Re:Let the conspiracy theories begin...
on
Make More Mistakes
·
· Score: 1
fmaxwell:
Give me examples of companies which make money primarily by developing and selling open source software. Companies that derive most of their income by selling hardware don't count. Companies that derive most of their income selling support services for OSS don't count. Companies which sell open source software that others developed don't count.
Show me companies that developed open source software and then made money selling the same software for which the source is freely available.
Sheesh, you don't ask for much, do you? Sure you don't want to add any more special conditions to that list?:-)
Trolltech is probably the best example, and should be well known to Slashdotters.
Sleepycat Software has been around for quite a while.
Someone mentioned it above, but I notice you didn't mention it in your response.
Sendmail - whether you bless it or curse it, it's still the biggest mailserver on the Net. The sheer complexity of the product is probably a big factor in Sendmail Inc.'s success in selling "commercial" versions (for which they also provide support).
And yes, the original developer of Sendmail (Eric Allman?) owns/runs Sendmail Inc.
Thought it may be with Sendmail that they make more money out of their support contracts. And if you are a troll (possibly even if you're not), your next move may be to add an extra condition along the lines of "Companies that charge for commercial licensing of their product don't count," which would rule out Trolltech and Sleepycat, as well as probably quite a few others that I can't remember right now.
Though I'd probably think that the Trolltech/Sleepycat business model is the best option for an open-source-software
company. At least when you're talking about software libraries that potential customers can only use by linking to - thus invoking either the "free" license (usually GPL-like) or the "commercial" license.
Now if there were a GPL-like license that came into effect when you just used the software... something like that might open a wider scope for a company developing open-source software that could have both a commercial (ie. pay-for) and a "free" license.
Hmmm. Interesting.
One more thing to add to the "does not work" list. I can't open MS Word password protected files with OO.o. It just says the file is is password protected and quits.
I'm sure you'll be delighted to know that this is an
OpenOffice FAQ;-).
I remember reading about this a while back - essentially, the MSWord "password protection" does absolutely nothing to protect the document files in question - it certainly doesn't encrypt them.
It just has a little tag in the file telling MSWord that it's password protected, so don't allow the user to open it unless they supply the correct password.
So of course OpenOffice can open such files without a problem, and in fact used to do so - without asking for the password in question.
I've heard a couple of reasons why the OO developers didn't add the ask-for-password feature (don't know for sure if either are correct): (a) because they didn't want to encourage use of this fake "protection", and (b) because the password itself (stored in the file) was encrypted or hashed and the OO developers couldn't (or just couldn't be bothered trying to) work out the encryption/hashing algorithm so they could do the password-checking routine.
But essentially, they had complaints from people who were worried that a mainstream, easy-to-use application for opening and reading MSWord "password-protected" files could be a problem.
So now OO just refuses to open "password-protected" files at all.
Personally, I would have preferred them to keep on opening such files without asking for a password.
It could have become a big selling point, while effectively demonstrating what a sham the MS PP "feature" is.;-)
I said: "I have no doubt the "review" was written with a sense of humour, but it wasn't just a joke."
PhoenixFlare responded: "Then he failed, miserably. The "joke" isn't funny at all, and frankly, makes him look like a complete idiot."
Note that I actually said it wasn't just a joke. As to whether it was funny or not, well, different people find humour in all sorts of different things. You might (or might not) have found parts of it funny if you hadn't misunderstood it on your first reading. Now, of course, it's very unlikely you'll find it at all funny because it'll be tainted by the memory of the irritation and/or annoyance you felt on reading it the first time.
PhoenixFlare: "If that really was his intention, which I doubt....Then why the hell try to pass it off as a "real" article?"
Well, one might as well ask why people participate in April Fools stunts. And by the way, remember that this is Slashdot, the land where no errors of spelling or grammar - let alone complete misrepresentation of a story - are sufficient to keep an article from the front page *wry grin*.
But sometimes it's necessary to present something as the "real thing" in order to make the point you're trying to make.
Have a look at the very ingenious essay A Person Paper on Purity in Language for one very good example of this sort of thing. And yes, there were apparently a lot of people that misunderstood (and continue to misunderstand) that essay... but if you don't misunderstand it, it makes the point very effectively.:)
For god's sake, people - open your bloody eyes. Read. Comprehend. It's not like it was all that subtle, you know!
Those of you (far too damn many of you) lambasting and abusing Roblimo because you missed the point of the article - let's see if even one of you has the balls to apologise and take back your words. I'm betting none. Sigh.
The smarmy attitude got to me after a few paragraphs. [... ] This kind of drek doesn't help anyone.
Looks like you (and quite a few others) missed the point.
I have no doubt the "review" was written with a sense of humour, but it wasn't just a joke. The whole point appears to be that he's saying exactly the same things that so many other so-called "reviewers" do when they're coming from a Windows background and reviewing a Linux environment. Down to the exact words in some cases, I'm sure.
There were quite a few less-than-entirely-subtle hints, but the clincher (from my perspective) was this line:
"I haven't figured out how to put app icons on the Windows bottom panel. I don't even know if it can be done. Perhaps it can only be done by smart Windows geeks, but not by simple-minded Linux people like me."
*grin*
The point is[0] to illustrate how useless are the kind of "reviews" where the reviewer doesn't give the product a fair go. Doesn't take a serious amount of time to evaluate it. Doesn't actually try to get used to a different environment and way of working, but continually whinges simply because it is different (well, duh) to the environment they normally use.
Though actually it was a bit too generous... I've read quite a few reviews of alternative operating systems written by dyed-in-the-wool Windows drones, and I don't think any of them came even close to using it exclusively for a whole week.:)
Pete.
[0] At least as far as I can tell - maybe he's trying to make another point too subtle for me to pick up;-).
This guy's idea is not new :)
on
The Cult of the NDA
·
· Score: 3, Informative
Well, I guess it's hardly surprising that two people involved in the same kind of business should have the same views, but still...
A Good Hard Kick In The Ass, by one Rob Adams.
I borrowed it from the library (sorry Rob:) mainly because I thought it was a catchy title... but it turned out to cover almost exactly the same notions as included in this guy's "Cult of the NDA" article (except, obviously, in a lot more depth and with a lot more entertaining anecdotes). There's an entire chapter of the book that essentially just says "You think you have a unique idea you need to keep secret? You don't and you don't."
Adams also insists on what he calls "execution intelligence" being one of the key pillars in a business-that-might-have-a-chance (as opposed to a business that has no chance because it's still hung up on worshipping its own not-unique and not-even-very-good idea).
Some good stuff in the book. Certainly worth a read - even though a few bits of the book are rather amusing from a post-dotcom perspective (the book was published in 2002 according to Amazon, but I suspect most of it was written quite a bit earlier).
...ie. write your CV/resume in HTML, then email it off as an attachment with a.doc extension. If you're feeling particularly enthusiastic, you can even change the attachment mime-type to "application/msword". Double-click on that in a normal MSWindows/MSOffice environment and it'll smoothly pop up in MSWord, beautifully rendered (MSWord generates absolutely atrocious HTML, but it has no problems rendering standards-compliant HTML).
That way, they'll never even realise that it's not an MS-Word document - whereas they'll be somewhat unimpressed by the plaintext document because...
you know... it looks so plain!:-)
I used this technique for a while when sending out my CV, but eventually decided I wanted a bit more control over pagination - so changed it to an MS-Word document format (as generated by OpenOffice from the original HTML). But if you're not too fussed about micromanaging:-) your CV appearance, the HTML-pretending-to-be-MSWord technique works great.
Is there a reason you couldn't just say what you wanted in English instead of coding shorthand? You're not l33t or cool or whatever effect you're hoping for, just annoying.
Well, I was trying for "amusing", but I guess "annoying" at least starts with the same letter:-). And as to why, well, sometimes it can be more effective to make a point in a humourous way - as opposed to a deadly serious way. Of course it may have been more effective in this case if it'd actually been funny, at least to you *wry grin*.
For the record, though, you were perfectly correct in your interpretation of what I meant.
From what I can gather, though, you're trying to classify spammers as "criminal scum",
In some places, spamming ("just" spamming) is, in fact, against the law. I believe the punishments in those places are pretty inconsequential - eg. a small fine for each infraction - but it's a start.
For the serious spammers, however, you'll generally find that what they're trying to sell is in fact much more illegal. Pump-and-dump scams, 419 scams, pyramid scams, child porn,... and then we get into the more humdrum stuff like pills-and-potions-for-perfect-penises scams and the mostly-legal pornography. But in most places, selling drugs that purport to have some medical benefit when in fact they have none (or are in fact potentially dangerous) is at least legally risky - and what do you reckon are the chances that spammers selling "legit" porn actually hold the copyright on the stuff that they're "selling"?
And we haven't even got into the issues like spammers who abuse open mail relays to send out their crap (which is criminal behaviour but I suspect unlikely to ever be prosecuted)... and
then the fundamental issue that spammers steal your time, bandwidth and storage space, making you pay for their "advertising".
I'm really just trying to illustrate that spammers tend to be low-level scammers that try to get something for nothing. Which is pretty much how I'd define a criminal mind.
You don't need to agree with me, but I think most people would have trouble trying to imagine the concept of an honest, moral spammer.
To that, I paraphrase Morpheus- you're living in a dream world, Pete.
It'd be pretty sad if I was - I'd prefer my dreamworld(s) to not involve any spammers at all.
That'd be much nicer.
[...] the vast majority of "normal" people using the net. Such people see spam as an annoyance, to which they
JHD. Just Hit Delete. Spammers love people who do that. That's exactly what they want you to do - shut up and suck it down. Don't complain to your ISP and get your ISP to blacklist them... and for god's sake don't complain to their ISP - because, hell, enough complaints and their ISP might decide that the pink contract they've signed is getting to be too much of a headache.
But even the religious JHDers - you know, the kind of people that think anyone who complains about anything is a whinger - will eventually start to get annoyed when spam outnumbers their "normal" email by 10 to 1 or more. But for some people, a 10:1 spam:nonspam ratio would be heaven - how'd you like to be dealing with a spam:nonspam ratio of 100 or even more? Feel like relying on JHD then?
Well, the funny thing is that normal people would probably be at that stage already if it hadn't been for the efforts of some of the more dedicated spamfighters (including blocklist maintainers).
And spam is still getting worse.
[and regarding the option of people caught in a blocklist changing ISPs - PhoenixFlare said they can't move, I said they won't move]
I say again, can't. You try explaining to someone that in order to keep communicating to important contacts, they must switch to an ISP
Maybe it's a new concept for you, but some people do care how much they pay for their net connection, and they can't change providers on a whim just because someone running SPEWS or another blocklist is a careless zealot.
$comment =~ s/on a whim just because.*is a careless zealot/just because their current provider hosts criminal scum/;
I guess by associating with spammers through about 4 levels of indirection, we are guilty and need to be punished.
You're not guilty, and if you sent your email out
through an alternative source, the SPEWS block would not extend to cover you.
The block covers netspace that doesn't belong to you. Nor does that netspace belong to Lightyear Communications. It belongs to UUNet.
UUNet are being punished by blacklisting, and it is UUNet's laziness, incompetence and (most importantly) their greed, that has led to LightYear (and thus you) suffering.
The simplest thing I could suggest to you would be to route your mail through an external (unlisted) smarthost.
Ideally, you would reduce your $1000/month fee to Lightyear by the same amount that it costs you to hire this smarthost. If LY complain about this,
ask them to suggest an alternative that allows you
to email from unlisted netspace.
I mean, they're your provider. They're the people you have a contract with. If you've got a problem with your network connectivity, they're the ones that should be offering a solution.
And quite frankly, I don't see any reason why they'd object. You have a perfectly valid problem, and if they only have to lose a small amount of money so that your problem can be solved, they should be delighted. And as an extra bonus, it does make the very clear point to them that they should alter their contract with UUNet so that UUNet are the ones losing money for hosting spammers, rather than Lightyear.
So yes, let's block the entire nation of Brazil. Those people in Brazil who want websites will just have to use another ISP... you know, the one that doesn't exist.
First of all, it's sending email that is the problem for people on an email blocklist/blacklist.
Not receiving email. And certainly not hosting websites.
And there's nothing difficult about paying someone to provide an email "smarthost" for you somewhere else, in unlisted netspace.
Though you should of course bitch incessantly at
your network provider for forcing you to take that option.
And of course, you should always remember while you're feeling sorry for yourself about being on an email blacklist, that there are a large number of people in the world with problems much worse than yours.
(I'm going to have to find out one day exactly why it is that Brazil apparently only has one ISP. It seems quite bizarre.)
What he is getting at is not himself using the list,
Exactly. I believe that's the point fmaxwell was trying to make, but it apparently went straight over
your head. It's none of your business if people who own/manage mailservers decide to use a blocklist. It's their property, they can do what they like with it (depending to some degree on specific details in contractual agreements they might have with, eg. customers). You can, if you wish, try to persuade them to change their mind and not use a specific blacklist, but they're also quite free to ignore you.
The only thing that is your business is
what you decide to do on your own private property.
[...] because his ISP is blackholed even though the ISP has corrected the issue that got them on the blackhole list in the first place.
That may, in some cases, be exactly the way that that blacklist/blocklist is supposed to work! If I remember correctly, there's a particular blocklist which I think was called the eXtreme BlockList (XBL), which has a documented policy of never
unlisting. If an IP or set of IPs gets put on the list, they never get removed - regardless of whether they've "fixed the problem" or not. One strike and you're out.
Of course, that blocklist isn't taken very seriously by most of the denizens of news.admin.net-abuse.email, and it's probably used by very very few people:-).
As far as I'm aware, though, all of the major blocklists have clearly documented policies for both listing and unlisting. SPEWS, the SBL, SpamCop, SORBS, RFC-Ignorant... all of them.
And all of those policies are different, because all of those blocklists approach things in a different way.
I'd also mention another little point - most of the aforementioned lists (including at least the SBL and SPEWS) may require the owner of the listed IPs to actually do something before the IPs can get unlisted. For example, the SBL requires that you contact them directly and tell them that you've got rid of the spammer. SPEWS requires that you post on news.admin.net-abuse.email, identify yourself as an administrative person of the ISP in question, and say that you've got rid of the spammer.
Just as an aside, SPEWS will also unlist IPs without seeing a message from an ISP rep, but it will take longer... ie. once they've seen no more spam from that source for a while, it gets changed from level 1 (on which most users block) to level 2 (on which most users tag or ignore) to level 0 (which is maintained in the records for historical purposes only).
The problem with blacklists is that they decide that it is more important to thow the baby out with the bath watter than it is to see if the baby is clean.
Actually, most major blacklists are very restrained in their listing policies. But then I think you're making your misleading, ill-informed accusations against all blacklists when you were just meaning to make a misleading and ill-informed accusation about SPEWS:-).
And no, even SPEWS isn't indiscriminate. They'll (usually) list only a single IP (the spammer's website or mailserver) first, and report to the ISP that they're hosting a spammer and they should get rid of that person. After that report is ignored, then and only then do the stakes get raised. Let's be quite clear here - any ISP that doesn't read and act upon abuse reports does not deserve to be part of the responsible Internet.
There is another special case when SPEWS will immediately raise the stakes and list a large chunk of an ISPs netspace - when they take on a
well-known, notorious spammer or spam gang, eg. Alan Ralsky, Eddie Marin, etc, etc. And again, any ISP that doesn't do minimal research on their
major hosting customers (even minimal research on such a high-profile spammer should reveal who they're dealing with) doesn't deserve to be in business.
He asked for a specific example of inaccurate "logs" by SPEWS, not a google groups search on an incredibly vague set of words.
It's not our job to go through those search results and try to
make your point for you. You're the one
trying to make a point, so do some work and try to find some actual evidence to back up your allegations.
Just out of curiosity, can you tell us the SPEWS record you were "mistakenly" listed under? When did it happen? Can you quote any Message-ID: headers so that we could check back in nanae and see how politely you asked for help?
No? Thought not.
Sorry, I'm just too used to seeing people misrepresent reality in their favour, then
start obsfucating and/or hiding when someone
starts asking questions. You sound
far too much like someone who's just pissed off because someone else got the better of them. *shrug*
What they don't understand is that it costs real money to set servers up, and just as much to tear them down and move to another ISP.
I'll tell you something that I sure as hell understand. First, people complaining about being blocklisted always whinge that they
can't move from their spam-supporting ISP because of cost issues. They also
always try to exaggerate their cost of moving for dramatic effect (usually failing to grasp the
fact that nobody really cares if they have to pay for making a bad business decision).
Tell you what. Let us know exactly how much it'll
cost you. Precisely how much (in Australian or US dollars). Just take it from the detailed cost analysis that you've had done, listing several alternative (unblacklisted) co-location
services in Melbourne (or wherever you prefer to be hosted). I promise to be impressed by the large figures and I will duly agree that that sort of figure is untenable for your business.
...Oh, you haven't got such a cost analysis? So you don't know exactly how much it'd cost you
to move? So you were basically handwaving and
pulling guesstimates out of your arse?
Gee. What a surprise.:-)
My company is in the business of fighting spam
Then it's a damn shame you're so ill-informed
about the nature of the spam problem and about
the other ways of fighting spam.
I'm drinking a bottle of red in celebration of SPEWS demise. Their goal was honourable, but their methods despicable and I'm thrilled to see them off the face of the earth.
So will you be vomiting the red back up again
when you realise that SPEWS is still alive? (I
hope not, that'd probably be a dreadful waste;-))
The spews.org website may be unreachable due to
a DDOS attack, and likewise the
relays.osirusoft.com query site, but neither
of those are needed for SPEWS to continue operations (osirusoft is certainly not needed at all). The blocklist data is still being maintained, and is still publicly available
from many sources.
He simply requires an assurance that measures are taken to ensure that the number of false positives is kept to a minimum.
SPEWS make their criteria for listing very very clear. They document them right out in the open
(I'd give you a link but of course spews.org is down at the moment). If I remember correctly, they actually say on their website, in several places,
something like "if you want zero false positives, don't use SPEWS." Of course, there are going to be some false positives with just about any RBL, the question is more "how many are acceptable?" And that's the call for the person ultimately responsible for the mailserver - no-one else.
As far as I'm aware, SPEWS haven't ever made
additions to their list that violate their published guidelines (aside from the very occasional honest mistakes, which are usually corrected extremely quickly upon discovery).
Hurting innocents in an attempt to force a party only vaguely connected to the victims to accede to their wishes?
Well, if this party is only "vaguely" connected to the "victims", then it shouldn't be a problem at all for the "victims" to disconnect themselves completely, should it? I mean, since the connection's so very vague, as you say...
But of course the "victims" do have an extremely strong connection to the party (ie. the ISP) - they pay them money for services.
That money helps keep the ISP alive. They're paying money to help keep spammers online.
And of course the victims can leave the ISP at any time. The ISP and spammer is the target, not them. If they leave, the blacklist won't follow them.
SPEWS are terrorists. [... ] What's the difference?
The most obvious distinction
is that none of the people using SPEWS (or any
other bl[ao]cklist are hurting people - they're just shunning them. Refusing to accept mail from them. Same as shunning in the meatspace world. No violence involved.
How was I to know that the ISP was also hosting spammers (they claimed they weren't, so who knows)?
You can ask a representative of the ISP if they host spammers. You can ask them if they've ever been on a blacklist. Then you check the major public blacklists to see if they're lying, and if they are lying then you don't deal with them.
If they aren't dealing with spammers when you sign up, but take on spamming clients later on - then you complain loudly and incessantly. Cost them as much time and money as possible to deal with your complaints. And of course if they ever lie to you, leave. Or take the weaker approach of paying to relay through an external unblacklisted mailserver
and reduce they amount you pay your ISP appropriately. If they still continue to keep the
spammer, then at some time you'll have to leave - otherwise you're essentially telling them that they can treat you as badly as they want and you'll keep taking it and keep paying them money.
I had to go through the 'big change' to another IP block because - as we all know - getting off the SPEWS listing was impossible.
No it's not.
BTW, some other good alternatives to "as we all know" are the old classics "Clearly,..." and (if you want a nice condescending tone) "Obviously,..."
I'm not against blacklists. I like what they do for me. They stop a lot of SPAM.
When referring to spam, you shouldn't capitalise it. It's not an acronym. SPEWS (Spam Prevention Early Warning System) is an acronym, so it should be all-caps. Spam is just an ordinary noun, so only the first letter is capitalised, and
that only at the start of a sentence.
It's really strange why people sometimes feel the need to use all-caps for a word. It's not quite as bad as the loose/lose or hear/here confusions, nor
the erroneous apostrophes issue, but it's still irritating. Oh well.:-)
In my plan, users who would be blocked would have the opportunity to sign a contract, legally binding, that they wouldn't spam. Thus, if they failed to abide by the rules of that contract, they could be sued for many dollars.
IANAL. However. I very much doubt, in the US at least, that you'd be able to collect enough money even to make the lawsuit worthwhile. Sign a contract promising to hand over a million dollars to $PERSON if you break your promise and do a spam run, then you do break the promise - well, I think the defendant in such a suit would have a very good chance of claiming that the contract was unfair and they were compelled to sign it and the amount was grossly disproportionate to the seriousness of the contract breakage.
And, more to the point, no spammer is a millionaire. Even the richest of spammers could never afford to pay such a fine, and would simply hide his money and declare bankruptcy the second he was forced to pay (in the extremely unlikely case a court upheld the full amount of the contract violation payment clause).
But regardless of this money and payment stuff, the issue is not whether the user spams or not. The issue is whether the user is going to keep paying $BAD_ISP for his/her (extremely poor) mailserver connectivity. If he/she decides to change ISPs, then SPEWS is happy, everyone is happy - except $BAD_ISP, who has lost one of their human shields.
Not that $BAD_ISP is really concerned though, they know their attractive high-speed and low-cost (ie. spam-subsidised) links will drag in more suckers soon.
If he/she decides to stay with the abusive ISP who's ripping him/her off with inferior connectivity, then SPEWS is not unhappy or happy. SPEWS really doesn't give a damn - the problem is pretty much solved from their point of view. They'd prefer $BAD_ISP to either kick the spammers out or go out of business, but even if that doesn't happen then at least $BAD_ISP is no longer a problem for the part of the 'net using SPEWS.
Regarding the effectiveness of SPEWS, of course it's not perfect. But it's certainly good enough, and in most cases it's quite a bit more effective than the alternatives. I personally use a combination of several RBLs as well as SpamAssassin on my personal mailserver(s), but my personal email intake is only three to five hundred a day, max. Even then, when I suck a big number of mails from external to internal mailserver (via fetchmail), the internal mailserver machine fires up SpamAssassin for every message.... and it really hits the machine (a Duron 750) hard. A real mailserver for a real ISP would be hit that hard continuously, all the time.
Running SpamAssassin on the server would impact performance quite badly - but if you don't run SpamAssassin on the server and you don't use blocklists, then you don't really have any choice but to buy a lot of extra storage space for all that spam, perhaps upgrade your link to deal with the extra bandwidth load, and let all your technophobic users do their own spam-filtering.
Basically I'm just trying to say that you shouldn't get too obssessed with filtering as an alternative to blocklists. They're very effective as a last line of defense, but they shouldn't be the only line of defense. An appropriate selection of blocklists is the perfect front line of defense - you cut out the maximum amount of spam for the lowest cost.
Regarding the last "hypothetical" situation you mention - well, it's not really hypothetical. Joe-jobs are real and have happened and continue to happen. They're mostly trivial and very easily detected, though I believe in the past some have caused organisations to be wrongly listed on blacklists.
If I was adminning a company faced with a serious joe-job, I'd probably deal with it much the same way I'd face any other kind of
Once again, what's so hard about whitelisting good persons in "bad" netblocks that have promised, under threat of lawsuit, to be a good netizen? Or does admitting that it's possible to have a good person in a bad network neighborhood somehow destroy the war on spam?
Hi, ocelotbob. Okay, quick response to the first bit - the "under threat of lawsuit" bit is just completely useless and impractical. There's no way in hell that SPEWS would be able to keep track of who you are and if you're permanently the owner of that particular IP address. There's no practical way they'd be able to verify your name and identity. There's no way they'd be able to organise a legally binding contract with you (such that they really could base a lawsuit on it in the case of you violating it) without revealing their identity - and they're anonymous specifically so they don't have to worry about time-wasting lawsuits against them. There's no way they could afford the time and resources to undertake such a lawsuit when there's virtually zero chance they'd even make their monetary costs back. And finally - there's absolutely no concrete benefit to them in doing it. What would they get out of it? PR? They don't care about PR. The unending gratefulness of people like you? While that might be nice, it wouldn't come close to paying for even ten seconds of their time - and to practically implement something as you describe above (even if it were possible), would take days (at least) for each person involved.
Okay, I hope that quick response has explained why the "under threat of lawsuit" approach is meaningless. So we come down to... um... maintaining holes (in their lists) for good people in bad netblocks who promise to stay good and not spam or otherwise abuse the net... but with no real way of penalising those people if they lie.
You ask, essentially, "what's so hard about this?" Well, you may not have realised this, but it's virtually certain that your ISP can move you onto a different IP address whenever they feel like it.
And you'd have absolutely no recourse against them doing so. The problem is that (and apparently in the past this happened quite a lot), the ISP will shift spammers onto their unlisted space and shift "good" customers onto listed space. Because, essentially, the spammers pay much more and the legit customers complain much less. So even if you promised that no spam would come from you and kept that promise, that's still no guarantee that spam won't be spewing forth from the IP address previously used by you in the next few days.
Plus, of course, if you (or someone else) promised no spam would come from you and then spectacularly broke that promise, then SPEWS would have no recourse - and would have failed to block a spam run that it should have blocked. (aside: SPEWS stands for Spam Prevention Early Warning System - note the words Early Warning)
Finally, the most important point - SPEWS are not really concerned about you spamming.
In fact, they probably know that no spam has been hitting their spamtraps that comes from your IP address. They know that you're not a spammer. But that's not really the issue here. You're not the one listed. They absolutely do not give a damn about you.
To help illustrate this point, I have an idea for a slight variation of your plan. And the advantage of this plan over yours - no legal threats are required, if you keep your promise you soon won't be using blacklisted netspace anymore! And SPEWS doesn't have to do anything - they don't even need to hear your promise! In fact, nobody needs to hear your promise but yourself! Guessed how it works yet? It's like this:
Promise that you won't pay any more money to your corrupt, spam-supporting ISP.
You keep that promise, the problem will take care of itself. And the best bit is, that's exactly what SPEWS wants you to do.
They don't want you to stop spamming
OK -- your ISP is found guilty... you just get to share his jail cell (nice nit to pick!).
Actually, no, it's not just a nit - it's the entire point. Except you've got it slightly wrong - it's more like "you get to share his jail cell, except you can leave whenever you want."
Strange as that sounds.;-)
If you, Cheffo Jeffo, are using the ISP CrapNet (for example), and CrapNet takes on the well-known spammer J.H. Delete - then CrapNet may find themself listed on SPEWS (and perhaps a few other RBLs). Then nobody mailing from a mailserver inside CrapNet (including you) will be able to send mail to an external mailserver that uses SPEWS.
However - and this is the important bit - if you decided to shift your mail operations to another part of the Internet not under CrapNet's control, you'd have no problems.
The CrapNet block would not extend to follow you.
Conversely, if CrapNet expanded their operations and acquired more IP space, their new IP space would get listed.
You see, CrapNet is the target of the blocklist.
You're not. But as long as you're choosing
to use CrapNet's internet resources (and presumingly paying them for it and thus supporting their spam-supporting actions), you may find your access to the private networks making up the rest of the internet to be somewhat limited.
But if you choose to leave CrapNet and go somewhere else, you're fine. Bottom line - it's all a matter of choice. You can make whatever choice you like. Stay where you are and support an organisation that is providing resources to spammers - or not.
Personally, I wouldn't even really care about the blacklisting inconvenience. I'd leave an ISP the second I realised it was supporting spamming clients and refusing to terminate them, regardless of whether it was blocklisted or not.
I have no intention of ever supporting spammers, even indirectly.
Your choice may well be different.
You are missing the fact that tons of users are having incoming e-mail blocked without their knowledge or consent.
If so, then their ISP is not doing things properly. They should make it very clear when signing up customers that they have certain parts of the net blacklisted and no email will be received from those netblocks. I certainly wouldn't give SPEWS even one iota of the blame for this problem - it's all the fault of the ISP.
Similarly, if configured properly, a failed email attempt should bounce and the person who attempted to send the email should realise that their message didn't get through. They can then try some other way to get their message through. If this doesn't happen, it generally means that the sending mailserver isn't configured properly.
I wonder how long it will be until some of these ISPs / mail services get sued for blocking e-mail?
Note: I'm presuming here that you're meaning "ISP is sued by their customer for blocking email that was meant for that customer."
It may well happen - I'm sure the potential is there. I would be interested to see how the US court system would handle it - though I'd hope that if the ISP spelled everything out in their sign-up information and the customer/client agreed to those conditions, then the customer/client wouldn't have much of a case. Knowing the wild and wooly world of the US legal system though, just about anything could happen...;-)
Heh. I love it - great idea, not too bad an implementation. Even though it's a "quick hack-n-slash job", I still like it better than all the "winners" and "honourable mentions", excepting only the "soothing green light" design.:-)
But what exactly has he hacked? [... ] Essentially, a bunch of applets.
Interesting that you provide a link to his "software" page and yet you still claim that all he's worked on is a "bunch of applets". Wow. Way to trivialise someone's work. *roll of eyes*
How long did it take you just to read through and comprehend that list of software? Note especially the stuff under the heading "Other People's Software", indicating major projects he's contributed to.
I wrote a comment a little while ago for someone else like you who seemed to enjoy trashing (or at least trying to talk down) Raymond's contributions to opensourcedom, for no easily apparent reason. Mind you, that thread was on a topic that seemed devoted to ESR-bashing...:-)
BTW, you might want to take a note of ESR's
projects page as well as the more specific software page. He's produced a lot of worthwhile stuff that can't just be categorised as software.
Anyway, completely offtopic. Feel free to mod away, moderators.:-)
Slashdot Mirror
Sheesh, you don't ask for much, do you? Sure you don't want to add any more special conditions to that list? :-)
Trolltech is probably the best example, and should be well known to Slashdotters.
Sleepycat Software has been around for quite a while. Someone mentioned it above, but I notice you didn't mention it in your response.
Sendmail - whether you bless it or curse it, it's still the biggest mailserver on the Net. The sheer complexity of the product is probably a big factor in Sendmail Inc.'s success in selling "commercial" versions (for which they also provide support). And yes, the original developer of Sendmail (Eric Allman?) owns/runs Sendmail Inc.
Thought it may be with Sendmail that they make more money out of their support contracts. And if you are a troll (possibly even if you're not), your next move may be to add an extra condition along the lines of "Companies that charge for commercial licensing of their product don't count," which would rule out Trolltech and Sleepycat, as well as probably quite a few others that I can't remember right now.
Though I'd probably think that the Trolltech/Sleepycat business model is the best option for an open-source-software company. At least when you're talking about software libraries that potential customers can only use by linking to - thus invoking either the "free" license (usually GPL-like) or the "commercial" license.
Now if there were a GPL-like license that came into effect when you just used the software... something like that might open a wider scope for a company developing open-source software that could have both a commercial (ie. pay-for) and a "free" license. Hmmm. Interesting.
Pete.
I'm sure you'll be delighted to know that this is an OpenOffice FAQ ;-).
I remember reading about this a while back - essentially, the MSWord "password protection" does absolutely nothing to protect the document files in question - it certainly doesn't encrypt them. It just has a little tag in the file telling MSWord that it's password protected, so don't allow the user to open it unless they supply the correct password.
So of course OpenOffice can open such files without a problem, and in fact used to do so - without asking for the password in question.
I've heard a couple of reasons why the OO developers didn't add the ask-for-password feature (don't know for sure if either are correct): (a) because they didn't want to encourage use of this fake "protection", and (b) because the password itself (stored in the file) was encrypted or hashed and the OO developers couldn't (or just couldn't be bothered trying to) work out the encryption/hashing algorithm so they could do the password-checking routine.
But essentially, they had complaints from people who were worried that a mainstream, easy-to-use application for opening and reading MSWord "password-protected" files could be a problem. So now OO just refuses to open "password-protected" files at all.
Personally, I would have preferred them to keep on opening such files without asking for a password. It could have become a big selling point, while effectively demonstrating what a sham the MS PP "feature" is. ;-)
Pete.Thank god we've still got the thrill-a-minute continental drift cam.
Much more intelligent. And more exciting.
:-)
Pete.Heh. If he "didn't contact them, never has", then how could it be that he "has been harassing them for over a year."?
Bizarre.
Pete.I said: "I have no doubt the "review" was written with a sense of humour, but it wasn't just a joke." PhoenixFlare responded: "Then he failed, miserably. The "joke" isn't funny at all, and frankly, makes him look like a complete idiot."
Note that I actually said it wasn't just a joke. As to whether it was funny or not, well, different people find humour in all sorts of different things. You might (or might not) have found parts of it funny if you hadn't misunderstood it on your first reading. Now, of course, it's very unlikely you'll find it at all funny because it'll be tainted by the memory of the irritation and/or annoyance you felt on reading it the first time.
PhoenixFlare: "If that really was his intention, which I doubt....Then why the hell try to pass it off as a "real" article?" Well, one might as well ask why people participate in April Fools stunts. And by the way, remember that this is Slashdot, the land where no errors of spelling or grammar - let alone complete misrepresentation of a story - are sufficient to keep an article from the front page *wry grin*.
But sometimes it's necessary to present something as the "real thing" in order to make the point you're trying to make. Have a look at the very ingenious essay A Person Paper on Purity in Language for one very good example of this sort of thing. And yes, there were apparently a lot of people that misunderstood (and continue to misunderstand) that essay... but if you don't misunderstand it, it makes the point very effectively. :)
Pete.
Oh thank $DEITY, someone with a clue! :)
For god's sake, people - open your bloody eyes. Read. Comprehend. It's not like it was all that subtle, you know!
Those of you (far too damn many of you) lambasting and abusing Roblimo because you missed the point of the article - let's see if even one of you has the balls to apologise and take back your words. I'm betting none. Sigh.
Pete.
Looks like you (and quite a few others) missed the point.
I have no doubt the "review" was written with a sense of humour, but it wasn't just a joke. The whole point appears to be that he's saying exactly the same things that so many other so-called "reviewers" do when they're coming from a Windows background and reviewing a Linux environment. Down to the exact words in some cases, I'm sure.
There were quite a few less-than-entirely-subtle hints, but the clincher (from my perspective) was this line:
*grin*
The point is[0] to illustrate how useless are the kind of "reviews" where the reviewer doesn't give the product a fair go. Doesn't take a serious amount of time to evaluate it. Doesn't actually try to get used to a different environment and way of working, but continually whinges simply because it is different (well, duh) to the environment they normally use.
Though actually it was a bit too generous... I've read quite a few reviews of alternative operating systems written by dyed-in-the-wool Windows drones, and I don't think any of them came even close to using it exclusively for a whole week. :)
Pete.
[0] At least as far as I can tell - maybe he's trying to make another point too subtle for me to pick up ;-).
Well, I guess it's hardly surprising that two people involved in the same kind of business should have the same views, but still...
A Good Hard Kick In The Ass, by one Rob Adams. I borrowed it from the library (sorry Rob :) mainly because I thought it was a catchy title... but it turned out to cover almost exactly the same notions as included in this guy's "Cult of the NDA" article (except, obviously, in a lot more depth and with a lot more entertaining anecdotes). There's an entire chapter of the book that essentially just says "You think you have a unique idea you need to keep secret? You don't and you don't."
Adams also insists on what he calls "execution intelligence" being one of the key pillars in a business-that-might-have-a-chance (as opposed to a business that has no chance because it's still hung up on worshipping its own not-unique and not-even-very-good idea).
Some good stuff in the book. Certainly worth a read - even though a few bits of the book are rather amusing from a post-dotcom perspective (the book was published in 2002 according to Amazon, but I suspect most of it was written quite a bit earlier).
Pete.Something which is even nicer in some ways:
mv resume.html resume.doc
That way, they'll never even realise that it's not an MS-Word document - whereas they'll be somewhat unimpressed by the plaintext document because... you know... it looks so plain! :-)
I used this technique for a while when sending out my CV, but eventually decided I wanted a bit more control over pagination - so changed it to an MS-Word document format (as generated by OpenOffice from the original HTML). But if you're not too fussed about micromanaging :-) your CV appearance, the HTML-pretending-to-be-MSWord technique works great.
Pete.PhoenixFlare:
Well, I was trying for "amusing", but I guess "annoying" at least starts with the same letter :-). And as to why, well, sometimes it can be more effective to make a point in a humourous way - as opposed to a deadly serious way. Of course it may have been more effective in this case if it'd actually been funny, at least to you *wry grin*.
For the record, though, you were perfectly correct in your interpretation of what I meant.
In some places, spamming ("just" spamming) is, in fact, against the law. I believe the punishments in those places are pretty inconsequential - eg. a small fine for each infraction - but it's a start. For the serious spammers, however, you'll generally find that what they're trying to sell is in fact much more illegal. Pump-and-dump scams, 419 scams, pyramid scams, child porn,... and then we get into the more humdrum stuff like pills-and-potions-for-perfect-penises scams and the mostly-legal pornography. But in most places, selling drugs that purport to have some medical benefit when in fact they have none (or are in fact potentially dangerous) is at least legally risky - and what do you reckon are the chances that spammers selling "legit" porn actually hold the copyright on the stuff that they're "selling"?
And we haven't even got into the issues like spammers who abuse open mail relays to send out their crap (which is criminal behaviour but I suspect unlikely to ever be prosecuted)... and then the fundamental issue that spammers steal your time, bandwidth and storage space, making you pay for their "advertising".
I'm really just trying to illustrate that spammers tend to be low-level scammers that try to get something for nothing. Which is pretty much how I'd define a criminal mind.
You don't need to agree with me, but I think most people would have trouble trying to imagine the concept of an honest, moral spammer.
It'd be pretty sad if I was - I'd prefer my dreamworld(s) to not involve any spammers at all. That'd be much nicer.
JHD. Just Hit Delete. Spammers love people who do that. That's exactly what they want you to do - shut up and suck it down. Don't complain to your ISP and get your ISP to blacklist them... and for god's sake don't complain to their ISP - because, hell, enough complaints and their ISP might decide that the pink contract they've signed is getting to be too much of a headache.
But even the religious JHDers - you know, the kind of people that think anyone who complains about anything is a whinger - will eventually start to get annoyed when spam outnumbers their "normal" email by 10 to 1 or more. But for some people, a 10:1 spam:nonspam ratio would be heaven - how'd you like to be dealing with a spam:nonspam ratio of 100 or even more? Feel like relying on JHD then?
Well, the funny thing is that normal people would probably be at that stage already if it hadn't been for the efforts of some of the more dedicated spamfighters (including blocklist maintainers). And spam is still getting worse.
[and regarding the option of people caught in a blocklist changing ISPs - PhoenixFlare said they can't move, I said they won't move]
$comment =~ s/on a whim just because.*is a careless zealot/just because their current provider hosts criminal scum/;
Oh, and also: $comment =~ s/can't/won't/;
Hope that helps to clarify the situation for you.
Pete.You're not guilty, and if you sent your email out through an alternative source, the SPEWS block would not extend to cover you.
The block covers netspace that doesn't belong to you. Nor does that netspace belong to Lightyear Communications. It belongs to UUNet. UUNet are being punished by blacklisting, and it is UUNet's laziness, incompetence and (most importantly) their greed, that has led to LightYear (and thus you) suffering.
The simplest thing I could suggest to you would be to route your mail through an external (unlisted) smarthost. Ideally, you would reduce your $1000/month fee to Lightyear by the same amount that it costs you to hire this smarthost. If LY complain about this, ask them to suggest an alternative that allows you to email from unlisted netspace.
I mean, they're your provider. They're the people you have a contract with. If you've got a problem with your network connectivity, they're the ones that should be offering a solution.
And quite frankly, I don't see any reason why they'd object. You have a perfectly valid problem, and if they only have to lose a small amount of money so that your problem can be solved, they should be delighted. And as an extra bonus, it does make the very clear point to them that they should alter their contract with UUNet so that UUNet are the ones losing money for hosting spammers, rather than Lightyear.
Pete.First of all, it's sending email that is the problem for people on an email blocklist/blacklist. Not receiving email. And certainly not hosting websites.
And there's nothing difficult about paying someone to provide an email "smarthost" for you somewhere else, in unlisted netspace. Though you should of course bitch incessantly at your network provider for forcing you to take that option.
And of course, you should always remember while you're feeling sorry for yourself about being on an email blacklist, that there are a large number of people in the world with problems much worse than yours.
(I'm going to have to find out one day exactly why it is that Brazil apparently only has one ISP. It seems quite bizarre.)
Pete.Exactly. I believe that's the point fmaxwell was trying to make, but it apparently went straight over your head. It's none of your business if people who own/manage mailservers decide to use a blocklist. It's their property, they can do what they like with it (depending to some degree on specific details in contractual agreements they might have with, eg. customers). You can, if you wish, try to persuade them to change their mind and not use a specific blacklist, but they're also quite free to ignore you.
The only thing that is your business is what you decide to do on your own private property.
That may, in some cases, be exactly the way that that blacklist/blocklist is supposed to work! If I remember correctly, there's a particular blocklist which I think was called the eXtreme BlockList (XBL), which has a documented policy of never unlisting. If an IP or set of IPs gets put on the list, they never get removed - regardless of whether they've "fixed the problem" or not. One strike and you're out.
Of course, that blocklist isn't taken very seriously by most of the denizens of news.admin.net-abuse.email, and it's probably used by very very few people :-).
As far as I'm aware, though, all of the major blocklists have clearly documented policies for both listing and unlisting. SPEWS, the SBL, SpamCop, SORBS, RFC-Ignorant... all of them. And all of those policies are different, because all of those blocklists approach things in a different way.
I'd also mention another little point - most of the aforementioned lists (including at least the SBL and SPEWS) may require the owner of the listed IPs to actually do something before the IPs can get unlisted. For example, the SBL requires that you contact them directly and tell them that you've got rid of the spammer. SPEWS requires that you post on news.admin.net-abuse.email, identify yourself as an administrative person of the ISP in question, and say that you've got rid of the spammer.
Just as an aside, SPEWS will also unlist IPs without seeing a message from an ISP rep, but it will take longer... ie. once they've seen no more spam from that source for a while, it gets changed from level 1 (on which most users block) to level 2 (on which most users tag or ignore) to level 0 (which is maintained in the records for historical purposes only).
Actually, most major blacklists are very restrained in their listing policies. But then I think you're making your misleading, ill-informed accusations against all blacklists when you were just meaning to make a misleading and ill-informed accusation about SPEWS :-).
And no, even SPEWS isn't indiscriminate. They'll (usually) list only a single IP (the spammer's website or mailserver) first, and report to the ISP that they're hosting a spammer and they should get rid of that person. After that report is ignored, then and only then do the stakes get raised. Let's be quite clear here - any ISP that doesn't read and act upon abuse reports does not deserve to be part of the responsible Internet.
There is another special case when SPEWS will immediately raise the stakes and list a large chunk of an ISPs netspace - when they take on a well-known, notorious spammer or spam gang, eg. Alan Ralsky, Eddie Marin, etc, etc. And again, any ISP that doesn't do minimal research on their major hosting customers (even minimal research on such a high-profile spammer should reveal who they're dealing with) doesn't deserve to be in business.
Pete.He asked for a specific example of inaccurate "logs" by SPEWS, not a google groups search on an incredibly vague set of words.
It's not our job to go through those search results and try to make your point for you. You're the one trying to make a point, so do some work and try to find some actual evidence to back up your allegations.
Pete.Just out of curiosity, can you tell us the SPEWS record you were "mistakenly" listed under? When did it happen? Can you quote any Message-ID: headers so that we could check back in nanae and see how politely you asked for help?
No? Thought not.
Sorry, I'm just too used to seeing people misrepresent reality in their favour, then start obsfucating and/or hiding when someone starts asking questions. You sound far too much like someone who's just pissed off because someone else got the better of them. *shrug*
Pete.I'll tell you something that I sure as hell understand. First, people complaining about being blocklisted always whinge that they can't move from their spam-supporting ISP because of cost issues. They also always try to exaggerate their cost of moving for dramatic effect (usually failing to grasp the fact that nobody really cares if they have to pay for making a bad business decision).
Tell you what. Let us know exactly how much it'll cost you. Precisely how much (in Australian or US dollars). Just take it from the detailed cost analysis that you've had done, listing several alternative (unblacklisted) co-location services in Melbourne (or wherever you prefer to be hosted). I promise to be impressed by the large figures and I will duly agree that that sort of figure is untenable for your business.
Gee. What a surprise. :-)
Then it's a damn shame you're so ill-informed about the nature of the spam problem and about the other ways of fighting spam.
So will you be vomiting the red back up again when you realise that SPEWS is still alive? (I hope not, that'd probably be a dreadful waste ;-))
The spews.org website may be unreachable due to a DDOS attack, and likewise the relays.osirusoft.com query site, but neither of those are needed for SPEWS to continue operations (osirusoft is certainly not needed at all). The blocklist data is still being maintained, and is still publicly available from many sources.
Pete.SPEWS make their criteria for listing very very clear. They document them right out in the open (I'd give you a link but of course spews.org is down at the moment). If I remember correctly, they actually say on their website, in several places, something like "if you want zero false positives, don't use SPEWS." Of course, there are going to be some false positives with just about any RBL, the question is more "how many are acceptable?" And that's the call for the person ultimately responsible for the mailserver - no-one else.
As far as I'm aware, SPEWS haven't ever made additions to their list that violate their published guidelines (aside from the very occasional honest mistakes, which are usually corrected extremely quickly upon discovery).
Pete.Well, if this party is only "vaguely" connected to the "victims", then it shouldn't be a problem at all for the "victims" to disconnect themselves completely, should it? I mean, since the connection's so very vague, as you say...
But of course the "victims" do have an extremely strong connection to the party (ie. the ISP) - they pay them money for services. That money helps keep the ISP alive. They're paying money to help keep spammers online.
And of course the victims can leave the ISP at any time. The ISP and spammer is the target, not them. If they leave, the blacklist won't follow them.
The most obvious distinction is that none of the people using SPEWS (or any other bl[ao]cklist are hurting people - they're just shunning them. Refusing to accept mail from them. Same as shunning in the meatspace world. No violence involved.
Pete.You can ask a representative of the ISP if they host spammers. You can ask them if they've ever been on a blacklist. Then you check the major public blacklists to see if they're lying, and if they are lying then you don't deal with them.
If they aren't dealing with spammers when you sign up, but take on spamming clients later on - then you complain loudly and incessantly. Cost them as much time and money as possible to deal with your complaints. And of course if they ever lie to you, leave. Or take the weaker approach of paying to relay through an external unblacklisted mailserver and reduce they amount you pay your ISP appropriately. If they still continue to keep the spammer, then at some time you'll have to leave - otherwise you're essentially telling them that they can treat you as badly as they want and you'll keep taking it and keep paying them money.
No it's not.
BTW, some other good alternatives to "as we all know" are the old classics "Clearly,..." and (if you want a nice condescending tone) "Obviously,..."
When referring to spam, you shouldn't capitalise it. It's not an acronym. SPEWS (Spam Prevention Early Warning System) is an acronym, so it should be all-caps. Spam is just an ordinary noun, so only the first letter is capitalised, and that only at the start of a sentence.
It's really strange why people sometimes feel the need to use all-caps for a word. It's not quite as bad as the loose/lose or hear/here confusions, nor the erroneous apostrophes issue, but it's still irritating. Oh well. :-)
Pete.IANAL. However. I very much doubt, in the US at least, that you'd be able to collect enough money even to make the lawsuit worthwhile. Sign a contract promising to hand over a million dollars to $PERSON if you break your promise and do a spam run, then you do break the promise - well, I think the defendant in such a suit would have a very good chance of claiming that the contract was unfair and they were compelled to sign it and the amount was grossly disproportionate to the seriousness of the contract breakage.
And, more to the point, no spammer is a millionaire. Even the richest of spammers could never afford to pay such a fine, and would simply hide his money and declare bankruptcy the second he was forced to pay (in the extremely unlikely case a court upheld the full amount of the contract violation payment clause).
But regardless of this money and payment stuff, the issue is not whether the user spams or not. The issue is whether the user is going to keep paying $BAD_ISP for his/her (extremely poor) mailserver connectivity. If he/she decides to change ISPs, then SPEWS is happy, everyone is happy - except $BAD_ISP, who has lost one of their human shields. Not that $BAD_ISP is really concerned though, they know their attractive high-speed and low-cost (ie. spam-subsidised) links will drag in more suckers soon.
If he/she decides to stay with the abusive ISP who's ripping him/her off with inferior connectivity, then SPEWS is not unhappy or happy. SPEWS really doesn't give a damn - the problem is pretty much solved from their point of view. They'd prefer $BAD_ISP to either kick the spammers out or go out of business, but even if that doesn't happen then at least $BAD_ISP is no longer a problem for the part of the 'net using SPEWS.
Regarding the effectiveness of SPEWS, of course it's not perfect. But it's certainly good enough, and in most cases it's quite a bit more effective than the alternatives. I personally use a combination of several RBLs as well as SpamAssassin on my personal mailserver(s), but my personal email intake is only three to five hundred a day, max. Even then, when I suck a big number of mails from external to internal mailserver (via fetchmail), the internal mailserver machine fires up SpamAssassin for every message.... and it really hits the machine (a Duron 750) hard. A real mailserver for a real ISP would be hit that hard continuously, all the time. Running SpamAssassin on the server would impact performance quite badly - but if you don't run SpamAssassin on the server and you don't use blocklists, then you don't really have any choice but to buy a lot of extra storage space for all that spam, perhaps upgrade your link to deal with the extra bandwidth load, and let all your technophobic users do their own spam-filtering.
Basically I'm just trying to say that you shouldn't get too obssessed with filtering as an alternative to blocklists. They're very effective as a last line of defense, but they shouldn't be the only line of defense. An appropriate selection of blocklists is the perfect front line of defense - you cut out the maximum amount of spam for the lowest cost.
Regarding the last "hypothetical" situation you mention - well, it's not really hypothetical. Joe-jobs are real and have happened and continue to happen. They're mostly trivial and very easily detected, though I believe in the past some have caused organisations to be wrongly listed on blacklists.
If I was adminning a company faced with a serious joe-job, I'd probably deal with it much the same way I'd face any other kind of
Hi, ocelotbob. Okay, quick response to the first bit - the "under threat of lawsuit" bit is just completely useless and impractical. There's no way in hell that SPEWS would be able to keep track of who you are and if you're permanently the owner of that particular IP address. There's no practical way they'd be able to verify your name and identity. There's no way they'd be able to organise a legally binding contract with you (such that they really could base a lawsuit on it in the case of you violating it) without revealing their identity - and they're anonymous specifically so they don't have to worry about time-wasting lawsuits against them. There's no way they could afford the time and resources to undertake such a lawsuit when there's virtually zero chance they'd even make their monetary costs back. And finally - there's absolutely no concrete benefit to them in doing it. What would they get out of it? PR? They don't care about PR. The unending gratefulness of people like you? While that might be nice, it wouldn't come close to paying for even ten seconds of their time - and to practically implement something as you describe above (even if it were possible), would take days (at least) for each person involved.
Okay, I hope that quick response has explained why the "under threat of lawsuit" approach is meaningless. So we come down to... um... maintaining holes (in their lists) for good people in bad netblocks who promise to stay good and not spam or otherwise abuse the net... but with no real way of penalising those people if they lie.
You ask, essentially, "what's so hard about this?" Well, you may not have realised this, but it's virtually certain that your ISP can move you onto a different IP address whenever they feel like it. And you'd have absolutely no recourse against them doing so. The problem is that (and apparently in the past this happened quite a lot), the ISP will shift spammers onto their unlisted space and shift "good" customers onto listed space. Because, essentially, the spammers pay much more and the legit customers complain much less. So even if you promised that no spam would come from you and kept that promise, that's still no guarantee that spam won't be spewing forth from the IP address previously used by you in the next few days.
Plus, of course, if you (or someone else) promised no spam would come from you and then spectacularly broke that promise, then SPEWS would have no recourse - and would have failed to block a spam run that it should have blocked. (aside: SPEWS stands for Spam Prevention Early Warning System - note the words Early Warning)
Finally, the most important point - SPEWS are not really concerned about you spamming. In fact, they probably know that no spam has been hitting their spamtraps that comes from your IP address. They know that you're not a spammer. But that's not really the issue here. You're not the one listed. They absolutely do not give a damn about you.
To help illustrate this point, I have an idea for a slight variation of your plan. And the advantage of this plan over yours - no legal threats are required, if you keep your promise you soon won't be using blacklisted netspace anymore! And SPEWS doesn't have to do anything - they don't even need to hear your promise! In fact, nobody needs to hear your promise but yourself! Guessed how it works yet? It's like this:
Promise that you won't pay any more money to your corrupt, spam-supporting ISP.
You keep that promise, the problem will take care of itself. And the best bit is, that's exactly what SPEWS wants you to do. They don't want you to stop spamming
Actually, no, it's not just a nit - it's the entire point. Except you've got it slightly wrong - it's more like "you get to share his jail cell, except you can leave whenever you want." Strange as that sounds. ;-)
If you, Cheffo Jeffo, are using the ISP CrapNet (for example), and CrapNet takes on the well-known spammer J.H. Delete - then CrapNet may find themself listed on SPEWS (and perhaps a few other RBLs). Then nobody mailing from a mailserver inside CrapNet (including you) will be able to send mail to an external mailserver that uses SPEWS.
However - and this is the important bit - if you decided to shift your mail operations to another part of the Internet not under CrapNet's control, you'd have no problems. The CrapNet block would not extend to follow you. Conversely, if CrapNet expanded their operations and acquired more IP space, their new IP space would get listed.
You see, CrapNet is the target of the blocklist. You're not. But as long as you're choosing to use CrapNet's internet resources (and presumingly paying them for it and thus supporting their spam-supporting actions), you may find your access to the private networks making up the rest of the internet to be somewhat limited.
But if you choose to leave CrapNet and go somewhere else, you're fine. Bottom line - it's all a matter of choice. You can make whatever choice you like. Stay where you are and support an organisation that is providing resources to spammers - or not.
Personally, I wouldn't even really care about the blacklisting inconvenience. I'd leave an ISP the second I realised it was supporting spamming clients and refusing to terminate them, regardless of whether it was blocklisted or not. I have no intention of ever supporting spammers, even indirectly. Your choice may well be different.
If so, then their ISP is not doing things properly. They should make it very clear when signing up customers that they have certain parts of the net blacklisted and no email will be received from those netblocks. I certainly wouldn't give SPEWS even one iota of the blame for this problem - it's all the fault of the ISP.
Similarly, if configured properly, a failed email attempt should bounce and the person who attempted to send the email should realise that their message didn't get through. They can then try some other way to get their message through. If this doesn't happen, it generally means that the sending mailserver isn't configured properly.
Note: I'm presuming here that you're meaning "ISP is sued by their customer for blocking email that was meant for that customer." It may well happen - I'm sure the potential is there. I would be interested to see how the US court system would handle it - though I'd hope that if the ISP spelled everything out in their sign-up information and the customer/client agreed to those conditions, then the customer/client wouldn't have much of a case. Knowing the wild and wooly world of the US legal system though, just about anything could happen... ;-)
Pete.Heh. I love it - great idea, not too bad an implementation. Even though it's a "quick hack-n-slash job", I still like it better than all the "winners" and "honourable mentions", excepting only the "soothing green light" design. :-)
Pete.Interesting that you provide a link to his "software" page and yet you still claim that all he's worked on is a "bunch of applets". Wow. Way to trivialise someone's work. *roll of eyes* How long did it take you just to read through and comprehend that list of software? Note especially the stuff under the heading "Other People's Software", indicating major projects he's contributed to.
I wrote a comment a little while ago for someone else like you who seemed to enjoy trashing (or at least trying to talk down) Raymond's contributions to opensourcedom, for no easily apparent reason. Mind you, that thread was on a topic that seemed devoted to ESR-bashing... :-)
BTW, you might want to take a note of ESR's projects page as well as the more specific software page. He's produced a lot of worthwhile stuff that can't just be categorised as software.
Anyway, completely offtopic. Feel free to mod away, moderators. :-)
Pete.