Slashdot Mirror
MAPS and Experian Settle Lawsuit
dbrower writes: "Experian is trumpeting a settlement with MAPS here, where MAPS agreed not to blackhole them without a court order, and agreed that Experian didn't need to do opt-in. Looks like a loss to me."
← Back to Stories (view on slashdot.org)
Let there be no question about it. This is a victory for spammers. I hope MAPS elects to keep a list of companies which they are unable to block through their service. Then I could grok the list and be happy once again.
--CTH
--Got Lists? | Top 95 Star Wars Line
...And spamming is the worst type of pollution; they make you pay for the sludge with your connectivity, time, and frustration.
It would be interesting to know why MAPS decided to cave in. Perhaps a Slashdot interview is in order?
I'd like to see MAPS publish a list of IPs it's forbidden to add to its main blocklist, so that we could manually add them to our MAPS config.
Schwab
Editor, A1-AAA AmeriCaptions
Do not misunderstand, I am no sympathizer of the spammers. I do not think what they do warrants first ammendmend protection. However, I do not think that MAPS arbitrarily black holing companies who it cannot strong arm with threats really deserves our respect anymore.
A good idea gone awry.
Cheers,
- RLJ
MAPS only maintains a database that provides information to others, who seek that information.
That database expresses an opinion: in the opinion of MAPS, the networks listed in the database are suspected of passing through or generating spam.
Shouldn't this be protected by the First Amendment?
Making this settlement goes against all their principles, so Experian must have made them afraid for their very existence with this.
As noted, unless the agreement is very broad, they can certainly name on their web site the companies they have been compelled not to block, and people configuring their own mail filters could decide case by case whether to include them.
However, if they made an automated list, effectively an alternate blacklist, I could see a court saying they were violating the spirit of the agreement, unless they wrote it carefully to allow them to do this.
However, oddly enough, it could be to experian's detriment to have it happen manually. If site admins manually put in blocking for their domains, it will be almost impossible for them to get that blocking removed except over a very long period of time, since each admin would have to manually reconfig.
Of course, they could change the IP address and domain they send mail from to get around that. Somebody (not MAPS) could provide a service that simply lists mail sending IP addresses used by experian, no other comment made.
Has it been over a year since you last donated to the Electronic Frontier Foundation
Think about what happens if someone else subscribes you to a mailing list with a high volume. Single opt-in means your mailbox starts getting filled up with mail without giving you any chance to avoid it. Do you really want to enable people to kill your e-mail easily by just signing you up for a few dozen multi-megabyte-per-day single-opt-in mailing lists?
Well, experian.com just made it in to my access.db, along with everyone else who's sued maps in the past. Do they have any mail servers outside that domain, anyone know?
Here's a list of some other companies not understanding what MAPS is and trying to stop them with bogus lawsuits. I hope they don't accidently wind up in your access.db (or whatever your MTA uses).
yesmail.com
harrisinteractive.com
blackice.com
media3.com
247media.com
experian.com
exactis.com
liveprayer.com <--- accused MAPS of being an agent of Satan
To block these in sendmail, use the 550 5.7.1 error code in your access.db file, like so:
yesmail.com <tab> 550 5.7.1 Spammer suing MAPS.
If I don't sign up for a mailing list, I should not suffer hundreds and hundreds of spam from it.
If I signed you up to 100 such mailing lists, would you rather get 100 verification mails that you could just delete, or 10,000 mails from the mailing lists that you'd have to unsubscribe from manually?
The idea of double opt-in isn't designed to make people's lives inconvenient - all it needs is a quick reply. It's pretty easy, I do it all the time. You can even do it from a different e-mail address. However, it does protect those who suffer from massive mailbombing.
In the spirit of Karma Whoring :-)
Here's some history on this case. It features articles from various stages in the case. Has anyone found the text of the complaint or injunction? still looking...
--CTH
--Got Lists? | Top 95 Star Wars Line
I believe what they call "double opt-in", is this:
You punch in an email address at the webform.
Their system sends a confirmation email, with a token of some sort, to that address.
You reply, with said token, and the address is confirmed and added to the list.
It's not that hard, and it also allows you to get your ass off a list even if you don't send from that address any more - if you get the emails forwarded, it's all good.
Now, if MAPS was demanding something more (and I half expect they may have, it seems to me they've been constantly increasing their requirements), that's unreasonable. But simply verifying that the stated account really wants on the list isn't a huge deal, nor is it hard for the user - AND it pays off for the sending servers, as they spend less time spinning their wheels on bogus/broken addresses.
Experian is a company that sells crack by spamming millions of schoolchildren. MAPS (the Multidisciplinary Association for Psychedelic Studies) has refused to provide their drug-friendly mailing lists because they insist that crack is not a psychedelic drug. However, Experian threatened to take them to court with the argument that if they can include marijuana under their umbrella, then the definition is broad enough to include crack.
Wisely recognizing that both sides are better off not attracting the attention of the courts, MAPS has apparently backed down.
A loss indeed. You can expect many of your peaceful local potheads to become violent criminal crackheads any day now.
I hope this clears up any misconceptions you may have had from the shamefully vague top-level story. I'm a little fuzzy on some of the details myself, but as usual, trying a few likely domain names gave me access to the essentials.
The realistic problem is that if spammers could claim legitimacy by being single opt-in, they'd just claim they got your address when you (or someone else) requested you be added. What, you want to be removed from their list? Sure no problem... *wink* *wink*
Double opt-in is the only method that lets YOU as the user have a real way of saying yes or no and holding onto your own email address. Honestly, meaningful opt-in doesn't even start before double opt-in. And single opt-in can be WORSE than opt-out because of the pretended compliance scenario cited in the first paragraph.
I use
- relays.ordb.org
- or.orbl.org
- inputs.orbz.org
- outputs.orbz.org
- spews.relays.osirusoft.com
to keep my inbox clean.Winning one battle doesn't win the war!
What gives you the right to tell a sysadmin what they can and cannot block?
Because ISPs are lazy like everyone else. They will just trust that MAPS has not become corrupt.
Put it this way: do you think Experian should be able to publish anything they want about a person regardless of accuracy? After all, banks have the choice whether to use Experian or not.
This is actually pretty real world, because all three credit agencies suck when it comes to accuracy (which is not surprising when you have 150 million records). That's why they need government regulation because of the power they hold.
Believe me, I am very anti-government regulation, but blacklists of any kind are very apt to be abusive.
Sometimes it's best to just let stupid people be stupid.
But these people understand the concept of a "web page". If, instead, something like MAPS were based on a list of domain names found on web pages, I think people would have a much harder time "shutting it down". After all, it would be human readable speech, and if people mine that data for their E-mail programs, well, so be it.
P.S. I did not get "flamebaited," I got modded down. Go ahead, mod this down, too. I'm not a karma whore.
If all this should have a reason, we would be the last to know.
Don't get me wrong, I'm no fan of SPAM, but given that MAPS and services like it, automatically blackhole email from dynamically served DNS entries, I am quite happy to see them sued, sued into oblivion even. MAPS decreases freedom on the net. I have a DSL connection through a local carrier who shall remain nameless. I run a web server on my connection, largely for family and friends. If I get a business connection where I can get a properly registered DNS entry, I have to pay twice as much for half the bandwidth. So I use dynamic DNS services. Thanks to MAPS its about impossible for me to send email directly from my server. Instead I am forced to use the email account of my service provider. (Ironically, I can send email from SPAM ridden web mail services any time I want.) I resent MAPS's heavy handed self righteous policing of the net, even more than I resent the bandwidth wasting spammers. I would rather delete some extra #$%^ and have freedom, than have somebody tell me what I can and can't do.
The crossed off names are people who have been murdered since the list went up. Greyed out means they were only wounded.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
A non US company to start making a blackhole list.
If you were in a country that wasnt under direct US control you could basically have the entire staff moon a camera and respont to expierian's lawyers with the photo.
anyone in the former USSR care to start a global business?
Do not look at laser with remaining good eye.
In addition to all the random female-depicting porn you're familiar with, I get aluminum market newsletters, British SMS-music-info-service announcements, and some very tasteful Swedish news mailings. Oh, and for a while nop@nop.com was listed as the contact address for a gay personals service ad in Portugal. The letters I got were very sweet, but my wife still thought it was funny...
My favorite is when people buy unlock codes for commercial software, giving my email address. I've got a whole folder full of registration codes that I didn't pay for and will never use....
Oh right, back to opt-in. So here's what's going on.
- When spammers say "opt-in" they mean that at least somebody typed an email address into a web page somewhere.
- When spammers say "double opt-in" they mean the horrible, onerous, business-destroying requirement to confirm that the person receiving mail at an email address wants to receive their mail. Anti-spammers prefer to call this "verified opt-in", and I like that term better, but it doesn't matter what you call it.
So when somebody types nop@nop.com into the signup for Goatmail (intentionally goating me or not), a verified opt-in system sends nop@nop.com a message saying "hi! hit reply to this message to confirm and enter the wonderful world of goats!" With non-opt-in systems, I'm in Goatland without any further delay. Sort of like when my "friends" sent all the "I'm interested!" postal reply cards to the Navy recruiters AND the dental post-doc programs with my address on them. Took years to get rid of them.But I digress again. Here's the summary:
- Unverified opt-in means someone wishes for an email address to receive spam.
- Verified opt-in means the recipient of mail sent to an address wants spam.
That clear things up?All the ISPs that subscribe gave them authority, that's who. That's not nobody.
Heck, I've always used my real email here, and on the usenet and my web page too. Yes the SPAM is annoying. I wish there was a Windows Client Side software that would tap into the RBL/ORBS etc
As it is, I deal with the 20 or so pieces of spam I get every day with the delete key
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
My ISP does not use MAPS and guess what? I am not flooded with spam. Not one bit. You do not need MAPS to avoid spam.
/. 4 months later, if you're not drowning in spam, then I'll apologize.
Oh really? I double-dog-dare you to go online, in chatrooms, read certain webpages and enter certain data, and have your email address unobscured on major websites like
Put another way, there are three explanations for your not getting spam without MAPS: Maybe they're just not spamming you. Maybe your ISP is using a non-MAPS blackhole list (gasb! they exist). Or MAYBE the spammers just ain't NOTICED you yet, monkey-boy. New ISP means new email address, duhh.
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
One thought. Now that MAPS is charging for access to their service, can someone paying for their services consider there to be a contract between MAPS and them wherein MAPS agrees to provide a list of IP addresses that meet it's definition of 'spammer'? If so, and Company A goes to court and prevents MAPS from listing their IP addresses even though they meet MAPS' definition, can RBL subscribers sue Company A for damages due to Company A's interference in MAPS' performance of it's duties under it's contract with them?
Rick Moen has a standard message for those who would sue MAPS. You see, MAPS actually wins by losing.
Time to update those DNS records and MTA rulesets, people.
My own last message to Experian:
What part of "gestalt" don't you understand?
They don't arbitrarily blackhole any companies.
They do keep a list of servers whose administrators that does not want to cooperate in the fight against spam for whatever reason.
It is up to the mail server administrators to decide whether they want to accept mail from those servers. That is a perfectly fair and honorable thing to do.
Why excatly do you think I should be denied the choice to refuse to accept mail from people who will not help fight the one thing that have made mail nearly useless to me?
And why exactly do you think that giving me that choise is as morally questionable as trying to force me to accept and pay for junk I don't want?