Slashdot Mirror
One Last Spamhaus Warning Before The End
kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"
Are they or aren't they Spammers. I have never seen their emails.
This
I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?
My work here is dung.
What's stopping them from getting a domain name in a non-US-controlled TLD?
I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.
Somehow I think enough people find Spamhaus useful, that if they asked they could probably take up collection and get enough money to afford a new domain, and right now they have enough press coverage to ensure that it would be publicized. Sure, it would be a PITA for a lot of mailserver admins who would need to change the address, but that's still a lot less work than filtering their spam by hand.
It sounds like Spamhaus is getting ready to 'cut off their nose to spite their face,' or in this case, destroy themselves in order to try and prove some point to a Federal Court in the US that couldn't give a damn one way or the other. If they're trying to make a point, this isn't the way to do it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
you mean spamhaus.org.uk
Go to e360's home page. All it shows is information on their frivolous lawsuit. There's nothing to offer their marketing services, to opt in, or even opt out.
Where were you when the voynix came?
The #1 reason they didn't defend themselves is because they are a UK company and not under US jurisdiction. The #2 reason is that if they were to spend the money to defend themselves, they would open a precedent for any other spammer to sue them the same way. I think it's perfectly reasonable for a foreign company to ignore a US court order in this case. A US court can't order a spammer in Russia to stop spamming, so why should they be able to order a spam-blocker to stop blocking spam? The whole internation commerce thing is pretty fuzzy to me, so I don't really understand what a US court CAN do to a foreign company that sells its services to a US company.
Clearly Spamhaus does not have enough friends in high places. If they -had- K Street influence, (Cha-Ching! $$) their dire court situation would be relieved to a great extent by legislative or some other branch of gov't giving them a way out.
Look at how long and how much money it took for the Crackberry developer to get the federal gov't to do things like the "emergency review" and subsequent invalidation of the submarine patent owner that went after them while they were clearly set to lose in court to the submarine patent holder.
I would be very interested to see/hear if there isn't K Street pressure to kill spamhaus off so other companies that DO legislate can make consumers pay more for the "luxury" of good spam filtering.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Spamhaus and other block-list pushers are a solution to spam that's worse than the problem. I understand that it's up to individual ISPs to decide what they do with these block lists, but too many were relying on them blindly to reject email from any source that ended up on a block list. Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked. Perhaps it's indicative of the arrogant attitude of outfits like Spamhaus that this happened to them. Maybe this will serve as a wake-up call to other block-list operators to act more responsibly, but I suspect they'll ignore it and continue business as usual.
In a UK court, Spamhaus should sue ICANN for unjustifiably removing their domain name. They could argue that ICANN removed their domain for reasons that do not legally apply to Spamhaus, on top of the fact that the Illinois court has not actually ruled against Spamhaus on anything (IIRC, the spammer was granted a temporary injunction prior to a final ruling). I'm an American who believes that having a single domain name registrar under a single government is really stupid and a great way for the US government (or agents thereof) to screw other countries. I believe that Americans should have power over America and over non-Americans who are a threat to personal liberties of Americans. Controlling ICANN and screwing with Spamhaus steps outside of those bounds. Perhaps after this, people will realize that it's necessary to liberalize ICANN.
This is a power play by Spamhaus, but it's a totally justified power play. And I applaud them for not giving in to the demands of a stupid court that has no jurisdiction over them or any reason in the first place to pass an injunction against them. If their domain name is removed, then the fallout from all of the additional SPAM will be cause a great deal of trouble.
Google groups
(from http://www.spamhaus.org/legal/answer.lasso?ref=3)
Spamhaus does not "block" anything. All they do is list the addresses that meet their criteria for listing (yeah, I know that's redundant).
Mail admins can choose to reference that list (or not) and block / flag / delay / whatever based upon it.
I use Spamhaus with SpamAssassin, but I don't block or deny. It just adds to the spam score.
Spamhaus does not block. Spamhaus just lists.
Mail admins block.
...where was it... oh, I know! This is from Ghostbusters, right? Shutting down the containment grid would be a big mistake... cats and dogs, living together... government authority figure who thinks what he's doing is best... a storm of ectoplasmic spam descending on the world...
It's okay, guys. Spamhaus will lose their domain for a night, then get it back along with a huge government grant to go find a way to stop th emess that was made when they were shut down, and it'll all be cleaned up in time for a sequel.
Maybe that's exactly what is needed. A flood of spam, drowning everything and especially e-commerce.
So far, the war has been fought by amateurs vs. increasingly aggressive and organized criminals. But the amateurs have been fairly successful, so nobody really noticed. Open the floodgates and let everyone realize that spam really is a problem that needs to be dealt with, once and for all.
Assorted stuff I do sometimes: Lemuria.org
Spamhaus implicitly asked the court to take jurisdiction when they ask for the case to be transferred from state to federal court.
If they had done nothing, the court probably would have dismissed the charges for lack of jurisdiction.
If they had asked the court to drop the charges because they were a UK entity and a US court doesn't have jurisdiction, the court probably would have agreed.
But no, they explicitly asked for the case to be transferred to federal court, implicitly acknowledging the jurisdiction of the court and then they never came back.
The judge is saying, "You asked for this. We went to a lot of trouble to accommodate you. Where are you? If you don't show up, I'll have to find for the plantiff."
They shot themselves in their own foot.
Matthew Prince has a good summary.
> Yep its up, until ICANN pull the .uk tld....
Much as I'd love to see that happen, since it would demolish ICANN once and for all, I seriously doubt it.
In other news: Spamhaus LLC (http://www.spamhaus.org.uk) experienced a temporary decrease in reachability today as one of its redundant domains became unreachable. Unnamed officials at Spamhaus have warned that the situation is expected to deteriorate somewhat when the US-based servers in its worldwide fault-tolerant network are shut down, and to expect slight increases in lookups due to this. One official was quoted as saying, "Backhoes, DDOS attacks, daft overreaching judges, it's all damage we're set up to route around."
Done with slashdot, done with nerds, getting a life.
The real problem here is that spam is considered an "annoyance" and is legislatively treated as such. In that light, it becomes "my business model, revenue, and profitability" vs "your annoyance" vs "their attempts to help others deal with spam." It also gets into a delightfully grey realm of defining "spam" vs "legitimate commercial email." Because these aren't simple issues, and the defined reason to stop spam is "annoyance," nothing substantive happens.
Think differently...
From what I've heard, spam constitutes something over half the traffic on the Internet. Think of blocking half of a water main, or half of a sewer, or half the lanes on the highway. No doubt at all that this would be considered more than just "an annoyance," but that's pretty much what spam is doing each and every day. Look at the legislative "encouragement" to build more bandwidth and the end-to-end compromises being threatened, but in reality we're wasting over half of what we've got, already. Spam is much more serious than just an annoyance.
How's this for an idea - link it to terrorism!
Imagine for a moment that you want to transmit secret, untracable terror plans all around the world. Simply put "V1agra" on the subject line, send it to EVERYBODY, and you're pretty much guaranteed that NOBODY will read it. You could probably send your plans in clear-text safely, but steganography would be advisable.
So here it is... Spam is really a secret terrorist communications channel! It needs to be stopped!
The living have better things to do than to continue hating the dead.
Please think of this the next time when a court from another country tries to tell you what a US bases company can do. Maybe US citizen should fly to Iran to defend themselves in trial there?
Spamhaus is in the UK. The court in the US. End of story.
I hope ICANN pulls the DNS records; that will be the final sign for the EU and other parties to take control over their own domains.
If Spamhaus is not liked here, have the US build a huge firewall around the country to "protect" itself.
Lindhart is the spammer at e360. On Spamhaus's website they have posted lots of email that they have received from him. It included the following:
From: david linhardt
Subject: mail fraud and identity theft
Be advised, I am aware that members of the spamhaus organization are using my personally identifiable information to fraudelently order products and services on my behalf. I know this is true because I mistakenly provided you with my home address...
Works the other way too dude.
Let's say that you're posting WWII revisionism on an american website. You're protected by the 1st amendment.
Now the website is browsable from... say... France. France has laws against revisionism, so your post is a crime as far as the french law is concerned. Since your post arrived to france, it falls under french juridiction, your crime -- in your own opinion -- was comitted in France even though there was no crime comitted in the USA (interresting isn't it?), and you could be extraded to France to be judged and put in prison.
Fun isn't it?
Becomes much funnier when you put "interresting" countries into play, like, say, China.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
For shame!
Their web site has lots of useful information.
And I think you should get it all with
wget -r http://www.e360insight.com/
Repeatedly, if necessary.
Thank your.
the service Spamhaus does is done via DNS records
when my email server receive some mail from 1.2.3.4, it looks up 4.3.2.1.sbl-xbl.spamhaus.org and, if the address exists, it closes the connection (so that the mail won't even clog our intertubes). Now, I already changed it to look up 4.3.2.1.sbl-xbl.spamhaus.org.uk, but other 650 MILLION servers still have to do the same. Because if they don't, and this judge thinks it should call, their email load will get up by 20x or so. Got it now?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Despite all the predictions of doom and gloom, and despite the attempts to mitigate blame from Spam blacklists to mail admins, I say that this is the inevitable conclusion to the way broad "spam blacklists" are run. As annoying as SPAM is, it can't possibly compete with the damage that spam-blocker's false positives have on the e-mail system. The company I work for has never sent a single piece of spam, but we routinely find ourselves dealing with problems relating to open blacklists and spam-catching software. You have to understand that when business relies to e-mail as a communications medium, it can't afford to have that vital conduit blocked because some asshat administrator insists that your company spams or is an open relay or whatnot when it is in fact not. Even my ISP's domain is frequently blocked, even though they're one of the largest telecomm companies in Canada. One of two things needs to happen: either spam needs to be legislated out of existence, or a proper organization needs to be set up in order two blacklist spam servers while doing their utmost to prevent false positives. Because when it comes down to it, getting a load of annoying junk in your inbox can't compare with never getting a critical e-mail about your job, family, business, or finances.
The problem isn't that they persued the wrong legal strategy, it's that they persued both of them. Either strategy would have worked. But by changing mid-stride, they screwed themselved.
Guys, I know that everyone (oddly enough, especially Europeans) want to make this into a Europe v. U.S. issue, but it isn't.
:
A. First, Spamhaus argued that this case belongs in U.S. Federal Court. That's mistake number one; you don't tell a judge that your case belongs in a certain court, and then refuse to show up. Even odder, they say this, "But, to ensure this doesn't happen we are working with lawyers to find a way to both appeal/contest the ruling and stop further nonsense by this spammer." The question is, why didn't you guys work with lawyers before hand?
Take a look at http://www.spamhaus.org/legal/answer.lasso?ref=3 . Spamhaus makes a compelling case there as to why the court should not have jurisidction over them. So why would you _not_ present this evidence in court; especially after you've already told a court that they DO have jurisidiction over you.
B. Look at Spamhaus.org (or a mirror, if you can now). What logos does Spamhaus display on their "About Spamhaus" page. I'll cut and paste the organization names, about whom Spamhaus says, "Spamhaus works with many Law Enforcement agencies and cyber-crimes teams worldwide, assisting investigations and compiling evidence on illegal spam operations. Our main working partners are:"
1. Federal Bureau of Investigation
2. National Cyber-Forensics and Training Alliance
3. United States Postal Inspection Service
4. National White Collar Crime Center
5. Internet Crime Complaint Center
6. Department of the Treasury
7. Internal Revenue Service
When you work with this group of U.S. government services, and claim that they are your first line of working partners, it's difficult to argue that U.S. courts should have no standing over you.
C. Spamhaus does business in the U.S.!
Spamhaus makes this claim, which I do think is one that would require discussion in court:
"
Claim: An Illinois court has jurisdiction over Spamhaus in the United Kingdom because Spamhaus does business in the State of Illinois.
This statement is false. Spamhaus does no business in the State of Illinois. Spamhaus has no office or agent in the State of Illinois nor any affiliation with any Illinois resident or entity. Spamhaus is a British organization and is not subject to Illinois County Court jurisdiction. Spamhaus advises Mr. Linhardt to re-file his case in the proper venue, a law court in the United Kingdom.
"
Consider that Spamhaus has a public mirror (perhaps several) in the U.S., over which Spamhaus has tight control. Furthermore, consider that Spamhaus sells a Datafeed service to U.S. residents. On http://www.spamhaus.org/datafeed/pricecalculator.l asso , prices are listed in Dollars, not Euros.
Given that they sell this service, and given that they manage servers in the U.S., it is difficult to argue that they don't do business in the U.S., and certainly is an issue for substantive debate. Not something you can win by default, and certainly something that a non-technical Judge would (fairly) decide without a defense.
Summary: The Judge, in this case, made a good decision. A company brought forth a fairly legitimate looking claim, one which may be somewhat feeble but had some legal grounding. The defense argured that it was not within Illinois's jurisidction, which *is* true, and then argued that it belonged in Federal court. The illinois judge said, "fine". Spamhaus then proceeded to ignore the federal court.
What did they expect?
They should have argued from the begining that this did not belong in U.S. courts at all, and the proper jurisidiction would be Britain. That *might* have been a lengthy discussion, because Spamhaus does, indeed, offer services within the U.S. for pay, as well as free listing services; and being listed on a spam list may or may not interact with libel laws.
Either way, I think Spamhau
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
A Canadian business can do business in the US, or in Cuba, but if you do business in Cuba and in the US, US laws let you sue Canadian businesses also operating in the US for damages, such as Cuba's seizure of private property.
So if you want the financial goodies of the US, you'd better think twice about doing business in Cuba, or pay the US's penalty for operating in both.
As a businessman, it's your choice, consider it the cost of doing business in both countries.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Alas, it appears at the moment (at least from where I sit) that spamhaus.org.uk != spamhaus.org - at least in the sense that sbl-xbl.spamhaus.org.uk doesn't appear to be giving out any answers, like sbl-xbl.spamhaus.org does.
They can and presumably do make mistakes, but they're about the best out there.
Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)
Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I think you should wait before changing anything. I don't think spamhaus.org.uk, or any other name besides spamhaus.org, will ever resolve the Spamhaus RBLs.
From Spamhaus' response to the proposed order (proposed, people, by the spammer's counsel, no judge has ordered ICANN anything), it seems they'll intend to contest this. They mention they don't think that ICANN suspending them can actually happen, for reasons I in fact agree with (go read them at their site). They also mention that "one U.S. government agency has begun working on a response."
However, if worse comes to worst, they probably won't switch to any other domain name. They state: "... if Spamhaus gets around the court order by switching domain to maintain the blocking, the judge would very likely then rule us in criminal contempt. We don't want a criminal record for the sake of fighting spam. We normally help fit the spammers with criminal records, not the other way round."
Which I read as, if this order is enforced, and ICANN caves in and all that, there will be no more Spamhaus, period.
Which would really piss me off. The whole episode already already seems like a bad dream to me. To see Spamhaus destroyed by some spammer scum would be just depressing. One thing's for certain, though: it'll be a cold day in hell before any site I manage will exchange traffic with this spammer.
I'll try to shed some light on how this sort of thing works, more or less.
There are two kinds of jurisdiction ('jxn'): subject matter jxn and personal jxn. Both must be proper in order for a court to hear a case.
Subject matter jxn deals with matters like standing, the subject of the case (e.g. is it a patent case), diversity, etc. It's really not an issue in this case, and will only crop up once, and be briefly noted later on.
Personal jxn deals with whether the parties in the case are within the court's jxn. American law generally has very broad personal jxn. The limits on this are basically those put in place by state and federal law, including the Constitution. This is because jxn is basically the extent to which the court is permitted to reach by law, and those are the relevant laws. Whether the court can effectively exercise power over people is an entirely different matter -- fleeing to a faraway country or holing up in a bunker with a lot of guns are the sorts of tactics used to escape the law, and don't have anything to do with jurisdictional matters.
In any case, jxn is how far the law allows the court to reach, regardless of practical matters of enforcement. The law generally put it to be as far as possible, ultimately limited by the Constitution. It could arbitrarily be shorter, but this is not common.
There are several ways in which a court may find that it has personal jxn. The easiest is when someone is physically present. But physical presence is not actually required. For example, if you are a resident of a state, but are not currently in the state, there is still personal jxn. Or if you are not a resident of a state, but drive a vehicle in the state, you are deemed by law to have consented to the matter of personal jxn by driving there. (Again: personal jxn is what the law says it is, not what you think it ought to be, and totally apart from the matter of whether enforcement is practical)
Still, when the applicable law is simply that personal jxn extends as far as the Constitution permits, the question becomes one of Constitutional law: does the guarantee of due process in the Constitution permit jxn to be exercised here? The traditional test to find out is the minimum contacts test.
Roughly, there must be at least a minimum number of contacts of sufficient quantity and quality that it would be fair and just to exercise personal jxn.
For example: did the defendant engage in business dealings in the jxn? Did they avail themselves of the benefits of the jxn's law (e.g. by entering into contracts which the jxn's law could be called upon to enforce in some manner). Do they solicit business within the jxn? Do they sell goods or services, directly or indirectly, to people in the jxn?
The more contacts there are, the more likely that jxn will stand. If there are few contacts, then it is less likely. However, where a suit is closely connected to a particular contact, personal jxn may be found with less of a contact than if there is no such connection. (E.g. if you only do business with one person in California, then probably only that person would be able to sue you there based on that contact)
Some contacts are too attenuated or minor to support personal jxn, but they're the exception, particularly where we're dealing with business matters.
The other important thing to note about personal jxn is that it is waivable. The law permits someone to consent to personal jxn. You often see this sort of thing in contracts. But going to court to defend yourself will count too. If you want to argue that a court lacks personal jxn over you, then you have to do so in a very precise fashion, lest you inadvertantly waive it, irrevocably. This might seem odd to you, but let me reiterate: jxn is what the law says it is, and the law says that personal jxn is waivable, and has to be brought up in a very specific way, at a very specific time (immediately, basically), or else it is waived. It has nothing to do with what country you're in (unless that matt
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.