Slashdot Mirror
One Last Spamhaus Warning Before The End
kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"
Are they or aren't they Spammers. I have never seen their emails.
This
I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?
My work here is dung.
You know, if they had, say, actually defended themselves in court instead of not showing up and getting hit with the default judgement then perhaps they wouldn't be having this bloody problems . It's a shame they're going down, but it's a bigger shame that they're going down because of their own goddamn stupidity and arrogance.
That said, spamhaus.co.uk should still be up, right?
Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
One only has to read the news to see how much damage the USA does to the world, this will just add to that list, seriously its not the wild west anymore, you guys really need to shape up and get your act together before its too late
i say let the spam commence, a few weeks of 50,000 viagra/stock scams/drugs emails a day to the whitehouse and goverment emails (not to mention economic powerhouse companies) should change their minds pronto
Darren J
As I understand it, Spamhaus just has a list that people use in making their own blocking decisions. (Though that "own blocking decision" is of course "Is it on Spamhaus? Then block it.") They don't actually block anyone. So they could comply with the ruling by removing the "approved" spammer and then saying to all current and future customers, "We had to remove this guy from our list, but you should probably block him anyway." Then it's just a bunch of email users "on their own" deciding to block the spammer. The complies with the court order, while still defeating the spammer's goal.
Or is my understanding about a mile off?
Apology to Ubuntu forum.
What's stopping them from getting a domain name in a non-US-controlled TLD?
I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.
Somehow I think enough people find Spamhaus useful, that if they asked they could probably take up collection and get enough money to afford a new domain, and right now they have enough press coverage to ensure that it would be publicized. Sure, it would be a PITA for a lot of mailserver admins who would need to change the address, but that's still a lot less work than filtering their spam by hand.
It sounds like Spamhaus is getting ready to 'cut off their nose to spite their face,' or in this case, destroy themselves in order to try and prove some point to a Federal Court in the US that couldn't give a damn one way or the other. If they're trying to make a point, this isn't the way to do it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Go to e360's home page. All it shows is information on their frivolous lawsuit. There's nothing to offer their marketing services, to opt in, or even opt out.
Where were you when the voynix came?
My work here is dung.
If ICANN was compelled to do that, it would be the end of US net governance. The problem here is one spamming fucktard gaming the legal system and any sane judge would dismiss the case as being outside their juristiction.
This case is a fucking joke!
If they defend themselves, they open themselves to a "tidal wave of lawsuits by spammers". So it wasn't just a "Muahahah! You have no jusris-dick-tion here!", but it looks like a real legal strategy.
perception is reality
Has anyone reading this ever opted into e360? Or have you heard of anyone that has? (I guess, to be fair, has anyone gotten email from e360 or any of its spamsocks such as bargaindepot.net ?)
Where were you when the voynix came?
Clearly Spamhaus does not have enough friends in high places. If they -had- K Street influence, (Cha-Ching! $$) their dire court situation would be relieved to a great extent by legislative or some other branch of gov't giving them a way out.
Look at how long and how much money it took for the Crackberry developer to get the federal gov't to do things like the "emergency review" and subsequent invalidation of the submarine patent owner that went after them while they were clearly set to lose in court to the submarine patent holder.
I would be very interested to see/hear if there isn't K Street pressure to kill spamhaus off so other companies that DO legislate can make consumers pay more for the "luxury" of good spam filtering.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
It's not a joke. It would be easier to deal with if it was.
I for one whould like to see how ICANN responds when ordered to turn in a domain name. I'd like to know how the rest of the world responds when the US starts using it's ownership this way.
As for the list, switching to spamhaus.org.uk will be trivial in most cases, i really doubt the rbl domains are hardcoded anywere. Perhaps spamhaus should see if they can make the list inaccesible to US users as well, since they seem to think everybody (even foreigners) is required to accept their commercial email.
Just let it happen, and see is anyone likes the result. That just seems to be the only way to introduce commen sense into things like this.
quote--
"Suspending a domain name isn't the same as suspending a Web site," said Jonathan Zittrain, a law professor at Harvard and Oxford universities. "Spamhaus is intended for use by people who run mail servers - in other words, technically inclined people. If Spamhaus wanted to, it could simply pick a new domain name, or use no name at all."
Domain names are merely shortcuts to access a site's true, numeric Internet address. Spamhaus could simply distribute that address instead of the domain name.
------
this guy may be a law professor but he obviously doesn't know how it works.
If my mail server gets an email from 1.2.3.4 it will do a dns lookup on "4.3.2.1.sbl.spamhaus.org". if that dns request returns an address, that ip is in spamhaus' list, if it returns none existant domain, the ip isn't listed. The actual address
returned is not important (its usually 127.0.0.2).
It's very easy for spamhaus to choose a new domain, although it requires all users to upgrade their software, but they can't just hand out the ip.
How can a judge essentailly rule that a group of people, in another country, cannot add someone's already public information to a public list?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Spamhaus and other block-list pushers are a solution to spam that's worse than the problem. I understand that it's up to individual ISPs to decide what they do with these block lists, but too many were relying on them blindly to reject email from any source that ended up on a block list. Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked. Perhaps it's indicative of the arrogant attitude of outfits like Spamhaus that this happened to them. Maybe this will serve as a wake-up call to other block-list operators to act more responsibly, but I suspect they'll ignore it and continue business as usual.
RBLs use/are based on DNS. You cannot reference a simple IP address for RBL services.
He could, however use any domain name.
What's the difference between spamhaus and spamcop? Don't they both have blackhole lists?
"We are all geniuses when we dream"
- E.M. Cioran
This would be a good time to remove control of ICANN from the US government. A judgement in an Illinois court has no juristriction in an organization based in the UK. If they go ahead and suspend Spamhaus I can see the EU and the rest going their own way and setting up their own version of ICANN. Imagine what would happen if China arbitrally suspended falun.gong.org.
The Letter That Won US Internet Control
davecb5620@gmail.com
In a UK court, Spamhaus should sue ICANN for unjustifiably removing their domain name. They could argue that ICANN removed their domain for reasons that do not legally apply to Spamhaus, on top of the fact that the Illinois court has not actually ruled against Spamhaus on anything (IIRC, the spammer was granted a temporary injunction prior to a final ruling). I'm an American who believes that having a single domain name registrar under a single government is really stupid and a great way for the US government (or agents thereof) to screw other countries. I believe that Americans should have power over America and over non-Americans who are a threat to personal liberties of Americans. Controlling ICANN and screwing with Spamhaus steps outside of those bounds. Perhaps after this, people will realize that it's necessary to liberalize ICANN.
This is a power play by Spamhaus, but it's a totally justified power play. And I applaud them for not giving in to the demands of a stupid court that has no jurisdiction over them or any reason in the first place to pass an injunction against them. If their domain name is removed, then the fallout from all of the additional SPAM will be cause a great deal of trouble.
You guys are blowing this all out of preportion.
LET them take the domain down. That way we can start attacking those spammers through the legal system once and for all!
I know it hurts, but THINK.
Google groups
(from http://www.spamhaus.org/legal/answer.lasso?ref=3)
Why doesn't SpamHaus publish a /etc/hosts file as a stop-gap?
If I subscribe to a RBL it means I dont want the junk no matter who is on the list. It means that opt out or opt in doesnt really matter to me. Im really tired of companies arrogant enough to think that my happening to hit their website once constitutes permission to spam the crap out of me on a daily basis. Here's another clue, the folks you are objecting to are the ones who you dont have a snowballs chance in hell of selling a product to. If we are smart enough to know what a RBL is we are smart enough not to read the crap your sending. At least with paper junk mail I know that it cost them something to get the crap to me and I can throw it out or burn it, spam is the only situation I know of where I have to pay for someone else to annoy me.
I really think the idea of white lists or per email fees is starting to come due. Yep its a hassle and the idea of paying for email kind of sucks but if done right it would have little effect on the average user but really make spammers accountable. I'd like to see a monthly or weekly cap over that and you pay. I also would like to see the Icann or someone rule that non working or non existant opt out's result in an immediate revocation of ALL domains owned by the offender.
"Spamhaus and other block-list pushers are a solution to spam that's worse than the problem."
I've never had a problem not receiving legitimate e-mail. But spending 20 minutes a day clearing out my inbox of some tosser trying to sell me VltAGRA is a right pain. Right now in my unusable real e-mail box 238 unwanted adverts for s@#% I don't need.
re Re:Not such a bad thing
davecb5620@gmail.com
As stated by numerous other posts, Spamhaus needs DNS records as the RBL works using DNS.
However, just because ICANN suspends a domain doesn't mean that its out of DNS. Anyone with a DNS server can still serve the records. Not all root servers are under ICANN control.
Many email servers have their own DNS server (if only for caching). I say, manually add the records in defiance of the SPAMers and their abuse of our legal system!
They're not all created equal and citizens should pay attention to how they get on the bench.
Are you in a place that elects judges? It's hard to get good information about them, but the Bar Association ratings are better than nothing. Are you in a place that appoints judges? Maybe there are retention elections later.
Are you in a place that's completely appointed? Ask candidates how they would go about nominating judges. Watch their platform and their colleagues for signs that they might appoint sleazy hacks.
Ask the right questions. For a legislator, you check whether you agree with his/her decisions. For a judge, you ask whether the decisions are clueful and whether people in the judge's courtroom get a fair shake. If you agree with all a good judge's decisions, then you must be agreeing with all of the laws, which doesn't seem likely here on Slashdot. Expect to disagree: the question will be whether the decisions were soundly based and informed.
People who chose to use them for filtering will just as easily update their configs to a new domain. Those who can't because they did it "automatically" probably shouldn't have as they need to understand how it works and how to balance black listing with other ways to control spam.
Hyperom.com
Spamhaus does not "block" anything. All they do is list the addresses that meet their criteria for listing (yeah, I know that's redundant).
Mail admins can choose to reference that list (or not) and block / flag / delay / whatever based upon it.
I use Spamhaus with SpamAssassin, but I don't block or deny. It just adds to the spam score.
Spamhaus does not block. Spamhaus just lists.
Mail admins block.
Spamhaus doesn't think that ICANN would be so stupid as to take the somain name away. ALso, it appears that Spamhaus has been planning all along to file an appeal. This was a smart play; they ignored an obviously bogus case, and now they can get an appeals court to smack it down, which will set a heavier precedent and make future lawsuits against them much harder. Very clever. There also may be a SLAPP countersuit available now too.
...where was it... oh, I know! This is from Ghostbusters, right? Shutting down the containment grid would be a big mistake... cats and dogs, living together... government authority figure who thinks what he's doing is best... a storm of ectoplasmic spam descending on the world...
It's okay, guys. Spamhaus will lose their domain for a night, then get it back along with a huge government grant to go find a way to stop th emess that was made when they were shut down, and it'll all be cleaned up in time for a sequel.
In the long run.
Think about it - let's say Spamhaus is effective enough that they're stemming the tide of spam (which I've noticed has increased 50% in the past month or two).
So they shut down, and everyone using them suddenly gets lots more spam. Those who only use Spamhaus as a suggestion won't notice too much, but now everyone else realizes how big the problem really is. Which may call for action, like revamping the email infrastructure. It only takes one important congresscritter to suddenly have his blackberry reject emails from other congresscritters because it was full of spam. Or heck, imagine government paralyzed because they're spending more time deleting than responding.
Sometimes you have to realize that spam filters may be part of the problem - those who rely on them start to get a distorted idea of how much spam is out there. So turning off the filters for a few weeks may be a better solution to get people moving.
Or rapidly degenerate email to the point where the only use of it is spam, so no one bothers using it anymore. Which would be a good solution too as it can lead to fast implementation of next-generation email solutions. (Forums have replaced mailing lists, IM has replaced quick "how are you doing?" emails, and so on). If people's phones ring multiple times a minute... or if a junk fax started using up all your paper and toner/ink in the course of an hour...
Like I for once would like to kill bounce emails - you'd be surprised at the number of MTAs and spamfilters that contribute to the spam problem - their bounce replies are spam basically (no viable From address, etc). And those that whitelist, well, depending on the mood, I intentionally whitelist them. If they spam me because they don't want spam and don't bother believing that From addresses can be forged, too bad.
Sometimes letting the broken thing (SMTP) break down is a good thing rather than continuously patching something to do what it really can't do.
Maybe that's exactly what is needed. A flood of spam, drowning everything and especially e-commerce.
So far, the war has been fought by amateurs vs. increasingly aggressive and organized criminals. But the amateurs have been fairly successful, so nobody really noticed. Open the floodgates and let everyone realize that spam really is a problem that needs to be dealt with, once and for all.
Assorted stuff I do sometimes: Lemuria.org
Spamhaus implicitly asked the court to take jurisdiction when they ask for the case to be transferred from state to federal court.
If they had done nothing, the court probably would have dismissed the charges for lack of jurisdiction.
If they had asked the court to drop the charges because they were a UK entity and a US court doesn't have jurisdiction, the court probably would have agreed.
But no, they explicitly asked for the case to be transferred to federal court, implicitly acknowledging the jurisdiction of the court and then they never came back.
The judge is saying, "You asked for this. We went to a lot of trouble to accommodate you. Where are you? If you don't show up, I'll have to find for the plantiff."
They shot themselves in their own foot.
Matthew Prince has a good summary.
Oh boy, a "spam" blacklisting site closing its doors. Good fucking riddance.
When are people going to realize that blacklisting causes more problems than it solves?
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
The real problem here is that spam is considered an "annoyance" and is legislatively treated as such. In that light, it becomes "my business model, revenue, and profitability" vs "your annoyance" vs "their attempts to help others deal with spam." It also gets into a delightfully grey realm of defining "spam" vs "legitimate commercial email." Because these aren't simple issues, and the defined reason to stop spam is "annoyance," nothing substantive happens.
Think differently...
From what I've heard, spam constitutes something over half the traffic on the Internet. Think of blocking half of a water main, or half of a sewer, or half the lanes on the highway. No doubt at all that this would be considered more than just "an annoyance," but that's pretty much what spam is doing each and every day. Look at the legislative "encouragement" to build more bandwidth and the end-to-end compromises being threatened, but in reality we're wasting over half of what we've got, already. Spam is much more serious than just an annoyance.
How's this for an idea - link it to terrorism!
Imagine for a moment that you want to transmit secret, untracable terror plans all around the world. Simply put "V1agra" on the subject line, send it to EVERYBODY, and you're pretty much guaranteed that NOBODY will read it. You could probably send your plans in clear-text safely, but steganography would be advisable.
So here it is... Spam is really a secret terrorist communications channel! It needs to be stopped!
The living have better things to do than to continue hating the dead.
How does one go about contacting Judge Charles Kocoras? I did an admittedly quick Internet search and couldn't find an e-mail address.
Titus Barik
From the linked article it's apparent that many people are ignorant to the problem simply because mail admins block spam quietly, before it becomes a problem to the user. The journalists who think spam isn't a problem should really have their spam filters turned off.
Maybe we should disable _all_ spam filters for one day.
Let's call it "Spam awareness day" and show the journalists just what Spamhaus etc. really do.
This ruling is a total farse IMHO, but with ignorant journalists, judges and so called "experts", nobody will ever be aware of the repercussions.
Lindhart is the spammer at e360. On Spamhaus's website they have posted lots of email that they have received from him. It included the following:
From: david linhardt
Subject: mail fraud and identity theft
Be advised, I am aware that members of the spamhaus organization are using my personally identifiable information to fraudelently order products and services on my behalf. I know this is true because I mistakenly provided you with my home address...
It would seem that the servers at http://www.synergylawgroup.com/Synergy_Law_Group/o ur_attorneys.html are a bit under load. I tried sending them a note about their bottom feeding partner and got this:
--- Server Error in '/' Application. SQL Server does not exist or access denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: SQL Server does not exist or access denied. ---
I hope their MS server burns in hell. -TheMadCow
Sigs? We don't need no steekin Sigs!
Maybe the solution is just for European ISPs and backbone providers to just stop syncing to the ICANN DNS roots.
You can't "take" ICANN away from the US government, no matter how much people in Europe don't like it (how exactly would you "take" it? Invade? Haul the servers away in a truck in the middle of the night?).
The U.S. only controls the DNS system because everyone else in the world implicitly agrees to use it. If you think that the U.S. Government is ever going to give up control of ICANN, you're insane -- they never will. However, if enough people switched to some other DNS root, then the USG's "legacy" system would just become irrelevant.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
The fact that they seem to be purely a marketting firm with nothing better to put on their frontpage would be enough for me to manually blacklist them. They go as far as calling Spamhaus a secret organisation: http://www.e360insight.com/
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
It may be a little more fashionable in a country without a Constitution to debate important issues politically, as Spamhaus is currently doing, rather than legally.
But even there ignoring the legal system will cost you dearly.
Courts and judges may be ignorant of the Internet, but you still have to call them "Your Hono(u)r", and using them — despite the ignorance — is still better than settling the matters via violence (either directly by the parties or by their champions), which is the only alternative currently known.
In Soviet Washington the swamp drains you.
For shame!
Their web site has lots of useful information.
And I think you should get it all with
wget -r http://www.e360insight.com/
Repeatedly, if necessary.
In short, the Illinois court made a STUPID FUCKING BONEHEADED decision, and the judge or jury should probably be removed and caned, but it is certainly procedurally possible for them to hassle SpamHaus regardless of where you register the domain name.
Your interpretation of events, not the Illinois court, is the only thing boneheaded here, assuming you are a fellow American. If your nationality lies elsewhere then I apologize for the preceding.
I think your anger over the decision is clouding your thinking. Calm down and take a second look. The federal government, not state government "oversees" the net:
"ICANN is a California non-profit corporation that was created on September 18, 1998 in order to oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. Government by other organizations, notably IANA."
http://en.wikipedia.org/wiki/ICANN
One can also make an interstate commerce agument, again a federal jurisdiction not state:
"Article I, Section 8, Clause 3 of the United States Constitution, known as the Commerce Clause, empowers the United States Congress "To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes.""
http://en.wikipedia.org/wiki/Commerce_clause
Spamhaus' loss should be a lesson to everyone writing automated network notification protocols. The people depending on Spamhaus shouldn't have to depend on Spamhaus' domain name. They trust Spamhaus. Spamhaus' notices should include a message that reconfigs the listener to listen for messages at a different network address, and a URL to an explanation/discussion.
;) mistake. And hopefully Spamhaus current subscribers won't get burned so much by those taking over Spamhaus' address that they distrust these kinds of protections, even when they're upgraded.
Of course that reconfig message opens a potential hole for attackers to exploit, but the protocol must include authentication already or it's worthless.
A protocol which depends on a fixed network address, whether IP# or domain name, can be attacked by attacking the address, as Spamhaus just proved. Hopefully its successors will learn from their terminal (pun intended
--
make install -not war
it would be for them to register and use http://spamha.us/
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I think giving the ICANN to the U.N. would be a uniquely terrible idea. It's hardly democratic -- any body where every country would have the same say in how the internet was run, without regard to the number of internet users or infrastructure there, would be a total farse. (Can you imagine giving North Korea the same voting power as China, Germany, the U.K., or the U.S.? It would be ridiculous. You'd have tons of small nations who aren't connected and don't care about internet governance selling their vote to the highest bidder. You might as well just auction the process off and be done with it.)
However, that doesn't mean that the status quo is a good system, either. A democratic system run by internet users, or where internet users at least had some influence over the decisions made by the governing body (similar to OpenNIC) would be a good compromise.
If the vast majority of internet users think that you're a spammer or detrimental to the network in general, there's probably a good chance that you are. I admit, there's always the chance of having a "tyranny of the majority," but I'll take the tyranny of the majority over the tyranny of an actual tyrant any day.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
the service Spamhaus does is done via DNS records
when my email server receive some mail from 1.2.3.4, it looks up 4.3.2.1.sbl-xbl.spamhaus.org and, if the address exists, it closes the connection (so that the mail won't even clog our intertubes). Now, I already changed it to look up 4.3.2.1.sbl-xbl.spamhaus.org.uk, but other 650 MILLION servers still have to do the same. Because if they don't, and this judge thinks it should call, their email load will get up by 20x or so. Got it now?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Despite all the predictions of doom and gloom, and despite the attempts to mitigate blame from Spam blacklists to mail admins, I say that this is the inevitable conclusion to the way broad "spam blacklists" are run. As annoying as SPAM is, it can't possibly compete with the damage that spam-blocker's false positives have on the e-mail system. The company I work for has never sent a single piece of spam, but we routinely find ourselves dealing with problems relating to open blacklists and spam-catching software. You have to understand that when business relies to e-mail as a communications medium, it can't afford to have that vital conduit blocked because some asshat administrator insists that your company spams or is an open relay or whatnot when it is in fact not. Even my ISP's domain is frequently blocked, even though they're one of the largest telecomm companies in Canada. One of two things needs to happen: either spam needs to be legislated out of existence, or a proper organization needs to be set up in order two blacklist spam servers while doing their utmost to prevent false positives. Because when it comes down to it, getting a load of annoying junk in your inbox can't compare with never getting a critical e-mail about your job, family, business, or finances.
That was the sound of a joke about the 51st state flying over your head.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
I call BULLSHIT. If they had defended themselves in a US court that would have legitamized the US jurismydicktion of the matter, thus opening Steve and Spamhaus to challenges from ANY court in the WORLD. This is a very simple concept that apparently you do not get. Alan? Alan Ralsky, is that you? Eddy? Could it be you?
Let's say Iranian courts convict USA corporations of "lewd behaviour" or any such thing which is illegal there. Do you actually think USA corporations should go to Iran and defend themselves in court?
Would it be stupidity and arrogance not to defend themselves in every country they get sued, regardless whether they actually do bussiness in that country or not... or would that be just good and common sense?
USA courts have no jurisdiction over companies in other countries, it's as simple as that. The USA itself would be the first to make an international fuss about it, if it happend to THEM.
--- "To pee or not to pee, that is the question." ---
e360 asks:
"They are thumbing their nose at an order of the court," Loethen said. "What else can we do?"
How about trying to sue them in the UK, unless they are just interested in taking advantage of the way the US legal system works - which seems more like the case.
Jumpstart the tartan drive.
e360 commited purjury in court. They even admit to it - Spamhaus is UK based, but they claim it to be operating in America. Check out the site: http://www.e360insight.com/
PS. Wouldn't hurt my feelings if, oh, 10,000 slashdot users hit the site with wget -r running as 10 separate subprocesses...this fucktard needs a serious hit from several thousand people with a cluestick, maybe he might get the point and back the hell off if the internet dumped their entire bandwidth down his pipe...
And how is this the fault of spamhaus? They're clear about what their listing criteria are, it's up to mail admins to decide how to use it.
This is true. Maybe Spamhaus could also add a grey list which lists what they believe are Spammers, but the so called spammers have claimed they are not, but have yet to prove they are not. Mail admins could then decide whether or not they want to include their grey list.
Jumpstart the tartan drive.
you are the one who is wrong.
Everything was fine with our system until the power grid was shut off by dickless here.
What the fuck are you talking about? How is anything you said even remotely related?
Sticking feathers up your butt does not make you a chicken - Tyler Durden
e360insight.com is an obvious shell company that covers the true spam sites that are blacklisted by defendant "Spamhouse.org"
e360 is covering their identity and has no real business that is obvious from their empty homepage and hidden domain owner.
NETSOL:
Moniker Privacy Services E360INSIGHT.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
[e360 uses privaci moniker]
Is even more obvious that "Spamhouse.org" (unfortunate name) only provides listings of possible spammers (that is continually updated and verified).
Such a twisted ruling may spawn way a for even more spammers to get removed from such a lists and end up with a dirty prize money. Unbelievable, unbelievable... really. Sue back guys. And HTF they can even seize domain name??? Where is this world f**** going to.
They look like spammers to me. Either way, I dont want any email from them.
Wish I had mod points left...
damaged by dogma
What the fuck are you talking about? How is anything you said even remotely related?
..."
..."
It was stated that: "In short, the Illinois court made a STUPID FUCKING BONEHEADED decision
The response was: "Illinois court was correct, fed jurisdiction
Hope this helps.
In a distributed denial of idiocy campaign ;)
Julian
I go out of my way to complicate the simple things, so that I can simplify the complicated things.
This sounds like a business oppotunity for a law firm. Agree to represent Spamhaus pro bono if you get to keep 75% of the take (minus the expenses). Then turn around and file a counter suit against the spammers on Spamhaus' behalf, contending that they really are spammers in violation of US law. Since there is gobs of evidence that these really are spammers, the case should be a slam-dunk.
===== Murphy's Law is recursive. =====
In the event you would like to express your opinions to his Honor, Judge Charles P. Kocoras, taken from HERE.
Or perhaps set up a rule to forward your new Spam (said sarcastically because I know that makes one no better than the spamming scum -- but you can pretend).
if a canadian company was dumping cyanide whatever just above the border, and canadians had no problem with it- then the US is without recourse?
every day http://en.wikipedia.org/wiki/Special:Random
They could bring up their website again by distributing an IP address -- but not their RBLs.
But the administrator of the MTA's local name server can add a reference to Spamhaus' name servers to his own nameserver's configuration and bypass the root servers. Then it all works again.
Instructions in this post by The Blue Meanie (223473).
And the MTA administrator can always set up a local nameserver if he can't make the change to the one he normally would be using. (It's probably simpler than hotwiring the MTA configuration.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
They should get a .uk domain. Then they worry about the UK courts not the American ones. Regardless of how you think it should be, the reality is that the companies that control domain names are subject to the laws of the country they are in. For most (maybe all) non-country domain names they are run by US entities and thus ultimately subject to US law. The answer, if you are a non-US entity/citizen, is to use a domain from your own nation. Then you deal with them and their courts. For example a .ca domain is controlled by CIRA who is subject to Canadian courts.
If you get a domain outside of your country there's no problems, however if someone challenges your ownership of it in that country, you'll need to defend it in that country's courts.
Also, in Spamhaus's case they made a mistake. They didn't just ignore the proceedings outright, they initially filed a motion, THEN decided to ignore them. Had they ignored them outright, there'd be a much better claim that the court has no jurisdiction and thus the whole thing might go away. However by filing a motion in court, you accept that court's jurisdiction. If you are going to fight it, be ready to fight it all the way, otherwise just pretend it doesn't exist other than to say "This court has no jurisdiction over us."
The ITU, ISO, and IEC do okay because there's very little politicization of their decision-making processes. When's the last time that the ITU did anything that average people cared about? The ITU for the most part just acts as a mediator between various national regulatory bodies, and does very little actual rulemaking itself (and where it has veered into that, it has been the subject of criticism for overstepping). The ISO isn't exactly a great example either -- they had a go at the whole internet business, with the OSI project, and it sucked and was made irrelevant by TCP/IP and the IETF, principally due to ISO's mismanagement of the whole thing. You really want to give the Internet back to them for another round? No, thanks.
.xxx and spam are just the tip of the iceberg, and cannot be passed down to various national or local jurisdictions, as similar problems in the radio or telephone world might. The current generation of Internet protocols is not going to last forever, and when their replacements are designed, there are lots of opportunities for monitoring, censorship, or regulation to be inserted. Whatever body has control of the Internet (whether in reality or just in name) will wield a tremendous amount of power, far exceeding that held by any of the regulatory bodies currently in existence, and this will only increase in the future.
An Internet governance committee would not be able to avoid the spotlight; there are too many unresolved, very contentious issues. Things like
Just because a UN body has done an acceptable job of delegating radio spectrum for further regulation by national authorities (which is the bulk of the ITU's job) doesn't mean that they wouldn't make a giant cockup of something as potentially contentious as Internet governance.
Maybe you should turn off Air America for a moment and realize that the U.N. -- an organization designed to find consensus between countries -- isn't necessarily the best way to achieve consensus among people, and might be nothing but an unnecessary middleman where a more direct, open, apolitical, democratic process would do fine.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
So do we know what e360's netblock is? I would like to block their netblock at our router and deny them any access at all to my netblock, regardless of Spamhaus being up or down.
For some people email may just stop, at least for a while.
What does YOUR domain's MTA do if it can't resolve spamhaus.org? Pass the mail anyhow? Hold it for a later retry?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
This problem is chronic as the courts try to figure out how old laws apply to the internet. It applies to pornography, which the courts have held should apply "local standards". What does that mean when a picture posted in Japan shows up in Kansas? Can New York collect taxes from someone who never enters New York just because his computer is dialed into a company located there?
A lot of our laws are based on "where" something happens, so what do they mean when "where" doesn't matter?
===== Murphy's Law is recursive. =====
Naturally the e360 website cannot be totally trusted for veracity regarding this case, but spamhaus does't seem to be behaving rationally. In fact the above described actions seems to reek of revenge.
e360 is alleging defamation. Spamhaus should have come to court and said, "our list includes IPs that fit the following criteria. Here are our records that show that the IP in question met the criteria, our clients make a decision to block emails based on that list. This is why it is in the public interest for this information to be known." If e360 did in fact meet the criteria no defamation would have taken place, and the case would be dismissed. Once this precident was established spamhaus could counter-sue any other such frivolous legal attacks. Of course if spamhaus really did mistakenly list e360, as e360 claims, then scew 'em. They shouldn't have been such pricks about the whole thing. In order to responsibly administer a list like spamhaus it seems you would need to be very thorough about record keeping and documentation. If you aren't you DESERVE to be sued.
note on defense against a defamation claim from wikipedia:
-- QED
The question is, can the US effectively legislate 'good' admin procedures? Where does this jurisdiction end?
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
I still don't quite understand it, though. (And maybe the judge doesn't, either, hence the problem...) How could ICANN "kill" a domain?
.com and .net are managed by Verisign, .org is run by the Public Interest Registry, .edu is EduCause, etc. So if you wanted to order someone to shut down spamhaus.org, it would be PIR or their "technical partner," Afilias Ltd.
ICANN controls the root nameservers, so they could conceivably "kill" any TLD of their choice (not that this wouldn't be insanity, but it's technically possible), but they don't manage any of the domains within the TLDs themselves, at least to my understanding.
The best response ICANN could make to the request to put a hold on the name is "we can't do it." At the very least, it would deflect the request to the actual maintainance organization for the TLD (in this case PIR), who would be in a better position to accede to or refuse the request. The updating, maintanance, suspension, or takedown of individual domains just isn't within ICANN's jurisdiction; one would hope a Federal judge would understand that, conceptually.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Guys, I know that everyone (oddly enough, especially Europeans) want to make this into a Europe v. U.S. issue, but it isn't.
:
A. First, Spamhaus argued that this case belongs in U.S. Federal Court. That's mistake number one; you don't tell a judge that your case belongs in a certain court, and then refuse to show up. Even odder, they say this, "But, to ensure this doesn't happen we are working with lawyers to find a way to both appeal/contest the ruling and stop further nonsense by this spammer." The question is, why didn't you guys work with lawyers before hand?
Take a look at http://www.spamhaus.org/legal/answer.lasso?ref=3 . Spamhaus makes a compelling case there as to why the court should not have jurisidction over them. So why would you _not_ present this evidence in court; especially after you've already told a court that they DO have jurisidiction over you.
B. Look at Spamhaus.org (or a mirror, if you can now). What logos does Spamhaus display on their "About Spamhaus" page. I'll cut and paste the organization names, about whom Spamhaus says, "Spamhaus works with many Law Enforcement agencies and cyber-crimes teams worldwide, assisting investigations and compiling evidence on illegal spam operations. Our main working partners are:"
1. Federal Bureau of Investigation
2. National Cyber-Forensics and Training Alliance
3. United States Postal Inspection Service
4. National White Collar Crime Center
5. Internet Crime Complaint Center
6. Department of the Treasury
7. Internal Revenue Service
When you work with this group of U.S. government services, and claim that they are your first line of working partners, it's difficult to argue that U.S. courts should have no standing over you.
C. Spamhaus does business in the U.S.!
Spamhaus makes this claim, which I do think is one that would require discussion in court:
"
Claim: An Illinois court has jurisdiction over Spamhaus in the United Kingdom because Spamhaus does business in the State of Illinois.
This statement is false. Spamhaus does no business in the State of Illinois. Spamhaus has no office or agent in the State of Illinois nor any affiliation with any Illinois resident or entity. Spamhaus is a British organization and is not subject to Illinois County Court jurisdiction. Spamhaus advises Mr. Linhardt to re-file his case in the proper venue, a law court in the United Kingdom.
"
Consider that Spamhaus has a public mirror (perhaps several) in the U.S., over which Spamhaus has tight control. Furthermore, consider that Spamhaus sells a Datafeed service to U.S. residents. On http://www.spamhaus.org/datafeed/pricecalculator.l asso , prices are listed in Dollars, not Euros.
Given that they sell this service, and given that they manage servers in the U.S., it is difficult to argue that they don't do business in the U.S., and certainly is an issue for substantive debate. Not something you can win by default, and certainly something that a non-technical Judge would (fairly) decide without a defense.
Summary: The Judge, in this case, made a good decision. A company brought forth a fairly legitimate looking claim, one which may be somewhat feeble but had some legal grounding. The defense argured that it was not within Illinois's jurisidction, which *is* true, and then argued that it belonged in Federal court. The illinois judge said, "fine". Spamhaus then proceeded to ignore the federal court.
What did they expect?
They should have argued from the begining that this did not belong in U.S. courts at all, and the proper jurisidiction would be Britain. That *might* have been a lengthy discussion, because Spamhaus does, indeed, offer services within the U.S. for pay, as well as free listing services; and being listed on a spam list may or may not interact with libel laws.
Either way, I think Spamhau
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
On one hand you have an email marketer such as e360... I would bet the last piece of wood from the farm that this guy does spam and doesn't maintain real opt-in opt-out lists. Then again most spam in the world is sent via worm or hacker pown-ing a machine anyways of which this e360 insight probably has a few people working for them that can do that. BTW this firm has a contact form with out a captcha so bot away at!
On the other hand you have spamhaus which isn't exactly an attentive understanding organization either. My colocated machine used to be in one of their blocks of blocked IPs. There is nothing they will do. They blame the data center people and the data center people say they have been trying for a year to get spamhaus to listen. Infact one email exchange with Spamhaus they told me to please go walk infront of a bus.
So this definately is a sticky situation I am happy to see the PUNKS at spamhaus get their upcommings but not at the price of having a marketer winning a case. You know maybe if Spamhaus would stop being arrogant prickies and show up at court maybe the case would have gone the other way. The whole famous story of the woman who sued McDonalds over hot coffee spillage was won simply cause McDonalds was arrogant and laughed at the woman.
Personally I have had better results using other lists, here is a typical logwatch:
Messages rejected using Anti-Spam site 1959 Time(s)
bl.spamcop.net identified 124 spam messages
cbl.abuseat.org identified 1817 spam messages
dnsbl.njabl.org identified 18 spam messages
Once I put on the abuseat.org spam dropped considerably and no customer complained of mail not getting through.
Just my $0.02
Rob
Huge apologies for this typo, I did NOT intend to defame anyone by suggesting sex acts. OOOOPS!
-- QED
So, what precisely is a client hold? Personally, I'd be tempted to lock down the zone file for spamhaus and disallow further editing until the court said so. That's a hold, right?
I doubt it'd make the court too happy, but I think we've already established that the judge in question is a complete ignoramus in regards to how things work here on the intarwebs.
Fill in your four or five-letter word of wisdom here _ _ _ _ _.
I think your anger over the decision is clouding your thinking. Calm down and take a second look. The federal government, not state government "oversees" the net:
You're an idiot, and you apparantly don't know anything about the law. Since the federal government created ICANN as a not-for-profit corporation, it is no longer a part of the government, per se. Therefore, your statement "The federal government, not state government, 'oversees' the net..." is incorrect. ICANN is nominally and practically independent of Congress and the executive branch.
But even so, whether ICANN is an actual Federal agency or not is beside the point. If a state court decides that it has jurisdiction over a matter, it can order around whomever it damn well pleases. Were ICANN a Federal agency (it isn't), and were it actually party to the lawsuit (it isn't), there would be a strong argument that the state court has no jurisdiction But it's up to any given court to decide for itself whether it has jurisdiction, unless the matter is appealed, so this is kind of moot.
One can also make an interstate commerce agument, again a federal jurisdiction not state:
Now you're REALLY showing your ignorance of the law. The ICC applies to actions by Congress and the executive branch, not the courts. It's perfectly acceptable for a local or state court to enact a remedy that affects interstate commerce. They do it all the time. (This is kind of like how the 1st amendment applies to Congress, but not to the courts: a court can impose a gag order without creating a violation of the freedom of speech.)
Your interpretation of events, not the Illinois court, is the only thing boneheaded here, assuming you are a fellow American.
Why don't you learn a little bit about the law before you go around correcting people? Might save you some pride.
I tried to resolve spamhaus.org today, from 3 different locations, and it's no longer resolving. I changed my mail servers to use spamhaus.co.uk (based on the previous /. story that said that's the new home), but haven't checked my logs to see if that's working yet. However, http://www.spamhaus.co.uk/ leads to a storefront.
Is this the right address? Is it an attempt to fool the idiots in IL into believing that they've won (if they're dumb enough to side with spammers, they're probably dumb enough to fall for it)? Does spamhaus.org still exist?
This threat only exists because a judge can order ICANN to remove someone's domain name.
Critical information (and someone's opinion about who is a spammer and who is not, just may be borderline critical) should be distributed so that it is impossible for a judge or other government entity to supress that information. I realize it's convenient to be able to use DNS to find Spamhaus' servers and convenient once you have their address, to query their servers. But convenience and robustness are two different things.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Same goes for every other arrogant blacklist vigilante group who don't do adequate due dilligence.
They cause as many problems as they 'solve'.
Alas, it appears at the moment (at least from where I sit) that spamhaus.org.uk != spamhaus.org - at least in the sense that sbl-xbl.spamhaus.org.uk doesn't appear to be giving out any answers, like sbl-xbl.spamhaus.org does.
then you'll suddenly get lots of email from them to satisfy your curiosity.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
"Considering e360 lied and claimed that Spamhaus has a place of business in Illinois, and they are based in the UK with NO US offices, I hardly think an Illinois judge has the right to strip them of their domain. And even if it does happen, big whoop. In under 5 minutes, Spamhaus.co.uk will be up and running - lets see a US judge take that domain away...."
Oh what lack of faith in lawyers have you.
You're missing the point that every (legacy) domain name on the planet is under the aegis of ICANN, which is a California corporation. As a single point of failure it's been pointed out many times that this sort of thing might happen. It still might.
The answer? http://spam.haus/
If people agree this is how it should work no court in the world will ever be able to do again what the illinois court is about to do. The first criticism that shows up will be "but this use of an alterative domain balkanizes the net" to which my response would be "anybody useing spamhaus is already using a balkanized net".
The implementation of this is left as an exercise to the reader but there are many way to do it and many organizations that will help. Of course, aw always, the mere threat of this happening may be enough for ICANN to not force their domain to be shut off.
DNS policy is a weird little ecosystem.
Need Mercedes parts ?
Shouldn't we all send a e-mail to eurid and kindly ask them to assign spamhaus.eu to The Spamhaus Project ?
They can and presumably do make mistakes, but they're about the best out there.
Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)
Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
And I wouldn't be surprised if they come here to do "PR" and FUD work in articles like these...
This is what e360 insight webpage has to say about them self.
..."
"... Spamhaus didn't seem to care that we are an opt-in email marketing company. They didn't seem to care that the only way to get onto our mailing list was to signup for it. They didn't seem to care about the thousands of customers who would not receive order confirmation messages or other email messages they requested.
That sounds awful a lot like a spammer to me. Here is there full story, http://www.e360insight.com/case_history.html from e360 insight. Read with that in mind.
If I had SchpammHauzzz.org I'd be GLAD to redirect it to a certain server...
I heard about $company$.com who went to court to redirect fuck$company$.com away from their servers, but if spamhaus doesn't mind if SchpammHauzzz.org is pointing to their servers...
Privacy is terrorism.
Here's the thing -- you cannot tell when a "dynamic" ip address become released to static. You only know what the blocks are. IP blacklisting is so 1996, DomainKeys is the future of spam fighting. Yet Spamhaus never advocated domainkeys. In fact they never advocated ANYTHING that would have minimized people's reliance on their service. They may have been in it for the public good initially, but IMHO, in the end Spamhaus loved the power. The amount of ambivalence here should be a good indication that they certainly did not have a universal mandate. And considering the draconian rules they imposed, I would think that they would have wanted a bit more of a mandate.
The argument that "admins choose to use Spamhaus" is like saying "old people chose to use phishing sites." The average mail administrator is in WAY over his/her head (present company included) and are usually willing to take a "default" option that makes 90% of his/her users happy. Spamhaus said (paraphrase mine, please feel free to correct) "we have a list of ip addresses that we consider spammers, even though we have not applied a rigorous test to each individual address. It's good enough for our needs, but your needs may vary." The problem with this is that they purport to be EXPERTS on spam. Is the average admin going to refuse the service that claims to be the considered "best practices" of spam experts?
I say let it come down. If there is a need, something else will replace it (in fact, I'm SURE some dilligent person has already copied all the IP's and has such a service in mind already). I suspect that we'll find out how useless Spamhaus actually has been in the last few years. As they themself say :
I think I'd rather see if some other method can be more effective at stopping that spam. While Spamhaus existed, there was no way for the average admin to tell if there was a more effective method. Speaking as a mail administrator who HAS stopped using Spamhaus, I can honestly say, I don't miss it at all, and I get much fewer false positives. My current local filtering efforts appear to be at LEAST as good as Spamhaus, and I am not blocking all the small businesses I was before.Nothing great was ever achieved without enthusiasm
Since everyone seems to miss this, since July, the "Illinois court" has been a FEDERAL DISTRICT COURT. Got that first word? Yeah, that says Federal. It was moved from Illinois Circuit Court on the behest of Spamhaus's lawyers.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
"According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers"
If Congress is on that list, this will allow them to see just how well their (U) CAN SPAM Act works out.
Did you already change it? You might want to hold off until the new domain starts answering. Otherwise you've effectively unconfigured your list checking. Maybe you meant you added the new domain?
% host -t txt 139.4.49.190.sbl-xbl.spamhaus.org
139.4.49.190.sbl-xbl.spamhaus.org descriptive text "http://www.spamhaus.org/query/bl?ip=190.49.4.139
% host -t txt 139.4.49.190.sbl-xbl.spamhaus.org.uk
Host not found, try again.
Or maybe instead you should tell your name resolver explicitly that the authority for spamhaus.org is:
spamhaus.org. 1d23h58m12s IN NS udns1.ultradns.net.
spamhaus.org. 1d23h58m12s IN NS hq-ns.oarc.isc.org.
spamhaus.org. 1d23h58m12s IN NS ns8.spamhaus.org.
spamhaus.org. 1d23h58m12s IN NS udns2.ultradns.net.
(with appropriate IPs) and just leave your mail config using spamhaus.org. (If they leave the spamhaus.org domain configured regardless of root level authority-reference elision.)
Hm, appears the canonical test address is 127.0.0.2:
3 3"
% host -t txt 2.0.0.127.sbl-xbl.spamhaus.org
2.0.0.127.sbl-xbl.spamhaus.org descriptive text "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL2
2.0.0.127.sbl-xbl.spamhaus.org descriptive text "http://www.spamhaus.org/query/bl?ip=127.0.0.2"
Ignore the IP of the probably compromised Argentinian machine that I used earlier. Probably just some poor shmuck running Windows without a firewall.
you are wrong... there are alternatives to the ICANN controlled DNS... check for opennic and opendns... they also have "root servers" (they arent exactly the same, but that is the idea)
ICANN controls the root servers for what you know as normal DNS, but you can have DNS and even use more TLD without even touch a ICANN root server
Higuita
I think you should wait before changing anything. I don't think spamhaus.org.uk, or any other name besides spamhaus.org, will ever resolve the Spamhaus RBLs.
From Spamhaus' response to the proposed order (proposed, people, by the spammer's counsel, no judge has ordered ICANN anything), it seems they'll intend to contest this. They mention they don't think that ICANN suspending them can actually happen, for reasons I in fact agree with (go read them at their site). They also mention that "one U.S. government agency has begun working on a response."
However, if worse comes to worst, they probably won't switch to any other domain name. They state: "... if Spamhaus gets around the court order by switching domain to maintain the blocking, the judge would very likely then rule us in criminal contempt. We don't want a criminal record for the sake of fighting spam. We normally help fit the spammers with criminal records, not the other way round."
Which I read as, if this order is enforced, and ICANN caves in and all that, there will be no more Spamhaus, period.
Which would really piss me off. The whole episode already already seems like a bad dream to me. To see Spamhaus destroyed by some spammer scum would be just depressing. One thing's for certain, though: it'll be a cold day in hell before any site I manage will exchange traffic with this spammer.
I added spamhaus.org.uk, and didn't yank spamhaus.org yet.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
And?
There's a silver lining after all
I'll try to shed some light on how this sort of thing works, more or less.
There are two kinds of jurisdiction ('jxn'): subject matter jxn and personal jxn. Both must be proper in order for a court to hear a case.
Subject matter jxn deals with matters like standing, the subject of the case (e.g. is it a patent case), diversity, etc. It's really not an issue in this case, and will only crop up once, and be briefly noted later on.
Personal jxn deals with whether the parties in the case are within the court's jxn. American law generally has very broad personal jxn. The limits on this are basically those put in place by state and federal law, including the Constitution. This is because jxn is basically the extent to which the court is permitted to reach by law, and those are the relevant laws. Whether the court can effectively exercise power over people is an entirely different matter -- fleeing to a faraway country or holing up in a bunker with a lot of guns are the sorts of tactics used to escape the law, and don't have anything to do with jurisdictional matters.
In any case, jxn is how far the law allows the court to reach, regardless of practical matters of enforcement. The law generally put it to be as far as possible, ultimately limited by the Constitution. It could arbitrarily be shorter, but this is not common.
There are several ways in which a court may find that it has personal jxn. The easiest is when someone is physically present. But physical presence is not actually required. For example, if you are a resident of a state, but are not currently in the state, there is still personal jxn. Or if you are not a resident of a state, but drive a vehicle in the state, you are deemed by law to have consented to the matter of personal jxn by driving there. (Again: personal jxn is what the law says it is, not what you think it ought to be, and totally apart from the matter of whether enforcement is practical)
Still, when the applicable law is simply that personal jxn extends as far as the Constitution permits, the question becomes one of Constitutional law: does the guarantee of due process in the Constitution permit jxn to be exercised here? The traditional test to find out is the minimum contacts test.
Roughly, there must be at least a minimum number of contacts of sufficient quantity and quality that it would be fair and just to exercise personal jxn.
For example: did the defendant engage in business dealings in the jxn? Did they avail themselves of the benefits of the jxn's law (e.g. by entering into contracts which the jxn's law could be called upon to enforce in some manner). Do they solicit business within the jxn? Do they sell goods or services, directly or indirectly, to people in the jxn?
The more contacts there are, the more likely that jxn will stand. If there are few contacts, then it is less likely. However, where a suit is closely connected to a particular contact, personal jxn may be found with less of a contact than if there is no such connection. (E.g. if you only do business with one person in California, then probably only that person would be able to sue you there based on that contact)
Some contacts are too attenuated or minor to support personal jxn, but they're the exception, particularly where we're dealing with business matters.
The other important thing to note about personal jxn is that it is waivable. The law permits someone to consent to personal jxn. You often see this sort of thing in contracts. But going to court to defend yourself will count too. If you want to argue that a court lacks personal jxn over you, then you have to do so in a very precise fashion, lest you inadvertantly waive it, irrevocably. This might seem odd to you, but let me reiterate: jxn is what the law says it is, and the law says that personal jxn is waivable, and has to be brought up in a very specific way, at a very specific time (immediately, basically), or else it is waived. It has nothing to do with what country you're in (unless that matt
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
the real power in the anti-spam world is not the likes of spamhaus (although they do real good work and need to be supported), its the tens of thousands of private block lists.
think about it, for example how many mail server admins/ISP/pissed off users, have their own block list. Now compare that to those who use spamhaus or one of the other RBL
1000+ to 1 comes to mind
so even if e360 managed to damage spamhaus, they are still not going to get their junk through the private lists
they would need to identify every list, and set the lawyers on the operators. Some how I do not see this happening any time soon
gets worse for them, even if the worse happens and they damage/kill spamhaus, the number of admins etc they will, put simply "piss off" is going to cause them even more trouble, they would be better off just closing up shop
Posting as AC as I've just moderated.
What if "spamhaus.org" got sold to a non-US owner?
Then there won't be any use for a court order to remove "spamhaus.org".
If John Doe, living in EU, wherever, just get the spamhaus.org domain transferred in his name, the original owners might still be liable for whatever the court is trying to do with them, but at least DNS can't be taken away from the new owner.
IANAL
bram
Spamhaus.org is so good that up till now I have not had to block the country which is the largest source of spam in the world, the US. However if spamhaus goes down for any significant length of time (I'm talking more than 12 hours) then I see no choice but to list the whole of the US. So, in the guise of allowing email to flow more freely the US is removing the one thing which stops me from restricting their email even more. Oh the delicious irony.
I have been blocked by them before (wrongly) and lost a lot of money and clients. not sad to see them go.
Perhaps it would have been possible through some legal corporate shinnanigans for Spamhaus UK to sell the domain name to Suahmaps UK, an unrelated company that happens to have some (though not all) mutual shareholders with some common intent.
That way any claim against the organisation can't involve the domain name.
However, this is more complicated as the courts may somehow declare the transaction void (not a lawyer, so I am not sure of the correct terminology). In terms of valuing the asset for the transfer though, it should be really cheap - after all, its about to get revoked.
I'm sure there are some (large) flaws in this, however it is an interesting idea - and it could be worth other organisations with similar concerns looking into.
"I think your anger over the decision is clouding your thinking. Calm down and take a second look. The federal government, not state government "oversees" the net"
...
... and you apparantly don't know anything about the law. Since the federal government created ICANN as a not-for-profit corporation, it is no longer a part of the government, per se. Therefore, your statement "The federal government, not state government, 'oversees' the net..." is incorrect. ICANN is nominally and practically independent of Congress and the executive branch.
...
;-)
You're an idiot,
Re-read the part about anger, clouded thinking, and calming down. Throwing around the word "idiot" isn't having the effect you were hoping for.
I'll re-insert the relevant quote from wikipedia:
"ICANN is a California non-profit corporation that was created on September 18, 1998 in order to oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. Government by other organizations, notably IANA." http://en.wikipedia.org/wiki/ICANN
Note the phrase "on behalf of the U.S. Government". The court rightfully ruled that this should be argued at the federal level.
But even so, whether ICANN is an actual Federal agency or not is beside the point
It is sort of relevant in that no one was making that point. You misread, the point being made was that ICANN was performing federal level tasks, again "on behalf of the U.S. Government".
If a state court decides that it has jurisdiction over a matter, it can order around whomever it damn well pleases.
Irrelevant. The state court rightfully decided that administering the net is best argued at the federal level, not state. What's your point, that a lower court can make a bad decision and order people around until a higher court reverses them? That does not counter the argument that the proper level for this issue is federal.
Why don't you learn a little bit about the law before you go around correcting people? Might save you some pride.
Own a mirror? Perhaps you use it when you start stating that a state court made an incorrect decision.
I work with an ISP in Chile. Outside UK, outside US. And yet, the RBL that helps me to stop about 800.000 messages a day is about to dissapear because an a**hole in IL got angry.
... and when others like Masterbase are also shut because someone thinks that a reputation filter also harms their business?
And who will they shutdown tomorrow? Spamcop? njabl? What will happen then? after this case, *any* RBL will be open to scrutiny
We will have to spend millions to upgrade the cpu power on mail servers and antispam appliances, required to process the additional mail avalanche?
I hope ICANN realizes its real role
To quote TFA:
I'm glad to see that someone is standing up to Spamhaus.
they do block legit domains quite frequently, and they have a seriously bad attitude towards you when you try to get them to 'undo' their blockage.
if you are a small isp you have absolutely zero chance of getting them to remove you from their blacklists. and although ultimately mail admins control what they block, the fact is that most just grab the blacklists they provide blanketly and enforce it.
believe it or not, there are many legit mass marketing companies out there.
not all mass emailings are 'buy v1agr4' or the like.
All these guys have to do is to provide a legit means of being removed from the blacklists and they can probably get out of this mess.
How's the weather in lala-land where people read what they want to read?
wouldn't it be easy for them to notify people who use their service to modify their host file on their mta's to direct spamhaus.org to an ip of their choosing? no need for the domain to exist....
read this:
http://www.spamhaus.org/legal/answer.lasso?ref=4
spamhaus know that the US courts can't touch them.
ICANN Know it too: "ICANN cannot comply with any order requiring it to suspend Spamhaus.org"
announcement
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
British citizens (so far a cracker and some banking executives related to ENRON) are being extradited to the US without proper legal oversight.
... by Europe...
A new extradition treaty, signed with, yes, you guessed it, the lame excuse of fighting terrorism, facilitates extradition of Britons to the US.
The problem of the matter is that the US Senate has not ratified the treaty, while in the meantime, quelle surprise, Tony Blair made sure that Britons became subservient to the US legal system. And some Conservatives still whine about the UK independence being eroded
The Spamhaus chappies would be better advised to check their legal bases, they could be extradited without proper checks from the goverment that is suppossed to look after their interests.
IANAL but write like a drunk one.
If you kill somebody in say the US, China can't decide unilaterally to judge you for that crime.
Get it now?
IANAL but write like a drunk one.
There is a general problem here. Any communication medium with a person on the receiving end is going to end up being trashed by people unleasing advertising robots on it.
In the longer term there need to be laws designating communication channels as person-to-person with criminal penalties for allowing robots to intrude.
So they lose their DNS. Can't they just publish their IP address?
Have you read my journal today?
If you give an email address to anyone it means you agree to them and others sending you email to that address as long as the address accepts email (unless they explicitly agreed not to). If you don't want to get email from them you just have to stop receiving email at the address you gave them. RBLs will not stop the email from sources that you gave an email address to and don't want to send you email anymore (unless you run your own RBL of these sources).
The fact that you give someone you don't trust an address you cannot easily block is not a reason to change the entire infrastructure of the email system and start billing senders per message (actually taxing them since it would not be proportionate to the cost of the service provided).
The kind of spam you describe (losing control of your email address because YOU were spreading it to all kinds of untrustable parties) is easily avoidable. Go to spamgourmet.com and learn how. Then google for "disposable email addresses" and learn more. It would not avoid all risks of spam but it would put you in control.
The real solution to spam is to put the spammers in jail (let's junk mail -> munk jail)
...may be found here
In short: "We will not do it & we are not allowed to do it".
There are plenty of aspects of what spammers do that are clearly criminal activities, and the only reason I see that these are not used to put spammers in jail is that nobody is interested. Perhaps ISPs make more money by selling spam filtering services than what they can save by redusing the amount of spam sent.
Spammers use trojan horses to take over PCs that are then used to send spam using the network resources of the victim's upstream provider. Spammer's send email using forged identities. You don't need a definition of "what constitutes spam" to understand that all these are crimes: breaking into computers, stealing network resources using these methods, all kinds of identity theft etc.
There is plenty of evidence that can be used to link actual people to these crimes. Each spammer sends out millions and millions of messages on behalf of each individual advertiser (I asked a spammer for a quote and the rate was about $1000/million addresses). My experience is that these almost always arrive from various consumer broadband or dialup connections all around the world. Cllecting enough of these would show that a spammer is not using her own computer to send. The next stage is to link the IP address on received headers in email with the actual compromised computer that was used to send them, so that a link is established between a particular spam run and a computer known to be infected and made part of a botnet controlled by the sender of the spam run. Once a you have such a PC you can analyze the traffic it gets. That would link back to whoever controls it, but probably not in a way useful to catching the person involved. However, it would show that the sender is actually using the compromised machine, and would show the content of the spam pumped through it at least in fragmented ways (though I guess if the compromised machine is using SMTP to send out spam it shouldn't be too hard to get the the complete spam messages it sends, such as by intercepting the outgoing traffic to port 25). Sometimes the spam messages would contain info leading to the spammer itself (the spammers I've been following lately always include a link to their own promotional page that offers their services for sale). If it doesn't then it has the contact details or some identifying details of the advertisers. The advertisers can lead to the criminals (actually the advertisers are criminals themselves. They paid the spammers to break into other people's PCs and send their ads. They paid the spammers to send email on their behalf posing as other people (forging sender's identity). If you hire someone to commit a crime in your name you are commiting the crime. Buying stolen goods is not legal. Especially not if you order the merchandise that is then being stolen for you Advertisers should realize that there are risks involved in dealing with organized crime. If they order a service they are responsible and should verify that it is conducted legally, or else they might spend time in jail.).
So there needs to be some coordinated effort to collect this evidence and organize it in a way that can be used to convict the criminals that commit these crimes. Including those that hire them. There needs to be a way to contact these people who have infected PCs and obtain useful information showing who is using them and what they are being used for.
One problem with law enforcement is that usually it is required that someone would actually approach law enforcement with a complaint. If there is a crime then there is a victim, and the victim should complain (well... if the victim takes the form of a corpse then the complaint is implied, in a way). The problem with crime on the internet is that often the damage is distributed among millions of victims, and no single victim is harmed in a way that makes the hassle of trying to convince law enforcement that a crime was commited worthwhile. If you put your small change on a table and someone grabs a quarter and runs away, then you're not going to the police to file a complaint. It's not
I'm quite sure that "follow the money" was already used to catch spammers and other sorts of cyber criminals. This is one tactic among many that can lead to a real person responsible to sending the spam, and more importantly, to whatever illegal activity is involved in it. Sometimes the spam includes contact adress. Sometimes they lead to a website that sells something. Sometimes you can make an online purchase. Sometimes there's just a contact phone. A lot of the spam I get lately just leads to a webpage that collects your contact info and says they'll call back. (One way to fight spam might be to fill these forms with false information. I did several times leave the spammer's own cellphone number. If everyone responded by entering false infothe spam would be useless as amethod of advertising.)
Porn/Gambling advertised in spam do not worry me as much as "legit businesses" that hire spammers. It seems that spam is becoming acceptable as "legitimate" way to advertise. Legitimate businesses hire criminals to send spam on their behalf using forged headers and compromised PCs to send the stuff. Despite being warned about what is involved in sending their spam they rehired the spammers (meaning the spam campaign was successful, and the particular spammer charges about $1000 per million addresses with some discount for bigger orders). I follow one spammer here in Israel since they have started their operation 9 months ago. They send "only to local addresses" and I receive their spam at one ISP address that was never provided to anyone by me (i.e., it is known only to me and the ISP). Their operation is entirely based on using exploits to send and hosting "mini-sites" hosted in China. Only their main promotinal site that is used to market their own serviceis hosted locally (mailmedia.org). I received spam advertising several colleges, that are probably partially funded with government money. I received spam advertising courses leading to Microsoft sertified wahtever (MCSE, MCP etc.). I received spam advertising a TelAviv licensed stock broker. I complained to the Israel Securities Authority about the illegal way in which this member of the Tel-Aviv stock exchange is using to promote its business and the only reply I received is that they don't have anything to do about it but I might contact their ISP (which of course I did even before I approached the Securities Authority. So its OK for a member of the stock exchange to hire criminals. I saw several times spam athey send selling security products (locks, safes alarms), meaning people are willing to trust the security of their home or business with those that employ criminals. I saw spam advertising medical treatment (not viagra). I saw spam selling electrical appliances, computer hardware... All these are paying criminals to act for them illegally, and nobody is interested in stopping them. In fact they gain more and more customers, and their website is still hosted by the same company (barak013.net.il) that hosted their promotional website from the start, despite their knowlege of the illegal activity that is sold using that sight (I sent them lots of copies ofspamcop reports, and I sent the abuse teams of all the ISPs in Israel a detailed account of what this spammer does, including using compromised PCs within some of the Israeli ISPs to send their spam).
This is very bad. real criminal spammers getting paid from real mainstream advertising budgets so they steal resources from others is very bad.
just shows how completely fockin out of touch politicians/etc are with the people
fight the man
attn: BARTLY J. LOETHEN
Synergy Law Group, L.L.C.
30 South Wacker Drive, Suite 2200
Chicago, Illinois 60606
United States of America
An engineer who ran for Congress. http://herbrobinson.us
You cannot trust a company's TOS for keeping your email address secret. Not everybody in the company is aware of everything in the TOS all the time, and most employees will not see any problem in sharing address lists. Then they can be given to someone that sends email on a company's behalf. Then they could be sold by an employee that has access to them. Then they can be harested by a technician that's repairing a computer...h p?s=&threadid=9008) that someone started after discovering that a company he trusted lost his email address to spammers. IMO the only conclusion that can be reached is that an email address that's out there would eventually be in the hand of spammers, so it's better to be ready in advance to change it.
About 4 years ago we had a discussion here (http://www.emailaddresses.com/forum/showthread.p
The only trustable parameter in SMTP is the recipient's address, and if you use your address space to distinguish between different senders or groups of senders then you can easily filter bad mail without affecting good mail.