Slashdot Mirror
EFF speaks out against MAPS
Control-Z has brought our attention to the latest EFF newsletter which speaks out against MAPS ? and ineffective spam legislation. According to the EFF: "The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future " The EFF is reminding us that freedom isn't always easy. I feel much worse for those who haven't figured out procmail yet though.
The whole point of fighting for freedom is that it is even the freedoms of those we don't like that we are preserving, or those we wished would have no freedom. Freedom is only as great as its lowest common denominator.
So yes, I think that this is reasonable and a laudable position to take. Censorship is especially a lowest common denominator freedom-- who decides the standards on which things are censored? How are false accusations handled? Can that censorship be turned on you or I?
LedgerSMB: Open source Accounting/ERP
For the uninitiated, procmail is a fantastic tool. To learn more about it, check this link for how-tos, documentation, tutorials, and other spam-fighting tools.
I only post comments when someone on the internet is wrong.
I highly reccommend all people go out and use sneakemail link.
This is a great utility for stopping spam while not interfereing with your normal email.
It gives you unlimited disposable email addresses to give out whenever you need an email for a website.
If you dont want email from that address anymore, you can turn it off.
On the other hand : Spam is meant to market a good or service. Therefore there must be some way to get in contact with the spammer, otherwise their spam would be ineffective. a task force needs to be created which smacks spammers upside the head with fines, or just plain shuts them down.
Spam should be legal, as long as they include a valid return addy, and have a way to remove people (for real)
Not if your packets happen to travel through abovenet. Vixie, founder of MAPS, is the CTO at abovenet, and they regularily drop packets based on MAPS RBL.
Not much choice there for end users.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Your right to send mail stops at my mail server, I can refuse to accept mail based upon anything I feel like, including irrational reasons.
A few years ago, I came onboard at a small company just in time for their mail server (Exchange 5.0) to get blacklisted (by ORBS, I think). It sucked at the time, but if we hadn't gotten blacklisted the open relay would have remained open for a long time (the problem prompted our move to qmail). Once I closed the open relay and informed ORBS, we were quickly removed from the list.
In theory, I have no problem with the concept of these blacklists. The use of them is voluntary. From what I've heard, there may need to be some serious discussions about how they gather their data and their procedures for getting off their blacklists, but the concept seems to be both effective and practical. Also, mail providers should be up front about their use of these lists so that users can choose to use an "unprotected" mail server if they choose.
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
As long as there is sufficient notification and user choice, then there's nothing wrong with MAPS. It's only when their somewhat strong-arm tactics are combined with ISP coercion that the user really has a problem.
Your right to not believe: Americans United for Separation of Church and
It's a shame to see MAPS and collective protection schemes dumped into this list of "bad things." Like most geeks, I don't like everything that MAPS does and I'll admit that I've even been on the wrong side of the ORBS cluestick in the past. However, I believe the concept of collective protection is a good one. If there's a problem with ISPs using systems like that to block legitimate mail, then customers who want to receive said mail won't be with them for long. There are natural market pressures at work to provide what the most important people (the end users like our friends and family) want.
Like most of you, I have a pretty potent procmail script, but I have to say I've probably invested an absurdly significant amount of time in my labor of love getting it just right. If I were less of a geek, I might tend towards finding a group of like-minded mail readers and collecting our resources together. If evantually our creation became a widely recognized and used method of mail filtering, great! Then that's the choice of every sysadmin and every participant (by the merits that they all pay his/her salary) to be behind that shield. Nobody else has the right to tell me I have to accept socket connections from them if I don't want to.
Rob Carlson
Since when does anyone, anywhere have the right to send email? Since when does anyone have the right to have their data go over a network that they don't own? If someone wants to drop the letter 'P' from every packet that goes over their network, last time I checked, they still have that right. And if they don't want to carry your email, for whatever reason, last time I checked, they have that right.
And the EFF wants to get rid of your rights... sigh..
DrLunch.com The site that tells you what's for lunch!
I'm not going to couch this discussion in terms of "freedom", because it has little to do with (it. Anti-spam laws are indeed an infringement on our freedoms, as I will show, but that's not the most productive way to think about the issue.)
The arguments against spam mainly consist in the fact that spammers are ostensibly using the resources of end users and ISP's without their permission. This is simply false.
When you set up an internet MX, you are implicitly agreeing to a certain set of unwritten rules. Essentially, the rules are that you must relay any and all mail from and to your customers, except as specified in their user agreements. If they agreed to have every e-mail with the word "sex" in it blocked, then you can go ahead and do that. But if the user agreement the both of you are bound by includes no specification of what types of mail are and are not acceptable, then you must relay EVERYTHING your customers send and receive.
Why?
Because this is how the internet works. *I* control who I hand my e-mail address to, and thus who can send to me. It is not my ISP's business to arbitrarily block inbound e-mails for me. Rather, it is my resonsibility to control the availability of my address, and to deal with any and all mail I receive, regardless of source or desirability.
Imagine the consequences if these rules were discarded wholesale. If intermediary mail relays blocked transmission based on arbitrary whim, the entire structure of e-mail communication could collapse. Remember also that "spam" is not an objective label. I get e-mail adverts that I don't really want, but occiasionally I find something very interesting in them. Here, I'm speaking of mails from vendors I've done business with who are sending my "specials" and whatnot evevn though I didn't ask for it. Fundamentally, these are every bit as much "unsolicited commercial e-mail" as those ridiculous offers for cheap toner! If one is outlawed, so is the other, and the two "perpetrators" would be subject to the same penalties.
If you want to get rid of spam, replace SMTP. Create a system where addresses can be "authorized-only", similar to how ICQ can work: to receive mail from someone, you must authorize them to send to you. Under the current system, however, any attempt to stem the flow of spam will harm the proper operation of internet communication more than it will help. You can't run a mail relay that's selective, that's not how it's supposed to work, and things will break down if that's not how things DO work. Putting people in jail for sending mail over a system DESIGNED AND IMPLEMENTED FOR THE PURPOSE OF SENDING MAIL is absolutely ridiculous. It would be like arresting people for driving on the road because the locals didn't like the paintjob on your car.
I hope I made some sense here.
MoNsTeR
I implemented MAPS and Procmail Sanitizer at my employers corporate gateway about 6 months ago. As the EFF article mentions, there is a concern for legitimate mail being blocked. My solution for this is to include my direct phone line, and a request to contact me if the mail is legit, in the error message sent to mail denied by MAPS. In about 6 months of operation, at a company with about 120 users, we block on average 150 messages per day, with an all time high of 262 in one 24 hour period. I have yet to get a phone call from ANYONE, spammer or otherwise. Meanwhile, users who were getting 10-15 spams per day are now down to 1-2, sometimes none.
Frankly, I've found MAPS to be highly effective. I expected to occasionally toss out legit messages, which was why my direct line is included in every bounce, but MAPS has been considerably better than I could have hoped for. With proper setup and configuration it is quite easy to ensure that legitimate mail gets through with only a minimum of delay. MAPS has been a very worthwhile investment for our company, and our end users have consistently thanked us for implementing it. Likewise, Procmail Sanitizer has stopped all kinds of trojans and viruses cold at the gateway-even catching new ones before being publicized. Although we don't use Outlook, we still find it useful to stop the stuff, and I can't fathom anyone running an Outlook environment without Procmail Sanitizer. Good stuff.
ehintz
The Internet is not regulated as a telecom service. The FCC doesn't regulate ISPs, just the telecom services they buy. Nobody regulates mail servers. It's a free market, and it works. Now in a free market, you have competition. If your ISP uses MAPS and you don't like it, then you're free to go elsewhere. If your ISP is RBL'd, you're free to go elsewhere. There are lots of free e-mail services out there. See for instance http://www.emailaddresses.com/ . Now I wish my own "primary" e-mail provider, the one I ping many times a day, used one of these services, because I'm spammed to death and sick of it! If somebody couldn't get through, they almost certainly would find another way to reach me. Like I have a phone too, not to mention other e-mail addresses.
So given the fact that there is no anti-spam legislation, and negligible likelihood of effective anti-spam legislation within the next few years, then the free market approach (you know, the one the spammers cite to block anti-spam legislation) is to allow anti-spam filters at the ISPs. The ISPs will install them if it's good for business, and block spammers if being blackholed is bad for business.
Indeed one of the reasons that the Internet is not regulated as a "telecommunications service" is that it does not offer to provide transport of information "without change in form or content" -- an ISP may change things, of which blocking spam is one example. It would be quite a different story if a telecomm provider attempted to do the same thing -- their mission is to pass the bits unchanged, down there below layer 3.
And please don't tell me how easy it is to build an anti-spam filter on your private mail server. 99.9% of end users do no not run mail servers; ISPs, who have full-time bandwidth, run them for us.
So here's my idea:
/included/ in this encryption is a timeout value. So, you might trust futureshop.ca, and give them an email address with your user name and a timeout value of 2 years, but they can't modify that value, due to the encrypted username-timeout combo on the email address you give them. And you'd give www.hotbabes.com a one month timeout .. if you dont find yourself on a zillion other lists, maybe you give them another with a 2 year timeout. Otherwise, maybe you change to 4 months. Basically, it's about EMBEDDING a timeout communication priviledge in your contact information, without giving the sender the ability to alter that timeout.
.. basically, you could say to anyone, "If this relationship works out, I'll give you lots more time to talk to me, but for now, you have a month to sell to me the notion that you are responsible with my contact information."
Requirements:
- mail servers would have to know if a message is being sent to many users, or [threshhold]
- mail servers would have to be able to decrypt addresses against a local private key specific to your email account (not your pwd, for security considerations, i think)
So, now you give you email address out to orgnizations (basically, anyone who wishes to enter a dialog with you in a one-to-many fasion) as hr435sd45kfjd@sirsonic.com (your mail client would support the ability to encrypt your normal email user name against this private key)
Now, here's the kicker:
So, what has to be done? Does this work? I think once you wrap peoples heads around the idea of a timeout on communication privs, people who love this
Am I on crack? I think its a good idea.
"Old man yells at systemd"
How do you think that women in the workplace feel when they get "Cum slurping coeds hot for you!" e-mail just because they answer the mail for sales@companyname.com -- which is posted on the company web page? Users can't participate in newsgroups without some kind of painful REMOVETHISBEFOREREPLYINGTOME crap tossed into the middle of their e-mail address. You can't participate in list servers. You can't put your e-mail address on a for-sale web site. All you have to do is become some kind of reclusive hermit, carefully hiding your e-mail address, just to the spammers don't harass you to the point of insanity.
Oh, by the way, you also can't use your initials since spammers have taken to programs that "guess" your e-mail address if it is one or two letters long. I know. I run a mail server.
The free speech argument isn't invalid its just impractical for most end users. Secondly it is being applied in the following way by the EFF:
- "ANYBODY has the right to say anything to YOU"
and not in what most people consider free speech, which is:
- "ANYBODY has the right to say anything in a public forum."
These are NOT the same thing. You get into the whole "I'm paying time and money becuase idiots keep sending me spam". Email is personal communication (uni or multi cast) it is not broadcast. If people wish to broadcast they should do so in public forums - er, like this one!
It's still an issue if an ISP blocks somebody you do want to hear from - but this is somewhat akin to the fact that millions of people around the world don't even have access to email, a telephone or even a decent postal service to even contact me in any way whatsoever.
Being black listed at least forces those areas that are to try and regulate their users. Of course Eventually this is likely to break down to requiring pretty intelligent software to determine what to block based on message content rather than sender behaviour - and even then people will still pay third parties (ISPs,M$) to perform this for them - how many pieces of software out there still use the default passwords...
.sig
...except I can already hear nothing (because your message is lost in the thousands of spam emails in my mailbox) and say nothing (because the line is clogged with traffic).
When we're trying to hold a useful meeting, and everybody's yelling and screaming to try and make themselves heard, the guy at the front pounding the gavel isn't trying to deprive me of the First. He's trying to insure that I still have the right to speak and not be drowned out. He's asking for silence to restore order, so that we can resume speaking.
The mailing lists hosted by the FSF don't use any spam filters. At all. Now, go look at this month's archives of the binutils bug-reporting list and wonder how they manage to get any work done. (I have to hope the individual developers use filters.)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I support the EFF (inc. with money) but I can't help suspect that John Gilmore's own personal desire to operate an open relay has significantly influenced the EFF into slamming MAPS and praising Brightmail. Has JG's machine just been added to MAPS or something?
I entirely agree that ISPs should not be filtering email without notice or consent and that "end-user" tools are the best solution, but I disagree vehemently that a spammer's right to "free speech" overrides my right to accept or deny data arriving at the edge of my network, for whatever reason I decide, including irrational reasons. I can and will use any tools at my disposal to control what enters (and leaves) my systems. The problem with end-user solutions that live in the mail client is that by the time spam is deleted, the resource cost has already occured. I much prefer to simply drop connections that I don't want; it still costs me a little bandwidth but I don't waste the disk space and processing cycles that I would if I accepted the spam.
Free speech for everyone is all very well, but the galling thing is that most spam is *deceptive*, using falsified return information or deliberately implicating other innocent third parties. I would settle for allowing all mail to come in iff I can puruse claims for fraud against those who won't play nice. Since this is unlikely to happen any time soon, I'll keep my blocking techniques, thank you very much, and I won't be shedding any tears over the "free speech" rights of spammers - I simply don't recognise any innate "right" to practice deception, especially when it's at my own expense.
My next sig will be ready soon, but subscribers can beat the rush
Freedom means the government can't tell you to shut up; it doesn't mean I have to listen to you.
Freedom of speech is *harmed* by spam; it is harder and harder to talk to people, because more and more of them need a variety of local blacklists, buggy procmail rules, or other harsh filters, just to use their mailboxes *at all*. My friend can't email her dad, because the first time he checked his mailbox, he had a thousand pieces of spam.
That's not free speech. Free speech is the right to say things that people don't like - not the right to say things at no cost to yourself, to people who don't want to subsidize you, in their private space.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
It sits at the intersection of property rights, free speech and communications rights and privacy rights.
Amazingly, because of this, many of the people writing here with opposite positions may both be right.
I've written extensively on this and have a collection of essays on my web site, though they are not all endorsed by fellow EFF people. As you might expect, with such new and contentious issues, no group, not slashdotters and certainly not the EFF, finds itself of a single mind.
Those who have written that the first amendment applies only to government action are correct. However, the principles of free speech apply universally, if you defend them. Private actors do have their right to block speech, but this does not make such actions immune from criticism by free speech advocates.
Instead, I look to define good principles by which we private actors might govern ourselves. There are many good lessons in the free speech principles to which we have held governments.
Amongst the principles (not just in free speech) is the protection of the innocent. That you don't punish the bystanders to get at the guilty. Private actors usually have the right to do that, but it need not be lauded.
Unfortunately, and I think this sits at the soul of problems with MAPS, blacklists tend to operate that way. I know many are aware of this, but have dedided that blacklists are the only way, and so a few innocents must be punished to stop spam.
This is of particular concern when the area is communication.
People do have the right not to listen to any communication, but this is a very simple statement about a complex issue. There is much to be said about how they should exercise that right.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I wonder if the EFF also believes that junk faxes should be legal--even though the anti-junk-fax law was upheld as constitutional when challenged on First Amendment grounds.
Never take moderation advice from sigs, including this one.
Systems administrators who will not adopt the suggested anti-spam policies find themselves unable to deliver their non-spamming users' mail to recipients who are on systems that participate in blacklisting.
The EFF, like many other groups, is incorrectly stating that MAPS is the organization doing the actual blocking of packets, not the ISPs. It is clear to me that if ISPs did not agree with MAPS' policies on what to block and with its history of questionable bans, then those ISPs wouldn't subscribe to MAPS. It is clear that ISPs see a benefit in using a blacklist, one that saves them money on bandwidth and support. Aside from the purely practical aspect, many feel very strongly about spam.
The EFF stated that they wouldn't support a blacklist if it blocked one legitimate piece of e-mail. Aside from the fact that this is impossible, they don't seem to understand the reason that MAPS works. It wouldn't work if spam-friendly ISPs were free to sign up spammers, without any fear of ALL their traffic being blackholed.. In order for a blackhole to work, you have to block ALL of their users' traffic. Yes, it sucks if you are that user.. however, it may teach you a lesson that it doesn't pay to have a spammer one IP over from you. If ISPs don't deal with their spam problems, they are free to watch all their users go away.
MAPS 'suggested anti-spam policies' are not overly demanding. They don't force ISPs to jump through hoops, they are reasonable requests to make. An ISP who subscribes to MAPS is saying, "I don't want to receive newsletters that are not confirmed opt-in. I don't want to receive mail from ISPs with open relays." Folks, that's not too much to ask for.
Yes it's a strong arm tactic, but it's one or the other - strong arm, or legislation. The EFF believes that filtering at the user's end is the right way to deal with spam. Bullshit. Filtering doesn't stop them from using up my bandwidth. Filtering doesn't stop them from spewing all over the net, wasting the time of support staff nationwide. Until every last AOL box is filtered from receiving a single piece of spam, there WILL be suckers responding to this shit, and the spammers WILL get paid. Filtering doesn't stop spam support services, spamvertised web sites, or spamware companies.
The EFF throws around that word, 'censorship,' like they don't know what it means. This worries me.. it is censorship if someone (correct me if I'm wrong, but censorship applies only to gov'ts) prevents you from voicing your opinion, or saying whatever you have to say. It is NOT censorship if I say to you, "I'm not going to listen to what you, or anyone from your ISP, has to say."
As for legislation, illegal censorship prevents speech based on CONTENT. Legal restraint of speech, such as junk fax laws, prevents speech based on the METHOD of the speech.