Slashdot Mirror
Spam Blackhole Lists Redux
tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship."
J adds: Brad Templeton recently
offered some comments
on the most extreme pro-blacklist position.
By tossing spammers into blackholes...just a thought.
And they're not. They go against the spirit of the Internet. What makes it great is that everybody HAS a voice, and when we start talking about who should have a voice and who shouldn't we start to sound a lot like fascists. Doesn't matter that it's speech we don't agree with, because it's just a matter of time before the whole thing is so watered down that nobody in their right mind will bother to use it (like amateur radio nowadays...)
Why don't we just create a system where we all only accept mail that has been PGP encrypted with our public keys? That way spammers will have to burn through a whole lot of clock cycles to get their crap out and as an added benefit, we will get a bit more privacy.
I think black hole lists are a great thing, but I will admit, they are certainly censorship, and the customers of an ISP using such a list may disagree with some or all of it.
Perhaps the solution is to design a standard format for a black hole list, and add that functionality to email applications? If the end users had such access for themselves, then they could decide whether they wanted someone else to censor their mail (and whether they wanted to bypass that censorship for certain specific people or networks).
And yes, I know there is software that does this, but it's all proprietary. Is anyone interested in adding a generic functionality to, say, Mozilla? Perhaps the ability to import an XML list of bans from one or more specified URLs, run by volunteer blackhole list sponsors?
Blackholes. Just another thing for spammers to get around, just to sell you penis enlargment products, prime morgage rates, and how to make $50,000 in 5 days. How about a new email system all together. Solve all these dang problems.
No.
If you have been placed on a blacklist, then something must be wrong with your system(s). If the problem is with insecurity and unrestricted relaying, you must fix that before becoming un-blacklisted. If the problem is with a customer, you must deal with them before you can have your IP/domain removed from the blacklist. We need a central service to look at cases and see when someone is "clean." Until they are, there system could still contribute to the spam problem and must be blacklisted.
I'm wondering what the slashdot fans seem to lean towards. Is it viewed as better, or easier, to simply flip on a few RBLs and prevent the messages from ever touching your server...or would you rather use these alongside sorting technology to channel spam towards a designated folder?
Spamassassin and the like do a decent job of helping the spam problem, but my users still complain that their SPAM box has 80 messages a day...even if they get no false positives.
Personally, I'd rather have control over this than my ISP...as at least I can control how I choose to filter or not to filter. And I think the brute-force nature of an RBL often offers piece of mind but without adequate logging or reporting to guarantee you're only blocking what you intend. I'll settle for a full SPAM box any day...
-Barkeep, a draft of your most hazardous brew, for the world is slowly stepping into focus, and I don't like what I see.
What do you call 100 spammers, chained together, and tossed into the ocean to drown?
A start...
Spam is the direct result of an abuse of the existing system(s). It costs companies money, money that they would not be spending otherwise. Spam is not like traditional advertising, like in TV, in which the advertiser actually pays for the ads (since they are usiing the hosters resources and/or popularity). On the contrary, the Spammers pay no fees, and force the hosts to take financial losses.
Immediate death is the answer. Kill them. They are like animals. AND WE SHOULD TREAT THEM LIKE ANIMALS!!!!!!!
SPEWS' WHOIS record isn't really hiding anything when you ask the right server:Whether or not that address really exists, I don't know - but I doubt SPEWS is about to put obviously bogus information (e.g. not@available.org) in their WHOIS record. The spammers would just file a complaint with ICANN.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
...are just as bad as most analogies.
What is the difference between asking ISPs to cut spammers and sking ISPs to cut users, who set up porn websites?
Well, the latter is not against the TOS of the ISP. The first one is.
The latter is not threatening to destroy Email. The first one is.
The latter is not stealing. The first one is.
But I guess this one's just another personal opinion of an EFF Director, and not representitive of EFF's opinion on these issues...
Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death.
In Soviet Russia, I ruled you
Popups are merely web content, presented on pages that you actually choose to visit - web sites that you willingly expose yourself to. Spam is forced upon you whether you like it or not, and ends up costing both your ISP and you money to prevent.
The SBL and other blackhole lists are a valiable tool in the war on SPAM. The problems with their use arise only when upstream providers of client email services, make use of such systems either without the knowledge of the end users or without providing those users optionality in the use of the system. I and many other readers of /. run their own mail servers for recipt of personal email rather than depend on the mail services of their ISPs. These indevidual mail servers can be configured as you see fit with as lax or stringent mail acceptance rules as desired. When upstream providers of mail services implement such systems there is the possibility that the end users would be unaware of the mail they were not recieving. These systems must be implemented with discretion.
As for the consequences for the sender, of sending to a recipient who may not recieve the mail, due to the appearance of the sender's IP address on the SBL or other such lists; the sender is responsible to insure that they recieve service from a reputable ISP who does not cater to spammers. This presumes that due diligence was performed before any IP is added to an SBL list. This also asumes that any mail recipient using such lists is responsible for using a reputable list provider where they are confident of the due diligent performed in generating the list. The whole system (not unlike many other elements of internet architecture) depends on the good faith / good will of the participents.
The primary responsibility lies with the email recipient who selects an SBL type list that is as lax or stringent about the content of the list, as the email recipient is comfortabe with, since the relative levels of stringency maps directly to how much legitimate mail that recipient will have rejected.
--CTH
--Got Lists? | Top 95 Star Wars Line
Comment removed based on user account deletion
There will always be some sites improperly secured that allow the spammers to relay their material. I find almost all the emails I get now are bounced through DSL boxes. Blackholing them doesnt help because you're actually blacklisting legitimate users and the spammers themselves are hidden. Having said that, I think such blackholes are important as an incentive to force ISPs to enforce their Terms of Usage. A lot of the SPAM i get is bounced through the same ISPs, or ISPs in eastern countries like Taiwan who dont seem to care about complaints.
Former Iraqi Information Minister Mohammed Saeed al-Sahaf
Yes it is a form of censorship, but NO this is not about free speech - SPAM is not free in the cost sense. It costs money to move it around - if you don't believe me, then you have no idea how the internet works.
Sure, if you get SPAM at work, you personally don't absorb the cost... and sure, if you have uncapped internet access, sure you don't absorb the cost. BUT SOMEONE DOES. I don't get SPAM at work but do on some personal email addresses and I, like many other people outside the united states, DO NOT have unlimited download limits.
So those who want the right to speak freely about their latest porn sites, sex products, can pay, albeit a tiny amount of money, per email we receive.
Another thing about free speech, it doesn't mean you can talk as loudly as you want in the middle of the street at 3am - no, you WILL be approached by authorities for disturbing the peace - just try it. SPAM is not really all that much different - you don't have the option of not hearing it, the same way as you don't have the option of not hearing someone blaring music or screaming at 3am while trying to sleep. While the remedy might sound easier to delete a SPAM message than bother the local police for noise complaints, you don't have the noise every day, and hundreds of times.
Free speech might mean not being censored, but it doesn't mean you can do it at other people's expense of inconvenience.
The f*** they do.
Using them is entirely voluntary.
Or is this yet another attempt to define "free speech" as "speech I like"?
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
All we need is a nice perl script to suck x bytes of bandwidth from a given IP address. It will attempt to do this with pings, recursive http or ftp, or whatever services it can find. (Real maliciousness such as Pings of Death is unnecessary.)
So Every time a mail server receives a suspected spam, it would fork() off this script against the server that sent the spam. With enough receiving servers configured to do the same, *poof*! The offending mail server is, almost instantaneously, effectively taken off the Net.
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
I set my mail server to tag emails rather than block them (move to spam folder on workstation), so i see some interesting things...
When i first tried it 6 months ago, it magically worked, 99% of spam ended up in my spam folder.
Now the blocking ratio is down to about 10%... and here's why. There are 3 MX records for us:
A - linux server - MX = 10
B - msexchange server - MX = 20
C - isp's server - MX = 30
messages delivered to A are tagged (if spam) and forwarded to B. B exists in the MX records for redundancy. C is used because A and B are on the same site.
What i'm finding though, is that spammers send emails to B or C. When A receives the email, it has come from B or C, not the original spammer, so suddenly the blocking doesn't work anymore.
dammit.
It can only work if everyone in your MX record list does it, and my isp is the biggest in Australia so it's an awfully large machine to move.
I have tried adding in more dummy MX records, so that A is first, middle, and last. That seemed to work for a bit but not for long. I might have more success adding different ip addresses for A and peppering the MX list with those... but it's a bit messy.
It would be nice, except some of us do not have that many options to choose from (some of us have no options, just one isp).
So while your comment sounds sensible, it is not applicable to all.
Just my 2 cents
Still, how effective can a blacklist, however well implemented & maintained, really be? Isn't this one of the easier types of blocks for spammers to get around?
If everyone would just stop trying to grow their penises, turn $5 into $5000, and visit XXChristyXX in her all-nude sorority, spam would wither and die. Lately, I've received some very helpful emails about how to stop spam and make money in the process, secrets I will be sharing with about 16 million fellow computer users very shortly.
--Michael"No live organism can continue for long to exist sanely under conditions of absolute reality;..."
I'm quite surprised nobody has mentioned this yet, or submitted it as a story. He's being indicted for forgery and identity theft.
The lists seem to be similar to the Better Business Bureau (in the US).
.. it is late and I am not sure where my point is going.
"OUR MISSION is to promote and foster the highest ethical relationship between businesses and the public through voluntary self-regulation, consumer and business education, and service excellence." www.bbb.org
The BBB is an organization without authority. It is a voluntary system to People can lodge complaints about a business. People can also inquire about complaints against a business.
I may choose not to do business with any other businesses that do not have what I consider acceptable BBB records. Is it really the BBB's fault? Is their system flawed?
I don't think so. The BBB only provides information. Depending on how much I value the BBB or information, I will choose to do business with a company.
Blacklist are not much different. Organizations sign up for their information *voluntarily* and understand that there may be some "false positives" or disputed cases. Organizations weight the benefits and risks and make their own decision.
If a blacklist proves to block to much email then organizations might try another blacklist or not use one.
Thats it for now.
ok
Keep the Classic Slashdot.
The people with the main Spam problems are the ISPs. There are thousands of dead email addresses, and mistyped email addresses on spam lists. You will get hit with a hundred spams just for owning an email list.
Of course, the biggest problems are with web sites that display email addresses. I've had my private email address ruined because I did some volunteer service and the web site owner posted my email address to thank me...arrrggghhhhh!!!!
BTW, you can sometimes find if your email address is on a web page by entering your email address in Google.
Perhaps the original author meant that ISPs and the like would infring on (customer) rights by implementing such a blacklist.
The biggest flaw in these lists is that the spammers are better at getting lists than the people who are blocked by by the lists. Spammers will be better at getting off the lists, and will be better at changing their accounts around so they can continue to spam.
Personally, I wish the article told people how to find out if they are blacklisted. I had a spammer use my domain as a return address. Did that get all my mail blocked?
A flawed list might boast that only 1% of the mails that they block are legitimate. However, when you look at the volume of spam sent compared to genuine email, you realize that 1% is a sizeable chunk of the real mail. Lets say poor joe user gets 2 real messages for every 100 spam. The 1 percent fail rate means that the spam cop deleted half of Joe's legitimate mail. (1 percent is half of 2 percent).
Here's my response to Brad Templeton's post:
What if, at the end of Brad's list, we add:
h) trading child pornography
i) plotting terrorist attacks
j) promoting cannibalism
On his list, items a, f, and possibly g are potentially illegal - the others are clearly legal in the U.S., although they may violate service agreements with some ISPs. Nonetheless, even the possibly illegal actions are perceived as minor crimes, like speeding - if you found out your neighbor was doing these things, you wouldn't start looking for a new place to live. The three items I listed above are different - if any reasonable person even suspected that their neighbor was planning or committing one of those acts, they'd be calling 911 (or your local government's equivalent, unless you live in a country that supports terrorism / kiddie-porn / cannibalism) in a jiffy.
Spam is different from both of these. It's legal in most places, which distinguishes it from the three items I've mentioned, but it's looked upon with nearly equal horror as a violation of trust. If spam were made illegal (particularly porn spam), it could easily be lumped in with these other categories (okay, spam doesn't directly involve killing/torturing other people, but when you get spam that lists your full name and discusses rape, that's bordering on assault).
I think most people would consider it ethically responsible for their ISPs to report kiddie-porn traders, terrorists, and cannibals - at the very least, it would be irresponsible of the ISPs to not report such activities if they were aware of them. The difference, which Brad's post ignores, is that some activities (kiddie-porn, terrorism, spam) cause or can potentially cause DIRECT phsyical or emotional harm to other individuals (and before you argue this point with regard to spam, think carefully about how you would distinguish between soliciting children for sex and sending porn emails to children), while other activities (copyright infringement, NAT) don't.
To (hopefully) temper the debate, I'll add that I would oppose a "one strike and you're out" rule. It's easy to imagine someone being tricked into downloading unpleasant images, and it's easy to imagine someone sending out spam without knowing any better. But after being warned, the punishment the second time should be more severe.
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
i noticed this chunk of the article
"Blacklist operators call this "collateral damage," admitting that it is an unfortunate side effect. But for people like Haselton, who can go unaware for weeks that their messages are dissolving into the ether, collateral damage can seriously hinder someone's ability to communicate via the Internet."
Unaware? Why the fuck didnt he check his smtp logs and notice all the 553's ? When you hit a mail server that rbl's you, it sends you a 553 bounce.
Also, many user's mail servers will notify the sender of the bounce and give them a copy of the bounce message so they know why it got bounced.
Collateral damage is why you NEVER ever host your servers with a spam friendly outfit. Our company recently hosted a client's email server, and the FIRST thing we did was run the colo against every blacklist we could think of. We also asked them their policy on handling abuse emails, and spammer termination. Read news.admin.net-abuse.email , its full of good info on how to avoid spam friendly hosters.
Lawyers, MBA's, RIAA? A jedi fears not these things!
If this or any of the other methods to curb spam condone censorship, then so do the 'OFF' buttons on my radio and television.
Actually, I've known many guys for whom the first list would be shorter.
Ever wonder why IM has taken off like it has, you don't get fucking spammed.
:-)
Blacklists suck, they don't work. Blacklist an ip address or range and a new guy gets it and can't send mail, real fucking smart and real fucking frustrating to be the admin, use the reverse domain name all you want, but don't involve the ip address.
Do you think ISPs want spammers, spammers are a pain in the ass to deal with, they are the squeeky wheel at an ISP and they rarely pay their bills after bitching about everything.
An extension to smtp and pop3 is needed, smtp stopped working years ago and people now ignore their email, often you need to call someone to check their email and search for you amongst all the spam in their box.
I'm an admin, not a programmer, but I would do it this way if I was a programmer.
mail is received, the host starts out with a zero rating and the user does as well.
A global bayesian filter then ranks this piece of email, the email is then delivered to a users box with the rating attached for the domain and the user.
The user may sort by this rating to filter out spam from non spam, it is optional at this point, but if the user is using software with the necessary extension, the user can then check if the email is spam or good and have the domain's rating adjusted slightly, and the user's rating fully in the negative or positive, if negative the sending user will not have mail accepted again unless someone uprates the user.
If enough complaints arrive from the sending domain, the domain is blackballed and cannot escape since multiple users have decided that this domain is sending inappropriate email according to the TOS of the receiving ISP.
So, to be more specific, sorry to make this so long, but maybe it will inspire someone.
Connection established with port 25, reverse checked for presence on blackball list, if present drop connection silently. No reverse also gets dropped.
Check for from line with specific user name, if user is on blackball list drop connection silently.
Receive email and grade with bayesian filter using global ruleset, this filter cannot blackball domain or user no matter how much it looks like spam, but can make it nearly so.
Deliver mail, if user confirms mail is spam, blackball user and downgrade domain further, this may actually blackball the domain if enough mail is sent and the filter grades it badly enough (based upon average grade).
Since Dialup and DSL connections do not control their own reverses, it would be trivial to add a simple filter that would refuse mail delivery from these sources, except from their own isp, and then the outgoing mail would be run through a filter, if the rating dropped for the user into negative territory as reported by receiving servers the user would lose their bulk smtp privledges and have thier outgoing mail throttled in a severe fashion with all mail containing bcc and cc mail rejected, and the number of emails per hour limited to stave off potential damage.
The SMTP extension comes into play with a network of these mail servers, blackballed domains would be automaticlly sent to a neighbour in p2p fashion, but ratings would only be accepted if the neighbour server had a valid key, that would be exchanged amongst admins and a network of trust would form.
If a domain becomes blackballed, a user/domain notification takes place alerting that site to the fact mail from their domain/user is not being accepted, at this point an admin could get involved, but my guess is that more often than not the domain will remain there.
Anyhow flame away, my asbestos suit is on
If you live in the USA, the Bill of Rights enumerates your right of free speech. That does not make it an absolute right. Try exercising your right to free speech on my property and I will have you arrested for trespassing.
Mea navis aericumbens anguillis abundat
Open relays on DSL lines are no longer valuable if we add a DNS field for SMTP servers authorized to send for a domain. Then, you need to actually own the domain to send mail for it (to servers that require the DNS field). Anonymity gone.
It's simple - when a mail comes in you send an e-mail back to the sender with a cookie in the subject line. That e-mail requests they send you a confirmation e-mail to get onto your whitelist, which also causes the original e-mail they sent you to be de-queued and delivered.
If you feed your inbox/archives into your whitelist, 99% of people who e-mail you won't even notice the system is running.
I used to get about 200 spams a day. I tried RBLs, I tried spamassassin. None of it worked reliably - RBLs were only catching about 20% of my spam and spammers now get around spamassassin by looking at the rules when they craft e-mails. False positives were also a problem - sure, it's quicker filtering suspected spam into a spam folder for batch-checking, but it's still a serious hassle with >80 dubious borderline spams a day, and tens slipping straight through the spamassassin/RBL net into your inbox.
Happily for those of you running your own mail servers (or sitting on a *nix box which delivers mail locally via procmail), you can get a program which will do this for you for free. It's called Active Spam Killer, it's written in Python, and you can get it here.
Anyway, the point is, if you say something on your website (such as "niggers are great"), I do not have to read it. However, if you send me a nice big jpeg, with a smiling porch-monkey, that says "niggers are great", I end up having to deal with it. If I felt the need for a larger penis and an unaccredited degree, I'll bet Google could help me find places to get that... I don't need someone telling me shit I don't want to know.
You know, I've seen some really good posts from you that get undeserved hostile replies based solely on who you are and what your unpopular political positions represent. (I know you're only karma whoring to keep your score above 0, but that's sort of irrelevant, really.) You recently wrote this excellent post about calculating bolometric luminosity- and the discussion quickly degenerated into a brawl about racism, with people inappropriately screaming at the moderators for marking your post as Informative, followed by Anonymous Cowards putting in their own racist two cents. I even defended you once, and pointed out that a moderation applies to a post and not its author. (Thus whoring some karma for myself in the process, and making it onto your friends list- so if anyone looks at my fans list now, they'll see "I'm a racist" listed there.)
You're certainly a character- a racist with a degree in astrophysics- in fact you seem like you'd be an interesting person to know in real life. But if people start screaming "mod this racist down" this time, I cannot defend you. Your actual post was needlessly and purposefully offensive, which is sad because otherwise it does bring up a valuable and subtle point. You just had to spoil it.
Besides, I can't imagine getting an email saying "niggers are great". It simply makes no sense. Unless it's a white supremacist being sarcastic. And it doesn't fit this situation, since it's political speech. Spam is inherently commercial speech. For your analogy to work, the spam would have to be offering them for sale, not simply saying they were "great".
Kudos for simultaneously karma-whoring and slipping the words "nigger" and "porch monkey" into your post. I rarely see anyone pull that off.
There is no good, bad, or indifference to the use of RBL lists. They are the currently the only way to combat, what is in essence, criminal behaviour. There are no first amendment rights issues involved here. Read it for yourself if you think otherwise, (http://www.billofrights.org/).
= fd_top), think about a new profession. Soon.
These people steal bandwidth and services from both the originating and the receiving companies and ISPs. They pedal blatantly false products (Are you stupid enough to think that you can enlarge the flaccid size of your penis by swallowing a pill?), dubious services (Would you re-finance the mortgage on your home with someone who uses an advertiser that steals services from someone?), and porn (If you want it, go find it yourself.).
As a mail system admin, I have to deal with this on a daily basis. It gets worse every month (or 42 days) and I see no real relief coming anytime soon from either the states or the feds, because they are so slow on the uptake. So my feeling is this, if you're on this list of jerks (http://www.spamhaus.org/rokso/index.lasso), then you're blocked, period. If you're in China, Korea, or Brazil, move. If you're an e-mail marketer, change professions. If you're a real spammer like this jerk (http://news.com.com/2100-1032_3-1001513.html?tag
If you happen to be a real company or user that has an account with or a site hosted by any of the ISPs that host these jerks and refuses to do anything about them, you're blocked until they're gone or you change providers. When you do change, remember to tell your ISP *WHY* you're changing to a different company.
I do have a bit of sympathy for Mr. Haselton, but not much. I'm sure MAPS tested his server for relay capability. He would have noticed if he, or his admin, was reading the logs. They do give you a month to fix your problem/appeal. If he got caught out from no fault of his own, like it seems he did, he could change to a different ISP. Did he even try?
I've got your sig, right here.
After all, in some way the spammers are DOS'ing the internet as a whole, increasing the demand and use of potentially shared resources such as bandwidth, mail servers and so on. As often happens there does not seem to be any reasonable way to actually charge them for these resources. Legal solutions seem unlikely to work - and given the legal solutions we've seen proposed recently, are likely to even make things worse.
So, what can the average user do? Things like spam filtering on the client don't solve the whole problem.
So, do what you can. Go to any website mentioned and order a dozen or dozen dozen of their product. Don't use your own credit card or real name or address - after all they don't. Send them a couple hundred emails complaining. (Though you'll notice that most spammer products don't have accessible email addresses.) If they're in China send email to each new spammer with addresses of all the previous Chinese spammers and talk about support for Free Tibet and the Falun Gong.
Do such actions feel unethical to me? Yup. And I'll admit that I don't usually do such things myself - although between spammers and telemarketers I'm getting closer and closer to serious nastiness. But do we have a choice? If the choice is to respond to spam with DOS or the recently proposed sleazy way to legalize mass email marketing, which choice will make email usable for people?
Its the prisoner's dilemma (or the tragedy of the commons) over and over again, sadly. The best solution must be to make the payoff for "defectors" lower or make their cost higher.
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)
I am part of the collateral damage.
Because of black lists and a dial-up connection, I can not use my home server to send email to a friend of mine who uses earthlink or to subscribe to a number of SourceForge mailing lists. At work, I can not receive email from my wife or daughter, because they use web.de addresses
Neither my wife, my daughter nor I have had anything to do with spamming, yet we are limited in our ability to use the internet to communicate with each other or with our friends. This limitation is due to conditions which are almost completely out of our hands to control or to correct. Who is going to compensate us for our loss of use? Why are our rights sacrificed and written off as a necessary part of gaining a greater good?
Some here will no doubt argue that I should pressure my ISP to stop supporting spam. They want the anti-spammer's denial of service and use to rouse me to take up their cause. I should join them on the barricades. I am not going to do this because:
1) I don't have the time or resources to fight this.
2) I don't think my ISP has violated my rights. I think Julian Haight, et al. have violated my rights by taking from me functionality I have a valid reason to expect from my ISP.
3) I think that the anti-spammer's have held a huge kangaroo court in which I have been injustly tried and jailed.
Bureaucracy loves company.
Right, and if poor old Joe only got one legit message in a hundred, then the service would block ALL his legit mail. Or your math could be wrong. My money is on the latter.
If a service has a 1-in-100 false positive rate, then it will incorrectly block one in one hundred legit messages, regardless of the spam/legit ratio. If poor old Joe is getting about 50 spams for each legit email, then he's probably missing more legit email than that simply because he makes mistakes whilst wading through all the cruft. Filters don't have to be perfect; they just have to be better than not filtering.
You don't seem to see the difference between the courts holding an ISP responsible and users shunning an ISP. Since everybody loves analogies when we talk about spam, how about this one:
Your local mall rents space to the Ku Klux Klan.I can boycott the KKK store, but it's pretty meaningless, since I already have a defacto boycott against them. Should the mall be forced by law to kick out the Klan? No, why should the goverment be involved in this private transaction? Will I want to be seen entering a mall that has a Klan store? Will I feel safe there? Will I want my family to visit that mall? No, no, and no. Boycotting the mall hurts the taco stand in the food court, but I still wouldn't visit.
Boycotting the ISP is the same as private citizens boycotting the mall.They enable something I feel is immoral. There are people in the world who would boycott an entire ISP for hosting a pr0n site. More power to 'em. I disagree, but they have the right to do it.
Include in each email a valid reason why they are receiving this email. A link to an invoice they paid should be sufficient for this.
Remember, _you_ are sending bulk email using a prior relationship as an indication you have their consent to send them an email. The burden of proof rests on you.
That article is complete bullshit.
First, if an e-mail is not delivered, the recipient receives a notice of the fact, as long as he is properly identified as the source of the e-mail.
Second, I have had a number IP addresses in our range blocked by a whole host of different DNSBL, for many different reasons. The *ONLY* blacklists I never got removed from were those which block ranges for a whole region (like South America or Brazil).
Moreover, the process might take two or three days (though it's seldom more than 24 hours), but it's always VERY clear.
That article reads more as a pro-spam article in disguise.
(8-DCS)
The inefficiency of the RBL's in your case can be far worse on a bigger scale than a few false positives on RBL's... Why? Because if everyone starts to make their own lists, and innocent user X once upon a time mistakenly misconfigured his proxy, allowing anyone to spam, he/she will now find him/herself on countless of private lists, and have troubble sending e-mail even after getting removed from the RBL's.
In that respect, even though RBL's do make mistakes, and apply collateral damage tactics, it's easier to clean up your act and prove it to two dozen RBL's, than to convince a few thousand sysadmins that you're no longer bad.
Reminds me of that ISP I can't remember the name of... That openly condoned spam at one point, and got their entire network on tens of thousands of enraged sysadmins' lists. Well the ISP eventually went bankrupt, and was bought out by, ISTR, Telia. Telia quickly found out that the newly acquired IP range was essentially useless, since half the internet shunned it, and getting it removed from the blocks on every ISP in the world was just not feasible. Anyone remember this story in greater detail?
No offence to the poster of the parent, we all do what we have to to keep Spam at bay.
Haven't you ever heard of a newsgroup killfile? Guess what? They were were around and extremely popular long before the "internet" went mainstream.
If I want to use someone's spam blacklist it's no different than if I want to use someone's killfile. You have to the right to speak, but I don't have to listen.
Why should an ISP expect immediate removal? Surely if they take their time to eject a spammer from their networks they should expect likewise from the community? Considering blacklisting is used as a last resort when all other avenues - abuse reports, reeducation - have failed, why should it be an easy life? Why not avoid blacklisting in the first place and have a well monitored and working abuse department?
The spamers are playign tricks that are upsetting the Bayesian filters.
Thats why you see so many random words thrown in as well as misspelled words. Someone needs to do a bayesian filter with soundex support.
One other trick that is going on is the spamers are tring to drive the spam threasholds up. If your spam program seems most mail as 0-10, where 10 is always spam, what happens when the program sees a score of 100? Then does the program assume anything less than 50 isn't spam?
To the best of anyone's knowledge, SPEWS' approach is this:
1) Set up spamtrap addresses, seed them on Web and USENET
2) Receive spam: complain to ISP.
a) If spam stops, stop.
a) If spam continues, blacklist.
3) If spam still continues, expand blacklist by stages until the entire ISP is blocked.
4) Keep blacklist in place until
a) the ISP notices its problem and stops the spam
b) the ISP goes out of business
c) the Universe undergoes a heat death
Note that this is a LOT better than the alternative, where every mail admin runs his own blacklist. Such lists are virtually impossible to get out of, because nobody has the time to check for removals. I believe that a great deal of what was once AGIS IP space is still blocked at many sites, and that block is a 4c 'heat death' type.
Real Daleks don't climb stairs - they level the building.
> Nonsense. Spam is unsolicited bulk email.
Well, it's both (usually). It's unsolicited bulk email that is hawking garbage.
But the fact that it's commercial speech undercuts the idiotic First Amendment arguments that spammers make when they send email that's trying to sell stuff. Many of the laws attempting to shut it down hinge on its commercial speech aspect.
Non-commercial spam is still rare. Although I've seen it too. I even got a spam once from someone who was complaining about spam. It was so weird I kept it:This is probably just someone collecting email addresses, but in itself it's not commercial speech and spam like it wouldn't be affected by some of the laws that are floating around in state legislatures and Congress. I wonder how many email addresses they got for their "petition".
Regardless, the KKK idiot isn't worth your time, or mine, and I'd recommend ignoring him.
I suspect you may be right.
I've noticed this also. However, the nice thing about baysian filters is that they adapt along with the spammers. As spammers adopt new mispellings, the filter adapts to the new statistical model. Furthermore spammers can't do much about the features that result in a high ham score.
Thing is, I'm not interfering with the spammer's free speech at all. They're still free to say whatever they want. What I'm doing by using a spamblock is the equivalent of declining to go listen to their speech. What the spammers are yelling about isn't that people are trying to stifle their speech via spamblocks, but that when they do speak it's to an empty hall because nobody wants to hear what the spammers want to talk about.
I'm sorry, but the right to free speech doesn't include the right to require me to listen.