Slashdot Mirror
MAPS and Experian Settle Lawsuit
dbrower writes: "Experian is trumpeting a settlement with MAPS here, where MAPS agreed not to blackhole them without a court order, and agreed that Experian didn't need to do opt-in. Looks like a loss to me."
← Back to Stories (view on slashdot.org)
Let there be no question about it. This is a victory for spammers. I hope MAPS elects to keep a list of companies which they are unable to block through their service. Then I could grok the list and be happy once again.
--CTH
--Got Lists? | Top 95 Star Wars Line
...And spamming is the worst type of pollution; they make you pay for the sludge with your connectivity, time, and frustration.
It would be interesting to know why MAPS decided to cave in. Perhaps a Slashdot interview is in order?
I'd like to see MAPS publish a list of IPs it's forbidden to add to its main blocklist, so that we could manually add them to our MAPS config.
Schwab
Editor, A1-AAA AmeriCaptions
Do not misunderstand, I am no sympathizer of the spammers. I do not think what they do warrants first ammendmend protection. However, I do not think that MAPS arbitrarily black holing companies who it cannot strong arm with threats really deserves our respect anymore.
A good idea gone awry.
Cheers,
- RLJ
They said that they don't have to use a double opt-in. In other words, no confirmation step of the opt-in.
MAPS only maintains a database that provides information to others, who seek that information.
That database expresses an opinion: in the opinion of MAPS, the networks listed in the database are suspected of passing through or generating spam.
Shouldn't this be protected by the First Amendment?
Making this settlement goes against all their principles, so Experian must have made them afraid for their very existence with this.
As noted, unless the agreement is very broad, they can certainly name on their web site the companies they have been compelled not to block, and people configuring their own mail filters could decide case by case whether to include them.
However, if they made an automated list, effectively an alternate blacklist, I could see a court saying they were violating the spirit of the agreement, unless they wrote it carefully to allow them to do this.
However, oddly enough, it could be to experian's detriment to have it happen manually. If site admins manually put in blocking for their domains, it will be almost impossible for them to get that blocking removed except over a very long period of time, since each admin would have to manually reconfig.
Of course, they could change the IP address and domain they send mail from to get around that. Somebody (not MAPS) could provide a service that simply lists mail sending IP addresses used by experian, no other comment made.
Has it been over a year since you last donated to the Electronic Frontier Foundation
Think about what happens if someone else subscribes you to a mailing list with a high volume. Single opt-in means your mailbox starts getting filled up with mail without giving you any chance to avoid it. Do you really want to enable people to kill your e-mail easily by just signing you up for a few dozen multi-megabyte-per-day single-opt-in mailing lists?
"In addition, neither Experian eMarketing nor its clients will be required to employ the practice of double opt-in (process by which a consumer must reaffirm their permission before they are added to an e-mail list) demanded by MAPS in November 2000." This is just amazing. They shut down napster while they still allow Experian to continue SPAMing. Is this really the internet we all want??? Will this be the kind of legislation we will be seing over the net??
Well, experian.com just made it in to my access.db, along with everyone else who's sued maps in the past. Do they have any mail servers outside that domain, anyone know?
Here's a list of some other companies not understanding what MAPS is and trying to stop them with bogus lawsuits. I hope they don't accidently wind up in your access.db (or whatever your MTA uses).
yesmail.com
harrisinteractive.com
blackice.com
media3.com
247media.com
experian.com
exactis.com
liveprayer.com <--- accused MAPS of being an agent of Satan
To block these in sendmail, use the 550 5.7.1 error code in your access.db file, like so:
yesmail.com <tab> 550 5.7.1 Spammer suing MAPS.
If I don't sign up for a mailing list, I should not suffer hundreds and hundreds of spam from it.
If I signed you up to 100 such mailing lists, would you rather get 100 verification mails that you could just delete, or 10,000 mails from the mailing lists that you'd have to unsubscribe from manually?
The idea of double opt-in isn't designed to make people's lives inconvenient - all it needs is a quick reply. It's pretty easy, I do it all the time. You can even do it from a different e-mail address. However, it does protect those who suffer from massive mailbombing.
Do you really want to enable people to kill your e-mail easily by just signing you up for a few dozen multi-megabyte-per-day single-opt-in mailing lists?
Fine, if these theoretical multi-megabyte-per-day mailing lists are being abused in that way, then they can choose to be a double opt-in. But insisting that every mailing list in the world be a double opt-in or they get blacklisted is radical and absurd. That's when I start yelling "Whoa!!!!" and saying the "freedom fighters" have started looking like the "oppressors".
Sometimes it's best to just let stupid people be stupid.
In the spirit of Karma Whoring :-)
Here's some history on this case. It features articles from various stages in the case. Has anyone found the text of the complaint or injunction? still looking...
--CTH
--Got Lists? | Top 95 Star Wars Line
I believe what they call "double opt-in", is this:
You punch in an email address at the webform.
Their system sends a confirmation email, with a token of some sort, to that address.
You reply, with said token, and the address is confirmed and added to the list.
It's not that hard, and it also allows you to get your ass off a list even if you don't send from that address any more - if you get the emails forwarded, it's all good.
Now, if MAPS was demanding something more (and I half expect they may have, it seems to me they've been constantly increasing their requirements), that's unreasonable. But simply verifying that the stated account really wants on the list isn't a huge deal, nor is it hard for the user - AND it pays off for the sending servers, as they spend less time spinning their wheels on bogus/broken addresses.
Experian is a company that sells crack by spamming millions of schoolchildren. MAPS (the Multidisciplinary Association for Psychedelic Studies) has refused to provide their drug-friendly mailing lists because they insist that crack is not a psychedelic drug. However, Experian threatened to take them to court with the argument that if they can include marijuana under their umbrella, then the definition is broad enough to include crack.
Wisely recognizing that both sides are better off not attracting the attention of the courts, MAPS has apparently backed down.
A loss indeed. You can expect many of your peaceful local potheads to become violent criminal crackheads any day now.
I hope this clears up any misconceptions you may have had from the shamefully vague top-level story. I'm a little fuzzy on some of the details myself, but as usual, trying a few likely domain names gave me access to the essentials.
The realistic problem is that if spammers could claim legitimacy by being single opt-in, they'd just claim they got your address when you (or someone else) requested you be added. What, you want to be removed from their list? Sure no problem... *wink* *wink*
Double opt-in is the only method that lets YOU as the user have a real way of saying yes or no and holding onto your own email address. Honestly, meaningful opt-in doesn't even start before double opt-in. And single opt-in can be WORSE than opt-out because of the pretended compliance scenario cited in the first paragraph.
"We are very pleased with the settlement agreement and believe it reflects the validation of Experian's e-mail marketing standards and that we remain at the forefront of consumer privacy and protection,'' said Tom Detmer president and general manager of Experian eMarketing Services. ``This settlement confirms that the privacy practices we have in place are responsible, accountable and in the best interests of the public and the marketplace. We will continue to offer the double opt-in solution for those clients who determine it is the right permissioning practice for their business."
well, since we will only be seeing more cases like this in the future as these spam-whores use the courts as a shield to protect themselves from MAPS and other public-service mail filtering tools, what are we going to do from here?
I for one would be quite interested in finding a listing of companies that have fought these charges in court and through miss-representing their datum and hiring bigger and better lawyer-weasels, have made themselves immune from public ban lists. Does anyone know of any existing services like this? I for one would be glad just to have a plain html listing of folks like Experian who have won in the courts to keep them selves off of RBLs and the like. I'd be even more keen on a nice XML page that I can parse with a quick script and have update my mail-server's ban lists. anyone want to make me a very happy admin? c'mon, please?
"If I wanted your input on my pet project, I'd stick my hand up your ass and use you like a sock-puppet." - Muse
Companies can't complain in this aspect, because it's like consumer reports, and that's protected free speech.
what? do you have any idea what you're talking about? obviously not.
look, MAPS by itself affects no one. It's the ADMINS that make MAPS work. an ADMIN must implement the blackhole list via DNS or sendmail for anything to happen.
don't you think that ADMINS know what's best for the network they control? you obviously know nothing about system administration, go crawl into a hole.
I use
- relays.ordb.org
- or.orbl.org
- inputs.orbz.org
- outputs.orbz.org
- spews.relays.osirusoft.com
to keep my inbox clean.Winning one battle doesn't win the war!
Reverend Keller of liveprayer.com is another enemy of our friends at MAPS. Apparently, you could sign anybody up to be on their e-mail list.
Donation address of liveprayer.com:
6660 46th AVE North
St.Petersburg, Florida 33709
For fun, read the letter he posted to brag about suckering a young girl out of her babysitting money, and getting her to work her family and friends for him. THIS is social engineering.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
What gives you the right to tell a sysadmin what they can and cannot block?
Because ISPs are lazy like everyone else. They will just trust that MAPS has not become corrupt.
Put it this way: do you think Experian should be able to publish anything they want about a person regardless of accuracy? After all, banks have the choice whether to use Experian or not.
This is actually pretty real world, because all three credit agencies suck when it comes to accuracy (which is not surprising when you have 150 million records). That's why they need government regulation because of the power they hold.
Believe me, I am very anti-government regulation, but blacklists of any kind are very apt to be abusive.
Sometimes it's best to just let stupid people be stupid.
But these people understand the concept of a "web page". If, instead, something like MAPS were based on a list of domain names found on web pages, I think people would have a much harder time "shutting it down". After all, it would be human readable speech, and if people mine that data for their E-mail programs, well, so be it.
MAPS' tactics appear no better than those sending the spam - All kinds of innocent sites have fallen off the internet for daring to be on the same IP block as somebody who sent spam.
Requiring a double opt in for mailing lists isn't exactly spam related now is it ? the subscription policy for an email list should be a matter for it's owner not for some third party to decide.
P.S. I did not get "flamebaited," I got modded down. Go ahead, mod this down, too. I'm not a karma whore.
If all this should have a reason, we would be the last to know.
Don't get me wrong, I'm no fan of SPAM, but given that MAPS and services like it, automatically blackhole email from dynamically served DNS entries, I am quite happy to see them sued, sued into oblivion even. MAPS decreases freedom on the net. I have a DSL connection through a local carrier who shall remain nameless. I run a web server on my connection, largely for family and friends. If I get a business connection where I can get a properly registered DNS entry, I have to pay twice as much for half the bandwidth. So I use dynamic DNS services. Thanks to MAPS its about impossible for me to send email directly from my server. Instead I am forced to use the email account of my service provider. (Ironically, I can send email from SPAM ridden web mail services any time I want.) I resent MAPS's heavy handed self righteous policing of the net, even more than I resent the bandwidth wasting spammers. I would rather delete some extra #$%^ and have freedom, than have somebody tell me what I can and can't do.
If I sign up for a mailing list, I should NOT have a bunch of nannys insisting that companies waste my time with another verification step.
... more likely, they can just add 1000's of known e-mails to the sign-up list.
Thus, "double-opt-in" is really just "single-opt-in". They've spun the words to mean something that they don't.
These are the only steps which prevent spammers from mass-subscribing you to a mailing list that you don't want to be a part of. Think of it this way. I have a product. I pay a marketing firm $1.00 for every person whom the marketing firm gets on the mailing list. They can do this *legitamately* and actually convince people to sign themselves up... or
The crossed off names are people who have been murdered since the list went up. Greyed out means they were only wounded.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
A non US company to start making a blackhole list.
If you were in a country that wasnt under direct US control you could basically have the entire staff moon a camera and respont to expierian's lawyers with the photo.
anyone in the former USSR care to start a global business?
Do not look at laser with remaining good eye.
All credit reporting companies are corrupt. at a last report I read was that the credit reporting agencies accuracy was 48% and there was a 63% chance that your credit report had 2 or more errors and a 48% chance of serious errors.
What moron at a bank would trust a data source as reliable as a pathological liar? yet it's done every day.
Add to this thet they love spamming and you see the credibility and quality of companies like experian. (Oh and the fact that anyone with about $500.00 can have their credit report legally wiped (for the most part) really adds to the trustworthyness.)
Do not look at laser with remaining good eye.
Translation:
and from the rest of the article:
As far as I read this, it seems that Experian is saying that it is illegal to even provide the option of opting out.
"This is a Hollywood movie: when it comes to the Laws of Physics, they're lucky if they get Gravity!" --- my wife
Some times blackholing can indeed be inappropriate. Above.net (which may be owned by MAPS, I don't remember and don't quote me on that) blackholed sites like macromedia.com and ORBS.
If all this should have a reason, we would be the last to know.
In addition to all the random female-depicting porn you're familiar with, I get aluminum market newsletters, British SMS-music-info-service announcements, and some very tasteful Swedish news mailings. Oh, and for a while nop@nop.com was listed as the contact address for a gay personals service ad in Portugal. The letters I got were very sweet, but my wife still thought it was funny...
My favorite is when people buy unlock codes for commercial software, giving my email address. I've got a whole folder full of registration codes that I didn't pay for and will never use....
Oh right, back to opt-in. So here's what's going on.
- When spammers say "opt-in" they mean that at least somebody typed an email address into a web page somewhere.
- When spammers say "double opt-in" they mean the horrible, onerous, business-destroying requirement to confirm that the person receiving mail at an email address wants to receive their mail. Anti-spammers prefer to call this "verified opt-in", and I like that term better, but it doesn't matter what you call it.
So when somebody types nop@nop.com into the signup for Goatmail (intentionally goating me or not), a verified opt-in system sends nop@nop.com a message saying "hi! hit reply to this message to confirm and enter the wonderful world of goats!" With non-opt-in systems, I'm in Goatland without any further delay. Sort of like when my "friends" sent all the "I'm interested!" postal reply cards to the Navy recruiters AND the dental post-doc programs with my address on them. Took years to get rid of them.But I digress again. Here's the summary:
- Unverified opt-in means someone wishes for an email address to receive spam.
- Verified opt-in means the recipient of mail sent to an address wants spam.
That clear things up?If all this should have a reason, we would be the last to know.
If all this should have a reason, we would be the last to know.
The term entered debate when Congress invited representatives of the DMA and MAPS to address a panel. It's been relentlessly pushed by the PR flacks and looks like it might be taking hold in the technical world as cybersquatting did. (Another spin term foisted into use by relentless marketing from the IP lobby.)
The spinless and more acurate term is "opt in with confirmation." It doesn't include the false and spin-driven connotation that people have to sign up twice and it accurately describes what MAPS considers ideal.
The DMA doesn't like "opt in with confirmation" because it polls much more favorably than "double opt-in" and they'd rather people used terms that favored their side of the debate.
It's no crime. Maybe MAPS's strategy is bad, as if my ISP allows spammers to operate, those with MAPS-using ISPs won't get my mail.
If I make a list of spammers (according to my own definition) and post it on the web, and you decide to hunt them down and kill them, does that make me an accessory to murder? I hope not.
I should still be OK if I post the list and say "somebody oughta kill these f&ckers". Jim Bell's case might have proved me wrong on this one, I forget the details
I think this reselling of names can be worse than no double opt-in. I know the big companies won't allow this (by buying politicians and lobbyists) on the grounds that thair ill-gotten lists are thair property and can do with it what they wish. I know it would be hard to keep a list of the companies that do this, but I think MAPS should consider upgrading thair service to include several lists that offer variable amounts of protection to ISP admins. Like one list with KNOWN spamers, one with ALLEGED smamers, one with PROVED non-spamers, and one that would be managed by users, kind of like how moderation and meta-moderation works here on
All the ISPs that subscribe gave them authority, that's who. That's not nobody.
Oh, you vigilantes are so cute when you're mad.
At any point that I am walking down a public street, a salesman could approach me and launch right into a sales pitch. I can dodge around him, turn, say no, something like that...but it's still going to change my initial plan of walking uninhibited down the street.
Yes, spam sucks...but look at the examples you gave of how to ensure a spam-filled mailbox...all of those are like walking down the biggest public street in the world.
But more important than a reason people shouldn't get so incredibly pissed off over spam...the whole concept of black hole lists is just wrong. It's a "kill em all and let god sort em out!" solution. Why should the other users of an ISP with a handful (or even just one) bad user all be punished? They did nothing wrong. In most cases, there's no way they would know such a situation was possible. Use methods that don't punish the innocent, and you'll get a lot more support with stuff like this.
"That's Tron. He fights for the Users."
Has anyone stopped to read MAPS' press release? Here's an clip:
"Experian has committed to requiring their clients to provide them with lists which contain only those email addresses for which they have obtained the addressee's permission to send them email."
It appears that MAPS hasn't comprimised its values, it's just made them a little more reasonable. So what's the big deal?
Holy propaganda batman!
-Geoff
If the whitelist became popular enough, you could get people to pay for having their IPs listed. Say $1.00 for each IP address, perhaps with discounts for quantity. The fee would be dirt cheap compared to the cost of operating an email server, so I don't think anyone could complain. And since it's a real transaction, you can have an extremely strong contract that they can't sue you about. Literally can't sue: you could make their sole recourse be arbitration with an arbitrator and in a jurisdiction of your choice.
-- ;-)
Kuro5hin.org: where the good times never end.
Heck, I've always used my real email here, and on the usenet and my web page too. Yes the SPAM is annoying. I wish there was a Windows Client Side software that would tap into the RBL/ORBS etc
As it is, I deal with the 20 or so pieces of spam I get every day with the delete key
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
No contact email address is given. Hmm. Maybe because they don't want to get signed up for all those single opt-in lists?
My ISP does not use MAPS and guess what? I am not flooded with spam. Not one bit. You do not need MAPS to avoid spam.
/. 4 months later, if you're not drowning in spam, then I'll apologize.
Oh really? I double-dog-dare you to go online, in chatrooms, read certain webpages and enter certain data, and have your email address unobscured on major websites like
Put another way, there are three explanations for your not getting spam without MAPS: Maybe they're just not spamming you. Maybe your ISP is using a non-MAPS blackhole list (gasb! they exist). Or MAYBE the spammers just ain't NOTICED you yet, monkey-boy. New ISP means new email address, duhh.
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
When I contacted MAPS about it to find out what happened and how to fix it, the bottom line was this: MAPS lied to me about what they did and how it worked.
My experience with them is that they're extremely honest, that they bend over backwards to avoid listing someone, and they'll remove you from their list at the first sign that you've done something to fix the problem. However, they're overworked, and occasionally make mistakes.
Generally innocent web sites only get blackholed when they're on the same netblock as a bunch of spammers. The idea is that blackholing each of the spammers' addresses is having no effect, so the host must be profiting from the spam: and MAPS blackholes the entire block to try to get the host to act more responsibly. If you happen to be innocent and in the same block, then you're obviously not going to be too happy about it, but you shouldn't have been dealing with sleazebag spam supporters.
I'd like to hear the details of what went wrong in your case. What did they tell you that was a lie?
Just because you're not taking the "kill em all" to the most extreme possible level does not make it any less wrong when used on a smaller scale. There is no way you can ever justify to me that it is right to punish completely innocent people for another's actions. Act against spammers...don't act against people who did nothing to you.
As to the choice issue...the reason I tend to speak out on the anti-spam blackhole stuff is not because of the effects on the technologically capable. What about those people who don't know enough to even ask their ISP if they use this sort of thing? The only way they'll ever hear about this sort of thing is when it negatively affects them. Great things that does for the image of the blackholes.
"That's Tron. He fights for the Users."
One thought. Now that MAPS is charging for access to their service, can someone paying for their services consider there to be a contract between MAPS and them wherein MAPS agrees to provide a list of IP addresses that meet it's definition of 'spammer'? If so, and Company A goes to court and prevents MAPS from listing their IP addresses even though they meet MAPS' definition, can RBL subscribers sue Company A for damages due to Company A's interference in MAPS' performance of it's duties under it's contract with them?
I'll tell you one more thing that's very simple. Experian has earned a very simple and very permanent REJECT entry in my Sendmail access lists. Simple.
I don't want to waste my energy retyping what I put into a previous post so I'm going to provide the link to it so you can go read it. In short I believe MAPS is well within their right to publish their opinion. It is well within my right to take their opinion for gospel. We are all entitled to our opinion.
DNS Blacklists aren't nearly abusive as my personal Sendmail access lists. Once a domains goes on it, there's no way off. I briefly investigate the spam. If an actual domain is associated with it, then that domain just earned a permanent REJECT entry. Simple really.
Rick Moen has a standard message for those who would sue MAPS. You see, MAPS actually wins by losing.
Time to update those DNS records and MTA rulesets, people.
My own last message to Experian:
What part of "gestalt" don't you understand?
They don't arbitrarily blackhole any companies.
They do keep a list of servers whose administrators that does not want to cooperate in the fight against spam for whatever reason.
It is up to the mail server administrators to decide whether they want to accept mail from those servers. That is a perfectly fair and honorable thing to do.
Why excatly do you think I should be denied the choice to refuse to accept mail from people who will not help fight the one thing that have made mail nearly useless to me?
And why exactly do you think that giving me that choise is as morally questionable as trying to force me to accept and pay for junk I don't want?
A local lender was offering this service, It is a national company that files request for removal on every item on your credit report Expierian cannot reposond with a yes or no within the alotted 30 days so therefore they haveto remove the mark on the credit report, at the same time this company submits positive credit reporting under one of the hundred DBA's the company holds.
It's leagal, and it takes advantage of expierian's inefficency along with the built in inefficency of the other 2 credit reporters.
BTW: your credit report can vary wildly between all 3 reporting agencies. someone with bad credit on one can get a loan by shopping with some social engineering to find a lender that uses a different reporting agency.
I had a friend that had horrible credit get his cleaned to almost pristine within 6 months. In 12 months he was getting offers for platinum cards because of the guarenteed positive reporting from the companies he hired.
Do not look at laser with remaining good eye.
The issuance of a TRO should not be taken as meaning *anything*. TRO's are issued as an emergency measure to maintain the status quo, and are issued without hearing on the requestof one party. They don't have any finding on the issues; they are just meant to prevent permanent damage pending a hearing on a temporary injunction (which is still not a full ruling on the merits) pending the final outcome of litigation.
hawk, esq.
The main issue I have with MAPS is that they make no distinction between companies/sites that produce software used for mass-emailing (which could be spamming, but could also be used to send out messages to an opt-in list), companies/sites that sell lists of email addresses, and actual SPAM sources. Instead, they use a broad brush and declare "These are all spammers". If they offered different classifications (and it wouldn't be hard - different IP addresses for different categories of offense), and allowed individual server administrators to choose how large a brush they wanted to use against spam, then I'd have less of a problem with them tracking also companies that produce bulk email software, since those companies would be blocked only by the system administrators that explicitly wished those sources to be blocked.
The whole MAPS vs ORBS thing has also made me conclude that both sides in that debate are not worthy of my support.
If you don't think MAPS is the solution, don't use it.
Don't deprive others of their right to use or not use such a list.
It is voluntary. I can guarantee that Experian will have a permanent home in my blacklist. If they ever spam me, I'll press harassment charges.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
How about measuring the effect of this?
Tracert or some other time measurement, and establish a baseline. Over the next week or so see what kind of increase there is. (This kind of networking problem is not my strong spot, so I hope someone can follow up on this)
Thanks
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Followed by:
OK, so following your own instructions, you will now "shut the fuck up" like the "sack of shit" that you are, right? Because your admitted refusal to post your real email address here puts you in the same boat with me, buddy.
"Either walk the walk or get the hell off my Internet."
If all this should have a reason, we would be the last to know.
If all this should have a reason, we would be the last to know.
Wrong. If my ISP is on the MAPS list, it's because MAPS claims they have an active spammer as one of their customers. MAPS does not offer proof of the spamming, they want proof of a negative -- that there is no spamming. How can an ISP prove that? Apparantly, my ISP could not provide convincing proof to MAPS. My ISP told me that the account in question was no longer active, but I only have their word on that, just as we only have MAPS's word that this account was used to spam once upon a time. Who should I believe? My ISP, who has been quite open and honest with me, or MAPS, who would not even talk to me at first (have you tried actually reaching a human being there?). I know you all believe MAPS, and I understand why. Please understand why I don't believe them.
If all this should have a reason, we would be the last to know.
Is a nuremburg files for spammers. I bet that would be a popular site.
Too bad the actual killing part is illegal.
"The only reason some people are alive is because its illegal to kill them."
(Heinlein? - sounds like a Lazarus Long witicism)
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
However, if a company wants to use single opt-in, that's their right. If the company maintains subscription lists, IP addresses and/or message headers of the people that subscribed (as we do), to prove WHO subscribed an e-mail address, that should be enough.
And if I and 100,000 other sysadmins want to blackhole your ass into oblivion, that's our right as well. As for suing Spamcop: Spamcop doesn't accuse you; users do. You DO know that actual people are submitting the spam to Spamcop, don't you? Or did you think they just have a script running that harasses people at random?
-Ryan, with the unoriginal sig
Yes, I know that sysadmins choose to use MAPS, but all their users don't. The collateral damage is substantial.
If you don't like the policies of your ISP, complain to them, or find a new one. Or setup your own server, get a dedicated IP and don't enable MAPS. Or get a free email address from Hotmail, Lord knows they don't care about blocking spam. You have plenty of options here; quit bitching and exercise them.
-Ryan, with the unoriginal sig
Anyone published a list of their IPs on Slashdot yet?
- Michael T. Babcock (Yes, I blog)
There are always two sides to a PR war. I was wondering why the MAPS URL wasn't in the original article...
Free Software: Like love, it grows best when given away.
Time for revenge.
Write to them and demand that they stop selling your credit info. (If you do this for all 3 credit bureaus, your credit card offer snail spam will disappear within 3 months. I only get them from my mortgage company occasionaly)
I don't know if you can demand that they delete all info from their database on you or not. What happens if everyone here tells them:
"You are hereby expressly prohibited from maintaining/dispensing any information about me to anyone for any purpose. If you violate this demand, you agree to pay the sum of $1000.00 US per incident. This agreement is not negotiable."
I don't know if you can force them to delete you from the database, but you can force them to stop selling your name and info.
Lets find out...
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Mitchell continued "By reaching this settlement both sides avoid the very real risks associated with going to trial. Furthermore, neither side can take any action against the other without the permission of the Court, and there are substantial penalties provided for a breach of the agreement. And, of course, we are still free to choose to accept or reject email from them on our own personal networks."
They used to say they wanted to get sued, so they could establish precedent that MAPS activities are legal. But they keep settling. What gives? This is not how to establish precedent.
Edith Keeler Must Die
You don't get it. Why should that list use double opt-in? They're a list being run by someone like Experian who says "You did opt in. See, here's the request from you to be added.". You didn't send that request, but that's beside the point for them, they've got the request.
So the malicious person who decided to get you's happy, you're getting spammed. The list operator's happy, he's got a new target free and clear. The only one who suffers is you, as legitimate e-mail to you goes into the bit bucket because the lists have filled up your mailbox with mail you didn't ask to get.
I think you fail to appreciate the fact that, were it not for the tireless work of the anti-spammers, the Internet would be saturated with spam. I mean that literally. Even if your "secret" email account didn't get any spam, you'd get no mail at all if projects like MAPS didn't exist. The spammers are relentless and oblivious to the amount of destruction they cause. History has proven that they will use all bandwidth that is made available to them.
Your email account is only useful because thousands of server administrators do hours of thankless work on your behalf. It's not always pleasant, and there is sometimes collateral damage, but the scorched earth approach is the only thing keeping the Internet usable.
-- ;-)
Kuro5hin.org: where the good times never end.
I get the whole domain forwared to except 2 addresses (My Parents), so I do get them. It's still only 20 a day or so
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
What if I were to sign up for a newsletter, and then later send it in to SpamCop? Are you telling me that the SpamCop script has some type of intelligent filter to know whether or not my complaint is legitimate or that I did/did-not sign up?
Of course not. The software must assume the user is reporting spam. You can't expect it to be able to tell whether or not the user is lying. Therefore, the burden of proof lies not on Spamcop, but on the user claiming to have received the spam. Spamcop shouldn't even enter into the equation.
Any business that has a problem with users mistaking actual subscriptions for spam needs to rethink their policies. While it does happen that someone will sign up for a mailing list and then later report it as spam, it's a rare occurance unless something is inherently wrong with the way the list is being run. Mailing lists should have a two step opt-in process, with the second step being a reply emailed from the user. A simple form on a web page with no confirmation from the email address submitted invites trouble. Secondly, removal instructions should be proudly displayed on every piece of email sent to the subscribers, and they should be simple. The easiest way is to provide a URL where users can unsubscribe themselves.
If your company has problems with opt-in users accusing you of spamming them, that problem lies not with Spamcop nor with your users, but rather with your policies and methods used in operating your distribution lists. Take responsibility for this, fix the problem at it's source and the spam reports will go away.
-Ryan, with the unoriginal sig
Wrong. I do not claim there is no problem. I do not reject countermeasures. I reject ineffective vigilante countermeasures. I claim that MAPS does not help, at least not as much as they would have us believe. I'm not alone in this claim. I claim that my ISP does not use MAPS and I have no spam problem. That's not because there is no spam problem, it's because I take action to avoid unwanted email. Why is that so awful? Why am I villified for being careful about how I share my email address?
I disagree. That's the bottom line. That's where we disagree. It doesn't make me an ogre. It doesn't make you an ogre. However, if you block my email based solely on my IP address and nothing else, simply because some self-appointed other person decided to list my IP address as evil, then in my opinion you are indeed an ogre.
What everyone on your side of the arguement fails to realize is that IP address alone is not sufficient evidence of spam. Period. I support a legal definition of spam that we can all agree really targets spam; I will never agree to IP address alone as the sole identifier. I offer to work to define spam -- do you? No. You already know spam when you see it: anything on the MAPS list is spam. Period. No question. No appeal. Sorry, but that doesn't cut it for me. Who died and left the Internet in the care of MAPS?
Once we have that definition we can enact laws to protect us from spam and punish those to send it. Until then, the vigilanties like MAPS are simply lawless tyrant bullies trying to tell everyone else how to live. You obviously like that, but I don't. Especially when they tell me I can't send email to my brother but won't tell me why.
If all this should have a reason, we would be the last to know.
Sorry, but they are not here, I do not have them at hand. And even if I did, I would not post my IP address -- I'm not stupid. If I ever need to, I will produce the evidence. Need to in the sense of providing evidence to a court to support a denial-of-service lawsuit against MAPS.
Yeah, yeah, yeah. I know that, OK? I knew that years ago. But my brother's ISP -- the ones actually using the RBL to block my email -- denied any responsibility and referred me to MAPS. If it wasn't for MAPS and the way they and they alone decide who is and is not labled a spammer -- and their lack of any appeal process or any form of mediation outside the courts -- I would not have had problems sending email to my brother.
Two points. Three, really. 1) Yes, I know they don't actually filter by domain name. What they do is find out all the addresses under a domain name and filter them. Same difference. So they don't go through DNS, so what? The effect is the same. 2) MAPS has not "always" been clear about this. They did not make any such claim to me, personally. To me, personally, over the telephone, they claimed only to block individual IP addresses. They denied blocking entire sets of IP addresses, but that is exactly what they did then and do now. They lied to me. 3) MAPS is the sole arbiter of "antisocial behavior"? I don't think so. Not in a free society. That's my primary complaint against MAPS. If they had listed my IP address because someone else in the same subnet was spamming, I would understand that. But even if that's what happened -- even if what they said were true, which it is not -- they did not have any mechanism for me to prove that I was not a spammer and get my IP address taken off the RBL. Their only solution was for me to change ISPs. That's extortion. What's worse, the entity they claimed was spamming was from another state, in another subnet, but they blocked (excuse me, listed) me because I had the same ISP. That's mistaken identity, and that's forgivable too, if they have a process for removing non-spammers from their list. But they have no such process, and have no interest in considering one. That's what makes them vigilanties, and thus vermin to be exterminated.
If all this should have a reason, we would be the last to know.
And finally, Hotmail does use MAPS if you enable it.
However, Hotmail does not force you to use it, which was my whole point: You have options. Nobody is being forced to use MAPS. Even people stuck with a MAPS subscribing ISP can get a free email account that is not subject to MAPS filtering.
-Ryan, with the unoriginal sig
Sorry if I misled you. Please suggest an alternate word. What I meant was this: MAPS expected me to change ISPs to suit them. The tangible benefit to them is increased legitimacy and an increased sense of power ("we cost someone another subscriber!"). The threat to me was not physical, it was a threat to continue to have my mail blocked. That's extortion to me: Using a threat to change someone else's behavior. What word would you use?
If all this should have a reason, we would be the last to know.
The MAPS RBL is a system which accepts an IP address and returns a result if the IP is associated with spam. It does not work with domain names at all.
Netblock != domain. The fact that MAPS blacklists spamming netblocks does not imply that they target domains. Domains exist within the context of name resolution. They have nothing to do with network architecture. It's possible to host a thousand domains at one IP address, or have one domain that includes thousands of IP addresses.
The first sentence does not support the second. They probably listed some or all of the netblocks which your ISP controls. The subnet of which you speak was probably contained within one of those netblocks. Your conclusion that they "filtered" your ISP's domain name does not make sense.
Before slinging insults, you might consider learning a bit more about the internet. It does not work the way you think it does.
Really? Let's just abolish the government then, and let businesses do whatever they want. But wait a minute. Suppose a business B1 wants to null route another business B2 because it's flooding the network with junk. Does anyone have the right to tell B1 how to run things? What if B1 shares the info with B3, B4, and B5, all of whom object to floods of junk? Don't they have the right to blackhole the offender? You can't complain because you don't think that anyone has the right to tell a business how to run things. Your position is self-contradictory.
Your company is a spam house, pure and simple. Even if the log information you offer is legit, which is open to question, using it would require the cooperation of the ISP that owns that address. It also involves substantial work on the part of the injured party, all to end up at a dialup account that was either stolen or disconnected for abuse eight hours after it was activated.
That's why the pressure will rightfully be placed on your company, because you are the people running a "single opt-in" (which means no opt-in) list. Eventually you will cause enough harm that you will be RBL'd.
Many spammers have paying clients. Why do you think that this legitimizes their activity? As for a "right to send email," you are talking about making a TCP connection to a box owned by someone else. You do not have an absolute right to connect to someone else's computer against his will. Even if you have "paying clients".
It sure looks strange, when you put it that way. How about this: first they built the infrastructure, then they kept it clear of junk.
Great. So while you're working on the right solution, please don't be offended that more practical-minded people just don't accept traffic from malicious companies.
Main Entry: extort
Pronunciation: ik-'stort
Function: transitive verb
Etymology: Latin extortus, past participle of extorquEre to wrench out, extort, from ex- + torquEre to twist -- more at TORTURE
Date: 1529
: to obtain from a person by force, intimidation, or undue or illegal power
Main Entry: boycott
Pronunciation: 'boi-"kät
Function: transitive verb
Etymology: Charles C. Boycott died 1897 English land agent in Ireland who was ostracized for refusing to reduce rents
Date: 1880
: to engage in a concerted refusal to have dealings with (as a person, store, or organization) usually to express disapproval or to force acceptance of certain conditions
Sounds to me like extort is the right word. The only boycott involved is my boycott of MAPS; they certainly did not boycott me, they extorted me.
If all this should have a reason, we would be the last to know.
I see your point. One last comment. I see your point. I really do. You fail to see mine. Since you refuse to acknowlege that I have a right to a point of view different from yours, I quit as well. I just hope that one day you are burned by MAPS and begin to see how it looks to be on the receiving end of their actions. You claim I was not intimidated. I disagree, and since I'm the one who was affected -- not you -- I fail to see how you can claim I was not intimidated. MAPS caused a real problem for me, and they refused to help me solve it. Their only "solution" was to switch ISPs.
As for my refusal to name names, I fail to see the point. If you must know, I am no longer with that particular ISP because they went out of business. So what? What you fail to recognize is that I am -- we all are -- under the constant threat that MAPS will blacklist our current ISP, with no recourse except to find another. Which means that MAPS becomes the sole arbiter of who you may or may not do business with. I personally resent that. What's worse, they have set themselves up as the sole judge of which ISP is "worthy" of the Internet, but they are not in the business of "blessing" the good ones, only condemning the ones they don't like. In other words, MAPS will not tell me I'm safe if I choose ISP X. I could waste a lot of money on ISPs as MAPS condemns them one by one. I personally dislike the big guys and wish to support local, little guys, but with MAPS out there the only safe ISPs are the ones too big for MAPS to threaten, basically just MSN and AOL. Woo, great choice there! Is this the world you wish to live in, one where everyone is either with MSN or AOL because some punk in California realized that he could throw his weight around on the Internet simply because bits are harder to regulate than atoms?
If I disagree with Consumer Reports I can ignore them. If they claim the Beltchfire 3000 is a death trap I am free to ignore them and buy one anyway. I am not free to ignore MAPS. If MAPS decided the Beltchfire 3000 is a death trap MAPS would prevent me from using one by remote control, and there's nothing I can do about that. But MAPS won't tell me what they consider safe, just that I should buy something else. And they won't tell me not to buy the Belchfire 3000 until after I own one and find it no longer works. That's denial of service, and as far as I'm concerned that should be illegal. You can disagree, and I understand why you do. I just wish you were open minded enough to understand my motives here. But then, experience has taught me that vigilanties have a pretty closed minded approach to just about everything.
I'd say "see you later" but I honestly hope we never meet again.
If all this should have a reason, we would be the last to know.