You're not making any sense. I too don't use any form of AV software on Windows, and in a large number of years (online with computers since 1991 or so) I have never been infected by a virus.
What does a list of unpatched IE vulnerabilities have to do with anything? Who said I used Outlook or OE for mail? Hint: I don't. Who said I use IE to browser the web? Hint: I don't. Even if someone sent me an email worm, and even it it somehow got past the executable-attachment-blocker my email host uses, it would not do squat because I don't let email anywhere near a MS product.
-not unlike the whole "if a tree falls in the middle of the forest, does it make a sound?" argument, it is impossible to *harm* an artist or label by downloading and listening to a song you would never consider buying in the first place. however, you are most definitely harming the artist/label by downloading the new album put out by your favorite band that you would buy if it were not for your ability to download said album.
I don't buy it. What about the case where I would have had absolutely no intention of buying a certain album, but since it's available for download I try it out and find out that I really like it. If the album was encoded properly and with sufficient quality, I have very little desire to go out and buy it. This has happened to me countless times... I know some people would say that the artist and the label just got a fan that will eventually buy something; or others might say that they would go out and buy CDs from that artist anyway. But *I* wouldn't, not if I could get most of their work in a sufficient quality for free -- note that I'm not talking about that shit quality stuff on Kazaa, I mean full-album lame.mp3 --alt-preset releases that often come with artwork.
So to play devil's advocate, I have just downloaded an album that I had absolutely no intention or desire to buy. So, it's not like the label has -lost- anything. However, if I had heard about them from any other means than file-sharing (such as a friend or the radio) I probably -would- have bought the album. So, in that sense it has cost a sale.
No, lack of an IP address is -not- a problem with SMTP. In fact you can look at any spam email and tell quite easily (if you know what you're doing) what the IP address of the machine that originated the email.
The problem is not the lack of this information; rather, the issue is that in 99 out of 100 cases this origin is an unsecured or otherwise anonymous proxy. I don't care how many times you log the IP address in an email message, if that message originated from an anonymous proxy there is nothing you can do about it. The Received: headers already do a perfectly good job of this, and SMTP is not broken in that regard. Close all those thousands of open proxies and you'd make serious progress.
If you don't like SPEWS' policies, don't use their blacklist.
If your mail is blocked because of SPEWS, make sure to inform both the recipient and their ISP that SPEWS blocked legitimate mail.
But what you can't do, is tell someone that they aren't allowed to publish a list of IP ranges that they feel should be boycotted. That's all this is. No one behind SPEWS is blocking anything (except perhaps their own personal systems.) The mail blocking is being done by hundreds or thousands of email administrators out there that are fed up with spam and have found SPEWS better than no SPEWS. It is not your right to tell people what they can or can't do with thier own personal machines. You can tell them that you think what they are doing is wrong or bad -- and you should if you feel that way. Indeed, if everyone that had legitimate mail blocked informed the recipient's postmaster, then the public perception of SPEWS efficacy would be changed. That is the only true way to change the situation, you need to drop this notion that somehow it's illegal to publish a list of IP addresses that you feel are contributing to some perceived act of spam.
What the hell are you smoking? Godaddy is a full accredited registrar, no strings attached. Sure, they try to throw in their services when you order, but none of it is selected by default so you get the "$9/year" domain registration if you just keep clicking.
As far as "giving you full access to DNS", I think you're confused. A registrar does not run DNS servers, that's your responsibility as owner of the domain. Now, you may be confused with the fact that the whois information also holds names and IP addresses of the nameservers themselves -- and yes, godaddy gives you this in their basic $9 rate. Or, possibly you are confused because a lot of registrars ALSO offer a DNS service, but the two are completely seperate things. With -any- registrar you can list any DNS servers that you want, which provides you full and complete control over DNS for your domains. The only thing the registrars do is update the top level name servers with whatever information you supply. IN other words the DNS responses for a domain are completely a function of the server you specify and how you configure it, and have absolutely nothing to do with the registrar.
No wonder people think that they have to stay with register.com, with misinformation like this floating around.
Uhh, the whole point of NAT is that the numbering scheme you use inside your private network is completely shielded from other networks. If you use 10.0.0.0/8 for your own small LAN that's behind a NAT gateway it won't matter one squat what numbering scheme is used anywhere else, since the gateway -translates- between them, hence "network address translation."
Or, more importantly, what happens when you're carrying a monitor in your arms and accidently step on little Johnny's hand (because you can't see down there) and the mother decides to sue you? It's ridiculous, I know, but it's also part of any business.
Christ, anything's possible, but that doesn't mean it's probable. The probability that two files are both valid MP3 formats and contain something that remotely resemble music and still have the same MD5 hash is -astronomically- small.
And futhermore, copyright infringement is not a criminal case, it's a civil matter. That means that you don't have to show "beyond a reasonable doubt", rather it comes down to a "preponderance of evidence", i.e. you have to show that it was more likely than not, subject to jury's interpretation of course.
So while fingerprints and DNA and whatnot will always be questioned in criminal cases because there's "always a chance of an error", the discussion is meaningless for a civil trial because all that's required is to show that the possibility is very unlikely (which is is.)
Yes, but to do that audit all you do is walk down each aisle of the warehouse or store with a magic scanner that excites all the RFID tags in a 3m range. This is in contrast to having to pay some slob to physically count each package on each shelf every so often and record the results.
Think of the volume of soda cans vs. the volume of computers shipped, and you realize that this becomes a lot more significant when it's ubiquitous (i.e. on everything) as opposed to a few large-dollar items.
And nobody cares what the criminals do with the tags, it's the ones that aren't stolen (i.e. the vast majority) that matter. As in, the warehouse database knows exactly what's sitting on the floor, and the distributor knows exactly what's on each truck, and the retailers know exactly what's on each shelf. And they know how long it took each of them to get to those places, because they were scanned in at each stop.
Only if that software is GPLed. So, that means the kernel, and any GNU user space utilities. However, if they wrote their own kernel module, they don't necessarily have to release any code for that, and any userspace programs can be written and released under any license they choose. Remember that glibc is LGPL which means simply linking against it does not cause that code to become "tainted."
For a good example of this, just look at Tivo. They make available the source to the kernel, plus a few minor patches, but they don't release the code to their actual core Tivo app, since that's not a GPLed work. If Tivo had to release their source for their core Tivo app, it would radically change their business model, since anyone would be able to compile and run their own Tivo. (Yes, you can do that now but you'd be doing it with someone else's code, not the Tivo code.)
Now if glibc were covered by GPL and not the LGPL, this would all change.
If [they] were to be highly concerned about security, they wouldn't even have workstations with off-the-shelf distributions on them. They'd download the source code themselves, inspect it, and compile the distribution as an internal thing.
Yeah, right! As if the support department has time or inclination to play phone tag with a bunch of students. And using the messenger popup service is no good, as it will be disabled in a lot of cases (if the person has any clue) and even if not, it can easily be ignored, much like all sorts of other popups and annoyances that person likely puts up with.
The people that work for colleges know that the one thing that makes people come in and ask what's going on is when their net access stops working. You can then hand them a CDR from a stack with all the latest Windows Updates and tell them that after they've run this disk to call back and they'll have their access granted.
The support staff's job isn't to track down the owners of infected machines, that's their owners' responsibility. The support staff's job is to keep the network running, and isolating infected machines does that very well. You also get the additional benefit of cutting off any new infections before they have time to spread to other vulnerable machines, rather then waiting and playing phone tag with the machine's owner.
The lameness is believing that it will do anything to protect you. The script kiddies look for vulnerable servers by trying the exploit itself, not by believing the version number the server reports.
And the parameter that controls this (ServerTokens) is not new to 2.0, it's been in the 1.x series for a while.
I keep getting the mental image of Cartman running this lawsuit... it's like that bit where they're playing "Bosnians vs. Americans." Stan says something like "I shot you Cartman, you're dead." "Uh, no way, I have.. uh.. special... armor that's--" "No way! Every time we play Bosnians vs. Americans you cheat! Goddamn it!" (or something like that.)
- an essential step in the utilization of the computer program in conjunction with a machine
or
- for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful
I agree with the sentiment... but you're not buying the contents, you're buying the physical medium and the -right- to a copy of the data. You don't own the data itself. If that were the case you could turn around and rebadge it and sell it as your own. (Note: I'm not talking about reselling the DVD on half.com, I'm talking about duplicating and selling massive number of it for profit.)
Oh please. The original comment was that it was not possible to run windows sanely with proper privilege separation, that windows does possess that capability. That is false to fact as it's had it since day 1 in the NT tree. If it comes installed unsecurely from Dell, it's Dell's fault, not an inherent fault of the operating system. If you install XP yourself and don't create a regular non-Administrator account to use, it's your fault. There is nothing inherent to XP/2k/NT that forces you to run as root all the time, that is the misinformation.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files
This comment is full of misinformation it's not even funny. THe above is a non-issue these days. The majority of windows users now use XP which is perfectly capable of having an administrator account seperate from the day-to-day account, which has read/write access to only what it needs. Windows 2k and NT before it were also able to do this. By dragging that line that "everyone is root" you're simply taking assumptions about the WIn98 days and falsely applying them to the current situation. To say that windows is "designed that way" is simply wrong and misleading. The whole NT line was designed from day one with all the "proper" controls such as ACLs, privelege tokens, process controls, quotas, auditing, etc. In fact NT's ACLs are more sophistcated than the old POSIX "rwx" type. They have a much finer granularity.
Don't get me wrong, I'm not saying that a lot of Windows users aren't logging in as administrator, or as an account with admin priveleges. THey are. And that's dumb. But it's hardly windows' fault. If I setup my Linux box and always log in as root, is that somehow the distro's fault? No, that's user error.
Unfortunately, I don't think the logic that most of the purchasers had was really all that unreasonable. Naturally, I would never order from a spammer but when you consider how humans think it's not that hard to see why this would be appealing.
Take for example people that buy lottery tickets. Anyone with any common sense knows that it's a sucker's bet, but yet people still feel like they're buying some glimmer of hope. They think that fot such a small amount they're getting a chance at greatness, no matter how insignificant that chance may be.
It's the same with the penis pills -- hardly anyone that orders them really truly believes they will do anything, but for $30 (or $50, whatever) the very slight chance that they just might possibly add just a tiny bit of length is worth the risk. It's the old "nothing to lose but a few bucks and plenty to gain" scenario.
And if the product didn't involve spam per se, I'd say by all means knock yourself out. Unfortunately these people's "penis lottery tickets" mean that they perpetuate "spammer as profession", which should NOT be a viable means of doing business if everything was right with the world.
- The Supreme Court has made it blatantly apparent that no one should be forced to pay for someone else's commerical speech. See the Compuserve v Cyper Promotions ruling. In other words, your right to free speech ends at my door, I am in no way obliged to pay for you to advertise to me.
- SPEWS works exactly because it puts pressure on innocent third parties. Other methods have been tried and found not to work. The only way to stamp out spam is to make sure that ISPs will not tolerate spam in the slightest, and SPEWS is remarkably effective at this. As an analogy, if you lived in an apartment unit above a crackhouse in a bad part of town, you can't blame the Domino's driver for refusing to deliver there, given that he's been mugged at gunpoint before. Likewise, SPEWS represents the common emotions of the ISPs that choose to use it. By blocking mail brom SPEWS-listed netblocks they are saying, "This is our equipment and our rules, and we refuse to have anything to do with an ISP that supports spam." Remember, SPEWS doesn't block anything, they just publish a list of netblocks of people who spam or provide spam support. An added benefit is that truly innocent third parties are encouraged to either give their dirty landlord so much shit that they clean up, or they move to an ISP with a hat color that's not a few shades up from a black hole.
- Client side filtering (like your Bayes example) is effective but it will not do anything to solve the problem. Once the message has been accepted, that's it. The resouces are already wasted -- bandwidth spent, disk space used, user's modem BW occupied downloading it. Filtering is an automated means of "JHD" or "Just Hit Delete" which at its core is admitting defeat. Contrariwise, blacklists such as SPEWS that work -before- message delivery (ie at the connection level or during RCPT TO/MAIL FROM commands before the DATA phase) can cause those resources to not be wasted, and to cause some actual grief to the spammer. The spammer knows that most of his crap will be deleted but he doesn't care because it will always get through to a few. However, if all of his open-proxyies were suddenly rejected by every mailserver, he'd be unable to send anything and it would actually hurt his bottom line.
Spam is a big enough problem that no one should be apologizing for the spammers.
Slashdot Mirror
You're not making any sense. I too don't use any form of AV software on Windows, and in a large number of years (online with computers since 1991 or so) I have never been infected by a virus.
What does a list of unpatched IE vulnerabilities have to do with anything? Who said I used Outlook or OE for mail? Hint: I don't. Who said I use IE to browser the web? Hint: I don't. Even if someone sent me an email worm, and even it it somehow got past the executable-attachment-blocker my email host uses, it would not do squat because I don't let email anywhere near a MS product.
I don't buy it. What about the case where I would have had absolutely no intention of buying a certain album, but since it's available for download I try it out and find out that I really like it. If the album was encoded properly and with sufficient quality, I have very little desire to go out and buy it. This has happened to me countless times... I know some people would say that the artist and the label just got a fan that will eventually buy something; or others might say that they would go out and buy CDs from that artist anyway. But *I* wouldn't, not if I could get most of their work in a sufficient quality for free -- note that I'm not talking about that shit quality stuff on Kazaa, I mean full-album lame.mp3 --alt-preset releases that often come with artwork.
So to play devil's advocate, I have just downloaded an album that I had absolutely no intention or desire to buy. So, it's not like the label has -lost- anything. However, if I had heard about them from any other means than file-sharing (such as a friend or the radio) I probably -would- have bought the album. So, in that sense it has cost a sale.
No, lack of an IP address is -not- a problem with SMTP. In fact you can look at any spam email and tell quite easily (if you know what you're doing) what the IP address of the machine that originated the email.
The problem is not the lack of this information; rather, the issue is that in 99 out of 100 cases this origin is an unsecured or otherwise anonymous proxy. I don't care how many times you log the IP address in an email message, if that message originated from an anonymous proxy there is nothing you can do about it. The Received: headers already do a perfectly good job of this, and SMTP is not broken in that regard. Close all those thousands of open proxies and you'd make serious progress.
If you don't like SPEWS' policies, don't use their blacklist.
If your mail is blocked because of SPEWS, make sure to inform both the recipient and their ISP that SPEWS blocked legitimate mail.
But what you can't do, is tell someone that they aren't allowed to publish a list of IP ranges that they feel should be boycotted. That's all this is. No one behind SPEWS is blocking anything (except perhaps their own personal systems.) The mail blocking is being done by hundreds or thousands of email administrators out there that are fed up with spam and have found SPEWS better than no SPEWS. It is not your right to tell people what they can or can't do with thier own personal machines. You can tell them that you think what they are doing is wrong or bad -- and you should if you feel that way. Indeed, if everyone that had legitimate mail blocked informed the recipient's postmaster, then the public perception of SPEWS efficacy would be changed. That is the only true way to change the situation, you need to drop this notion that somehow it's illegal to publish a list of IP addresses that you feel are contributing to some perceived act of spam.
OMG! Carl, is that you? Look everyone, he's channeling Sagan!
What the hell are you smoking? Godaddy is a full accredited registrar, no strings attached. Sure, they try to throw in their services when you order, but none of it is selected by default so you get the "$9/year" domain registration if you just keep clicking.
As far as "giving you full access to DNS", I think you're confused. A registrar does not run DNS servers, that's your responsibility as owner of the domain. Now, you may be confused with the fact that the whois information also holds names and IP addresses of the nameservers themselves -- and yes, godaddy gives you this in their basic $9 rate. Or, possibly you are confused because a lot of registrars ALSO offer a DNS service, but the two are completely seperate things. With -any- registrar you can list any DNS servers that you want, which provides you full and complete control over DNS for your domains. The only thing the registrars do is update the top level name servers with whatever information you supply. IN other words the DNS responses for a domain are completely a function of the server you specify and how you configure it, and have absolutely nothing to do with the registrar.
No wonder people think that they have to stay with register.com, with misinformation like this floating around.
Agreed completely. This is about as useless and stupid an "Ask Slashdot" I've ever seen posted. What's next?
Ask Slashdot: My Company Violates the GPL, How Can I Effectively Hide This?
Ask Slashdot: What's Your Opinion on Fraud?
Ask Slashdot: I'd Really Like To Get Into Spamming, Can I Have All of Your Email Addresses Please?
Uhh, the whole point of NAT is that the numbering scheme you use inside your private network is completely shielded from other networks. If you use 10.0.0.0/8 for your own small LAN that's behind a NAT gateway it won't matter one squat what numbering scheme is used anywhere else, since the gateway -translates- between them, hence "network address translation."
Or, more importantly, what happens when you're carrying a monitor in your arms and accidently step on little Johnny's hand (because you can't see down there) and the mother decides to sue you? It's ridiculous, I know, but it's also part of any business.
Christ, anything's possible, but that doesn't mean it's probable. The probability that two files are both valid MP3 formats and contain something that remotely resemble music and still have the same MD5 hash is -astronomically- small.
And futhermore, copyright infringement is not a criminal case, it's a civil matter. That means that you don't have to show "beyond a reasonable doubt", rather it comes down to a "preponderance of evidence", i.e. you have to show that it was more likely than not, subject to jury's interpretation of course.
So while fingerprints and DNA and whatnot will always be questioned in criminal cases because there's "always a chance of an error", the discussion is meaningless for a civil trial because all that's required is to show that the possibility is very unlikely (which is is.)
Yes, but to do that audit all you do is walk down each aisle of the warehouse or store with a magic scanner that excites all the RFID tags in a 3m range. This is in contrast to having to pay some slob to physically count each package on each shelf every so often and record the results.
Think of the volume of soda cans vs. the volume of computers shipped, and you realize that this becomes a lot more significant when it's ubiquitous (i.e. on everything) as opposed to a few large-dollar items.
And nobody cares what the criminals do with the tags, it's the ones that aren't stolen (i.e. the vast majority) that matter. As in, the warehouse database knows exactly what's sitting on the floor, and the distributor knows exactly what's on each truck, and the retailers know exactly what's on each shelf. And they know how long it took each of them to get to those places, because they were scanned in at each stop.
Only if that software is GPLed. So, that means the kernel, and any GNU user space utilities. However, if they wrote their own kernel module, they don't necessarily have to release any code for that, and any userspace programs can be written and released under any license they choose. Remember that glibc is LGPL which means simply linking against it does not cause that code to become "tainted."
For a good example of this, just look at Tivo. They make available the source to the kernel, plus a few minor patches, but they don't release the code to their actual core Tivo app, since that's not a GPLed work. If Tivo had to release their source for their core Tivo app, it would radically change their business model, since anyone would be able to compile and run their own Tivo. (Yes, you can do that now but you'd be doing it with someone else's code, not the Tivo code.)
Now if glibc were covered by GPL and not the LGPL, this would all change.
If [they] were to be highly concerned about security, they wouldn't even have workstations with off-the-shelf distributions on them. They'd download the source code themselves, inspect it, and compile the distribution as an internal thing.
...
Or save some time and just install OpenBSD
Yeah, right! As if the support department has time or inclination to play phone tag with a bunch of students. And using the messenger popup service is no good, as it will be disabled in a lot of cases (if the person has any clue) and even if not, it can easily be ignored, much like all sorts of other popups and annoyances that person likely puts up with.
The people that work for colleges know that the one thing that makes people come in and ask what's going on is when their net access stops working. You can then hand them a CDR from a stack with all the latest Windows Updates and tell them that after they've run this disk to call back and they'll have their access granted.
The support staff's job isn't to track down the owners of infected machines, that's their owners' responsibility. The support staff's job is to keep the network running, and isolating infected machines does that very well. You also get the additional benefit of cutting off any new infections before they have time to spread to other vulnerable machines, rather then waiting and playing phone tag with the machine's owner.
Who the hell modded this as flamebait? what the hell are you smoking?
This is exactly my feeling on the matter, it's the pure truth and there's nothing flamebait-ish about it at all.
The lameness is believing that it will do anything to protect you. The script kiddies look for vulnerable servers by trying the exploit itself, not by believing the version number the server reports.
And the parameter that controls this (ServerTokens) is not new to 2.0, it's been in the 1.x series for a while.
I keep getting the mental image of Cartman running this lawsuit... it's like that bit where they're playing "Bosnians vs. Americans." Stan says something like "I shot you Cartman, you're dead." "Uh, no way, I have.. uh.. special ... armor that's--" "No way! Every time we play Bosnians vs. Americans you cheat! Goddamn it!" (or something like that.)
McBride: "we have.. uh.. special... source code..."
Bullshit. Title 17, Chapter 1, Section 117 specifically allows you to make copies of any computer program so long as it's:
- an essential step in the utilization of the computer program in conjunction with a machine
or
- for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful
Don't spew things that are false.
I agree with the sentiment... but you're not buying the contents, you're buying the physical medium and the -right- to a copy of the data. You don't own the data itself. If that were the case you could turn around and rebadge it and sell it as your own. (Note: I'm not talking about reselling the DVD on half.com, I'm talking about duplicating and selling massive number of it for profit.)
Oh please. The original comment was that it was not possible to run windows sanely with proper privilege separation, that windows does possess that capability. That is false to fact as it's had it since day 1 in the NT tree. If it comes installed unsecurely from Dell, it's Dell's fault, not an inherent fault of the operating system. If you install XP yourself and don't create a regular non-Administrator account to use, it's your fault. There is nothing inherent to XP/2k/NT that forces you to run as root all the time, that is the misinformation.
Windows operates on an everyone is root notion, allowing anyone to make changes to system resource files
This comment is full of misinformation it's not even funny. THe above is a non-issue these days. The majority of windows users now use XP which is perfectly capable of having an administrator account seperate from the day-to-day account, which has read/write access to only what it needs. Windows 2k and NT before it were also able to do this. By dragging that line that "everyone is root" you're simply taking assumptions about the WIn98 days and falsely applying them to the current situation. To say that windows is "designed that way" is simply wrong and misleading. The whole NT line was designed from day one with all the "proper" controls such as ACLs, privelege tokens, process controls, quotas, auditing, etc. In fact NT's ACLs are more sophistcated than the old POSIX "rwx" type. They have a much finer granularity.
Don't get me wrong, I'm not saying that a lot of Windows users aren't logging in as administrator, or as an account with admin priveleges. THey are. And that's dumb. But it's hardly windows' fault. If I setup my Linux box and always log in as root, is that somehow the distro's fault? No, that's user error.
That's 'delrin'. Would assume it was a typo but you did it twice.
Unfortunately, I don't think the logic that most of the purchasers had was really all that unreasonable. Naturally, I would never order from a spammer but when you consider how humans think it's not that hard to see why this would be appealing.
Take for example people that buy lottery tickets. Anyone with any common sense knows that it's a sucker's bet, but yet people still feel like they're buying some glimmer of hope. They think that fot such a small amount they're getting a chance at greatness, no matter how insignificant that chance may be.
It's the same with the penis pills -- hardly anyone that orders them really truly believes they will do anything, but for $30 (or $50, whatever) the very slight chance that they just might possibly add just a tiny bit of length is worth the risk. It's the old "nothing to lose but a few bucks and plenty to gain" scenario.
And if the product didn't involve spam per se, I'd say by all means knock yourself out. Unfortunately these people's "penis lottery tickets" mean that they perpetuate "spammer as profession", which should NOT be a viable means of doing business if everything was right with the world.
Stop apologizing for spam.
- The Supreme Court has made it blatantly apparent that no one should be forced to pay for someone else's commerical speech. See the Compuserve v Cyper Promotions ruling. In other words, your right to free speech ends at my door, I am in no way obliged to pay for you to advertise to me.
- SPEWS works exactly because it puts pressure on innocent third parties. Other methods have been tried and found not to work. The only way to stamp out spam is to make sure that ISPs will not tolerate spam in the slightest, and SPEWS is remarkably effective at this. As an analogy, if you lived in an apartment unit above a crackhouse in a bad part of town, you can't blame the Domino's driver for refusing to deliver there, given that he's been mugged at gunpoint before. Likewise, SPEWS represents the common emotions of the ISPs that choose to use it. By blocking mail brom SPEWS-listed netblocks they are saying, "This is our equipment and our rules, and we refuse to have anything to do with an ISP that supports spam." Remember, SPEWS doesn't block anything, they just publish a list of netblocks of people who spam or provide spam support. An added benefit is that truly innocent third parties are encouraged to either give their dirty landlord so much shit that they clean up, or they move to an ISP with a hat color that's not a few shades up from a black hole.
- Client side filtering (like your Bayes example) is effective but it will not do anything to solve the problem. Once the message has been accepted, that's it. The resouces are already wasted -- bandwidth spent, disk space used, user's modem BW occupied downloading it. Filtering is an automated means of "JHD" or "Just Hit Delete" which at its core is admitting defeat. Contrariwise, blacklists such as SPEWS that work -before- message delivery (ie at the connection level or during RCPT TO/MAIL FROM commands before the DATA phase) can cause those resources to not be wasted, and to cause some actual grief to the spammer. The spammer knows that most of his crap will be deleted but he doesn't care because it will always get through to a few. However, if all of his open-proxyies were suddenly rejected by every mailserver, he'd be unable to send anything and it would actually hurt his bottom line.
Spam is a big enough problem that no one should be apologizing for the spammers.