Slashdot Mirror
Email Servers Will Choke, Says Spamhaus
Rub3X writes, "The legal battle between antispam organization Spamhaus and e360 Insight is heating up. Spamhaus has a user base of around 650 million, and its lists block some fifty billion spam emails per day, according to the project's CEO Steve Linford. Spamhaus CIO Richard Cox says the immediate issue is that if the domain is suspended, the torrent of bulk mail hitting the world's mail servers would cause many of them to fail. More than 90% of of all email is now spam, Cox says, and he doubts that servers worldwide would be able to handle a ten-fold increase in traffic." Others estimate Spamhaus's blocking efficacy as closer to 75%; by this metric spam would increase four-fold, not ten-fold, if Spamhaus went unavailable. The article paraphrases CIO Cox as saying that the service will continue "even if there is a short-term degradation."
There is no alternative. As soon as any method becomes popular enough to be useful, spammers will move in. Sure, you could use IM, but spammers are there already. You could set your IM client to only accept messages from known users, but you might as well go back to email and set up a whitelist.
Let's get to the very root of this problem: spammers can send as much email as they want, with very little penalty in cost. This problem could be solved if some kind of postage system was applied to email. It's been said before, and it's always beaten down in this community because it appears to fly in the face of Free ideals. Well, everyone here is already paying for their internet connection, for their computer, for the power to run it. I'm sure some method for postage could be devised that still maintains a level of privacy.
And to be honest, I'd be interested to see what effect this would have on supposedly valid emails. Perhaps that weekly newsletter would have a little more thought put into it. Maybe Aunt Patty wouldn't forward the same joke that's been going around since 1997. Corporate internal email would be unaffected, unfortunately.
I think most internet users still remember what it was like before spam filtering became common. Wait a few more years. Then users will take the filtering for granted.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Use the UK domain system, e.g. http://www.spamhaus.org.uk/ . It works, and it's not subject to US law.
Easy. We just need to set up a protocol where an ISP is charged $0.01 per email sent. That will kill the spammers without having any real effect on people sending email.
Actually, the problem is not this simple. Spammers today send their emails from millions of hacked computers worldwide. They will just continue to do so, and these charges will drop on the clueless users whose computers are used to send the emails.
As long as computer security is as bad as it is today, there just is no easy solution to spam. All hyper-clever ideas about encrypted network id:s, black and whitelists, hashcash, etc, are just temporary solutions --- they only serve to drive the spammer to more intensly use the fact that a hacked computer also gives access to an online identity.
Open Materials Database
I'm starting to wonder about the sanity of Spamhaus' lawyers -- or if they really have lawyers at all. So far their arguments seem to have been
1. This case is at the wrong court, it should go to a federal court instead.
2. (to the federal court) We agreed that you had jurisdiction over this, but we're going to pretend that we didn't say that.
3. What? You've decided that we broke the law? Well, you shouldn't punish us because we're really nice people.
While I do not doubt Spamhaus' credentials as really nice people, this is hardly relevant to the case in question.
Tarsnap: Online backups for the truly paranoid
Why don't spamhaus just remove the e360 adresses from their regular spam lists and add them to a new list named "addresses no longer blacklisted becuase we were sued and ordered to remove them"?
:)...
That list would then serve as a perfect permanent black list for all sysadmins who happen to think that people who sue spam lists might not be the kind of people who send worthwhile emails.
I would actually recommend even higher priority to that list in the spamassassin config file than spamhaus' regular blacklists
Open Materials Database
"I think Spamhaus is trolling after making an ass out of itself in court."
Ummmm, they didn't go to court and they have not accepted anything, Spamhaus are demonstrating their view that the court does not have jurisdiction, Spamhaus seem to have a clue what they are talking about but the judge isn't listening since they refused to recognise the court by showing up. And if push really did come to shove then Spamhaus would probably just "reboot the company" in a different country.
I've been in front of a few judges in my time and IMHO many of them are the most arrogant people you could possibly imagine. I know very little about the US court system but I am guessing a district judge is not very high up the judicial foodchain and would have a hard time shutting down the internet no matter how hard he bangs his gabble. Meanwhile the rest of the planet will treat an unenforcable court order from this judge about as seriously as they would a court order from the judge in this case.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
It would be interesting if all email server admins suddenly opened the flood gates for a day or two. Maybe then the general population will gain a better appreciate of the scale of the matter.
And what exactly can we do about the problem? I'm part of the general population in this case, how can I help? I secure my machines (so no spam zombies for me), I don't buy from spammers or companies advertised by spam, and I'm not within the court's jurisdiction so I can't petition it (even assuming they'd listen, which they probably wouldn't and arguably shouldn't).
(I also appreciate the scale of the problem; I own a domain and thanks to some scum sucking low life using it in their forged From: headers, I get in excess of 1000 junk mails, bounces, etc per day.)
So what would you have me and the rest of the "general population" do?
It's official. Most of you are morons.
After the failed attempt of the illegal alien crowd to shut down the USA by telling immigrants to march on one day (they don't differentiate between illegal and legal), ...
This is garbage and as such damages any argument you might try to make regarding the subject being discussed (spam). The goal of the Day Without Immigrants protest was to call attention to both the plight and the influence of immigrants. Apparently you are uptight about being part of a system that explicitly relies on undocumented immigrant labor? Perhaps a bright future awaits you in the agricultural or travel industries? There was no attempt to shut down the US, and during the protests it was common to see expressions of patriotism including displays of the flag and replicas of the Statue of Liberty.
Absolutely everyone differentiates between illegal and legal. That is the whole point. In order to become a legal immigrant there should be a process. The existing process typically takes in excess of ten years simply to review an application, never mind actually approving one and letting someone in. Many of these people who wait for ten years or typically more may do quite a bit of productive work in the interim. While the rules for entrance get endless argument Americans show they want immigrants by hiring them and endorsing the products that are associated with them by forking over money.
Perhaps you might be able to kick start your empathy if you moved away from the focus on illegality and thought more about the criteria involved. If someone is willing to work hard and has skills that are valued, does a waiting period of at least ten years make sense as an initial barrier before other barriers are introduced? Hint: There would be fewer undocumented workers if the process for documenting them functioned at all, even functioned as designed, better yet functioned by more common criteria.
Never owned a car in my life. It's called a bicycle, and public transport. Yeah, yeah, so you live in the USA where those hardly exists. Sucks to be you.
Been doing without for four years. No ill effects, lots of extra free time. DVDs are watched on my computer.
Been doing without for six years. No ill effects, my music-ripped-from-CD collection is large enough to offer much better variety than any radio station ever did, and I'm completely free of annoying jingles.
Don't see the need to walk away from life or my legs just yet, but I'm sure that if you really want to, you'll find a way
Suuuure, it's worked so well to get Americans to give up their SUVs and take public transit to slow the flow of all the oil money that supports terrorists. And those bounties have helped us get Osama Bin Laden in custody. Right?
Start a happiness pandemic
We should go to the source - those businesses who pay spammers. Right now they weasel out like "we don't spam, we just pay our associates for marketing services". That way they stay apparently clean. There should be a law that prevents such responsibility decoupling. Those who pay and are advertised MUST be responsible for their advertisments. They must be prevented from feeding money to spammers. Furthermore, those who buy goods offered thru spam should be persecuted. There should be a law against buying services or products advertised over spam and police should do like they do when hunting customers of prostitutes - send fake spam and arrest those who answer it. Then this small subpercent of "paying customers" would shrink further and spammers business model would choke.
In fact, direct marketing should be illegal alltogether, for all networking (spam, telemarketeering) and environmental (junk mail - all that paper, ink, fuel for postal vehicles) reasons. No society or civilisation can sustain all businesses sending personal notes to each person. It is not just annoying, it is insane.
It is _not_ a valid defense to say that something would break without you - while you might be right, that is the wrong argument to be pushing here.
Would slashdot give Microsoft so much slack if they were put on trial for monopolistic behaviour, and said the world's computers would become vulnerable if they were put out of business?
Real men don't write sigs
Doesn't really matter if the land in question is a foreign land, does it?
If Spamhaus goes down, then the difference will be semantic once the crapflood hits.
Spam is not a Microsoft problem, spam is a clueless user problem. It's just as easy to write a trojan spam bot that works under Linux or OS X as it is to write one that runs under Windows. All you need to do is trick someone into installing it as root/admin. Right now that's unlikely, as there are (relatively) so few Linux boxes and the maintainers and users are (relatively) so much more clued-up about this sort of thing. If the masses ever migrate away from Windows, they'll be just as clueless and likely to root themselves on their new platform.
I'm not defending MS (who have worked quite hard to make PCs easier to use, with the side effect that the more clueless user can use them) or denigrating Linux. I'm just pointing out that actually spam is a social problem; the average user doesn't know enough to keep their machines clean. A lot of users don't even care, as long as their machine works for them, they don't care who it might be working against.
Education is our only hope. Personally, I think we're doomed.
It's official. Most of you are morons.
RTFA
I think you are terribly mistaken. Spamhaus screwed up. They could of ignored or sent an attorney as special counsel to the case without acknowledging the jurisdiction of the Illinois court. Because they asked it to be moved to Federal, they pretty much acknowledged that the judge now has jurisdiction over the case. Then, because they don't like the judgement, they go ahead and try and ignore it. Instead of not showing up, Spamhaus could of done a better job in front of jury. Because they didn't, the judge didn't have much choice as the plaintiffs win by default.
. . . by threatening judges with impending doom.
Really. It doesn't work, unless, of course, you are the President, warning judges about terrorists.
Still, I've argued this point before; there's at least a few points of dispute regarding jurisidiction, and spamhaus should have showed up in court.
It doesn't matter if they are ultimately right; what matters is that it is not 100% clear cut, and as such, a judge will give a plaintiff a great deal of leeway in a default situation.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
May the Maths Be with you!
But at least with Yahoo, it ends up in the spam box. Hotmail puts it in your inbox. Unless you turn on the option to only receive mail from your contacts (Whitelists are stupid) then just about everything ends up in your inbox with Hotmail. I have accounts for both, and as of now, I have 927 spam messages in my spam box from yahoo. With hotmail I have I have 2700 message in my inbox, 14 of which are from my contacts; I have 12 messages in my junk mail box. So, hotmail is terrible at blocking spam, while Yahoo, at least puts it in a separate box for you, so it doesn't clutter up your inbox.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This famous checklist is a useful thing to have around, but IMO not a decisive answer to any spam suggestion. It is very likely that we will have to compromise on one or more of those ideals in order to make progress.
For every expert, there is an equal and opposite expert. - Arthur C. Clarke
This post is probably the greatest use of "Post Anonymously" ever.
Imagine the cost to the court systems.
Procrastination -- because good things come to those who wait.
Sure that is really insightfull. Let's use a nuke instead of a bullet to shut down the spammer? WTF? And then lets not back it up with any facts that they did anything wrong. oh, one murder in the city, lets' nuke them all. Really smart.
(Mods: My last comment on Spamhaus was sent to "troll" land - my first ever negative comment on Slashdot in 10 years. Being pro-Spamhaus != good netcitizen and vice-versa. I am a good netcitizen, working extensively on Australian internet governance issues, such as being the technical dude who worked on auDA when we moved from monopoly to a regulated DNS environment, and secured Australia's second largest ISP and helped build and secure the alternative massive backbone, which carries all academic traffic as well as most ISP traffic. I was once the SAGE-AU President, and I still abide by their code of ethics. Therefore, if you mark me a troll or flamebait, you are a working against the best interests of the Internet. Read and decide for yourselves, but be v. careful when you hit the moderation button.)
/32s which make sense, and preferably be in the form of actual law enforcement. Spam is illegal in most countries, and citizens MUST not and indeed are NOT allowed to take the law into their own hands. Spamhaus are not the solution, and never have been.
This is happening to me right now. Spamhaus are acting like a wild west sheriff, but have no responsibility.
I host a number of websites, one of which has 5500 car nuts. I suffer *actual* financial loss directly because of Spamhaus' illegal blocking of my hoster's entire netblock. The spammer is gone, and yet we are still blacklisted. There is no way to get off this virtual death penalty.
New folks wanting to talk about VWs on my forum can't, and they leave, frustrated. I don't even know that they're stuck as my mail from the system is broken. Those few I do hear about - via the users being very persistent, cause me to spend 10-15 minutes per new registrant to get them on. If they lose their password, I can't help them. I spend an extra hour or two every night working on problems, and although I get a nice Google check once a quarter which generally comes close to paying the hoster, I'm suffering growth problems now - we moved from 2500 to 4000 members in no time, but our last 1500 members have dribbled in over the last 18 months. In the 18 months I've known about this problem, Spamhaus have cost me at least $4500 in lost wages at McDonald's rate (far lower than my actual hourly rate), and at least (and this is EXTREMELY conservative) $1500 in lost advertising revenue. I run my site out of a love for Volkswagens and as close to being a non-profit as I can whilst allowing for growth (we will eventually need more servers), but it's still coming out of my pocket. The loss to me is significant in time and money, but the loss of community is immense. Spamhaus are destroying my community, and many thousands of others with their negligence.
Spamhaus must:
* Provide a way to get unaffected netblocks off their list. This "block the lot" collateral damage is like mowing down an entire kindergarten of kids to get at the pedo jerking off at the fence.
* Acknowledge the financial harm they cause when they block domains that have NOTHING to do with spam. Even the spammer who used the netblock (before being kicked off) used it for pr0n, not spam. Netblocking the entire 64 odd class C's (in my hoster's case), blocking thousands of innocent customers just because one of them hosted pr0n for a short while before moving on did not in ANY way reduce the world's spam problem. I'm certain we are not the only site suffering this.
Totally unacceptable.
Do NOT mark me down as a troll - Spamhaus are not the protectors you think they are. I once thought they were, but they are not our friends, merely falliable people who see everything as black and white. I do not want them working for us any more. They must be put out of their misery. Hopefully, a replacement RBL will arise who aren't so arrogant, take some responsibility, carve out netblocks and
Andrew van der Stock
Hell, if SA just detected animated .gifs and let me assign them 10 points, that would be fine with me. *Nobody* is sending me those legitimately. YMMV, etc.