Re:You don't need electric jackets - Hein Gericke
on
Self-Warming Jackets
·
· Score: 1, Troll
You don't need electric heating to be warm on a bike. Just get a decent quality bike jacket that was made this decade.
I have a decent motorcycle riding suit and probably go out at temperatures that would freeze your eurobutt. I can dress for riding down the highway or I can dress for around-town. But if you mix the two, you are either too hot or too cold.
Besides, I don't like having to deal with a full riding suit when I just want to take a run to the store, go to a restaurant, etc.
By the way, when you say "90 on the motorway", do you mean 90kph or 90mph? If it's kph, I have a scooter that's almost that fast and if I rode 90kph (56mph) on the highways around here, I'd be squashed within a week.
My point is that people should be able to post their address anywhere and not get spam. It's idiotic that you have to be "fully Tin Foil Hat Paranoia Compliant" and a cyber-hermit in order to avoid spam.
Putting a link to your e-mail address on your web page isn't "idiotic." It's done as a courtesy and convenience to both you and your readers. Making it easy for someone to e-mail you an answer when you ask for help in a public forum isn't stupid. It's polite and it makes it more likely that you'll get a response. Making your e-mail address visible and convenient when you are selling something is reasonable, not idiotic.
I simply disagree with your premise that anyone who chooses to use their e-mail the way that they want to is an "idiot." I think it's sad that spammers have been able to inconvenience you, me, and so many others on the net.
How many of you have ridden motorcycles in a cold winter climate? I don't care how many layers you have on, what nifty fibers they contain, etc. If you wear something that doesn't breathe, you end up covered in sweat. If you wear something that does breathe, you freeze at highway speeds. That's why heated electric vests are so popular.
I've only been riding motorcycles for about 28 years, so I expect there will be some people that weren't born when I started riding that are sure that they know far more than I. You will find their responses following this.
I don't think this would be a problem if people weren't idiots with their email addresses.
Do you mean people who do "idiotic" things like having a mailto link on their web page, posting a question on Usenet or a forum with their e-mail address there for responses, or not giving a false e-mail address when they register their software?
Talk about blaming the victim! So, in real life, are you a lawyer for rapists?
Re:You were speaking as a dullard.
on
Spam Slows AT&T Email
·
· Score: 3, Insightful
One is regulation (which would be cumbersome and probably ineffective, given the global nature of the Internet)
I must disagree. Most spammers are not multi-national corporations trying to attract customers from all over the world. Most spammers have P.O. boxes, toll-free phone numbers, and web sites. Give law enforcement the ability to track these people down, freeze their assets, confiscate their computers, and press charges against them and the spam problem will largely go away. Junk faxes, once a scourge threatening to become as pervasive as spam, has been effectively curtailed with Title 47, Section 227. While there are the occasional junk faxes, the number of them is inconsequential compared to what it was and what it was headed towards.
Technical solutions are being actively developed and some of them are damned effective when installed at a mail server. But such tools, without legislation to address the problem, are analogous to having a bullet-proof vest in a society where it is legal to shoot peopls. Advanced filtering products should be used as an adjunct to tough anti-spam laws, not instead of them.
This is a great example of the Free Market at work!
So is the trafficking of stolen car parts. But it doesn't make it right, ethical, moral, or legal. No, spam is a great example of theft at work. The spammers are taking bandwidth and e-mail storage that they don't pay for. They are inconveniencing Internet users while costing them more money (it's Internet users everywhere that bear the cost of spam traffic, storage, filtering, and response).
This is a fantastic example of where we need more, not less, government regulation and laws. We need laws that moke people criminally and civilly liable if they send spam or pay to have others send it. We need laws that indemnify ISPs and blacklists from lawsuit for blocking spam e-mail.
If allowing some bunch of amoral assholes to interfere with the delivery of e-mail to millions of users is your idea of how the free market should work, then I cannot imagine a better argument against a free market.
I don't think it has anything to do with timing, because at 333 MHz the wavelength of signals is around 1 m.
If a signal transitions from a 0 to a 1, the length of the trace determines how long it will take for that transition to show up at the other end. It has nothing to do with wavelength and everything to do with the speed of electricity through copper.
**Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language?? I didn't think so..
The development of the Internet (yes, the Internet is more than the HTTP protocol) was funded with U.S. taxpayer dollars. Non U.S. users can damned well speak English when addressing us. When in Rome...
I don't know if you could call it defamation to keep reporting the relay as open, but that'd be an interesting threat to get the blocking services moving...
It is defamation if they say "system x is an open relay" when it is not. If they say "system x was an open relay when we last tested it in 1997", that's not defamation (assuming that it is true).
The argument people on here are making is that a blacklist has a legal obligation to remove entries promptly. That is simply untrue -- unless the database has obligated themselves to remove the entries promptly by publically promising to do so. The database owners could choose to list all systems that were ever open relays, whether they have been fixed or not -- and they would never have to remove a system from the list.
My question to you is, what would YOU do if Earthlink started blocking you because of a claim that you were running an open relay?
It depends on whether the claim was true. If it was not true, I would ask the organization making the claim to retract it and I would provide proof of that retraction to Earthlink.
It the allegation was true, I would shut down the open relay, inform the blacklist, beg them to remove me as soon as their time permitted, and then beg Earthlink to start accepting mail from my server again. Should either of them cooperate, I would send humble "thank you" messages and apologies for the trouble my open relay had caused.
I view the ability to send mail to any other server as a privilege granted by that sys admin, not a right. And I believe that a private database operator (e.g., ORDB) has a right to run their database in whatever way they choose -- so long as the data is not slanderous.
Probably not before the system was fully configured, no.
If the mail server was not "fully configured", it should not have been live on the net. The sys admins did not do their jobs. They brought up mail servers that were open relays and didn't make it a priority to test them.
They didn't give them those 24 hours
They never said that they would give 24 hours notice. Do you know how much spam can be spewed through an open relay in 24 hours? Hundreds of thousands of pieces, assuming even a moderately fast connection.
BTW, I notice we've somehow managed to lose all the cases where the blacklist just plain screwed up in the first place, and either added a server completely in error, or caught innocent servers up when blocking whole IP ranges.
They don't "block" anything. They report where open relays have been found. Since it is now largely an automated process, the chance for human error is miniscule. As to the IP ranges, open relay databases don't use ranges. Databases of organizations that tolerate spamvertised web pages are the ones that use IP ranges. Sys admins can choose to block them or not.
I want them to do some basic fact-finding before they go around cutting people off from the world, yes.
Too bad. I, and many others, want them to identify threats and inform us of them as quickly and efficiently as possible. That means an automated system where someone enters an IP address, the system sends test relay mail, and, if it returns, an entry is automatically added. No human intervention or time is needed and human errors are eliminated.
And when will you get it through your head that these databases don't "go around cutting people off"? They are databases, not filters. If their criteria, methods, and accuracy satisfy me, then I can use them in my filtering. You don't like that? Tough. I don't have a legal obligation to accept mail from your server.
If they cannot afford to do the job properly, perhaps they should find a new line of work.
It's not a "job." They are mostly unpaid volunteers. If their "work" does not satisfy you, then don't use them for your filtering.
The link you posted is obviously to a US court case.
Yes, and you wrote:
Maybe where you come from. I'd love to see the precedent, though.
So, I showed you a precedent where I come from. There's no satisfying you, is there?
Do you now expect people in countries all over the world to take US-specific legal advice just in case they have a case there against someone there who's disrupting their network?
I did not give you "legal advice". I showed you a precedent -- as you requested (see above).
Let me summarize this for you since we seem to be covering the same ground over and over:
System adminstrators must be sure that their systems are not open relays if they want to avoid being listed. The very first test that they should run when putting their system on the net is an open relay test. If they don't do that, they have no right to complain when they show up in ORDB.
Open relay databases do not perform filtering or, in any way, block e-mail. They provide information just as a newspaper does: "IP X.X.X.X was an open relay on this date"
My mail server = my rules. Individual system administrators can block e-mail based on information in these databases, results of tarot card readings, or their own dislike of odd-numbers in IP addresses. It's their system so it's their choice.
Their database = their rules. Someone running an anti-spam database gets to decide the criteria for inclusion/removal and the procedures that they will use. You have no right to dictate how someone else runs their database.
The only time that you have a valid legal claim against an open relay database is if they listed you in error. If the listing was correct, then you have no grounds for complaint.
The people running the databases don't owe you anything. They don't owe you warnings, notices, consulting services, phone calls, e-mails, or any of the other things that have been proposed in this thread. They have no business or contractual relationship with you.
Remember, you have a right to start your own database if you think that the existing open relay databases are going about it wrong. You can phone sys admins in places like Korea, Brazil, and Russia to tell them about their open relays. You can give grace periods. You can e-mail warnings to people. You can rush home from your job to immediately remove systems from the database the moment that the admins fix the problems. You can do all of those other things you think should be done. If others feel that you have the right idea, they will switch to your database. Of course, you'll probably have to deal with pompous twits who demand that you change the way that you run your own database, but it will be a learning experience for you.
Hopefully, this has cleared up the misconceptions you had when you entered into this discussion.
I think things are looking pretty damn rosey for Corel... and, ultimately, for us consumers.
If, by "consumers", you mean people who purchase quality software, I agree with you. But there are the incalculable number of people in the "open source movement" who have never contributed to any open source project, couldn't compile code if their lives depended on it, and just want free software. Those people will be up in arms and decrying Corel's sound business decision as traitorous and tragic.
I've seen several otherwise competent sysadmins fail to close loopholes in the first few days of running a new system. A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.
Did they submit their systems for testing by any of the open relay blacklists when they brought them up? Did they use a third-party ISP to test the systems for open relays? I did those things, so my mail server isn't an open relay. If they did not, then they were negligent. Period.
A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.
So now you want volunteers running open relay databases to phone all around the world to negligent sysadmins? Get a clue. These databases are run on a shoestring budget. They cannot afford to turn every open relay discovery into an expensive, labor-intensive, investigative chore. Oh, and another clue for you: Many of the open relays are in Asia. How good is your Chinese or Korean?
You are a sick, sick person if you think your "analogy" is fair.
Did you ever hear the analogy that refers to "throwing out the baby with the bath water"? Do you think that the people who use that analogy are saying that abandoning a baby to die in dirty bathwater is the moral and ethical equivalent of whatever they are drawing the analogy to? If you don't understand something as simple as analogies, you need to spend more time in school and less on Slashdot.
I'm not going to bother replying to your other points there
That's fine since your replies to them would probably have been equally as ill-conceived as those replies you did make.
Maybe where you come from. I'd love to see the precedent, though. Certainly none of the companies I've seen damaged this way (in the UK) were ever able to take action.
Then look here. Next time, do your own research before you post.
I don't like open relays and spam magnets any more than you do, but I know how easy they are to overlook, and it will happen, even to generally competent people.
When I set up my mail server, I immediately submitted it to two different blacklists for testing as well as testing it from a dial-up account on another provider. Open relays are only "easy to overlook" if you are negligent when you set up mail servers.
No, it's not even slightly like that. Having an open relay is inconvenient but not immediately dangerous.
Yes it is. There is a danger that I, and millions of other users will be spammed.
Having an open relay is not illegal.
And ORDB can't give you a criminal record for it.
You are not required to pass a test before running a mail server.
So what? Do police let you go because you passed your driving test?
The internet is not governed by generally well-reasoned laws.
Which is why organizations like ORDB have sprung up to protect people.
A generally competent driver will not accidentally find themselves driving at 90mph on the wrong side of the road because they just bought a new car.
Neither will a marginally competent mail server admin find themselves with an open relay.
All in all, the two cases aren't even remotely the same.
They are analogous, meaning that they share characteristics that make it valid to compare them. The ORDB and the police both serve an enforcement role. Driving recklessly is analogous to operating a mail server recklessly (even if the ultimate risks are different). Expecting the police to give you 10-15 days to cease driving recklessly is analogous to expecting ORDB to give you 10-15 days to stop running an open relay. Expecting the police to give you free driving lessons is analogous to expecting ORDB to give you free consulting on how to run your mail server.
It works great as a analogy.
On the other hand, what we now have is a vigilante culture where totally unaccountable people can wipe out your company (quite literally, if you depend heavily on e-mail) on a whim, and there isn't jack you can do about it. As far as I'm concerned, if these people are blocking you inappropriately, they should be liable in the same way as anyone else who damaged your business by making a false claim, and you should be able to sue them to the other side of the galaxy.
You can. They are completely liable if their negligence injures your business or reputation. So quit pretending otherwise.
With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay?
When you are talking about one that is listed in ORDB, which only lists open relays. The ones that list spamvertised web sites are a different matter and not the one we were discussing.
If you don't like the criteria that the blacklist service uses, then don't use that service. If someone else chooses to use it and your mail gets blocked, tough! They have every right to block systems that host spamvertised web sites.
But this is all hypothetical. I have never seen a blacklist that adds web providers hosting spamvertised web sites without giving the providers fair warning and time to shut down the site. If your site ends up on there, it's damned likely that you refused to take down the spamvertised web site in a timely manner.
With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay
There are numerous such tools. When I brought my mail server up, I submitted it to several of the Open Relay Databases for testing -- because that was the responsible thing to do. Anyone else bringing up a mail server should do the same thing and the open relay problem would go away.
So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.
The analogy works beautifully (see "+5 Insightful"). Maybe it takes a bit more knowledge and skill to operate a mail server than it does to drive a car, but that does not mean that the world owes you a break. It's harder to perform brain surgery than it is to drive a car, but that does not mean the brain surgeons are excused for their every mistake.
Went to ORBS, filled out the "i've fixed my server" form, and a week or so later it was off the list.
You're trying to tell me i should've had to pay for that? You're as bad as the guy claiming they owed him!
What I said in my response to him was I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week. You were satisfied with waiting a few days. That guy wanted his system removed within milliseconds of fixing it. For that, he can pay.
Are you aware that ORDB runs totally off of donations? It hardly seems unreasonable to collect a fee from impatient mail system administrators who demand instant removal from the database.
If they can jump to get it on, they can jump to get it off when the server is secured against relays.
Or they can do it when they are damned good and ready to. It's their list and they can make removals a high or low priority. Their choice. If their views and mine are the same, then I can use their list to help me filter my mail.
If volunteer firefighters had the same attitude
The firefighters' responsibilities are to the community, not to the guy supplying oily rags and matches to arsonists.
If these people volunteer at hospitals you could easily find them by following the dead bodies and screaming.
In your world, the hospitals would be tending to the needs of the muggers, rapists, and wife beaters rather than those of the innocent victims. "Oooh! It looks like you cut your hand when you punched your wife. We'll get right on it and tend to her later."
If you didn't start letting the e-mail through again within 48 hours, I would be taking you to court.
I run a mail server and I can block anyone that I choose (right now, almost all of China and Brazil is blocked). If you want to test your theory about a court case, I'd be happy to block your server, too.
A mail server is private property and the owner has no legal obligation to accept mail from any other mail server. If I choose to, I can block AOL because I don't like their users, MSN because I don't like their owner, and christiancoalition.org because I don't like their politics. And they can't do anything about it.
Now, the whole point to all of this is that there needs to be a spirit of cooperation here.
I'll give you a list of IPs in Asia that are open relays. Your mission, should you accept it, is to locate the owners of the mail servers, explain to them that they have open relays, and get them to fix them. Good luck.
The ORDB model is easy now. Someone enters an IP address, ORDB sends an automated relay test message, if the message comes back, the IP address is blocked. When the owner fixes it (if he does), he enters the address, the test is rerun, and the system is removed. Turning it into something where people would have to track down and contact the owner of each and every open relay would make it impossible to run such a database.
HOWEVER, if your goal is CORRECT the offending mail server, then the 3 points that dboucher ask for are entirely resonable and good.
The goal is to protect the rest of the Internet community from the offending mail server. And that's best done by raising the flag early so that those who want to filter open relays can do so effectively. Do you have any idea how much spam can be funnelled through an open relay on a broadband connection in 10-15 days?
ESPECIALLY if he is not actually relaying spam
How, pray tell, can ORDB tell if server X is relaying spam to servers A, B, and C? All that they know is that someone reported an open relay and that their test confirmed it.
The people running these databases would have to take on an enormous workload increase to handle warnings, grace periods, and assisting those with open relays. Ever tried to figure out who is responsible for an open relay in Korea? Have you ever tried to communicate with them? I have. It's often impossible.
i loved how you threw in the greedy capitalist ideals at the bottom there, trying to make a quick buck of the poor saps once they corrected themselves
Hardly. The efforts of ORDB, Dorkslayers, and others are typically volunteer efforts that cost those who undertake them time and money. Getting some compensation from those responsible for the hassles might help to pay for the bandwidth and computing equipment. The people running these databases are not about to be made rich by their efforts. By the way, I am a liberal and am very much against the "capitalism over all else" mindset to which you allude.
They've made it their responsibility to jump to list the open relay, it becomes their responsibility to jump to de-list the machine after it's been secured. Otherwise their[sic] just fanatic assholes.
Ignoring your name calling, they are making a volunteer effort to help reduce spam, not to minimize inconvenience for negligent system administrators. I don't care if they only purge their database once a month. If you don't like being in their database, don't do something as brain-dead-stupid as running an open relay. And if you f*ck up, don't blame the people that report it.
Except that driving down the wrong side of the road is against the law! Until someone makes it so, spam is NOT. Neither is Open relay!
And a being entered into the ORDB is not a law enforcement action, doesn't result in you getting a criminal record, and isn't a punishment imposed by the courts.
You yourself are acting as if mistakes do not happen, or errors do not happen.
When mistakes happen, there are consequences. That's why there is the legal term of "negligence." If your mistake of leaving an open relay causes 250,000 people to be spammed, then I'm not going to have a lot of sympathy for your inconvenience of being blacklisted.
Personally I think blacklists should be blacklisted.
By whom and for what purpose?
I'm not for spam by any means, but I've SEEN what blacklisting can do to a web provider before they even know what's hit them.
Have you seen what can happen to a small company when some spammer uses a fictitious "From:" address in their domain? They are often paralyzed by bounced messages and angry complaints. So don't tell me about the poor (negligent) web provider that left an open relay.
Web providers are supposed to be professionals. They aren't supposed to make amateur mistakes of leaving open relays on mail servers. It's something that's easily tested and that can cost others thousands of dollars if configured wrong.
On top of that, there are so many lists out there, you may think you are off them all, only forgot one!
There's your business opportunity. Create a service that assures that people are removed from all of the major blacklists -- once they fix their open relay problems.
Either make there be a SINGLE standard, or go away, that's what I say!
Okay. I hereby declare that the single standard open relay database shall be ORDB and that all others must immediately cease operation.
I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.
So you're saying that unpaid volunteers have a "responsibility" to jump when someone says "I closed my open relay"?
You want them to be responsible to you? Pay them. If you screwed up and created an open relay on your mail server, then you should pay people for their time to update their databases. This idea that you can create a problem for someone else and that this makes them indebted to you is one that I don't follow.
Slashdot Mirror
This same legal construction has been used in the U.S. in lawsuits regarding unwanted access to servers and computer resources. AOL has used this as a legal tool against spammers in lawsuits.
You don't need electric heating to be warm on a bike. Just get a decent quality bike jacket that was made this decade.
I have a decent motorcycle riding suit and probably go out at temperatures that would freeze your eurobutt. I can dress for riding down the highway or I can dress for around-town. But if you mix the two, you are either too hot or too cold.
Besides, I don't like having to deal with a full riding suit when I just want to take a run to the store, go to a restaurant, etc.
By the way, when you say "90 on the motorway", do you mean 90kph or 90mph? If it's kph, I have a scooter that's almost that fast and if I rode 90kph (56mph) on the highways around here, I'd be squashed within a week.
My point is that people should be able to post their address anywhere and not get spam. It's idiotic that you have to be "fully Tin Foil Hat Paranoia Compliant" and a cyber-hermit in order to avoid spam.
Putting a link to your e-mail address on your web page isn't "idiotic." It's done as a courtesy and convenience to both you and your readers. Making it easy for someone to e-mail you an answer when you ask for help in a public forum isn't stupid. It's polite and it makes it more likely that you'll get a response. Making your e-mail address visible and convenient when you are selling something is reasonable, not idiotic.
I simply disagree with your premise that anyone who chooses to use their e-mail the way that they want to is an "idiot." I think it's sad that spammers have been able to inconvenience you, me, and so many others on the net.
God help any spammer I ever meet in person...
How many of you have ridden motorcycles in a cold winter climate? I don't care how many layers you have on, what nifty fibers they contain, etc. If you wear something that doesn't breathe, you end up covered in sweat. If you wear something that does breathe, you freeze at highway speeds. That's why heated electric vests are so popular.
I've only been riding motorcycles for about 28 years, so I expect there will be some people that weren't born when I started riding that are sure that they know far more than I. You will find their responses following this.
I don't think this would be a problem if people weren't idiots with their email addresses.
Do you mean people who do "idiotic" things like having a mailto link on their web page, posting a question on Usenet or a forum with their e-mail address there for responses, or not giving a false e-mail address when they register their software?
Talk about blaming the victim! So, in real life, are you a lawyer for rapists?
One is regulation (which would be cumbersome and probably ineffective, given the global nature of the Internet)
I must disagree. Most spammers are not multi-national corporations trying to attract customers from all over the world. Most spammers have P.O. boxes, toll-free phone numbers, and web sites. Give law enforcement the ability to track these people down, freeze their assets, confiscate their computers, and press charges against them and the spam problem will largely go away. Junk faxes, once a scourge threatening to become as pervasive as spam, has been effectively curtailed with Title 47, Section 227. While there are the occasional junk faxes, the number of them is inconsequential compared to what it was and what it was headed towards.
Technical solutions are being actively developed and some of them are damned effective when installed at a mail server. But such tools, without legislation to address the problem, are analogous to having a bullet-proof vest in a society where it is legal to shoot peopls. Advanced filtering products should be used as an adjunct to tough anti-spam laws, not instead of them.
This is a great example of the Free Market at work!
So is the trafficking of stolen car parts. But it doesn't make it right, ethical, moral, or legal. No, spam is a great example of theft at work. The spammers are taking bandwidth and e-mail storage that they don't pay for. They are inconveniencing Internet users while costing them more money (it's Internet users everywhere that bear the cost of spam traffic, storage, filtering, and response).
This is a fantastic example of where we need more, not less, government regulation and laws. We need laws that moke people criminally and civilly liable if they send spam or pay to have others send it. We need laws that indemnify ISPs and blacklists from lawsuit for blocking spam e-mail.
If allowing some bunch of amoral assholes to interfere with the delivery of e-mail to millions of users is your idea of how the free market should work, then I cannot imagine a better argument against a free market.
I don't think it has anything to do with timing, because at 333 MHz the wavelength of signals is around 1 m.
If a signal transitions from a 0 to a 1, the length of the trace determines how long it will take for that transition to show up at the other end. It has nothing to do with wavelength and everything to do with the speed of electricity through copper.
Do we have to keep the eyes on the floor while talking to you, Master, or are we allowed to look up ?
I prefer that you look up to me.
(and you stole it anyway)
And who, pray tell, do you think we stole U.S. currency from?
**Like actually bothering to translate your contact messages into various non-English languages. After all, when was the last time You, as a sysadmin, responded to an informative message to postmaster@your.org that was written in an Asian language?? I didn't think so..
The development of the Internet (yes, the Internet is more than the HTTP protocol) was funded with U.S. taxpayer dollars. Non U.S. users can damned well speak English when addressing us. When in Rome...
I don't know if you could call it defamation to keep reporting the relay as open, but that'd be an interesting threat to get the blocking services moving...
It is defamation if they say "system x is an open relay" when it is not. If they say "system x was an open relay when we last tested it in 1997", that's not defamation (assuming that it is true).
The argument people on here are making is that a blacklist has a legal obligation to remove entries promptly. That is simply untrue -- unless the database has obligated themselves to remove the entries promptly by publically promising to do so. The database owners could choose to list all systems that were ever open relays, whether they have been fixed or not -- and they would never have to remove a system from the list.
My question to you is, what would YOU do if Earthlink started blocking you because of a claim that you were running an open relay?
It depends on whether the claim was true. If it was not true, I would ask the organization making the claim to retract it and I would provide proof of that retraction to Earthlink.
It the allegation was true, I would shut down the open relay, inform the blacklist, beg them to remove me as soon as their time permitted, and then beg Earthlink to start accepting mail from my server again. Should either of them cooperate, I would send humble "thank you" messages and apologies for the trouble my open relay had caused.
I view the ability to send mail to any other server as a privilege granted by that sys admin, not a right. And I believe that a private database operator (e.g., ORDB) has a right to run their database in whatever way they choose -- so long as the data is not slanderous.
If the mail server was not "fully configured", it should not have been live on the net. The sys admins did not do their jobs. They brought up mail servers that were open relays and didn't make it a priority to test them.
They didn't give them those 24 hours
They never said that they would give 24 hours notice. Do you know how much spam can be spewed through an open relay in 24 hours? Hundreds of thousands of pieces, assuming even a moderately fast connection.
BTW, I notice we've somehow managed to lose all the cases where the blacklist just plain screwed up in the first place, and either added a server completely in error, or caught innocent servers up when blocking whole IP ranges.
They don't "block" anything. They report where open relays have been found. Since it is now largely an automated process, the chance for human error is miniscule. As to the IP ranges, open relay databases don't use ranges. Databases of organizations that tolerate spamvertised web pages are the ones that use IP ranges. Sys admins can choose to block them or not.
I want them to do some basic fact-finding before they go around cutting people off from the world, yes.
Too bad. I, and many others, want them to identify threats and inform us of them as quickly and efficiently as possible. That means an automated system where someone enters an IP address, the system sends test relay mail, and, if it returns, an entry is automatically added. No human intervention or time is needed and human errors are eliminated.
And when will you get it through your head that these databases don't "go around cutting people off"? They are databases, not filters. If their criteria, methods, and accuracy satisfy me, then I can use them in my filtering. You don't like that? Tough. I don't have a legal obligation to accept mail from your server.
If they cannot afford to do the job properly, perhaps they should find a new line of work.
It's not a "job." They are mostly unpaid volunteers. If their "work" does not satisfy you, then don't use them for your filtering.
The link you posted is obviously to a US court case.
Yes, and you wrote:
Maybe where you come from. I'd love to see the precedent, though.
So, I showed you a precedent where I come from. There's no satisfying you, is there?
Do you now expect people in countries all over the world to take US-specific legal advice just in case they have a case there against someone there who's disrupting their network?
I did not give you "legal advice". I showed you a precedent -- as you requested (see above).
Let me summarize this for you since we seem to be covering the same ground over and over:
Remember, you have a right to start your own database if you think that the existing open relay databases are going about it wrong. You can phone sys admins in places like Korea, Brazil, and Russia to tell them about their open relays. You can give grace periods. You can e-mail warnings to people. You can rush home from your job to immediately remove systems from the database the moment that the admins fix the problems. You can do all of those other things you think should be done. If others feel that you have the right idea, they will switch to your database. Of course, you'll probably have to deal with pompous twits who demand that you change the way that you run your own database, but it will be a learning experience for you.
Hopefully, this has cleared up the misconceptions you had when you entered into this discussion.
I think things are looking pretty damn rosey for Corel... and, ultimately, for us consumers.
If, by "consumers", you mean people who purchase quality software, I agree with you. But there are the incalculable number of people in the "open source movement" who have never contributed to any open source project, couldn't compile code if their lives depended on it, and just want free software. Those people will be up in arms and decrying Corel's sound business decision as traitorous and tragic.
I've seen several otherwise competent sysadmins fail to close loopholes in the first few days of running a new system. A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.
Did they submit their systems for testing by any of the open relay blacklists when they brought them up? Did they use a third-party ISP to test the systems for open relays? I did those things, so my mail server isn't an open relay. If they did not, then they were negligent. Period.
A quick phone call or e-mail would immediately have made them aware of the problem and caused it to be closed, but instead, several of the sites were RBL'd without notice.
So now you want volunteers running open relay databases to phone all around the world to negligent sysadmins? Get a clue. These databases are run on a shoestring budget. They cannot afford to turn every open relay discovery into an expensive, labor-intensive, investigative chore. Oh, and another clue for you: Many of the open relays are in Asia. How good is your Chinese or Korean?
You are a sick, sick person if you think your "analogy" is fair.
Did you ever hear the analogy that refers to "throwing out the baby with the bath water"? Do you think that the people who use that analogy are saying that abandoning a baby to die in dirty bathwater is the moral and ethical equivalent of whatever they are drawing the analogy to? If you don't understand something as simple as analogies, you need to spend more time in school and less on Slashdot.
I'm not going to bother replying to your other points there
That's fine since your replies to them would probably have been equally as ill-conceived as those replies you did make.
Maybe where you come from. I'd love to see the precedent, though. Certainly none of the companies I've seen damaged this way (in the UK) were ever able to take action.
Then look here. Next time, do your own research before you post.
I don't like open relays and spam magnets any more than you do, but I know how easy they are to overlook, and it will happen, even to generally competent people.
When I set up my mail server, I immediately submitted it to two different blacklists for testing as well as testing it from a dial-up account on another provider. Open relays are only "easy to overlook" if you are negligent when you set up mail servers.
No, it's not even slightly like that. Having an open relay is inconvenient but not immediately dangerous.
Yes it is. There is a danger that I, and millions of other users will be spammed.
Having an open relay is not illegal.
And ORDB can't give you a criminal record for it.
You are not required to pass a test before running a mail server.
So what? Do police let you go because you passed your driving test?
The internet is not governed by generally well-reasoned laws.
Which is why organizations like ORDB have sprung up to protect people.
A generally competent driver will not accidentally find themselves driving at 90mph on the wrong side of the road because they just bought a new car.
Neither will a marginally competent mail server admin find themselves with an open relay.
All in all, the two cases aren't even remotely the same.
They are analogous, meaning that they share characteristics that make it valid to compare them. The ORDB and the police both serve an enforcement role. Driving recklessly is analogous to operating a mail server recklessly (even if the ultimate risks are different). Expecting the police to give you 10-15 days to cease driving recklessly is analogous to expecting ORDB to give you 10-15 days to stop running an open relay. Expecting the police to give you free driving lessons is analogous to expecting ORDB to give you free consulting on how to run your mail server.
It works great as a analogy.
On the other hand, what we now have is a vigilante culture where totally unaccountable people can wipe out your company (quite literally, if you depend heavily on e-mail) on a whim, and there isn't jack you can do about it. As far as I'm concerned, if these people are blocking you inappropriately, they should be liable in the same way as anyone else who damaged your business by making a false claim, and you should be able to sue them to the other side of the galaxy.
You can. They are completely liable if their negligence injures your business or reputation. So quit pretending otherwise.
With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay?
When you are talking about one that is listed in ORDB, which only lists open relays. The ones that list spamvertised web sites are a different matter and not the one we were discussing.
If you don't like the criteria that the blacklist service uses, then don't use that service. If someone else chooses to use it and your mail gets blocked, tough! They have every right to block systems that host spamvertised web sites.
But this is all hypothetical. I have never seen a blacklist that adds web providers hosting spamvertised web sites without giving the providers fair warning and time to shut down the site. If your site ends up on there, it's damned likely that you refused to take down the spamvertised web site in a timely manner.
With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay
There are numerous such tools. When I brought my mail server up, I submitted it to several of the Open Relay Databases for testing -- because that was the responsible thing to do. Anyone else bringing up a mail server should do the same thing and the open relay problem would go away.
So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.
The analogy works beautifully (see "+5 Insightful"). Maybe it takes a bit more knowledge and skill to operate a mail server than it does to drive a car, but that does not mean that the world owes you a break. It's harder to perform brain surgery than it is to drive a car, but that does not mean the brain surgeons are excused for their every mistake.
Went to ORBS, filled out the "i've fixed my server" form, and a week or so later it was off the list.
You're trying to tell me i should've had to pay for that? You're as bad as the guy claiming they owed him!
What I said in my response to him was I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week. You were satisfied with waiting a few days. That guy wanted his system removed within milliseconds of fixing it. For that, he can pay.
Are you aware that ORDB runs totally off of donations? It hardly seems unreasonable to collect a fee from impatient mail system administrators who demand instant removal from the database.
If they can jump to get it on, they can jump to get it off when the server is secured against relays.
Or they can do it when they are damned good and ready to. It's their list and they can make removals a high or low priority. Their choice. If their views and mine are the same, then I can use their list to help me filter my mail.
If volunteer firefighters had the same attitude
The firefighters' responsibilities are to the community, not to the guy supplying oily rags and matches to arsonists.
If these people volunteer at hospitals you could easily find them by following the dead bodies and screaming.
In your world, the hospitals would be tending to the needs of the muggers, rapists, and wife beaters rather than those of the innocent victims. "Oooh! It looks like you cut your hand when you punched your wife. We'll get right on it and tend to her later."
If you didn't start letting the e-mail through again within 48 hours, I would be taking you to court.
I run a mail server and I can block anyone that I choose (right now, almost all of China and Brazil is blocked). If you want to test your theory about a court case, I'd be happy to block your server, too.
A mail server is private property and the owner has no legal obligation to accept mail from any other mail server. If I choose to, I can block AOL because I don't like their users, MSN because I don't like their owner, and christiancoalition.org because I don't like their politics. And they can't do anything about it.
Now, the whole point to all of this is that there needs to be a spirit of cooperation here.
I'll give you a list of IPs in Asia that are open relays. Your mission, should you accept it, is to locate the owners of the mail servers, explain to them that they have open relays, and get them to fix them. Good luck.
The ORDB model is easy now. Someone enters an IP address, ORDB sends an automated relay test message, if the message comes back, the IP address is blocked. When the owner fixes it (if he does), he enters the address, the test is rerun, and the system is removed. Turning it into something where people would have to track down and contact the owner of each and every open relay would make it impossible to run such a database.
HOWEVER, if your goal is CORRECT the offending mail server, then the 3 points that dboucher ask for are entirely resonable and good.
The goal is to protect the rest of the Internet community from the offending mail server. And that's best done by raising the flag early so that those who want to filter open relays can do so effectively. Do you have any idea how much spam can be funnelled through an open relay on a broadband connection in 10-15 days?
ESPECIALLY if he is not actually relaying spam
How, pray tell, can ORDB tell if server X is relaying spam to servers A, B, and C? All that they know is that someone reported an open relay and that their test confirmed it.
The people running these databases would have to take on an enormous workload increase to handle warnings, grace periods, and assisting those with open relays. Ever tried to figure out who is responsible for an open relay in Korea? Have you ever tried to communicate with them? I have. It's often impossible.
i loved how you threw in the greedy capitalist ideals at the bottom there, trying to make a quick buck of the poor saps once they corrected themselves
Hardly. The efforts of ORDB, Dorkslayers, and others are typically volunteer efforts that cost those who undertake them time and money. Getting some compensation from those responsible for the hassles might help to pay for the bandwidth and computing equipment. The people running these databases are not about to be made rich by their efforts. By the way, I am a liberal and am very much against the "capitalism over all else" mindset to which you allude.
They've made it their responsibility to jump to list the open relay, it becomes their responsibility to jump to de-list the machine after it's been secured. Otherwise their[sic] just fanatic assholes.
Ignoring your name calling, they are making a volunteer effort to help reduce spam, not to minimize inconvenience for negligent system administrators. I don't care if they only purge their database once a month. If you don't like being in their database, don't do something as brain-dead-stupid as running an open relay. And if you f*ck up, don't blame the people that report it.
Except that driving down the wrong side of the road is against the law! Until someone makes it so, spam is NOT. Neither is Open relay!
And a being entered into the ORDB is not a law enforcement action, doesn't result in you getting a criminal record, and isn't a punishment imposed by the courts.
You yourself are acting as if mistakes do not happen, or errors do not happen.
When mistakes happen, there are consequences. That's why there is the legal term of "negligence." If your mistake of leaving an open relay causes 250,000 people to be spammed, then I'm not going to have a lot of sympathy for your inconvenience of being blacklisted.
Personally I think blacklists should be blacklisted.
By whom and for what purpose?
I'm not for spam by any means, but I've SEEN what blacklisting can do to a web provider before they even know what's hit them.
Have you seen what can happen to a small company when some spammer uses a fictitious "From:" address in their domain? They are often paralyzed by bounced messages and angry complaints. So don't tell me about the poor (negligent) web provider that left an open relay.
Web providers are supposed to be professionals. They aren't supposed to make amateur mistakes of leaving open relays on mail servers. It's something that's easily tested and that can cost others thousands of dollars if configured wrong.
On top of that, there are so many lists out there, you may think you are off them all, only forgot one!
There's your business opportunity. Create a service that assures that people are removed from all of the major blacklists -- once they fix their open relay problems.
Either make there be a SINGLE standard, or go away, that's what I say!
Okay. I hereby declare that the single standard open relay database shall be ORDB and that all others must immediately cease operation.
Let me know if that takes care of it.
I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.
So you're saying that unpaid volunteers have a "responsibility" to jump when someone says "I closed my open relay"?
You want them to be responsible to you? Pay them. If you screwed up and created an open relay on your mail server, then you should pay people for their time to update their databases. This idea that you can create a problem for someone else and that this makes them indebted to you is one that I don't follow.