Slashdot Mirror
One Last Spamhaus Warning Before The End
kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"
Are they or aren't they Spammers. I have never seen their emails.
This
You know, if they had, say, actually defended themselves in court instead of not showing up and getting hit with the default judgement then perhaps they wouldn't be having this bloody problems . It's a shame they're going down, but it's a bigger shame that they're going down because of their own goddamn stupidity and arrogance.
That said, spamhaus.co.uk should still be up, right?
Zagreus sits inside your head, Zagreus lives among the dead, Zagreus sees you in your bed and eats you in your sleep.
As I understand it, Spamhaus just has a list that people use in making their own blocking decisions. (Though that "own blocking decision" is of course "Is it on Spamhaus? Then block it.") They don't actually block anyone. So they could comply with the ruling by removing the "approved" spammer and then saying to all current and future customers, "We had to remove this guy from our list, but you should probably block him anyway." Then it's just a bunch of email users "on their own" deciding to block the spammer. The complies with the court order, while still defeating the spammer's goal.
Or is my understanding about a mile off?
Apology to Ubuntu forum.
What's stopping them from getting a domain name in a non-US-controlled TLD?
I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.
Somehow I think enough people find Spamhaus useful, that if they asked they could probably take up collection and get enough money to afford a new domain, and right now they have enough press coverage to ensure that it would be publicized. Sure, it would be a PITA for a lot of mailserver admins who would need to change the address, but that's still a lot less work than filtering their spam by hand.
It sounds like Spamhaus is getting ready to 'cut off their nose to spite their face,' or in this case, destroy themselves in order to try and prove some point to a Federal Court in the US that couldn't give a damn one way or the other. If they're trying to make a point, this isn't the way to do it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
They could also get a .de name. Something beyond the jurisdiction of a US. Court.
Atlas stands on the earth and carries the celestial sphere on his shoulders.
Because just maybe they have some sort of load-balancing setup, so everybody hammering a single machine is just as effective as pulling the domain.
Your hair look like poop, Bob! - Wanker.
Clearly Spamhaus does not have enough friends in high places. If they -had- K Street influence, (Cha-Ching! $$) their dire court situation would be relieved to a great extent by legislative or some other branch of gov't giving them a way out.
Look at how long and how much money it took for the Crackberry developer to get the federal gov't to do things like the "emergency review" and subsequent invalidation of the submarine patent owner that went after them while they were clearly set to lose in court to the submarine patent holder.
I would be very interested to see/hear if there isn't K Street pressure to kill spamhaus off so other companies that DO legislate can make consumers pay more for the "luxury" of good spam filtering.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
What damage has the USA done? They were sued by a US corporation in a US court on injuries caused them by Spamhaus in the course of operations in the US. Spamhaus refused to defend themselves in court, and received a default judgment against them. This is pretty much the same thing that would happen in any other civilized country. With a verdict against Spamhaus, it becomes necessary to seize any assets that can be reached within US jurisdiction in order to pay the damages. The only asset they could find, with a big question mark on it, was their domain name. So, that's what they're going to try to take. They may not succeed based on how domain names are governed.
So tell me, counsellor, how exactly has the USA caused damage here? The courts have acted entirely within their jurisdiction and heard a claim by a claimant doing business in the US.
quote--
"Suspending a domain name isn't the same as suspending a Web site," said Jonathan Zittrain, a law professor at Harvard and Oxford universities. "Spamhaus is intended for use by people who run mail servers - in other words, technically inclined people. If Spamhaus wanted to, it could simply pick a new domain name, or use no name at all."
Domain names are merely shortcuts to access a site's true, numeric Internet address. Spamhaus could simply distribute that address instead of the domain name.
------
this guy may be a law professor but he obviously doesn't know how it works.
If my mail server gets an email from 1.2.3.4 it will do a dns lookup on "4.3.2.1.sbl.spamhaus.org". if that dns request returns an address, that ip is in spamhaus' list, if it returns none existant domain, the ip isn't listed. The actual address
returned is not important (its usually 127.0.0.2).
It's very easy for spamhaus to choose a new domain, although it requires all users to upgrade their software, but they can't just hand out the ip.
In a UK court, Spamhaus should sue ICANN for unjustifiably removing their domain name. They could argue that ICANN removed their domain for reasons that do not legally apply to Spamhaus, on top of the fact that the Illinois court has not actually ruled against Spamhaus on anything (IIRC, the spammer was granted a temporary injunction prior to a final ruling). I'm an American who believes that having a single domain name registrar under a single government is really stupid and a great way for the US government (or agents thereof) to screw other countries. I believe that Americans should have power over America and over non-Americans who are a threat to personal liberties of Americans. Controlling ICANN and screwing with Spamhaus steps outside of those bounds. Perhaps after this, people will realize that it's necessary to liberalize ICANN.
This is a power play by Spamhaus, but it's a totally justified power play. And I applaud them for not giving in to the demands of a stupid court that has no jurisdiction over them or any reason in the first place to pass an injunction against them. If their domain name is removed, then the fallout from all of the additional SPAM will be cause a great deal of trouble.
If I subscribe to a RBL it means I dont want the junk no matter who is on the list. It means that opt out or opt in doesnt really matter to me. Im really tired of companies arrogant enough to think that my happening to hit their website once constitutes permission to spam the crap out of me on a daily basis. Here's another clue, the folks you are objecting to are the ones who you dont have a snowballs chance in hell of selling a product to. If we are smart enough to know what a RBL is we are smart enough not to read the crap your sending. At least with paper junk mail I know that it cost them something to get the crap to me and I can throw it out or burn it, spam is the only situation I know of where I have to pay for someone else to annoy me.
I really think the idea of white lists or per email fees is starting to come due. Yep its a hassle and the idea of paying for email kind of sucks but if done right it would have little effect on the average user but really make spammers accountable. I'd like to see a monthly or weekly cap over that and you pay. I also would like to see the Icann or someone rule that non working or non existant opt out's result in an immediate revocation of ALL domains owned by the offender.
People who chose to use them for filtering will just as easily update their configs to a new domain. Those who can't because they did it "automatically" probably shouldn't have as they need to understand how it works and how to balance black listing with other ways to control spam.
Hyperom.com
Spamhaus does not "block" anything. All they do is list the addresses that meet their criteria for listing (yeah, I know that's redundant).
Mail admins can choose to reference that list (or not) and block / flag / delay / whatever based upon it.
I use Spamhaus with SpamAssassin, but I don't block or deny. It just adds to the spam score.
Spamhaus does not block. Spamhaus just lists.
Mail admins block.
Maybe that's exactly what is needed. A flood of spam, drowning everything and especially e-commerce.
So far, the war has been fought by amateurs vs. increasingly aggressive and organized criminals. But the amateurs have been fairly successful, so nobody really noticed. Open the floodgates and let everyone realize that spam really is a problem that needs to be dealt with, once and for all.
Assorted stuff I do sometimes: Lemuria.org
Spamhaus implicitly asked the court to take jurisdiction when they ask for the case to be transferred from state to federal court.
If they had done nothing, the court probably would have dismissed the charges for lack of jurisdiction.
If they had asked the court to drop the charges because they were a UK entity and a US court doesn't have jurisdiction, the court probably would have agreed.
But no, they explicitly asked for the case to be transferred to federal court, implicitly acknowledging the jurisdiction of the court and then they never came back.
The judge is saying, "You asked for this. We went to a lot of trouble to accommodate you. Where are you? If you don't show up, I'll have to find for the plantiff."
They shot themselves in their own foot.
Matthew Prince has a good summary.
The point being they should have gone to the UK courts as Spamhaus is a British organisation based in the UK.
If Spamhaus decided to fly all over the world to whatever country a spammer decided to sue them in, they would soon run out of money.
The fact they didn't sue them in the UK shows their case is weak. They have to take advantage of a loophole which means Spamhaus' domain can be pulled because ICANN is also a US organisation, taking advantage of Spamhaus's stated policy which is they don't go all over the world (including the US) on wild goose chases when the only jurisdiction that counts (or should count) is the one in the country they're based in.
Spamhaus and other block-list pushers are a solution to spam that's worse than the problem.
Uhm... No. For me, they are a godsend. So go fuck yourself. You don't like them, don't use them.
Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked.
Do you REAALLLYYY think the users of such lists do not understand this? They do, they don't care about your problem. It's YOUR problem. Call your ISP and bitch. Threaten to sue, whatever. You, and you doing business with your ISP is the problem. IF there was a reliable, fast, accurate, and extremely vengeful method of individually reporting users to ISPs and they actually acted, this secondary solution would not be necessary.
You: "Look! The Germans raped and killed and burned alive a bunch of people!"
Us: "Well, stop them."
You: "Nah. Too hard, I'll just kick them out first, then the Germans won't bother coming to my town."
So I repeat. Go fuck yourself.
The real problem here is that spam is considered an "annoyance" and is legislatively treated as such. In that light, it becomes "my business model, revenue, and profitability" vs "your annoyance" vs "their attempts to help others deal with spam." It also gets into a delightfully grey realm of defining "spam" vs "legitimate commercial email." Because these aren't simple issues, and the defined reason to stop spam is "annoyance," nothing substantive happens.
Think differently...
From what I've heard, spam constitutes something over half the traffic on the Internet. Think of blocking half of a water main, or half of a sewer, or half the lanes on the highway. No doubt at all that this would be considered more than just "an annoyance," but that's pretty much what spam is doing each and every day. Look at the legislative "encouragement" to build more bandwidth and the end-to-end compromises being threatened, but in reality we're wasting over half of what we've got, already. Spam is much more serious than just an annoyance.
How's this for an idea - link it to terrorism!
Imagine for a moment that you want to transmit secret, untracable terror plans all around the world. Simply put "V1agra" on the subject line, send it to EVERYBODY, and you're pretty much guaranteed that NOBODY will read it. You could probably send your plans in clear-text safely, but steganography would be advisable.
So here it is... Spam is really a secret terrorist communications channel! It needs to be stopped!
The living have better things to do than to continue hating the dead.
UPDATE: Just as I posted this, a client found that he was unable to send us an e-mail due to a problem with spam-blocking software. It seems we need someone tweaking our mail rules full-time. That's not really acceptable from a business standpoint. Why can't this system we've created just work properly?
Maybe spamhaus.cuisinewiki.com doesn't appeal to them.
.org domain. It's only because PIR (the .org registrar) is a US company that they can try to do this. If we were using a distributed naming system, not based on a single set of TLD servers, then this couldn't happen.
Anyway, this is a good case for control of registration and domain names not being US-based. A court in Illinois should not be able to affect a legitimate
"The Net interprets censorship as damage and routes around it." -- Gilmore
What's wrong with a little anarchy? I'm sure if the suggestion were sent around, spamhaus.org would remain in DNS and e360.com and any associated businesses could be made to disappear.
Intron: the portion of DNA which expresses nothing useful.
if a canadian company was dumping cyanide whatever just above the border, and canadians had no problem with it- then the US is without recourse?
every day http://en.wikipedia.org/wiki/Special:Random
Guys, I know that everyone (oddly enough, especially Europeans) want to make this into a Europe v. U.S. issue, but it isn't.
:
A. First, Spamhaus argued that this case belongs in U.S. Federal Court. That's mistake number one; you don't tell a judge that your case belongs in a certain court, and then refuse to show up. Even odder, they say this, "But, to ensure this doesn't happen we are working with lawyers to find a way to both appeal/contest the ruling and stop further nonsense by this spammer." The question is, why didn't you guys work with lawyers before hand?
Take a look at http://www.spamhaus.org/legal/answer.lasso?ref=3 . Spamhaus makes a compelling case there as to why the court should not have jurisidction over them. So why would you _not_ present this evidence in court; especially after you've already told a court that they DO have jurisidiction over you.
B. Look at Spamhaus.org (or a mirror, if you can now). What logos does Spamhaus display on their "About Spamhaus" page. I'll cut and paste the organization names, about whom Spamhaus says, "Spamhaus works with many Law Enforcement agencies and cyber-crimes teams worldwide, assisting investigations and compiling evidence on illegal spam operations. Our main working partners are:"
1. Federal Bureau of Investigation
2. National Cyber-Forensics and Training Alliance
3. United States Postal Inspection Service
4. National White Collar Crime Center
5. Internet Crime Complaint Center
6. Department of the Treasury
7. Internal Revenue Service
When you work with this group of U.S. government services, and claim that they are your first line of working partners, it's difficult to argue that U.S. courts should have no standing over you.
C. Spamhaus does business in the U.S.!
Spamhaus makes this claim, which I do think is one that would require discussion in court:
"
Claim: An Illinois court has jurisdiction over Spamhaus in the United Kingdom because Spamhaus does business in the State of Illinois.
This statement is false. Spamhaus does no business in the State of Illinois. Spamhaus has no office or agent in the State of Illinois nor any affiliation with any Illinois resident or entity. Spamhaus is a British organization and is not subject to Illinois County Court jurisdiction. Spamhaus advises Mr. Linhardt to re-file his case in the proper venue, a law court in the United Kingdom.
"
Consider that Spamhaus has a public mirror (perhaps several) in the U.S., over which Spamhaus has tight control. Furthermore, consider that Spamhaus sells a Datafeed service to U.S. residents. On http://www.spamhaus.org/datafeed/pricecalculator.l asso , prices are listed in Dollars, not Euros.
Given that they sell this service, and given that they manage servers in the U.S., it is difficult to argue that they don't do business in the U.S., and certainly is an issue for substantive debate. Not something you can win by default, and certainly something that a non-technical Judge would (fairly) decide without a defense.
Summary: The Judge, in this case, made a good decision. A company brought forth a fairly legitimate looking claim, one which may be somewhat feeble but had some legal grounding. The defense argured that it was not within Illinois's jurisidction, which *is* true, and then argued that it belonged in Federal court. The illinois judge said, "fine". Spamhaus then proceeded to ignore the federal court.
What did they expect?
They should have argued from the begining that this did not belong in U.S. courts at all, and the proper jurisidiction would be Britain. That *might* have been a lengthy discussion, because Spamhaus does, indeed, offer services within the U.S. for pay, as well as free listing services; and being listed on a spam list may or may not interact with libel laws.
Either way, I think Spamhau
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
I think you're missing the point. Having a judgment against you in a civil suit doesn't mean you've done any wrong. Spamhaus has one asset, its domain name, located within United States jurisdiction. Therefore, the asset can be seized (hopefully) in order to settle a judgment against it in the United States.
If you have absolutely no assets in the United States, and someone brings suit against you, then it's probably in your best interests to have a default judgment entered against you. You have nothing to lose! This nightmare scenario you describe can't possibly happen.
This isn't so hard to understand. The United States isn't overstepping its bounds. There is an asset that is arguably reachable by the United States, so why not use it to settle a judgment?
I'll try to shed some light on how this sort of thing works, more or less.
There are two kinds of jurisdiction ('jxn'): subject matter jxn and personal jxn. Both must be proper in order for a court to hear a case.
Subject matter jxn deals with matters like standing, the subject of the case (e.g. is it a patent case), diversity, etc. It's really not an issue in this case, and will only crop up once, and be briefly noted later on.
Personal jxn deals with whether the parties in the case are within the court's jxn. American law generally has very broad personal jxn. The limits on this are basically those put in place by state and federal law, including the Constitution. This is because jxn is basically the extent to which the court is permitted to reach by law, and those are the relevant laws. Whether the court can effectively exercise power over people is an entirely different matter -- fleeing to a faraway country or holing up in a bunker with a lot of guns are the sorts of tactics used to escape the law, and don't have anything to do with jurisdictional matters.
In any case, jxn is how far the law allows the court to reach, regardless of practical matters of enforcement. The law generally put it to be as far as possible, ultimately limited by the Constitution. It could arbitrarily be shorter, but this is not common.
There are several ways in which a court may find that it has personal jxn. The easiest is when someone is physically present. But physical presence is not actually required. For example, if you are a resident of a state, but are not currently in the state, there is still personal jxn. Or if you are not a resident of a state, but drive a vehicle in the state, you are deemed by law to have consented to the matter of personal jxn by driving there. (Again: personal jxn is what the law says it is, not what you think it ought to be, and totally apart from the matter of whether enforcement is practical)
Still, when the applicable law is simply that personal jxn extends as far as the Constitution permits, the question becomes one of Constitutional law: does the guarantee of due process in the Constitution permit jxn to be exercised here? The traditional test to find out is the minimum contacts test.
Roughly, there must be at least a minimum number of contacts of sufficient quantity and quality that it would be fair and just to exercise personal jxn.
For example: did the defendant engage in business dealings in the jxn? Did they avail themselves of the benefits of the jxn's law (e.g. by entering into contracts which the jxn's law could be called upon to enforce in some manner). Do they solicit business within the jxn? Do they sell goods or services, directly or indirectly, to people in the jxn?
The more contacts there are, the more likely that jxn will stand. If there are few contacts, then it is less likely. However, where a suit is closely connected to a particular contact, personal jxn may be found with less of a contact than if there is no such connection. (E.g. if you only do business with one person in California, then probably only that person would be able to sue you there based on that contact)
Some contacts are too attenuated or minor to support personal jxn, but they're the exception, particularly where we're dealing with business matters.
The other important thing to note about personal jxn is that it is waivable. The law permits someone to consent to personal jxn. You often see this sort of thing in contracts. But going to court to defend yourself will count too. If you want to argue that a court lacks personal jxn over you, then you have to do so in a very precise fashion, lest you inadvertantly waive it, irrevocably. This might seem odd to you, but let me reiterate: jxn is what the law says it is, and the law says that personal jxn is waivable, and has to be brought up in a very specific way, at a very specific time (immediately, basically), or else it is waived. It has nothing to do with what country you're in (unless that matt
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.