Well I kind of agree with the previous post, I mean come on our jails are already full. Take the money he made from spam and fund spam filtering projects! I think having to swap bunks with "Bubba" in jail for 20 years is over the top!
Hmm, you've got a point there. If we keep on with this whole kick of filling up the prisons with people who do things like establishing large trojan zombie networks in order make hundreds of thousands of dollars a year by sending unrequested recipient-paid advertisements to everyone on earth simultaneously, why, we won't have any room for all those awful marijuana users!
SPEWS is fugly. damn that's fugly. IMHO only of course. no proper access list or firewall rules.
They publish zone files...by doing a little elementary parsing you can turn it into any format you want, but part of the great benefit of DNSBLs is that they can be easily updated by a trusted central authority without any work at all on the part of you the admin. By using (or translating) the zone file yourself, you take on the responsibility of keeping it current. The last thing I as an admin need is another item added to my daily "check for updates" list.
no domain lists for postfix.
Domain lists? Most of the spam I see comes from bizarre fake domains or forged legitimate ones. Blocking by the IP of the SMTP session initiator is the only reliable method, since that is the only common thread that is not completely under the control of the spammers. I'm sure that's one reason they're now employing trojan-zombie networks -- it does signifigantly expand the amount of non-contiguous IPs with which they can trespass on your server.
but it's a start.
I don't really see your complaints, other than the aesthetic design of the site which I can't really comment on other than to say I've never had a problem navigating it. I've only really been there to read the FAQ and perform lookups, but for what its worth both those functions are as accessable as can be.
their site is very hard to navigate and use, or to find things directly.
What were you looking for that you couldn't easily find?
Support your local SPEWS. The problem you describe is exactly what SPEWS was created to fight, and exactly why spammers spend so much time badmouthing it -- its brutally effective.
I know that we've been debating spam the effectiveness of Spam legislation here on slashdot for the last couple days. YES, it might momentarily stem the flow of spam, but really laws like this allow too much leeway! If you think this will stop spam you have another thing coming!
I agree with you that this law will not stop spam. However, you make a leap from saying that this law will not work to "laws don't work", paraphrasing your subject. On that point I vehemently disagree. If the incentive to spam is strong, certainly there are far more lucrative crimes which the law has succeeded in reducing if not eliminating. Laws can be effective, because law enforcement can be very intimidating. That's their job. We simply need a strong law against spam. But we both agree, the (U)CAN-SPAM act is not it.
Technology on the other hand is the way to go. I recently got feed up with my hotmail account due to spam and I switched to another free site called Shadango.com. It allows me to check both my students address and hotmail thru one interface and it filters the spam out of my email, which is something this new law won't do.
That's great for you as a consumer, but what about me as an ISP? Don't I have a right to own a business and sell internet access to my users without having to pay for beefier hardware and fatter pipes just to handle the amount of completely unsolicited and unwanted junk e-mail we take in?!?
I'm not saying that services like Shadango.com are the answer but they are definitely a step in the right direction! And that's my two cents!!!
Nothing personal against shadango, I'm not that familiar with their service, but these band-aids are just that, they are not a step in the right direction. They're just another step in the arms race.
If anyone here thinks for a minute that this abominable piece of legislation is an "accident" caused by those writing it being non-technical, wake the hell up.
Every single word of this bill was intentionally crafted to do what it does -- make Congress look anti-spam to everyone except spammers. This is a Congressional "wink and nod" to all the scum out there who are more than happy to cost you money to try to sell you something.
Remember, kids, messing with other peoples' computers "for fun" is bad and wrong and the FBI will hunt you down. If you're going to make money at it, and of course you allocate some of that money to bribing^Wlobbying Congress, thats a whole different story. Sigh.
# The Spamassassin installation documentation could be better written IMHO.
What documentation couldn't be better written? If its really that bad, you could always put in the time to update it yourself. I haven't found it all that lacking at all, in fact, the man pages are extremely verbose.
# Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
That's a RedHat flaw, not a SpamAssassin flaw. The reviewer should not have punished SpamAssassin because the linux distribution he chose was out of date (and probably a bad choice anyway).
# Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
SpamAssassin has no configuration GUI. I would much rather the brains that are working on SpamAssassin continue to improve the core functionality of their product, that is detecting and filtering spam, than to waste time developing a GUI. SA is made for competent mail server admins. If you can't handle editting a text configuration file, trying to run an internet mail sevrer is just asking for trouble.
This "journalist" is a grade-A moron as has been demonstrated sufficiently already in this thread. The one new thing I have to add to this conversation is that, contrary to the following statement:
SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users.
SpamAssassin (anything remotely resembling a current version) supports per-user whitelists and other preferences. It takes a little more skill to set up, but frankly the end result is way better than anything you're likely to achieve with a commercial product. The users of my ISP can simply log into a secure space on our website, where they can then view their assassinated spam, change their default score, and create individual white and black lists. This is accomplished with nothing but SpamAssassin, Apache, MySQL, and a few glue scripts. I would put our OSS-based solution in a head to head with any of those commercial offerings.
The behavior I find objectionable is the blocking of email based on IP. Providing notification to the user that the ISP thinks that email may be spam is not bad -- I can't see how it would be anything but good. SA does not (by default) *eat* email. It may mark it up.
Of course, each score contributes to the mail being rejected. You'd really rather have all the mail actually blocked by blacklist fail silently instead of giving you a 550 when you try to send?
2) I don't use said features of SA.
Hey, good for you. Mind if I ask why?
3) As I've posted elsewhere in the thread, there are better technical fixes (limiting amplification is a good, simple one) to attempting to keep network costs from being unacceptable. Conflating the problem of dealing with network costs on the server and the problem of avoiding wasted human time on the client is the major reason antispam folks have cause others so much pain.
Say...what? I can't even parse that. Are you trying to say in a roundabout way that "antispammers" have wasted end-users time? Given the amount of complaining end users do about spam, I don't think that argument holds up. Although the tactics we've had to use have matured and become more effective as time went on, the root cause is and always was spammers.
4) Vendor support shouldn't be automatically dropping questionable email *anyway*. All email originating from dialup IPs is decidedly not spam. It'd be pretty awful if someone sends out a question and then just doesn't get a response.
Most e-mail originating from dial-up IPs is spam. I don't know where you're running your mailserver or for whom but your experience seems to exactly contradict mine.
That's not the way spam works. An independant entity is doing SPAM and it is based in Russia. It will advertise "Get the lower rates for your mortgage" for example. Then, when someone respond to that and give its name/address, the Russian company will sell the personal informations collected to any company willing to pay $2 (or $n) for it in the U.S.
Maybe there are a few that work this way, but for the most part this is *not* how spammers operate. I will avoid posting a step by step, but its pretty easy to figure out what affiliate programs are really intended to do, and its damn obvious that all those dialup systems in other countries aren't owned by the spammers.
Most spammers are in the US, as are most businesses whos products spam advertises. They use fake affiliates to deflect complaints away from themselves ("oh, affiliate XYZ spammed you? spamming is strictly against our policy, that affiliate has been removed!"...yeah right) and hand off credit card processing to shady merchants. The actual machines sending out the spams are mostly compromised always-on boxen in technologically developing countries, but don't let that fool you -- the spammers are still in the US and thus subject to US law.
You do raise a good point though...an effective anti-spam law would prevent spammers from hiding behind complex organizational structures by exposing all the players to risk.
I should also mention that you should pay attention to your choice of case. 'SPAM' is the meat product in a can made by Hormel. 'Spam' is the crap you get in your mail spool.
Hormel has been extremely tolerant with the usage of their trademark. That distinction is the least we can do in return, in my opinion.
Because there isn't (to the best of my knowledge anyway) any way for people to stop these calls from coming in the first place. Sure, they can opt to not answer the phone, or leave it off the hook, but there is no way to stop the call from reaching your phone. Given that, regulation was the only solution until private industry comes up with a gadget to identify and block unwanted calls.
And such is exactly the case with spam. There isn't anyw ay for people to stop these spams from coming in the first place. They can try to filter after the fact, the telephone equivalent of the TeleZapper. Using that solution also will result in real, legitimate e-mails being missed sooner or later.
Robbery, murder, trespass all still happen, so I wouldn't say the laws against those acts are particularly effective at preventing them.
You wouldn't? You don't think there would be any more robbery, murder, or trespassing if there were no laws against these acts? Or are you suggesting that unless a law is immediately 100% effective, it has no value?
It ought not be necessary to expect people to lock their doors every night, but it's a good idea, and a reasonable expectation. So is SPAM filtering.
Spam filtering is not analogous to locking ones door at night. Locking ones door at night (denying entry to anyone who does not posess a key) would be more like authenticated senders, an idea now being put forth as a serious solution to spam. Of course, this entirely destroys the value of e-mail as an open communications medium.
SPAM is none of the above, unless you consider fliers, credit cards, and other physical junk mail to be unauthorized access to your property. That stuff isn't illegal; why should SPAM?
Postal junk mail, where postage is paid sender rather than the recipient, and where one can cause the messages to stop with one simple request to the post office, is not like spam in any way other than both are methods of advertising.
Posting fliers, handing out hand bills, or otherwise advertising on someones private property in contravention of a posted notification is a crime. My computer systems are my private property, and notification that spam is not welcome is available on my website as well as given when connecting to my mail server. Putting a flyer directly into someones mailbox, avoiding the US postal system, is a felony, and actually I would consider that more analogous to spam with fake received headers.
I submit that most people would be happy enough with simply reducing SPAM to an acceptable level. There are ways to do it; hell I only get about 3 SPAMs per week, if that! And I don't even filter my mail!
First, what is an 'acceptable' level of spam? I'm willing to bet that if you gave everyman a choice between receiving "some spam" and "no spam", they would choose "no spam" every time. Besides, in my opinion, the only "acceptable" level of abuse of my mail server is "none at all".
Second, you claim that there are ways to prevent yourself from receiving spam, but you fail even to hint at what these methods are, except that they are not filtering. I cannot understand or comment on your methods until you actually disclose what they are.
If you mean to suggest compartmentalizing the distribution of your e-mail address, I would point out that this is only somewhat effective anyway, and regardless of how effective it is its a solution that reduces the usefulness of e-mail. I don't want to have to keep my e-mail address a secret. The great strength of e-mail is that anyone on the internet reading something I have written can be given a piece of data allowing them to get in touch with me at any time. Concealing your address ruins this openness.
But that's just a guess. You haven't given us any inkling of these magical techniques you use to receive only 3 spams per week...and to share an anecdote of my own, in the time its taken me to compose this reply, I have received 8 spams to my primary work account.
Just checked again, its now 9. If I wait another 60 seconds, it will be 10...
"Anyway, baby steps... we don't have to stop the spam problem with one big, perfect piece of legislature all in one blow..."
Perhaps this is the Libertarian in me speaking out, but I'm not convinced that SPAM has or needs a government solution.
I'm confused on several points by this. First, I'm not quite sure why the Libertarian in you is objecting to anti-spam legislation, unless you as a Libertarian are also against the Do Not Call list? I haven't heard a lot of libertarian objection to that. Second, you seem to be saying that you're not sure if legislation can be effective in combatting spam. To that, I say: bullshit. Laws have proven effective in preventing just about any action one person takes against another -- the laws effectiveness is merely a function of how it is written to interact with the society. If you can't conceptualize an anti-spam law that would stop spam within our borders, you aren't very creative. A $10k fine for each spam sent, $100k/spam fines for companies that can be demonstrated to consistantly either through deliberate action or structural organization ("affiliate" programs) allow spammers to profit, and $1mil/incident fines to any credit card merchant who can be shown to do business with spam outfits after being made aware of their practices.
Hell, I don't even need the full power of congress to stop spam. If I could force credit card merchants to rewrite their contracts....all it would take would be a 'spammer' clause. Of course, legislation would probably be required, as shady outfits are not likely to cut into their sole profit source voluntarily.
Remember -- spammers are trying to take your money, that means somewhere along the line they have to expose themselves. That's where you go after them.
ISP's that use products like SpamAssassin can help reduce the amount of SPAM that gets to users' inboxes, and client-side software can filter it further.
What's your point? Planting land mines in your yard to prevent trespassers can be effective as well, but that ought not to be necessary.
Like you said, there's no perfect solution. But in this case I'd say that government is not needed.
Why do you feel that way? In every other case of unauthorized access to computers, theft of services, and fraud, the legal system is felt to be the proper venue for resolution. Why not, specifically, in this case?
People who are agitated by SPAM enough to want to take measures against it are probably within their ability to do so.
In order to counter your assertion, I invoke: reality. Clearly, no person regardless of their distaste for spam or technical aptitude has yet discovered a reliable method for stopping spam.
This is divide and conquor in action, folks. Old boy is trying to create a rift between the people who have designed and created the internet, and the average non-technical person who uses that creation.
I don't envy this guy, he has a difficult job ahead of him convincing the common man that turning the internet into a corporate battleground is a better way to run things than we already have.
This was hardly the victory the anti-spammers (including myself) were hoping for.
I believe even cursory review of the court documents reveal that since the outset, this lawsuit was designed not to achieve victory in court but to harass the defendants and cause them to have to expend time and funds to fight it. There was absolutely 0 chance that they could have successfully argued that people maintaining lists of ip addresses of any sort could be held liable for jack squat.
Here are the facts: The judge granted the plaintiff motion to dismiss the case. Felchstein and the EMA desperately wanted to end this lawsuit before it went to discovery -- that could lead to the exposure of the members of the EMA, people who have very good reasons for staying hidden. The defendants did not obtain a judgement granting them legal fees, and now owe tens of thousands of dollars.
All of this means the lawsuit succeeded in every regard -- the antispammers time and money has been wasted, and the spammers are no worse off since Felchstein is in their pocket.
I failed to make one point I guess -- it isn't necessarily the idea of an integrated scheduler/tracker/calander/mail server from the end users view point that I have a problem with...it's the twin issues of anyone taking some standard protocols and twisting them so nothing else can interoperate fully, and the fact that Exchange epitomizes feature-poor, underengineered, unreliable Microsoft software.
Its important to seperate the technical architecture of these solutions from their appearance to the end user. That's the only way you can get the best of both worlds.
For my personal business with 12 employees total, we use sendmail and use a web based group management software.
BUT the minute you are talking about 30k worth of employees, you need something like this.
Why does it have to a single application? Integration can occur at many points.
Exchange does what it needs to do -- its a business solution that businesses need and have asked for.
You're just avoiding any specific discussion of the features or merits of outlook by saying "business" a lot as if to imply "business needs" are incomprehensible to anyone except "business" understands. I'm in the information technology business, it's my *job* to evaluate technologies applicability to business needs. None of that changes the fact that Exchange is a poor piece of software.
You either haven't used it to its advantage or too idealistic (or more to the point, way too fucking cool...yeah...geek attitude gets the chick) and will never understand this need.
Says who? I have used Exchange, in one of those smallish environments you mentioned before (they thought they needed it before I got there -- I got rid of it ASAP). It sucks. In every conceivable way. It does nothing you can't accomplish other ways, if you are even mildly creative.
Again, I have searched for a solution that works for a large group of peoples and I haven't found one yet.
If you really want an enterprise class directory server, go call PeopleSoft or Oracle. Nobody uses Exchange for that.
I'm forced to guess at what features you are so desperate for, since you haven't mentioned any of them in specific.
As one of the other posters mentioned, Kolab and Kontact might be potential competitors in the future -- but they have a LONG way to go right now.
The only reason Exchange is seen as the "only solution" is because it took several different, unrelated tasks and combined them, creating a new category of software in the minds of PHBs. Each one of these tasks could be accomplished in a more reliable, robust way with seperate applications, and integration can take place at a different level.
IMO, building a calander/to-do-list/scheduler/task tracker into a mail server makes about as much sense as installing a wet bar in your Geo Metro.
"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. ..It is difficult for me to see a downside to this user friendly enhancement."
So, the summary of Verisigns argument seems to be that while network administrators and the like think SiteFinder sucks, end users are the ones who we should care about.
Examine this logic closely. The judgement of network administrators, aka experts on the internet, regarding issues related to the infrastructure of the internet, is irrelevant.
They are out-and-out advocating that a lack of understanding of the technical foundation of the internet is exactly what qualifies one to make reliable technical decisions.
Is there no lie too bald-faced, no distortion too absurd, or no consequence too detrimental as long as there is money to be made? Am I the only one who doesn't think like that?!?
The more layers there are in a solution like this, the more work is required to maintain it and the greater the chances are that something could go wrong.
Impossible. We're talking about implementing a Microsoft product. The chances of something going wrong are already 100%.
Microsoft *IS* insecure, but find a decent mail solution, that has scheduling and can also deal with groupware aspects such as Project in a single package...I'm not talking about individual packages...I'm talking ONE package that works seamlessly.
Ever hear of "embrace and extend"? Now, instead of a mail server being expected to efficiently route mail, its expected to fill the roles of a mail server, file server, database server, web server, directory server, desert topping AND a floorwax. Gee, thanks MS!
Maybe the real problem that needs to be addressed is a lack of understanding on the part of management that throwing the biggest most expensive and expansive solution at every problem is exactly why there are so many problems to begin with.
Jack-of-all-trades software, like Exchange, always sucks.
Ignored in the fracas is a startling truth: The Do-Not-Call list is going to be a failure. It's also an example of the worst sort of government regulation. The two arguments against a Do Not Call list are job loss and the power of marketing. The direct marketing industry has been crying out about potential job losses. Losing two million jobs, many going to low income rural Americans, is a bad thing.
Two problems with this line of reasoning. First, the two million jobs figure is attributable to the Direct Marketing Assoc., and as such is immediately suspect. Job loss estimates by more independant sources, such as the analyst quoted in a story about this issue in last weeks USA Today (the writer's name escapes me) put the real job losses somewhere around 1/4th or less of that.
The second, and larger problem is that you are failing to see the big picture. The core of the problem is that a large industry has formed to provide a service that consumers not only don't want, but actually find highly intrusive and annoying. Regardless of how many people are employed by these paid harassment companies, the fact of the matter is such paid harassment ought to have been made illegal a long long time ago, before it got to the stage that 2 million people are employed as paid telephone harassers.
And I can believe that the choice direct telemarketing offers (would you like to switch your phone service for 2.9 cents a minute?) helps consumers in the long term.
I don't suppose you'd care to explain how, exactly? I have never heard of anyone getting a good deal from a telemarketer. Even if one did, does that excuse bothering the other 999 people that had no interest in receiving the same offer while they were eating dinner?
But let's break down why the Do Not Call list is going to fail: Nonprofits, Politicians and Business Process.
OK. Let's go.
The two biggest abusers of telemarketing are politicians and nonprofits.
Are you going to back this up with anything besides an anecdote? I will grant you that I do receive my share of calls from non-profits, but I receive far more from businesses trying to sell me something. I haven't been logging any statistics, but I would estimate that I get about 20:1 commercial/nonprofit calls. Certainly, commercial entities make up the lionshare of the annoyance calls I get.
I can't tell you how many times the Virginia State Police Association has called me asking for money. And my phone rings off the hook come election time with Get Out the Vote Calls. These two groups are exempted under the Do Not Call list.
Because that really would run into the Constitution. Regulating political speech in any way is a big no-no for our government, for the best of reasons. I would still try to make the case that nobody should have the right to call you at your house without your permission to advertise anything to you, but I understand why Congress is nervous about dealing with that.
But the exemptions, once created, can only be expanded.
Why? I can't think of why anyone would expand the exemptions. This is easily the most popular piece of legislation they've dealt with in several sessions.
Do nonprofits that hire commercials solicitors need apply?
I would suspect that acting on behalf of a non-profit organization would be the same as being a non-profit yourself. Thank you for reminding us of one more reason why all 2 million call center jobs aren't suddenly going to vanish.
What about nonprofits cross-selling commercial products (Greenpeace offering a MBNA Credit card?
As that is a commercial solicitation, I would expect that to be illegal.
The NRA offering AT&T phone service). If our intent is to create a zone of privacy, why let in two industries off the bat.
By definition, nonprofit organizations and political entities are not industry.
All I can say is "thank God I'm not your customer".
I'm just as thankful!
If there's one thing I can't stand, it's overzealous mail weenies pettily blocking swathes of the Internet the size of Brazil.
Funny you should mention Brazil, they're blocked!
I've already had to change ISPs twice because of their dumb-ass "block legitimate mail and laugh" attitudes. They can keep their attitudes, but they will never get any more of my money until they change.
I make no effort to block legitimate mail, in fact just the opposite.
As for your money, if I lose your patronage to gain that of 100 people who are sick and tired of the e-mail address they pay for being cluttered with porn and penis enlargement ads, so be it.
See, that's why I am immediately and strongly suspicious of the disparagement of blocklists by anonymous cowards on slashdot: they all give basically the same argument, but this argument seems not to exist anywhere outside of anonymous forums on the internet. It's almost as if the spammers were trying to pull a little Microsoft-grassroots tactic.
The reality of the situation is that we disclose to users our methods of preventing spam quite clearly, and we have yet to see a single user complain, much less cancel their service because of our spam fighting tactics. In actuality, our subscriptions have risen as word has started to spread that for every 100 spams you get at our competition, you'll get 1 with us. This is an issue that users feel strongly about, and we've had a purely positive response from our actions. Users regularly (not an exaggeration -- REGULARLY) contact us just to express their pleasure with the low volume of junk e-mail they receive. I can't remember the last time a user called just to say "thanks" for anything else.
More customers should be told about what their ISP's mail admin gets up to. They're usually told "FooISP protects your mailbox from SPAM" and that's that. If Joe Customer knew that political coercion shit like SPEWS was being used and their mailbox was being held hostage by rogue admins for political gain, they wouldn't stand for it.
First, what the heck is a "rogue admin"? Are we talking AD&D, or are you actually implying that by protecting my customers against the biggest nuisance on the net today, I'm somehow behaving improperly? I'm sure I'm frustrating the heck out of spammers, but nobody else has complained.
Second, SPEWS (red flag as soon as you brought that up...you smell of NANAE) explains its purpose quite clearly to anyone who listens. SPEWS is attempting to coerce ISPs to enforce their own terms of service, because end users on the net are sick and tired of the amount of spam they receive. My customers not only stand for this, they applaud it regularly as I mentioned.
Finally, as I touched on before: we make no effort to *hide* the fact that we take all possible precautions to give our users the kind of service they want. I happen to believe thats a better path to success than cramming your advertisements down the throats of anyone and everyone you can find against their will.
Something is fishy here. I watch the newsgroups and spam mailing lists, and I see very few if any legitimate mistakes[...]
Well, I don't keep track of those, but I did not initiate contact there (who would?).
Depends on the blocklist, but I find that the owners of many do tend to at least read NANAE on a regular basis.
The block list was the ORBS list. The previous IP block assignee had (apparently) several open relays. As to the IP block, I will refrain from specifying it. All I need is some slashdotter DOSing it because they hate opposite points of view (and no, I don't mean you). I will say this: our ISP is Sprint, for whatever it may matter.
So you got IPs previously owned by a spammer (ORBS is not SPEWS, ORBS blocks only spammer IPs) from sprint, and because people have understandably taken steps to block the junk waste-of-bandwidth traffic pumping out of those IPs you are glad the maintainers of lists of such abusers are being DoSed? How very sensible. Way to handle that situation right on all angles. Don't yell at sprint -- cheer when the list owner has crimes committed against them. The way I see it, the three days without e-mail is not the fault of the owner of the blocklist, its the fault of the spammers and the ISP who let them spam.
Here's a scary thought for you: What if everyone reverted to private blocklists only? Do you really think that, overall, there would be fewer problems with e-mail if, instead of a single point of contact for the list, you had to contact each and every admin who blocklisted your IPs?!? I've already reverted to this tactic to pick up the slack in my spam ratios caused by the disappearance of osirusoft.
They do have the right, and they chose to close their servers (ask them why they did not *choose* to weather the storm). I never said they did not, nor did I (or my employer) ever try to silence their opinions or actions.
So, you support their right to their opinion, but you're really happy when someone does the electronic equivalent of creeping up behind them and sucker punching them in the face for their trouble?
They did not break anything physically, just like spam does not do physical damage either (hey, hard disks spin whether or not they are doing anything).
The US Department of Commerce estimates the losses attributable to spam this year alone will reach into the billions of dollars. That's "no damage"?!?
As with spam, the damage was that we had much lost time and productivity when e-mails never got through because of the blacklist.
Hard disks spin when they aren't doing anything, usually, sure. But many in our community pay for bandwidth usage, and forcing them to carry traffic that they didn't request and don't want does real, quantifiable damage to their bank account.
At any rate, the cause of the damage you suffered was not the maintainer of a blocklist. It was not even the mail server admin. It was a spammers, sprints, and your own.
As I said in my message, there was much grief and delay in correcting the situation because of the personalities/priorities of the blacklist admins.
You have to give them a little break, their job is quite obviously a thankless one, and people in the situation you were in have a tendancy to be rather impatient, nay, jerkish in their requests. So basically these are people who have taken it upon themselves to, for the good of the community, devote a good deal of time to architecting the backend, maintain a list, deal with pissed off lusers, and get DoSed. They can be a little grumpy, at times.
Hey buddy, I did not take away anything from you... You don't really believe what you are saying, do you? I think your statement is missing the element of reason.
Of course he knows you didn't literally take anything away from him. His point, and I found it rather obvious, is that you are celebrating the loss of choice that we admins now have. Moreover, you are celebrating someone who was trying to provide a useful service being DDoS'd.
The spam blockers already did, and that is what my message is all about.
How did "spam blockers" do anything with YOUR property?
Did you know, for example, that some business are hosted by Earthlink and Earthlink blocks spam to those hosted domains by using some blacklists? That's all fine, but what happens when the blacklist is wrong and critical business communications cannot get through even though *both* sender and receiver are constantly trying to contact Earthlink to resolve the issue...
Something is fishy here. I watch the newsgroups and spam mailing lists, and I see very few if any legitimate mistakes in listings brought to the attention of the list owners. Yet when I come over here to/., every other comment is about how many mistakes these blocklists make. Hmmm.
At any rate, I would point out that if you know you are mistakenly listed on a blocklist, contacting one of the third parties which uses that blocklist is not necessarily the quickest way to get your issue taken care of. Why not contact the people who actually have control over the list?
Where does your "it's my choice, dammit" argument fit into this?
At the point where the Earthlink administration decided to use the third-party blocklisting service.
Should we switch ISP because the blacklist people are not responsive? Or perhaps we should ask our suppliers and customers to switch ISPs instead of us? BUT WAIT!!!! You are talking about NOT forcing people to do anything!
I know: how about you get on slashdot and post some comments about a situation that I've never seen happen in my many years as a spam-fighin' admin. What blocklist has been unresponsive to correcting legitimate mistakes they've made? What IP block of yours has been affected?
Your hypothetical is quickly becoming a strawman.
Well, your world might just be small enough for this to hold true, and this would be a solid argument. In my world, where there are many different people e-mailing each other critical communications, and not everyone has direct control over their own servers, and often one depeneds on intermediaries to do the right thing, your argument has been proven dead wrong.
You haven't proven anything except your own ability to deliver a poor argument.
But whatever, to each his own. I did not shut down any blacklist servers myself, so if you feel you have lost something, you are directing your anger at the wrong person. All I know is that life became a lot better when we liberated ourselves from having anything to do with blacklists.
Don't take this the wrong way, but...you are a spammer, right?
Now, I respect your right to your opinion, just remeber I have a right to have my own (wrong?) opinion too.
I guess the only people who don't have a right to their opinion are the owners and users of blocklists, eh? Thank goodness some scr1ptk1d had the good sense to liberate us all from their oppression!
Slashdot Mirror
Spam is a problem, but it's not going to bring the internet to its knees anytime soon...
...being sent out now than 6 months ago? 12? 24? 48?
Oh...really? You don't think the plague of spam has done anything to hinder user adoption of or reliance on e-mail?
Do you think there is:
a) less spam
b) more spam
It's a big problem.
Well I kind of agree with the previous post, I mean come on our jails are already full. Take the money he made from spam and fund spam filtering projects! I think having to swap bunks with "Bubba" in jail for 20 years is over the top!
Hmm, you've got a point there. If we keep on with this whole kick of filling up the prisons with people who do things like establishing large trojan zombie networks in order make hundreds of thousands of dollars a year by sending unrequested recipient-paid advertisements to everyone on earth simultaneously, why, we won't have any room for all those awful marijuana users!
SPEWS is fugly. damn that's fugly. IMHO only of course. no proper access list or firewall rules.
They publish zone files...by doing a little elementary parsing you can turn it into any format you want, but part of the great benefit of DNSBLs is that they can be easily updated by a trusted central authority without any work at all on the part of you the admin. By using (or translating) the zone file yourself, you take on the responsibility of keeping it current. The last thing I as an admin need is another item added to my daily "check for updates" list.
no domain lists for postfix.
Domain lists? Most of the spam I see comes from bizarre fake domains or forged legitimate ones. Blocking by the IP of the SMTP session initiator is the only reliable method, since that is the only common thread that is not completely under the control of the spammers. I'm sure that's one reason they're now employing trojan-zombie networks -- it does signifigantly expand the amount of non-contiguous IPs with which they can trespass on your server.
but it's a start.
I don't really see your complaints, other than the aesthetic design of the site which I can't really comment on other than to say I've never had a problem navigating it. I've only really been there to read the FAQ and perform lookups, but for what its worth both those functions are as accessable as can be.
their site is very hard to navigate and use, or to find things directly.
What were you looking for that you couldn't easily find?
Support your local SPEWS. The problem you describe is exactly what SPEWS was created to fight, and exactly why spammers spend so much time badmouthing it -- its brutally effective.
I know that we've been debating spam the effectiveness of Spam legislation here on slashdot for the last couple days. YES, it might momentarily stem the flow of spam, but really laws like this allow too much leeway! If you think this will stop spam you have another thing coming!
I agree with you that this law will not stop spam. However, you make a leap from saying that this law will not work to "laws don't work", paraphrasing your subject. On that point I vehemently disagree. If the incentive to spam is strong, certainly there are far more lucrative crimes which the law has succeeded in reducing if not eliminating. Laws can be effective, because law enforcement can be very intimidating. That's their job. We simply need a strong law against spam. But we both agree, the (U)CAN-SPAM act is not it.
Technology on the other hand is the way to go. I recently got feed up with my hotmail account due to spam and I switched to another free site called Shadango.com. It allows me to check both my students address and hotmail thru one interface and it filters the spam out of my email, which is something this new law won't do.
That's great for you as a consumer, but what about me as an ISP? Don't I have a right to own a business and sell internet access to my users without having to pay for beefier hardware and fatter pipes just to handle the amount of completely unsolicited and unwanted junk e-mail we take in?!?
I'm not saying that services like Shadango.com are the answer but they are definitely a step in the right direction! And that's my two cents!!!
Nothing personal against shadango, I'm not that familiar with their service, but these band-aids are just that, they are not a step in the right direction. They're just another step in the arms race.
If anyone here thinks for a minute that this abominable piece of legislation is an "accident" caused by those writing it being non-technical, wake the hell up.
Every single word of this bill was intentionally crafted to do what it does -- make Congress look anti-spam to everyone except spammers. This is a Congressional "wink and nod" to all the scum out there who are more than happy to cost you money to try to sell you something.
Remember, kids, messing with other peoples' computers "for fun" is bad and wrong and the FBI will hunt you down. If you're going to make money at it, and of course you allocate some of that money to bribing^Wlobbying Congress, thats a whole different story. Sigh.
# The Spamassassin installation documentation could be better written IMHO.
What documentation couldn't be better written? If its really that bad, you could always put in the time to update it yourself. I haven't found it all that lacking at all, in fact, the man pages are extremely verbose.
# Why doesn't RedHat's update service offer constand updates to the current version of SpamAssassin?
That's a RedHat flaw, not a SpamAssassin flaw. The reviewer should not have punished SpamAssassin because the linux distribution he chose was out of date (and probably a bad choice anyway).
# Why doesn't it (as mentioned in another post) have the most important configuratoin setups included in their overall configuration GUI?
SpamAssassin has no configuration GUI. I would much rather the brains that are working on SpamAssassin continue to improve the core functionality of their product, that is detecting and filtering spam, than to waste time developing a GUI. SA is made for competent mail server admins. If you can't handle editting a text configuration file, trying to run an internet mail sevrer is just asking for trouble.
This "journalist" is a grade-A moron as has been demonstrated sufficiently already in this thread. The one new thing I have to add to this conversation is that, contrary to the following statement:
SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users.
SpamAssassin (anything remotely resembling a current version) supports per-user whitelists and other preferences. It takes a little more skill to set up, but frankly the end result is way better than anything you're likely to achieve with a commercial product. The users of my ISP can simply log into a secure space on our website, where they can then view their assassinated spam, change their default score, and create individual white and black lists. This is accomplished with nothing but SpamAssassin, Apache, MySQL, and a few glue scripts. I would put our OSS-based solution in a head to head with any of those commercial offerings.
1) SA uses blacklists, not blocklists.
Uhhh...same thing.
The behavior I find objectionable is the blocking of email based on IP. Providing notification to the user that the ISP thinks that email may be spam is not bad -- I can't see how it would be anything but good. SA does not (by default) *eat* email. It may mark it up.
Of course, each score contributes to the mail being rejected. You'd really rather have all the mail actually blocked by blacklist fail silently instead of giving you a 550 when you try to send?
2) I don't use said features of SA.
Hey, good for you. Mind if I ask why?
3) As I've posted elsewhere in the thread, there are better technical fixes (limiting amplification is a good, simple one) to attempting to keep network costs from being unacceptable. Conflating the problem of dealing with network costs on the server and the problem of avoiding wasted human time on the client is the major reason antispam folks have cause others so much pain.
Say...what? I can't even parse that. Are you trying to say in a roundabout way that "antispammers" have wasted end-users time? Given the amount of complaining end users do about spam, I don't think that argument holds up. Although the tactics we've had to use have matured and become more effective as time went on, the root cause is and always was spammers.
4) Vendor support shouldn't be automatically dropping questionable email *anyway*. All email originating from dialup IPs is decidedly not spam. It'd be pretty awful if someone sends out a question and then just doesn't get a response.
Most e-mail originating from dial-up IPs is spam. I don't know where you're running your mailserver or for whom but your experience seems to exactly contradict mine.
That's not the way spam works. An independant entity is doing SPAM and it is based in Russia. It will advertise "Get the lower rates for your mortgage" for example. Then, when someone respond to that and give its name/address, the Russian company will sell the personal informations collected to any company willing to pay $2 (or $n) for it in the U.S.
Maybe there are a few that work this way, but for the most part this is *not* how spammers operate. I will avoid posting a step by step, but its pretty easy to figure out what affiliate programs are really intended to do, and its damn obvious that all those dialup systems in other countries aren't owned by the spammers.
Most spammers are in the US, as are most businesses whos products spam advertises. They use fake affiliates to deflect complaints away from themselves ("oh, affiliate XYZ spammed you? spamming is strictly against our policy, that affiliate has been removed!"...yeah right) and hand off credit card processing to shady merchants. The actual machines sending out the spams are mostly compromised always-on boxen in technologically developing countries, but don't let that fool you -- the spammers are still in the US and thus subject to US law.
You do raise a good point though...an effective anti-spam law would prevent spammers from hiding behind complex organizational structures by exposing all the players to risk.
I should also mention that you should pay attention to your choice of case. 'SPAM' is the meat product in a can made by Hormel. 'Spam' is the crap you get in your mail spool.
Hormel has been extremely tolerant with the usage of their trademark. That distinction is the least we can do in return, in my opinion.
Because there isn't (to the best of my knowledge anyway) any way for people to stop these calls from coming in the first place. Sure, they can opt to not answer the phone, or leave it off the hook, but there is no way to stop the call from reaching your phone. Given that, regulation was the only solution until private industry comes up with a gadget to identify and block unwanted calls.
And such is exactly the case with spam. There isn't anyw ay for people to stop these spams from coming in the first place. They can try to filter after the fact, the telephone equivalent of the TeleZapper. Using that solution also will result in real, legitimate e-mails being missed sooner or later.
Robbery, murder, trespass all still happen, so I wouldn't say the laws against those acts are particularly effective at preventing them.
You wouldn't? You don't think there would be any more robbery, murder, or trespassing if there were no laws against these acts? Or are you suggesting that unless a law is immediately 100% effective, it has no value?
It ought not be necessary to expect people to lock their doors every night, but it's a good idea, and a reasonable expectation. So is SPAM filtering.
Spam filtering is not analogous to locking ones door at night. Locking ones door at night (denying entry to anyone who does not posess a key) would be more like authenticated senders, an idea now being put forth as a serious solution to spam. Of course, this entirely destroys the value of e-mail as an open communications medium.
SPAM is none of the above, unless you consider fliers, credit cards, and other physical junk mail to be unauthorized access to your property. That stuff isn't illegal; why should SPAM?
Postal junk mail, where postage is paid sender rather than the recipient, and where one can cause the messages to stop with one simple request to the post office, is not like spam in any way other than both are methods of advertising.
Posting fliers, handing out hand bills, or otherwise advertising on someones private property in contravention of a posted notification is a crime. My computer systems are my private property, and notification that spam is not welcome is available on my website as well as given when connecting to my mail server. Putting a flyer directly into someones mailbox, avoiding the US postal system, is a felony, and actually I would consider that more analogous to spam with fake received headers.
I submit that most people would be happy enough with simply reducing SPAM to an acceptable level. There are ways to do it; hell I only get about 3 SPAMs per week, if that! And I don't even filter my mail!
First, what is an 'acceptable' level of spam? I'm willing to bet that if you gave everyman a choice between receiving "some spam" and "no spam", they would choose "no spam" every time. Besides, in my opinion, the only "acceptable" level of abuse of my mail server is "none at all".
Second, you claim that there are ways to prevent yourself from receiving spam, but you fail even to hint at what these methods are, except that they are not filtering. I cannot understand or comment on your methods until you actually disclose what they are.
If you mean to suggest compartmentalizing the distribution of your e-mail address, I would point out that this is only somewhat effective anyway, and regardless of how effective it is its a solution that reduces the usefulness of e-mail. I don't want to have to keep my e-mail address a secret. The great strength of e-mail is that anyone on the internet reading something I have written can be given a piece of data allowing them to get in touch with me at any time. Concealing your address ruins this openness.
But that's just a guess. You haven't given us any inkling of these magical techniques you use to receive only 3 spams per week...and to share an anecdote of my own, in the time its taken me to compose this reply, I have received 8 spams to my primary work account.
Just checked again, its now 9. If I wait another 60 seconds, it will be 10...
"Anyway, baby steps... we don't have to stop the spam problem with one big, perfect piece of legislature all in one blow..."
Perhaps this is the Libertarian in me speaking out, but I'm not convinced that SPAM has or needs a government solution.
I'm confused on several points by this. First, I'm not quite sure why the Libertarian in you is objecting to anti-spam legislation, unless you as a Libertarian are also against the Do Not Call list? I haven't heard a lot of libertarian objection to that. Second, you seem to be saying that you're not sure if legislation can be effective in combatting spam. To that, I say: bullshit. Laws have proven effective in preventing just about any action one person takes against another -- the laws effectiveness is merely a function of how it is written to interact with the society. If you can't conceptualize an anti-spam law that would stop spam within our borders, you aren't very creative. A $10k fine for each spam sent, $100k/spam fines for companies that can be demonstrated to consistantly either through deliberate action or structural organization ("affiliate" programs) allow spammers to profit, and $1mil/incident fines to any credit card merchant who can be shown to do business with spam outfits after being made aware of their practices.
Hell, I don't even need the full power of congress to stop spam. If I could force credit card merchants to rewrite their contracts....all it would take would be a 'spammer' clause. Of course, legislation would probably be required, as shady outfits are not likely to cut into their sole profit source voluntarily.
Remember -- spammers are trying to take your money, that means somewhere along the line they have to expose themselves. That's where you go after them.
ISP's that use products like SpamAssassin can help reduce the amount of SPAM that gets to users' inboxes, and client-side software can filter it further.
What's your point? Planting land mines in your yard to prevent trespassers can be effective as well, but that ought not to be necessary.
Like you said, there's no perfect solution. But in this case I'd say that government is not needed.
Why do you feel that way? In every other case of unauthorized access to computers, theft of services, and fraud, the legal system is felt to be the proper venue for resolution. Why not, specifically, in this case?
People who are agitated by SPAM enough to want to take measures against it are probably within their ability to do so.
In order to counter your assertion, I invoke: reality. Clearly, no person regardless of their distaste for spam or technical aptitude has yet discovered a reliable method for stopping spam.
And here's proof.
This is divide and conquor in action, folks. Old boy is trying to create a rift between the people who have designed and created the internet, and the average non-technical person who uses that creation.
I don't envy this guy, he has a difficult job ahead of him convincing the common man that turning the internet into a corporate battleground is a better way to run things than we already have.
Ohhhh...what?!?! I can't believe I got an anti-MS joke modded down on slashdot.
ATTENTION MODS: The above is a joke, as was the original comment. Obviously its safer just to label it. Jeez.
This was hardly the victory the anti-spammers (including myself) were hoping for.
I believe even cursory review of the court documents reveal that since the outset, this lawsuit was designed not to achieve victory in court but to harass the defendants and cause them to have to expend time and funds to fight it. There was absolutely 0 chance that they could have successfully argued that people maintaining lists of ip addresses of any sort could be held liable for jack squat.
Here are the facts: The judge granted the plaintiff motion to dismiss the case. Felchstein and the EMA desperately wanted to end this lawsuit before it went to discovery -- that could lead to the exposure of the members of the EMA, people who have very good reasons for staying hidden. The defendants did not obtain a judgement granting them legal fees, and now owe tens of thousands of dollars.
All of this means the lawsuit succeeded in every regard -- the antispammers time and money has been wasted, and the spammers are no worse off since Felchstein is in their pocket.
I failed to make one point I guess -- it isn't necessarily the idea of an integrated scheduler/tracker/calander/mail server from the end users view point that I have a problem with...it's the twin issues of anyone taking some standard protocols and twisting them so nothing else can interoperate fully, and the fact that Exchange epitomizes feature-poor, underengineered, unreliable Microsoft software.
Its important to seperate the technical architecture of these solutions from their appearance to the end user. That's the only way you can get the best of both worlds.
For my personal business with 12 employees total, we use sendmail and use a web based group management software.
BUT the minute you are talking about 30k worth of employees, you need something like this.
Why does it have to a single application? Integration can occur at many points.
Exchange does what it needs to do -- its a business solution that businesses need and have asked for.
You're just avoiding any specific discussion of the features or merits of outlook by saying "business" a lot as if to imply "business needs" are incomprehensible to anyone except "business" understands. I'm in the information technology business, it's my *job* to evaluate technologies applicability to business needs. None of that changes the fact that Exchange is a poor piece of software.
You either haven't used it to its advantage or too idealistic (or more to the point, way too fucking cool...yeah...geek attitude gets the chick) and will never understand this need.
Says who? I have used Exchange, in one of those smallish environments you mentioned before (they thought they needed it before I got there -- I got rid of it ASAP). It sucks. In every conceivable way. It does nothing you can't accomplish other ways, if you are even mildly creative.
Again, I have searched for a solution that works for a large group of peoples and I haven't found one yet.
If you really want an enterprise class directory server, go call PeopleSoft or Oracle. Nobody uses Exchange for that.
I'm forced to guess at what features you are so desperate for, since you haven't mentioned any of them in specific.
As one of the other posters mentioned, Kolab and Kontact might be potential competitors in the future -- but they have a LONG way to go right now.
The only reason Exchange is seen as the "only solution" is because it took several different, unrelated tasks and combined them, creating a new category of software in the minds of PHBs. Each one of these tasks could be accomplished in a more reliable, robust way with seperate applications, and integration can take place at a different level.
IMO, building a calander/to-do-list/scheduler/task tracker into a mail server makes about as much sense as installing a wet bar in your Geo Metro.
"As a heavy but non-technical computer user it has been extremely frustrating for me to encounter 404 errors. Naturally, they happen at the busiest times," said Roy S. Lahet, vice president of Planning for Mercy Behavioral Health. . .It is difficult for me to see a downside to this user friendly enhancement."
So, the summary of Verisigns argument seems to be that while network administrators and the like think SiteFinder sucks, end users are the ones who we should care about.
Examine this logic closely. The judgement of network administrators, aka experts on the internet, regarding issues related to the infrastructure of the internet, is irrelevant.
They are out-and-out advocating that a lack of understanding of the technical foundation of the internet is exactly what qualifies one to make reliable technical decisions.
Is there no lie too bald-faced, no distortion too absurd, or no consequence too detrimental as long as there is money to be made? Am I the only one who doesn't think like that?!?
The more layers there are in a solution like this, the more work is required to maintain it and the greater the chances are that something could go wrong.
Impossible. We're talking about implementing a Microsoft product. The chances of something going wrong are already 100%.
Microsoft *IS* insecure, but find a decent mail solution, that has scheduling and can also deal with groupware aspects such as Project in a single package...I'm not talking about individual packages...I'm talking ONE package that works seamlessly.
Ever hear of "embrace and extend"? Now, instead of a mail server being expected to efficiently route mail, its expected to fill the roles of a mail server, file server, database server, web server, directory server, desert topping AND a floorwax. Gee, thanks MS!
Maybe the real problem that needs to be addressed is a lack of understanding on the part of management that throwing the biggest most expensive and expansive solution at every problem is exactly why there are so many problems to begin with.
Jack-of-all-trades software, like Exchange, always sucks.
Ignored in the fracas is a startling truth: The Do-Not-Call list is going to be a failure. It's also an example of the worst sort of government regulation. The two arguments against a Do Not Call list are job loss and the power of marketing. The direct marketing industry has been crying out about potential job losses. Losing two million jobs, many going to low income rural Americans, is a bad thing.
Two problems with this line of reasoning. First, the two million jobs figure is attributable to the Direct Marketing Assoc., and as such is immediately suspect. Job loss estimates by more independant sources, such as the analyst quoted in a story about this issue in last weeks USA Today (the writer's name escapes me) put the real job losses somewhere around 1/4th or less of that.
The second, and larger problem is that you are failing to see the big picture. The core of the problem is that a large industry has formed to provide a service that consumers not only don't want, but actually find highly intrusive and annoying. Regardless of how many people are employed by these paid harassment companies, the fact of the matter is such paid harassment ought to have been made illegal a long long time ago, before it got to the stage that 2 million people are employed as paid telephone harassers.
And I can believe that the choice direct telemarketing offers (would you like to switch your phone service for 2.9 cents a minute?) helps consumers in the long term.
I don't suppose you'd care to explain how, exactly? I have never heard of anyone getting a good deal from a telemarketer. Even if one did, does that excuse bothering the other 999 people that had no interest in receiving the same offer while they were eating dinner?
But let's break down why the Do Not Call list is going to fail: Nonprofits, Politicians and Business Process.
OK. Let's go.
The two biggest abusers of telemarketing are politicians and nonprofits.
Are you going to back this up with anything besides an anecdote? I will grant you that I do receive my share of calls from non-profits, but I receive far more from businesses trying to sell me something. I haven't been logging any statistics, but I would estimate that I get about 20:1 commercial/nonprofit calls. Certainly, commercial entities make up the lionshare of the annoyance calls I get.
I can't tell you how many times the Virginia State Police Association has called me asking for money. And my phone rings off the hook come election time with Get Out the Vote Calls. These two groups are exempted under the Do Not Call list.
Because that really would run into the Constitution. Regulating political speech in any way is a big no-no for our government, for the best of reasons. I would still try to make the case that nobody should have the right to call you at your house without your permission to advertise anything to you, but I understand why Congress is nervous about dealing with that.
But the exemptions, once created, can only be expanded.
Why? I can't think of why anyone would expand the exemptions. This is easily the most popular piece of legislation they've dealt with in several sessions.
Do nonprofits that hire commercials solicitors need apply?
I would suspect that acting on behalf of a non-profit organization would be the same as being a non-profit yourself. Thank you for reminding us of one more reason why all 2 million call center jobs aren't suddenly going to vanish.
What about nonprofits cross-selling commercial products (Greenpeace offering a MBNA Credit card?
As that is a commercial solicitation, I would expect that to be illegal.
The NRA offering AT&T phone service). If our intent is to create a zone of privacy, why let in two industries off the bat.
By definition, nonprofit organizations and political entities are not industry.
And why it may reduce the number of ca
All I can say is "thank God I'm not your customer".
I'm just as thankful!
If there's one thing I can't stand, it's overzealous mail weenies pettily blocking swathes of the Internet the size of Brazil.
Funny you should mention Brazil, they're blocked!
I've already had to change ISPs twice because of their dumb-ass "block legitimate mail and laugh" attitudes. They can keep their attitudes, but they will never get any more of my money until they change.
I make no effort to block legitimate mail, in fact just the opposite.
As for your money, if I lose your patronage to gain that of 100 people who are sick and tired of the e-mail address they pay for being cluttered with porn and penis enlargement ads, so be it.
See, that's why I am immediately and strongly suspicious of the disparagement of blocklists by anonymous cowards on slashdot: they all give basically the same argument, but this argument seems not to exist anywhere outside of anonymous forums on the internet. It's almost as if the spammers were trying to pull a little Microsoft-grassroots tactic.
The reality of the situation is that we disclose to users our methods of preventing spam quite clearly, and we have yet to see a single user complain, much less cancel their service because of our spam fighting tactics. In actuality, our subscriptions have risen as word has started to spread that for every 100 spams you get at our competition, you'll get 1 with us. This is an issue that users feel strongly about, and we've had a purely positive response from our actions. Users regularly (not an exaggeration -- REGULARLY) contact us just to express their pleasure with the low volume of junk e-mail they receive. I can't remember the last time a user called just to say "thanks" for anything else.
More customers should be told about what their ISP's mail admin gets up to. They're usually told "FooISP protects your mailbox from SPAM" and that's that. If Joe Customer knew that political coercion shit like SPEWS was being used and their mailbox was being held hostage by rogue admins for political gain, they wouldn't stand for it.
First, what the heck is a "rogue admin"? Are we talking AD&D, or are you actually implying that by protecting my customers against the biggest nuisance on the net today, I'm somehow behaving improperly? I'm sure I'm frustrating the heck out of spammers, but nobody else has complained.
Second, SPEWS (red flag as soon as you brought that up...you smell of NANAE) explains its purpose quite clearly to anyone who listens. SPEWS is attempting to coerce ISPs to enforce their own terms of service, because end users on the net are sick and tired of the amount of spam they receive. My customers not only stand for this, they applaud it regularly as I mentioned.
Finally, as I touched on before: we make no effort to *hide* the fact that we take all possible precautions to give our users the kind of service they want. I happen to believe thats a better path to success than cramming your advertisements down the throats of anyone and everyone you can find against their will.
Something is fishy here. I watch the newsgroups and spam mailing lists, and I see very few if any legitimate mistakes[...]
Well, I don't keep track of those, but I did not initiate contact there (who would?).
Depends on the blocklist, but I find that the owners of many do tend to at least read NANAE on a regular basis.
The block list was the ORBS list. The previous IP block assignee had (apparently) several open relays. As to the IP block, I will refrain from specifying it. All I need is some slashdotter DOSing it because they hate opposite points of view (and no, I don't mean you). I will say this: our ISP is Sprint, for whatever it may matter.
So you got IPs previously owned by a spammer (ORBS is not SPEWS, ORBS blocks only spammer IPs) from sprint, and because people have understandably taken steps to block the junk waste-of-bandwidth traffic pumping out of those IPs you are glad the maintainers of lists of such abusers are being DoSed? How very sensible. Way to handle that situation right on all angles. Don't yell at sprint -- cheer when the list owner has crimes committed against them. The way I see it, the three days without e-mail is not the fault of the owner of the blocklist, its the fault of the spammers and the ISP who let them spam.
Here's a scary thought for you: What if everyone reverted to private blocklists only? Do you really think that, overall, there would be fewer problems with e-mail if, instead of a single point of contact for the list, you had to contact each and every admin who blocklisted your IPs?!? I've already reverted to this tactic to pick up the slack in my spam ratios caused by the disappearance of osirusoft.
They do have the right, and they chose to close their servers (ask them why they did not *choose* to weather the storm). I never said they did not, nor did I (or my employer) ever try to silence their opinions or actions.
So, you support their right to their opinion, but you're really happy when someone does the electronic equivalent of creeping up behind them and sucker punching them in the face for their trouble?
They did not break anything physically, just like spam does not do physical damage either (hey, hard disks spin whether or not they are doing anything).
The US Department of Commerce estimates the losses attributable to spam this year alone will reach into the billions of dollars. That's "no damage"?!?
As with spam, the damage was that we had much lost time and productivity when e-mails never got through because of the blacklist.
Hard disks spin when they aren't doing anything, usually, sure. But many in our community pay for bandwidth usage, and forcing them to carry traffic that they didn't request and don't want does real, quantifiable damage to their bank account.
At any rate, the cause of the damage you suffered was not the maintainer of a blocklist. It was not even the mail server admin. It was a spammers, sprints, and your own.
As I said in my message, there was much grief and delay in correcting the situation because of the personalities/priorities of the blacklist admins.
You have to give them a little break, their job is quite obviously a thankless one, and people in the situation you were in have a tendancy to be rather impatient, nay, jerkish in their requests. So basically these are people who have taken it upon themselves to, for the good of the community, devote a good deal of time to architecting the backend, maintain a list, deal with pissed off lusers, and get DoSed. They can be a little grumpy, at times.
Hey buddy, I did not take away anything from you... You don't really believe what you are saying, do you? I think your statement is missing the element of reason.
/., every other comment is about how many mistakes these blocklists make. Hmmm.
Of course he knows you didn't literally take anything away from him. His point, and I found it rather obvious, is that you are celebrating the loss of choice that we admins now have. Moreover, you are celebrating someone who was trying to provide a useful service being DDoS'd.
The spam blockers already did, and that is what my message is all about.
How did "spam blockers" do anything with YOUR property?
Did you know, for example, that some business are hosted by Earthlink and Earthlink blocks spam to those hosted domains by using some blacklists? That's all fine, but what happens when the blacklist is wrong and critical business communications cannot get through even though *both* sender and receiver are constantly trying to contact Earthlink to resolve the issue...
Something is fishy here. I watch the newsgroups and spam mailing lists, and I see very few if any legitimate mistakes in listings brought to the attention of the list owners. Yet when I come over here to
At any rate, I would point out that if you know you are mistakenly listed on a blocklist, contacting one of the third parties which uses that blocklist is not necessarily the quickest way to get your issue taken care of. Why not contact the people who actually have control over the list?
Where does your "it's my choice, dammit" argument fit into this?
At the point where the Earthlink administration decided to use the third-party blocklisting service.
Should we switch ISP because the blacklist people are not responsive? Or perhaps we should ask our suppliers and customers to switch ISPs instead of us? BUT WAIT!!!! You are talking about NOT forcing people to do anything!
I know: how about you get on slashdot and post some comments about a situation that I've never seen happen in my many years as a spam-fighin' admin. What blocklist has been unresponsive to correcting legitimate mistakes they've made? What IP block of yours has been affected?
Your hypothetical is quickly becoming a strawman.
Well, your world might just be small enough for this to hold true, and this would be a solid argument. In my world, where there are many different people e-mailing each other critical communications, and not everyone has direct control over their own servers, and often one depeneds on intermediaries to do the right thing, your argument has been proven dead wrong.
You haven't proven anything except your own ability to deliver a poor argument.
But whatever, to each his own. I did not shut down any blacklist servers myself, so if you feel you have lost something, you are directing your anger at the wrong person. All I know is that life became a lot better when we liberated ourselves from having anything to do with blacklists.
Don't take this the wrong way, but...you are a spammer, right?
Now, I respect your right to your opinion, just remeber I have a right to have my own (wrong?) opinion too.
I guess the only people who don't have a right to their opinion are the owners and users of blocklists, eh? Thank goodness some scr1ptk1d had the good sense to liberate us all from their oppression!