Slashdot Mirror
EFF speaks out against MAPS
Control-Z has brought our attention to the latest EFF newsletter which speaks out against MAPS ? and ineffective spam legislation. According to the EFF: "The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future " The EFF is reminding us that freedom isn't always easy. I feel much worse for those who haven't figured out procmail yet though.
The ISP opts-in, the user doesn't.
Furthermore, a user on an ISP that got listed on MAPS certainly doesn't.
Everyone hates spam, everyone wants it to go away... unfortunately, no one has any really good answers as to how it should happen.
Making falsified return addresses a punishable offense has the side effect of rendering anonymous communications illegal.
Any legislation created will boil down to one thing: the Balkanization of the Internet.
I see a big market in e-mail wizards that will help guide you towards writing e-mail that's legal in every country in the world if anti-spam bills start getting passed.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
The whole point of fighting for freedom is that it is even the freedoms of those we don't like that we are preserving, or those we wished would have no freedom. Freedom is only as great as its lowest common denominator.
So yes, I think that this is reasonable and a laudable position to take. Censorship is especially a lowest common denominator freedom-- who decides the standards on which things are censored? How are false accusations handled? Can that censorship be turned on you or I?
LedgerSMB: Open source Accounting/ERP
"When they took away the Fourth Amendment, I said nothing. I didn't deal in drugs. When they took away the Sixth Amendment, I said nothing. I was innocent. When they took away the Second Amendment, I said nothing. I didn't own a gun. Now they've taken away the First Amendment, and I can say nothing." -author unknown
Your right to send mail stops at my mail server, I can refuse to accept mail based upon anything I feel like, including irrational reasons.
As long as there is sufficient notification and user choice, then there's nothing wrong with MAPS. It's only when their somewhat strong-arm tactics are combined with ISP coercion that the user really has a problem.
Your right to not believe: Americans United for Separation of Church and
It's a shame to see MAPS and collective protection schemes dumped into this list of "bad things." Like most geeks, I don't like everything that MAPS does and I'll admit that I've even been on the wrong side of the ORBS cluestick in the past. However, I believe the concept of collective protection is a good one. If there's a problem with ISPs using systems like that to block legitimate mail, then customers who want to receive said mail won't be with them for long. There are natural market pressures at work to provide what the most important people (the end users like our friends and family) want.
Like most of you, I have a pretty potent procmail script, but I have to say I've probably invested an absurdly significant amount of time in my labor of love getting it just right. If I were less of a geek, I might tend towards finding a group of like-minded mail readers and collecting our resources together. If evantually our creation became a widely recognized and used method of mail filtering, great! Then that's the choice of every sysadmin and every participant (by the merits that they all pay his/her salary) to be behind that shield. Nobody else has the right to tell me I have to accept socket connections from them if I don't want to.
Rob Carlson
Since when does anyone, anywhere have the right to send email? Since when does anyone have the right to have their data go over a network that they don't own? If someone wants to drop the letter 'P' from every packet that goes over their network, last time I checked, they still have that right. And if they don't want to carry your email, for whatever reason, last time I checked, they have that right.
And the EFF wants to get rid of your rights... sigh..
DrLunch.com The site that tells you what's for lunch!
I'm not going to couch this discussion in terms of "freedom", because it has little to do with (it. Anti-spam laws are indeed an infringement on our freedoms, as I will show, but that's not the most productive way to think about the issue.)
The arguments against spam mainly consist in the fact that spammers are ostensibly using the resources of end users and ISP's without their permission. This is simply false.
When you set up an internet MX, you are implicitly agreeing to a certain set of unwritten rules. Essentially, the rules are that you must relay any and all mail from and to your customers, except as specified in their user agreements. If they agreed to have every e-mail with the word "sex" in it blocked, then you can go ahead and do that. But if the user agreement the both of you are bound by includes no specification of what types of mail are and are not acceptable, then you must relay EVERYTHING your customers send and receive.
Why?
Because this is how the internet works. *I* control who I hand my e-mail address to, and thus who can send to me. It is not my ISP's business to arbitrarily block inbound e-mails for me. Rather, it is my resonsibility to control the availability of my address, and to deal with any and all mail I receive, regardless of source or desirability.
Imagine the consequences if these rules were discarded wholesale. If intermediary mail relays blocked transmission based on arbitrary whim, the entire structure of e-mail communication could collapse. Remember also that "spam" is not an objective label. I get e-mail adverts that I don't really want, but occiasionally I find something very interesting in them. Here, I'm speaking of mails from vendors I've done business with who are sending my "specials" and whatnot evevn though I didn't ask for it. Fundamentally, these are every bit as much "unsolicited commercial e-mail" as those ridiculous offers for cheap toner! If one is outlawed, so is the other, and the two "perpetrators" would be subject to the same penalties.
If you want to get rid of spam, replace SMTP. Create a system where addresses can be "authorized-only", similar to how ICQ can work: to receive mail from someone, you must authorize them to send to you. Under the current system, however, any attempt to stem the flow of spam will harm the proper operation of internet communication more than it will help. You can't run a mail relay that's selective, that's not how it's supposed to work, and things will break down if that's not how things DO work. Putting people in jail for sending mail over a system DESIGNED AND IMPLEMENTED FOR THE PURPOSE OF SENDING MAIL is absolutely ridiculous. It would be like arresting people for driving on the road because the locals didn't like the paintjob on your car.
I hope I made some sense here.
MoNsTeR
My opinion diverges from the EFF's on this point. I would argue that using reputable services that maintain a list of open and abused mail relays to filter incoming mail is a responsible decision. The combined benefits of reduced volume of incoming spam, and the enforcement of responsible mail server configuration benefits not only local users, but the Internet as a whole.
Out of the box, most modern mail servers configure themselves to prevent the relaying of mail. What we are fighting by using services such as MAPS are legacy systems and new servers that come online and are misconfigured. It is simply negligence to be operating an open relay in today's Internet. That negligence needs to be challenged. We can ultimately get the upper hand on the abuse of open relays this way, and I would support Internet wide adoption of the use of such services as a Best Current Practice.
With regards to my users not receiving mail, it is our company policy to individually handle each complaint related to our mail filtering to benefit our customers. We will almost always explicitly permit mail from servers that we know are legitimately trying to reach our users. We will also send a courtesy email to the administrators of the open relay to inform them of the situation. This isn't about maliciously blocking every relay out there, to the detriment of our users, this is about encouraging a trend of improved mail server administration. Responsible implementation of these kinds of controls on unsolicited email benefit everyone.
Cheers
The Internet is not regulated as a telecom service. The FCC doesn't regulate ISPs, just the telecom services they buy. Nobody regulates mail servers. It's a free market, and it works. Now in a free market, you have competition. If your ISP uses MAPS and you don't like it, then you're free to go elsewhere. If your ISP is RBL'd, you're free to go elsewhere. There are lots of free e-mail services out there. See for instance http://www.emailaddresses.com/ . Now I wish my own "primary" e-mail provider, the one I ping many times a day, used one of these services, because I'm spammed to death and sick of it! If somebody couldn't get through, they almost certainly would find another way to reach me. Like I have a phone too, not to mention other e-mail addresses.
So given the fact that there is no anti-spam legislation, and negligible likelihood of effective anti-spam legislation within the next few years, then the free market approach (you know, the one the spammers cite to block anti-spam legislation) is to allow anti-spam filters at the ISPs. The ISPs will install them if it's good for business, and block spammers if being blackholed is bad for business.
Indeed one of the reasons that the Internet is not regulated as a "telecommunications service" is that it does not offer to provide transport of information "without change in form or content" -- an ISP may change things, of which blocking spam is one example. It would be quite a different story if a telecomm provider attempted to do the same thing -- their mission is to pass the bits unchanged, down there below layer 3.
And please don't tell me how easy it is to build an anti-spam filter on your private mail server. 99.9% of end users do no not run mail servers; ISPs, who have full-time bandwidth, run them for us.
How do you think that women in the workplace feel when they get "Cum slurping coeds hot for you!" e-mail just because they answer the mail for sales@companyname.com -- which is posted on the company web page? Users can't participate in newsgroups without some kind of painful REMOVETHISBEFOREREPLYINGTOME crap tossed into the middle of their e-mail address. You can't participate in list servers. You can't put your e-mail address on a for-sale web site. All you have to do is become some kind of reclusive hermit, carefully hiding your e-mail address, just to the spammers don't harass you to the point of insanity.
Oh, by the way, you also can't use your initials since spammers have taken to programs that "guess" your e-mail address if it is one or two letters long. I know. I run a mail server.
Not if done correctly. Just make false addresses/false routing information illegal on COMMERCIAL mail. Why does a company need to do something anonymously, especially one that wants me to buy something?
...except I can already hear nothing (because your message is lost in the thousands of spam emails in my mailbox) and say nothing (because the line is clogged with traffic).
When we're trying to hold a useful meeting, and everybody's yelling and screaming to try and make themselves heard, the guy at the front pounding the gavel isn't trying to deprive me of the First. He's trying to insure that I still have the right to speak and not be drowned out. He's asking for silence to restore order, so that we can resume speaking.
The mailing lists hosted by the FSF don't use any spam filters. At all. Now, go look at this month's archives of the binutils bug-reporting list and wonder how they manage to get any work done. (I have to hope the individual developers use filters.)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
but it sure does keep a lot of junk away from my mail server. I have tried to disable it, but as soon as I did that, tons of junk mail got through. I don't really care if it should filter a few wrong mails, the alternative for me would be not to use email at all.
The big problem with that Gaijin42, is that spam is very cheap to send, and mailing lists are easy to build and exchange.
Run some numbers...say, several thousand companies sending spam to 20 million people each, with a lot of overlap on the mailing lists. Some people would get thousands of emails. This would make email completely unusable for anything other than receiving spam, for many people.
As long as the sender does not pay the cost of email, spam has to be limited.
I've been victimized by the RBL once that I know of (I had my outgoing email rejected by the recipient's ISP because my ISP had some clients who with open relays and MAPS had their entire address space blocked on the RBL), and I suspect it may have happened at other times, as mail to my account at my current ISP who also uses the RBL has been mysteriously disappearing, and I've had complaints from people that my email is "broken". In fact, I'm considering switching to a yahoo address as my primary email account.
But I understand that any time I receive any piece of unsolicited email it is because *I* supplied my email address to the spammer - either directly or indirectly.
File this one under "P" for "Parody"
I know... it's such a pity. Every time I walk out into the street, I am in the sights of a sniper rifle. I wish that when I walked into the street I wouldn't have to wear a bullet proof vest and face shield, but that's the sad reality of living in this crazy world today. I'm just glad that my company was smart enough to put up thick concrete walls wigh don't allow most bullets to pass through them between me and my parking lot.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
It sits at the intersection of property rights, free speech and communications rights and privacy rights.
Amazingly, because of this, many of the people writing here with opposite positions may both be right.
I've written extensively on this and have a collection of essays on my web site, though they are not all endorsed by fellow EFF people. As you might expect, with such new and contentious issues, no group, not slashdotters and certainly not the EFF, finds itself of a single mind.
Those who have written that the first amendment applies only to government action are correct. However, the principles of free speech apply universally, if you defend them. Private actors do have their right to block speech, but this does not make such actions immune from criticism by free speech advocates.
Instead, I look to define good principles by which we private actors might govern ourselves. There are many good lessons in the free speech principles to which we have held governments.
Amongst the principles (not just in free speech) is the protection of the innocent. That you don't punish the bystanders to get at the guilty. Private actors usually have the right to do that, but it need not be lauded.
Unfortunately, and I think this sits at the soul of problems with MAPS, blacklists tend to operate that way. I know many are aware of this, but have dedided that blacklists are the only way, and so a few innocents must be punished to stop spam.
This is of particular concern when the area is communication.
People do have the right not to listen to any communication, but this is a very simple statement about a complex issue. There is much to be said about how they should exercise that right.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I disagree with your free speech definition.
--"ANYBODY has the right to say anything in a public forum."
When it should read something more like this:
--"ANYBODY has the right to say anything in a public forum.... as long as the forum is held on public property, the permits have been secured, the speech does not threaten bodily harm to any individual or organization, the speech isn't slanderous to any person or organization, the speech does not call for the upheaval of the government, you don't tell people how to defeat CSS, etc..."
Your real problem is that you want it both ways. You want your speech to be protected when you use email, but you also want to restrict speech for email you find disapproving. The sender won't know whether or not his email meets your criteria unless he sends you the email for your approval.
Can email be a public forum? Yes it most certainly can -- in the form of mailing lists. So a spammer uses a mailing list, and it becomes completely legal. Why? He's communicating to a large number of people using a publicly financed network. If that doesn't sound like a public forum, I don't know what does.
Now I'm in doubt again.
The problems with most of these blacklists (and there are lots of them) is that there are no globally-accepted standards for how open relays should get on or off the lists, how to notify owners of blacklisted IPs and how long entries should be blacklisted in the absence of other feedback.
I hate spam at least as much as the next guy, but I'm still cleaning up from an attack that happened two months ago through a server I thought had been configured to prevent relaying. Unfortunately, it had been rebuilt (and badly) since the last time I'd verified its configuration. The attack launched through the relay lasted no longer than 36 hours. I realize that's a helluvalong time in Internet time, but considering the attack began over a weekend, the fact that I caught it and stopped it on Sunday morning means I caught it 24 hours faster than I normally might have.
I fully expected to wind up on some blacklists because of the incident, but I didn't expect to be winding up on new blacklists 30 days after the fact.
Today, I got an email from a user who hasn't been able to contact somebody important for three weeks. The user on the other end was completely unaware that their ISP was blocking our email.
I'd like to see standards for notifications, for aging entries (and eventually dropping them), for active verification and automated retesting, and for subscribing ISPs to notify their users how many emails they blocked and from whom they were blocked.
But that's just me.
Systems administrators who will not adopt the suggested anti-spam policies find themselves unable to deliver their non-spamming users' mail to recipients who are on systems that participate in blacklisting.
The EFF, like many other groups, is incorrectly stating that MAPS is the organization doing the actual blocking of packets, not the ISPs. It is clear to me that if ISPs did not agree with MAPS' policies on what to block and with its history of questionable bans, then those ISPs wouldn't subscribe to MAPS. It is clear that ISPs see a benefit in using a blacklist, one that saves them money on bandwidth and support. Aside from the purely practical aspect, many feel very strongly about spam.
The EFF stated that they wouldn't support a blacklist if it blocked one legitimate piece of e-mail. Aside from the fact that this is impossible, they don't seem to understand the reason that MAPS works. It wouldn't work if spam-friendly ISPs were free to sign up spammers, without any fear of ALL their traffic being blackholed.. In order for a blackhole to work, you have to block ALL of their users' traffic. Yes, it sucks if you are that user.. however, it may teach you a lesson that it doesn't pay to have a spammer one IP over from you. If ISPs don't deal with their spam problems, they are free to watch all their users go away.
MAPS 'suggested anti-spam policies' are not overly demanding. They don't force ISPs to jump through hoops, they are reasonable requests to make. An ISP who subscribes to MAPS is saying, "I don't want to receive newsletters that are not confirmed opt-in. I don't want to receive mail from ISPs with open relays." Folks, that's not too much to ask for.
Yes it's a strong arm tactic, but it's one or the other - strong arm, or legislation. The EFF believes that filtering at the user's end is the right way to deal with spam. Bullshit. Filtering doesn't stop them from using up my bandwidth. Filtering doesn't stop them from spewing all over the net, wasting the time of support staff nationwide. Until every last AOL box is filtered from receiving a single piece of spam, there WILL be suckers responding to this shit, and the spammers WILL get paid. Filtering doesn't stop spam support services, spamvertised web sites, or spamware companies.
The EFF throws around that word, 'censorship,' like they don't know what it means. This worries me.. it is censorship if someone (correct me if I'm wrong, but censorship applies only to gov'ts) prevents you from voicing your opinion, or saying whatever you have to say. It is NOT censorship if I say to you, "I'm not going to listen to what you, or anyone from your ISP, has to say."
As for legislation, illegal censorship prevents speech based on CONTENT. Legal restraint of speech, such as junk fax laws, prevents speech based on the METHOD of the speech.
There are 22 million small businesses in the U.S. alone.
If one-tenth of one percent of them decided to send you one message this year, and if they coordinated to achieve load-balancing, you would still get over 200 pieces a DAY.
Opt-out doesn't scale.
Why should I tell you I'm blacklisting you?
If you're a private citizen, you owe me nothing. If you're an ISP, you owe me at least a cursory attempt to have an automated program try to email me. Fer cripes sake, how hard would it be to write a perl script that parses the IPs, performs a reverse-DNS lookup, tries to email postmaster@ and then blacklists?
If I'm a real spammer or a moron with a cable modem, you won't get a valid or useful reverse-DNS. Fine. Don't notify those morons or scumbags directly. But for poor bastards who got caught with their shorts down, let's not go out of our way to make their lives hell after they've already fixed the problem.
The sites that have blacklisted me aren't private individuals. They're blacklist organizations that small ISPs and some corporations belong to. The SMTP service that acted as a relay for a day and a half has a valid RDNS name that is mx.mydomain.com. It shouldn't have been tough for somebody to figure out they could send an email to postmaster@mx.mydomain.com or abuse@mx.mydomain.com or even postmaster@mydomain.com.
I'm all for killing spammers and sterilizing their children. And I don't have a problem with blacklisting morons like myself. I do have a problem with making it impossible for me to redeem myself.