong. But they are quite clear about their collateral damage policy. They will also unblock you if you demonstrate that you plan to drop your spamhaus ISP.

SPEWS wouldnt be a problem if there was a system of accountability and a way to handle the issue in an adult, rational manner.

Feel free to subscribe to a responsible ISP that doesn't use SPEWS - you'll never even have to worry about them again.

--
jimmysquid.com - I take pictures.
[ Parent ]

The Best Way To Deal (5.00 / 1) (#90)
by The Turd Report on Tue Aug 05, 2003 at 02:52:17 PM EST

Is to call the ISP that is running SPEWS. Many have either white listed my IPs, or stopped using SPEWS as a blocking list. They use it for tagging, but not outright rejections. many admins never know they are blocking wanted, legit mail with out a call to let them know.

[ Parent ]
Supporting spamhaus (4.50 / 2) (#98)
by CaptainSuperBoy on Tue Aug 05, 2003 at 02:59:02 PM EST

Your situation may have been different, but have you read the SPEWS record for SA's ISP, and the LARTs? NHICOLO hosts sites with names like 'greatoptinemail,' porn spammers, they let them stay up for months. They continue to host this well-known spammer Justin Su. Ignoring the SPEWS issue, wouldn't you choose not to support a spamhaus if you had a choice?

--
jimmysquid.com - I take pictures.
[ Parent ]
All Backbones 'Support' Spammers (3.66 / 3) (#163)
by The Turd Report on Tue Aug 05, 2003 at 04:25:23 PM EST

So, everyone on the net gives $ to spam supporting ISPs, when it comes down to it. Maybe not directly, but nonetheless. If you want to block spam, that is fine (and to be honest, even noble), but wanted, legit mail should not be blocked. I use dnsBLs, but I think collateral dammage is a Bad Thing.

[ Parent ]
I disagree (3.00 / 2) (#94)
by Work on Tue Aug 05, 2003 at 02:55:58 PM EST

Ethics is something we all should think about, especially in positions of power.

I don't believe its particularly ethical to demand users change their ISP's on account of the actions of others. This is just plain wrong. What if my new ISP has a couple spammers added to it after I join? Do I have to jump ship again? Do I have to keep doing this month after month? What will you do when all ISP's, strapped for cash, decide to let a few small time spammers slide? Destroy the internet? Because thats exactly what this is doing. When people can't exchange information between themselves, especially innocent ones, you've completely muddled the point of the net.

What about companies who have a long term contract with their ISP? And they signed this contract before any spammers were at the ISP. They can't change, at least not legally. So do the blocks continue, and thus driving said company out of business? This is outrageous!

These SPEWS admins need to pull their heads out of their ass. Some things out there are more important than their somewhat disturbing level of hatred of spam, to the point they're affecting lives completely unrelated to it.

[ Parent ]

Let's see (3.00 / 2) (#102)
by Nova Reticulis on Tue Aug 05, 2003 at 03:02:54 PM EST

I don't believe its particularly ethical to demand users change their ISP's on account of the actions of others
But you do believe that it's ethical to demand ISPs do not filter email by certain criteria they choose.

Smell a hypocrite.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I have never argued that. (5.00 / 1) (#104)
by Work on Tue Aug 05, 2003 at 03:06:57 PM EST

I have argued against a public, popular list with no recourse for those caught up in it unwittingly. Please read my other messages before commenting further.

[ Parent ]
Don't you see your fallacy? (3.00 / 2) (#108)
by Nova Reticulis on Tue Aug 05, 2003 at 03:11:00 PM EST

The list does not matter. It doesn't matter if 1000 admins compile 1000 lists or 10 admins compile 1 list and 1000 admins use it, as long as the outcome is the same. However you are arguing against the centralised list exactly because it's so much more efficient. By all logic you're not against the list because it's not accountable but because it's so much devastating.

Turns out, you're supporting spammers.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Oh, nonsense. (5.00 / 1) (#113)
by Work on Tue Aug 05, 2003 at 03:14:57 PM EST

Turns out, you're supporting spammers.

If you continue down this ridiculous logic lacking path I'm simply going to stop responding to your posts.

I am not arguing against a centralized list. I'm arguing against a centralized list with no accountability or recourse for mistakes or prevention of blocking of innocents. This cannot be more plain. You can continue to choose to ignore that, if you wish, but don't expect me to reply in kind, or convince anyone that I'm arguing something else.

[ Parent ]

Again (5.00 / 2) (#116)
by Nova Reticulis on Tue Aug 05, 2003 at 03:22:56 PM EST

All that matters is that
  1. The list is efficient in doing what its intended to do
  2. All participants fully understand the principles of the list and the premises and the consequences of its usage, thus explicitly and willingly agreeing with the list policies (and by way of that supporting and enforcing them).
As long as those two conditions are met, you can argue unethical and irresponsible behaviour by the participants, but not the list itself. They are met on both counts. SPEWS doesn't lie, and all admins are aware of its usage. Are you going to argue with thousands of admins who are surely to know better than you? Of course not. So what would you try to torpedoe down? Of course the list, nevermind the obvious logical flaw in such attempts. But it's not gonna work because everyone who is somehow related to the issue is well familiar with any and all arguments you could have presented and will debunk them in a fingersnap because they've done it a biljin times before.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

So... (5.00 / 2) (#164)
by Ken Arromdee on Tue Aug 05, 2003 at 04:28:54 PM EST

Suppose I put up a list of possible child molestors, and added your name to it and passed it out in your home town.

Would that be okay? After all, I didn't say you *are* a child molester. If someone who uses the list decides to treat people on the list like they are child molesters, when I clearly stated that that is not what is on the list, that's their fault for not understanding the list, not mine, right?

What if I made a list which includes both child molesters and left-handed people, properly labelled the list as "list of child molesters and left-handed people", I put you on the list because you're left-handed, and then I passed that list around?

I hope you'd agree that that's wrong. I can't escape blame by pushing that blame onto the user of the list. I created a list that I know or should know is very susceptible to misuse; when it then gets misused, that's partly my fault.

[ Parent ]

Libel (4.50 / 2) (#167)
by CaptainSuperBoy on Tue Aug 05, 2003 at 04:35:45 PM EST

That list would be libelous. Lawyers (maybe not Mark Felstein) are pretty much in agreement that spam blacklists are not libelous, though. Spammers have tried countless legal threats and lawsuits against blacklists, but they have never succeeded.

--
jimmysquid.com - I take pictures.
[ Parent ]
That's not libel (5.00 / 2) (#174)
by Ken Arromdee on Tue Aug 05, 2003 at 04:52:39 PM EST

If I make a list which contains child molesters and left-handed people, the list *is* accurate. You (hypothetically) are left-handed, and therefore it's true to say you are in the category "child molesters and left-handed people". Truth is a defense to libel.

Although it's literally true that everyone on the list belongs on it, I intentionally (or recklessly) made a list that's likely to be misused. I *knew* that someone would ignore the list description and treat it as a plain list of child molesters. Theefore, any misuse is partly my fault, even though the actual misuse is done by a third party.

[ Parent ]

Here. (5.00 / 1) (#188)
by i on Tue Aug 05, 2003 at 05:28:17 PM EST

A short bad poem:

I want to be happy
I don't want to communicate with someisp.tld
I don't want to communicate with anotherisp.tld
I don't want to communicate with somebodyelseentirely.tld
I don't want to communicate with thewholesouthernhemisphere.so.sue.me

Note that the poem is about me: what I want, and what I don't want. Not about what somebody else wants, does, or is.

Pray tell me, is it possible to misuse the poem? If so, how? Am I responsible if somebody, against all expectations, manages to misuse it? Finally, is it true that all analogies are more or less flawed?

and we have a contradicton according to our assumptions and the factor theorem

[ Parent ]

Yes. (none / 0) (#771)
by Ken Arromdee on Fri Aug 08, 2003 at 01:51:56 AM EST

You're not responsible if *against all expectations* someone misuses it.

Lots of things can be misused. But some things are more likely to be misused then others. If it's really against all expectations--that is, if the chance of misuse is low and you couldn't reasonably have anticipated it--then it's not your fault. But if you know ahead of time (or should have known) that it's very likely to be misused a lot, and you put it into effect anyway, then it *is* partly your fault.

That's the difference. Someone might misuse your poem in some weird way, but you couldn't have known that. But you *should* have known that a substantial portion of your audience would misunderstand your list and treat it as a pure list of spammers. If you distribute such a list, knowing that it'll be misused, then some of the blame for that misuse is yours.

[ Parent ]

I believe (5.00 / 1) (#353)
by djotto on Wed Aug 06, 2003 at 02:42:57 AM EST

that a more accurate analogy would be "a list of people who are currently abusing children, and those that rent them premises to do so."

You can still argue that it's not a desirable list to compile, because vigilante behaviour is bad news for society. But regular society has a functioning legal system, which the net doesn't yet have.

[ Parent ]

I wouldn't agree (3.33 / 3) (#307)
by Nova Reticulis on Wed Aug 06, 2003 at 12:29:56 AM EST

As usual, the analogy you offer is completely bogus. I suggest you make such a list and show it to anyone . The weird looks that you're going to get will explain you very well why your analogy isn't getting you anywhere.

Even if you took the "left handed people" off the list, it'd still serve you absolutely no good, because the list must contain correct and verified information. SPEWS does.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

The same argument applied to government (4.00 / 3) (#168)
by The Artificial Kid on Tue Aug 05, 2003 at 04:35:58 PM EST

leads to totalitarianism. "Civil rights don't matter as long as we make the trains run on time".

[ Parent ]
Government is public (4.50 / 2) (#306)
by Nova Reticulis on Wed Aug 06, 2003 at 12:25:31 AM EST

ISPs are private. You can make the government accountable when it conducts business improperly. A private company? Only within bounds of fair disclosure or when they're breaking the law.

See the difference yet?

Notice I am saying that you are not able to, not that you should or should not be.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Monopoly (3.00 / 2) (#568)
by pin0cchio on Wed Aug 06, 2003 at 07:08:26 PM EST

ISPs are private.

Not entirely. Private telcos are granted monopolies within city limits. What do you expect residential customers to do?


lj65
[ Parent ]
I can agree with you here (none / 0) (#665)
by Nova Reticulis on Thu Aug 07, 2003 at 03:52:52 AM EST

...on that the society needs Internet access. Maybe to the point it should be proclaimed a right and written so in law. Then, by the very definition, someone denying access or harassing users would be comitting a general crime. Spammers would go to jail. Everyone would be happy.

Do you know why it wouldn't work? Most spamming operations are already off shore. It's easier to blacklist Chinese netblocks entirely than to try and figure out who is behind spamming via chinese hosting.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Collateral (5.00 / 2) (#105)
by CaptainSuperBoy on Tue Aug 05, 2003 at 03:07:41 PM EST

What if my new ISP has a couple spammers added to it after I join?

I think it would take a hell of a long time before the collateral damage is expanded to affect your hosting. By the time you are affected, your ISP has proven that they completely ignore spam complaints. This isn't a 'few spammers,' although it only takes one to do untold damage.

What will you do when all ISP's, strapped for cash, decide to let a few small time spammers slide?

That will never happen. Spammers are a tiny minority of ISP users, and they cost ISPs more money than they bring in in revenue. This cost (bandwidth and abuse staff) is passed on to innocent users.

What about companies who have a long term contract with their ISP?

I agree this is a problem. In the very rare instances this has happened (it happened with Paetec / Monsterhut), the innocent company was whitelisted.

--
jimmysquid.com - I take pictures.
[ Parent ]

Monopoly (3.00 / 2) (#556)
by pin0cchio on Wed Aug 06, 2003 at 06:44:31 PM EST

Feel free to subscribe to a responsible ISP that doesn't use SPEWS

How is this possible in some geographic areas?


lj65
[ Parent ]
Interesting (5.00 / 3) (#91)
by djotto on Tue Aug 05, 2003 at 02:52:22 PM EST

What is this ethics of which you speak?

Spews publish the criteria by which they list IP addresses. It's not a list of spammers - it's a list of netblocks owned by ISPs who support spamming.

Admins (should) know how and why something gets put onto the list, and they can use that list for any purpose (most commonly for blocking) or choose to completely ignore it.

Nobody is being forced into anything, it's voluntary all the way.

You've already agreed that I can set up whatever local policy I want on my own server. If I choose to dump legitimate email (which I would never do, BTW - I don't agree with Spews' policies at all) by using Spews as a block list... I can't see what business it is of yours.

You may disagree with their criteria - but are you seriously suggesting they shouldn't have the right to publish that list?


[ Parent ]

Osirus BL (5.00 / 1) (#92)
by The Turd Report on Tue Aug 05, 2003 at 02:54:31 PM EST

They incorporate many lists in to one big list, but this is not documented very well and most software that enables it doesn't mention the false positives that SPEWS *will* cause. Many admins don't know they are using SPEWS to reject mail, but when told, quickly resolve the problem.

[ Parent ]
Yup (4.00 / 2) (#107)
by djotto on Tue Aug 05, 2003 at 03:09:28 PM EST

(and your other advice was very good, I thought.)

But should Spews be to blame because someone else is (ab)using their data? Be it a list-aggregator, or a single admin who started blocking mail without researching the blacklist criteria?

[ Parent ]

Nope (5.00 / 1) (#160)
by The Turd Report on Tue Aug 05, 2003 at 04:21:35 PM EST

That's why I don't recommend even trying to talk to SPEWS (not that you could anyway) or posting in their newsgroup. You should deal with the ISP that is doing the blocking. They are the ones who are really doing the blocking when it comes down to it.

[ Parent ]
But when you're blacklisted as part of C.D... (5.00 / 1) (#179)
by jeremy on Tue Aug 05, 2003 at 05:06:14 PM EST

Whom then do you talk to?  Do you talk to every ISP to whose users you'd like to deliver email?

I may not be an web admin, but God forbid I'd ever want the job if negociating with hundreds of thousands of ISPs to have my email delivered is part of the responsibility.

[ Parent ]

Not That Many To Talk To (5.00 / 2) (#181)
by The Turd Report on Tue Aug 05, 2003 at 05:15:25 PM EST

I had to talk to 2 ISPs when my company found themselves in a listing. One ISP blew me off, but I contacted the person we were really trying to mail to and explained what was going on. He talked to the ISP, and we were able to send mail there again. I have talked to a friend of mine that works for a large ISP, they have been listed and it resulted in a dozen calls. Luckily, I think most places that use SPEWS just use it to flag, or score (which is the only way I'd consider using it) instead of outright rejecting based on the listing.

[ Parent ]
uhm, no (3.00 / 2) (#139)
by Work on Tue Aug 05, 2003 at 03:46:33 PM EST

I never suggested they dont have the 'right' to distribute their list. But I do argue the way its administered and set up (mainly because of the lack of accountability and recourse) is broken, unethical, and destructive to the nature of the internet.

And likewise, many admins who implement it and simply dump incoming legitimate emails (or packets entirely) are similarly broken, unethical, and destructive to the nature of the internet.

[ Parent ]

Ok (5.00 / 2) (#166)
by djotto on Tue Aug 05, 2003 at 04:34:31 PM EST

I can agree with the substance of that, if not the wording, which is why I wouldn't use Spews to bounce mail (maybe to flag it). In fact, I doubt any service provider intentionally would dump mail on those criteria (I'm sure I'm about to be proven wrong).

Lets try a slightly different tack (without sarcasm, I am genuinely interested in your viewpoint).

How would you do it?

(Bear in mind that the people who run Spews seem to feel they've been driven to their current tactics - they're anonymous so they don't get nailed with frivolous lawsuits, and they list netblocks because listing individual IP addresses doesn't seem to do much good.)

[ Parent ]

i'm no expert. (5.00 / 2) (#199)
by Work on Tue Aug 05, 2003 at 05:43:16 PM EST

But I like this guy's ideas.

ideally, i think the client should take care of the filtering. Pour your resources into improving context based filtering and let the individual clients do the dumping. Widespread usage of this kind of filtering could make spam even further unprofitable. Since spam is entirely business related, it would likely reduce the numbers of it passing through the network.

From a sysadmin's POV, this doesn't halt the issue of spam eating bandwidth or disk space. I'll address that next.

Disk space depends on what kind of e-mail your organization uses. For POP3, most people delete e-mail on the server after its downloaded, so while the disk space may be consumed with spam, it would be temporary. That is unless you have alot of dead or rarely used accounts. In that case, you should have policies in place for when to wipe user's accounts out after a set period of time. Or set up some kind of forwarding policy. If you're using something like IMAP, then using a server-wide content filtering system as mentioned above would be effective.

For bandwidth, the only way to halt spam from consuming your bandwidth is by blocking packets at the router. If you use SPEWS to dump the e-mail by your e-mail server, its still consumed your bandwidth. So you'd have to block the packets directly. I think this is draconian and should be avoided, for the net's sake. Unfortunately there really is no good solution to this, for as long as spam flows, it flows and consumes bandwidth. The only way to halt it is to halt the initial spamming to begin with. As mentioned above, when your spammer's audience never exists as a result of good content filtering, the spam will be unprofitable and lessen somewhat.

Attacking users and their ISP's won't do much good, aside from causing spammers to jump from isp to isp, something they're readily willing to do. Attacking regular users just makes you a big jerk.

[ Parent ]

Well (5.00 / 1) (#348)
by djotto on Wed Aug 06, 2003 at 02:31:33 AM EST

i'm no expert

Indeed. Neither am I, though I do know how SMTP works. To be honest, I don't think there's much point in taking this discussion any further. I tried to write a reply, but it came over like I was just jumping on your mistakes, so I gave up and deleted it. I'll just leave one thing in:

If you use SPEWS to dump the e-mail by your e-mail server, its still consumed your bandwidth.

DNS-based rejection reduces bandwidth costs, because you're rejecting the connection before the email has been sent.



[ Parent ]
It already exists. (none / 0) (#846)
by DavidTC on Sun Aug 10, 2003 at 07:31:43 AM EST

It's called SpamAssassin.

-David T. C.
Yes, my email address is real.
[ Parent ]
We used to have a "better" list... (5.00 / 3) (#282)
by Dimensio on Tue Aug 05, 2003 at 10:43:55 PM EST

...it was called MAPS.  It had people who could be contacted.  It was slow to put IPs there, and there was very little collateral damage.  

MAPS was sued by a rich spammer who had a perfectly legitimate listing.  MAPS was effectively neutered.

We tried having people who could be contacted.  It failed.  SPEWS is the response.

SPEWS is accountable.  If they behaved irresponsibly, admins would stop using it.  Simple as that.  People only get pissed about it because it works exactly the way that it is supposed to work.

[ Parent ]

Yes I know. (3.00 / 2) (#284)
by Work on Tue Aug 05, 2003 at 10:53:44 PM EST

And I cover the admins themselves in this post. The problem is less to do with the list, than the fascist malsocials who implement and administer it. They represent the opposite (but no less extreme) camp on the fight against spam. The other end being the spammers themselves. Both are equally destructive and completely bankrupt ethically.

[ Parent ]
What about the fact that tamer lists have tried... (5.00 / 3) (#352)
by Dimensio on Wed Aug 06, 2003 at 02:37:07 AM EST

...and failed? You didn't address that fact. SPEWS remains anonymous and "unaccountable" (though they really are accountable) because a previous famous list was sued into uselessness over a completely legitimate listing. Further, why does everyone think that it would be better if SPEWS went away, leaving individual ISPs to drop Cogent and other spammer-friendly ISPs into their filters until "after the heat death of the universe", as opposed to "when they clean up their act" (as SPEWS delists as soon as that happens)? Does no one remember before we had centralized blacklists? Remember AGIS? They were a spammer-friendly ISP in the days before we had major blacklists. Individual ISPs dumped all of AGIS into their deny filters and were done with it. Even when AGIS cleaned up their act, they were still blocked by over half of the internet, and without viable IP space, they went bankrupt. SPEWS is preventing this. Would you rather see SA in a position where they will NEVER escape from blacklists, because they'll be in so many individual filters from which they will never be removed?

[ Parent ]
Accountability is still important (3.50 / 2) (#368)
by pyramid termite on Wed Aug 06, 2003 at 03:56:31 AM EST

Individual ISPs dumped all of AGIS into their deny filters and were done with it. Even when AGIS cleaned up their act, they were still blocked by over half of the internet, and without viable IP space, they went bankrupt. SPEWS is preventing this.

Because some anonymous people say so? Why should we trust shadowy and uncontactable people to do the Right Thing? Would you trust a business or a government that operated that way?

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
SPEWS is not a government... (4.50 / 2) (#563)
by Dimensio on Wed Aug 06, 2003 at 07:00:34 PM EST

...and SPEWS is not a business. SPEWS is a voluntary service. If an ISP does not like how SPEWS fuctions, that ISP if perfectly free not to use SPEWS. No one forces ISPs to filter their mail based upon SPEWS.

Once again, if you have a better method, one that will be effective even when rich criminals threaten litigation, please present it.

[ Parent ]
No (4.66 / 3) (#100)
by Nova Reticulis on Tue Aug 05, 2003 at 03:00:46 PM EST

They do not. It does not matter that you Really Really Really Want (TM) them to be accountable to you.

SPEWS represents my opinion. I fully and explicitly agree with everything SPEWS does. So do other admins. Who are you to tell me how to run my systems? SPEWS doesnt run my systems. I run my systems. Please come forward and face me: what makes you think you are going to tell me, or my colleague, or all of them how to run their systems?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I won't. (5.00 / 1) (#103)
by Work on Tue Aug 05, 2003 at 03:05:36 PM EST

But I won't hesitate to call you ethically priority lacking if you think network-wide blocking the communications innocent and legitimate people is a solution better than receiving pieces of spam.

[ Parent ]
And my boilerplate response would be (3.66 / 3) (#111)
by Nova Reticulis on Tue Aug 05, 2003 at 03:12:24 PM EST

"Who let this man into my network operations center? Someone call the security".

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Jesus (3.50 / 4) (#221)
by coryking on Tue Aug 05, 2003 at 06:29:48 PM EST

Who the fuck put you in charge of a network? Dude - you run a bunch of machines - you are not as important as you think you are.

[ Parent ]
Respect your techs (4.50 / 2) (#423)
by Jarad on Wed Aug 06, 2003 at 07:01:27 AM EST

What you just said was akin to saying "Aiport check-in staff? That's just a bunch of people, they're not important as they think they are."

But as was shown to British Airways recently, you hire those people for a reason. If they stop working, the company grinds to a halt.

[ Parent ]

So (3.50 / 6) (#79)
by CaptainSuperBoy on Tue Aug 05, 2003 at 02:36:11 PM EST

What are you (or Zack) going to do about it? Nothing. There's nothing you can do, so deal with it.

Also - a few penis pump ads? My mom receives about 100 pieces of spam a day. We don't know how she got on all these lists. Spam is a problem and SPEWS is currently the best solution.

--
jimmysquid.com - I take pictures.
[ Parent ]

I'm not going to 'deal' with it. (4.20 / 5) (#86)
by Work on Tue Aug 05, 2003 at 02:46:34 PM EST

I'll say whatever I want to about it. And I say its destructive and the people who manage it are unbalanced and irrational jerks. Spam is a problem - no doubt about that. But this is a case where the cure is at least as bad as the disease.

[ Parent ]
Well you see what the problem is... (3.00 / 4) (#97)
by Nova Reticulis on Tue Aug 05, 2003 at 02:57:54 PM EST

I am an email administrator. My opinion matters. What I do matters.

You're not my customer. Your opinion doesn't. You purchase a service from a service provider the way service provider deems fit. So much for the wonders of capitalism.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

To Be Honest (5.00 / 2) (#88)
by The Turd Report on Tue Aug 05, 2003 at 02:49:20 PM EST

There are plenty of ways around a SPEWS collateral dammage listing. Zealots will only parrot the "Leave your provider!" one, but there are other ways.

[ Parent ]
Dealing With A Collateral Dammage Listing (4.83 / 6) (#85)
by The Turd Report on Tue Aug 05, 2003 at 02:45:38 PM EST

the pro-SPEWS camp will only tell you to leave yor provider as a solution.  They don't tell you all the options for dealing with a listing.  They will only tell you the solution that allows SPEWS to keep what power it has.  

Complain To Your Provider: If your provider was going to remove the customer that SPEWS is complaining about, they would have or may be in the process of doing so. So, talking to your upstream may not do much. Your provider may be able to move you to a non-listed block, but ARIN hasn't been giving out IP space like they used to.

Move To a New Provider: Getting out of your current contract may or may not be easy to do. And there is no promise that your new proviser will not be listed at some time in the future. Since SPEWS aim is for collateral damage, you might find yourself near a spammer again and you will be right back where you started. All ISPs get their connectivity from a 'Tier-1' provider at some point and all 'Tier-1' providers have spammers on their networks.

Use a Smarthost For Outbound Mail: You can set up you r current SMTP servers to use a smarthost. There are companies that offer smarthost services, or you can put up a smarthost for your network. You will need a machine that is hosted on a different network. (Make sure that machine is not in a blacklist!) Set that machine to only send out mail that is from your mail servers on your SPEWS listed network. This will cost you some money, but it should put an end to any problems a SPEWS listing has caused.

Ask Blocking SMTP Server To Whitelist:Not all mail admins know that they are blocking legit mail. If your mail is being refused by 'example.com', call 'example.com' and ask if they are aware of the fact that they are dropping legit mail. If 'example.com' is a business partner or client, they will want to know about this. Most innocent 3rd parties that find themselves in SPEWS are only blocked at 2-3 domains/servers and calling the people who are doing the blocking will take care of the problem.  If the ISP won't listen to you, contact the end user you are emailing to.  Let them know that their legit mail is being blocked by their ISP.  ISPs will listen to teir paying customers.

Ask SPEWS To Open a Hole In Listing: You can ask SPEWS to open a hole in their listing to allow your mail thru. You will have to post in the news group 'news.admin.net-abuse.email' to do so. Keep in mind that this is UseNet. Anyone can post and anyone does. Some posters will be helpful and some will just flame you to a crisp. Talk to those who are helpful and don't even bother replying to those who flame you.

[ Parent ]

You almost got it right (3.00 / 4) (#93)
by Nova Reticulis on Tue Aug 05, 2003 at 02:55:35 PM EST

Except for the part of asking SPEWS to open a hole. SPEWS has never opened a hole for anyone, and never will. SPEWS will not engage in discussions and there is no way to contact it. It's been asked thousand times. It was explained thousand times. SPEWS does not whitelist anyone. Not for any reason. Ever.

And please don't blame the anti-spam community for withholding the vital information. Obviously you haven't read the SPEWS FAQ, let alone spent any time in NANAE. Everything you prescribed here except for begging SPEWS to whitelist anyone is, again, explained to newbies at least 10 times every day.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

You Might Want To Read NANAE Yourself (5.00 / 1) (#159)
by The Turd Report on Tue Aug 05, 2003 at 04:19:39 PM EST

There have be a *few* (maybe one) cases where an ISP that was able to show that their block was seperated from a spammers block (via ARIN swip) that a hole has been punched.  

Since you are not SPEWS, you wouldn't know what they will and won't do anyway, right? ;)

[ Parent ]

Gee, that's not what I've heard... (5.00 / 1) (#281)
by Dimensio on Tue Aug 05, 2003 at 10:38:40 PM EST

I've heard (and seen) that SPEWS would temporarily lift an IP range should the innocent party on that range announce a plan to leave their spam-friendly scum-scuking ISP by a certain date.

SPEWS will not, however, whitelist someone just because they're 'special'.

[ Parent ]

Special isn't the word you're looking for ... (3.00 / 2) (#369)
by pyramid termite on Wed Aug 06, 2003 at 03:58:44 AM EST

... "innocent" is.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
No, "special" is the right word (4.66 / 3) (#530)
by Dimensio on Wed Aug 06, 2003 at 04:50:18 PM EST

SPEWS listings do often cover "innocent" parties hosted on spam-friendly ISPs. This is by design. SPEWS has not made exceptions for IP blocks allocated to "innocent" parties for any reason other than an announced timetable for relocation. Demanding that SPEWS do this for SA when they haven't done this for anyone else is asking for special treatment for SA. Fact is, cogentco made this mess by becoming a cesspit from which no one wants mail. The best place to go to have SA's problem resolved is cogentco. When they clean up their spammers, SA's mail will no longer be blocked by people who filter with SPEWS listings.

[ Parent ]
WRONG. (3.00 / 4) (#279)
by Dimensio on Tue Aug 05, 2003 at 10:34:25 PM EST

I suggested:
Moving.
Asking ISP to kill the spammers.
Asking INDIVIDUAL ISPs to whitelist (SPEWS will not whitelist someone just because they are "special").
Announce a plan to leave cogentco by a certain date.   SPEWS often puts a little hole in their listing until that date when such an announcement is made.
Route mail through a smarthost.

All of those suggestions frequently appear on nanae.  The three most common suggestion INCLUDES the one to use a smarthost.  You are either incredibly ignorant or lying when you claim that SPEWS supporters never offer those options.

[ Parent ]

Monopoly (3.66 / 3) (#553)
by pin0cchio on Wed Aug 06, 2003 at 06:30:36 PM EST

I suggested: Moving.

Practical?


lj65
[ Parent ]
You completely ignore my point... (2.66 / 3) (#562)
by Dimensio on Wed Aug 06, 2003 at 06:59:03 PM EST

Someone said that the only way provided to escape the SPEWS list was to move to another provider. This was false, and I provided a list of the various means by which the SPEWS filtering could be avoided. I included "moving" on the list because that is one of the three most common solutions offered.

[ Parent ]
OK, now I understand, but... (5.00 / 2) (#576)
by pin0cchio on Wed Aug 06, 2003 at 07:32:29 PM EST

Thank you. Now I see your point, and I will address the other options you gave.

Asking ISP to kill the spammers.

What swing does an individual residential customer have with an ISP the size of Comcast or Road Runner?

Asking INDIVIDUAL ISPs to whitelist

If an individual residential customer doesn't have much swing with his own ISP, what makes you think non-customers will?

Announce a plan to leave cogentco by a certain date.

Which is the same as "moving".


lj65
[ Parent ]
Overall, not my problem... (3.00 / 2) (#603)
by Dimensio on Wed Aug 06, 2003 at 09:28:27 PM EST

What swing does an individual residential customer have with an ISP the size of Comcast or Road Runner?

I don't know. In this case, it's an ISP the size of cogentco. No matter which ISP it is, however, the customer asking the ISP to clean up its act is a paying customer. That's a little more leverage than the non-customers who originally complained about the abuse. Maybe it takes a paying customer to ask cogentco to clean up their nest of criminal spammers, because they sure as hell haven't listened to the ones receiving the abuse.

If an individual residential customer doesn't have much swing with his own ISP, what makes you think non-customers will?

If he's polite enough, some ISPs will accomidate him. It is their decision, however.

Which is the same as "moving".

Well, yes. You did not, however, address the notion of routing mail through a smarthost (which is on the "top three" list).

[ Parent ]
What is 'smarthost'? (5.00 / 1) (#620)
by pin0cchio on Wed Aug 06, 2003 at 11:04:57 PM EST

You did not, however, address the notion of routing mail through a smarthost (which is on the "top three" list).

That's because I have no idea what a "smarthost" is, and a Google search didn't immediately turn up anything relevant. For instance, this kind of SmartHost(tm) is a web hosting management tool. There were a few references to "smarthost" that refer to Sendmail forwarding capability, but I couldn't get a clear idea of exactly what it is, definitely not like.

Is a "smarthost" anything like renting an e-mail account on somebody's server? Because that's what I already do, to a point. However, I don't expect Mildred Sixpack to consider this route, especially if the monopoly cable ISP blocks outgoing port 25 to control mass-mailing viruses.


lj65
[ Parent ]
Smarthosting... (5.00 / 1) (#658)
by Dimensio on Thu Aug 07, 2003 at 01:49:10 AM EST

Involves having your mail sent through a third-party, yes.

If the cable company filters on port 25, find a workaround. You could use a web-based mailer or find a place that lets you go in via ssh and send mail through a UNIX shell.

[ Parent ]
Whitelisting (none / 0) (#673)
by squigly on Thu Aug 07, 2003 at 05:02:51 AM EST

If an individual residential customer doesn't have much swing with his own ISP, what makes you think non-customers will?

A complaint that emails aren't getting through should be taken fairly seriously.  Especially for a company like SA which may have many recipients in that ISP.  Asking the customers to persuade them to ask their ISP to whitelist (or stop using a blunt instrument like spews) shuldn't be too hard, apart form the fact that sending them an email in the first place  will require a workaround.

[ Parent ]

Standard defense against bogus arguments (3.83 / 6) (#89)
by Nova Reticulis on Tue Aug 05, 2003 at 02:51:49 PM EST

  1. You rent an appartment in a building full of crack dealers and whores.
  2. Every time you order pizza, the pizza boy gets beaten up and mugged.
  3. Consequently, the pizza house refuses to deliver pizza to you.
  4. You're fucked
  5. Some pizza house managers get together and compile a list of areas where pizza should not be delivered.
  6. More pizza, Sbarro, Burger King and other businesses use this list.
  7. Anyone who's trying to enter the private property where the office managing the list resides is stopped by security and those slipping through are charged with threspass.
  8. You're fucked.

Do you seriously think you have a right to order pizza?

When are you going to understand that no one cares about jobs and livelyhoods being potentially lost? Telemarketing business in US is going to die. 2 million jobs are 'estimated' to be lost. Who cares? Legitimate small businesses will fall victim of spammers and the flawed society structure, not the people who are trying to defend their property.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

I won't lose my job if I can't order pizza. (3.00 / 4) (#99)
by Work on Tue Aug 05, 2003 at 02:59:29 PM EST

And neither will my co-workers and others with jobs completely unrelated to the issue.

Your analogy is flawed simply because of that plain fact.

[ Parent ]

Uhm, yes you're right... (2.60 / 5) (#106)
by Nova Reticulis on Tue Aug 05, 2003 at 03:08:03 PM EST

but what makes you think I or anyone else care about your job? You still don't have a right to be surely employed. And I still don't have to support YOU in case you aren't.

This debate is like an ACL priority really. I care for entire Internet and am willing to sacrifice comfort of some. You care for the comfort if some and are willing to jeopardise everyone else.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Spam vs. Jobs (3.50 / 4) (#109)
by Work on Tue Aug 05, 2003 at 03:11:54 PM EST

I personally think the livlihoods of the employees of small companies (they're the ones really at the mercy of this) outweigh the 'comfort' of not receiving penis pump ads.

Make no mistake, I dislike spam alot. I get 50-100 a day at least. But my client filter catches most of it. A solution should be worked on, but network wide banning and blocking isn't it.

[ Parent ]

Jobs can't outweight spam (2.00 / 4) (#114)
by Nova Reticulis on Tue Aug 05, 2003 at 03:16:50 PM EST

for the same reason apples can not outweight toy water pistols.

The fundament of your argument is flawed. You're saying that agressive blacklisting will cost jobs and livelihoods (which is factually unlikely anyway), completely ignoring the fact that something must be very wrong with the society if one has to retract from fighting injustice in order to prevent more injustice and that something must be the very reason spam exists. You have to look into the cause, not the sympthom. SPAM IS A SYMPTHOM. Someone losing jobs due to other people fighting spam is a sympthom too

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Wow (5.00 / 4) (#198)
by TheOnlyCoolTim on Tue Aug 05, 2003 at 05:43:04 PM EST

Cool post. It makes absolutely no fucking sense whatsoever.

Tim
"We are trapped in the belly of this horrible machine, and the machine is bleeding to death."
[ Parent ]

thank the spammers (3.66 / 3) (#134)
by creepster on Tue Aug 05, 2003 at 03:43:00 PM EST

the cost of spamvertising is borne by the recipients who pay for connectivity. it consumes space on isps' mail servers and forces the administrators of those servers to deal with millions of unwanted and unsolicited bytes of garbage on a daily basis. theft of productivity and viability of these machines is probably the most egregious type of theft that spammers perpetrate. *thousands* of users "just hitting delete" does not solve the problem for the isps and the server admins. the spam is still downloaded at the recipients' expense. spammers use email in ways that violate terms of service, acceptable use policies, various u.s. laws, and users' sensibility. spam is advertising via a medium that is not intended for broadcasting to large groups of people. they obfuscate/forge headers and have exploitated smtp's allowance for relays and intermediaries. smtp needs to be reworked if spam is to be stopped on a higher technological level. in the meantime, blocklists provide a retalliatory measure against spammers' abuse of smtp and they negate isps' obligations to deal with unwanted traffic. in conclusion, it's sad that the energetic (if not hot-headed) folks who enjoy somethingawful.com didn't focus their anger on the providers who sold them broken smtp service. cogent and nhi both knew that their listings were doomed to wind up in spews' lists. they knew why. they chose to let the victims swing in the breeze. if i ran somethingawful.com, i would be screaming at my isp's sales reps, demanding refunds for failure to provide services, and smearing their names to whatever publications would listen. spamming is a nuisance that should not be tolerated by people who pay for connectivity. it's a shame that s.a.'s loyalists don't see that spammers caused them this grief.

[ Parent ]
I agree... (3.75 / 4) (#280)
by Dimensio on Tue Aug 05, 2003 at 10:36:16 PM EST

Your job is probably more important than you avoiding penis pump ads.  Unfortunately for you, you don't work for me and I'm not financially dependent upon you, therefore your job isn't my concern.  If blocking your ISP's mail because your ISP is friendly to spammers costs you your job, then the problem that you have is with your ISP for creating a situation where no one wants their mail.

[ Parent ]
Explain how you will lose your job. (2.80 / 5) (#380)
by gordonjcp on Wed Aug 06, 2003 at 04:37:19 AM EST

Why will you lose your job because Something Awful can't send email to people who use SPEWS? Lots of people don't use SPEWS. Some people do, presumably people who don't want to hear from you. Get another ISP, or get another job. Your local pizza place is probably hiring.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Food service pays peanuts (3.00 / 2) (#554)
by pin0cchio on Wed Aug 06, 2003 at 06:36:40 PM EST

Get another ISP, or get another job.

That may be OK for commercial virtual hosting or colo, but for residential customers, nyet.

Your local pizza place is probably hiring.

I know it's not your problem, but a full-time food service job usually isn't enough to pay the rent and feed a spouse and kids.


lj65
[ Parent ]
You live in an interesting world, hormel boy (4.75 / 4) (#521)
by dorquemada on Wed Aug 06, 2003 at 09:38:48 AM EST

That's a spiffy analogy, but for something that isn't SPEWS and spam. Muggers have faces, identities, and can be identified and/or stopped in the commission of what they do. We've got an organization that collects evidence, finds them, and incarcerates them. That organization is called the police, and if they were to try some radical solution along the following line of thought:

'All the reported muggers we've received from the 1500 block have been Spanish-speaking Hispanics. We lack the manpower to investigate each report, so to stop the problem we'll round up and arrest all the Spanish-speaking Hispanics present in that area. That will solve the mugging problem for the time being.'

they'd be accountable to the city council and judicial system directly and the voters indirectly. While that solution would almost certainly solve the problem, it should under no circumstances be considered worthwhile. Learning English or moving out of the area (or becoming a vigilante yourself) isn't a viable solution for those affected.

[ Parent ]
SPEWS (3.50 / 8) (#118)
by tranx on Tue Aug 05, 2003 at 03:29:04 PM EST

How long before we get a similar service for the edit queue?


"World War III is a guerrilla information war, with no division between military and civilian participation." -- Marshall McLuhan

Scenario: (reposted as topical, whoops) (3.53 / 15) (#124)
by awgsilyari on Tue Aug 05, 2003 at 03:33:09 PM EST

You are the customer of the only ISP in a remote Pacific island country. This ISP allows spammers to spam through their network. SPEWS blacklists this ISP, and tells you to shove it, and get a new provider.

Problem is, there is no other provider.

Are you willing to effectively disconnect the Internet from a small country, fucking everyone who lives there, just to avoid Viagra emails?

Please, somebody show me how this is ethical.

Just to inflame the issue further, let's say the evil dictator of said country intends to have you executed. You fire off a fervent email to relatives in the United States: "President Kafabi has me on his shitlist, please send money immediately so I can escape his grip." A nice bounce message comes back: "Your ISP has been determined to support spammers. Please switch to another ISP. HAND."

Unable to escape the country, you are executed the next week.

--------
Please direct SPAM to john@neuralnw.com

Scenario - Resolved! (3.60 / 5) (#131)
by Scuttle on Tue Aug 05, 2003 at 03:39:32 PM EST

>SPEWS blacklists this ISP, and tells you to shove it, and get a new provider

You spend five minutes on google looking for reputable companies that will host your email. You sign up. You live happily ever after.



[ Parent ]
Scenario: still not resolved (3.20 / 5) (#141)
by awgsilyari on Tue Aug 05, 2003 at 03:47:20 PM EST

You spend five minutes on google looking for reputable companies that will host your email. You sign up. You live happily ever after.

The spam-friendly ISP in question holds an iron grip over its users, and transparently proxies all outgoing connections (hey, it's government controlled, after all). It blocks any connection whatsoever to any free, web-based email system, as well as outgoing connections on port 25. How else is the government supposed to monitor the email activities of its citizens?

And if you think shit like that isn't happening right now, you're totally clueless.

Hint: the entire world is not as free as the US. All you can think of is your own personal inconvenience, while countries struggling to achieve technological independence get caught in the crossfire.

--------
Please direct SPAM to john@neuralnw.com
[ Parent ]

You know... (3.33 / 3) (#153)
by CaptainSuperBoy on Tue Aug 05, 2003 at 04:02:53 PM EST

Unencrypted e-mail through your national ISP (that has a team of scientists analyzing every packet for signs of rebeliousness) is a colossally bad way of pleading for refugee status. If they had the massive resources required to block all possible e-mail paths out of the country except the national spam relay, I'd suck it up and find another way to broadcast my sad cry for freedom.

--
jimmysquid.com - I take pictures.
[ Parent ]
Flawed Scenario (4.00 / 4) (#173)
by Urthpaw on Tue Aug 05, 2003 at 04:40:03 PM EST

If the government is scanning all outgoing e-mail, then any requests for aid in escaping are going to be useless-- the government will block them.

In any case, why not just use Triangle Boy?

[ Parent ]

Riiiiiight... (4.33 / 6) (#278)
by Dimensio on Tue Aug 05, 2003 at 10:31:06 PM EST

Absurd scenario.

What if you just received a contact for someone who can save your life, but because your inbox was stuffed with thousands of e-mail spams, it was lost -- but had your ISP filtered with SPEWS, those spams would never have arrived?

See, I can make up outlandish situations as well.

[ Parent ]

Scenario: Who gives a fuck? (3.66 / 3) (#384)
by gordonjcp on Wed Aug 06, 2003 at 04:43:12 AM EST

Suppose you're locked in a heavily insulated shipping container, where no sound can escape. At 12pm, someone is going to flood the shipping container with nitrogen and you will suffocate. However, the only means you can communicate with the outside world is through the person who is going to crack the valve on the nitrogen bottle. How do you ask for help?

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Exaggeration (4.50 / 2) (#135)
by CaptainSuperBoy on Tue Aug 05, 2003 at 03:44:25 PM EST

Are you willing to effectively disconnect the Internet from a small country, fucking everyone who lives there, just to avoid Viagra emails?

SPEWS doesn't 'effectively disconnect' anyone. It allows a minority of Internet sites to block e-mail from ISPs who send spam.

--
jimmysquid.com - I take pictures.
[ Parent ]

https to hotmail, duh [n/t] (4.00 / 3) (#169)
by grout on Tue Aug 05, 2003 at 04:36:33 PM EST


--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Your friendly dictator blocks it, duh [nt] (4.00 / 2) (#171)
by awgsilyari on Tue Aug 05, 2003 at 04:39:03 PM EST



--------
Please direct SPAM to john@neuralnw.com
[ Parent ]
Your scenario has become totally implausible (2.33 / 3) (#176)
by grout on Tue Aug 05, 2003 at 05:01:47 PM EST

There is no realistic scenario in which port 25 connections from a SPEWS-listed netblock is the only possible way to communicate. Anyone who's smart enough to block 443 is going to block 25 as well. Hell, they're more likely to block 25 because the idea of "restricting outgoing mail" is already close to the hearts of all dictators.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
sorry for the run-on (3.00 / 3) (#136)
by creepster on Tue Aug 05, 2003 at 03:45:17 PM EST

where are the carriage returns?

What? (2.85 / 7) (#140)
by lonemarauder on Tue Aug 05, 2003 at 03:47:00 PM EST

When blocking spam becomes more important than maintaining the smooth and effective operation of the system then the system is breaking down.

Whose system?

When administrators are concerned more that spammers be punished than that users enjoy reasonably uncluttered access to email, the system is breaking down.

Spammers are allowed to reasonably clutter the e-mail boxes of all users?

And when admins are so zealous about stopping spam that they are prepared to threaten retribution against spammers by both legal and illegal means, the system is breaking down.

This is where innocent presumption becomes steaming bullshit. When something like 50% of my network's resources and related expenses are directly related to your illegal advertising efforts, you had better damn well believe I am prepared to seek legal retribution against you.

Furthermore, as the law hasn't yet been able to deal effectively with sheer scope and severity of the spam menace, you have a very weak argument in speaking against illegal methods of dealing with it.



Everyone's System (5.00 / 1) (#190)
by The Turd Report on Tue Aug 05, 2003 at 05:29:40 PM EST

Whose system? The system of people who are sending wanted and legit mail. Anti-spam efforts shouldn't be as harmful as the spam they are trying to stop. I have never had spam *stop* an email I was trying to send, I have had anti-spam measure stop me email. I don't like spam and I am thankful for the efforts of everyone who fights it, but I need my emails to go thru.

[ Parent ]
No. (5.00 / 2) (#192)
by The Artificial Kid on Tue Aug 05, 2003 at 05:32:30 PM EST

You're trying to imply that SPEWS is the only method of blocking spam or something. It's not. SPEWS is not a spam blocking system, it's a network punishing system that also blocks spam. If you use it you're essentially taking on the task of (and therefore the responsibility for) blocking legitimate users' communications in order to punish their providers.

[ Parent ]
Wrong. (3.25 / 4) (#276)
by Dimensio on Tue Aug 05, 2003 at 10:27:39 PM EST

SPEWS blocks nothing. SPEWS lists ISPs who are crime-friendly. Cogentco is a crime-friendly ISP, thus cogentco is listed. ISPs may choose to filter based upon SPEWS listings, but this is entirely their decision. SPEWS blocks no one.

[ Parent ]
Thats just a nitpick (3.00 / 2) (#396)
by squigly on Wed Aug 06, 2003 at 05:51:02 AM EST

SPEWS doesn't block anything.  However the primary purpose is to provide a list of IPs to block.  By adding an IP to the list, it will intentianally cause that IP to be blocked.  The net result is no differnt than if SPEWS blocked that IP.

[ Parent ]
An important nitpick though... (3.75 / 4) (#409)
by Jarad on Wed Aug 06, 2003 at 06:34:05 AM EST

Understand that SPEWS does not block anything, and that is an important point. SPEWS does not order anyone to use their lists, nor does it have the ability to force their lists onto mail servers.

SPEWS publishes an opinion that certain IP addresses are being used to spam, or are associated with an ISP that spams, or are associated with an ISP that allows it's customers to spam.

Blocking based on SPEWS opinions is performed on the mail systems of administrators who have decided to trust SPEWS opinion. SPEWS is not blocking those IP addresses, the administrator of the receiving mail system is.

[ Parent ]

It still causes IPS to be blocked (4.25 / 4) (#520)
by squigly on Wed Aug 06, 2003 at 09:32:28 AM EST

Understand that SPEWS does not block anything, and that is an important point. SPEWS does not order anyone to use their lists, nor does it have the ability to force their lists onto mail servers.

But it does list IPs with the intention that they should be blocked.  It even recommends this as one of the ways to use the list.  While they cannot force their list onto mail servers, they can add items to the list that is already on mail servers.  

SPEWS publishes an opinion that certain IP addresses are being used to spam, or are associated with an ISP that spams, or are associated with an ISP that allows it's customers to spam.

SPEWS actually publishes a list of IP addresses that spam.  The list is not an opinion merely because they say so.  It is part of a tool that can be used to block spam and punish spammers.

Blocking based on SPEWS opinions is performed on the mail systems of administrators who have decided to trust SPEWS opinion. SPEWS is not blocking those IP addresses, the administrator of the receiving mail system is.

The thing is though simply by adding an IP to the list, SPEWS will cause that IP to be blocked by any ISP that uses it.  The net result is that SPEWS is blocking it.  They know in advance that adding an IP will cause it to be blocked.  In fact, this is the whole point.  

[ Parent ]

False assumption of perfect information... (3.66 / 3) (#588)
by The Artificial Kid on Wed Aug 06, 2003 at 08:32:41 PM EST

SPEWS is "used" by people who don't know what it is. Just as a result of this current kerfuffle I've seen quite a number of people say "I had no idea that this list I use included SPEWS".

[ Parent ]
And...? (none / 0) (#669)
by Jarad on Thu Aug 07, 2003 at 04:26:05 AM EST

In which case that is the problem of the fool who started using that paticular RBL. If I buy bleach and drink it, is it my fault for not reading the instructions or is the manufactuer's fault for making the bleach?

[ Parent ]
Depends (none / 0) (#672)
by squigly on Thu Aug 07, 2003 at 04:55:06 AM EST

Was the bleach marketed and sold as a healthy vitamin drink?

[ Parent ]
Putting words in my mouth (3.00 / 2) (#510)
by lonemarauder on Wed Aug 06, 2003 at 09:02:57 AM EST

You're trying to imply that SPEWS is the only method of blocking spam or something.

No, I'm not. I was directly addressing the points I quoted. In point of fact, I don't even personally use blocklists, because they aren't all that effective. That is my decision to make, however, as administrator of my mail domain. The one implication clearly made and extremely incorrect is that you, the sender, have anything to say about the operation of my mail domain.



[ Parent ]
Hitler! (2.80 / 15) (#172)
by STFUYHBT on Tue Aug 05, 2003 at 04:39:54 PM EST

This is just like Hitler and the Nazis! Exactly the same thing! Hitler Hitler Hitler! Nazis Nazis Nazis! This wonderfully relevant issue is exactly the same as Nazis!

-
"Of all the myriad forms of life here, the 'troll-diagnostic' is surely the lowest, yes?" -medham
I don't see how that's relevant to the piece (5.00 / 1) (#193)
by The Artificial Kid on Tue Aug 05, 2003 at 05:34:14 PM EST

Since I didn't once mention Nazis.

Please try to see only what's there rather than what you would like those who disagree with you to say.

[ Parent ]

Jeepers, this guy hasn't even heard of Godwin? (5.00 / 1) (#204)
by grout on Tue Aug 05, 2003 at 05:53:24 PM EST

It was a humorous allusion to Godwin's Law.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
If he wants to allude to Godwin's law (5.00 / 3) (#212)
by The Artificial Kid on Tue Aug 05, 2003 at 06:15:03 PM EST

then let him allude to it. He seemed to be implying that I had invoked it. I fail to see what's humourous about simply sarcastically mentioning Nazis as though the other side had mentioned them first.

Anyway, where I come from we got over Godwin's law long ago.

[ Parent ]

Where you come from... (5.00 / 1) (#225)
by STFUYHBT on Tue Aug 05, 2003 at 06:34:36 PM EST

...they also send a thousand users to flood usenet with "YOU FAG0RT!!!11"

-
"Of all the myriad forms of life here, the 'troll-diagnostic' is surely the lowest, yes?" -medham
[ Parent ]
but (3.50 / 4) (#232)
by reklaw on Tue Aug 05, 2003 at 06:43:41 PM EST

flooding usenet is a time-honoured tradition.

It's not like anyone uses it anyway.
-
[ Parent ]

Oh and (5.00 / 1) (#227)
by STFUYHBT on Tue Aug 05, 2003 at 06:35:26 PM EST

I'm a 14 year old Asian chick with a bellybutton ring.

-
"Of all the myriad forms of life here, the 'troll-diagnostic' is surely the lowest, yes?" -medham
[ Parent ]
Of course really bright people ... (4.00 / 7) (#189)
by pyramid termite on Tue Aug 05, 2003 at 05:29:26 PM EST

... would come up with an RFC for a new protocol that wouldn't be so usable by spammers and UCE'ers.

Pity we're out of really bright people these days.

On the Internet, anyone can accuse you of being a dog.
What a clever idea! No one ever thought of that! (4.50 / 2) (#200)
by grout on Tue Aug 05, 2003 at 05:45:37 PM EST

"For every problem there is a solution which is simple, obvious, and wrong." - Einstein
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Oh, they have. But no one's DONE it (nt) (3.50 / 2) (#207)
by pyramid termite on Tue Aug 05, 2003 at 06:10:32 PM EST


On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Not for lack of trying. (4.00 / 2) (#224)
by grout on Tue Aug 05, 2003 at 06:32:05 PM EST

Lots of people come up with tech answers all the time. Usually they fail because the things that are easy to authenticate aren't usually relevant to stopping spam. But hell, it's not like you don't know what I'm talking about; are you trolling, or just hoping nobody contradicts you?
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
So, what are you saying? (3.00 / 2) (#238)
by pyramid termite on Tue Aug 05, 2003 at 06:56:49 PM EST

It CAN'T be done? It WON'T be done? It SHOULDN'T be done?

No, I'm not trolling - I'm pointing out the obvious and inevitable solution - which prior to my post, no one had mentioned in this thread.

Or on second thought, maybe I AM trolling - trolling for a real solution to a real problem. <shrugs> You believe whatever you want to believe about me and what I'm saying.

The problem remains. How about a solution that actually works? Look, you've got a bunch of talented people attacking this problem with piecemeal and reaction-based solutions - wouldn't their time be better spent working on a better protocol? E-mail as we know it is in serious danger - at what point do we throw the towel in and start thinking outside the mailbox?

Someone's going to do it. I'd seriously consider adopting a new protocol - wouldn't you?

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
I'm saying there is no tech solution ... yet (4.50 / 2) (#242)
by grout on Tue Aug 05, 2003 at 07:02:08 PM EST

I'm not trolling - I'm pointing out the obvious and inevitable solution...

Really. Well, just what is this solution, pray tell? Saying "New Protocol" is all well and good ... but you have to say what's in the protocol and how it will solve today's problems and not create worse ones. Otherwise you're just blue-skying. Anyone can do that.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

I'm advocating ... (3.00 / 2) (#253)
by pyramid termite on Tue Aug 05, 2003 at 07:30:05 PM EST

... that the technically qualified and concerned people get off their asses and do it. If they do not, then they can live with what they have, including the spam, and quit the self-righteous posturing and whining. There's not a dime's worth of difference between the general discussion on this article and one in nana* 5 years ago, except the trolls were funnier. We both know that. 5 years. The same damned problem, the same damned arguments and the same damned lack of a real solution.

So, I'm blue-skying. I guess I got tired of tilting at windmills. So long.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
The qualified say it's a fool's errand. (4.50 / 2) (#263)
by grout on Tue Aug 05, 2003 at 08:08:59 PM EST

Making secure personally identifiable mail is one problem. Eliminating spam is a totally different porblem ... a much harder one.

People, smart and not-so-smart, keep bringing up spam-killing ideas and the people with the knowledge and experience keep saying they won't work. Maybe there is no way to keep people from being spamming assholes without losing values that are worth even more. Who knows?
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

opt in email systems? (n/t) (5.00 / 1) (#254)
by SocratesGhost on Tue Aug 05, 2003 at 07:32:42 PM EST


-Soc
I drank what?


[ Parent ]
Not enough information to answer. [n/t] (5.00 / 1) (#262)
by grout on Tue Aug 05, 2003 at 08:03:53 PM EST


--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Schwab's Addendum (5.00 / 1) (#580)
by ewhac on Wed Aug 06, 2003 at 07:50:59 PM EST

"For every problem there is a solution which is simple, obvious, and wrong." - Einstein

Schwab's Addendum: This aphorism applies recursively.

(And BTW, it's H.L. Mencken, not Einstein.)

Schwab
---
Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
[ Parent ]

And Bob the Dinosaur said ... (5.00 / 2) (#522)
by Mr.Surly on Wed Aug 06, 2003 at 11:48:38 AM EST

"Why don't all the poor people become lawyers? Problem solved!"

[ Parent ]
And Ricki the Lemur said ... (5.00 / 1) (#551)
by pyramid termite on Wed Aug 06, 2003 at 06:27:00 PM EST

"We'll just wait til all the dinosaurs die and take over the world!" Everyone laughed at such a silly idea.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Please *do* read the SPEWS FAQ... (4.05 / 20) (#196)
by TVoFin on Tue Aug 05, 2003 at 05:42:22 PM EST

In theory SPEWS sends staged complaints as more and more spam is received from a given source, culminating in a listing for the network on the SPEWS blacklist. The listing, in turn, expands further and further as more spam arrives. This can result in the blocking of large ranges of IPs, even whole hosts.
I don't think you've understood how SPEWS works. Yes, they operate spamtraps (or so they let us think). Yes, they send complaints (as far as we know). The originating IP may be listed. However, the listing escalates if and only if the ISP who provides services to the spammer (mail servers, bandwidth, web hosting) does not act on the complaints (i.e. boot the spammer).
Unfortunately nobody seems to want to take responsibility for the content of the list.
You know, once upon a time, there was a similar system. It had public contact information. And it was sued to oblivion (although it did successfully defend against all of the lawsuits). That is the reason why SPEWS is anonymous.
The prevailing attitude is that spammers and people who look like spammers can go to hell.
Correction: The prevailing attitude is that spammers and people who support [not look like] spammers can go to hell.
In the case of somethingawful this attitude has been compounded by a somewhat juvenile campaign of message spamming
"Somewhat juvenile" is an understatement; the whole group was flooded with messages (my count is about 1000 messages in about 10 hours).
The spamming was carried out by somethingawful forum members incensed by what they saw as the unfair blocking of the site's email.
The spamming was incented by a inflammatory message, which can be found here. The same guy posted on NANAE, message-id:7fec9e2d.0308041258.32a78969@posting.google.com. He appears to be in some way affiliated with somethingawful, judging by his e-mail address.
When blocking spam becomes more important than maintaining the smooth and effective operation of the system then the system is breaking down.
Believe me, the very purpose of blocking spam is to maintain smooth and effective operation of the system. According to recent research, at least half of the e-mail traffic is spam or other form of network apuse (such as worms and virii). The ugly truth is that older e-mail addresses receive huge amounts of spam. When the daily spam intake goes past, say, 50 spams per day per address, you have a problem. Think that you are a postmaster at an ISP. Assume that you have 100,000 customers and each receives 25 spams a day. That makes 2.5 million e-mail messages a day. Add into that that in corporate environments spam also causes significant losses due to lost productivity. I wouldn't call that effective operation.

How does SPEWS (Spam Prevention Early Warning System) figure into this? It provides a list of ip addresses and ranges that have been sources and/or supportes of network abuse in the past. Please bear in mind that an IP range won't land on SPEWS if the administrator of that range acts on abuse complaints.

Why somethingawful started having problems? That is because they're hosted at cogentco, which in turn host several known spammers (see ROKSO [Register Of Known Spamming Operations] record for cogentco). What they can do is to change to another provider, one that does not willingly and knowingly support services to spammers.

-Timo

And oh, please remove the uppercase letters in my e-mail address if you wish to email me.



SPEWS methodology is what's in question (5.00 / 1) (#201)
by The Artificial Kid on Tue Aug 05, 2003 at 05:46:49 PM EST

I am not suggesting that spam doesn't need to be blocked. I'm questioning the morality of allowing innocent parties to be caught up an active campagn of punitive blocking against hosts that allow spam. Isn't blocking the spam enough?

You're not seriously contending that the blocking of somethingawful has had any direct effect on the level of spam on the internet, are yo? I can only be part of an effort to make somethingawful change its behaviour (buying cheap hosting without taking spam into consideration). SPEWS, therefore, is diected not only against apammers, but against anyone who is insufficiently zealous about spam when they choose their host.

[ Parent ]

Of course it has an effect. (3.75 / 4) (#202)
by grout on Tue Aug 05, 2003 at 05:50:58 PM EST

Because SA and other customers complain to to their upstream, get out of contracts because Cogent isn't living up to their obligations, Cogent loses income, and Cogent is motivated to change their tune.

It's happened before. And it will happen again.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

I said DIRECT effect (5.00 / 1) (#203)
by The Artificial Kid on Tue Aug 05, 2003 at 05:53:09 PM EST

It doesn't directly reduce spam, it reduces spam only by forcing innocent businesses to complain to their ISPs. It is aimed directly at the innocent and only indirectly at the guilty.

[ Parent ]
Ignoring indirect effects is childish; don't do it (3.25 / 4) (#205)
by grout on Tue Aug 05, 2003 at 05:57:15 PM EST

It's a complex world. The occasions on which we can have a direct effect on the things that matter to us are few. I have no legal means to directly effect the behavior of Cogentco. So I'm glad to go for the indirect effects. PS: Adults work with the influence they have, and don't limit themselves to such meaningless categories as "direct effect". You seem to have some growing up to do. And no, this isn't part of my argument. It's just advice.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Adults acknowledge (4.00 / 3) (#208)
by The Artificial Kid on Tue Aug 05, 2003 at 06:10:42 PM EST

that innocent third parties are not legitimate targets. Please don't lecture me on maturity or personal responsibility when your answer to spam is block larger and larger IP ranges, undermining other people's legitimate businesses simply because they chose the wrong host.

[ Parent ]
It's a simple lesson: Actions have consequences. (4.16 / 6) (#220)
by grout on Tue Aug 05, 2003 at 06:29:25 PM EST

SA is not innocent. SA is an accomplice; their money helps keep a spam haven in business. SA was unwitting accomplice initially, to be sure, but it is an accomplice nonetheless.

I've been there. I was an accomplice back when HE.NET's misbehavior got my server blacklisted. I knew better than to whine that it wasn't my fault. It was my fault for choosing them and staying with them. If the listing had remained I would have left; but HE.NET got a clue and dumped their spammers, I was unlisted, and everyone lived happily ever after.

It's not like SA is evil. They're just foolish. You wish SA to be free of consequences for its poor choice of hosting service. It's not going to happen. Actions have consequences.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

But... (5.00 / 2) (#250)
by The Artificial Kid on Tue Aug 05, 2003 at 07:22:38 PM EST

>Actions have consequences

And yet many of those who advocate SPEWS say that it isn't the list's fault that people get blocked.

[ Parent ]

What "many" say is of no consequence (3.00 / 2) (#252)
by grout on Tue Aug 05, 2003 at 07:27:25 PM EST

"I do quarrel with logic that says, 'Stupid people are associated with X, therefore X is stupid.' Stupid people are associated with everything." -- Larry Wall
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Because its not (3.00 / 2) (#323)
by Nova Reticulis on Wed Aug 06, 2003 at 01:10:18 AM EST

---^

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Sigh (3.33 / 3) (#354)
by TVoFin on Wed Aug 06, 2003 at 02:50:02 AM EST

And yet many of those who advocate SPEWS say that it isn't the list's fault that people get blocked.
It isn't. The primary reason why there's a SPEWS listing is that a network harbors spammers and does not do a thing about them. The actual block occurs when an e-mail admin chooses to use the SPEWS list at the mail server to block unwanted e-mails. At this stage only a single address or couple of addresses are blocked. However, if the spamhaven still does nothing about the spammer, the listing escalates and may start to contain IP's leased out to non-spamming parties. There has been plenty of opportunity for the ISP to pull the plug on the spammers. The parties primarily at fault for bouncing e-mails are therefore the spammer (obviously) and the ISP (for aiding and abetting the spammer).

-Timo

[ Parent ]

That's begging the question. (none / 0) (#845)
by DavidTC on Sun Aug 10, 2003 at 07:10:28 AM EST

You're assuming there is 'fault' to be found. They are purposefully on the list.

Asking who's fault it is is like asking who's fault it is that my grocery store carries Cheerios, or who's fault it is that my local Fox affiliate is channel 5. It's not anyone's 'fault', there's no blame to be assigned.

Likewise, there is no blame to be assigned to the (correct) listing of an ISP in SPEWs. That is, there is no blame that the ISP has actually been written down, there obviously might be blame on the ISP for being such idiots as to deserve to get listed.

And before you start talking about 'incorrect' listings, I should point out that SA being 'listed' was absolutely correct...because they weren't listed, Cogentco was listed. And Cogentco certainly belongs on the list.

There have been actually incorrect SPEWS listings before, usually typos or misreadings of whois data...and they get fixed quickly, usually within minutes of someone pointing them out. Whose fault those are is unknown, and not incredibly important.

-David T. C.
Yes, my email address is real.
[ Parent ]

Legit targets (4.33 / 6) (#239)
by n1pop on Tue Aug 05, 2003 at 06:57:28 PM EST

I may be new in this, but I can see you're still missing the point.  Forget that the SPEWS/NANAE/SA thing ever happened for a little bit and follow me.

Our first stop is at a provider, we'll call them reallybighost.com, and they have a block of IP addresses they lease to various clients.  Let's say, for argument's sake, that reallybighost.com owns all the addresses between 200.0.0.0 and 200.255.255.255 (a 200/8 block).

Then we find ittybittyisp.com, who buys a /16 chunk and resells to dial-up users.  They've got a policy against spam, and they enforce it.  Certainly no one will expect ittybittyisp.com to prevent all spam, but as long as they respond to all complaints, they're in good standing.

Enter joespammer.com, who buys a couple addresses for his web and mail servers.  He's got a domain that needs hosting, and reallybighost.com are more than willing to oblige.  He says, as part of his agreement, that he doesn't spam, and taken literally, he doesn't send any spam through the reallybighost.com network.  And as long as he doesn't spam, he is also in good standing.

Enter nutherbighost.com, who happens to own a 64/8 block.  They're in a third-world country that has a low national income, so any influx of money, tainted or not, is more than welcome.  Joe Spammer pays them to spam millions of email accounts to advertise his web site.

Enter the administrator.  He (assume this means he or she) hates spam and has either a proxypot or a spam trap.  That trap starts getting spammed  He reports it to nutherbighost.com who ignore it because that's a source of revenue and not against their policies, and to reallybighost.com because the site is advertised by spam (spamvertised), and they brush it off because joespammer.com isn't spamming from their network.  Well, no luck there, so joespammer.com gets listed.

This continues for some time, and each time the address block gets larger, until the entire 200/8 is listed.

Uh oh, ittybittyisp.com is now an innocent victim of this block.  They call their host, and the host says it's because SPEWS is blocking them.  Unfortunately, reallybighost.com didn't say who "them" is, nor did they say they were ignoring all the complaints.

So postmaster@ittybittyisp.com goes to spews.org, sees that posting in nanae is how one contacts SPEWS (wrong, but that's how too many people interpret it), and complains that they're being blocked.  "I demand that my addresses be delisted, I do not spam."

That's as may be, but the reason they're blocked is because reallybighost.com didn't do anything about their spammer.

The End.

SA are in the same situation.  They are not legit targets, but they sure are standing too close.  If they want to resolve the issue, they need to bring their lawsuits and whatever else they threatened SPEWS with against Cogent.

Pop

P.S.: Usual disclaimer: IAN[S|AL|AA]


[ Parent ]

What does that have to do with ethics? (3.66 / 3) (#246)
by The Artificial Kid on Tue Aug 05, 2003 at 07:09:20 PM EST

THat is a factual description of what's going on, but how does that make it ethical to target the innocent along with the guilty? The sole purpose of SPEWS is to gradually enlarge the blocks against "bad" providers until their clients are forced to take action against them. Before the clients are prompted to take action they usually have to be damaged by SPEWS. Therefore SPEWS is aimed at damaging the clients of bad providers in order to make them work against spam.

[ Parent ]
Wow (3.40 / 5) (#305)
by n1pop on Wed Aug 06, 2003 at 12:24:53 AM EST

Your logic amazes me.  SPEWS is not aimed at damaging anyone but spammers and their supporters.  If someone gets caught in the crossfire, they should have the intelligence to get the hell out of the way.  If they can't, well I'm sorry, but that's the cost of doing business with a spammer.

SPEWS does not block anything.  They never have.  Even I could have a list of spammers and spam supporters, and it would be no different (except that I might have to defend my right to post such a list).

"Before the clients are prompted to take action they usually have to be damaged by SPEWS."

Ignoring the fact that SPEWS causes no damage, when was the last time you saw an otherwise satisfied customer take action when the target of that action has caused them no direct harm?  When was the last time you called your water company and demanded they supply you with water from a specific source because of some tainted well that doesn't serve your city anyway?


[ Parent ]

Twisted logic? (5.00 / 3) (#328)
by The Artificial Kid on Wed Aug 06, 2003 at 01:20:21 AM EST

Your logic amazes me. SPEWS is not aimed at damaging anyone but spammers and their supporters. If someone gets caught in the crossfire, they should have the intelligence to get the hell out of the way. If they can't, well I'm sorry, but that's the cost of doing business with a spammer.

That logic is EXACTLY analagous to the logic that allows mass reprisal killings by totalitarian regimes and terrorism by oppressed minorities.

If you're prepared to say that your goal of eliminating spam is more important than somebody's business, then why shouldn't other people with even more pressing goals resort to even more desperate measures?

[ Parent ]

Are municipal governments the targets? (3.66 / 3) (#557)
by pin0cchio on Wed Aug 06, 2003 at 06:49:47 PM EST

If someone gets caught in the crossfire, they should have the intelligence to get the hell out of the way. If they can't, well I'm sorry, but that's the cost of doing business with a spammer.

Often, only one high-speed ISP serves homes in a given city. So in other words, do you claim that SPEWS should be allowed to give e-mail server admins the tools to hold entire cities hostage? Or do you claim that the municipal government should evict the cable company in favor of another cable company not affiliated with spam?


lj65
[ Parent ]
Go back to dial-up? (3.66 / 3) (#570)
by pin0cchio on Wed Aug 06, 2003 at 07:14:01 PM EST

SPEWS is not aimed at damaging anyone but spammers and their supporters.

So if a hypothetical town's cable company ends up on the list, then ISPs that use SPEWS have in effect given the whole town the ultimatum to either support spammers or go back to dial-up. What makes you call this fair to the residents of this town, most of whom can't afford to move?


lj65
[ Parent ]
Wow (3.66 / 3) (#633)
by loucura on Thu Aug 07, 2003 at 12:40:08 AM EST

Your logic astounds me, my bullets aren't aimed at anyone but my enemies and people who support them. If someone gets caught in the crossfire, they should have the intelligence to get the hell out of the way. If they can't, well I'm sorry, that's the cost of standing in between me and my enemies.

[ Parent ]
Bad analogy time (4.50 / 2) (#215)
by blowdart on Tue Aug 05, 2003 at 06:21:02 PM EST

It doesn't directly reduce spam, it reduces spam only by forcing innocent businesses to complain to their ISPs. It is aimed directly at the innocent and only indirectly at the guilty.

OK, say you live in a scummy neighbour hood. You pay protection money to scum to keep your little apartment safe. You are contributing to crime, directly. This is pretty much the spews arguement, SA's hosting money is going into a pot which helps provide connectivity to spammers.

However, this is, of course, an opinion. Article criticism (apart from the simple spouting the SA line with no real questioning) is it appears to have been written in the heat of the moment when the temperatures were high, with no consideration for alternate points of view. Your article is not so much factual, as it is an editorial.

[ Parent ]

Analogy is flawed. (3.66 / 3) (#631)
by loucura on Thu Aug 07, 2003 at 12:34:59 AM EST

Truthfully, it's more like this:

You're renting a place from a landlord who also rents a place a few blocks up to some crackdealers. Now these vigilante bastards get the idea that rather than dealing with the problem, they'll deal with you, so rather than going to the police to get rid of the drug dealing, they beseige your house and shoot at you when you try to come out, because you're indirectly abetting the drug dealer by renting from the same landlord.



[ Parent ]
Not Living Up To Obligations? (5.00 / 2) (#228)
by The Turd Report on Tue Aug 05, 2003 at 06:36:48 PM EST

Cogent is delivering the packets to their end source, what a person on the other end does can't be controlled by Cogent. Cogent is not under any sort of obligation to force another netowrk to take their packets.

[ Parent ]
Depends on the contract, should have said... (3.25 / 4) (#231)
by grout on Tue Aug 05, 2003 at 06:43:24 PM EST

I should have been clearer:

Cogent has made choices that make their IP addresses less valuable, as administrators choose to block them to kill the spam. And Cogent hasn't fought their spam problem; they've actually cultivated it. Depending on the contract that SA signed, this may be either a hard sell or a slam dunk case of breach of contract and give SA a chance to duck out. Either way, SA risks getting cartooney threats from Cogent. Actions have consequences; lie down with dogs, etc.

Worst case, SA will have to eat their bounces and send all their mail from a new colo elsewhere.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Hard Sell (5.00 / 1) (#257)
by The Turd Report on Tue Aug 05, 2003 at 07:37:36 PM EST

Most ISPs won't take responsibility for 'outside forces' in their contracts. If it was shown that Cogent was not delivering the packets, then maybe they would have a case.

[ Parent ]
Well then it may be a matter for the courts (5.00 / 1) (#261)
by grout on Tue Aug 05, 2003 at 08:02:26 PM EST

That's why they're there, after all. In theory, anwyay. :-/
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
SPEWS methodology explained (3.66 / 3) (#217)
by TVoFin on Tue Aug 05, 2003 at 06:22:52 PM EST

Isn't blocking the spam enough?
To block spam, it has to be received fully by the mail server and then processed with e.g. SpamAssassin. This consumes both bandwith and resources. On the other hand, if DNS-based blacklists are used, the only required step do reject the spam is to do a single DNS lookup. I won't go into the details; it is late (01:20 am) and I'm a bit tired.
You're not seriously contending that the blocking of somethingawful has had any direct effect on the level of spam on the internet, are yo?
Somethingawful itself has not been blocked. The block that encompasses somethingawful is part of SPEWS record S2507. The block is there because nhicolo/cogentco has not done anything about hosting a known spammer Ruslam Ibramigov on their network. Check ROKSO (http://www.spamhaus.org/) for details. The block is there to make cogentco understand that they do need to kick Ibramigov out of their network. If cogentco kicks him, then spam will decrease. See?

-Timo

[ Parent ]

Are You New To the 'net? :) (5.00 / 3) (#258)
by The Turd Report on Tue Aug 05, 2003 at 07:50:07 PM EST

then spam will decrease. See?

Er...No. Spam might decrease for all of 2 minutes while the spammers backup circuit gets its BGP routing set up. Then they are back to spamming and SPEWS is back to doing another collateral dammage listing of some more non-spam source IPs.

[ Parent ]

So what you're saying... (3.75 / 4) (#275)
by Dimensio on Tue Aug 05, 2003 at 10:22:15 PM EST

...is that we should give cogentco a pass on supporting spammers (as well as their criminal customers who illegally hijack third party web relays) because if they kick them offline, the spammers will just go elsewhere?

[ Parent ]
No. (5.00 / 2) (#299)
by The Turd Report on Tue Aug 05, 2003 at 11:43:35 PM EST

But, don't delude yourself in to thinking that a pro spammer will just give up after losing a connection.

[ Parent ]
I'm aware of that... (3.33 / 3) (#300)
by Dimensio on Tue Aug 05, 2003 at 11:47:45 PM EST

But if spammers don't have a spam friendly ISP to which they can run, they'll be stuck without any way to send spam.  If there's only one or two spam-friendly ISPs, it's a simple matter of dropping all packets from those domains at the router level.  Problem solved either way.

Actually, the latter is what is happening now.  It's just that cogentco is one of those spam-friendly ISPs and now everyone thinks that the system should be changed so that cogent can support spammers and still have their packets reach other networks just because SA is "special".

[ Parent ]

And (5.00 / 2) (#474)
by The Turd Report on Wed Aug 06, 2003 at 08:18:15 AM EST

Do you really think spammers callup and tellthe provider that they are spammers? No. When they call, they always claim to be 'yet another hosting company/ISP' and they get signed back up. And, before you say 'Check their name', they usually change company names and have a new person do the signing up. Lots of anti-spammers want to beleive in a conspiracy that allows the spammers to stay on the net, but there isn't. It is just sales people being sales people.

[ Parent ]
ISPs aren't that stupid (3.75 / 4) (#560)
by Dimensio on Wed Aug 06, 2003 at 06:57:17 PM EST

There are times when it is very obvious that a client is a known spammer rather than just a "hosting provider". Cogentco has been host to a great number of obvious spammers, spammers who send out thier junk directly from cogentco's network and who stay connected even after their spamming (and often illegal acitivies) are reported. Cogento hosts spammers so infamous that they are listed in ROKSO.

Cogent knows what they are doing. Their listing perfectly fair, they've earned their place in the SPEWS list. SPEWS does not add an entry simply because of a one-time incident, it takes long-term spamming for things to get to the level where they are with cogentco.

[ Parent ]
Did You Even Read My Post? (5.00 / 2) (#591)
by The Turd Report on Wed Aug 06, 2003 at 08:49:16 PM EST

But, there are times when (shock!) spammers lie. Spammers will tell providers that they are just hosting companies or what ever they think it will take to secure the deal. I know NANAE loves to think everything is a big corporate conspiracy, but when it comes down to it: sales people are stupid and spammers are good con men.

[ Parent ]
I know that spammers lie... (3.00 / 2) (#602)
by Dimensio on Wed Aug 06, 2003 at 09:24:47 PM EST

That's rule #1. The fact is that there comes a time when it is very obvious that the "hosting provider" really is the spammer, and when that time comes there's no excuse for the ISP not kicking their pet spammer offline.

In any case, your quesitoning isn't quite relevant to this discussion, as there's absolutely no question that cogentco is a cesspit of spammers and that their management is well-aware of the situation (and likely are a bunch of corrupt criminals, given what they allow to occur).

[ Parent ]
But, Consider This (5.00 / 2) (#612)
by The Turd Report on Wed Aug 06, 2003 at 10:25:28 PM EST

When a provider gets complaints about a customer there has to be some investigation. A customer will claim that they are running an 'opt-in list' and that those people signed up for the mailings. We ask for the logs of the verification process. (Most just balk and give some line about it is a customers list or a list from a site where people 'asked to get 3rd party mailings' and then we laugh and shut them off.) But, we have had customers send logs for the people who complained. (Everyone who has done this has had obviously forged logs, at which point we laugh and shut them off) But, in cases where all complaints have had their identifying info stripped or munged, what should a provider do?

Keep in mind I am not saying this is why cogentco isn't discoing spamers, but it could be why spam kills don't happen as quickly as everyone (well, everyone but the spammers) would like.

[ Parent ]

If all complaints were stripped... (5.00 / 1) (#657)
by Dimensio on Thu Aug 07, 2003 at 01:46:23 AM EST

...then I could understand a slow response.

However, nanae-ites know when complaints are ignored because they're the ones composing complaints. They know to include full headers (I certainly do). I even throw in a caveat that while there are at least five different variations of my e-mail address that lead to the same inbox, only ONE is actually an e-mail address that I give out and that the rest can only appear in a mailing list trawled from USENET.

Spammer-friendly ISPs are very easy to identify, because the people identifying them are the ones who have sent in well-composed LARTs.

[ Parent ]
But, Also Consider (none / 0) (#690)
by The Turd Report on Thu Aug 07, 2003 at 06:34:56 AM EST

That big ISPs and Backbone abuse mailboxes are literally a river of crap. There will be 4000+ messages a day. A few are well put together larts, but 99% of it is worthless complaints (no headers/no urls), misdirected complaints, spam (yes, to abuse@), rants about random things (porn, name calling, $religion, $political_group, $country/ethnic, etc...), and other asorted crud. This all has to be sorted thru and it takes time.

[ Parent ]
Yes, it takes time... (none / 0) (#742)
by Dimensio on Thu Aug 07, 2003 at 07:14:43 PM EST

...but not months. When spammers like cogentco's pet criminals go wild and don't get disconnected after months and months of repeat spamming, there is no excuse.

SPEWS does not expand its listings quickly. It takes months of inaction from the hosting ISP for them to expand their listing.

[ Parent ]
hmm... (3.66 / 3) (#272)
by reklaw on Tue Aug 05, 2003 at 10:01:27 PM EST

The block is there to make cogentco understand that they do need to kick Ibramigov out of their network. If cogentco kicks him, then spam will decrease. See?

What you're basically saying, then, is that this is a threat against companies who don't act on spam. "Do what we say, right now, or your customers won't be able to send email". The intent is not to block more spam directly -- rather, it is to cause trouble and hope that gets someone to take notice and block the spam. Surely there are better tactics than that.

Some random underpaid computer janitor shouldn't be depriving someone of their email just because that person's ISP isn't responding to such childish threats. Period.
-
[ Parent ]

Actually... (3.75 / 4) (#274)
by Dimensio on Tue Aug 05, 2003 at 10:20:39 PM EST

The intent is not to block more spam directly -- rather, it is to cause trouble and hope that gets someone to take notice and block the spam. Surely there are better tactics than that.

If you have a better solution for getting ISPs to act on spam complaints, lets hear it. I keep asking for a better alternative to SPEWS, but thus far no one has bothered to offer a suggestion.

[ Parent ]
well, (2.85 / 7) (#277)
by reklaw on Tue Aug 05, 2003 at 10:28:45 PM EST

there's the "quit whining and live with it" solution. I mean, I get plenty of spam to my ISP email account -- most people probably do. It doesn't bother me that much. I don't go forwarding it to abuse@isp.com. Who gives a crap? It's not worth the effort; it's just a little spam. Sometimes I even find the spam entertaining.

If you offered me the choice between receiving 20 pieces of spam per day (like I do at hotmail, for example) and not receiving just one email that I actually want -- well, give me the spam any day. Bucketloads of it if need be. A good spam system should have no false positives -- yet false positives are the very foundation of the SPEWS system.

I'm no expert on spam blocking so I can't sit here and name alternative systems, but if there is no realistic option other than SPEWS then it would be better to just have no system at all.
-
[ Parent ]

exactly. (4.20 / 5) (#288)
by Work on Tue Aug 05, 2003 at 11:07:56 PM EST

That is the argument given by us rational folks.

Thing is, it does no good when you're dealing with people with a completely whacked view of it. To these admins, losing that one e-mail is in fact a worthy sacrifice in the name of ditching the spam.

In fact, beyond mere e-mail, to them shutting entirely legimiate companies down and denying them e-mail service entirely is worth it.

Yes, its fucked up, but thats the only thing I've been able to glean out of these people.

[ Parent ]

I used to just hit delete... (3.33 / 3) (#290)
by Dimensio on Tue Aug 05, 2003 at 11:20:57 PM EST

And then I deleted the e-mail from an old high school friend.  I've still not been able to track him down since then.

I now make sure to forward a complaint to the sending ISP as well as the ISP hosting the spammer's site.  Since doing that, my spam load has dropped dramatically.  Spammers have learned that sending e-mail to me is hazardous to their connectivity.

Spam is theft.  Spammers are, without exception, thieves.  I'm not going to just sit by while they drive up my ISP's costs.

[ Parent ]

so... (3.66 / 3) (#292)
by Work on Tue Aug 05, 2003 at 11:24:33 PM EST

what if your high school buddy was using a service that SPEWS didn't care for and his e-mail to you never got through in the first place?

[ Parent ]
He probably would have found out... (3.33 / 3) (#294)
by Dimensio on Tue Aug 05, 2003 at 11:27:39 PM EST

Most ISPs that filter on SPEWS reject connections to their SMTP server, so he would have gotten a bounce message with an explanation.

[ Parent ]
"Just Hit Delete" argument (2.33 / 3) (#320)
by Nova Reticulis on Wed Aug 06, 2003 at 12:57:55 AM EST

You are permanently placed on my list of pro-spammers. PLONK.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

ohhh no!! (3.66 / 3) (#326)
by Work on Wed Aug 06, 2003 at 01:14:26 AM EST

Gonna put a hit out on em? Get Guido (or just a obese unshowered man named Poindexter) to break his knees?

[ Parent ]
Wow. (5.00 / 2) (#656)
by reklaw on Thu Aug 07, 2003 at 01:43:22 AM EST

You said plonk. How... retro.
-
[ Parent ]
No (3.33 / 3) (#318)
by Nova Reticulis on Wed Aug 06, 2003 at 12:56:38 AM EST

"We are a voluntarily joint anti-spammer movement. Do as we say or you will not be able to send email to our systems".

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

In other words, take hostages and demand action. (5.00 / 2) (#618)
by porkchop_d_clown on Wed Aug 06, 2003 at 10:54:37 PM EST

and claim that the ends justify the means.


--
His men will follow him anywhere, but only out of morbid curiousity.


[ Parent ]
Without even reading your comment (1.66 / 6) (#316)
by Nova Reticulis on Wed Aug 06, 2003 at 12:55:01 AM EST

...you are not in position to question SPEWS methodology. Period.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Why not? (5.00 / 3) (#489)
by graedus on Wed Aug 06, 2003 at 08:35:23 AM EST

Something Awful was blacklisted as a result of highly inefficient and questionable practices on the part of SPEWS, and yet, you've unilaterally decided that Something Awful in general and The Artificial Kid in specific are not in a position to question SPEWS' methodology, period? Would you care to explain why?

[ Parent ]
Because SPEWS is perfect (4.14 / 7) (#499)
by Jota on Wed Aug 06, 2003 at 08:48:29 AM EST

It isn't like it constantly blacklists innocent sites and has no way to get then off the blacklists. It lists ways, but they almost never work. You go to the usegroup and the immature sysadmins just flame them for no reason besides that it makes them feel cool and then when people point out SPEWS is flawed they go "NOOOOOO IT IZ NAWT. URZ ISPZ IS DA FLAWED. NOT US AND RETARDD SYSADMINS DAT UZ US, IZ UZ CUZ WEZ PURFEK"

[ Parent ]
Additionally, (5.00 / 3) (#505)
by graedus on Wed Aug 06, 2003 at 08:55:44 AM EST

The newsgroup participants report you to abuse@your-isp.net for newsgroup spamming, and GOD HELP YOU if your ISP doesn't respond in a proper timeframe.

[ Parent ]
I would (2.83 / 6) (#514)
by Nova Reticulis on Wed Aug 06, 2003 at 09:08:33 AM EST

Something Awful was blacklisted due to failure to execute due diligence in choosing its business partners. It is their ISP, and not Something Awful, that was blacklisted.

SPEWS has no highly inefficient practices, it does exactly what it is intended to do. It is designed to harm spam friendly ISP by ways of applying pressure through their customers. Since you are neither an involved email administrator nor SPEWS SPEWS practices also aren't questionable to you.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

SPEWS is legal but nevertheless unethical. (4.83 / 30) (#229)
by ghjm on Tue Aug 05, 2003 at 06:40:05 PM EST

I once hosted several servers at a large data center. The hosting company operated about 20 data centers, each with a hundred or so customers. These data centers had a great deal of management autonomy - the local GM in the data center got to set a lot of operating rules and parameters.

At one point a bunch of spam originated from their Denver datacenter. I was hosted over 1000 miles away, in an independently managed datacenter with a strong anti-spam policy that happened to be owned by the same company as the Denver facility. Someone at one of the RBLs (not SPEWS, I think this was before they existed) went through and figured out all the IP address ranges belonged to the whole company, which of course included all their customers. All my IP addresses were blacklisted. I started getting calls left and right from users with e-mail bounces.

This caused me damages. I lost a lot of time figuring out what had happened and fixing it. I saw that I had no choice but to yell and scream as a customer of the hosting provider, and cause them to fix it. They received many internal complaints, including mine, and eventually got themselves off the list.

So, how do we deconstruct this situation?

In aggregate, the RBL operators and the sysadmins who use RBL blocking have determined that there is an outcome they want - reduction in spam. They have also determined that the ISPs are in a position to make this happen. In order for the desired outcome to be achieved, someone has to pay the cost of communicating with all these ISPs and convincing them to get with the program. The RBL operators and RBL blocking sysadmins have worked out a neat, legal plan for effectively forcing other people to perform all this work for them.

Contrast this with the spammers themselves. Spammers also have an outcome they want - increase in sales. They have figured out that they can send vast quantities of e-mail, with appropriately forged headers so that - once again - other people have to deal with most of the cost and effort involved in implementing their plan.

The ethical situation is simple. If you have something you want in the world, it is not ethical to forcibly co-opt other people into doing your work for you. No matter what sorts of sophistry the spammers and RBL operators surround themselves with, what they do is not ethical.

Note that some RBLs go to great pains to block only the IP addresses from which spam actually originates, not nearby innocent parties. This is much more ethical, if not particularly effective.

Also note that aggressive RBLs are not a particularly effective way of stopping spam. DCC style activity monitoring, content scoring, and Bayesian filtering are all much more effective.

I know that I'm going to get the usual canned responses, so let me pre-respond. New thoughts are always welcomed, but I'm not really interested in the same old justifications.

  • It isn't the RBL operators fault, or it isn't the RBL blocking admin's fault. No raindrop believes it is causing a flood. If, put together, the combined actions of the RBL ops and mail admins are unethical in aggregate, and given that each group must of necessity know of the other's existence, then they are respectively responsible for their own contributions to a system they must know is unethical overall.
  • We have the legal right to do this. I have not claimed otherwise. It just so happens that it is legal in my hometown to walk with your dog onto my non-fenced front yard, have your dog crap on my grass, and then remove "the preponderance" with a pooper scooper. My grass is smeared with shit but you have broken no law - I can't sue you or do anything about it. You had a right to do what you did. It's still not ethical. For that matter, spamming is not yet illegal in most jurisdictions. That means spammers have a right to do what they do. They have the right to do something wrong. That doesn't make it right.
  • It's the spammers who force us to do this. This is the terrorist's argument: It's not me killing your children, it's your government, because they refuse to meet my demands. The fact is, nobody is forcing anyone to operate an RBL list, and there are better ways of dealing with spam.
  • This is all above board because of private property rights. Your natural right to wave your fist ends precisely at my nose. The unavoidable fact is that RBL activities cause pain and damages to innocent parties, and you knew going in that this would happen - in fact, you're counting on it to get what you want. This is not a natural right granted to you by any of your property ownership. It doesn't happen to be illegal, but it is inescapably unethical.
-Graham

The first anti-SPEWS argument to give me pause (4.66 / 3) (#234)
by grout on Tue Aug 05, 2003 at 06:48:45 PM EST

Thank you for your comment. I'll give your argument some thought.

How do you square your argument with the ethics of boycotts, e.g. of companies that did business with South Africa during aparteid? Were the boycotters not also causing pain to "innocent" parties in an effort to change the behavior of people otherwise unreachable?
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

A company can be considered a single entiry (4.33 / 3) (#244)
by The Artificial Kid on Tue Aug 05, 2003 at 07:06:05 PM EST

And a boycott hurts the company as much as it hurts anyone else. Mass blocking is pitched squarely at the innocent in order to goad them into hurting the guilty.

[ Parent ]
Not persuasive (5.00 / 2) (#245)
by grout on Tue Aug 05, 2003 at 07:08:53 PM EST

Consider the case of Company X. Let's say X is doing business in apartheid South Africa. Let's suppose X is not particularly evil ... it doesn't practice apartheid in its own offices, even those in SA. Nevertheless it is a target of the boycott ... because the point of the boycott isn't that X is evil, but that X is supporting evil, and the boycotters want the evil to stop.

Now substitute Something Awful for Company X, Cogent for South Africa, and spam for apartheid.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Not persuasive (3.75 / 4) (#255)
by The Artificial Kid on Tue Aug 05, 2003 at 07:34:07 PM EST

Apartheid is a genuine evil. Spam is merely an annoyance. These things DO matter. Also a company could reasonably be expected to know that South Africa practices apartheid, but people who buy hosting don't always pay close attention to the issue of spam, nor should they have to simply because some admins have their panties in a bunch about it.

And finally, the means exist to attack only the spammers through selective blocking. SPEWS represents a DELIBERATE effort to widen the attack. In comparison there is no way to attack South Africa economically without attacking the companies that produce there.

[ Parent ]

Disagreed on both points (4.33 / 3) (#260)
by grout on Tue Aug 05, 2003 at 08:01:16 PM EST

First, while spam is of course (!) much less of an evil than apartheid, it still is theft, tresspass, and/or vandalism, depending on the details. So it is immoral ... not evil enough to inflict violence over, say, but certainly evil enough to justify a boycott.

Second, the economic model of spamming doesn't depend critically on the response rate. All spammers have to do is persuade their customers that spamming will pay, and then the spammers are paid for performing that odious service. As long as there are suckers, spammers will have customers. Filters tightly limited to the spam sources do not have enough leverage. It's been tried. In fact it's still being tried; such lists exist. They just don't work as well as the more agressive lists do.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

An annoyance? (4.20 / 5) (#364)
by hanno on Wed Aug 06, 2003 at 03:42:53 AM EST

Spam is merely an annoyance.

While I don't think that Spam should be compared to apartheid, I doubt that you know what you are talking about.

Do you run mail servers for more folks than just yourself? I have seen entire networks dying due to spam attacks. Don't dare to call Spam "merely an annoyance" unless you experienced what spammers are capable of.

[ Parent ]

Amen to that. (5.00 / 5) (#453)
by vivelame on Wed Aug 06, 2003 at 07:41:27 AM EST

i had to bring back from the deads several mail servers after some particularly virulent spam attacks.
It's actually quite funny: the only people complaining about SPEWS are people who've never run a real mail server (no, installing postfix on your home box doesn't count), and thus think of spam as "a mere annoyance".
Well, people, next time your ISP's mail server go down, be sure to ask them why. You might be surprised to know than more than 6 out of 10 times, it's because a SPAM attack clogged the servers down, and an admin had to manually remove this shit from various queues, at 3AM in the morning.
(yeah, yeah, they're paid for that.. i guess i can set yoour house on fire too, then? the firefighters are paid for that, after all. And you of course have insurance.)


--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
And another amen here. (none / 0) (#843)
by DavidTC on Sun Aug 10, 2003 at 06:46:20 AM EST

It's amazing how easily your attitude changes towards blocklists when you run a server.

There are real mail admin who don't block on SPEWS, but they don't run around whining about it...they understand why people use it, they just findthemselves having to do business with scummy people. And they probably score on it in spamassassin. And while they don't use it, they like the pressure it applies to ISPs.

-David T. C.
Yes, my email address is real.
[ Parent ]

Flawed analogy (4.80 / 5) (#350)
by ghjm on Wed Aug 06, 2003 at 02:33:54 AM EST

If you're equating apartheid with spam, then South Africa is the spammer - the one actually committing the act. Company X is Cogent - the company "tainted" by knowingly continuing to do business with the evildoer. Boycotting Company X or Cogent should only be done after careful consideration: They didn't commit the evil, after all. However, if you can make a reasonable case that their actions contribute to the continued existence of the evil, you probably have valid ethical justification for the harm you cause them.

Blacklisting the entire Class B that happens to include Something Awful is a bit like boycotting all companies whose name starts with X. Actually, it's worse - it's more like boycotting all American companies, even those who have already stopped doing business with South Africa, because Company X happens to be American. At this point you have no sensible claim that the party you are harming actually did anyting wrong, or had the slightest involvement in the evil you are combating. You have targeted them only because you think they are in a position to influence the behavior of the evildoer, and you happen to be able to force them to do so.

The essential question is this: If an evil act is committed against me, it is okay for me to seek retribution against anyone who fits into a similar category as the evildoer? Surely the answer has to be no - to be ethically justified, you have to be able to sketch some sort of causality between the party you are harming and the evil you are concerned with.

Examples: Is it okay for Saudi expatriates to take revenge against Americans, if other unrelated Americans have sabotaged their prospects for democracy at home? Is it okay for American police to detain and harass those of Arabic racial appearance, if other unrelated Arabic-looking people flew planes into the World Trade Center? Is it okay for me to socially snub a programmer working at Microsoft, because Microsoft managers over whom he has no control committed anti-competitive acts? If a black man shot my father, is it okay for me to shoot just one black man to even the score?

Surely not.

So is it okay for you to block my mail, if someone one rack over from me in the data center sent you some spam?

-Graham

[ Parent ]

Some people have extremely poor ethics here (none / 0) (#842)
by DavidTC on Sun Aug 10, 2003 at 06:39:57 AM EST

I'm sorry, but that's just stupid. Anyone who knowingly enables an action is guilty of it. If I lend you a gun just so you can go and kill someone...I, personally, am guilty of killing someone.

Cogentco is knowingly enabling spamming. Ergo, they are guilty of it, and they are spammers.

Period, end of story.

It amazes me how many people think there's some sort of crazy morality loophole where if you aren't the very last person in a chain of events to accomplish a goal, you have no responsibility for it.

Well, hell, let's build bombs and blow up buildings with them and have them set up off by trained dogs, then no one's guilty except the dogs, and who cares about dog's morality?

Um, no. It doesn't work that way. You build the bombs, you are guilty. You rig them to be blown up by dogs, you are guilty. You train the dogs, you are guilty. You get the fucking doughnuts so everyone else can continue working, you're guilty.

Likewise with spam. Cogentco are, in every moral sense, spammers, and the fact they aren't clicking the send button doesn't mean a damn thing. They continue to knowingly host spammers, they move spammers around so they will not get blocked...they are spammers. They are the evildoers, and SA is the company that's tainted.

-David T. C.
Yes, my email address is real.
[ Parent ]

Now that's interesting (4.33 / 6) (#247)
by pyramid termite on Tue Aug 05, 2003 at 07:13:33 PM EST

How do you square your argument with the ethics of boycotts, e.g. of companies that did business with South Africa during aparteid?

When others compared the collateral damage of SPEWS to collateral damage in warfare, they were called by pro-SPEWS people, "incoherent", among other things. Would they also call this argument incoherent?

Actually, you have raised a good and difficult question - but I think one must also consider the goals involved in the respective situations. What is worse - a bunch of spam in your mailbox, or millions of people being forced into poverty and oppression through apartheid? Are the two truly comparable? How many people's lives are blighted by spam and how many were blighted, or snuffed out by the South African government? What is the goal of anti-spammers? A selfish, which is not to say wrong, desire to have their systems be free of trash - is it right to hurt third parties for your personal benefit, even if such benefit is justifiable? What is the goal of boycotters? A selfless desire to see millions of people liberated from an oppressive and nightmarish existence. Is it right to hurt third parties financially to achieve this goal?

Of course, SPEWS and boycotters advocate - they do not legislate - but which form of advocacy was more effective? Which resulted in the greater ratio of affected party benefits to third party costs? Context, result, motivations, and the identities of innocents hurt and victims salved all must play a role in evaluating this.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Of course it's different; looking for principles (4.50 / 2) (#251)
by grout on Tue Aug 05, 2003 at 07:24:47 PM EST

The original poster's point was an ethical one, and so the analogy was designed to elicit a further explanation of his ethical system. Of course apartheid and spam are a universe apart, and my question didn't equate them. Though I could have made more of a point of that. :-)

That said: Just because apartheid was fought with a boycott, and spam is not as bad as apartheid, that doesn't mean that a boycott is excessive force against spam. Boycotts are good for lots of things, large and small.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Comparing (4.50 / 2) (#457)
by winnetou on Wed Aug 06, 2003 at 07:56:25 AM EST

What is worse - a bunch of spam in your mailbox, or millions of people being forced into poverty and oppression through apartheid? Are the two truly comparable?

What is worse - being poor and oppressed in a country whose economy is failing as a result of a boycott, or having to use another provider to send email? A provider who might actually spend money for a functioning abuse desk, so your monthly fee might be a bit higher?

[ Parent ]

Interesting (4.66 / 3) (#329)
by ghjm on Wed Aug 06, 2003 at 01:47:15 AM EST

I see two distinctions. One, are you taking action against the party with which you have a grievance? If so, then you are causing pain to a /guilty/ party, which is a whole different ball of wax. Second, it's much easier to justify not spending your money, than actively working to eliminate someone's ability to speak or communicate. I don't remember anyone ceasing to buy newspapers from publishers who accepted press releases from companies that dealt with South Africa.

Guilt by association is always questionable. If my roommate smokes a bunch of pot, can I be arrested? Also, if the end justifies the means, ending apartheid carries a lot more weight than ending spam.

-Graham


[ Parent ]

Here (4.50 / 2) (#365)
by djotto on Wed Aug 06, 2003 at 03:43:29 AM EST

in the UK, and I imagine all over the western world, you can bank with banks that have "ethical policies" - basically, they don't lend money to people who make landmines. That seems to have about the right number of levels of indirection in it to me - something like choosing only to accept email from those who have (what you consider) ethical policies towards spam.

Or, as I mentioned way down there somewhere, in the past Coke has been boycotted in Arab states because of its dealings with Israel. Again, it's a passive consumer boycott. I see Coke as analogous to SA and Israel to cogentco.

Of course, as this thread goes on people are just going to keep pulling out more and more tortuous analogies which really don't throw any light on the situation. We should be talking about the case at hand, not Coke or South Africa.

Oh, and I just wanted to say that I thought your parent post was excellent.


[ Parent ]

ohhh! it's like sanctions (2.80 / 5) (#355)
by QuantumG on Wed Aug 06, 2003 at 03:06:16 AM EST

and as we know, sanctions always hurt the innocent more than the guilty. In fact, blacklisting is almost exactly like sanctions. You're blocking the upstream provider because they are "facilitating" spammers. That's exactly like imposing sactions on a country because they supposedly "facilitate" terrorists! The end result: innocent people starve.

Gun fire is the sound of freedom.
[ Parent ]
shouldn't respond to flamebaits... (3.66 / 3) (#362)
by TVoFin on Wed Aug 06, 2003 at 03:38:28 AM EST

...but respond I do.
You're blocking the upstream provider because they are "facilitating" spammers.
The simple difference between sanctions and blacklisting is that there is verifiable evidence that the ISP harbors spammers and does nothing about them.
That's exactly like imposing sactions on a country because they supposedly "facilitate" terrorists!
The netblocks listed in SPEWS are there because a) the provider does not do a thing about spammers in its network, and/or b) actively helps the spammers to dodge blocklists by shunting them around in the IP space.
The end result: innocent people starve.
Situations are not comparable. The starving people have no choice but to starve; the net-users whose IPs have been included in the escalated listings can either change providers (to a less spam-friendly one) or lease access to non-blocklisted SMTP server. If starving guy manages to leave the sanctioned country, the regime won't care. If customers leave ISP, the ISP will care (the flow of money decreases).

-Timo

IB, life, sleep -- pick any two. --Anonymous IB senior.
[ Parent ]

Uh... they are comparable (5.00 / 1) (#533)
by leviramsey on Wed Aug 06, 2003 at 05:21:39 PM EST

You do know the Bush doctrine, right? The US reserves the right to attack or place sanctions on a nation which is not doing enough to prevent "terrorist activity" within its borders. The situation is entirely analogous. Indeed, many anti-spam activists refer to spammers as terrorists.



[ Parent ]
thanks for the support (none / 0) (#809)
by QuantumG on Fri Aug 08, 2003 at 10:37:28 PM EST

The only thing I don't see as being comparable is "starving" vs "losing net access" .. but as far as "easy ethics" is concerned, it's obvious that SPEWS is "putting sanctions" on spammers, and I am very much against sanctions that hurt innocents.

Gun fire is the sound of freedom.
[ Parent ]
$ix figure$ (3.00 / 2) (#577)
by pin0cchio on Wed Aug 06, 2003 at 07:35:11 PM EST

the net-users whose IPs have been included in the escalated listings can either change providers (to a less spam-friendly one)

Most residential customers do not have the six figures it takes to move a family to an area served by a different ISP, and most residential customers fresh out of AOL aren't willing to learn how to set up a non-BL'd pay mail service on their computers unless the non-BL'd pay mail service provides a program that will, with one click, change the appropriate settings in Outlook Express.


lj65
[ Parent ]
The private property argument (4.71 / 7) (#259)
by CaptainSuperBoy on Tue Aug 05, 2003 at 07:54:57 PM EST

Well, I am going to make the private property argument anyway.

It's simple. I don't have to accept your e-mail, and I can use whatever criteria I see fit to make that decision. Perhaps I shouldn't use SPEWS, maybe I don't realize that they list collateral damage as well. But that has nothing to do with you, the fact is, I made my choice.

If you have something you want in the world, it is not ethical to forcibly co-opt other people into doing your work for you.

I agree, but that's not what SPEWS is doing. There is nothing forcible about declining someone's e-mail. The act of declining the e-mail may cause you to change your behavior (by switching hosting providers) but that's not coercion. In fact, it's completely in line with a free market. It's just another market condition that you can either respond to, or risk losing your business. Blacklists aren't forcing you to do anything, any more than your competitors are forcing you to run your business efficiently, or your customers are forcing you to meet their demand. If SPEWS is coercion, then so is any other market condition that you respond to.

SPEWS isn't perfect, but that doesn't mean it's unethical. The way you seem to define morality, competition itself is unethical.

--
jimmysquid.com - I take pictures.
[ Parent ]

That's an incredibly juvenile arguments (3.50 / 8) (#265)
by The Artificial Kid on Tue Aug 05, 2003 at 08:17:27 PM EST

"I'm just going to start kicking air and if you get hurt it's your own fault".

I don't care what you do with your personal email server, but if you hold a position of responsibility where you manage spam blocking for a large number of customers who aren't in direct contact with you then you have a certain responsibility. If you arbitrarily change your own role to attacking spammers first and bringing your clients their legitimate mail second then I can only hope that you'll be shafted by them as soon as they find out what you're doing.

The fact is that many people want to receive unexpected email. If you are the gatekeeper by whom all that email passes then not only are you in a position to stop them from receiving some email, you may also be in a postion to stop them knowing they haven't received it. It is no good saying "then let them change providers. My computer my rules". You have damaged the person by purporting to provide them with email access but in fact denying them email from people who offend your sensibilities. It is undisclosed censorship.

[ Parent ]

You're funny. (3.66 / 3) (#267)
by grout on Tue Aug 05, 2003 at 08:23:01 PM EST

if you hold a position of responsibility where you manage spam blocking for a large number of customers who aren't in direct contact with you then you have a certain responsibility

Yeah. To please the customers. End of story.

The fact is that many people want to receive unexpected email.

Straw man. Nobody has suggested that unexpected mail is inherently less deserving of delivery.

It is no good saying "then let them change providers. My computer my rules".

Actually it's very good. Works every time, in fact.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

You took this sentence out of context (5.00 / 2) (#268)
by The Artificial Kid on Tue Aug 05, 2003 at 08:25:37 PM EST

Straw man. Nobody has suggested that unexpected mail is inherently less deserving of delivery.

This was not about you targeting unexpected mail for refusal. It was about the fact that people will sometimes people will be the intended recipients of mail they didn't want coming but nonetheless want, and that they are therefore not in a position to know has been wrongfully blocked.

[ Parent ]

Blocking ISP can notify if they choose (3.50 / 2) (#270)
by grout on Tue Aug 05, 2003 at 08:33:00 PM EST

If customers ask for the feature of being notified (perhaps with a summary) of the spam blocked over the last week or month ... well, then, ISPs will certainly provide it.

It's not an ISP's job to provide what is not requested or desired, however. That way lay high expenses for low income.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

In which case (5.00 / 2) (#536)
by leviramsey on Wed Aug 06, 2003 at 05:29:34 PM EST

Yeah. To please the customers. End of story.

And when one of your customers sues you individually for a million bucks (with, in some states, triple damages available) for tortious interference, I'll be laughing my ass off. Hell, I'd love to see a lien put on your house and car...



[ Parent ]
Caveat Emptor (4.75 / 4) (#271)
by CaptainSuperBoy on Tue Aug 05, 2003 at 09:28:36 PM EST

I'm sorry, since when was Internet service anything but caveat emptor? It's very easy to find out if your ISP subscribes to SPEWS. We all need certain things out of our Internet service, but you don't hear anyone bitching how "it's unethical for my ISP to only give me 10MB of web space." Do your homework before buying service. I don't believe any of the major national ISPs force-feed spam filtering to their users. If I had to guess, SPEWS is used much more by other businesses than by ISPs. You are focusing on a tiny case where really, the customer should have done his homework.

--
jimmysquid.com - I take pictures.
[ Parent ]
What if they change? (3.00 / 4) (#334)
by ghjm on Wed Aug 06, 2003 at 01:56:55 AM EST

It might be relatively easy to switch dialup ISPs, but DSL/Cable or any commercial ISP service usually requires at least a one-year contract. If your ISP suddenly starts using SPEWS, you are screwed. Besides, why is it valid for you to force me to switch away from an ISP that I am otherwise happy with?

-Graham

[ Parent ]

you're sadly mistaken. (3.33 / 3) (#416)
by vivelame on Wed Aug 06, 2003 at 06:49:55 AM EST

He's not the one forcing you to switch ISP. it's YOUR ISP who's forcing you to switch ISPs. A bit of (crude) analogy.
  • I'm sorry, ghjm, but i don't want to talk to you or your friends anymore.
  • why, why, why God why?
  • well, you keep supporting joe, giving him good money, so he can keep buying lubricant to analy rape me.
  • But you can't do that, it's mean, it's unethical, HE is the one raping you, not me, i'm innocent!! I have a CONSTITUTIONAL RIGHT to talk to you, you have to listen to me and keep spreading my word to all the people you know!!
  • ....


--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Irresponsible attitude. (3.75 / 4) (#447)
by squigly on Wed Aug 06, 2003 at 07:32:39 AM EST

He's not the one forcing you to switch ISP. it's YOUR ISP who's forcing you to switch ISPs.

Only if you hold an ISP using SPEWS as totally unaccountable for its actions.  That ISP is demanding that you change ISP for reasons of its own admins poersonal politics.

A bit of (crude) analogy.

Stop using analogies!  The idea of an anaology is to make the situation clearer.  Every single one I've seen on this story has made the subject less clear.

[ Parent ]

Well they don't (5.00 / 1) (#477)
by CaptainSuperBoy on Wed Aug 06, 2003 at 08:21:25 AM EST

None of the major broadband providers mandates the use of SPEWS, although they offer optional blocking such as Brightmail, which many users love. This will not change.

--
jimmysquid.com - I take pictures.
[ Parent ]
Almost... (3.00 / 2) (#574)
by pin0cchio on Wed Aug 06, 2003 at 07:25:58 PM EST

But what about those residential high-speed Internet access customers whose IP addresses end up on the blacklist because of the city they live in? They can't switch ISPs without putting down six figures.

What would happen if Comcast ended up on the blacklist?


lj65
[ Parent ]
You are right (3.00 / 2) (#315)
by Nova Reticulis on Wed Aug 06, 2003 at 12:50:55 AM EST

Just that the only persons he'd be responsible to is his customers. Are you one? No? Then why are you telling him how to police his networks?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

That's not true. (5.00 / 3) (#332)
by ghjm on Wed Aug 06, 2003 at 01:54:33 AM EST

Suppose a spammer sets up shop in a state where spamming is legal, attracts a few customers, and brings them some sales. By your logic, the only people he's responsible to are his customers. But I suspect you would want to tell him how to run his mail server. What's the difference?

Answer: There is no difference. In both cases, the question is not about customers, it is about the public good. There are stakeholders who are not customers.

-Graham

[ Parent ]

Well, no (3.66 / 3) (#485)
by CaptainSuperBoy on Wed Aug 06, 2003 at 08:28:48 AM EST

Spam is harassment and theft of service. Policing your own network, even if you have 'users to answer to,' is common sense.

--
jimmysquid.com - I take pictures.
[ Parent ]
Well, yes it is what they're doing. (3.66 / 3) (#331)
by ghjm on Wed Aug 06, 2003 at 01:50:04 AM EST

You are conflating the role of the sysadmin with the role of the e-mail recipient. If you are operating your own mail server for which you are the only user, then feel free to do whatever crazy thing you feel like. But that's not what we're talking about. The simple fact is, getting listed on SPEWS means that a large number of people who never agreed to SPEWS' philosophies will nevertheless be unable to receive your e-mail. And SPEWS knows it at the time they make the listing. Therefore they have moral, if not legal, responsibility for the consequences of their actions.

-Graham

[ Parent ]

No (5.00 / 1) (#482)
by CaptainSuperBoy on Wed Aug 06, 2003 at 08:26:36 AM EST

You are thinking of the sysadmin like a lone gunman, deciding company policy wildly and arbitrarily. While that's the case in a few companies, many more companies use a sane method of choosing IT policy which includes user rights, Internet blocking and monitoring, software installation, and yes, e-mail. Companies are well within their rights to decide any computer policy they wish, including what e-mail their employees are allowed to receive.

Before you say you were talking about ISPs, I'll point out that most ISPs don't use SPEWS.

--
jimmysquid.com - I take pictures.
[ Parent ]

For which I'm sure that admins are glad (5.00 / 1) (#532)
by leviramsey on Wed Aug 06, 2003 at 05:18:51 PM EST

Because if I was an admin who was ordered to use SPEWS, I would immediately look for a million-dollar liability policy.



[ Parent ]
Don't work for bad people... (4.57 / 7) (#360)
by dipierro on Wed Aug 06, 2003 at 03:28:11 AM EST

DANTE: My friend is trying to convince me that any contractors working on the uncompleted Death Star were innocent victims when the space station was destroyed by the rebels.

BLUE-COLLAR MAN: Well, I'm a contractor myself. I'm a roofer... (digs into pocket and produces business card) Dunn and Reddy Home Improvements. And speaking as a roofer, I can say that a roofer's personal politics come heavily into play when choosing jobs.

RANDAL: Like when?

BLUE-COLLAR MAN: Three months ago I was offered a job up in the hills. A beautiful house with tons of property. It was a simple reshingling job, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose house it was.

DANTE: Whose house was it?

BLUE-COLLAR MAN: Dominick Bambino's.

RANDAL: "Babyface" Bambino? The gangster?

BLUE-COLLAR MAN: The same. The money was right, but the risk was too big. I knew who he was, and based on that, I passed the job on to a friend of mine.

DANTE: Based on personal politics.

BLUE-COLLAR MAN: Right. And that week, the Foresci family put a hit on Babyface's house. My friend was shot and killed. He wasn't even finished shingling.

RANDAL: No way!

BLUE-COLLAR MAN: (paying for coffee) I'm alive because I knew there were risks involved taking on that particular client. My friend wasn't so lucky. (pauses to reflect) You know, any contractor willing to work on that Death Star knew the risks. If they were killed, it was their own fault. A roofer listens to this... (taps his heart) not his wallet.



[ Parent ]
On ethics (4.50 / 2) (#448)
by winnetou on Wed Aug 06, 2003 at 07:34:33 AM EST

The ethical situation is simple. If you have something you want in the world, it is not ethical to forcibly co-opt other people into doing your work for you.

Indeed, if you want other people to spend resources (like bandwidth, storage and most importantly the time of their users) on email your users send, you need to show you are trustworthy. Hosting with a spam tolerant (or even blatantly spam supportive) ISP won't give that trust.

Your natural right to wave your fist ends precisely at my nose.

And not offering you the free use of my mailspool infringes on your right exactly how?

[ Parent ]

wrong angle (4.50 / 2) (#495)
by jettero on Wed Aug 06, 2003 at 08:43:52 AM EST

From my perspective you're looking at this from the wrong angle... perhaps the SPEWers are too. They're just making a list. It's a list of the usual suspects.

Personally, I'm glad the RBLs are out there... in terms of personal use, I'll use everything from dorkslayers to ordb. For the customers of my ISP, I only use ORDB.

See, my thinking is, it's not unethical to make a list of possible naughty people, but it is unethical to use the list to block mail on behalf of thousands of your customers... unless you have reason to believe the list is accurate.

Example. I was using the spamcop rbl for a while there. One day, groups.yahoo.com got on the list. I stopped using the rbl when the first complaints came in.

I get a lot of complaints about the ordb list -- which has a HUGE positive effect on my spamload. ORDB is pretty good about removing you, through the use of an easy to use removal tool on their page, so they're cool either way... Anyway, for each complaint, I go and check by hand to see if it's open. If it is, I explain to the customer, and attempt to contact the mail admin of the broken mail server (the later actually works really well btw).

Anyway, my point is, there's nothing wrong with making a list of suspects. The wrongness is in using that information and selfishly attacking spammers at your customer's expense.

[ Parent ]

Ethics of blacklisting (5.00 / 2) (#632)
by Sloppy on Thu Aug 07, 2003 at 12:36:51 AM EST

The ethical situation is simple. If you have something you want in the world, it is not ethical to forcibly co-opt other people into doing your work for you.
Blacklisters aren't forcing anyone to do anything. They're saying they don't want to transact with you if you support ($) someone (ISP) who supports (connects) a spammer.

They're not forcing you. They're not bombing you like terrorists. They're attempting to persuade you with an offer, along the lines of "give me this (flame your ISP) and I'll give you that (ability to send me email)." You only see the offer as force, because what they're offering you, is something that you took for granted. Well, perhaps they used to think of you-not-supporting-spammers as something they could take for granted. They were wrong. They learned. Now it's your turn.
"RSA, 2048, seeks sexy young entropic lover, for several clock cycles of prime passion..."
[ Parent ]

All I'm gonna say is (4.46 / 15) (#237)
by coryking on Tue Aug 05, 2003 at 06:55:32 PM EST

I hope most of these "Anti-Spam" people are only managing their own private network. If not - it speaks loads of how inmature this industry is. I think it is highly unethical to delete somebody elses email for them. If you tag the headers as "maybe spam" and let the clients filter it out, thats one thing, but to outright delete the email recived by people other then yourself is highly, highly unethical. A post office mailman would be fired if she did such a thing, and you'd be pissed if you found a post office mailman sending back perfectly legitimate mail.

Thankfully, I suspect that they manage much, much smaller networks then they would lead on. Real admins dont have the time to post 50+ replies in one new article or hang out the whole day on nanae.

Admin would be fired for *not* deleting spam (3.85 / 7) (#240)
by grout on Tue Aug 05, 2003 at 06:57:44 PM EST

Spam interferes with the proper (human-compatible) operation of the net. Any admin who made the "frea speach" argument would be tossed out on his ass. And with good reason.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
Bullshit (3.50 / 4) (#241)
by coryking on Tue Aug 05, 2003 at 07:01:27 PM EST

There is no way management of any sane organization would go for it. There is no 100% positive way to guarantee that what you are deleting is in fact spam. Your ass would be tossed out the minute your ol' boss man gets some legit email deleted.

[ Parent ]
You speak as if it's not happening now. Learn. (4.28 / 7) (#243)
by grout on Tue Aug 05, 2003 at 07:05:48 PM EST

You really should learn more about the state of the art in spamming and spam fighting. Every ISP runs spam filters that deletes incoming spam when it can be detected. A huge number -- I would say a majority -- of companies large enough to have mail systems of their own also delete incoming spam.

Wake up and smell the spam, man. This is the internet of today.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Dude (4.00 / 6) (#248)
by coryking on Tue Aug 05, 2003 at 07:13:35 PM EST

I would never, ever delete customer email. Ever. That is 100% wrong, and I seriously doubt your claim. The only way I could buy it is if the client acknowledged it and it was turned off by default.

As far as spam fighting, the only way to win is the legal system. While spam alone may not be illegal, many of the ways spammers send their email is, and can be tried against classic law. I *know* this because I am in the process of gathering evidence for a spammer who forged one of my domains.

[ Parent ]

Legal system, when and if (3.50 / 4) (#359)
by TVoFin on Wed Aug 06, 2003 at 03:23:51 AM EST

the only way to win is the legal system. While spam alone may not be illegal, many of the ways spammers send their email is
The legal-system approach works only if all countries with Internet access implement it. Here in EU, spam is already illegal. And still I get loads of spam. Most of the spam has been injected in Brazil or Argentina. The great majority of the rest are sent thru raped open relays of proxies in Korea. Even if (and hopefully, when) the US adopts sensible legislation (i.e. opt-in, not opt-out), I seriously doubt that spam from Latin America or Asia will stop.

Of course, the raped proxies are used illegally; however, the Korean ISP's just don't care. Or if they do, they're doing a bad job.

And don't misunderstand the above, I do think that there must be a legal ban on spam. Now if only authorities started prosecuting the spammers, instead of just saying "bah"...


IB, life, sleep -- pick any two. --Anonymous IB senior.
[ Parent ]

one step further (4.00 / 3) (#382)
by Entendre Entendre on Wed Aug 06, 2003 at 04:38:23 AM EST

Now if only authorities started prosecuting the spammers...

Better yet, use a law that entitles spam recipients to statutory damages of, say, $500 per message. That's how the junk fax law works in the US. I'd really like to see something like it applied to email and adopted worldwide.

This way "the authorities" can focus on tractable problems, while a decentralized horde of individuals takes on the horde of spammers.

--
Reduce firearm violence: aim carefully.
[ Parent ]

Right (5.00 / 3) (#534)
by leviramsey on Wed Aug 06, 2003 at 05:22:21 PM EST

But do they run spamfilters like SPEWS? My offer of a bounty on contributors and users of SPEWS was only partially in jest; that statement should give you an idea of my opinion of SPEWS.

However, I maintain my own blacklist. How does a host get on? Simple. When I receive a spam, I run a whois on the host that connected to my mailserver. If the whois indicates that it's a business whose sole business is spamming, then I blacklist their entire netblock. If it's a non-North American ISP, then I block the whole netblock (on occasion all the way up to an entire Class A). If it's a North American ISP, especially a DSL or cable ISP, I blacklist the /24 where the mail came from, if it doesn't appear to be an MX for that domain.

All connection attempts from such hosts are answered with:

555 Your network harbors spammers... to be whitelisted, send an email to lramsey@student.umass.edu

Hosts are removed on the following basis: every week, I grep through the logs for connection attempts from blacklisted networks. I require perfection (0 connects) from a /24, allowing at most 1 connection for a /16 and 2 from a /8. So far this has proven most effective for me (99% of my spam comes through other addresses where the checks are not performed).

I am not opposed to spam blacklists. But the anonymous nature of SPEWS, combined with the unclear procedures for pruning (I've never gotten an answer as to how a company that bought IP-space formerly held by a listed ISP and purged all spammers from it would be removed from the list), and the excessiveness of their blocks causes me to oppose its use.



[ Parent ]
ahhh.... (3.00 / 3) (#689)
by partykidd on Thu Aug 07, 2003 at 06:27:10 AM EST

if that's your real email address,..won't it be combed by spam bots? You might have just made your job a little harder.

"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle


[ Parent ]

Where do you people work? (3.00 / 4) (#256)
by STFUYHBT on Tue Aug 05, 2003 at 07:36:36 PM EST

Where do you guys work, at a freaking soap opera? Since when does management get fired for making a decision on e-mail policy? If my boss was apt to fly into a rage because the company's server blocked his Something Awful newsletter, I'd think about quitting. Seriously, people don't get fired over IT policy. People get fired if they're crappy workers.

-
"Of all the myriad forms of life here, the 'troll-diagnostic' is surely the lowest, yes?" -medham
[ Parent ]
Let's see now... (4.66 / 3) (#335)
by hawthorne on Wed Aug 06, 2003 at 02:05:05 AM EST

Companies who 'delete other people's mail for them' - off the top of my head.

AOL, for starters.

Outblaze, I believe

Plus many, many others - large players as well as small. They inform their users about their policies, and what will happen. It's a selling point.

[ Parent ]

One Word: AOL (3.66 / 3) (#363)
by hanno on Wed Aug 06, 2003 at 03:39:23 AM EST

AOL runs its own, SPEWS-like filter. AOL has at times blocked entire providers and even countries to send mail to its users.

We're not talking about private networks.

[ Parent ]

oh? (5.00 / 2) (#404)
by vivelame on Wed Aug 06, 2003 at 06:15:41 AM EST

your tax-dollars paid for AOL? no, i guess so.

AOL IS a private network.


--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
A related Slashdot story on Trustic - (4.53 / 13) (#249)
by pyramid termite on Tue Aug 05, 2003 at 07:20:18 PM EST

I recently received an email from the anti-spam service Trustic saying: "We have decided to close the Trustic service. We have determined that the system as it currently is designed will not achieve the level of accuracy that we require, and an inaccurate system is worse than no system."" We covered Trustic's anti-spam service, which billed itself as "a community-based block list that prevents untrusted servers from sending spam", as recently as a couple of weeks ago.

Does SPEWS have better confidence in their accuracy? If so, why are many innocents complaining? What would be their answer to the proposition that, "an inaccurate system is worse than no system"?

Article here.

On the Internet, anyone can accuse you of being a dog.
SPEWS works just fine... (3.00 / 11) (#273)
by Dimensio on Tue Aug 05, 2003 at 10:10:11 PM EST

"Innocents" are complaining because apparently they think it easier to whine to third parties rather than ask their ISP why their netspace is considered by the rest of the Internet to be a complete and totall cesspool from which no one wants to accept any mail. SPEWS doesn't list spammers. SPEWS lists spammers AND "spam-support services". Cogent is a known spam support service, thus it is correctly listed. There is no "unaccuracy" here.

[ Parent ]
"rest of the internet" (3.44 / 9) (#286)
by Work on Tue Aug 05, 2003 at 11:01:32 PM EST

Jesus, you SPEWS guys really do believe your delusional bullshit don't you? I've never seen more half-assed logic coming from such a high up nose.

No, I somehow doubt that "the rest of the Internet" cares so long as their e-mail communications between them and their intended party go through. Let me tell you how the real world views their e-mail: 1 legitimate e-mail is worth more than blocking 1000 spams. I'd like to see you explain to a grandmother why her grandson can't send her pictures of her grandchild because he happens to be using an ISP who happens to have a couple spammers.

[ Parent ]

Aww... (3.27 / 11) (#289)
by Dimensio on Tue Aug 05, 2003 at 11:16:57 PM EST

Why wouldn't she be able to send mail to her grandson if HIS ISP is harboring spammers?  The only problem would occur when he tried to mail her back.

In any case, the simplest solution would be to show her the multitudes of pornographic solicitations that said spam-friendly ISP openly allows its customers to send to minors.  See what she thinks of them after that.

[ Parent ]

haha, yeah. okay buddy. (3.77 / 9) (#291)
by Work on Tue Aug 05, 2003 at 11:22:00 PM EST

First off, does grandma know what an ISP even is? Probably not. Does she care? Probably not.

Guess what: 'Grandma' actually represents the majority of the people who now use the internet. People who don't know, nor care, nor ever will, about the technical arcanities of how their services work, or who their services employ, or what other shennanigans they may be up to. And grandma isn't stupid (or crazy) enough to think for a minute that her son should be the one punished for what his e-mail provider is doing.

So long as it works for THEM, its all fine and dandy.

But the instant it doesn't, it becomes your problem. You. The asshole sysadmin who saw fit to block half a class of addresses. None of your infantile delusions of grandeur changes the fact that you are there to provide services and you are failing. You have lost any kind of ethical righteousness regarding spam with all this nonsense and bullshit.

[ Parent ]

If I'm failing to provide services... (3.83 / 6) (#293)
by Dimensio on Tue Aug 05, 2003 at 11:26:04 PM EST

...then my customers will leave.

Why does everyone think that I advocate forcing ISPs to use filters?  I don't.  My attitude is "let the ISP decide, it's their equipment".  If an ISP wants to filter because they don't like the hair of the CEO of the blocked company, that's their decision.  There ARE other ISPs and if customers don't like the filtering, they can leave.  Don't try to tell me that the average ISP customer is so stupid as to not know of other ISPs.

[ Parent ]

and the more this SPEWS nonsense continues... (4.00 / 6) (#296)
by Work on Tue Aug 05, 2003 at 11:31:18 PM EST

Then you're right. They will start to leave. Right now SPEWS isn't a big enough problem to warrant it yet. But continue on this path, and it will be. Already this question has moved beyond nerd discussion sites and onto mainstream ones like FARK and SA (I assume you're the same guy who got into it with Zack Parsons). And don't expect for a moment that more knowledgeable people than found on FARK won't see fit to tear SPEWS and the logic behind it to pieces.

Do you think the corporate managers are going to stand for their dweeby admins to block legitimate e-mails when it reaches that level of consciousness? For your own good, implement a whitelist policy into SPEWS before this reaches a more serious level of service denial.

[ Parent ]

If SPEWS is so bad... (3.60 / 5) (#298)
by Dimensio on Tue Aug 05, 2003 at 11:39:16 PM EST

...then no one will use it.  It will die on its own, and this whole discussion is moot.

That it isn't dead yet means that either it's effective, or it's not done enough damage to "innocent people".

SPEWS won't go away with you whining about it.  In fact, SPEWS probably won't go away at all.  It's not like they would lose anything if people stopped using it -- SPEWS makes no money for its services.

[ Parent ]

Has it ever occured to you... (3.00 / 5) (#313)
by Nova Reticulis on Wed Aug 06, 2003 at 12:44:11 AM EST

..that SA is not significant or important enough to have their opinion on this matter considered? SA is not going to be allowed to dictate third party mail administrators how to run their system. They should either cease and desist or shut the fuck up to conduct the business as usual. Neither SPEWS, nor the antispammers, nor everyone else except for a bunch of people who still can't tell a privielgy from a right care about what SA has to say or SA business. SA fucked up. Then they fucked up even more with their cartooney, something SA claimed to despise itself, Then they did something as unbelievably stupid as attacking NANAE. NANAE is the least preferred people of the Internet to fuck with. Dozens of SA forum members are going to lose accounts. Some are going to lose their jobs. Do you see me blaming SA? No. Everyone should pay for their own stupidity.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

YOu must be joking... (5.00 / 4) (#317)
by The Artificial Kid on Wed Aug 06, 2003 at 12:55:19 AM EST

Dozens of SA forum members are going to lose accounts. Some are going to lose their jobs.

First, is this what you truly believe? And second, do you think the integrity of some newsgroup is more important than a person's livelihood?

[ Parent ]

well... (4.00 / 6) (#324)
by Work on Wed Aug 06, 2003 at 01:11:47 AM EST

they seem to all agree that not receiving 20 penis pump e-mails is worth destroying an entire unrelated company's communications means. So, i'd say thats a yes.

Actually, our friend Dimensio over there advocated the actual hunting and murder of a spammer on FARK. One would think that a mere 'job' is of little consequence to these people.

I don't know whether to be outraged, or to simply laugh at their sad, twisted little lives.

[ Parent ]

Heh... (4.66 / 3) (#325)
by talorin on Wed Aug 06, 2003 at 01:14:22 AM EST

Right now in the main SA forum there's a thread advocating the hunting and assault of the people behind SPEWS. Addresses have been posted and they're trying to take up a collection to get a credit report pulled. Sad and twisted, you say?

[ Parent ]
knowing SA... (5.00 / 1) (#327)
by Work on Wed Aug 06, 2003 at 01:16:42 AM EST

its probably in response to that nutcase from FARK who posted several messages about how he was quite serious about murdering spammers.

Its still childish, though. SA's never really been known for their mature way of handling things.

[ Parent ]

Indeed (5.00 / 1) (#330)
by The Artificial Kid on Wed Aug 06, 2003 at 01:48:14 AM EST

There's a reason the forumgoers are called "goons".

However their juvenile behaviour is reciprocal. They didn't want to get in anyone's way until SA found itself blacklisted.

[ Parent ]

and SA was rightly blacklisted (2.33 / 3) (#412)
by vivelame on Wed Aug 06, 2003 at 06:39:57 AM EST

a sad fact they can't accept.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Exactly (2.33 / 3) (#501)
by Matchstick on Wed Aug 06, 2003 at 08:52:16 AM EST

Get hosted by scum, get treated as scum...

[ Parent ]
I agree (5.00 / 2) (#516)
by evil mole on Wed Aug 06, 2003 at 09:11:21 AM EST

Buy a coke, get treated as scum. After all, they drained that water supply dry in india

[ Parent ]
URL (5.00 / 1) (#356)
by Nova Reticulis on Wed Aug 06, 2003 at 03:08:19 AM EST

please.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

SA forums are pay (5.00 / 1) (#543)
by pin0cchio on Wed Aug 06, 2003 at 06:01:16 PM EST

I don't think you can afford SA forum subscriptions for all K5 readers.


lj65
[ Parent ]
I don't think... (1.00 / 1) (#670)
by Nova Reticulis on Thu Aug 07, 2003 at 04:32:26 AM EST

I care enough to pay money to a cartooney bearing fuckwit just to see how miserable he is. On the other hand, it might be fun.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Thanks for twisting my words. (3.50 / 4) (#336)
by Dimensio on Wed Aug 06, 2003 at 02:05:17 AM EST

I said that I had entertained fantasies regarding killing spammers.  That is true, in situations where they really pissed me off (making my inbox deluged with their bounces when they forged my e-mail address in a spam run).  I also said that I would be very happy to hear that Alan Ralsky (or someone like him) had died a horrible death.

I did not suggest that people go out and hunt down spammers.

As for destroying an unrelated companies communications to prevent porn e-mails, well, it's not my fault that said "unrelated company" chooses to deal with such a scummy ISP.  If cogentco has made their network so disreputable that no one wants packets from them, SA only has cogentco to blame for the problem.  They choose to take it out on people who are simply protecting their networks.  Third parties have no legal obligation whatsoever to accept SA's mail.

[ Parent ]

The hell you didn't. (3.20 / 5) (#338)
by Work on Wed Aug 06, 2003 at 02:08:31 AM EST

And I quote, "In short, it was tried the "nice" way, it didn't work and the spam problem got worse. SPEWS is decent, but I think that what we really need is someone hunting down and executing spammers."

The words are in black and white at FARK.

Yeah and its not my fault if my neighbor happens to be a murderer. Why should I pack up and move to be inline with your nutty fascist ideals?

[ Parent ]

Aparently I was wrong... (4.00 / 5) (#347)
by Dimensio on Wed Aug 06, 2003 at 02:31:17 AM EST

I do shoot my mouth off when it comes to topics like these.

In any case, you're not responsible just because you live next door to a neighbour who commits murder.

HOWEVER, if you give money to a certain person, such as a landlord, and your neighbour also gives money to the same landlord and if that money goes toward the landlord providing a service that allows your neighbor to commit said murders, and your landlord continues to provide that service after being made aware of his tenent's criminal behaviour through that service and if you continue to deal with that landlord after you've been made aware of the entire situation, then you are responsible when people start shunning you because of it -- especially if you whine about them shunning you afterward.

[ Parent ]
Correct. (1.80 / 5) (#351)
by Nova Reticulis on Wed Aug 06, 2003 at 02:37:01 AM EST

It's me who advocates brutally murdering spammers.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Yeah, for six figures (3.33 / 3) (#545)
by pin0cchio on Wed Aug 06, 2003 at 06:02:37 PM EST

There ARE other ISPs

Often there aren't, at least not without spending $200,000 to move a family to an area where a different residential high-speed ISP operates.


lj65
[ Parent ]
Alternatives to moving... (2.60 / 5) (#555)
by Dimensio on Wed Aug 06, 2003 at 06:41:38 PM EST

You don't have to move. You could request that an ISP out of the area set up shop in your city by convincing them that they would stand to gain financially by having a non-SPEWS-using service in the area. You could find a third party location through which to route your mail. Or, you could just live with the filtering. It's still the ISP's decision. No one has a "right" to unfiltered mail.

[ Parent ]
Entry barrier (5.00 / 1) (#566)
by pin0cchio on Wed Aug 06, 2003 at 07:05:42 PM EST

You could request that an ISP out of the area set up shop in your city by convincing them that they would stand to gain financially by having a non-SPEWS-using service in the area.

But how would the new ISP on the block convince the cable company to open up its last mile in an area where the phone company doesn't offer DSL?

You could find a third party location through which to route your mail.

This is the solution I have adopted. I route my incoming mail through SpamCop.net, but SpamCop doesn't allow sending large e-mail attachments to people without MSN Messenger. In addition, the typical residential Internet user fresh out of AOL probably wouldn't know how to set it up.


lj65
[ Parent ]
Here we go again (3.00 / 6) (#311)
by Nova Reticulis on Wed Aug 06, 2003 at 12:38:13 AM EST

Do you think Internet access is a right? Do you think unrestricted, uncontrolled internet access is a right?

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

SPAM sure is good trolling material, uh? (nt) (3.00 / 2) (#400)
by vivelame on Wed Aug 06, 2003 at 06:12:47 AM EST



--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Wrong. (3.00 / 4) (#310)
by Nova Reticulis on Wed Aug 06, 2003 at 12:36:38 AM EST

That's how some end users view the situation. Not the mythical real world you refer to. The real real world is still the world where system administrators take decisions about how to run their systems.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Fortunately (3.40 / 5) (#322)
by Work on Wed Aug 06, 2003 at 01:04:41 AM EST

most responsible sysadmins arent destructive assholes who wantonly /dev/null entire sections of the internet to satisfy their infantile power trip and hatred of penis pumps.

For the rest of you... well, today was your day of fame. And you've done a good job of showing your true and frankly, lunatic, colors.

[ Parent ]

Appearantly not (4.00 / 4) (#427)
by xL on Wed Aug 06, 2003 at 07:04:59 AM EST

If only a few jerk-off admins were using the SPEWS list, the hordes of complaining end users wouldn't be there. Since there are, a large percentage of policy makers at consumer ISPs must be using it.

Why are they using it? Because they remember a time when an email to a fellow ISP's abuse account was actually helpful. Because they've had it with the don't-know-don't-care attitude of some other ISPs. In a sense they feel these irresponsible neighbors are the root cause of the whole problem. Maybe they spent one weekend too many cleaning up a mailspool after being victimized by drive-by spammers using throwaway dialin accounts to spew advertising pointing to the websites of hosting providers that don't give a fuck.

Mail admins invoking SPEWS generally know what they're doing and what their users want. They will follow the SPEWS blocking recommendations, keeping customer needs into account and whitelisting blocking targets that would obviously cause problems. If they use the blacklist without keeping their customers' needs in mind, it is they who are irresponsible in my view and not the mysterious SPEWS cabal.

Also riddle me this: If being blocked by IP network address from sending email immediately kills your revenues as a site owner, forking the $30-$60 a month it takes to colo a second mailserver is common business sense. Not having such backup provisions as a site owner is irresponsible behaviour towards your e-commerce customers; Never make the survival of your business depend on the well-being of a single supplier.

If the backup provisions also kill your revenues, try another line of business or find a friend with his own colo to do the backup services for you for free or a couple of beers. Every second spent complaining about an unseen organisation on Usenet is not helping your bottom line, unless if you want to sell tin foil hats on the side.

[ Parent ]

Innocents are complaining (2.40 / 10) (#309)
by Nova Reticulis on Wed Aug 06, 2003 at 12:34:42 AM EST

Up to date, people who complained about SPEWS are either
  1. Morons who can't figure out the SPEWS FAQ which is very clear on why can one get blacklisted and what to do when one does
  2. Spammers disguised as morons who can't figure out the SPEWS FAQ which is very clear on why can one get blacklisted and what to do when one does.
Neither ones succeeded.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Let me tell you something (5.00 / 5) (#314)
by coryking on Wed Aug 06, 2003 at 12:45:39 AM EST

Either you are a very, very crafty troll with WAY to much time on your hands, or you are a delusional freek.

Either way - you, your Dimensio buddy, and that dude on fark have done WAY more damage to the anti-spam movement then SPEWS or anything else. You three come off as complete jackassed loons.

I sugest you leave the comic book store and maybe make some... friends... or something...

[ Parent ]

Ad hominem. (2.00 / 2) (#754)
by Nova Reticulis on Thu Aug 07, 2003 at 08:43:51 PM EST

Address the raised points or withdraw. Thank you.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Nice, but ... (4.25 / 4) (#372)
by pyramid termite on Wed Aug 06, 2003 at 04:10:27 AM EST

... you didn't actually answer any of the questions I asked. Care to try again?

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
SPEWS *is* accurate (3.75 / 4) (#388)
by Nova Reticulis on Wed Aug 06, 2003 at 04:57:20 AM EST

Does SPEWS have better confidence in their accuracy?
SPEWS does not express, simply because it never talks to us and we dont know who is behind SPEWS. The general opinion of NANAE (supported by my personal observation) is that SPEWS is extremely accurate at what it is designed to do (see below)
If so, why are many innocents complaining?
SPEWS is designed to list spammers and spam friendly ISPs. It does exactly that. Absolute majority of people complaining in NANAE, take my word on it, are newbies who have had their ISP blacklisted and dont have the skills to figure out where to start. Everyone else are trolls and spammers. They might be innocent in the sense that they can't send mail all of a sudden but they are not in any way innocent as far as SPEWS is concerned. SPEWS makes no exceptions for innocent people (none that I know of, anyway) because it will invalidate and completely disarm SPEWS. If people dont clue up or move off SPEWS-listed providers the entire SPEWS affair will be a waste of everyone's time.

To put simply, everyone participating in SPEWS is SPEWS. The list is not SPEWS. People who agree with the list and participate in blacklisting in it are SPEWS. When you blame SPEWS you blame every single administrator out there who resorts to SPEWS. It is by far not the same as trying to blame the list itself. It doesnt matter who actually compiles the list, as long as its compiled by criterias that everyone supports and promotes. Everyone shares collective responsibility for that list. One can choose not to use the list and not be a part of what people seem to think is a problem.

What would be their answer to the proposition that, "an inaccurate system is worse than no system"?
Since SPEWS is not inacurate the answer is "mu". SPEWS is accurate, it just does what it says it does and not what you think it does.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

My rebuttal (5.00 / 3) (#529)
by pyramid termite on Wed Aug 06, 2003 at 04:49:52 PM EST

SPEWS does not express, simply because it never talks to us and we dont know who is behind SPEWS.

And that is the major problem with it. This is not the way spam cancellers work on Usenet - they are known and they are accountable to the community.

SPEWS is designed to list spammers and spam friendly ISPs. It does exactly that.

And then it is used to blocklist the innocent. That's another major problem with it - and whoever puts this list together knows that it is used for that and is shirking accountability for that.

Absolute majority of people complaining in NANAE, take my word on it, are newbies who have had their ISP blacklisted and dont have the skills to figure out where to start.

You are correct - and what do they get? Sarcasm, condesation, indifference, orders to switch their ISPs (even if they're in a place where they CAN'T), and a few helpful and kind replies. It hasn't changed since I left the news.* hierarchy years ago - you've got a bunch of people grandstanding over their "kills", indulging in violent and scathing rhetoric, flaming the crap out of those who disagree and acting in a way that is truly unprofessional, irrational and hurtful to their cause. It's rotten public relations - and people like Russ Allbury and Chris Lewis often showed you and told you how you should be acting.

Everyone else are trolls and spammers.

Whom you play with and counter-troll. Nothing's changed.

When you blame SPEWS you blame every single administrator out there who resorts to SPEWS.

Exactly right. I will make an exception for those who are operating systems for businesses who have no need to communicate with anyone save a specific group of vendors and customers - something like SPEWS does make sense in that context. But then a private blacklist would make as much sense and not be subject to overzealous use.

But a general customer based ISP - I'll quote Vernon Schryver in yesterday's article <bgpmoj$nql$1@calcite.rhyolite.com> "I often encounter ISPs using the RBL, but can't recall any that admitted using SPEWS."

It's obvious to me, though, that a few must be. Not a lot, but a few. Otherwise, why the SA controversy?

Since SPEWS is not inacurate the answer is "mu". SPEWS is accurate, it just does what it says it does

And what it does is wrong. And describing it as a spam-blocking mechanism, which is the justification many are using it for IS inaccurate.

Oh and collective responsibility means NO responsibility - the history of your own country should tell you that.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
They're not innocents, they're accomplices (3.25 / 4) (#540)
by grout on Wed Aug 06, 2003 at 05:49:50 PM EST

No one paying money to, and therefore supporting the business of, a spammer or a spam-enabling provider, is innocent. He is an accomplice. An unwitting accomplice at first, to be sure -- at least in most cases! -- but an accomplice nonetheless.

As such, blocking his mail isn't really "collateral damage" so much as it is a strike at a softer target.

This is not a universal view, but it certainly eliminates the ethical problems that "collateral damage" would raise.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

You can justify anything with that logic (3.60 / 5) (#544)
by pyramid termite on Wed Aug 06, 2003 at 06:01:54 PM EST

No one paying money to, and therefore supporting the business of, a spammer or a spam-enabling provider, is innocent.

No one helping build the dominence of Satanic Western Culture in finance is innocent. Therefore the dead of the World Trade Center were not innocents, but accomplices.

You're damn right it's not a universal view.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
The punishment fits the crime (3.40 / 5) (#559)
by grout on Wed Aug 06, 2003 at 06:57:13 PM EST

In the case of SPEWS listing spammer accomplices, those who would help to destroy the mail system (wittingly or not) by inflicting damage and inconvience on mail systems have as their worst punishment ... blockage and inconvience in their mail system.

Poetic justice, if I do say so myself. And certainly not so over-the-top as murdering civilians, for crying out loud. Get a sense of propotion.

PS: I wonder if Godwin's Law should have a "9/11" clause.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

SPAM's no crime in my state... (2.80 / 5) (#660)
by loucura on Thu Aug 07, 2003 at 01:57:59 AM EST

So, you're a vigilante, which -IS- illegal in my state.

[ Parent ]
Well too bad (1.40 / 5) (#666)
by Nova Reticulis on Thu Aug 07, 2003 at 03:55:39 AM EST

Well too bad that your legal system is fucked up. But don't feel special; so is ours. Any legal system that doesn't treat openly parasite spammers as disposable (yes, that kind of disposable) is flawed in my eyes. Spammers are scum who willingly oppose the interest of entire society - and there can be no argument about it. There's no reason for the society to protect their rights.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Of course society protects their rights (5.00 / 1) (#753)
by grout on Thu Aug 07, 2003 at 08:43:32 PM EST

You are incorrect. Spammers' rights are just as valuable as anyone elses, and just as worthy of protection.

Fortunately for SPEWS, mail delivery is not a right. It's a privilege. One that I am happy to deny to spammers. :-)
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

Please explain what is illegal about SPEWS... (4.50 / 2) (#667)
by Dimensio on Thu Aug 07, 2003 at 03:57:16 AM EST

Go on, tell me what laws are being violated by SPEWS keeping a list of known spam-friendly ISPs (a list backed with documentation, no less). What laws are broken when an ISP decides to reject mail based upon SPEWS listings?

[ Parent ]
Libel? (1.50 / 2) (#729)
by loucura on Thu Aug 07, 2003 at 10:07:22 AM EST

It's a published opinion erroneously claiming that certain innocent individuals are spammers, this hurts their online reputation.

[ Parent ]
Wrong. (3.75 / 4) (#741)
by Dimensio on Thu Aug 07, 2003 at 07:13:15 PM EST

SPEWS does not claim that all listed IPs are in use by spammers. SPEWS claims that their listings are of IP blocks owned either by spammer or by spammer-supporting ISPs. There have been erroneous listings in SPEWS in the past, however these are corrected very soon (sometimes within minutes) of being explained. There is no libel occuring within SPEWS. SPEWS is not claiming that SA is a spammer, it is claiming that SA's host, cogentco, is a spam supporter. This is accurate.

[ Parent ]
Magic Delete Button (2.00 / 2) (#760)
by Nova Reticulis on Thu Aug 07, 2003 at 09:11:56 PM EST

And that is the major problem with it. This is not the way spam cancellers work on Usenet - they are known and they are accountable to the community.
This is a bogus analogy. USENET is a distributed, well controlled, broadcasting and highly traditional environment. E-mail isn't. You can't "cancel" spam after it hits someone's mailbox. The damage is already done. Also, E-mail is much more attractive for spammers. To clarify: USENET is a public community medium, hence the accountability. E-mail is highly private. No accountability to anyone but immediate customers.
And then it is used to blocklist the innocent. That's another major problem with it - and whoever puts this list together knows that it is used for that and is shirking accountability for that.
Again. If SPEWS does not blocklist the your-innocent (whom I don't see as innocent because they are paying customers to a spammy ISP), the spammy ISPs will have no incentive to clear out the spammers. Is the ethical standing of this questionable? Maybe. Debatable? No. Do we have other, better tools? No. Understand, we're trying to stop the spammers, not the spam.
You are correct - and what do they get? Sarcasm, condesation, indifference, orders to switch their ISPs (even if they're in a place where they CAN'T), and a few helpful and kind replies.
What did you expect them to get? If they bothered to read the darn SPEWS FAQ they wouldn't be repeatedly beaten into pulp for their laziness and ignorance. Everything that's ever said in NANAE regarding SPEWS can also be read in the SPEWS FAQ. Quite the contrary, NANAEites often help the newbies by giving valuable advice and giving predictions based on sad experience with their peers.
Exactly right. I will make an exception for those who are operating systems for businesses who have no need to communicate with anyone save a specific group of vendors and customers - something like SPEWS does make sense in that context. But then a private blacklist would make as much sense and not be subject to overzealous use.
Well, you must understand that email servers are private systems, not community endeavours. You can argue and boycott until the moon turns blue but no one is going to listen to your ethical call because in their eyes you are [rightfully] seen as legitimate as a preacher breaking into one's private appartment and demanding to abandon the sinful life and giving your soul unto Lord Jesus Christ (TM). You'll be lucky if you don't get kicked out.
But a general customer based ISP - I'll quote Vernon Schryver in yesterday's article <bgpmoj$nql$1@calcite.rhyolite.com> "I often encounter ISPs using the RBL, but can't recall any that admitted using SPEWS."
That's because SPEWS listings are not available to third parties except for certain chosen RBLs themselves. If you want to use SPEWS lists, you have to use a SPEWS relaying RBL. The original poster isn't a shining example of primal clarity.
And what it does is wrong. And describing it as a spam-blocking mechanism, which is the justification many are using it for IS inaccurate.
What it does is none of your concern as long as you are not a part of involved community. Since email is not a community, you don't have business there. Since you're not an email administrator yourself, it's not your business either. Understand that SPEWS is not a spam blocking mechanism. RBL filters at the destination mailservers are. SPEWS does not block spam, SPEWS helps blocking spammers. In essence, as another poster said elsewhere, SPEWS is the answer to the "Just Hit Delete" argument. It is the magic that animates our cooperative delete button.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Your argument is backfiring on you (4.00 / 2) (#770)
by pyramid termite on Fri Aug 08, 2003 at 01:19:10 AM EST

What did you expect them to get? If they bothered to read the darn SPEWS FAQ they wouldn't be repeatedly beaten into pulp for their laziness and ignorance.

They're ignorant of the answers of the most important questions - Who are we? Where is your contact information? - because they have been deliberately kept so.

It's been deliberately designed for non-responsiveness and non-responsibility. This is NOT ethical.

Everything that's ever said in NANAE regarding SPEWS can also be read in the SPEWS FAQ.

Heh - that is unless you disagree with the philosophy being used - and don't tell me there aren't NANAE regulars that don't disagree.

Well, you must understand that email servers are private systems, not community endeavours.

And you must understand that if this kind of action continues to spread, it will turn E-mail into a more of a broken mess than it already is.

Well, you must understand that email servers are private systems, not community endeavours. You can argue and boycott until the moon turns blue but no one is going to listen to your ethical call because in their eyes you are [rightfully] seen as legitimate as a preacher breaking into one's private appartment and demanding to abandon the sinful life and giving your soul unto Lord Jesus Christ (TM).

The government regulates private property all the time, my friend. Keep this up, expand it even more and the outcry will be such that the government(s) will step in and regulate things. Probably for the benefit of corporations and possibly even some spammers, as someone else pointed out.

You see, your strident efforts to convince me that such things as you advocate are justified and right have instead made me wonder if an unregulated internet is such a good thing - I didn't think that before. I think there's obvious dangers - but if people like you are going to break things by abusing your power to hurt innocent third parties, then I am going to have to take a SERIOUS look at what I may ask my government representative to support.

Get a serious clue yourself - industries that are percieved as acting unethically by the public, even small sections of it, DO and CAN get regulated. We are still some time away from that - but the time may well come when the debate is no longer between anti-spammers (admins) and dissenters - but anti-spammers and people who advocate government regulation. And that debate will not be on NANAE - it will be in the halls of government. And you WILL NOT be able make the arguments there that you have with me and prevail.

You have a serious problem developing here. You actually are changing my mind about something - the idea that governments should let the internet totally alone. History is full of examples of industries who overreached with power and priveleges until the public demanded the government do something.

Do not let this happen to your industry. BE RESPONSIBLE!

What it does is none of your concern as long as you are not a part of involved community. Since email is not a community, you don't have business there. Since you're not an email administrator yourself, it's not your business either.

Your business got plastered all over a webboard that I concentrate much of my net.time upon. And if you don't like my discussing your business here, you can always go away and ignore the discussion. I'm expressing my opinions on what is discussed here - I have no intention of going to your newsgroup and discussing it there. In short, don't tell me to get out of your face on a webboard I frequent, you arrogant two-day wonder.

Oh - and don't be surprised when your business gets plastered all over letters to MPs, Congressmen and what have you. Keep supporting shadow cabals that control more and more of the internet's services and it will become a matter of public business and then government business. And you WON'T be telling THEM that it's none of their business if you want them to listen to you.

In short, your ethics stink - clean up your act before it gets cleaned up for you.

PS - this is my last post on this subject. I will be investigating the various anti-spam laws, and their provisions, that are being proposed in Congress. (I know, it doesn't directly affect you, but ...) Depending on what I learn, I may well begin advocating one - one that recognizes the rights of innocent people as well as the wrongs of spammers. And I won't be doing it in NANAE.

Still think you've won this argument? Go ahead - tell your buddies in NANAE that you won this argument by convincing someone that the government may need to step in if this keeps up.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
-1 Too Slashdot like (2.25 / 16) (#295)
by idontgno on Tue Aug 05, 2003 at 11:31:07 PM EST

-1 Pro-spam What, I can only give one -1? Damn

--- We are here to protect you from the terrible secret of space. - Pusher Robot

View from the other side (4.52 / 19) (#301)
by Tatarigami on Tue Aug 05, 2003 at 11:58:06 PM EST

At one time I worked for an upstream provider that got blacklisted. Not for being a source of spam, but for 'threatening' a blacklist's operation -- by declining to give the list operator sweetheart rates on bandwidth for the small local ISP he was running on the side.

The operator had a habit of making very public attacks on industry big names, so we had to get in line to sue him. He went out of business and closed his blacklist down, but the damage was already done -- now the company was on dozens of blacklists as a spammer and a threat to anti-spammers.

I think blacklists do a lot of good, but I no longer believe they should be allowed to operate as a law unto themselves. There should be a clear ethical standard for list operators, and they should make themselves accountable, even if it's only to some kind of oversight committee they set up themselves.

My Server; my rules. I dont care what you think. (3.20 / 10) (#339)
by RipCurl on Wed Aug 06, 2003 at 02:09:41 AM EST

As stated, the only "standard" that needs to be known is that servers are privately owned and like with any private property, I have the right to accept or deny anyone from accessing it.

If I want to put a pit bull dog on my front yard to prevent burglars from breaking into my home, that is my right. You have no right to access my private property without my explicit permission. The pit bull dog, is MY blocklist. The property is my server.

[ Parent ]

"private" property (4.33 / 6) (#459)
by mozmozmoz on Wed Aug 06, 2003 at 07:57:29 AM EST

Actually, you'll find that as soon as your pit bull attacks one of the nurmerous people with a legal right to enter your propety you'll either be in court or looking for a new dog. As a condition of your possession of the property the state requires you to do certain things, such as having some way for passers-by to gain your attention. Like, say, the police or IRS, should they ever want to talk with you. Then there's the meter readers, phone company people and so on, who have a contractual right of entry. This relates directly to SPAM. By advertising your server as a mail relay, you're saying that you'll ... relay mail. Now, until the RFC is passed, you can't advertise "I'll relay some mail, if I feel like it, and silently drop other mail". So it's more than a little unreasonable of you to do so. Don't like that? Vote on the anti-spam RFC, then write a compliant mailhost. It's not that hard.

There's lots of comedy on TV too. Does that make children funnier?
[ Parent ]

Maybe in some other world ... (none / 0) (#759)
by grout on Thu Aug 07, 2003 at 08:52:15 PM EST

... does having a server on the net with an SMTP port open carry with it an obligation to deliver all mail that arrives. But not in this world.

You really should find a legal theory that applies to the subject being discussed, instead of just drawing analogies to other areas and hoping they stick.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

In fact.... (none / 0) (#841)
by DavidTC on Sun Aug 10, 2003 at 06:18:06 AM EST

...that's not even how email works.

It's vaguely possible to argue that email servers shouldn't silently delete email. It's a bit silly to seriously argue they shouldn't silently disappear something they know is spam, but possible with some readings of the RFCs.

But, of course, blacklist usage, at least in all implimentations I've seen, give an explict 55x reject message...which means 'I deny your email on policy grounds.', and then they give an explanation of why they did so, which the mail server on the other end then turns into an rejection email and hands back to the original sender, so they see exactly what happened. This is a very well defined process, explictly laid out in the very rules of SMTP...servers can give an error, and the other end must realize the mail was not delivered. (And hopefully do something about it, although I'm not sure about that.)

Ironically, it's the other anti-spam solutions that silently delete email, or at least are more likely to do so, like spamassassin can be set up to do, and JHD does all the time. Blacklists don't silently delete anything at all.

Of course, this avoiding the fact the grandparent post was talking like SMTP servers are supposed to deliver email for anyone, from anyone, even when the users have nothing to do with their system...which is just silly. (Although, again, such email arguable shouldn't disappear...it should be rejected. Which is always is...anything else looks like an open relay, at least until the email doesn't come out the other end...which can take days.)

-David T. C.
Yes, my email address is real.
[ Parent ]

Yes; your server, your rules. (5.00 / 4) (#496)
by graedus on Wed Aug 06, 2003 at 08:44:17 AM EST

However, when a business is improperly and unethically added to a blacklist which you use and support, you have a moral imperative on behalf of your customers (do you remember them? probably not) to correct the problem. It is obscene to ignorantly bury your head in the sand, screaming, "MY SERVER MY RULES MY SERVER MY RULES" while your customers are dealt an injustice by an overzealous, unethical, downright-jackass of a blacklist admin.

For SPEWS' part, it's their blacklist and their rules. However, so long as admins use SPEWS' list in good faith that the list is valid and does not contain 'politically' blacklisted sites, SPEWS must be held accountable, and since SPEWS intentionally prevents being held to account, it is the responsibility of civilized netizens to inform admins of the problem.

To your pitbull, a man from a nearby city stole my stereo, so I trained my pitbull to maul anyone living in that city. My house my rules my house my rules.

[ Parent ]
You're assuming that adding SA is bad (none / 0) (#758)
by grout on Thu Aug 07, 2003 at 08:49:03 PM EST

I happen to find adding SA's netblocks to SPEWS both proper and ethical. So do lots of other people. You can't assume your argument, you know, and that's exactly the point we're arguing -- whether adding SA was appropriate.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
nope (5.00 / 2) (#561)
by Delirium on Wed Aug 06, 2003 at 06:57:30 PM EST

Knowingly keeping a dangerous animal is illegal in many jurisdictions.

[ Parent ]
But is it fair? (5.00 / 3) (#572)
by Tatarigami on Wed Aug 06, 2003 at 07:22:33 PM EST

Let's suppose I decide to publish a list of bad people:
  • Adolph Hitler (for the Holocaust)
  • Pol Pot (for organising child execution squads)
  • Muammar Khadaffi (for granting asylum to mad bombers)
  • RipCurl (I wanted to buy something from him and he refused to give me a discount)
Is that a valid use of my 'bad people' list?

[ Parent ]
Sure that's valid ... (none / 0) (#757)
by grout on Thu Aug 07, 2003 at 08:47:31 PM EST

... because it's so obviously stupid that if you published it, your reputation as someone with clue would suffer.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]
*Your* server *your* rules (5.00 / 3) (#625)
by Demento on Wed Aug 06, 2003 at 11:25:44 PM EST

If you own your server black listing all and sundry is perfectly fine - do whatever you want, but when it comes to running ISP mail servers your have a duty to your customers to make sure that they receive their mail whether it fits your anti-spam agenda or not. Either that or implicitily state in your TOS that you won't necessarily receive all of the email that's addressed to you.

Some people choose to blacklist entire countries, but what if one of your customers is expecting a reply from, let's say, Brazil or Korea... Yes, you're happily on your way to becoming RipCurl Saviour Of The Internet, but you've got one very pissed off customer sitting at his or her computer/internet enabled toaster/whatever and guess who pays their bills and ultimately your wages.

Some of the admins in NANAE seem to revel in the fact that they can cut people off with ease including the delightful chap who wrote: "I block everything from Brazil because everything we've ever got from Brazil is spam, and it comes in fistfulls. SPEWS can delist telesp if they clean up (no sign they will). But I'll still bounce everything from Brazil as will many others. That country has earned a fixed block in my lists. To get out, they'd have to clean up, donate huge amounts of money to charity, send me a case of beer and hook me up with a well-stacked Brazilian female at least half my age (wait a minute keep things legal and make it 2/3 my age)."

If I found anyone with this attitude working for me they'd be out of the door as soon as possible.

[ Parent ]
Default argument. (3.00 / 2) (#761)
by Nova Reticulis on Thu Aug 07, 2003 at 09:43:21 PM EST

If you own your server black listing all and sundry is perfectly fine - do whatever you want, but when it comes to running ISP mail servers your have a duty to your customers to make sure that they receive their mail whether it fits your anti-spam agenda or not.
Wrong. ISP servers are as private as my own. If an ISP hires me to run their mail servers, I will. I do have a duty to inform my customers about how those servers are ran. I do not have a duty to my customers to have all their mail received. Unless fired, I am the final authority over what goes through the systems I am responsible for.
Some people choose to blacklist entire countries, but what if one of your customers is expecting a reply from, let's say, Brazil or Korea... Yes, you're happily on your way to becoming RipCurl Saviour Of The Internet, but you've got one very pissed off customer sitting at his or her computer/internet enabled toaster/whatever and guess who pays their bills and ultimately your wages.
...and? A good email backend will have per-user whitelisting options. That and the fact that email is not a right. Sending email is service. Receiving email isn't.
If I found anyone with this attitude working for me they'd be out of the door as soon as possible.
Maybe that's why you're not a CEO of a large ISP, and if you were one your systems would be in crappy state because no decent admin will agree to work for you? You're not in the business. You can not assess the damage the spammers do. You can not understand the meaning of ``redundancy'', ``uptime'' and ``resource planning''. You don't live in the business world of an ISP yet you make obnoxious comments how you would allegedly fire an allegedly incompetent admin over an allegedly pissed off customer were you an alleged CEO of an alleged ISP.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Just because it's the 'default argument'.... (3.00 / 2) (#764)
by Demento on Thu Aug 07, 2003 at 10:30:04 PM EST

doesn't mean it's not right.

ISP servers belong to the ISP, mail server admins are members of the ISPs staff entrusted with the servers. Perhaps you should try whipping 'your' server out of the rack at the end of your shift and taking it home.

As the admin you're effectively the same as the guy that has to sort through all of the post at the local office, imagine what would happen to him if he saw a bulk mailshot going through when he's sorting and decides to pull all of the letters out. He wouldn't be coming in the next day.

The ISPs terms and conditions are the final authority as to what can and cannot go through the system, if blacklisting gigantic parts of the internet isn't there then neither should be SPEWS or any other blanket banning system.

Yes, user whitelisting should be in place, but if I'm running my business via the internet how do I know if I have a new client if I can't receive their email?

Sending and receiving my email is a right granted to me when I PAY my subscription to my ISP. The money to pay your wages doesn't suddenly magically in the ISPs account. The customers are the most important component of any business in the service industry, without them your taking your self righteous trip up the creek without a paddle.

I'm interested to know, who's being more obnoxious - me with my comment about an admin not doing their job correctly or the smug fuck who's basically spanking an entire country's internet user base because of the actions of a few spammers?



[ Parent ]
Answering (2.00 / 1) (#784)
by Nova Reticulis on Fri Aug 08, 2003 at 05:47:54 AM EST

ISP servers belong to the ISP, mail server admins are members of the ISPs staff entrusted with the servers. Perhaps you should try whipping 'your' server out of the rack at the end of your shift and taking it home.
It doesn't matter. I am trusted not only with babysitting servers but also with maintaining and expanding the infrastructure. Servers aren't some random items you buy in quantities and then put a guard around at the warehouse door. Maintaining servers is a creative, exhausting and extraordinary work. Network administrators are responsible for smooth server operation and availability, not for the mere presence of servers in the rack - this is why you can't say that since you dont own the servers you are seriously limited in your freedom and have to adhere to the ISP policies. In serious ISPs, admins are the policy.
As the admin you're effectively the same as the guy that has to sort through all of the post at the local office, imagine what would happen to him if he saw a bulk mailshot going through when he's sorting and decides to pull all of the letters out. He wouldn't be coming in the next day.
I'd like to explain why this analogy is bad so that you don't get overexcited with it.
  • Post offices are owned and sponsored by the state. For your analogy to be correct, each and every one of post offices must be a private company. Being a private company means the burden of planning and finance is on you, as well as the benefit of control
  • Post offices are a single infrastructure, carefully pre-planned for availability, it's pretty static. For your analogy to be true, post offices must have no means of coordinating with each other except for road signs and occasional telephone calls, and the amount of junk mail must be at least close to the amount of legitimate mail. In modern email system, it exceeds legitimate mail.
  • Post offices serve from destination to destination, but the *sender* pays for delivery. For your analogy to be true, everything post offices do must be free of charge, as the costs would be distributed between post offices that route mail between each other. Obviously, no private mail company can survive under this condition, so the only option would be start charging for it (and you know you can't charge for email) or making it a value added service. News for you: email is, always was and always will be a value added service. So, for your analogy to be true, each post office must be a vital but not paying part of a larger corporate entity.
  • A post office employee is not responsible for designing infrastructures and establishing policies; only with maintaining and enforcing them. For your analogy to be true, post office employees must be trusted with effectively choosing the way they run their post office, and nthreatened with unemployment if they fail to perform in efficient manner.
Now let's see where we are. Your analogy with post offices is right: as an admin I am not any different from the post office guy, provided that mail is free for the senders and I have to report for the expenses in both directions, all post offices dont give a fuck about each other, and I am the guy who will get fired if I don't keep my post office in top shape because even though it's a small part of my company, customers will go away if it doesn't work.

I dont think you can imagine the mayhem I am describing. If tomorrow you were to wake up and discover that the entire Post Office infrastructure was privatized overnight and now operates exactly by the same principle as e-mail, you'd be surprised how quickly it would collapse.

Yes, user whitelisting should be in place, but if I'm running my business via the internet how do I know if I have a new client if I can't receive their email?
That is indeed a problem. However, it's not the ISP's problem. A self respecting company installs their own mailserver and hires their own mail administrator who then is made responsible for delivery. ISP can't and won't block tis email traffic. Private customers will have to do with the usual whitelisting: the other option is utter and imminent destruction of email system as a concept.
The ISPs terms and conditions are the final authority as to what can and cannot go through the system, if blacklisting gigantic parts of the internet isn't there then neither should be SPEWS or any other blanket banning system.
Huh?
Sending and receiving my email is a right granted to me when I PAY my subscription to my ISP. The money to pay your wages doesn't suddenly magically in the ISPs account. The customers are the most important component of any business in the service industry, without them your taking your self righteous trip up the creek without a paddle.
Wrong. Email is a value added service. By purchasing an ISP account, you obtain yourself a right to send e-mail within your ISP's WAN, and a privilegy to receive e-mail as the ISP deems fit. An ISP that tells you it promises you with sure way to send mail is lying. An ISP that tells you it promises to deliver all your mail unmodified, whatever that is, is summoning hell on its ass. There's no absolute and unconditional right for e-mail, not in your contract, not in US constitution, not in Bible, not anywhere else. And if customers don't bitch about it then something must be right. Notice: the people bitching are those who can't SEND e-mail, not those who can't RECEIVE it. And they have no one to bitch at except for their ISP (which is both the only entity they're entitled to bitch to and also the ultimate reason for them not being able to send e-mail), but they still bitch at blacklists, antispammers and random people because it doesn't cost money to bitch as opposed to act. Let me remind you that you have a right for speech, not to be heard, and even then this right is completely invalid when it comes to private property.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

Libel/Slander Laws (5.00 / 1) (#752)
by curunir on Thu Aug 07, 2003 at 08:27:22 PM EST

Your server is your property. But placing someone on a blocked list is tantamount to calling them a SPAMer. If you're wrong, libel laws should apply.

To use your example, you have every right to put a pit bull on your porch. What you don't have the right to do is place signs on your porch that defame or otherwise injur another party without them having a recourse to stop that behavior.

The law has already approached this issue from another angle and created laws to deal with it. It's just a matter of time before people realize that those laws should apply to new forms of speech.

[ Parent ]
SPEWS isn't libelling anybody (2.00 / 1) (#756)
by grout on Thu Aug 07, 2003 at 08:46:40 PM EST

SPEWS doesn't advertise its list as being of spammers only, but also of IP blocks of spam supporters and spam-tolerant ISPs.

And in the US, anyway, truth is an absolute defense against libel.
--
Chip Salzenberg, Free-Floating Agent of Chaos

[ Parent ]

If that is the lad I think it is (4.33 / 3) (#344)
by xL on Wed Aug 06, 2003 at 02:20:11 AM EST

Then he had a talent for barking up the wrong trees and getting the wrong people pissed off at him. On the other hand, if your ISP is the one that I think it is than his listing of that ISP was not completely baseless either. It's the first time I hear about a story concerning bandwidth rates, though. Could you eleborate on that? I've heard the other side of the story so many times that I could use some counter information.

[ Parent ]
It may be (5.00 / 3) (#549)
by Tatarigami on Wed Aug 06, 2003 at 06:15:29 PM EST

I'd rather not confirm your suspicions about the people involved, since I don't want to say any more than has already been reported in the papers.

To tell you the truth, I don't think the company handled it as well as they could either -- the rumour I heard (and was never able to confirm) is that one of the senior managers called the list operator and let himself be provoked into a screaming row, which was then documented on the blacklist records...

The lessons I took away from this incident were a) if you do someone a favour they never asked you for, they may not feel they owe you anything in return and b) don't do business with people who value publicity over profit.

[ Parent ]

Only one person I know (5.00 / 1) (#569)
by xL on Wed Aug 06, 2003 at 07:10:09 PM EST

can get a grown man to go into a frustrated screaming fit so easily. The man has talent, I'm afraid. Say no more :)

[ Parent ]
Accountable to whom? (5.00 / 1) (#634)
by Sloppy on Thu Aug 07, 2003 at 12:41:22 AM EST

There should be a clear ethical standard for list operators, and they should make themselves accountable, even if it's only to some kind of oversight committee they set up themselves. There should be a clear ethical standard for list operators, and they should make themselves accountable, even if it's only to some kind of oversight committee they set up themselves.
That seems like a very reasonable thing for you to want. So don't use a blacklist that doesn't live up to your expectations. I can't help but wonder, though, if you desire to impose your (very reasonable, IMHO) standards, on what blacklists someone else may use.

Blacklist operators are accountable. It's just that they are accountable only to the people who use the blacklist, and not to the world at large. If the users don't like it, they can Just Say No.
"RSA, 2048, seeks sexy young entropic lover, for several clock cycles of prime passion..."
[ Parent ]

The spam thing has gone too far (2.66 / 18) (#366)
by HermanMcGuigan on Wed Aug 06, 2003 at 03:46:48 AM EST

Spam is an annoying phenomenon that a lot of people have verbosely complained about over the last few years. Some of them have gone too far.

First off, to people who complain incessently about spam - get a life. Seriously. I don't know about your email client, but on standard email clients it's pretty smiple to hit "delete" or click a checkbox and click "delete", and get rid of messages that you don't want.

Another whine is that it's not costing money for the spammers to send the spam in question, but the spam is killing people. (Yup, for those who are new to Ultrabot anti-spam whiners, they really do claim that spam kills people). The logic? Well, since they spend 10 second deleting unwanted messages, and there are millions of messages being sent to various people in the world, if you add up all that time, you would have wasted entire lifetimes, therefore, spam killed people.

Yes, these are supposedly adults that we're talking about here.

Take another fine example, K5 itself. Now, I'm new here, but this strikes me as funny:

Spamming is not tolerated here. Any comment may be deleted by a site admin, and all spammers will be deleted. This is fair warning. If you don't know what spamming is, then you're probably not about to do it, so don't worry. But you can read the definition in The Jargon File if you were wondering (particularly number 2). :-)

Now, if comments are viewed as spam, what about the ads? I didn't specifically ask for all those ads to be forced upon me. Theoretically, I could complain that those ads are spam, no different from the Penis Enlargement spam, Get a Nursing Degree spam, or buy prime property now Spam.

Of course, it could be argued that I came to this site of my own free will, and chose to read the content of this site, and a catch is that there are ads on this site. And, furthermore, I have the option of registering, for a small fee (or whatever the case is), and the ads will not be displayed. It's similar for certain other weblogs (And it's on these weblogs that the majority of the people who whine about Spam can be found). Ok, that's a fair enough deal. How about we apply this logic to email?

You chose to use email. Noone forced you to. Now, sometimes, spam happens when you use email. You didn't ask for it, but it happens anyway. It's annoying, yes. It's disruptive, yes. How about, for a small fee, you pay the spammers to stop sending you their spam? That would solve the spam problem.

No? You don't like that idea? Well then, stop whining and just press the "delete" key. Surely you aren't too lazy to do that?



not just delete... (4.16 / 6) (#371)
by the77x42 on Wed Aug 06, 2003 at 04:09:21 AM EST

my old company got close to 1 spam email every 3 seconds on average, and that was a small company. it bogs down the system and wastes my time and a hell of a lot of money for me to control it. trust me, you don't want the president of the company getting dozens of emails about how his penis size is inadequate.

i personally receive close to 50 spam emails a day on my home account. if you want to sift through and delete all those every day, be my guest, but it will wear you out. It's junk, it wastes resources and time, and i didn't ask for it to be sent to me.

pay the spammers to stop sending you their spam? are they the mafia now?


"We're not here to educate. We're here to point and laugh." - creature
"You have some pretty stupid ideas." - indubitable ‮

[ Parent ]

Hello the77x42 (2.60 / 5) (#376)
by HermanMcGuigan on Wed Aug 06, 2003 at 04:25:29 AM EST

my old company got close to 1 spam email every 3 seconds on average, and that was a small company.

Ouch, I'm sorry to hear that, it does sound bothersome.

it bogs down the system and wastes my time and a hell of a lot of money for me to control it.

I'll grant you that. Although, I must just say, that the amount of spam you get sounds a bit excessive. I get about 20 spam messages per week on my Hotmail account, and 0 (yes, 0) on my personal and business accounts.

trust me, you don't want the president of the company getting dozens of emails about how his penis size is inadequate.

Understandable. Spam is annoying. No question. Here are a few ideas to prevent spam:

1. Don't use your real email address (by that I mean personal or business accounts) to sign-up to anything. No matter how strict their privacy policy is. Rather use webmail, or other throw-away accounts.

2. Try not to post to newsgroups, message boards, or any other public forums where your real email address could be displayed, even if it is obfusticated. Instead, use a throw-away or webmail account for these purposes.

3. As a last resort, if you really do have a spam problem that's out of control, either use spam-blocking software, or dump the problem account(s) and start over, obeying the first 2 rules mentioned above.

i personally receive close to 50 spam emails a day on my home account.

That's quite a bit. Again, though, the delete key will do the trick...

if you want to sift through and delete all those every day, be my guest, but it will wear you out.

With respect, it would take a lot more than that to wear me out.

It's junk, it wastes resources and time, and i didn't ask for it to be sent to me.

Well, none of us asked to have to live in the real world. We'd rather all not work, and instead, go and lie on the beach all day. Unfortunately, most of us have to deal with it, in varying degrees of severity. And in dealing with the real world, we have to deal with all of the annoyances involved. Including taxes, unpredictable stocks, mortgages, credit cards, people who hand out flyers on the side of the road, bad traffic, unpredictable weather, complicated relationships, (personal and professional), annoying radio ads, and spam.

pay the spammers to stop sending you their spam? are they the mafia now?

Well, if you're really so concerned about spam, and paying was a way to stop it, would you? Just a hypothetical question.



[ Parent ]
20 spam messages a week is nothing. (4.33 / 3) (#378)
by gordonjcp on Wed Aug 06, 2003 at 04:30:24 AM EST

Some of us get roughly 100-200 spam messages a *day*, which is very annoying. No, I haven't signed up for any pr0n lists. I've had the same email address for about six or seven years, though. One email address just has nothing but spam these days, which is annoying because I've had it for about 12 years.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
My gosh (2.33 / 3) (#387)
by HermanMcGuigan on Wed Aug 06, 2003 at 04:54:17 AM EST

Some of us get roughly 100-200 spam messages a *day*

Granted, that does sound awful :(

No, I haven't signed up for any pr0n lists. I've had the same email address for about six or seven years, though

Unfortauntely, spammers are ruthless, and a lot of the companies behind public websites aren't much better. The spammers probably got hold of your email address by scanning public forums (usenet, weblogs, message boards, etc), or, alternatively, you might have inadvertantly entered your email address at a site (doesn't neccessarily have to be a dodgy site like a porno site or anything, it could have been a dot-com company that decided to sell their email database when the bubble burst, or even an otherwise respectable site). That's why I said in my earlier post: Do not sign up for anything with your real email address (ie, your business or personal accounts). Use a webmail account, or other throw-away account.

One email address just has nothing but spam these days, which is annoying because I've had it for about 12 years.

It's sad that it has to be this way, but perhaps it's time to dump your old accounts and create new accounts.



[ Parent ]
Why should I dump my mail accounts? (4.60 / 5) (#390)
by gordonjcp on Wed Aug 06, 2003 at 05:05:39 AM EST

Why not just kill spam by using block lists? I don't want to receive any advertising anyway. I don't want to receive any mail from anybody in China, Korea or Taiwan. And finally, I don't care about some hypothetical person trapped on a Pacific island with an evil government who owns all the ISPs and sends spam. Tough shit.

Block lists work really well for me. Huge chunks of the Far East can't send mail in, barring a few whitelisted IP addresses. Most of the US dialup and broadband is hit with a blocklist, too. Now it's nice and quiet, and I (mostly) only hear from people I want to hear from.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Hold your horses. (2.33 / 3) (#392)
by HermanMcGuigan on Wed Aug 06, 2003 at 05:15:18 AM EST

You said in your previous posts that one of your mail accounts receives nothing but spam these days. In this post, you say that your email inboxes are nice and quiet. If you've found a solution that works as well as the block-lists you mention, why not apply that solution to the mailbox that you said is receiving so much spam? That way, you can avoid the spam, stop complaining about it, and get on with the rest of your life :)

[ Parent ]
I don't use the very old account. (4.66 / 3) (#393)
by gordonjcp on Wed Aug 06, 2003 at 05:19:51 AM EST

Every now and then, I go in, delete any existing mail, and see how many messages have arrived.
My point is, I don't see why I should have to pay to receive advertising I neither want nor need. I don't want to lose weight. I don't need to buy Prozac (who the fuck goes and *buys* Prozac online anyway? Just get it from your doctor, like a normal person. And why would I want it without a prescription?). I don't want to make my penis 4" bigger, because then I'd need to replace all my trousers. And I certainly don't, despite what one company things, want a free golf wedge (what is a golf wedge, anyway? A thing for propping golfs open?) for any amount of time, never mind trying it for two weeks. I don't get advertising from anywhere else, so why should my email be full of it?

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Granted. (5.00 / 1) (#395)
by HermanMcGuigan on Wed Aug 06, 2003 at 05:26:57 AM EST

My point is, I don't see why I should have to pay to receive advertising I neither want nor need.

I'll grant you that.

I don't want to lose weight. I don't need to buy Prozac (who the fuck goes and *buys* Prozac online anyway? Just get it from your doctor, like a normal person. And why would I want it without a prescription?)

Granted.

I don't want to make my penis 4" bigger, because then I'd need to replace all my trousers. And I certainly don't, despite what one company things, want a free golf wedge (what is a golf wedge, anyway? A thing for propping golfs open?)

I think it's a kind of putter used to get out of the sand pits, but I don't play golf at all, so I'm really not sure...as for the trousers thing, I agree completely.

I don't get advertising from anywhere else, so why should my email be full of it?

Your email shouldn't be full of advertising - in a perfect world. Alas, the world we live in is far from perfect :(



[ Parent ]
well, duh (3.50 / 4) (#426)
by vivelame on Wed Aug 06, 2003 at 07:04:41 AM EST


Your email shouldn't be full of advertising - in a perfect world. Alas, the world we live in is far from perfect :(

Guess what? That's exactly why SPEWS exist. It wouldn't in a perfect world.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Agreed. (4.00 / 3) (#429)
by HermanMcGuigan on Wed Aug 06, 2003 at 07:08:47 AM EST

Guess what? That's exactly why SPEWS exist. It wouldn't in a perfect world.

I guess, in an imperfect world, we just have to deal with idiots as well as spam.



[ Parent ]
you're (4.00 / 2) (#435)
by vivelame on Wed Aug 06, 2003 at 07:19:12 AM EST

absolutely right. :-)

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
True, but... (3.66 / 3) (#438)
by jrhall1984 on Wed Aug 06, 2003 at 07:26:04 AM EST

God, it's so hard to deal with idiots like you though.

[ Parent ]
same here (nt) (3.50 / 2) (#446)
by vivelame on Wed Aug 06, 2003 at 07:30:29 AM EST



--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
I'm (4.00 / 4) (#439)
by HermanMcGuigan on Wed Aug 06, 2003 at 07:26:12 AM EST

glad that we've come to an understanding about SPEWS and spam :)

[ Parent ]
Problem: (5.00 / 1) (#650)
by Entendre Entendre on Thu Aug 07, 2003 at 01:22:48 AM EST

It's sad that it has to be this way, but perhaps it's time to dump your old accounts and create new accounts.

What do you do when your "old account" is sales@mycompany.com, support@mycompany.com, or some other address that's already been disseminated to customers, potential customers, the press, etc, etc, for years?

One can set up a web-based interface for new business, and change business cards to have an URL of the form http://www.mycompany.com/contact_us.html, but that doesn't get out to the people you've already invited to use your email address.

Perhaps eventually things will be bad enough that customers and potential customers will understand and play along when their email gets them an autoresponder message that asks them to go to the web site instead. But I don't think many companies are willing to lose the customers who will be offended or confused when they get an autoresponder.

--
Reduce firearm violence: aim carefully.
[ Parent ]

no, i wouldn't pay (4.66 / 3) (#383)
by the77x42 on Wed Aug 06, 2003 at 04:41:45 AM EST

the way i get spam is simple... from other idiot users who have me on forwards. i never signed up for anything, i never gave my email to anyone but my friends... low and behold, they send out a mass-mail with my email, and i get picked up by spammers. it sucks.

i have hundreds of banned words in my outlook and spam still gets through. spam-blocking software is a joke at the client level, something needs to be in place at the ISP level.

your analogy to living in the real world isn't all that relevant. the difference is that there are methods of preventing spam (legislation and blacklists) and spam just isn't a side-effect of using a computer. spam is in place by greedy bastards who crapflood the world to make a buck and do it at YOUR expense. comparing spam to taxes seems too drastic.

and, yes, 50 spam messages a day. this is what i get. every few minutes i hear that ding and i see another email telling me to lose weight or grow and erection. sometimes i'm graced by a picture of a teenager with her hand in a horse's asshole. pressing the delete key works fine, but wouldn't it be great if it wasn't there in the first place?


"We're not here to educate. We're here to point and laugh." - creature
"You have some pretty stupid ideas." - indubitable ‮

[ Parent ]

me too what should I do? (4.66 / 3) (#418)
by livus on Wed Aug 06, 2003 at 06:54:28 AM EST

My personal account gets no spam and I've had it for several years. However I had a job ediing something, and within six months the work mailbox was attracting over 100 spams per day. I dumped it at 250-300 spam per day, and the interface was such that short of downloading I had to delete it in blocks of 25.

Note this was not a free account. Furthermore I only gave that address out to private individuals. However because it was the email address to send things for publication it was presumably disseminated by third parties. (including those abominable perpetuators of chain letter hoaxes)

 Ironically, dumping the account meant that contributors could no longer find me either.

So what should I have done?

---
HIREZ substitute.
be concrete asshole, or shut up. - CTS
I guess I skipped school or something to drink on the internet? - lonelyhobo
I'd like to hope that any impression you got about us from internet forums was incorrect. - debillitatus
I consider myself trolled more or less just by visiting the site. HollyHopDrive

[ Parent ]

Works for individuals (none / 0) (#721)
by kvan on Thu Aug 07, 2003 at 09:31:24 AM EST

But what about businesses? Your users will post their email and sign up for those free vacations, whether you want them to or not. They will not agree to change email addresses. In short, if you're the admin of a business network, you will have users who will be spammed.

There are of course other ways to deal with this than blacklisting. However, these ways require bandwidth, diskspace and delivery delays. At present this price is acceptable at our company, but then our spam incidence is a modest 7.9% as of yesterday. If that rises to the levels others report--50% or more--I could see management considering implementing blacklisting and accepting the fact that it will cost a few legit emails.

At some point, the price of processing spam simply becomes too high. If or when that happens, I'll be happy that a tool such as SPEWS is available--but I hope I never have to use it.


"Many people would sooner die than think; in fact, most do." - Bertrand Russell


[ Parent ]
"Just hit delete" (4.40 / 5) (#373)
by hanno on Wed Aug 06, 2003 at 04:14:48 AM EST

It doesn't work, it never has. (Note: The CAUCE article is old. The spam statistics and costs are much, much, much worse today.)

For my own account, more than 70% of my incoming mail is spam. I receive hundreds of messages a day. Imagine going through them with the delete key.

In my case, "Just hit delete" stopped being a solution a long time ago.

You should try and run your own mail server. You'd be surprised by the amount of spam you actually don't receive because your provider uses filters and blocklists.


[ Parent ]

Hmmm (3.50 / 4) (#375)
by pyramid termite on Wed Aug 06, 2003 at 04:21:38 AM EST

It doesn't work, it never has.

True, it doesn't work.

(Note: The CAUCE article is old. The spam statistics and costs are much, much, much worse today.)

And unfortunately, by your own admission right here, neither does what the anti-spammers have been doing, right? They've been doing it for years - why isn't it working?

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
What are you talking about? Of course they work (4.25 / 4) (#379)
by hanno on Wed Aug 06, 2003 at 04:31:46 AM EST

They've been doing it for years - why isn't it working?

It is most definitely working. Without anti-spam measures, my mail server would be unusable. Thanks to the fact that they do work, I can still use email, but still.

I run several mail servers. Right here at my office, there's my small private one. It serves about a dozen mail accounts. We've set up a small fun application that plays a sound every time the server identifies spam (based on Spamassassin). We hear the sound every few seconds. I had to deactivate it again because it was so annoying.

Don't try to argue that anti-spam measures do not work. Imagine your mail inbox without anti-spam measures.

[ Parent ]

It's working? (4.33 / 6) (#528)
by pyramid termite on Wed Aug 06, 2003 at 04:20:01 PM EST

Then why are so many complaining about the spam problem? Why do I keep seeing stories in the mainstream press about how it's getting worse - stories confirmed by online resources in the know? Why is Congress under pressure to get involved with the problem?

I'll concede that it could be a hell of a lot worse. But the patient losing 20% of his blood as opposed to 50% of his blood still dies, doesn't he? I'll rephrase my statement - it doesn't work well enough.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
Well (none / 0) (#840)
by DavidTC on Sun Aug 10, 2003 at 06:02:07 AM EST

Some of the people, instead of complaining about the spam problem, have started complaining about the spam solution, which is blacklisting providers who allow spammers to spam continually, which is an obvious solution to spam problem. It's not like spammers can telepathically send send messages...deny them connectivity, and deny connectivity to anyone who grants them connectivity, and, hey, they can't reach you.

But you wouldn't know anything about whining about the solution, would you?

I, personally, don't have a problem with spam in my mailbox...because I do use SPEWS, and I do blacklist providers and even entire countries that can't get their act together and terminate spammers, or who deliberately provide connectivity for spammers. (And, frankly, it's not worth my time to try to tell them apart.) At that point, my automatic JHD, aka, spamassassin, cleans out the rest.

And, yes, fighting spam is what I'm paid to do. Or at least part of it, although it seems to suck up more and more of my time.

And, frankly, shunning is the only solution on the internet. Laws cannot work, technical solutions cannot work...the only way to stop people from abusing the network is make them not be part of it. If someone else chooses to let them be part of it...make that person not be part of it.

It's not 'guilt by location' or 'guilt by association' or whatever people are trying to make it out to be...it's 'guilt by allowing someone within your network to attack us continually'. ISPs who allow such behavior will be 'removed' from the Internet, be it by a million tiny blocklists, a few huge ones, or something in-between. At this point, it's mainly SMTP...but there have been calls for internet death penalties. There are now automated ways to import various blocklists into routing tables, and just completely block those ISPs.

And, yes, users of such ISPs will also be removed from the internet...and, yes, that's too bad, and, no, I'm not going to figure out a way to fix that, because to fix that we'd have to keep those ISPs functioning and on the internet, which is directly opposed to my server's best interests. At some point those ISPs will die, and their users need to realize that and plan in advance.

-David T. C.
Yes, my email address is real.
[ Parent ]

they *do* work (3.00 / 3) (#466)
by vivelame on Wed Aug 06, 2003 at 08:08:48 AM EST

You only have to look at the length spammers have to go now, to get their crap delivered..
for the latest news on that.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
I do. (5.00 / 1) (#381)
by HermanMcGuigan on Wed Aug 06, 2003 at 04:37:44 AM EST

I do run my own mail server, for my business and personal domains, as well as several clients' domains. I'm not saying there's no spam, but it's not as much of a problem as the grandparent poster is indicating. And yes, I do use anti-spam (and anti-virus) software on the mail server. (Again, I'm not claiming it doesn't exist or it isn't a problem, it's just quite annoying to hear people whining about it constantly - especially when relatively simple steps will eliminate most spam, even before stringent anti-spam methods are put in place). The fact is, no anti-spam software will prevent spam completely anyway, so complaining about it is not going to help. Get used to it, be careful with your real email addresses, and for goodness' sake, delete messages that you don't want.

[ Parent ]
Then you were lucky so far. (4.50 / 2) (#385)
by hanno on Wed Aug 06, 2003 at 04:45:39 AM EST

I've had a client with massive ISP costs because of a spam attack on his mail server. It wasn't pretty - a dictionary attack against a spam-secured server still creates huge amounts of traffic.

By the time the traffic was billed, "hitting delete" was not a helpful option anymore. The harm had already been done.

[ Parent ]

The problem with your client was ignorance (5.00 / 2) (#578)
by ocelotbob on Wed Aug 06, 2003 at 07:38:29 PM EST

Was your client running the mail server themself, or was the ISP running the mail server for them? If it was the ISP's mail server, then I'd suggest that your client file a claim against them for not exercising due dilligence in preventing a DOS attack on their mail server. If your client was hosting the server themself, then they should have been running traffic monitors and shaping apps so they could tell something was up. Spam's definicely a problem, but the situation you described was exacerbated by incompetent administrators.

Why... in my day, the idea wasn't to have a comfortable sub[missive]...
--soylentdas
[ Parent ]

Wow, that was a spectacular display of ignorance. (4.71 / 7) (#377)
by Entendre Entendre on Wed Aug 06, 2003 at 04:26:42 AM EST

Advertisers pay K5 to carry their ads.
Readers pay for K5 by exposing themselves to ads.
Advertisers offset the cost of running the system.

Spammers pay recipients nothing.
Recipients already pay the full costs of their email services.
Spammers increase the cost of receiving email.

Or, put another way...

Advertising reduces the cost of the medium.
Spamming increases the cost of the medium.

--
Reduce firearm violence: aim carefully.
[ Parent ]

Ok (2.66 / 3) (#386)
by HermanMcGuigan on Wed Aug 06, 2003 at 04:46:31 AM EST

Maybe I wasn't clear. I wasn't talking about the costs involved. I was talking about the delivery mechanism in each case.

Put it another way:

Spam comes into your Inbox. You didn't ask for it, it just appeared. If it was a case of you requesting the said spam, it would be competely different, right?

K5 ads are similar. They appear on the screen, although you didn't neccessarily request them. If there was a link instead, for example, something like Click this to go to the ads, it would be different in the same way.

So in terms of requesting the spam (or ads, if you prefer...) they're about equal, IMO. You're perfectly entitled to your own opinion, but in my opinion, ads on weblogs are spam just as much as email ads are spam.



[ Parent ]
You request them (4.50 / 4) (#408)
by zakalwe on Wed Aug 06, 2003 at 06:29:55 AM EST

K5 ads are similar. They appear on the screen, although you didn't neccessarily request them
I did request them. I clicked on the site link of my own free will (even knowing in advance that K5 displays text ads), because I want to read the content provided and consider the ads a small enough price for it. Just as when I buy a paper, I know there will be adverts inside - they are part of the price I'm paying for the rest of it. If I explicitely don't want them, I'm free to not request any K5 pages, or not buy a paper, or alternatively only buy papers without ads, or buy a K5 subscription.

Theres a big difference between not requesting something, and not being able to get something for free.

[ Parent ]

advertising is not allowed on my inbox. (3.66 / 3) (#525)
by creepster on Wed Aug 06, 2003 at 01:34:35 PM EST

period.

i'll put up with teevee commercials (muted) and banner ads (with javascript on a leash) because those advertisers pay for their content.  i pay for my email box, and advertsing, no matter where from, will be summarily rejected.  if it gets through, their isp, their isp's isp, their state attorney general, and their city's d.a. office will soon know what they are doing.  if i can take them to small claims court, i will.  if they have to sell their mail servers to pay the judgment then i've done the world a favor.

i pay for an unlisted and unpublished phone line and advertising is not allowed there, either.  evidently millions of consumers in the u.s. feel the same way.  after the do-not-call list propagated, the next question out of signees' mouths was, "where's the do-not-spam list?"  the question after that was, "what about junk mail?"  take your direct marketing and shove it.

"just hit delete?"  bah.  spammers can just delete all the bounce logs.  what lazy sacks of shit, trying to make money from selling users' contact info.  spammers are the lowest form of selfish scum; but users who knowingly help them along by allowing their own isp to handle that shit (inbound or outbound) are only a micron above them.  if you know there are alternatives and you are enabling them anyway, then you might as well buy a "millions of fresh leads!" cd and start going broke like the other small-time shit peddlers.

"spammers also pay for connectivity," you say?  good.  i hope they go the way of the cajun spammer, ron scelson.  (just filed for bankruptcy after claiming an income of ~$13,000/month, if that tells you how much it costs to spam the universe.)

i don't care where spammers think i gave consent, they are wrong.  email is for personal communication, not advertising.

[ Parent ]

+1 Section... (2.69 / 33) (#394)
by gordonjcp on Wed Aug 06, 2003 at 05:21:59 AM EST

... so we can all see what a bunch of pathetic whingers Something Awful are. For fuck's sake guys, just use a proper ISP.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


"Just use a proper ISP"? (3.71 / 7) (#397)
by The Artificial Kid on Wed Aug 06, 2003 at 06:03:31 AM EST

Because of course it costs nothing to move, and nobody could object to having their business disrupted to the point where they're forced to.

[ Parent ]
Ignorance shines through (3.20 / 10) (#399)
by RipCurl on Wed Aug 06, 2003 at 06:12:42 AM EST

It costed me all of 2 days of time to move from Interland to my new host. I lost all of $20 bucks for that two days.

And who says it has to cost anyone anything? Get good lawyer, have them look over the contract you signed with the ISP; if its shown that the ISP is at fault, the isp can be responsible for your out of pocket costs ascoiated with their own breaking of their contract

You guys make it seem like its a "pain" to move your sites or smarthost your email and bill it to your ISP. After all, its ISP's like Congentco that make the net as bad as it is today.

[ Parent ]

Not everyone has geek angst (2.58 / 12) (#407)
by rapenanae on Wed Aug 06, 2003 at 06:28:21 AM EST

Making the net as bad as it is today? The net's fine to most everyone. You anti-spam people are a loud, obnoxious minority. I'm tired of clicking the delete button in Outlook just as much as the next guy, but not at the expense of legitimate businesses suffering. But you're selfish, and if something doesn't negatively affect you, you really don't care. You find spam to be annoying, so you support groups who don't know what they're doing, full of people hardly mentally qualified to do their job.. "I don't like you.. BLACKLISTED!" and probably suffering from a starving geek ego. Of course, you'll read this and think "whatever, I'm doing a good thing for everyone" when inside, the only damn person you and the rest of you NANAE idiots care about is yourself, screw the consequences and the problems your actions may cause others. Grow up a little bit, stop being so pretentious and stop pretending to care about anyone other than yourself.

[ Parent ]
speaking of trolls... (nt) (2.16 / 6) (#410)
by vivelame on Wed Aug 06, 2003 at 06:34:54 AM EST



--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
wow, trolls do come out of the woodwork. (2.85 / 7) (#414)
by RipCurl on Wed Aug 06, 2003 at 06:45:53 AM EST

We a minority? You poor delusional soul.

As much as the next guy? Sorry, I met him and he hates to be compared to, since "The Next Guy" is an avid spam fighter and you can believe that he doesn't "JHD". You can see him post to NANAE quite frequently about his recent spam reports.

And i've been personally affected by blocklists. Did i complain? Yes; I complained to my webhost; not launch an all out whine fest that SA's members are doing. So are you one of their minions?

[ Parent ]

of course (2.66 / 6) (#419)
by vivelame on Wed Aug 06, 2003 at 06:56:00 AM EST

he's one of their minions.
No comments, only rating in this story, and "rape nanae" as a username.
Just one of the decerebrated drones you can usually find on  SA (that's probably the REAL reason why SA isn't as succesful as they wish they were.)

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Agreed. One look at their website explains it. (2.44 / 9) (#424)
by RipCurl on Wed Aug 06, 2003 at 07:03:18 AM EST

I have only seen their websites as comments in passing, and judging by their users; editors and articles; its a wonder what kind of school system we have to make people utterly clueless and foul mouthed ingrates? The more these "minions" try to make it seem they are innocent, let alone attack a newsgroup that had nothing to do with their listing, the more of the fools they make themselvs out to be.

Sometimes I wish there was a licensed required in order to use the net, let alone host a website.

[ Parent ]

the voting and moderation abuse (3.40 / 5) (#445)
by vivelame on Wed Aug 06, 2003 at 07:29:41 AM EST

on this story is actually quite funny.. bring the 1s, i don't give a shit :-)

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Typical admin-elitist kind of talk (4.40 / 5) (#548)
by pyramid termite on Wed Aug 06, 2003 at 06:15:07 PM EST

And you wonder why the "clueless" are so hard for you to talk to.

Oh, well. There are more humble people in India who may well like your job when it's outsourced to them. When you end up working at Mickey D's make sure that you don't offend your customers by saying, "Only a dumb newbie would order a hamburger without fries so get a clue and buy some."

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
It affects them more than you think (5.00 / 6) (#403)
by Swiss Cheeseman on Wed Aug 06, 2003 at 06:15:38 AM EST

They have already had their forum sign-ups disrupted from this blanket block. This wouldnt matter as much if their forums are free, but when you have to PAY MONEY, then it is a hell of a lot more serious. How would you like it if your ISP deleted all incoming SA mail, thus preventing you getting an account at the SA forums that you just paid for?

[ Parent ]
i blame (2.75 / 8) (#405)
by vivelame on Wed Aug 06, 2003 at 06:23:52 AM EST

SA, not my ISP.

SA shouldn't do business with spam-supporting businesses. They give money to Cogent, which is a safe-harbor for spammers. How's it different to giving money to spammers?



--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
The ISPs should block themselves (5.00 / 1) (#441)
by squigly on Wed Aug 06, 2003 at 07:27:09 AM EST

SA's customers do business with SA who give money to Cogent, which is a safe-harbor for spammers.  Hence SA's customers need to be blocked.  

SA's customers ISPs provide internet service to SA's customers... which lived in the house that Jack built.  


[ Parent ]

Okay. (3.40 / 5) (#451)
by berto on Wed Aug 06, 2003 at 07:36:42 AM EST

And that fancy automotible of yours supports terrorism.

[ Parent ]
touché.. (3.66 / 3) (#462)
by vivelame on Wed Aug 06, 2003 at 08:03:24 AM EST

except i don't own an automobile.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Neat. (3.00 / 4) (#470)
by berto on Wed Aug 06, 2003 at 08:14:01 AM EST

It's a good thing that your city's public transportation program, and power facilities are also "supporting terrosism." By association, you are a terrorist. While I can't argue that Cogent isn't scum, and that it would be best for SomethingAwful to take their business to a more reputable ISP, You can't argue that SPEWS, and admins don't need to be accountable for a legitimate business's suffering. Until there is a future that doesn't rely on petrolium products, I suggest you move out into the country and live out your days off of the land.

[ Parent ]
well, obviously (3.25 / 4) (#488)
by vivelame on Wed Aug 06, 2003 at 08:33:05 AM EST

you don't know that most of France's electricity comes from nuclear energy. So, as of right now, i'm not supporting islamic terrorism. In fact, most of the uranium comes from australia.. hardly a terrorist state. neater, uh?

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Oh, but-- (3.50 / 4) (#498)
by berto on Wed Aug 06, 2003 at 08:47:48 AM EST

That same nuclear fuel is that Korea is now processing in order to create weapons. The fact is that our analogies have strayed far beyond relevant to the subject. I hope that you're not taking me for a supporter of spam, or opponent of blacklists. The point of all of this is to draw attention to lists like SPEWS.

[ Parent ]
mmh, well (3.75 / 4) (#506)
by vivelame on Wed Aug 06, 2003 at 08:57:47 AM EST

i never used SPEWS per se.
But i still use spamcop, and  have used MAPS (which did some "political" blacklisting too). I will continnue to use blacklists, and even blacklists with whole netblocks. I don't give a shit about SA's livelyhood, I'm not paid to  help them do business, i'm paid by an ISP to keep their mail servers running and available to customers, while cutting as much as i can on the SPAM. If SA and SA users are pissed, that's very good! It means the annoyance is more evenly spread.. Instead of a few people greatly pissed (mail admins, by spam & spam hosts), we have more people pissed (but to a lesser extent). Some are bound to  complain to Cogentco.

SPEWS exist exactly for this reason: to piss people off.. Some of them will hit the right target, some others will target SPEWS, and those have been very careful to hide their identity and stay mainly incominucado. And man, it works like hell. Every time you're pissed at SPEWS, they've won.


--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
I'd be really pissed with my ISP (4.42 / 7) (#411)
by zakalwe on Wed Aug 06, 2003 at 06:39:50 AM EST

If my ISP promises me a service, and then fails to provide it I'd be very annoyed. Similarly I'd be pissed off if I had my phone connection cut off. However, if the reason turned out to be because my flatmate never payed the phone bill, as he promised he would, then it wouldn't be the phone company I'd blame.

The Admins on various systems have agreed to carry mail from service providers as long as they obey certain rules, one of which is that they implement a spam policy. SPEWS provide a service to help Admins who wish to enforce this policy/condition of service by listing those which don't conform. If a company doesn't obey the rules, why should they expect to get their mail delivered? If they haven't negotiated to get their mail carried, yet sell that service on to their customers then they are defrauding their customers. Just because someone fraudulently sells you the Brooklyn bridge doesn't mean anyone (except the seller) is required to honor that transaction.

Suppose the condition in question was different to "Enforce a spam policy." Instead, suppose the Admins charged a simple fee to the ISP to carry their mail. However, some ISPs refuse to pay their bills. Would the Admins be justified in cutting off these ISPs, depriving all their innocent customers of service? Would you consider a blacklist of debtors to be immorral? If not, why is breaking this particular condition different to one of "enforce a spam policy?"

Face it, the ones in the wrong in this case are SomethingAwfuls ISP - they are the ones who have failed to fulfill their agreements. Blaming SPEWS is as idiotic as blaming the phone company in the analogy above.

[ Parent ]

So what? (3.00 / 8) (#444)
by gordonjcp on Wed Aug 06, 2003 at 07:29:27 AM EST

If you share an ISP with spammers, you share the fallout. I live in a fairly decent part of town, because I don't like having junkies and neds for neighbours.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
Clearly we need to prevent the use of SPEWS (4.50 / 26) (#434)
by squigly on Wed Aug 06, 2003 at 07:18:47 AM EST

SPEWS is unaccountable by design, and looking at the   attitude on news.admin.net-abuse.email, it seems that many admins have no consideration for their ISP's customers.  The attitude taken is clearly that of self appointed mob justice, with no right of appeal, and an immature attitude of adding those who complain to even more blacklists.

To combat this menace, I propose we set up SPEWSPEWS - the SPEWS Prevention Early Warning System.  Clearly, we can't attack SPEWS itself, so we will attack the users of SPEWS.  The ISPs that blcok it.    The IP address and all email addresses who associate with anyone who uses SPEWS will be added to the blacklist.  The ISP that provides hosting for SPEWS will automatically be added to the blacklist.  

ever heard of anti-spews.org? (3.75 / 4) (#436)
by RipCurl on Wed Aug 06, 2003 at 07:20:04 AM EST

You're a little late, and naive. Its already happened, and look at what little did it do to curb the useage of Spews. More people are using today than a year ago.

[ Parent ]
Right On (3.62 / 8) (#437)
by Lankiveil on Wed Aug 06, 2003 at 07:23:14 AM EST

Heh, right on the point.  Sometimes the only way to combat a group of thugs is with your own gang of thugs.

And let's be honest, the SPEWS and NANAL guys are a bunch of thugs.  They may not beat people senseless on the street, but their poorly considered approach to combating spam is still causing a lot of damage to legitimate businesses who were unfortunate enough to buy a store in the same neighbourhood as a crackhouse.

[ Parent ]

And lamers who spam newsgroups aren't? (2.60 / 5) (#442)
by RipCurl on Wed Aug 06, 2003 at 07:27:35 AM EST

Try another one.

[ Parent ]
Are you referring to the SA goons? (4.00 / 2) (#539)
by pyramid termite on Wed Aug 06, 2003 at 05:46:33 PM EST

Was the BI of any of their posts > 20? Did the posts overwhelm the ng to the point where it was literally unreadable? Were the posts off-topic? (They were pretty damn clueless but that's another debate.) If by spamming, you mean flooding, what's the metric for a flood of a newsgroup? (I'll answer that one - there isn't one - years ago several people on NANAU tried to come up with one, including me and there was no consensus, as it's very difficult to define.) Are the threads dealing with the SA/SPEWS controversy larger than the thread dealing with the Pope or the one about creationism? (No, but go ahead and look for yourself.)

I've answered a couple of the questions for you. Another clue - the first one's the most important - and if you don't understand it, you don't know what the hell you're talking about.

On the Internet, anyone can accuse you of being a dog.
[ Parent ]
actually, a more accurate analogy would be (3.71 / 7) (#443)
by vivelame on Wed Aug 06, 2003 at 07:28:11 AM EST

"a business who choose to rent their office space to a well-known crackhouse-supporter-landlord".

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Oh, that's cool (4.20 / 5) (#449)
by kieranlol on Wed Aug 06, 2003 at 07:34:49 AM EST

yeah, you know, because business is all about being morally righteous and not having to make deals with people you don't like

[ Parent ]
business (4.00 / 4) (#455)
by vivelame on Wed Aug 06, 2003 at 07:50:37 AM EST

is also about being smart enough to not associate with the mafia, if you can't stomach  the broken bones and the odd police raid.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
oh ok (3.00 / 5) (#458)
by kieranlol on Wed Aug 06, 2003 at 07:57:21 AM EST

spammers aren't the fucking mafia, jackass, they're just another paying customer.

[ Parent ]
spammers *are* the mafia (4.50 / 4) (#461)
by vivelame on Wed Aug 06, 2003 at 08:02:39 AM EST

asshole (since you like sweet names..).
They love to rape mail servers, HTTP proxys, and are now getting ready for the SPAMming trojans. The last one because blacklists are quite succesful at keeping them out of work.


--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Wait a minute (3.00 / 4) (#471)
by The Artificial Kid on Wed Aug 06, 2003 at 08:15:41 AM EST

If spamming causes blacklists then doesn't that mean blacklists cause trojans?

[ Parent ]
yep, sure (5.00 / 2) (#493)
by vivelame on Wed Aug 06, 2003 at 08:38:58 AM EST

and, if my flak jacket prevents me from dying from your bullets, then it's my fault if you had to buy a RPG.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Huh? (3.57 / 7) (#450)
by Lankiveil on Wed Aug 06, 2003 at 07:35:31 AM EST

Huh?

It's not like Something Awful was spamming itself, or that customers of Something Awful were using Something Awful's facilities to send spam.  It was somebody three blocks down, who had the same landlord, that was dealing in crack.  The action of SPEWS is like the thugs going in and beating senseless every person who rents off of that landlord, even though the landlord was completely unaware of what was going on in that property (as Cogentco was unaware of what the spammer on their network was doing), and saying that they should have somehow figured out what the crackhouse was doing.

SPEWS-apologists may well claim that Cogentco was perfectly aware of what was happening on their network, but given that the spammer was given the boot, Cogentco is an established and reputable company, and SPEWS is an unaccountable faceless shadow-organisation, I prefer to take Something Awful and Cogentco's word for it.

[ Parent ]

Cogentco unaware? (3.66 / 6) (#454)
by vivelame on Wed Aug 06, 2003 at 07:49:26 AM EST

that's probably because they've NEVER opened their abuse mailbox. I grant you that SA couldn't know they risked being blacklisted with a bunch of others, but Cogentco have been, still is, a spammer's paradise.

I propose a solution that would maybe work out: Cogentco makes sure that:
  1. they read their abuse mail, and they ACT on it (ie, terminate the spammers). (btw, this alone would be enough for cogentco to never be blacklisted).
  2. they disclose the full identity, with name, telephone, street address, of the customers behind every single one IP in their address block. Short of that, how exactly are we supposed to be able to selectively filter out the utter-crap from the ok-crap? (btw, block blacklisting has been put in place because some compagnies, like, say, Cogentco (duh!) made an habit of moving their spammers to another IP whenever they received to much complaints, and the spammer's IP got blacklisted.)
What do you have to propose, beside "forget about the SPAM and let it flow!"?

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
Anonymity (5.00 / 4) (#456)
by The Artificial Kid on Wed Aug 06, 2003 at 07:56:07 AM EST

they disclose the full identity, with name, telephone, street address, of the customers behind every single one IP in their address block

Anonymity is a cornerstone of SPEWS, isn't it? SPEWS.org couldn't be hosted on Cogentco if Cogentco followed your propsal.

Or is there good anonymity and bad anonymity?

[ Parent ]

Mmh, well (3.75 / 4) (#460)
by vivelame on Wed Aug 06, 2003 at 08:00:47 AM EST

you flame SPEWS because they're anonymous, but it's OK if cogentco customers are?

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
No. (3.40 / 5) (#467)
by The Artificial Kid on Wed Aug 06, 2003 at 08:10:58 AM EST

I'm not "flaming SPEWS because they're anonymous". And I'm not saying that spammers should be allowed to go unnamed. I'm just saying that your position is utterly inconsistent and amounts to "I should be allowed to fight my battles anyway I like because I am objectively good".

[ Parent ]
Degrees of anonymity (3.50 / 4) (#468)
by Lankiveil on Wed Aug 06, 2003 at 08:12:11 AM EST

There is a difference between trying to keep your real name, address, and phone number off the Internet, and taking steps to ensure that there is no single possible way to contact you whatsoever, and running a blacklist.

If SPEWS were contactable, and SA and SPEWS could have (figuratively) sat down and discussed this in a sane, civil, and reasonable fashion, this needn't have happened.  Unfortunately, from what I've seen of SPEWS and their supporters, they're a bunch of arrogant thugs who like to hide in shadows, cannot tolerate criticism, and do not think their schemes through.

[ Parent ]

What would they need to discuss? (3.75 / 4) (#537)
by RipCurl on Wed Aug 06, 2003 at 05:30:16 PM EST

Sat down to discuss what? SA is on a Spam haven called Congentco. There is nothing to discuss. They do business with known abuser of the net. IF SA wants to give money to those who enable abuse of the net, then that's their perogative. SPEWS doesn't have to talk to anyone. The only people respnsible for this mess is Cogentco and if they are unwilling to help their customers with a problem that they created for their customers, why should those customers blame us for their ISp's stupidity and greed?

Its simple. SPEWS is saying to Cogentco ; Get rid of your spammers. If Cogentco is unwilling to do so, then SPEWS doesn't have to do anything else.

The ball is in Cogentco's court and its obvious that Zach/Lowtax/Ryan have no interest in helping to work out this problem with their ISP. Its Cogentco's fault to begin with.

Who did they get their site from? They are paying for that monthly fee right? Their "money" is going somewhere; Why dont they trace back to who they are dealing with and work from there? Easy enough. If they dont know who they are doing business with, then they deserve any Ill-wills" for their bad decisions.

[ Parent ]

question: (5.00 / 2) (#627)
by reklaw on Wed Aug 06, 2003 at 11:36:29 PM EST

SPEWS is saying to Cogentco ; Get rid of your spammers. If Cogentco is unwilling to do so, then SPEWS doesn't have to do anything else.

I wonder... has SPEWS provided to Cogentco:

  1. Notice that Cogentco's IP blocks have been added to the SPEWS blacklist, and
  2. A list of spammers that must be removed for Cogentco to be removed from the blacklist?
If not, why not?
-
[ Parent ]
In short, yes. (none / 0) (#839)
by DavidTC on Sun Aug 10, 2003 at 05:33:12 AM EST

For the first, although SPEWS does not identify itself as SPEWS, SPEWS only lists ISPs that do not act on spam reports. And there are plenty of other people out there who have informed Cogentco of their spammers...the SBL being one of them. Check news.admin.net-abuse.email.sightings for plenty of LARTs to Congentco listed, and few acted on.

As for the second...the spammers that SPEWS knows about are in the evidence file, which gets sent as a URL whenever SPEWS is used to reject email. SPEWS does not outright state what will happen if Spammer X gets removed vs. Spammer Y vs. Spammer X, Y, and Z, no. Presumably a major effort to clean out spammers would need to start before SPEWS would delist.

Cogentco has had 12 huge spammers, as in 'repeatedly kicked off other ISPs for spamming', some for months. There's no way in hell they are unaware of this fact...especially considering that they're moving some of them around to evade the blocks in SPEWS.

-David T. C.
Yes, my email address is real.
[ Parent ]

Why is it SA's problem? (5.00 / 1) (#680)
by squigly on Thu Aug 07, 2003 at 05:51:58 AM EST

They do business with known abuser of the net.

No, actually they do business with someone who does business with a nknown abuser of the net.  

IF SA wants to give money to those who enable abuse of the net, then that's their perogative.

SA are paying for a service that is being provided.   Who says Cogentco are providing spammers with connectivity?  SPEWS offers their "opinion", but since SPEWS is totally unaccountable, and impossible to contact, their opinion is worthless.  As far as SA is concerned, they are working with an ISP.  It is not their responsibility to make judgements based on a third party's opinions.

he only people respnsible for this mess is Cogentco

So, those who are responsible for SPEWS, and those who use SPEWS to block emails are not in any way responsible even though without their actions this problem would not occur.  

and if they are unwilling to help their customers with a problem that they created for their customers, why should those customers blame us for their ISp's stupidity and greed?

Because YOU LISTED THEM.  Or someone did, and all evidence seems to suggest that those who are ultimately responsible for the list include regulars at news.admin.net-abuse.email.  

The ball is in Cogentco's court and its obvious that Zach/Lowtax/Ryan have no interest in helping to work out this problem with their ISP. Its Cogentco's fault to begin with.

And because its their fault, you are punishing an innocent party.

Who did they get their site from?

An ISP that nobody has proof is doing anything wrong.

They are paying for that monthly fee right? Their "money" is going somewhere; Why dont they trace back to who they are dealing with and work from there?

Because that takes time, money, resources that are better spent elsewhere.  Why doesn't SPEWS have a whitelist covering customers of an ISP that they know don't spam?  This is also very easy, and it improves the usability of the internet.  

Easy enough. If they dont know who they are doing business with, then they deserve any Ill-wills" for their bad decisions.

If I find that your ISP has done something illegal, should I encourage others to punish you for it?

[ Parent ]

Um....right. (none / 0) (#838)
by DavidTC on Sun Aug 10, 2003 at 05:25:42 AM EST

An ISP that nobody has proof is doing anything wrong.

Let's check google for LARTs, shall we?

How about the SBL?

And let's not forget the SPEWS record, which most mail server which user SPEWS will send as the 554 reject message. SPEWS Whew, good thing there's no evidence out there, SPEWS might have a point.

-David T. C.
Yes, my email address is real.
[ Parent ]

You're just getting twitchy now. (5.00 / 4) (#463)
by Lankiveil on Wed Aug 06, 2003 at 08:06:29 AM EST

Your paranoia is showing.

Firstly, from my time at an ISP, the abuse email is checked, but a phenomenal amount of garbage ends up in there.  Be it from spammer bots picking up the address and adding it to their lists, outraged Christian mothers whining about one of our customers using "cuss words", or script kiddies complaining about another script kiddie threatening to hack them on IRC, the abuse box is a cesspit.  We got thousands of emails in there on a daily basis.  This wasn't even a particularly large ISP (a dialup ISP in Central Queensland).  Now, for a much larger provider, such as Cogentco, think how much dreck they must receive.  A lot.  It would take someone hours to search through all that to find pertinent stuff, and more time to investigate each case to determine that it was legitimate.  I know that in our case, we simply didn't have the time to do it.  We would've had to employ someone full-time to search through that, and that was simply not a viable economic proposition.  Yeah, when we got spikes in email flowing in, we checked it out, but for the most part it was something that we'd look through when we didn't have anything better to do.

As for your second point, it's obvious that you haven't thought very hard about it.  I know that, in my country at least, it's illegal to disclose that sort of information about your customers without their knowledge, due to privacy legislation.  Even if we were to ask customers to provide their information for placement into the public domain, I imagine they wouldn't be very happy about it.  I wouldn't do it.  I'd be a lot more wary of publishing things on my website that might be unpopular in the community in which I live.  The relative anonymity provided by the Internet is a great thing, and the benefits it provides outweighs the inconvenience caused by spam, in my opinion.

I posted my idea for a workable anti-spam system in another comment in this thread.  Do a search, I'm sure you're a smart boy and you can find it.  Blocklists are simply not the answer to the problem posed by spam.

[ Parent ]

ah, but i see not one, but *two* brilliant ideas.. (2.75 / 4) (#483)
by vivelame on Wed Aug 06, 2003 at 08:26:51 AM EST

for a start. Questions..
  1. if blacklisting doesn't work against spam, according to your claims, what makes you think it will work against anti-spam?
  2. if blacklisting of spammers and spammers-supporting organisations is bad, bad, eeeevil, isn't what you support (ie blacklisting of ISPs and organisations that apply anti-spam blacklist) just as likely to do some "collateral damage"?
Now, on the delete key: i refer you to one of my posts in this thread (linked, i'm not sure you could find it), and i'd like to point out the fact that your proposed solutions doesn't address those problems.

As of the amount of mail in an abuse mailbox, well.. guess what: i work at an ISP. What do we do with the abuse mail? We don't read it (surprising, huh?). What we did is this: we have set up a small program (OMFG, what a revolutionnary idea!!!) which reads the mailbox, parse the mails, extract the relevant IPs, trace back those to customers, and then store the complaints in a database, along with the customer's ID. Once in a while (say, 1 or twice per week), we look at a report, and terminate the excessive offenders, warn the hackers-to-be who portscanned a university, and so on. Now, i know, we're french, so obviously fsckin' smarter than you, so i offer you the above idea free of charge, you can implement it for fsckin' free as far as i'm concerned, and start treating your abuse mail. I mean, what a brilliant idea! using a (gasp) computer! at an ISP! it's never ever been done before!! Amazing.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]

There's no need to resort to profanity (4.66 / 3) (#491)
by Lankiveil on Wed Aug 06, 2003 at 08:37:41 AM EST

The hallmark of a man with no arguments, he resorts to profanity.  Even if it's mock-profanity.

It seems to me that your system is very open to abuse?  What's to stop me from flooding your abuse email with the IP address of someone I don't like in order to get them blocked?  Not much.  Sure, with enough development cash you could probably make your program smart enough to do it, but I'd wager that most small to medium ISP's just don't have the resources to set that sort of thing up.

[ Parent ]

we're a small ISP (5.00 / 3) (#497)
by vivelame on Wed Aug 06, 2003 at 08:45:36 AM EST

(70k customers).
Oh, and we use spamcop. And god, are the customers happy with it!. You can try and flood the system if you want.. You'll have to resort to spammer's tactics, through, to disguise the origin of your mails, and so on. (since we keep the complaints and have a look at those before terminating accounts, and you'll have to be careful when writning those complaints: IPs are dynamics, and we know when a customer is online or not, so you have to choose your dates & times right.).
Not so easy to abuse, through a dedicated person could do it, sure. That's not the point, through.. The point is: the "but we receive so much abuse mails!" defense isn't worth a cent.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
We're smaller (5.00 / 1) (#502)
by Lankiveil on Wed Aug 06, 2003 at 08:54:51 AM EST

We're talking 15k customers here.  Turned a decent profit, but just didn't have that budget to waste money on such projects.  Especially since we had other ways of dealing with spammers and the like (unusual use of our SMTP server, unusual amounts of ICMP messages originating from our clients, etc).  We found that was more effective for dealing with spam than relying on user submissions that might or might not be entirely valid.

[ Parent ]
You don't work for Wanadoo.fr, do you... (none / 0) (#816)
by Dimensio on Sat Aug 09, 2003 at 04:54:15 AM EST

...because they're notoriously clueless, ignoring spam reports and letting spammers and script kiddies run rampant on their networks.

[ Parent ]
You *didn't* read your abuse box!? (4.33 / 3) (#507)
by TVoFin on Wed Aug 06, 2003 at 08:59:32 AM EST

It would take someone hours to search through all that to find pertinent stuff, and more time to investigate each case to determine that it was legitimate. I know that in our case, we simply didn't have the time to do it. We would've had to employ someone full-time to search through that, and that was simply not a viable economic proposition.
Sigh. Reading the abuse box and acting on its contents is one of the duties of an ISP. Or why else do you think that RFC (number 822 IIRC) requires the presence of both postmaster@ and abuse@ accounts?

-Timo

IB, life, sleep -- pick any two. --Anonymous IB senior.
[ Parent ]

I don't know... (3.66 / 3) (#511)
by The Artificial Kid on Wed Aug 06, 2003 at 09:04:06 AM EST

I don't know why they're required, but presumably 822 will tell you, and will also outline your right to link any IP address you want with spammers when publishing blacklists.

[ Parent ]
What I have... (4.50 / 4) (#509)
by gordonjcp on Wed Aug 06, 2003 at 09:02:33 AM EST

... is some scripts that pull anything "sensible" sounding out of "abuse@<host>", and see if there's anything suspicious in the logs (like lots of connections to port 25). Now I actually have had one of my dial-up customers sending a metric fuckload of spam overnight once. It was the work of moments to disable his account, write an apology to the people who complained to abuse@<host> and the telephone the guy and give him some stick down the phone.

"But it's a mailing list! I bought it on Ebay, and it's all legal!"
"Yes, but it breaks our terms of service. So your service has been cut off."
"You can't do that! You can't stop my service just like that! I'm going up there to SORT YOU OUT!"
"I can, I have, and you're welcome to try. Bye.>click<"<br> I was tempted to go round to his house, break his legs, format his computer and then shoot his dog, but my girlfriend made me promise not to.

Give a man a fish, and he'll eat for a day. Teach a man to fish, and he'll bore you rigid with fishing stories for the rest of your life.


[ Parent ]
A more accurate analogy would be.... (4.20 / 5) (#452)
by squigly on Wed Aug 06, 2003 at 07:37:53 AM EST

Being punished for being a customer of an ISP who also sold webspace to spammers.  

[ Parent ]
Except (5.00 / 2) (#478)
by The Turd Report on Wed Aug 06, 2003 at 08:22:26 AM EST

Most spammers don't tell their providers that they are spammers. So, your analogy fails. When a spammer changes their company name, how can you tell that they are a spammer?

[ Parent ]
Its very easy (4.66 / 3) (#490)
by zakalwe on Wed Aug 06, 2003 at 08:35:54 AM EST

When a spammer changes their company name, how can you tell that they are a spammer?
Um, when they send spam perhaps? The spammers don't tell SPEWS that they're spammers either - they detect them from those sending spam, and then contact the ISPs with the details of the spammer. Generally all that is being asked is that the ISPs do react to such complaints rather than ignoring them and allowing the spammer to continue.

[ Parent ]
SPEWS logic (4.26 / 15) (#464)
by godix on Wed Aug 06, 2003 at 08:07:17 AM EST

SPAM pisses people off and they whine to their ISP about it. So in order to combat SPAM they're going to make it so email is unusable at all and hope that people get pissed off and whine to their ISP. Brilliant guys, maybe next week you all can explain how to get rid of headaches by beheading people.

"Fuck... may be appropriate in certain venues... (Florida Elections Commission, speed eating contests, public defender offices) and may be inappropriate in
A foolproof way to delete spam (4.00 / 5) (#480)
by Lankiveil on Wed Aug 06, 2003 at 08:24:26 AM EST

I found a way to keep ALL SPAM off my network.  I just blocked 0.0.0.0!  Since then, I've not had a single piece of spam float in.  I heartily recommend this simple solution to anyone using SPEWS!

[ Parent ]
Works for me (3.55 / 9) (#465)
by Oblom on Wed Aug 06, 2003 at 08:07:34 AM EST

One month ago i got fed up with all the  spam emails that i get every day so i installed on the server that hosts email for me and for a few dozens of friends of mine RBL based spam filter.
It uses sbl.spamhaus.org,  bl.spamcop.net, spews.relays.osirusoft.com and  list.dsbl.org ( in this order).

So now, 1 month later (since july 7) the statistics are like this :
blocked by spamhouse : 57180
blocked by spamcop : 20423
blocked by spews : 8441
blocked by dsbl : 1347
Blocked messages ( total ) : 87392
Messages that got in : 4780 ( and still ~1/5 out of it  is still spam, mostly from dial-up that i don't block meanwhile).

Those days I get less then 10 spams per week at my email account there.
In other words - it works for me. And it works for many others.

How do you get so spamworthy? (5.00 / 2) (#469)
by The Artificial Kid on Wed Aug 06, 2003 at 08:13:22 AM EST

I have a webmail account that I've been using for every dirty signup and white-supremacist-trolling operation I've encountered for around five years and it still only gets ten spams per day, which take me two minutes to clear out once a week.

[ Parent ]
Easely (5.00 / 1) (#476)
by Oblom on Wed Aug 06, 2003 at 08:20:46 AM EST

We participate in newgroups, online forums and run a few websites. So emails are getting harvested by robots from the web and then used to send spam to.


[ Parent ]
Well, Gee... (3.00 / 2) (#487)
by The Turd Report on Wed Aug 06, 2003 at 08:31:03 AM EST

Just don't do that stuff again. ;) (just kidding...)

[ Parent ]
oh and.. (5.00 / 2) (#484)
by vivelame on Wed Aug 06, 2003 at 08:28:47 AM EST

hotmail does filter.

--
Jonathan Simon: "When the autopsy of our democracy is performed, it is my belief that media silence will be given as the primary cause of death."
[ Parent ]
I told you... (4.25 / 4) (#512)
by Nova Reticulis on Wed Aug 06, 2003 at 09:04:24 AM EST

...you need to run a couple of big ass email servers to be able to comprehend the extent of damage the spammers do. One of my servers runs a domain that's been around like forever. Correct, ~80% of its traffic is spam.

Internet is not a charity for morons who can't run a well planned business
[ Parent ]

That sure is a lot. (4.00 / 4) (#475)
by berto on Wed Aug 06, 2003 at 08:18:25 AM EST

And how many legitimate e-mails were blocked?

[ Parent ]
No complaints so far (4.33 / 3) (#486)
by Oblom on Wed Aug 06, 2003 at 08:29:14 AM EST

But actually i tried to run a couple of time reverse DNS lookup on IPs that were blocked and names are mostly marketing-this.com,  promotion-that.net or  advert-now.biz .

[ Parent ]
Well, duh (4.16 / 6) (#494)
by Lankiveil on Wed Aug 06, 2003 at 08:43:30 AM EST

Obviously the customers aren't going to complain if they don't know that email destined for them is getting blocked, because they won't know anything about it!

[ Parent ]
Yeah, duh... (5.00 / 1) (#500)
by Oblom on Wed Aug 06, 2003 at 08:50:22 AM EST

Not costumers but  my friends. And they know that I installed filter. And they happy with the  results. In fact one of them today asked me to send him my configuration so he will be able to configure mail server in the company where he works in same way.

[ Parent ]
The sender should see the bounce (nt) (5.00 / 1) (#515)
by djotto on Wed Aug 06, 2003 at 09:09:54 AM EST



[ Parent ]
One good rule of thumb... (none / 0) (#815)
by Dimensio on Sat Aug 09, 2003 at 04:50:03 AM EST

If the domain/host name ends in ".biz", it's spam. I've yet to see an example of a legitimate entity with .biz in their hostname.

[ Parent ]
Can I ask a question? (2.69 / 13) (#492)
by synaesthesia on Wed Aug 06, 2003 at 08:38:10 AM EST

Is everyone complaining about SPEWS in these comments opposed to a free market?

Because that is how it sounds to me.

It seems obvious that the only reason people are getting worked up about this is because it's working. It's forcing customers like somethingawful.com to choose a service provider that actually does something about spammers. Why the hell do you think that ISPs use RBLs in the first place? Let the market decide!

Sausages or cheese?

THIS POST IS SARCASTIC! (4.33 / 6) (#518)
by Winkie on Wed Aug 06, 2003 at 09:20:37 AM EST

Oh yeah, i'm all for making websites pay to be relocated every time their mailserver gets blocked because some asshat spammed All for making them move to more expensive more 'professional' providers that charge a dollar a meg Yeah, I like making it so only big busnisess can run big websites!

[ Parent ]
Yours is extremely clever use of sarcasm (5.00 / 2) (#524)
by synaesthesia on Wed Aug 06, 2003 at 12:07:20 PM EST

But would you care to explain how you think your post follows from mine in any way whatsoever? Or to put it another way, which part of the phrase "free market" do you not understand?


Sausages or cheese?
[ Parent ]
er... (4.00 / 3) (#607)
by Work on Wed Aug 06, 2003 at 09:55:42 PM EST

holding an innocent company's e-mail service ransom for their ISP's actions until they switch ISP's doesn't sound free market to me. Sounds more like fascism.

Mussolini & co. would be proud.

[ Parent ]

Define "innocent" (4.50 / 2) (#681)
by synaesthesia on Thu Aug 07, 2003 at 05:52:23 AM EST

I buy my groceries from "Big Don's Front Store Ltd". Big Don's Front Store Ltd., also launders money for child pornographers. Then the FBI comes in and busts Big Don, closing the store down in the process.

WHERE AM I SUPPOSED TO BUY MY GROCERIES NOW, YOU FUCKING FASCISTS?!

Try a real grocery store. Try a real ISP.


Sausages or cheese?
[ Parent ]

Better analogy (5.00 / 2) (#774)
by Ken Arromdee on Fri Aug 08, 2003 at 02:12:59 AM EST

You buy groceries at Big Don's. The FBI discovers that Big Don has some vague and possibly small connection to child pornographers.

The FBI then puts up big signs which say BIG DON'S -- CHILD PORNOGRAPHERS. In small print, it says "This means Big Don's has a connection to child pornographers, not that they are child pornographers".

Then lots of people see the sign, don't notice the small print, and think that Big Don's are child pornographers themselves. They stop buying and drive the store out of business. You now have no place to get groceries.

That's pretty much what Spews is doing. Spews relies on the fact that people will treat their list as a list of spammers, in the same way that the FBI in this analogy relies on people not reading the small print.

[ Parent ]

Wrong (none / 0) (#783)
by synaesthesia on Fri Aug 08, 2003 at 05:43:30 AM EST

SPEWS does not claim to be anything other than a list of addresses provided by ISPs which do not respond to reports of abuses of their other addresses.

You think that ISPs don't understand that by using the SPEWS RBL, they're not only blocking spammers but potentially entire ranges of innocent parties?

Other RBLs provide for what you're asking. But the people at SPEWS are fed up with playing whack-a-mole, and they want to play the economic starvation game. And obviously a lot of ISPs want to play that game too, otherwise you'd have nothing to complain about. And I want to play that game too. If I ever find myself on the receiving end of it, I'll be mature enough to realise that my potential customers are choosing ISPs which want to play that game, so I have to choose a different provider. It won't take long before it's obvious which providers are responsive enough never to end up on the SPEWS RBL. I'll choose one of those, and never be bothered about it again.


Sausages or cheese?
[ Parent ]

And? (3.50 / 2) (#798)
by Ken Arromdee on Fri Aug 08, 2003 at 05:50:46 PM EST

In the analogy, the posters don't claim to be anything other than what they say they are, either. In the analogy, the posters don't say that Big Don's is a child pornographer. Anyone who interprets the poster that way doesn't really understand the poster, just like anyone who takes Spews' list to be a spammer list doesn't really understand the list.

But the catch is that the poster is designed in a way that the author knows will lead to lots of misunderstandings like that.

You think that ISPs don't understand that by using the SPEWS RBL, they're not only blocking spammers but potentially entire ranges of innocent parties?

I think that a lot of them don't understand this, though of course, not every single one. Probably most people who post here saying "I'm proud to use the Spews list" understand it, but they are atypical.

[ Parent ]

It's amazing. (5.00 / 1) (#837)
by DavidTC on Sun Aug 10, 2003 at 05:16:43 AM EST

It's honestly amazing how many people seem to be running around thinking SPEWS is used by ignorant people, yet fail to provide a single shred of evidence, they can't even bother to fabricate a single incident.

Burden of proof, people. We used to have it at this site. Don't go around claiming that people are 'accidently' using SPEWS unless you can at least name a single example, even if you do have to make it up.

-David T. C.
Yes, my email address is real.
[ Parent ]

There's a difference between an open market (5.00 / 3) (#617)
by porkchop_d_clown on Wed Aug 06, 2003 at 10:47:28 PM EST

and taking hostages.

One is called "capitalism". The other is called "extortion".


--
His men will follow him anywhere, but only out of morbid curiousity.


[ Parent ]
Boo fucking hoo (3.33 / 3) (#686)
by synaesthesia on Thu Aug 07, 2003 at 06:02:06 AM EST

Stop being such a child. Don't like the way things are done on the internet? Do something about it, put up or shut up. Make your own fucking RBL, and make it better than the SPEWS one. You really think ISPs use the SPEWS RBL to piss their customers off? No, they do it because some some ISPs refuse to boot spammers, and they want to force (economically) those ISPs to change their behaviour.

If you think you're in the right, start an anti-SPEWS RBL. Blackhole all ISPs who use the SPEWS RBL, on the basis that they're harming legitimate businesses. Try to persuade other ISPs to use your anti-SPEWS RBL. You'll soon find out you're in the wrong.


Sausages or cheese?
[ Parent ]

You bounce wildly from saying (4.00 / 2) (#724)
by The Artificial Kid on Thu Aug 07, 2003 at 09:42:57 AM EST

"we can't force anyone to do anything, this is just the free market. I don't want to receive email from 'bad' blocks. My server, my rules!"

To saying

"This is all about forcing ISPs to change by getting their users to make a noise!"

So which is it? ARE you deliberately hurting innocent users to make them squeal, or are you not?

[ Parent ]

It all boils down to what users want (5.00 / 1) (#732)
by synaesthesia on Thu Aug 07, 2003 at 10:19:15 AM EST

If users want to use ISPs which use the SPEWS RBL, they can choose to. If they don't, they can choose not to. If you want to differentiate yourself as an ISP from those which use the SPEWS RBL, you can do so, and the market decides whether or not you succeed.

There are two types of ISP roles: server and client. The 'force' comes from the magnitude of the latter group.

You seem to think that this decision is being made by anyone other than just everyone who uses the internet. It's not.


Sausages or cheese?
[ Parent ]

Right. So the answer to your immoral actions (none / 0) (#726)
by porkchop_d_clown on Thu Aug 07, 2003 at 09:55:14 AM EST

is to engage in my own immoral actions? I think not.


--
His men will follow him anywhere, but only out of morbid curiousity.


[ Parent ]
Immoral? (none / 0) (#731)
by synaesthesia on Thu Aug 07, 2003 at 10:13:27 AM EST

Please elaborate. Sounds like you're assuming the consequent to me.

Sausages or cheese?
[ Parent ]
What's to elaborate? (none / 0) (#788)
by porkchop_d_clown on Fri Aug 08, 2003 at 09:00:26 AM EST

your fundamental principle is to make people miserable in order to force them to behave the way you want them to.

the correct answer to spam is digital signatures on the mail (possibly signed at every relay) and white lists.


--
His men will follow him anywhere, but only out of morbid curiousity.


[ Parent ]
Welcome to democracy (none / 0) (