Slashdot Mirror
Spam Blackhole Lists Redux
tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship."
J adds: Brad Templeton recently
offered some comments
on the most extreme pro-blacklist position.
I think black hole lists are a great thing, but I will admit, they are certainly censorship, and the customers of an ISP using such a list may disagree with some or all of it.
Perhaps the solution is to design a standard format for a black hole list, and add that functionality to email applications? If the end users had such access for themselves, then they could decide whether they wanted someone else to censor their mail (and whether they wanted to bypass that censorship for certain specific people or networks).
And yes, I know there is software that does this, but it's all proprietary. Is anyone interested in adding a generic functionality to, say, Mozilla? Perhaps the ability to import an XML list of bans from one or more specified URLs, run by volunteer blackhole list sponsors?
Blackholes. Just another thing for spammers to get around, just to sell you penis enlargment products, prime morgage rates, and how to make $50,000 in 5 days. How about a new email system all together. Solve all these dang problems.
No.
Spam is the direct result of an abuse of the existing system(s). It costs companies money, money that they would not be spending otherwise. Spam is not like traditional advertising, like in TV, in which the advertiser actually pays for the ads (since they are usiing the hosters resources and/or popularity). On the contrary, the Spammers pay no fees, and force the hosts to take financial losses.
Immediate death is the answer. Kill them. They are like animals. AND WE SHOULD TREAT THEM LIKE ANIMALS!!!!!!!
...are just as bad as most analogies.
What is the difference between asking ISPs to cut spammers and sking ISPs to cut users, who set up porn websites?
Well, the latter is not against the TOS of the ISP. The first one is.
The latter is not threatening to destroy Email. The first one is.
The latter is not stealing. The first one is.
But I guess this one's just another personal opinion of an EFF Director, and not representitive of EFF's opinion on these issues...
Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death.
In Soviet Russia, I ruled you
Popups are merely web content, presented on pages that you actually choose to visit - web sites that you willingly expose yourself to. Spam is forced upon you whether you like it or not, and ends up costing both your ISP and you money to prevent.
Nobody is forcing you to use a blacklist on your mail server. Forcing people to accept this trash, err spam, is free speech? I think the freedom to accept whatever mail you want is crucial. Next time I get DoS'd I'll remember your comment and think.. hmm.. I should let them flood the hell out of me because if I blocked them, that'd be quite fascist.
Let the people choose. I use SpamCop as a RBL and I still get a decent amount of spam. This weekend, I plan on adding some broad ACLs so my mail server won't have to put up with this garbage (or at least most of it).
Comment removed based on user account deletion
Well, we're all free to do that. Any one of us can chose to only accept e-mail that is pgp signed, or comes from an approved list of senders, or contains the phrase "this mail is not spam" in the header.
That's the beauty of the internet. We can all do it the way we want. I am afraid of what will happen when some people start imposing their ideas of how things should work on the system.
Often what starts as common sense restrictions becomes a straightjacket.
I can see where you're coming from in a "theoretically, Communism should work" sort of way. But from a practical standpoint, free speech only works if people have the ability to tune out some messages and concentrate on others.
Imagine that you're having a lively conversation at a dinner party. There are a dozen different groups of chatters in the room. The spammer mentality recognizes the opportunity here: If I just brought in a megaphone, then everyone would be able to hear what I have to say.
The problem is twofold: Everyone has a message that they want others to hear, and thanks to the marvels of the Internet, everyone with a broadband connection has a huge megaphone. At some point, it becomes difficult to pick out the messages that are important to an individual, and the medium as a whole suffers. The solution here is to silence the proverbial megaphones.
The difference between Spamhaus and the RIAA is that Spamhaus is interfering with "speech" that interferes with more constructive speech, and the RIAA is trying to interfere with speech that interferes with their monopoly on certain messages.
You want the truthiness? You can't handle the truthiness!
Yes it is a form of censorship, but NO this is not about free speech - SPAM is not free in the cost sense. It costs money to move it around - if you don't believe me, then you have no idea how the internet works.
Sure, if you get SPAM at work, you personally don't absorb the cost... and sure, if you have uncapped internet access, sure you don't absorb the cost. BUT SOMEONE DOES. I don't get SPAM at work but do on some personal email addresses and I, like many other people outside the united states, DO NOT have unlimited download limits.
So those who want the right to speak freely about their latest porn sites, sex products, can pay, albeit a tiny amount of money, per email we receive.
Another thing about free speech, it doesn't mean you can talk as loudly as you want in the middle of the street at 3am - no, you WILL be approached by authorities for disturbing the peace - just try it. SPAM is not really all that much different - you don't have the option of not hearing it, the same way as you don't have the option of not hearing someone blaring music or screaming at 3am while trying to sleep. While the remedy might sound easier to delete a SPAM message than bother the local police for noise complaints, you don't have the noise every day, and hundreds of times.
Free speech might mean not being censored, but it doesn't mean you can do it at other people's expense of inconvenience.
One cannot force another to listen to the message, if they so do not desire. So talk all you want, we're covering our ears.
I don't know who the hell modded this up, but I'm out of mod points or I'd put it down for sure.
:)
There's a difference between free public speech, and invasion of privacy. Would you call it free speech if someone broke into your house and talked dirty to your underage daughter?
These lists are not about stemming free speech... they're not stopping anyone from setting up a webpage or some other form of information server, they're about stopping invasive practices from people... shoving their CRAP down other peoples throats.
As for DRM and p2p, well those are completely seperate issues, the only thing in common is someone wants to stop or continute them. DRM defeats my legal right to use the music I *license* fairly. As a Canadian I pay $.21 cents on every blank (with no choice on the matter) to gain some of these rights (Canada actually grants us some nice rights for this levy), and their copy protection schemes turn around and (IMHO) ILLEGALLY stop me from doing what I have PAID for. Don't give me that crap that it's only $.21 a cd and they're not recouping lost income, because I think maybe 1 in a hundred cds I buy gets made into an audio cd... hell, they should give most of the levy to the porn producers
As for p2p, well this is a tricky issue, that has been stated before... the actual systems are not illegal, it's what the user does with them. It's unfair and not feasible to outlaw everything that can be used for illegal purposes, so I don't have the solution to that, but the actual technology shouldn't be condemned for this.
If I can't smoke and swear I'm fucked.
The f*** they do.
Using them is entirely voluntary.
Or is this yet another attempt to define "free speech" as "speech I like"?
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
It would be nice, except some of us do not have that many options to choose from (some of us have no options, just one isp).
So while your comment sounds sensible, it is not applicable to all.
Just my 2 cents
The lists seem to be similar to the Better Business Bureau (in the US).
.. it is late and I am not sure where my point is going.
"OUR MISSION is to promote and foster the highest ethical relationship between businesses and the public through voluntary self-regulation, consumer and business education, and service excellence." www.bbb.org
The BBB is an organization without authority. It is a voluntary system to People can lodge complaints about a business. People can also inquire about complaints against a business.
I may choose not to do business with any other businesses that do not have what I consider acceptable BBB records. Is it really the BBB's fault? Is their system flawed?
I don't think so. The BBB only provides information. Depending on how much I value the BBB or information, I will choose to do business with a company.
Blacklist are not much different. Organizations sign up for their information *voluntarily* and understand that there may be some "false positives" or disputed cases. Organizations weight the benefits and risks and make their own decision.
If a blacklist proves to block to much email then organizations might try another blacklist or not use one.
Thats it for now.
ok
Keep the Classic Slashdot.
Since when does someone else's freedom of speech *require* me to listen?
In the case of spam, it is on my dime too!
Keep the Classic Slashdot.
The biggest flaw in these lists is that the spammers are better at getting lists than the people who are blocked by by the lists. Spammers will be better at getting off the lists, and will be better at changing their accounts around so they can continue to spam.
Personally, I wish the article told people how to find out if they are blacklisted. I had a spammer use my domain as a return address. Did that get all my mail blocked?
A flawed list might boast that only 1% of the mails that they block are legitimate. However, when you look at the volume of spam sent compared to genuine email, you realize that 1% is a sizeable chunk of the real mail. Lets say poor joe user gets 2 real messages for every 100 spam. The 1 percent fail rate means that the spam cop deleted half of Joe's legitimate mail. (1 percent is half of 2 percent).
Here's my response to Brad Templeton's post:
What if, at the end of Brad's list, we add:
h) trading child pornography
i) plotting terrorist attacks
j) promoting cannibalism
On his list, items a, f, and possibly g are potentially illegal - the others are clearly legal in the U.S., although they may violate service agreements with some ISPs. Nonetheless, even the possibly illegal actions are perceived as minor crimes, like speeding - if you found out your neighbor was doing these things, you wouldn't start looking for a new place to live. The three items I listed above are different - if any reasonable person even suspected that their neighbor was planning or committing one of those acts, they'd be calling 911 (or your local government's equivalent, unless you live in a country that supports terrorism / kiddie-porn / cannibalism) in a jiffy.
Spam is different from both of these. It's legal in most places, which distinguishes it from the three items I've mentioned, but it's looked upon with nearly equal horror as a violation of trust. If spam were made illegal (particularly porn spam), it could easily be lumped in with these other categories (okay, spam doesn't directly involve killing/torturing other people, but when you get spam that lists your full name and discusses rape, that's bordering on assault).
I think most people would consider it ethically responsible for their ISPs to report kiddie-porn traders, terrorists, and cannibals - at the very least, it would be irresponsible of the ISPs to not report such activities if they were aware of them. The difference, which Brad's post ignores, is that some activities (kiddie-porn, terrorism, spam) cause or can potentially cause DIRECT phsyical or emotional harm to other individuals (and before you argue this point with regard to spam, think carefully about how you would distinguish between soliciting children for sex and sending porn emails to children), while other activities (copyright infringement, NAT) don't.
To (hopefully) temper the debate, I'll add that I would oppose a "one strike and you're out" rule. It's easy to imagine someone being tricked into downloading unpleasant images, and it's easy to imagine someone sending out spam without knowing any better. But after being warned, the punishment the second time should be more severe.
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
i noticed this chunk of the article
"Blacklist operators call this "collateral damage," admitting that it is an unfortunate side effect. But for people like Haselton, who can go unaware for weeks that their messages are dissolving into the ether, collateral damage can seriously hinder someone's ability to communicate via the Internet."
Unaware? Why the fuck didnt he check his smtp logs and notice all the 553's ? When you hit a mail server that rbl's you, it sends you a 553 bounce.
Also, many user's mail servers will notify the sender of the bounce and give them a copy of the bounce message so they know why it got bounced.
Collateral damage is why you NEVER ever host your servers with a spam friendly outfit. Our company recently hosted a client's email server, and the FIRST thing we did was run the colo against every blacklist we could think of. We also asked them their policy on handling abuse emails, and spammer termination. Read news.admin.net-abuse.email , its full of good info on how to avoid spam friendly hosters.
Lawyers, MBA's, RIAA? A jedi fears not these things!
If this or any of the other methods to curb spam condone censorship, then so do the 'OFF' buttons on my radio and television.
The big point of the article is that the blackhole list are sometimes subverted by persons with a political agenda. If a group of people don't like what I'm saying, they can sign up for my mailing-list and then complain to the black-list that I'm sending spam to them, with enough compalints I find that the Emails to the people who want and agree to recieve my emails are unable to do so.
Even worst is when whole blocks of addresses are block just because a spammer has been using one address in the block. This could effect 100's of web-sites, not all Email are sent by a human on a dialup line.
I wouldn't be surprised if some of the sleaze-bag spammers are reporting other spammers to the lists just to cut down the competetion to reach tha few gullibles that think they need a peter-pump.
Apocalypse Cancelled, Sorry, No Ticket Refunds
My SpamAssassin is configured to reject the suspicios e-mails with a polite message: 550 This looks too much like spam. Please, contact your intended recipient with a short plain-text message
This way, I don't have to worry much about false positives -- the innocent senders (if any) will immediately know, what happened and will be able to get around the problem.
In Soviet Washington the swamp drains you.
There is no good, bad, or indifference to the use of RBL lists. They are the currently the only way to combat, what is in essence, criminal behaviour. There are no first amendment rights issues involved here. Read it for yourself if you think otherwise, (http://www.billofrights.org/).
= fd_top), think about a new profession. Soon.
These people steal bandwidth and services from both the originating and the receiving companies and ISPs. They pedal blatantly false products (Are you stupid enough to think that you can enlarge the flaccid size of your penis by swallowing a pill?), dubious services (Would you re-finance the mortgage on your home with someone who uses an advertiser that steals services from someone?), and porn (If you want it, go find it yourself.).
As a mail system admin, I have to deal with this on a daily basis. It gets worse every month (or 42 days) and I see no real relief coming anytime soon from either the states or the feds, because they are so slow on the uptake. So my feeling is this, if you're on this list of jerks (http://www.spamhaus.org/rokso/index.lasso), then you're blocked, period. If you're in China, Korea, or Brazil, move. If you're an e-mail marketer, change professions. If you're a real spammer like this jerk (http://news.com.com/2100-1032_3-1001513.html?tag
If you happen to be a real company or user that has an account with or a site hosted by any of the ISPs that host these jerks and refuses to do anything about them, you're blocked until they're gone or you change providers. When you do change, remember to tell your ISP *WHY* you're changing to a different company.
I do have a bit of sympathy for Mr. Haselton, but not much. I'm sure MAPS tested his server for relay capability. He would have noticed if he, or his admin, was reading the logs. They do give you a month to fix your problem/appeal. If he got caught out from no fault of his own, like it seems he did, he could change to a different ISP. Did he even try?
I've got your sig, right here.
Haven't you ever heard of a newsgroup killfile? Guess what? They were were around and extremely popular long before the "internet" went mainstream.
If I want to use someone's spam blacklist it's no different than if I want to use someone's killfile. You have to the right to speak, but I don't have to listen.
Why should an ISP expect immediate removal? Surely if they take their time to eject a spammer from their networks they should expect likewise from the community? Considering blacklisting is used as a last resort when all other avenues - abuse reports, reeducation - have failed, why should it be an easy life? Why not avoid blacklisting in the first place and have a well monitored and working abuse department?
The spamers are playign tricks that are upsetting the Bayesian filters.
Thats why you see so many random words thrown in as well as misspelled words. Someone needs to do a bayesian filter with soundex support.
One other trick that is going on is the spamers are tring to drive the spam threasholds up. If your spam program seems most mail as 0-10, where 10 is always spam, what happens when the program sees a score of 100? Then does the program assume anything less than 50 isn't spam?
A thousand spams getting through are worth it to prevent a single false positive.
You sound like one of those "the cure is worse than the disease" whiners. They don't understand how bad the "disease" can get and obviously neither do you.
I've noticed this also. However, the nice thing about baysian filters is that they adapt along with the spammers. As spammers adopt new mispellings, the filter adapts to the new statistical model. Furthermore spammers can't do much about the features that result in a high ham score.
Thing is, I'm not interfering with the spammer's free speech at all. They're still free to say whatever they want. What I'm doing by using a spamblock is the equivalent of declining to go listen to their speech. What the spammers are yelling about isn't that people are trying to stifle their speech via spamblocks, but that when they do speak it's to an empty hall because nobody wants to hear what the spammers want to talk about.
I'm sorry, but the right to free speech doesn't include the right to require me to listen.