Slashdot Mirror


User: Skapare

Skapare's activity in the archive.

Stories
0
Comments
6,883
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,883

  1. Re:FOIA Child Porn Site Lists? on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1

    My comment to your first comment comes from the fact that the way you worded it, the first idea that came across was that your daughter had already been found to be the subject of some child porn site. I'm sure that's not what you meant, but that's the way the words came out. I read it a few times to make sure before I posted my comment.

    The way you put the words for stating jerkoffs OUTSIDE was like you expected only those outside PA to benefit from having a list of places to get kiddie porn, but those on the inside somehow would not? Take the word "OUTSIDE" off and it reads better.

    Since your who first comment wasn't well written, it just came across as either your daughter was in a kiddie porn site or someone might use the picture of it even though it was not porn. Your wording simply wasn't very specific at all. It left a lot of room for a lot of diverse interpretation. What meaning you intended wasn't the only meaning it could be read as.

    The issue comes down to whether the list should be public or not. I think it should be despite the fact that someone might use it quickly find sites to visit. The advantage is there can be public scrutiny to make sure things are done right, and that other means to block them (in browsers, firewalls, caches, etc) could be deployed as well.

  2. Re:This just means no more hi-band/lo-band split on FCC Abandons Linesharing, Kills DSL Competition · · Score: 1

    It's not entirely a gouging practice, and maybe not any at all. Some of the higher cost of SDSL is due to a lower oversell factor in the bandwidth due to the business use. Since business all start using the bandwidth rather steady during business hours, this limits the degree the ISP can oversell their aggregate bandwidth. Consumer ADSL can charge less due to much higher oversell due to more random usage patterns and many users inactive at any given time.

  3. Re:FOIA Child Porn Site Lists? on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1

    So let me make sure I got this right. You would be absolutely revolted at the thought of some pervert whacking off to the image of your 2 year old daughter. So therefore you don't want the list of child porn sites to be released to the public.

    So I have a couple questions for you. How did you find out your family web page got on the list? And why do you want to limit this list to just people INSIDE Pennsylvania?

  4. 970,412 domains on one IP on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1

    970,412 domains on one IP are just parked domains at 209.67.50.203 (futuresite.register.com). I doubt there will be any kiddie porn here. The next level has 822,079 domains at 64.225.154.175 also apparently parked with "Web Page Under Construction". Then 206,255 domains are at 216.34.94.186, and again, parked. The top 9 are either parked or ambiguous.

    Only when you get down to number 10 with 123,011 domains do you get something other than parked ... they are for sale. Check out the full lists about half way down on http://cyber.law.harvard.edu/people/edelman/ip-sha ring/. Also, check out the graph just below there. Another example of natural power law distribution.

    Those sites do beat my 22,484 domains running on one IP. But then, these aren't second level domains; they are third level, so I guess they don't count.

  5. Re:Huh? on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1

    I already asked for the list. They did not provide it. So apparently all they are doing is blowing smoke.

  6. Wrong! on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1

    Wrong! They do not provide the list. I know, because I asked for it and they did not provide it. No domain list. No IP list. Nothing. If you got such a list why don't you prove it. 423 items would fit nicely in a Slashdot comment.

  7. This just means no more hi-band/lo-band split on FCC Abandons Linesharing, Kills DSL Competition · · Score: 1

    For the most part, this just means no more hi-band/lo-band split where the the ILEC is required to provide low frequency analog voice while selling the high frequency broadband side to a CLEC on the same pair. The CLEC can still get the whole loop. And I don't see any specific requirement that they have to even do low frequency analog voice over the loop to qualify. It could be done as Voice over IP, or Voice over ATM, or Voice over IDSL (like PRI). And if the customer wants data only, I see no reason they have to be able to offer voice at all.

    Combined with local/state regulations, this may still result in some complications. For example I have 2 copper loops to my apartment. If I wanted just data and nothing else (I might use a cell phone for all my voice usage) I could use those 2 copper loops just for data, and a CLEC could offer services for just those of us that want data only (although I doubt there is much of a market in that).

    People do want voice. And they may not be satisfied with having to get that voice over a different copper loop than the data loop. So there may be requirements that voice be available somehow. But I don't actually see that in the FCC rule change summary.

    That said, offering voice is NOT hard to do. I already know of a company in my area that is offering data + voice over ATM over T1, and they outsource the voice via a trunk to a CLEC, and get the T1s via a trunk to a different CLEC that is facility based and leases whole copper loops. That company is essentially nothing more than an ISP adding voice. They just happen to do it on T1 instead of DSL because they are oriented to business rather than residential offerings. In theory, it could be done over DSL at a lower aggregate bandwidth, especially with SDSL or IDSL. And compressed voice only needs about 40K rather than 64K anyway. I don't see anything in the new rules that prohibit this over any kind of circuit technology.

    But I could be wrong. The links are incomplete summaries, and especially the impact with existing state rules is unclear. But even state rules could change. Just understand that what this means is that having a CLEC provide hi-band data, and requiring the ILEC to provide lo-band analog voice over the same pair is what I think this is ending.

  8. Which is the cause and which is the effect? on Open Code Has Fewer Bugs · · Score: 5, Funny

    What I am wondering is which is the cause and which is the effect:

    Microsoft source code is defective because it is closed.

    Microsoft source code is closed because it is defective.

  9. Set up your own mail server on Microsoft Going After Hotmail Spammers · · Score: 1

    If you don't like having Microsoft send you advertising, which really is something you have agreed to in exchange for the email services (these are not free to operate, and this is how they get the revenue to pay for the services, just like commercials on TV) ... then set up your own mail server. Set up an IMAP service on it, and top that off with SquirrelMail, and you have your own web based mail that can also be used via IMAP. You can then sell it to your friends (or give it away to your really good friends). Or you can give it away to anyone in exchange for your right to advertise to them.

  10. Re:I wish they'd target their spammer USERS! on Microsoft Going After Hotmail Spammers · · Score: 2, Informative

    While in some cases dumb spammers will use a live Hotmail account as the return address for a spam run, in the majority of cases, the Hotmail addresses (and those of others like BigFoot, Juno, Yahoo, etc) are fabricated. And yes, some spammers are so dumb they leave no means of contact whatsoever. In other cases it's a web site hosted entirely separately from where the spam came from (often a wide range of open proxies for which no origin tracking headers are inserted). And those web hosters refuse to shut down those spammer sites claiming that since the spam didn't come through their network they won't do anything about it (but at least SPEWS lists them, too, which has resulted in many takedowns).

    Look at the headers and see if the message actually came from one of Hotmail's servers. Microsoft already has made it so that it is incredibly hard to spam through the web interface (just like Slashdot's "slow down cowboy" feature for those who post too fast here). But if someone does manage to spam through Hotmail, by all means notify them, although they probably already know about it.

    I don't know whether it is good to report the likely forged return address spams to Hotmail or not. Certainly if the address is real, it should be, so they can shut it down (they do). But knowing whether it is real or not is not easy.

    I don't actually see all that much spam with Hotmail as a return address. I haven't seen any from Hotmail servers in ages. I do NOT block Hotmail.

  11. Hotmail could start by blocking UUNet on Microsoft Going After Hotmail Spammers · · Score: 1

    Hotmail could start by blocking UUNet address space. Given the huge number of spammers there, this would be worthwhile, even though it would affect quite a number of people. If they did this, and monitored UUNet's performance with regard to when all the spammers (and there are a lot of them) in UUNet's space get disconnected, it really could force UUNet to once and for all stop supporting spammers.

    What would Hotmail get out of it? Based on how much my mail servers get pounded on by spammers on UUNet space, I'd guess that Hotmail servers are getting hit to the tune of at least 10 million and possibly 100 million times a day. And even if Hotmail just blocked the spammer addresses, that would still amount to an economic burden of maybe several dozen servers just to handle those hits.

    SPEWS blocks a large amount of UUNet space because of UUNet's continued support of spammers. Lots of innocent legitimate businesses are suffering because of this, but it's better than UUNet customers suffer rather than the recipient mail server operators. UUNet is too clueless to deal with the spammers, and SPEWS is apparently has too small a user base to have an effect on UUNet. But if Hotmail did this, UUNet would be forced to finally, once and for all, disconnect the spammers. This would be good for everyone (and even for spammers who might realize they need to stop spamming and become productive members of society, instead of being thieves).

    Having a big name like Hotmail do some things like this could really help turn the tide against spamming (defined as unsolicited bulk email), and restore public confidence in email as a working medium of commerce, and enable legitimate forms of permission based email marketing.

  12. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    This morning I found in my logs a large number of spam attempts that hit my mail servers overnight. They all came from host database.datacommarketing.com[65.242.117.12] which is within a huge UUNET address block. Many of these attempts were made to a variety of standard role accounts in several domains I own or run. The rest were made to what look like message-ids (they look like email addresses and typically fool address scrapers) in some of my domains. I did not get any content whatsoever, so I cannot say what the content is. But based on the selection of addresses, there is no doubt whatsoever that this was spam using the unsolicited bulk email definition (UBE).

    None were delivered because SPEWS already has them listed, and I do use SPEWS to block them.

    I then scanned the SPEWS record for all addresses with that huge UUNET address block. There is a very large number of current ongoing spamming activity from many addresses in that block. If UUNET is going to allow spammers to impose a costly burden on other mail server operators, then it is only fair that many of these mail server operators get together to push that cost burden back on the ISP. That is what SPEWS is all about.

  13. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    I guess we'll have to agree to disagree on this. I have constructed my argument why it is the other way around elsewhere in this thread. It would be just the same argument again here. I think you don't understand why the 1st Amendment exists. Of course if the government restricted the right to speak without considering what the content is, the argument may be raised it is such a violation. But the government can also defend that it is not in certain cases, such as prohibiting the posting of signs in the middle of a highway. The foundation of the 1st Amendment comes from the idea that governments of the past have suppressed speech on the basis of what is said, and this they wanted to make sure would not happen in the United States. That is the principle I refer to.

  14. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    There isn't much we can do about clueless customers, besides educate them. But even clueless customers might discover that mail gets through more with one ISP than with another. They might, for example, ask a friend who uses a different ISP to try sending for them. When it works, they ask what ISP they are using. Then the clueless customer might switch to the other ISP. That will have the desired effect even if that customer still remains clueless.

    How is that any different than an ISP running a poorly configured and/or programmed mail server that occaisionally loses some mail? At least with blocking, there is going to be something come back with a reason (even if it is hard to reach because of header clutter).

    The spam war really is theirs, unless they have no regard for how much they spend for internet access. Spammers pounding away on other mail servers causes the costs to go up. Small ISPs have to buy a new mail server sooner than they otherwise should. Large ISPs have to have perhaps twice as many mail servers as they otherwise should. Postmasters and administrators have to do more work to manage more servers and the increased jam ups that happen with spam. And in many cases that have even reached the news media, mail servers at even large ISPs have been so swamped with spam they crash, denying total mail services for all the customers.

    The government is one of the entities I would recommend to not use SPEWS for blocking, at least on public facing email addresses.

  15. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    If I restrict communication based on who sends it by having judged them on the basis of the content of what they have sent or what I feel they might send, then I would agree that is a form of content based censorship (although practiced by the recipient, so not technically subject to the free speech clause of the US Constitution First Amendment). And, yes, I have done this before in a few cases.

    However, if I make that restriction on the basis of how they have selected who to send a communication to, then I cannot necessarily agree. Of course this is a difficult judgement here. What if all that someone is doing is sending me a private reply to a posting I have made? Of course, that reply having been on topic would not cause me to list them, even if I disagree with what they say (that happens a lot). However, if they scrape my address from Slashdot and send me a private message on how I might enlarge my penis, then (except for a few articles on Slashdot :-) that would be off topic. Now here is where the semantics play an important part. I might block them, not for what they say specifically, but instead for having chosen the wrong audience for what they have to say. This is unsolicited.

    Now, the next issue is whether it is bulk or not. What if they chose to do so just to one recipient and no others? That wouldn't be bulk. And because it is not bulk, it would not have nearly as much of a scaling problem as bulk email does. So there is less motivation to block them because it's not something that has the potential to be a problem. Of course if they were sending it to me once each day, I'd get annoyed, call it bulk for sure, and block them (and report them to their ISP if they don't stop after getting a couple bounces). If all they send is one, I really don't know if it is bulk. However, it usually is bulk in these cases (still keep in mind the judgement is on how they have chosen the recipients and not specifically the content).

    Published lists like SPEWS have very good tools to measure both the unsolicited and bulk aspect of a given sender. They have some number of "spam trap" addresses (maybe hundreds, maybe thousands; I don't know). These addresses are placed where spammers often scrape their lists, such as incidental locations in web sites and public forum postings. I put a non-existant address on one of my Slashdot postings a long time ago and it got spammed. So spammers even scrape their addresses from here (probably the trolls, don't you think). With so many of these spam trap addresses, SPEWS and other lists can measure whether a given sender is indeed meeting the unsolicited bulk email metric. Then list them.

    Listing a spammer isn't the big controversy for SPEWS in most cases. The controversy of SPEWS is the practice of later on adding to the listing gradually expanding address ranges of the ISP. That does affect customers who aren't spammers. When seen as a content based issue, that doesn't seem right. But there is a behaviour aspect involved here. Would you sign up for service with an ISP that is a known abuser of the internet? Would you sign up for service with an ISP that knowingly has one or more customers that abuse the internet? I wouldn't, and certain members of the anti-spam crowd don't think others, should, either. But consider why an ISP allows a spamming customer to stay on ... money. As long as they believe that they will make more money by having spammers than by not having spammers, and as long as their investors (vulture capitalists) are overriding any moral sense the ISP operators might have about it, they won't disconnect that spammer. Since even with the spammer blocked, the cost of the abuse is real for the intended recipient's mail server, this becomes a take-down issue. But with an ISP reacting only based on the money involved, then by that ISP's decision, money becomes the necessary means to get them to take the spammers down. One potential tactic would be to tell all the customers of that ISP that they are harboring a spammer. But that would itself be spam, and so it is ruled out. Another is to advertise on various media. But not only is this expensive, it also depends on the good will of those customers, who themselves might be influenced by vulture capitalists, or see a specific cost in breaking a contract (there being no degraded service, breaking contracts is much harder to do).

    That leaves the (controversial) tactic of blocking the ISP's customer addresses. That gives the customers real incentive to do something about it (cost vs. cost), the ability to address the concerns of the vulture capitalists (make more money), and even the opportunity to break contracts (the ISP's service is now degraded, and since it is not beyond their control, their "beyond our control" contract clauses will not apply). If the customers raise the issue with the ISP, demand the spammers be kicked out, and make it clear the ISP will lose the revenue from the legitimate customers if not, then all it takes is enough customers and even a greedy ISP will comply. The risk is if the ISP already gets more than 50% from spammers, in which case the situation probably cannot be resolved and the ISP will eventually be 100% blocked as a few are now.

    SPEWS is measuring behaviour based on factors such as sending unsolicited bulk email (and not even commercial ... politicians and non-profit organizations have been listed as well), and for supporting in some way those who do that. This is why I feel using SPEWS to block email on my servers, and recommending it to my clients (some do, some don't), does not violate the principles of free speech (which the US Constitution First Amendment is based on).

  16. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    Of course there is no legal infringement if the party doing the censoring is the recipient. Just as you say, no one ie required to listen (read, etc). Although I am not required to, I personally choose to not use content based filtering because of both that principle the First Amendment is based on, and the fact that I really don't care what the content is.

    And yes, if the government were to get involved in this process, it could end up (depending on what they do) being an infringement. That's why I won't depend on them doing it. It will be very hard for the government to make decisions about what is spam. The one safe-harbor decision they could make, that spam is defined as unsolicited bulk email, goes against the wishes of one of the patrons of Congress: the DMA. I'm not counting on the government ever doing anything right in this regard, and I fear them doing anything as it probably will make things worse.

  17. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 2
    How about this - you are saying that it is justifiable for terrorists to kill civilians because the country they happen to be in supports something they disagree with. Spam may be a large problem (although it's easy to block for me, since most of it is in Chinese for some reason), but that does not justify harming people who just happen to have the misfortune of being near a spammer.

    How about not. That's not at all what I said. There is no equivalency between killing and being listed in SPEWS and being blocked by network operators who choose to use SPEWS.

    Are you having to make up things you think I said so you have a better chance to argue against it?

    I'm just going to make this point: blocking non-spammers will only hurt SPEWS in the long-run, as its current effectiveness is based on the majority of people using it. As people find that they either have to turn to some other source than SPEWS or accept that occasionally people they must communicate with cannot send them email without a whitelist, they will not think "yay, we're helping to eliminate spammers!" and instead think "Goddamned broken SPEWS thing accidently blocking valid people - remove it!"

    Just imagine if the majority of people were to realize what the problem with spam really is, and join in the movement of SPEWS. The end result would be, of course, some period of time where a few people cannot communicate. But it would also force the minority who are indirectly supporting spam (by directly supporting the ISP that harbors spammers) to find a better ISP. Then the bad ISPs will go out of business or if they get a clue quick enough, change their behaviour, kick out the spammers, and be a good ISP everyone can use.

    Eventually, SPEWS will have caused enough problems that no one (except a small core of vigilantes on their own servers) will use it. And then it will have no power over the vast majority of spammers. SPEWS would be more effective if it only blocked spammers and many people used it - it could help make spam an ineffective method of contacting people. Force the cost of spamming up, not the cost of happening to use an ISP that hosts a spammer. All you're going to do is create things like this, and force people against you. SPEWS does not help the cause by being a vigilante and trying to force people who have no buisness with the spammer to take action against their ISP.

    SPEWS would be totally INEFFECTIVE if it just blocked the spammers. The goal would not be met. Spammers would continue to abuse mail servers unabated. ISPs would continue to provide services to them.

    Spammers survive on less than %0.01 response rate. When those who won't respond anyway are blocking the spammers, they will still get most of their response from a few idiots who are influenced by them. They will still make enough money to continue spamming. They will still keep spamming their full lists and abusing everyone else's mail servers. They will still be increasing the costs of running mail servers. They will still be denying email recipients the full facility of their mail server resources.

    For all I know, you may be the person who set up that site.

    And those people do have a business with spammer, in an indirect way. They are in effect saying to their ISP, "we don't care if you keep the spammers, we'll keep sending you money for services and you can stay in business". If an ISP is only getting 1% of its revenue from spammers, then it will only take the fear of losing more than 1% of legitimate customers for the ISP to do the right thing. And those few that never will (I know of a couple which are 100% listed in SPEWS), need to go out of business.

    Besides - which is easier: getting the ISP to drop the spammers acount, or telling people who want to communicate with you to stop using SPEWS? The path of least resistance is likely to be followed... which may include "ok, we'll just ignore the bozos using SPEWS."

    People are certainly free to NOT use SPEWS. One result of that decision is a lot more spam. If you genuinely think just blocking spammers alone is going to work, then start your own blocklist service which does just that. Then see what it's like when you find that you're playing whack-a-mole with spammers changing addresses within the same ISP all the time. See what it's like tracking a moving target. See what it's like when some spammers sue you for claiming they are spammers when all they were doing is giving everyone a chance to opt out of their mailings. If your idea is the right one, then why is no one doing it?

  18. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    SPEWS will list the ISPs that provide services for spammers other than the IP routing service. For example an ISP who provides only the web site hosting for a spammer who is spamming on some other network can be listed. Another ISP that provides only the DNS service to a spammer can be listed.

  19. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    As long as spammers remain, listings remain. When spammers are gone, eventually this is detected and the listings fade out. But there is a vanue for reporting errors. It is the news.admin.net-abuse.email newsgroup. And it works. I've seen it work. Yes, there have been a few errors, and they get reported and corrected.

  20. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1

    UUNet does harbor spammers. As long as UUNet believes you'll stay despite spammers, they will continue to harbor spammers and the spammers will continue to abuse other people's mail servers.

    The blacklists that list all of a whole country or a whole ISP are not the same thing as SPEWS. SPEWS doesn't do that kind of thing. You must be referring to http://www.blackholes.us/.

  21. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 2, Interesting
    Or he might be
    • A customer of UUNet which spews has listed because it disagrees with some of the content they host

    UUNet has become one of the worst ISPs around due to their harboring of large numbers of spammers. And they do absolutely nothing to respond to complaints reported to them. They just let the spammers keep spamming.

    NOBODY with a brain is using SPEWS anymore. Listing the largest commercial internet supplier in the US was simply idiotic. And it was done for completely illegitimate reasons.

    There are completely legitimate reasons for blocking UUNet. It's the spam. You may be confusing SPEWS with some small-time renegade blocklist.

    The whole blacklist concept boils down to vigilante tactics, use threats to keep people in line. The problem being that the people who run the lists tend to turn into self-important little tinpot dictators after a short time.

    As soon as I see SPEWS operators "turn into self-important little tinpot dictators" I'll certainly stop using it. But I have not seen it happen. Feel free to point out any specifics if you are aware of them.

    If anything, it is the very act of harboring spammers that is a vigilante tactic. Given that the costs of transmitting email are heavily slanted to the recipient end when spam is involved (because the spammers use special software to send email that scale up more effectively than ordinary MTA software), such a tactic could be in active use by some ISPs to drive up the costs for others (their competition).

    Content based filtering also is a direct violation of the principles of the US First Amendment right to free speech
    Unture, with the exception of Limabaugh whose judgment in Nixon is opinionated nonsense the Federal courts have all rulled that the junk fax laws are constitutional.

    Read my statement again, this time carefully. I said it is a violation of the principles. I did not say it is a violation of the Constitution and/or First Amendment itself (see the way the clause is written). Since the Constitution places restrictions on the government, it is the government that is the one that has to be sure not to restrict speech based on its content. You and I are free to do so within the context of our property rights and those of others. While it would be wrong for me to go delete your messages (that would be violating your property rights), you could certainly delete them yourself if you choose to. But I do fully believe in the principles the US Constitution was based on, and I practice my life that way. Thus, I do not use content based filtering. That's my choice.

  22. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1
    uh, this is exactly why things like blacklists *are* broken. There are plenty of spammers not on any blacklist, so don't think of (!blacklisted) as equal to (whitelisted).

    No anti-spam method is perfect. It is unlikely any will ever be. Don't expect some clever new spam to be blocked until the blockers get more clever. It's a game of one-upsmanship.

    Also, (blacklisted) != (spammer) as well, since alot of these list ops don't care about false positives or collateral damage.

    Go back and read my original post. These are not false positives or collateral damage. They are intended. When the customers of an ISP are listed and blocked in order to pressure the ISP to stop its support of the abuses by spammers, that is not an error, not a mistake, not a false positive, or collateral damage. It is in fact intended and for the described purpose.

    In war, we speak of collateral damage as the UNintended targets of things such as bombs. Blocking customers of ISPs is not that. It is more like trade sanctions. The trade sanctions don't work in Iraq because most of the people cannot switch to living in a different country. But most customers of an ISP that doesn't get the clue, can switch to another ISP. And it has accomplished the intent in many cases.

    Secondly, consider your "is a customer of an isp harboring a spammer" rule. The point of antispam efforts is not to block out all spam. (redirect all email to /dev/null would accomplish THAT goal). The point is to allow genuine communication. That means a perfect antispam would allow 100% of "useful" communication (whatever you define "useful" to be) and deny 100% of everything else. Blocking "customers of ISPs" goes directly against that: purposefully denying non-spam traffic is a broken concept. Blacklisters tend to justify such behavior as "zero tolerance," and "putting pressure on ISPs," but I think attacking innocent bystanders is extremely offensive, ineffective and just plain wrong.

    You're missing a goal. The other goal is to keep the communications cost effective. Consider that an onslaught of spam, even though it is not going to be delivered for whatever reason, can overload a mail server, possibly even crashing it, and deny other communications. Spam attacks can deny the timeliness of communications. There won't be any form of 100% perfect useful communications until every spammer is gone. That goal cannot ever be realized given human nature, but we can get very close by making sure that ISPs deal with the issues of spam that they should be doing. Once they are doing that, then we'll at least have 99.9999% usefulness.

    We obviously disagree. In my opinion, what you call attack is nothing more than a boycott. And remember that it is the recipient mail system operator making that decision to use SPEWS or some other blocklist. If they believed as you do, they would not use it (I presume you do not).

    So what if your favorite blacklist decides to stuff the entire 64.*.*.* IP address range? you will cut a lot of spam but suffer enormous collateral damage. Find a spammer, block the spammer. but don't bomb his whole neighborhood "to prove a point."

    First of all, picking that specific address range is stupid. SPEWS will not expand a listing to an unrelated ISP. The 64.0.0.0/8 block is broken up into many allocations by ARIN. But maybe you can use the 12.0.0.0/8 network instead, since it is allocated entirely to one ISP.

    It's not bombing a neighborhood. If enough people were to use SPEWS, then the ISP would eventually realize that they will lose more money by legitimate businesses leaving than they get from spammers. Bombing is lasting damage that has to be rebuilt over. Blocking an ISP is fixed by a very simple action of disconnecting the offending spammers.

    I'm sure you would be quite pissed off if your mail bounced because your ISP was listed in SPEWS. But consider that the operator of the mail server used by the party you tried to send the mail to is equally pissed off at your ISP for letting one of its customers continue to attack his server. Actually, it is more likely he will be even more pissed off, because the costs in terms of resources consumed and wasted at the recipient server exceeds the money the ISP makes from the spammers, the money the spammers make for themselves, and the cost to the customers to switch ISP, combined.

  23. Free Speech on Spam Catchers Block Latest Crypto-Gram · · Score: 0, Offtopic

    Free speech isn't about simply being able to speak something. It's about being able to speak about any topic you choose to. If you want to speak about voting out the incumbent president, or recommending penis enlargers, that should be your right. Infringements on free speech are those that take into account what the speech subject is, to decide whether to suppress it or not. This is the kind of infringement that content filtering does. Perhaps the content filtering is simplistic and looks for "penis" in the message. Or perhaps it is very sophisticated and approaches a conceptual understanding of the message. But regardless of how good it is, by being based on the content, this is infringing against free speech.

    Of course for your own mail server, whatever you choose to use is up to you. The US First Amendment only applies to restrictions imposed by the government. But I happen to choose to not restrict based on content; I choose to restrict based on the behaviour of the sender who is sending unsolicited bulk email (UBE) regardless of the content.

  24. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 1
    "Yes, your honor, the bomb did kill 158 innocent civilians. But it also killed the two terrorists!"

    We're not talking about 158 innocent civilians. We're talking about customers of an ISP. The ISP harbors spammers, and the customers are being pressed to get the ISP to stop that bad practice. At any point in time the ISP can do the right thing and disconnect the spammers. This isn't like a war where the leaders refuse to consider diplomacy and negotiations. The bad guys can stop being bad guys at any time and this will resolve the situation. And the customers are not being blocked anywhere they go; they can deliver mail via a 2nd ISP, or they can pull up stakes and move.

    Your analogy is flawed because blocking email via a particular ISP does not prevent the customers from being able to use another ISP to send mail, but killing people prevents them from doing anything forever. These things simply are not equivalent.

    Come on - is it really your fault if you accidently find yourself "a customer of an ISP harboring a spammer?" Do you deserve to be punished too? Do you really think that blocking the entire netblock of people who may be using the service because they have no other choice is really a good method to stop spammers?

    No, it is not your fault to find yourself a customer of an ISP harboring a spammer, if that was not going on when you started with the ISP. But, the customer can choose to move (at least their mail sending operation) to another ISP, and bill (or sue) the guilty ISP for the costs of doing this.

    Very few cases exist where the customers of an ISP have no choice. Even in areas where that might exist in terms of connective access, there is also the option to acquire the services of a remote server (thousands of ISPs available all over the world, most of which are not listed in SPEWS), tunnel securely to it, and send mail out from that server.

    I doubt many people blocked due to a single spammer are going to think "oh, well, I may not be able to send e-mail to my most important client - but at least while I'm losing thousands of dollars, I know I'm helping to fight spam!" Most, I'd bet, would just call up the offending receiver and complain that they're getting bounce messages when they try and send e-mail and that the receivers should fix their mail servers as soon as possible.

    The customers that are not "inconvenienced" by this won't be complaining to their ISP about the spam problem. Then there will be no pressure on the ISP to disconnect the spammers. Then the spammers will continue to abuse millions of email servers all over the world even when those servers are rejecting messages because the spammer is listed in SPEWS or some other DNS blacklist, or bouncing them due to content filter rejections.

    There is no way to put pressure on an ISP that they can understand other than through their customer base. Remember, this involves ISPs that are not voluntarily disconnecting spammers, probably because of their greed for the pink money the spammers are paying them.

    Do you have a better idea that will place this pressure on the ISP? I've asked this question of many people, and have gotten no direct answers, only whining about punishing innocent customers.

    So, I guess if costing a few hundred people a hundred bucks to move to another service is "helping to reduce spam," it's a cost that they should be glad to pay...

    I won't say they will be happy about it at all. I expect them to be quite pissed off. But that anger should be directed to billing or suing their ISP for these costs. Since the ISP could have corrected the problem by disconnecting the spammers, they cannot hide behind "... due to conditions beyond our control".

    And keep in mind that the spammers involved are spewing out millions, sometimes even billions, of copies of junk, costing the end recipient mail server operators money in terms of server resources abused and wasted (e.g. running a process to carry out the SMTP protocol, check the rejection database, analyze the message content, or whatever it has to do). And this cost is several times more than the sum of what the spammers make, the ISP makes, and the customers lose to move. Do you think the recipient mail server operators are going to say "it's a cost I'm glad to pay to ensure no email is ever lost"?

    If you want to use SPEWS for your own personal webserver, then go ahead. If you expect anyone doing any buisness with e-mail to use it regardless of the risks of blocking important e-mail, then you're out of your mind. If you think that blocking entire netblocks is going to encourage companies to use SPEWS, then you're insane. If you think harming many to bring justice to a few in the group is morally just, then I must question your morals.

    Based on the numbers of complaints about "SPEWS is blocking my email" it's rather obvious that quite a lot of networks are using it. Of course not everyone will. And it is also possible to configure certain addresses to not make use of SPEWS, such as the sales department or the abuse department. Still, not everyone understands the costs against the mail servers, so they don't know about a need to get spammers disconnected, and thus they may not be motivated to use SPEWS.

    Again, you have the opportunity to stop being negative (being negative is saying what not to do while not offering an alternative that achieves the same goals) and offer a better idea which will get spammers disconnected.

    (I suppose a better analogy would be "Yeah, the gas may have put hundreds of innocent civilians into the hospital for a month, but it also put the three-man scam out of operation!" in that people that are blocked by SPEWS can become unblocked, and hence are only "wounded." It's still harming many to eliminate a few.)

    Were these civilians supporting the scam operation? Were they used as human shields? I don't even see an analogy here, so I suspect you still have no clue about the scale of the spam problem.

  25. Re:SPEWS on Spam Catchers Block Latest Crypto-Gram · · Score: 3, Insightful
    If he were on the SPEWS's blocklist, he'd never get out!

    And this is why the SPEWS blocklist is so effective and so good. If he were on it, then that would mean that he and/or his network fell into one of the following categories:

    • Is a spammer
    • Is an ISP harboring a spammer (or an upstream ISP thereof)
    • Is a customer of an ISP harboring a spammer

    Because spam causes abuse to email servers, even when the mail is refused either for reasons of an IP based blocklist, or for content filtering ... abuse in the form of higher costs for the server operators and recipients ... the proper goal is to get the spammer not just blocked from being able to get mail into your mailbox, but fully disconnected from the internet to prevent these kinds of costly abuses in the future. And since only the ISP hosting them can actually disconnect them, it will be the job of that ISP to do so. Most ISPs will when they realize the situation. A few ISPs refuse to, and that's when it comes time to put pressure on the ISP by expanding the blocking of the ISP's network, forcing them to consider that their legitimate customers will be leaving if they do not disconnect the spammer. SPEWS gradually expands listings so that the point where the ISP finally understands this can be reached with the minimum of so called collateral damage (which is not really, because these are customers who are paying money to an ISP which harbors spammers, so they share in the guilt).

    Bruce Schneier's mail server happens to not be listed by SPEWS. So it can be said that he is not a spammer, is not running an ISP that harbors spammers, and is not using an ISP that harbors spammers. That is a good thing and shows that SPEWS not only works, but works better than content based filtering.

    Content based filtering also is a direct violation of the principles of the US First Amendment right to free speech (although the actual amendment only applies to restrictions imposed by the government and does not apply to private businesses in most cases, if not all). Infringement of free speech happens when the decision is based on what the content is. When restrictions are not affected by the content, then such restrictions are considered fair since any content can be passed when the behaviour that evoked the restrictions is not done. And the whole spam issue is about behaviour, not content. The bad behaviour is the act of inappropriately choosing multiple recipients for sending the message ... e.g. unsolicited bulk email (UBE).

    Of course on your own mail server you have a right to use whatever methods you deem appropriate based on how you want to balance your costs, the quality of your service to your customers, and how much cost you want to pass on to your customers. Obviously you have to be in contractual agreement (possibly implied) with your customers about what methods are chosen. If you only offer one kind of service and your customer does not want that kind, by being properly aware of what you do offer, they can go elsewhere. Or you can offer a diversity of services the customer can choose from (e.g. a customer control panel to control the methods of spam filtering for their email accounts). So the choice of what method to use to block spam is strictly a relationship between a provider and its own customer.

    In the case of a network owned by a business only to serve that business function, then it's simply the commercial version of "my server, my rules".