Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
EFF's Gilmore protests that Verio's closed email relay policy is "Censorship"

By jbond in News
Sun Mar 18, 2001 at 10:30:06 AM EST
Tags: Internet (all tags)
Internet

Verio gags EFF founder over spam. Open relay violates acceptable use [The Register] I've been a fan of the EFF for a long time, but this one's bullshit. John Gilmore is displaying an embarrassing lack of knowledge about how the internet works. To pick up on one piece, he's complaining that his friends need to be able to send email from anywhere in the world. Well almost all closed mail relays work on the basis of Pop3 read before smtp send. As long as you have a pop3 account, you can send your email from anywhere. Spam is such a problem that closed relays are a perfectly acceptable defence and have absolutely nothing to do with censorship.


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Verio gags EFF founder over spam
o The Register
o Also by jbond


Display: Sort:
EFF's Gilmore protests that Verio's closed email relay policy is "Censorship" | 53 comments (51 topical, 2 editorial, 0 hidden)
The guys mad, of course (2.75 / 8) (#1)
by Glacky on Fri Mar 16, 2001 at 05:39:28 AM EST

I would suggest to him that I need his root password too, to run stuff on his machine from anywhere in the world.

In a perfect world where people are too polite to spam, it would indeed be rude of Verio to do this. But we do not live in that world, or anything resembling it. I do have an issue with blocking web traffic to sites selling spamware - that *is* censorship. But blocking a mail server because it has a gaping security hole in it that the owner refuses to fix, that's just common sense.

John Gilmore *was* one of my heroes... (3.66 / 9) (#2)
by Per Abrahamsen on Fri Mar 16, 2001 at 06:35:16 AM EST

well, I guess he still is, even if he is totally off-base on this one.

John Gilmore have an impressive track record, he was one of the early Sun people, used his money to found Cygnus which demonstrated that, yes, you *can* make money on free software. He wrote PD tar, which became GNU tar, thus contributing to free software more directly. He have also done a lot of EFF and cryptography works.

However, he seem to totally lost track of the changes times. Yes, open mail relayes were once the norm. So was password-less guest accounts. But these date back from the time where the Internet was a research netwrok, and people tended to treat trust with respect, not as a opportunity for abuse. Heck, even RMS and FSF has closed their guest accounts, and now hides behind a firewall.

Register is not the most trustworthy source of news, I hope they are wrong about this one.


they're right (5.00 / 2) (#12)
by Arkady on Fri Mar 16, 2001 at 06:48:22 PM EST

This is definitely true. The EFF's legal director posted roughly the same description to our (the EFF; I admin the network for them) internal staff mailing list a few days ago. ;-)

The Reg _does_ play up and sensationalize stuff a bit, but in my experience they've always gotten the actual facts correct, and the facts in that article look basically correct. John does run an open relay, and I've had this argument with him a few times (since I don't and wouldn't).

The bummer here is that he probably is in violation of the Verio use agreement (though he's had that T1 since before Best bought TLG and then was bought by Verio, so who knows what his actual agreement with them is). He would definitely have been in violation of the use agreement on my network.

-robin

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere Anarchy is loosed upon the world.


[ Parent ]
John Gilmore is still a hero to me (4.50 / 12) (#3)
by kaboom on Fri Mar 16, 2001 at 08:57:35 AM EST

Don't you people understand what it means to be idealistic? Sure, open relays don't work in today's Internet. That doesn't mean that people like John, who cherish personal freedom and lament the loss of same which is rampant in today's Internet^Wmulti-level marketing scheme, shouldn't protest that loss.

Think of this as being like rms' refusal to give himself root on his own machines out of protest against the fact that he has to have passwords on them at all. Is it a gesture I would make? Hell no! Is it one I can respect, because of the motivating factors behind it? Certainly!

Gestures (5.00 / 2) (#14)
by Per Abrahamsen on Sat Mar 17, 2001 at 09:55:39 AM EST

> Think of this as being like rms' refusal to give
> himself root on his own machines out of protest
> against the fact that he has to have passwords on
> them at all. Is it a gesture I would make? Hell
> no! Is it one I can respect, because of the
> motivating factors behind it? Certainly!

It is fine to make that kind of gestures, however it is not fine to start complaining that other sites won't trust your site anymore.

Fine, make your site open to spammers, but don't complain when others won't carry your mail.


[ Parent ]
Unfortunate actions by Verio. (2.40 / 5) (#5)
by reshippie on Fri Mar 16, 2001 at 10:43:05 AM EST

While I don't think that Gilmore should be running an open relay in this day and age, I don't think that his ISP should cut him off for it. He's on a T1 line, which means he's been paying a great deal of money for lots of bandwidth. What he does with it should be his own business, so long as it is legal.

I could see people having a problem, if this was done over a cable modem, as each person's use affects everyone else nearby. Even if it was only a DSL line, though, I don't think that it would be cool. If you're paying for a dedicated line, you should be able to do what you wish with it.

Those who don't know me, probably shouldn't trust me. Those who do DEFINITELY shouldn't trust me. :-)

Re: Unfortunate actions by Verio. (5.00 / 2) (#11)
by elemental on Fri Mar 16, 2001 at 04:49:51 PM EST

If you're paying for a dedicated line, you should be able to do what you wish with it.

To a certain extent, sure, but not when it affects the people providing you that line. Verio allowing an open mail relay on their network (one that has already been used to relay spam, remember) could easily get them listed in ORBS, the MAPS RSS, and any number of independent block lists, which will cause problems for all their customers.

I work in the abuse department of a large ISP (not Verio) with a large number of T1/frame relay customers and I would have shut down his line completely at his first refusal to secure his mail server.


--
I love my country but I fear my government.
--> Contact info on my web site --


[ Parent ]
Common carriers (4.50 / 8) (#6)
by davidduncanscott on Fri Mar 16, 2001 at 11:10:17 AM EST

If Gilmore thinks that phone companies and railroads (the original "common carriers") don't know and don't care what signals and cargo pass over their lines he's crazy.

I think Verio could and would argue that an open relay invites massive spamming which endangers their network, in much the same way that BellAtlantic would argue that they are not required to carry my signal if I hook my phone line to the 110 volt wall outlet or the railroads might refuse to carry explosives or toxins. Being a common carrier doesn't obligate one to be an idiot, it just means that you're supposed to be equally idiotic to all your customers.

Technically (3.00 / 4) (#7)
by tiamat on Fri Mar 16, 2001 at 11:38:25 AM EST

Spam is such a problem that closed relays are a perfectly acceptable defence and have absolutely nothing to do with censorship.

Well, technically you are just censoring spam. Now, I don't think very many people have a problem with that (I certainly don't). It is important however that we admit it is censorship.

The only possible argument that could come out of this requires a tanker full of oil; then you MIGHT be able to make the "slipperly slope" case.

FALSE! Censorship is about *CONTENT*. (4.71 / 7) (#8)
by seebs on Fri Mar 16, 2001 at 12:36:01 PM EST

Closed relays block messages for delivery mechanism, not content. A closed relay is just as unwilling to transmit non-spam as it is to transmit spam.

Indeed, spam itself is not a censorship issue. Censorship is saying you may not say *THIS*.

It's not saying "you can't say things at my expense without my permission". That's not censorship, that's an integral part of free speech, which is freedom from compelled speech.


[ Parent ]
Not censorship (3.00 / 1) (#25)
by marimba on Sun Mar 18, 2001 at 07:13:07 PM EST

It's simply preventing someone from using services that they are not paying for. If you want to send mail through the ISP, get an account and pay for it. But spammers don't do this because they want bandwidth for free. Bandwidth that I'm paying for. I would no sooner allow someone to send spam over a connection that I'm funding than I would let them use my long distance phone account. And I think that analogy is pretty darn close.

As for Gilmore, if his friends are having trouble sending mail from various locations throughout the world, perhaps they should investigate Hotmail or Yahoo. Sheesh. What a crybaby



[ Parent ]
Private "censorship" is not illegal (4.00 / 7) (#9)
by GusherJizmac on Fri Mar 16, 2001 at 01:24:51 PM EST

We may not like it, but private companies can engage in any kind of "censorship" they want. It's their servers, and they can do with them what they will. It's only illegal for the government (in the US at least) to censor speech, etc.

I really hate when people assume that since the Bill of Rights prohibits Congress from restricting speech that therefore everyone is prevented from doing so. It's just ignorance.
<sig> G u s h e r J i z m a c </sig>

small comment (3.33 / 3) (#13)
by SEAL on Fri Mar 16, 2001 at 09:47:51 PM EST

Sorry to nitpick, but don't confuse illegal with unconstitutional.

The 1st amendment ("Congress shall make no law...") is what prevents government from censoring most forms of speech.

Now, Constitution aside, there may be laws which affect what private companies can do. Just because the government cannot censor speech doesn't mean the opposite is true. The government CAN make laws to protect free speech. To say private companies can engage in any kind of "censorship" they want isn't always the case. It depends on where you live and what the business is doing.

Example: A public-access television channel would not be able to deny you access or remove your existing program based on the color of your skin.

- SEAL

It's only after we've lost everything that we're free to do anything.
[ Parent ]

This totally annoyed me. (3.60 / 5) (#15)
by xrayspx on Sat Mar 17, 2001 at 12:30:50 PM EST

I'm basically going to cut and paste my comment from SecurityFocus. I think Gilmore is great, but I think it's selfish of him to run open relay just so that his jet-setting e-Hero friends don't have to change the SMTP setting in their mail clients when they travel from network to network. It's dangerous to Verio, and annoying to thousands of spam recipients:

How hard IS THIS REALLY?
by xrayspx
Fri Mar 16 2001


These people are the "digerati", the "elite", the "31337", and so forth. The EFF, Gilmore, Barlow, all play a very important role in protecting our freedoms, and I'm glad they're around. BUT, they're evidently boneheads.

If John Barlow connects to an ISP in Africa to send an email to his girlfriend, he should go to his email client settings, (you KNOW he's using outlook), set the smtp server to mail.whateverthehellISPheson.com and send all the mail he wants. If it's not mail, I'd bet him a Donut that the address is smtp. or out., wouldn't even have to ASK anyone. If this is too highbrow for them, they should get AOL accounts and be done with it. There, BAM, you can send mail from anywhere in the world without having to think.

If I have an open relay so that my 'friends' can connect and send mail from wherever they are likely to be, MAPS, ORBS, my ISP would not be near as lenient. Just because we're talking about a celebrity does not make this any less boneheaded.

EOF

That came off as a really pissed off rant, but I was. There can be no double standards, no "Well, but *I* need open relay so that when Barlow is in Africa, he doesn't have to change Outlook to work with zimbabwe.net or whoever". I just think Gilmore is being very selfish on this one.


"I see one maggot, it all gets thrown away" -- My Wife
One thing I forgot (2.75 / 4) (#16)
by xrayspx on Sat Mar 17, 2001 at 01:27:51 PM EST

Something I forgot to mention in my mindless rant is the fact that many (responsible) ISPs filter outbound traffic on port 25. AT&T Worldnet for instance, forces you to use their mail servers, which is a very good thing, stops people using their network to hammer away at John Gilmore's Spam-o-Tron.

Of course many other ISPs do not do this, but it is definitely a good policy to follow. If no one allows external SMTP traffic, doesn't really matter who runs an open spam relay does it?


"I see one maggot, it all gets thrown away" -- My Wife
Re: SMTP redirectors (none / 0) (#37)
by sigwinch on Mon Mar 19, 2001 at 06:14:58 PM EST

... AT&T Worldnet for instance, forces you to use their mail servers, which is a very good thing, stops people using their network to hammer away at John Gilmore's Spam-o-Tron.

A man-in-the-middle attack is a MITM attack, any way you fucking slice it. The ability of two hosts to communicate should only depend on two things: 1) Their willingness to communicate, and 2) the presence of IP transport between them. Spam should be handled at #1, by blacklisting with extreme prejudice.

Breaking #2 in the name of spam control is just idiotic. It's like the phone company handling tele-salesmen by making everybody subscribe to an answering service.

And this is not just the ranting of an idealist: this foolishness has real consequences. If I want to email a 500 MB message to somebody, and their mail server can handle it, then I should be able to do it. If the ISP has some arbitrary, undocumented disk quota, things will break in weird ways.

If an organization wants superfast email turn-around, they should be able to process their queues every second if they want to. You can't do that if it's sitting in a 30 minute queue at some dipshit ISP. What are we gonna have next? ISPs installing SMTP-to-plate tectonics gateways?

If I want to upgrade SMTP to support crytographic signatures (which could eliminate spam), I can't. The ISP's SMTP server is frozen in time with the old version of the protocol and will never understand anything better.

(I think the ISPs who do this are just clueless/lazy. They haven't really thought through the long-range ramifications of their actions. E.g., if one of their customers breaks a $cientology copyright in email, they could find those SMTP proxies subpoened with extreme prejudice.)

--
I don't want the world, I just want your half.
[ Parent ]

NO one is telling him not to run SMTP (none / 0) (#44)
by xrayspx on Tue Mar 20, 2001 at 12:27:24 PM EST

I think anyone who wants to run a mailserver should have every right to, that's not the point.

The point is, he shouldn't allow me to telnet to his machine on port 25, make up a username, and send SPAM to 100 thousandgazillion people from his machine. Those people would not be happy. If he wants to have a mail quota, great, if not, find, let him receive South Park episodes as .vcf's for all I care.

I am of the belief that anyone should be able to run any service they want over their connection, you should be paying for bandwidth, not bandwidth with restrictions. BUT, I also think that they should run them responsibly, or face the accpected consequences. I don't think his ISP should have shut him down, I think he should be RBL'd, yes, ORBS'd yeah, totally. The ISP was trying to protect themselves from having their entire IP block RBL'd. That is unlikely to happen, unless it's a personal vendetta (Vixie goes insane again).


"I see one maggot, it all gets thrown away" -- My Wife
[ Parent ]
Agreed (none / 0) (#45)
by sigwinch on Tue Mar 20, 2001 at 05:22:19 PM EST

I agree totally that Gilmore should get with the program, but that's not what I was talking about. I was ranting (perhaps offtopic) about the ISPs that block SMTP as their spam "solution".

--
I don't want the world, I just want your half.
[ Parent ]

Common POP3/SMTP email systems.. (4.33 / 3) (#17)
by Andrew Dvorak on Sat Mar 17, 2001 at 01:33:45 PM EST

Most pop3/smtp email providers require a user first authenticate with the system by checking their email via pop3. This registers their IP address with the smtp server. The smtp server then allows the said IP address to send mail using the email ID associated it. This is linked to a timeout limit, whereby this ip registration is removed from the database after, say, 10 minutes from checking the pop3 server.

This common method does much good to seal an open relay while considerably decreasing the inconvenience to the user.



Alternatives exist. (5.00 / 3) (#18)
by Dan Walters on Sat Mar 17, 2001 at 10:52:40 PM EST

There are patches for both postfix and qmail that allow you to require SASL authentication for SMTP connections. I believe SASL is even in sendmail 8.10. You can require a username and password before accepting mail, and it's still possible to always relay for specific subnets - i.e., it's completely backwards compatible.

Client support already exists in both Outlook & Netscape on Windows, and it wouldn't be hard to add to any open source client that doesn't yet support it.

There's no reason to run an open relay. It doesn't matter if it's your bandwidth or not; when a spammer abuses your server, it costs us all. The upstream ISP is always drowned in complaints, too - they are entirely within their right to proactively prevent such things from happening.

I'm just saddened that the EFF can be so clueless.

Also, I've seem some suggestions that all ISPs block outbound port 25. Let's not encourage this - they will prevent this (the proper solution) from working. Let's fix the actual problem.



You're correct (none / 0) (#20)
by Miniluv on Sun Mar 18, 2001 at 01:08:10 AM EST

I run a sendmail 8.11 server, and I can enable authentication on SMTP. Since I have a few people who use my machine as their smtp host, rather than that of their ISP which is usually wildly inconsistent with regard to mail delivery, I instead just allow very specific networks to send mail to me. Once the last of them gets onto a static IP it'll literally only be their machines, or sucessfully forged mail traffic which I'm not terribly concerned with.

All in all, the mail servers are easier to configure to handle this, than randomly blocking outbound traffic on port 25.

"Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
[ Parent ]

Another alternative... (none / 0) (#34)
by Anonymous Commando on Mon Mar 19, 2001 at 12:10:38 PM EST

If you're interested in a lightweight, GPL mail server for Linux and Win32, check out XMail. It's still under development (currently v0.68, I think), but works quite well, supports authenticated SMTP. For Linux, it's a nice alternative if you want to set up POP3 accounts without setting up full user accounts (doesn't use /etc/passwd). There's also a control protocol for remote administration through a Win32 client or DLL, or a cross-platform Perl module.

BTW, I'm not directly involved in XMail, I'm just a satisfied user.
Corporate Jenga™: You take a blockhead from the bottom and you put him on top...
[ Parent ]

Common carrier status (4.66 / 3) (#19)
by jesterzog on Sun Mar 18, 2001 at 01:00:02 AM EST

This quote at the end of the article got my attention:

Gilmore argues that by making decisions about what to allow or disallow over their network, ISPs risk losing the common carrier status that protects them from legal liability for their customers' actions.

"Ultimately, they should be a pipe. They shouldn't care what content goes through. For them to say, well, we'll send your IP packets....except when you send this particular type of IP packet, it takes them out of the realm of a common carrier," says Gilmore. "That puts the entire Internet in jeopardy."

Does anyone have any legal or political experience in this area?

I think what he's saying is that if ISP's block people from anywhere in the world sending mail, then they're making decisions as stated above. This seems to imply that ISP's aren't allowed to make any decisions about the content they're trafficing.

I can't see the problem with it though. If you stuffed a dead body into a post box with an address scribbled on it, it probably wouldn't get to it's addressed destination.

The reason is that someone at the post office probably decided that it's in the business of sending letters and other agreed freight, and not something that's obviously a dead body.... for one reason or another.

Similarly, I don't think anyone should be able to force ISP's to traffic something that can be clearly categorised if they choose not to.

People sending mail through open relays aren't directly paying for it, and even if it's not spam, it costs ISP's money. This is especially true in places with low bandwidth, including many countries outside of North America. The post office doesn't have to send letters without stamps on them, so why should ISP's be obligated to pipe mail from users or other services who aren't connnected to them directly?


jesterzog Fight the light


Well here's something (4.00 / 2) (#35)
by Gat1024 on Mon Mar 19, 2001 at 01:54:42 PM EST

Well, Prodigy lost a lawsuit because they were filtering naughty words and messagse in their forums. Compuserve, hit with a similar suit, got off easy because they never tried to filter their forums. Prodigy was deemed a publisher because it exercised editorial control over the content of their forums. Compuserve didn't even have a dept in place to monitor their forums. In fact, their forums were outsourced.

Also, Cyber Promotions, the famed mass spammer lost several lawsuits to big ISP's, namely AOL and CompuServe. CP sued AOL for blocking their SPAM, arguing that AOL was a state actor like the USPS and thus AOL's service was a public function. The judge saw it differently stating that AOL and the Internet did not "involve the exercise of any of the municipal powers or public services that traditionally constitute state action." So AOL's systems were AOL's and they had the last say on what could pass and what could not.

The CompuServe claim involved CP's use of CompuServe's systems to send SPAM. The court, citing reasons similar to the AOL case, also ruled against CP.

Sources:

  • LIBEL ON THE INTERNET: AN INTERNATIONAL PROBLEM
  • Slamming Spam
  • Liability for the Wrongful Acts of Publishers
  • Hope this helps.

    [ Parent ]

    Is spamming actually wrong? (1.66 / 3) (#21)
    by Miniluv on Sun Mar 18, 2001 at 01:19:31 AM EST

    After reading the article at the Register, and thinking about the issue from all sides, is the act of sending unsolicited email actually wrong? Not "morally" wrong, because there's no concrete answer to that, but instead, is it the wrong thing to do on the 'net? If so, how is it different from unsolicited postal mail?

    I would say that over 80% of the population here at K5 has unlimited bandwidth connections. They do not pay their ISP a per-email surcharge, nor do they pay by the packet in any form. Thus, spam costs them nothing, except a little bit of time. For those of you who don't have unlimited time connections, or are on dial-up with it's associated phone charges, I ask you to do the math by taking your largest spam email, figuring the transport time down the wire from the mail server you connect to your harddisk, and tell me how many spam emails it takes to cost you $1.

    Spam is, as everyone knows, the Internet equivalent of junk mail through the postal system local to your jurisdiction. Direct mail is, in the US, a huge industry. Companies such as RR Donnelley and Sons print tens of millions of pieces of direct mail each year, and pay the USPS millions of dollars in postage. Less than 10% of the US has registered with the central authority for preventing direct mail from reaching homes. That means 90% of the population of the US, or over 100 million people, don't care enough to spend 34 cents on a letter to get themselves removed from this list.

    So, if spam costs me nothing more than my time, why is it such a big deal to people? Is it really an invasion of your privacy to receive an email advertising something you don't want? Sure, it's a nuisance, a minor inconvenience, but is it really worth creating the sort of brouhaha the Internet is currently involved in just to stop such a tiny thing?

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'

    spam vs. junk mail. (3.50 / 2) (#22)
    by Per Abrahamsen on Sun Mar 18, 2001 at 09:18:47 AM EST

    > If so, how is it different from unsolicited postal mail?

    Paper junk email is expensive enough for the senders to keep the amount manageable, and the senders are paying for the infrastructure. To make the comparison valid, you must rise the cost of spam to be close to the cost of junk mail, which is between 50 cent and 2 dollar per copy. If we did put a price of 25 cent on each piece of junk email, it would be much less of a problem. It could even be a good arrangement, if somehow the money could be used for financing popular services, like kuro5hin.

    Nonetheless, I'm happy that Danish laws have made it possible for me to "opt-out" of junk mail (a "junk mail no-thanks" label on the door, and a central register for "no direct-mail" addresses).

    The price spammers pay to ISP's for a connection is nowhere near the amount of money ISP's have to spend in order to keep the amount of spam low enough that their customers don't drop out of the net. To this, add bandwidth and processing cost, and income lost because users avoid services where the spam content is above their personal threshold.

    > Thus, spam costs them nothing, except a little bit of time.

    I estimate spam has cost me personally at least US$ 1000 in time spend on filtering and sorting, which is more than I have payed for connectivity in all my life.

    Add to this the loss in "quality of service" due to "you have mail" no longer meaning "look at the mailbox now". It used to be that I replied to email immediately, because of spam this is no longer so. Also, it is a lot less reliable. I *almost* throw away a real offer for an all-payed trip to Japan (estimated value US$ 5000) because it looked like spam. The only reason I didn't was that it was cc'ed to some people I know, so I decided to look at it closer. Of course, I have no idea how much real mail I have junked because it looked like spam, a problem that is getting worse because spammers do everything they can to attempt to make it look like real mail.


    [ Parent ]
    How do you figure $100? (none / 0) (#28)
    by Miniluv on Sun Mar 18, 2001 at 09:57:34 PM EST

    I'm curious how you come up with a number that incredibly high. What value are you considering time spent reading email to have?

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]
    Why US$ 1000 is a low estimate (none / 0) (#30)
    by Per Abrahamsen on Mon Mar 19, 2001 at 03:48:12 AM EST

    $100? That is incredible low. I wrote $1000 which is still an very conservative estimate.

    I have said no to consulting jobs that gives US $100/hr when they don't interest me. I hate dealing with spam, so my time must be at least worth what others are willing to pay me for less uninteresting work.

    Spam has been a problem for me since september 1993. I have used email since 1986, but until 1993 spam was next to non-existent. This is eight years with spam. I have certainly used more than an hour yearly writting and optimizing anti-spam filters, and probably (its hard to estimate) more than that sorting away spam that got past my filters. In the first years I spend a lot of time trying to stop the spammers, these day I leave that job for younger people, but still try to stop spammers in Denmark (much easier, especially since we got anti-spam laws).

    But just counting a low estimate of 10 hours for the time spend writting filters, ignoring the sorting, detective and political work, I get the amount of US$ 1000.


    [ Parent ]
    Ugh (none / 0) (#31)
    by Miniluv on Mon Mar 19, 2001 at 05:43:23 AM EST

    No offense, but you cannot reasonably figure your time away from work at the rate of a consulting job you've been offered. The economics of making assumptions like that are really, really shady. Things like opportunity cost and such, which is how you're working that number out, are not nearly as cut and dried as when you have real, tangible numbers to work with.

    If you were to say to me that you lost 10% of your waking hours in a given calender year, and then worked out some reasonable equation of how to take that 10% and relate it to your yearly gross earnings, I would say it's possible. Ultimately, that $1K could be quite accurate. I just don't know that it'd be provable...or worth proving.

    I wonder though, how you manage to attract so much spam that you need to spend that much time filtering, and then dealing with the stuff that makes it past your filter. Merely by turning on RBL checking in sendmail I reduced my spam intake by over 50%. Which reduced it to a mere 8-10 pieces per day, which works out to about 10 seconds of clicking the delete button. I sign up for lots of things online, a fair number of them with my legitimate email address. I haven't changed said address in over 3 years, and I just don't get much spam...maybe I'm an exception, but I know quite a few people like me in that respect.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    Value of time. (none / 0) (#33)
    by Per Abrahamsen on Mon Mar 19, 2001 at 10:20:09 AM EST

    > No offense, but you cannot reasonably figure
    > your time away from work at the rate of a
    > consulting job you've been offered.

    I'm not sure I can parse the sentense, but I fail to see the problem. The consulting rates offered put a reasonable minimum value to my time. I could claim spam was so agonizing that the point where dealing with spam became worth the agony was US$500/hour, but then it would be pure speculation. Using jobs I have declined give a objective lower boundary.

    One hour a year isn't a long time for analyzing a problem, getting ideas for a solution, implementing the ideas, and testing the solution. The sysadm has installed RBL centraly, so that doesn't count in my time.

    I think most of the spam come from addresses harvested at Usenet. In general, I try to act like the net was free of spammers, which mean I use my read address both there, on my home page, and discussion sites like this.

    I use a separate address for web-shopping and the like at sites who claim they keep it confidential, and I haven't seen spam to that address. Apparently, those places I use are honest.

    I don't delete spam, but move it to a separate folder. It is currently 57 MB or 10460 messages since 1996. This included spam caught by my own filters, but not that caught centrally (by a RBL).


    [ Parent ]
    Let me reword... (none / 0) (#38)
    by Miniluv on Mon Mar 19, 2001 at 10:00:29 PM EST

    Your time away from work is generally not as valuable as time at work. That is why most economists say you cannot use what you get paid as a straight comparison for the rest of your time. As a consultant you have more of an argument than most people, and thus I would say that potentially your percentage could be higher, but I'm not most qualified to comment beyond what I already have.

    I will agree that it sounds like you have problematic volumes of spam. I suspect that because I avoid usenet I dodge more, the evidence seems to support it anyhow. I would also stipulate though, that most people are not receiving quite the volume you are, and my question is far more valid for them.

    Either way, I still really wonder if the quantity of time, effort, etc being invested into anti-spam efforts, not to mention the profit some people are making from these efforts, is really worth while. How much more useful could some of this energy be? And how appropriate are some of the responses, *cough*Inoshiro*cough*, when people complain that spam causes high volumes of backbone traffic. Essentially, this is as much "thought experiment" as anything. Thanks much for your experience sharing though.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    My time (none / 0) (#40)
    by Per Abrahamsen on Tue Mar 20, 2001 at 03:01:11 AM EST

    Why should I care what an economist think my time is worth? My time is *my* time, and I should be the one who set the price for it. I also think I'm the one to judge what causes it is worth investing my time for.

    Most people haven't been on the net as long as I have, so my current situation can be seen as a foreshadowing of their future situation if nothing is done to stop spam. Of course, since most people really do hate spam, they will try to hide their email address, which may postpone the problems.

    Since most spams are relatively short, they don't (yet) cause real bandwidth problems. They do cause very significant problemns for servers though. I don't have numbers for email, but for Usenet at one point 80% of all messages were either spam or spam cancellations.


    [ Parent ]
    By your argument (none / 0) (#41)
    by Miniluv on Tue Mar 20, 2001 at 05:55:20 AM EST

    I could quite easily say that spam, a mere 8 pieces a day, has cost me billions of dollars. Does that mean it's valid?

    As far as server utilization goes, processing email isn't that resource intensive. Sure, email volume levels are rising, and size-per-piece is rising too. But Moore's law is still way out in the lead in that race. Bandwidth is increasing rapidly too, not 2x every 18 months but not terribly far behind either. All that mitigates the effect spam is having on the ability of an ISP or a backbone provider to continue providing core services at reasonable rates.

    Understand, I'm not advocating spam. I am asking if this vengeful crusade against spammers and "innocent" open relays is really as Holy and Justified as everyone seems to assume it is. Do spammed parties have the right to bombard open relays through which they are spammed? Does MAPS have any sort of justification in providing a quick'n'easy list for backbone providers to muscle open relays with?

    I am beginning to wonder if the price we're going to pay for freedom from spam is worth the freedom from over things we'll end up giving up.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    Fighting spam. (none / 0) (#42)
    by Per Abrahamsen on Tue Mar 20, 2001 at 06:46:08 AM EST

    > I could quite easily say that spam, a mere 8
    > pieces a day, has cost me billions of dollars.
    > Does that mean it's valid?

    Yes. I would not believe your claim, though, which is why I used the consulting rate offered for jobs I declined as an objective number.

    I have no numbers for email, but the largest Danish Usenet servers is CPU bound, not bandwidth bound. Which mean that the 80% spam and spam cancelations are rather significant.

    Basically, we don't give up anything by fighting spam. Unrestricted, spam growth until it scares the users away, and continue by inertia for some time from then-on.

    Mail bombing is never justified. Refusing to carry traffic from open relayes are the priviledge of whoever owns the server.


    [ Parent ]
    Open relays (none / 0) (#46)
    by Miniluv on Wed Mar 21, 2001 at 05:34:12 AM EST

    So, you have no problem with the concept of say, Above.net refusing all IP traffic to and from anybody on the RBL list?

    By restricting speech on the net, which is what port filtering, black listing, etc does, in such a broad, unrestricted way we're begging for more occurences of horrible mistakes. Ask Peacefire how they felt for not running an open relay and still making it onto the RBL. Ask massive mailing list managers how they feel when they get RBL'd because MAPS feels that quadruple opt-in just isn't enough, or that your system doesn't qualify as double opt-in (their current requirement) because it's the third tuesday of a strong lunar cycle.

    If we're going to blacklist MAPS and ORBS have to go. They're both currently battling it out in a duel to the death to suck harder and trash more freedom on the net. I say it's our net, it's time we take responsibility and ownership. I have to say I agree with Gilmore in spirit, even though I don't think it's entirely necessary to practice his preaching in the fashion with which he does.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    RBL 's are necessary, thanks to spammers. (none / 0) (#47)
    by Per Abrahamsen on Wed Mar 21, 2001 at 11:16:47 AM EST

    > So, you have no problem with the concept of say,
    > Above.net refusing all IP traffic to and from anybody on the RBL list?

    No.

    > By restricting speech on the net, which is what port filtering, black listing,
    > etc does,

    No, it is easy and cheap to get access to an ISP that is not blacklisted for sending e-mail. It is even still easy to get access to an ISP that does not use RBL. This will off course stop being the case when spam reach a level where unfiltered ISP's can no longer hold to their customers.

    > in such a broad, unrestricted way we're begging for more
    > occurences of horrible mistakes.

    What horrible mistakes? I admit that there have been minor problems, which I ount as more victims of the spammers.

    In a market economy, the RBL's represents the various cost benefit balances to the users between filtering out spam (benefit), and filtering out non-spam (cost). The fact that we have multiple of them, shows that the exact point of balance differers between various users.

    I administrate an open mailing list (bug reports and discussion). It is only because I have chosen to host it on a site which uses just about all the RBL's that I can keep the list open. I would hate to have taken that option away and being forced to close the list because someone decided that *they* know better than *me* what filters are appropriate for *my* list. Removing options and forcing people to close lists aren't protecting freedoms in my book.

    Until the makes it practical to stop spam at the source, all other measures are merely the minimal amount of self defence, needed for the survival of email as an useful communication medium.



    [ Parent ]
    Wow (none / 0) (#49)
    by Miniluv on Wed Mar 21, 2001 at 09:15:03 PM EST

    You did notice I said all IP traffic, not SMTP traffic, right?

    No, it is easy and cheap to get access to an ISP that is not blacklisted for sending e-mail. It is even still easy to get access to an ISP that does not use RBL. This will off course stop being the case when spam reach a level where unfiltered ISP's can no longer hold to their customers.
    My example, Above.net, is not an ISP. They are a Tier1 provider, which means that my ISP may not know the traffic is being filtered. They have zero control of what is filtered at peering points on fiber they don't own. Filtering at a mail server is one matter, filtering on the backbone is something else entirely.

    In a market economy, the RBL's represents the various cost benefit balances to the users between filtering out spam (benefit), and filtering out non-spam (cost). The fact that we have multiple of them, shows that the exact point of balance differers between various users.
    This is 100% true. I myself use the RBL on my sendmail server, but I'm not shoving my decision to filter down anyone elses throat. I will be very sad when the day arrives that I cannot get a mailbox at a service that doesn't filter for spam. Not because I necessarily want such a thing, but I want such a thing to exist.

    I administrate an open mailing list (bug reports and discussion). It is only because I have chosen to host it on a site which uses just about all the RBL's that I can keep the list open. I would hate to have taken that option away and being forced to close the list because someone decided that *they* know better than *me* what filters are appropriate for *my* list. Removing options and forcing people to close lists aren't protecting freedoms in my book.
    Wait a minute...you've been arguing for blackhole lists, but now you demand no one use one you don't approve of? Or are you merely demanding no one prevent you from using them?

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]
    Chemotherapy (none / 0) (#50)
    by Per Abrahamsen on Thu Mar 22, 2001 at 06:27:49 AM EST

    > You did notice I said all IP traffic,

    No, but that just make it more efficient in stopping the problems at the source. I think it is very beautiful of them to add filters which benefits the net as a whole on the long the long term, even if it hurt them (through their customers) at the short term. It is unselfish actions like this that make me think there really is hope for humanity.

    I'd try to reward such a ISP by giving them my orders if it was in my power to do so. If I felt they went to far, i.e. that the cure became worse than the disease, I'd go somewhere else.

    > My example, Above.net, is not an ISP. They are a Tier1 provider,

    Good, that just make it even more efficient.

    > Or are you merely demanding no one prevent you from using them?

    I demand that noone prevent me from using ISP's with efficient filters.



    [ Parent ]
    Thank God (none / 0) (#51)
    by Miniluv on Fri Mar 23, 2001 at 03:28:57 AM EST

    Thank god for redundant routing, so the net isn't run by fools like you.

    What would you do if that box being blocked was a colo gateway that you were behind? If someone else spammed and you got blackholed because of it, is that efficient and merit worthy?

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    More victims of spammers. (none / 0) (#52)
    by Per Abrahamsen on Fri Mar 23, 2001 at 05:35:18 AM EST

    > Thank god for redundant routing, so the net isn't run by fools like you.

    So we stop being polite now, mister spam apologist?

    > If someone else spammed and you got blackholed
    > because of it, is that efficient and merit
    > worthy?

    It has happened, that is more victims of spam. Usually this get resolved quickly, especially when everybody cooperates. However, as the spam rate increases, stronger and stronger measures will be necessary to keep the net useful. I doubt we have seen the end of it yet.

    This kind of accident is just one more reason that the law ought to make it possible to stop spam at the source.

    You are just blaming the victims.


    [ Parent ]
    Not the victims (none / 0) (#53)
    by Miniluv on Sat Mar 24, 2001 at 10:20:41 PM EST

    Nope, not blaming the victims at all. Nor am I an apologist for spammers. I am more than willing to attack people who wish to attempt to control the routing structure of the net to meet their individual agendas.

    As I said, thank god for redundant routing. In terms of blocking spam at the source, IPv6 will help a lot with that, in the fact that everyone will have a public IP, and it'll be so much easier to narrow filters down to reasonable levels.

    I think the MAPS RBL could be a useful tool, as it is they're working hard to make it useless. The anti-spam propaganda machine is beginning to resemble that of the anti-hemp world here in the US, and that really bothers me. There isn't a single issue on the net more polarizing than spam, and nothing turns otherwise intelligent people into gibbering idiots faster than bringing up spam filtering.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    Calculations (none / 0) (#48)
    by Ceebs on Wed Mar 21, 2001 at 12:58:15 PM EST

    So lets take your hypothetical 8 spam's per day.and your notional size of 10 K per piece that adds up to 80k per user per day

    In the UK if you havent got anything above a 56K modem you'll be strugling to pull down more than about 5k per second in real world usage so that's about 16 seconds per day in transfer time. Over the space of a year that adds up to roughly 1 hour 40 minutes. this works out at 4 pounds per year in transport costs alone (six dolars). A medium size ISP in transatlantic costs is going to find itself out of pocket to the tune of roughly 5000 pounds(7500 dolars) over the course of a single year. Why should the ISP's pay this money out? Of course they aren't going to. they are going to pass these costs onto the punter and your ISP's services are going to cost you more. I don't see whythe internet exists to make money for leeches.

    Next the time of the user. If we assume a rather less generous 20 dollars an hour then the average user will probably spend between a minute to three minutes a day clearing those email's out. every now and then you get one that either irritates you to the point of complaint or ammazes you that people might fall for this. these push that time up. You just cant delete everything that turns up on sight. so this works out at somewhere in the region of about 15 hours per year I reckon that at roughly 300 dollars a year.
    An employer will cost an employees time at roughly double the employees wage cost so in a 500 person company you're looking at a cost of 300,000 dollars per year, just to deal with other peoples junk. On another tack, I've worked in places wherethe network has been offline for two days before whilst we were being bombarded with spam That is the sort of situation that can easily cripple an entire organisation.

    [ Parent ]
    spam cost (none / 0) (#24)
    by delmoi on Sun Mar 18, 2001 at 04:02:04 PM EST

    No, Spam doesn't really cost me anything other then a little amount of time. And the fact that the amount of time I actually have to take dealing with it is a testament to the tireless efforts of the Spam-fighters out there. The fact is, if they could, spammers would be sending you thousands of messages a day. It isn't going to cost you anything as far as computational/bandwidth costs go, but you'd never even be able to find your mail

    And on the other side, the side of the service provider, Spam really can eat up bandwidth. It might seem to you that you have 'unlimited' bandwidth, when looking at monthly or daily scale, but it isn't really; it's limited by the physical capacity of the wire. Remember each message takes up its own block of bandwidth. If you're going to send out a hundred million messages, each at 10k, that's a gig of bandwidth. Now, imagine if thousands of people were trying this to...

    It really seems to me that the reason we don't have so much trouble with Spam nowadays is because of all the filtering and blocking, and especially open-relay disabling, going on out there.
    --
    "'argumentation' is not a word, idiot." -- thelizman
    [ Parent ]
    Bandwidth efficiency (none / 0) (#27)
    by Miniluv on Sun Mar 18, 2001 at 09:55:18 PM EST

    Alright, you really misrepresented the bandwidth situation. Here's how email actually works:
    I send 10K emails, representing 5K different domains. That means my bandwidth is cut in half, and that's not an unreasonable proposition. Then, consider that AOL represents over 2 million active email addresses, more than any other North American ISP. It would be fair to assume that 20% or so of my traffic could head their way. Email servers aren't so stupid as to send each email in it's own connection, or at least they don't have to be. Instead they can send the message once and address it to a virtually unlimited number of recipients.
    Now you see why the high volume of spam already on the net isn't choking ISPs down anywhere nearly as bad as you would expect from your statements.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]
    Spammed to death, November 15th, 2000. (none / 0) (#26)
    by Scullywag on Sun Mar 18, 2001 at 07:22:24 PM EST

    So, if spam costs me nothing more than my time, why is it such a big deal to people?
    You obviously don't receive much spam. Neither do I. My friend does. 700 a day. Every day. No he doesn't pay for bandwidth or volume on his unlimited dialup. He just pays with his time. So much time that he had none left to run his business.

    You can read his story here: bestprac.com/about.htm

    [ Parent ]

    Why I don't receive much spam (none / 0) (#29)
    by Miniluv on Sun Mar 18, 2001 at 10:04:23 PM EST

    I don't sign up for much on the net with my real email address. When I make purchases I use spamtrap email addresses, and I go to the same retailers on a regular basis so I don't have to put any work into maintaining these traps.

    The interesting thing though, is that I frequent pay-for-porn websites. These are, in my experience, usually regarded as the ultimate bastions for how to get spammed. I receive a minute quantity of spam, usually less than 10 pieces per day. This is compared with 200+ legitimate emails a day from the mailing lists I'm a member of.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]

    Small costs that add up... (4.50 / 2) (#32)
    by darthaggie on Mon Mar 19, 2001 at 09:49:59 AM EST

    I would say that over 80% of the population here at K5 has unlimited bandwidth connections. They do not pay their ISP a per-email surcharge, nor do they pay by the packet in any form. Thus, spam costs them nothing,

    In a word: bullshit. The bandwidth costs somebody somewhere something. That the charges are hidden does not make stealing any more acceptable than walking out of a bank with $10,000 that isn't your own. IIRC, AOL estimates that 20% of their monthly fee is spent to deal spam, be it bandwidth charges, or additonal servers to handle the extra load.

    You do the math: $5/month/user * 20 million users. No, no cost there...

    except a little bit of time.

    Oh, and my time isn't valuable?

    Spam is, as everyone knows, the Internet equivalent of junk mail through the postal system local to your jurisdiction. Direct mail is, in the US, a huge industry. Companies such as RR Donnelley and Sons print tens of millions of pieces of direct mail each year, and pay the USPS millions of dollars in postage.

    The key word here, mon ami, is "millions of dollars of postage". The direct mail folks pay for the privilege to send you mail. In the USA, you get a direct benefit as those millions help subsidize the cost of a first class letter.

    The average chicken boning spammer doesn't pay jack, tries to hide the true origin of the spam run, and will cheerfully relay rape any open relays that can be found. A theif is a theif, even if he/she is a petty theif.


    I am BOFH. Resistance is futile. Your network will be assimilated.
    [ Parent ]

    Illuminate me (none / 0) (#39)
    by Miniluv on Mon Mar 19, 2001 at 11:44:50 PM EST

    In a word: bullshit. The bandwidth costs somebody somewhere something.
    Explain then why ISP charges have been trending downwards for the last 5 years. Explain why unlimited connections have supplanted fixed use accounts. Explain how NetZero manages to stay in business.

    "Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
    [ Parent ]
    Re: Illuminate me (none / 0) (#43)
    by PurpleBob on Tue Mar 20, 2001 at 11:44:22 AM EST

    Explain then why ISP charges have been trending downwards for the last 5 years.

    Because the technology is more available. That doesn't mean they couldn't be even cheaper. Also note that charges for ISPs using current, broadband technology are relatively high.

    Explain why unlimited connections have supplanted fixed use accounts.

    Because customers don't like to feel that they're "running up the clock". That's a much bigger factor than (your supposed lack of) costs for spam.

    Explain how NetZero manages to stay in business.

    They don't. Free ISPs are bombing left and right, and NetZero isn't exactly turning huge profits.

    [ Parent ]

    I agree with him, 100%. (3.66 / 3) (#23)
    by mindstrm on Sun Mar 18, 2001 at 12:29:51 PM EST

    And for basically the reasons he says.

    The one thing I will say is, if his contract with the ISP says 'no open relays', then the ISP should cut him off, NOT filter him. ISP's should *NOT FILTER, EVER*. From their point of view, if he is 'spamming' (ie: his mail server is being used to spam), then he should be held responsible, however, it's not an excuse to block him.

    In short, ISP's should NOT force you to use their mail server.


    I got burned by this (4.00 / 1) (#36)
    by spacejack on Mon Mar 19, 2001 at 04:58:50 PM EST

    I waited till I found out what was going on before posting this.

    Anyways, this is very annoying. One of my main clients uses Verio and I didn't know why the hell they weren't getting my email. Turns out some user of my ISP spammed Verio. So now I have to use a fallback mail account to communicate with him. Furthermore, I can't communicate via my favoured mail account with anyone on a Verio account :/

    This totally blows. Neither of us have anything to do with the spammer. In fact, my ISP has spamguards in place (I need to check my email within 15 min. before sending). So it's not an anonymous spammer using their mail servers.

    How can this be avoided? Who fucked up here?

    PS. sorry my language is probably very imprecise here, I'm not sure of all the proper terms for this stuff :)

    PPS. My ISP is switching networks next week so this problem should just "go away".. until another one of their clients decides to spam somebody I guess...

    EFF's Gilmore protests that Verio's closed email relay policy is "Censorship" | 53 comments (51 topical, 2 editorial, 0 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!