Slashdot Mirror
MAPS RBL Is Now Censorware (Updated)
Media3 has had six of its ClassCs added to the RBL: one in June, and five in November. These 1500 IP numbers are now cut off entirely from the rest of the Internet for any Internet provider who subscribes to the RBL (more on this later).
But making these 1500 IP numbers vanish from the net -- which is exactly what happens for any provider who subscribes to the RBL -- does not stop any spam from getting through. They are not blocked because those servers are sending unsolicited email, or any kind of e-mail for that matter.
Media3's service agreement is more-or-less the same as all responsible, anti-spam providers:
"M3 does not permit the transmission of unsolicited e-mail... Subsequent violations will result in suspension and/or termination of the account without refund of service fees..."
And MAPS does not even allege that a single piece of spam has been sent from any of these 1500 IP numbers. As their press release says:
"Media3 refused to require their Web-hosting customers to stop advertising their Web sites by using unsolicited commercial email..."
Even this fact is in dispute. I spoke with Joe Hayes at Media3, and he told me that the company does not tolerate Web sites which promote themselves through spam.
You can check the RBL evidence file yourself. When a MAPS representative spoke with Joe back in June, he told him that he needed to, not tighten up his sendmail rules, but "terminate the Samco [Web] sites and rewrite his AUP to prohibit the hosting of spamware."
Spamware? Yes. Media3 does host Web sites which sell software that sends bulk e-mail and harvests e-mail addresses. Take a look at MarketingMasters.com. Their IP number is 209.211.253.74, which is in the Media3 ClassC which was blocked in June. You can look them up on the RBL at http://mail-abuse.org/cgi-bin/ lookup?209.211.253.74.
Again, the blocking of that IP number, their Web site, does not stop a single piece of spam from being sent or received. What it does do is punish the folks at MarketingMasters, whose Web site can't be seen by RBL subscribers.
The problem is that MAPS has put every 209.211.253.x IP number on their list. For example, if you look up 209.211.253.169, you'll see exactly the same message and same rationale.
And 209.211.253.169 is not a spam Web site. It's otherwise known as Peacefire.org, a group of young people who are advocates of free speech rights for teenagers, and -- irony alert -- longtime opponents of censorware.
In fact, if you visit their Web site you'll see many reports about how censorware blocks the good as well as the bad. Their latest, "Amnesty Intercepted," shows that sites like Amnesty International Israel and the American Kurdish Information Network are blacklisted as pornographic by overzealous censorware.
Kind of like Peacefire -- and over a thousand other sites -- are blacklisted by MAPS.
Let's be clear about what censorware does. It does not by itself block content. It "only" rates that content as unacceptable for viewing, and it is up to someone -- your parents? your teacher? your ISP? -- to apply its rules to prevent you from seeing that content.
I don't like spam any more than the next person. But I also don't like censorship, and I take a content-neutral view of these things. If someone delivers a product to be used by Alice to block Bob from seeing website because she doesn't like its content, that product is censorware.
And if that product capriciously, unfairly, and deliberately blocks innocent Web sites, then it's not very good censorware.
In this case, the "bad" Web site sells software which could be used to spam. Frankly, compared to Nazi propaganda or bomb-making instructions, it's pretty tame. But that's not important. Standing up for speech I agree with is easy, everybody does it. If you want freedom, you have to stand up for speech you disagree with.
At least with programs like CyberPatrol, SurfWatch, and Net Nanny, when overblocking mistakes are pointed out, they are corrected. But as MAPS admits in its press release and evidence files, the intent here is not to block the actual Web sites (after all, people who want to buy the software will find a way to buy it).
No, the intent is to get the ISP in question to play ball. The fact that a thousand innocent Web sites are censored is, as far as I can tell, irrelevant.
I don't see much difference between this and any other censorware. One difference is that few other censorware packages are actually free. Another is that fewer are so obviously wielding their power as a retaliatory weapon.
And, there's also the fact that the RBL is used by a backbone provider, AboveNet, whose CTO also happens to be a co-founder of MAPS. Peacefire had no idea that it was being censored until it heard from confused would-be readers. At least with traditional censorware, if your connection to a website is blocked, you have some idea of why. Peacefire's readers naturally had no idea whether their packets were traveling over AboveNet's network, and only knew that their connections were being rejected.
(I contacted Paul Vixie to ask about AboveNet and how it uses the RBL, but he refused comment, sending me to AboveNet PR, who didn't get back to me by deadline time.)
Vixie claimed in 1998 that "MAPS volunteers always contact the owner of a site before it's blacklisted." I'm guessing none of the 1,500 blocked Web sites were contacted.
But then, MAPS also advises Web providers:
"If you host Web sites, we suggest that you use one IP per domain so that if spam occurs for one Web site, we don't have to blackhole you or your other customers to block access to the spamming site."
That's exactly what Media3 does -- and exactly what MAPS did.
Oh, and one more difference. The RBL is more successful than any other censorware package. According to Upside, 20,000 companies that control 40% of all e-mail accounts (and, quite possibly, Web sites); that's up from what ZDNet said in 1998, 2000 ISPs that control 30% of Internet destinations.
I can't find much to argue with in Joe Hayes's summary:
"They [MAPS] are blocking very good educational sites, nonprofit organizations, in their attempts to get us to adopt their definitions in their entirety. They've made no bones about hurting people and while Media3 maintains a policy of not allowing unsolicited e-mails, we do not see completely eye-to-eye on MAPS's definitions because they become very encompassing and very broad. While they have a good tool, and I commend them for their efforts to contain e-mail abuse, they're a good thing gone bad and they have basically become the abuser."
And here's a heavily abridged list of the sites that cannot be accessed via AboveNet, or any of the other providers who use the RBL -- just a few of the sites on just one blacklisted ClassC:
- FulfilledLives.com, "the place for women and girls," about spirituality and relationships.
- DesktopHeaven.com, Windows themes, screensavers, wallpaper.
- TownOfCary.org, the official website for the town of Cary, North Carolina.
- StudioZito.com, yet another Web site-designer.
- Crossalizer.de, a music site which points out (in German) that it's a victim of an anti-spam initiative, and thus has moved to Crossalizer.com.
- StrikeMore.com, bowling tips and schedules.
- NewTechWellness.com: "The total balance of wholeness and wellness within the areas of Mind, Body, Family, Society, and Finances in our lives is our goal," OK, whatever.
- ElaineCoffman.com
and DianaPalmer.com
-- both are authors of romance novels.
And finally, - CraftersCommunity.com. "If you are looking for a fun and easy recipe to do with the kids, try these deliciously simple Winter Cookie Pops."
Update, something like an hour later: If you're planning to e-mail me or post a comment saying I don't know what I'm talking about because the RBL only blocks mail traffic, please take a moment to read this 1997 interview. Excerpt:
SunWorld: How do you defend your policy of Blackholing Web services that host spammers' Web sites -- even if the spam itself isn't going through their service?
Vixie: This is the most controversial thing we do because it's censorship of something that isn't spam. It's me saying to some Web provider, because you are renting space to this person [a spammer] who is doing something completely legal, I am going to Blackhole your butt.
For more on the Border Gateway Protocol implementation of the RBL, see this page (thanks to jeffg for the link); for a description of how it drops all packets to blackholed sites, see this message.
Also, Bennett Haselton of Peacefire reports, at 10:58 PM EST:
I just telnetted in to www.peacefire.org and was able to do "ping www.above.net" and "ping home.cnet.com" and "ping www.infoworld.com" despite the fact that that traceroute on all of these sites shows that they are hooked up via above.net.
Peacefire's IP address is still on the RBL, so it looks like AboveNet has, for the time being, temporarily stopped blocking their users from accessing sites on the RBL.
This means that either:
(1) AboveNet has realized the errors of their ways, and is trying to correct them.
(2) AboveNet is trying to cover up the fact that they ever censored their users' Internet access, and they are temporarily opening up the gateway so that people on AboveNet will be able to access Peacefire and will think it is all a hoax.
Now, spamming software is sick messed up crap, but if we subscribe to maps, then are we as bad as Jack Valenti and his pals in the entertainment industry?
Chris DiBona
VA Linux Systems
--
Grant Chair, Linux Int.
Pres, SVLUG
Co-Editor, Open Sources
Open Source Program Manager, Google, Inc.
There are three ways that RBL may be used, listed at this address:
http://mail-abuse.org/rbl/usage.html
ONLY ONE OF THE USAGE METHODS results in blackholing all ip traffic, that is the Subscription via BGP. This option is only available to larger networks with routers which have an ASN (see whatis.com if you don't know what an ASN is.)
I know of very very few networks which use RBL in this manner. There must be a few, but it seems like a pain in the ass, and there are negative effects of doing it, as indicated on the RBL description of the service.
Anyone choosing to implement such an esoteric blackholing system for all ip traffic from RBL-listed hosts is likely FULLY AWARE that they will be dropping some hosts, and must consider that an acceptable risk. If you are a client of such an organization, and don't buy into that, then leave. My guess would be that most that have successful implementations of BGP RBL subscription had buy-in from their clients before they set it up.
My guess is that 95% or more of RBL subscribers use the "Direct usage via DNS lookup by mailserver" method of applying RBL blocking. This method has ZERO IMPACT on http, ftp, dns, ICMP, or any other type of traffic other than SMTP.
This Slashdot article was written by someone who does not understand the nature of the Internet and the RBL on a detailed level, and who is obviously dipping into conspiracy theories a bit... his little diatribe on above.net sounds like the manifesto of a lunatic. To the author: Get over it, sir. You don't understand the technology, and you don't understand the decisions made by ISPs who implement the RBL. I wish you well in your career, but this isn't going to be the ground-breaking story you thought it was. Feel free to write me if you'd like to speak to me further.
Sincerely,
~Acheron
There are many forms of the MAPS RBL subscription.
One form that appeals to some network providers is the MAPS RBL Subscription via Multihop eBGP4 . This subscription option involves configuration within border routers of a subscribing network provider. Any traffic that passes through a router configured to peer with the MAPS RBL feed will null-route packets destined for any host or network listed in the MAPS RBL. This includes ALL internet protocol traffic -- not just mail.
If a network or host is listed in the MAPS RBL, and a router between you and that host or network is configured to use the MAPS RBL BGP feed, you will be unable to browse a website located there, you will be unable to ftp to them, and yes, you will be unable to send them mail. And they will be unable to send you mail, or browse your web site. Again, any traffic passing through a router configured in this way that is destined for an IP in the MAPS RBL will be null-routed -- for all intents and purposes, dropped on the floor.
Asymmetric routing and inadequate coverage on the border can be a noted hole, but in cases such as these, the MAPS RBL BGP feed isn't really working anyways.
It happens that if you write me and I'm not at home, I get your mail via Palm VII wirelessly. Whoever you are. Even if I've never heard of you. And sometimes, that matters to people.
Spam really is a problem on the Palm, because it takes time to download it, there's only 2MB RAM so there's no space for it, and so on.
So, I want to filter spam, and I want to deter spammers because deterrence is more effective than a filter. The RBL has been a positive force for me, it's kept the S/N to the point that I can read your mail.
Thanks
Bruce
Bruce Perens.
Censorship is something that can only be conducted by the government. Private organizations such as ISP's or MAPS can choose to carry or not carry whatever they like.
It's not quite that simple, though. Common carriers, although private organizations, don't have the choice to carry or not carry based on content. Now a local dialup provider is hardly a common carrier, but I would say that a tier one provider really should be a common carrier. After all, a local dialup in Peoria can't reach Bangladesh without crossing some backbone provider's network.
itachi
Just a correction, according to spamhaus media3 is hosting not 1 but 21 spam sites, the largest on the list, and considering media3 is a grand total of a few class C networks, thats a pretty high percentage of their customers being spammers. My understanding is that it's a similar situation to the AGIS thing awhile ago. media3 won't cancel sites who spam using other accounts to advertise a site on media3. Because media3 won't wipe out these sites it's become quite a spammer's haven.
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
That couldn't be further from the truth. What's happening is that I decide that someone else has sufficiently similar opinions to mine about what I don't want to see, and ask them to do it for me. That's not censorship, it's outsourcing. Well, I guess you could always call it "self-censorship by proxy" or something equally convoluted.
Now if the RBL isn't what it advertises to be, that's a different question. But that wouldn't be censorship either, it'd be false advertising.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Now, what can we do to end the spam?
No, you follow the money: the spammer makes his money when morons go to the web site and by the spamware. Kill the web site, kill the cash flow, kill the spammer's business.
Now, places like Media3 will say "But we aren't spamming!" No, but they are giving aid and comfort to the enemy. So, what do you do to get Media3 to close down the spammer?
Follow the money
You make it unprofitable for Media3 to host the spammer. You do this by driving business away from Media3. You do that by blackholing enough of their customers that Media3 says "We are losing money doing this. Let's not do this anymore!"
Rememer Spamford Wallace, the uberspammer? Ageis communications was providing cyberpromotions.com with bandwidth, and by God they weren't going to stop. Then they got blackholed, and many of their customers left. Faced with losing money, they dropped Spamford like a hot rock.
Remember: follow the money. It's always about the money. If somebody says it's not about the money, it's about the money.
I say, "GO MAPS GO!"
www.eFax.com are spammers
(1) If you're a bulk provider, with hundreds of web sites, it isn't even worth batting an eye to keep hosting a spam software provider. If they wanted to follow the money, they may refuse to remove them, but they certainly wouldn't defend them when MAPS came knocking. MAPS scares providers.
(2) How much is enough? Should MAPS block every single IP address that the provider has, just to force them to stop hosting the software seller? How many innocent sites have to be taken down in the name of shutting down the spammers? And do you really think people looking for spamming software won't be able to find it because you shut this down? When these software sellers move, should we shut down a thousand more? Will you feel the same when its YOU?
(3) No one ever stops to think how insidiously powerful MAPS has grown. As their filters have become useful, it has gone far beyond good sysadmins using them to protect their users -- it has gone corporate, with millions of addresses obeying the filters MAPS dishes out. What happens when it is abused?
Think that won't happen? Wrong, it already has. MAPS blocked 209.211.253/24, because it hurt a lot more than just blocking 209.211.253.68-89, or even 209.211.253.64/27. I shouldn't need to repeat it, Jamie made a great point: Paul Vixie said MAPS contacts all blocked websites before blocking them. Ah, but that must date back to before MAPS was so powerful, such an icon of internet protection, with supporters lining up to buy them lawyers.
(4) MAPS is tied far too closely with AboveNet. The fact that Vixie was an Abovenet VP (who knows what he is with Metromedia, who bought Abovenet), should absolutely chill people. There's something absolutely creepy about the power to block email to 40% of addresses being thus controlled. I'm sure the small-time sysadmins would remove MAPS configs from sendmail if it were abused -- but would corporations be so quick to follow? With change control procedures, possibly even total apathy?
At this point, a lot of these points have been intentionally sensationalized to provoke a bit of thought. I think that MAPS has just selected an overbroad block to filter this time -- and I agree with filtering spam software sales. You support spam, down you go. But I also think that the cheerleading, here and elsewhere, and the lack of concern over the fact that MAPS has run roughshod over so many innocent sites, shows that people have a tendency to follow net luminaries far too blindly. If you're going to run MAPS filters, then you're handing that project power. Best keep an eye on that, if you don't want to contribute to the abuse of that power.
Fine, lynch 'em. Tar and feather! The bastards deserve it!
In fact, bust down the doors of all their neighbors, yank those folks off their couchs and their kids away from their game consoles, and lynch them too.
They're living in same appartment complex (Class C IP address range), so let's crucify everyone in the surrounding area, so that the apt complex managers who tolerated the porographers will lose money and noone will move back in.
PJRC: Electronic Projects, 8051 Microcontroller Tools
RBL blocking 2 out of 900 spams is pretty bad.
. gz
D ME
:)
A friend and I wrote a neural net spam filter using the UCI Machine Learning Database (on spam), that gets 90-95% accuracy on classifying a message as a spam or not-spam. It's integrated with the mail delivery system via procmail, so you can set it up to deliver all Good mails to one mailbox and Spam mails to another.
It is available (free + open source) at:
http://www-cse.ucsd.edu/~wkerney/spamfilter.tar
The README is at:
http://www-cse.ucsd.edu/~wkerney/spamfilter.REA
For Solarius/Linux only, Windows users need not apply. The system works pretty darn well for a simple neural net, and can be greatly improved, so if anyone is interested in modifying our code, drop us a line!
William Kerney
UCSD
In this case, the "bad" website sells software which could be used to spam.
Sendmail could be used to spam. This website sells software that is DESIGNED to extract email addresses and then stealth email them, most likely through hijacked mail servers with forged headers and from addresses.
What I don't get is why Media3 isn't happy to change their AUP and dump the site. Afterall, the bulk email software is probably being used against Media3's own mail servers by spammers using the software. Kinda like a gun shop selling a gun to a guy who tells them he's going to rob the gun store with it.
Portable versions of Firefox, GIMP, LibreOffice, etc
Keeping