MAPS RBL Challenged In Court Case

An Anonymous Coward sent in "Direct Magazine is carrying the story Yesmail Gets Restraining Order Against MAPS Blacklist (curiously dated July 17). YesMail has apparently obtained a restraining order preventing MAPS from entering it into its Real-time Black-hole List."

Weird

[Jeffrey Baker]

Company A is suing group B to prevent group B from adding company A to a list. Once you distill it that far, it is an obvious restraint on free speech. MAPS, as long as they are careful to show the reasons, has every right to put Yesmail on a list. Obviously, Yesmail would agree to be on a list of, say, the Red Herring top 100 internet companies, so they also have to be willing to be listed for their questionable practices.

MAPS RBL

[jCaT]

I got stuck on this list for having an open relay. At first I was extremely pissed that this rogue group was preventing me from sending mail! Once I found the hole and fixed it, I called the phone number on their site and it was fixed within 15 minutes. The ONLY way you get on this list is if you are "nominated" by someone since they recieved spam that passed through your servers. Sure, it can be a hassle- but there's _no_ reason anyone should have an open relay. As a cursory check, I scan the headers of all the spam I get, and check it against the RBL. Invariably the servers are on the list already- sometimes they've been there for months!

I can see how some people might go as far as to take them to court for it, but that takes a lot longer than 15 minutes!

Free speech violation, that's what it is.

[Victor Danilchenko]

MAPS is a private entity, and usage of their services is entirely optional. Yes, they wield a lot of influence -- so what? Suing them to prevent inclusion into the RBL database is like suing an influential magazine to prevent them from giving your product a bad review, simply because such bad review may disrupt your business. While we are at it, why not sue a competitor for trying to disrupt your business?.. Fucking corporate maggots...

I hope Yesmail gets slapped with a huge 'frivolous lawsuit' charge, the assholes.

--

Open Relays

[NatePWIII]

There is nothing at all wrong with an Open Relay in fact if we had less spammers there would probably be many more available for legitimate use. The problem is with the Spammers, I say go after them not the ISP's and others trying to provide relays for us to use.


Nathaniel P. Wilkerson
NPS Internet Solutions, LLC
www.npsis.com [npsis.com]

Could we sue censorware makers, too?

[NMerriam]

I don't see how the heck this can progress -- what restriction does a private company have on using another private company as a filtering list manager for their own private business?

This would also imply that someone listed on a censorware package could sue for exactly the same thing, which is presumably restraint of trade (since they talk about the adverse economic impact?) or possibly defamation (for listing them as "spammers")?

Once more, we've got an interesting techno-legal battle that will have much greater effects than I think we immediately forsee.

But if these guys win against MAPS, I'd suggest a quick suit against censorware makers under the same principles...

I'm an investigator. I followed a trail there.
Q.Tell me what the trail was.

Re:Weird

[Jeffrey Baker]

It isn't slander. MAPS provides the rationale for each entry on the RBL. There are five specific acts that will get you on the RBL. They are listed on this web page [mail-abuse.org]. All the RBL says is that the people on the list are doing one of these five things. Judgement is then passed by the subscribing ISPs, who choose not to deal with ISPs who are on the list. It's simple, and it isn't slander.

Re:Weird

[Silver A]

Company A is suing group B to prevent group B from adding company A to a list. Once you distill it that far, it is an obvious restraint on free speech.

You're right. But the courts may not see it that way. The First Amendment doesn't apply terribly much these days. The Supreme Court has explicitly ruled that "commercial speech" is afforded a lesser protection than political speech. Even political speech is under attack these days, and the courts are only slowing down "campaign finance reform", not stopping it.

In this particular case, YesMail can claim that MAPS will be committing a fraud upon the public (potential and actual YesMail customers) which will damage YesMail, if MAPS puts YesMail on the RBL. The judge has to grant the TRO if there is any possibility that YesMail can prove MAPS' statements about YesMail to be false and therefore fraudulent. A permanent injunction would require YesMail to actually prove that MAPS' statements are false.

IANAL, but I am smarter than most lawyers.

Why didn't they reply to the "remove" address?

[icqqm]

Surely, MAPS included a "remove" address at the bottom of its email so that the company could just reply to have its email address removed from the list. And it's not like they have reason to sue, it says it's legal right in the email right under where it says "this is not spam and complies with US spamming regulations"

Time to manually block yesmail

[Izaak]

Looks like I will be manually adding yesmail to my spammers blocking file. Hopefully a good precedent will be set by this case, and the RBL will not be gutted.

Thad

Re:Weird

[Jeffrey Baker]

Yeah, the TRO is terribly easy to get, let's hope that the MAPS people kill this in the next round. You're right about the Supreme Court, too, and although they are coming around to a slightly more strict constitutional interpretation, the rest of the federal judicial branch continues to erode freedom at a pretty frightening pace.

Your last line is great.

Argh. Bastards!

[Booker]

MAPS is just a list. A list that says "We feel that these mail servers may not be secure, and that they may be used to send unsolicited email."

The administrator of a system may choose to use MAPS to block servers in that list, knowing the strengths and weaknesses of the MAPS system.

Those admins are exercising control over their machines - and this is worthy of a restraining order?

---

MAPS are only as powerful as their subscribers

[pdw]

MAPS are only as powerful as their subscribers make them. Any administrator signing up to MAPS RBL is saying, on behalf of all of their users, that they are happy to not recieve mail coming from any server listed on the RBL.

MAPS are not forcing this on anyone. People sign up to MAPS because we trust their judgement on what is and isn't mail abuse. If they start turning up too many false positives, people will unsubscribe from them as the number of complaints from users that can't recieve email from people they want to starts to exceed the number of complaints about spam. For example, many people avoid signing up to ORBS because they find their policy too cavalier. It's a self regulating system.

By signing up to the RBL, people are effectively saying "we don't want to recieve mail from you unless you comply with MAPS' policy. Deal with it."

The restraining order

[Jim Tyre]

The article does not specify, but it is likely that the restraining order against MAPS was issued on an ex parte basis, with no appearance by an attorney for MAPS. It is not uncommon, and it is a reasonable inference from the fact that MAPS is in California, the order is from a court in Illinois, issued the same day the Complaint was filed.

The truer test of whether this case has any legs will come when MAPS has lawyers in court to defend it. Since it has an open invitation to be sued [mail-abuse.org], one would presume that MAPS will defend itself.

Sue Happy

[NatePWIII]

It amazes me how companies bring these frivolous lawsuits to the courts over absurd issues. If Yesmail was really legitimate they would contact MAPS and would work out whatever issues or problems they might have. Whenever, companies are forced to bring things to a lawsuit you can usuall y expect that there is some foulplay. Obviously, Yesmail is the culprit here, not MAPS. If there business was legit, MAPS would recognize that and they would come to some sort of amiable agreement. Companies such as Yesmail are a blight and should be shut down in my opinion.


Nathaniel P. Wilkerson
NPS Internet Solutions, LLC
www.npsis.com [npsis.com]

Did MAPS want this confrontation?

[John Jorsett]

What's interesting is that MAPS has posted a roadmap on how to sue it, apparently wanting to get a court to establish the legitimacy and legality of its tactics. It wouldn't be surprising to find out that they consciously provoked YesMail to get their case before a judge.

Re:Go for it!

[ChadN]

Putting someone's name on a list of child molesters is NOT illegal (according to the First Amendment). If you do so, AND you know it to be false, AND it causes "damages" to be incurred to the wronged party, you may be sued in civil court to repay those "damages". The wrongdoer won't get a misdemeaner or felony offense on their record, or be put in jail, though. (IANAL).

The First Amendment is there to PROTECT the kind of speech that may cause "harm" to others (like saying a certain politician is corrupt, thus harming him if they are not re-elected. Such speech is not illegal (in theory), regardless of its effect). The issue of whether you are justified to "harm" someone, is separate.

Re:Go for it!

[Plasmic]

You said, "why not use intelligent filtering?". Umm.. in the future, please be more vague.

Like it or not, the RBL does a good job of stopping spam. The obvious problem is with how much other traffic it stops. So, "better" is pretty relative. It's a sliding bar -- do you want very very little spam to get through and also block lots of legitimate traffic or do you want some spam to get through and only block a little legitimate traffic, etc.

Anyhow, the discussion is not about whether the RBL is good or bad. I happen to think that it's got some rather fundamental flaws, but that's neither here nor there. The fact of the matter is that the RBL is, in every way, legal.

The Internet providers are the parties that are choosing what action to take based on what addresses are on the list. As long as you agree that the people that run the network own the network (they do), then it's obvious that those same folks have the right to say "no, I don't want my users to receive e-mail from these people."

Now, most of the reactions to this line of thinking are something like, "but the network admins shouldn't be able to control my e-mail, dammit!" -- this merely stems back to my original point: it's not about what you think is good or bad; it's about what is legal. These providers are well within their rights to make that choice. So, it follows that MAPS is doing nothing wrong, merely by publishing a list of potential offenders and letting people do what they will with it.

Dissecting the situation down to, "you are depriving your users of their freedom of choice!" is bordering in ignorance (or maybe just a severe case of over-simplification).

Like it or not, the RBL is legal.

Re:People should becarefull

[jonnythan]

This is offtopic, but it's something I want to say.

That t-shirt is pretty cool, but I've got to say something, in complete honesty.

In my 6 years of using all flavors of windws - 3.1, 95, 98, nt, 2k - I have never seen a screen like that.

I dual boot into debian on my main box, an athlon I built from scratch, and i do a little programming in C++, so I'm not a computer novice or anything. I have NEVER seen a BSOD on any of the computers I've had..from crappy Compaqs' filled with nasty proprietary hardware, a couple Thinkpads, and my current PIII --> Athlon box.

Do these things actually happen? /.'ers make it sound like their computers BSOD every 20 minutes when they're in windows. What's up?

Re:MAPS are only as powerful as their subscribers

[mr]

>many people avoid signing up to ORBS because they find their policy too cavalier

Yes, Orbs is a net.terrorist Go look on the NANOG list and see other sysadmins who agree.

When I got attacked by ORBS, they were unable to provide any reason for the attack, and slapped a 'carttonie threats' to my host. All because they are unable to provide proof to why they attacked my host with probes.

YesMail placed me 'on their opt-in' and I *KNOW* I didn't opt-in. To date, YesMail has provided no proof of my opt-in.

I like their attitude at MAPS

[John Jorsett]

From here [mailabuse.org]: "Finally, don't waste our time with threats. We get all kinds of threats. If you intend to sue us, then get on with it. If you don't, then don't waste our time or yours telling us how actionable our activities are."

Re:I would rather filter my email myself

[sbeitzel]

Fine. Then don't subscribe to the MAPS RBL. If your upstream provider is doing so, then see if you can find another one who doesn't...and tell your current provider why you're leaving. It works for the Christian Coalition; if there are enough people who "think" like they do to do it, maybe you can find enough kindred souls to make a difference.

Personally, I think that the RBL is a good thing to have around. There are a lot of people who think that they can do whatever they want with electronic communications because it's their computer. Well, MAPS and the Usenet Death Penalty and subscribers all over the world, as well as individual users with their own filtering schemes are here to say that "your freedom to swing your fist stops at my nose". The spammers can do whatever they want...until their crap hits my network. Then I get to have some say about it. And that's a libertarian sentiment, too.

Re:What most people don't know about MAPS-RBL is

[seebs]

Yeah, people like RealNetworks, who proudly *BRAGGED* about having, get this,

FIFTY THREE FUCKING MILLION ADDRESSES ON THEIR LIST.

You can't get on the RBL just for running an unconfirmed list. *YOU HAVE TO GET COMPLAINTS FROM PEOPLE WHO DID NOT ASK TO BE ON IT*.

Re:I would rather filter my email myself

[Darchmare]

---
I dunno. I'm just a stupid libertarian
---

No you're not. You're seriously suggesting that companies shouldn't be able to choose what they can and cannot do to stop their customers from receiving spam. That's not libertarian at all.

Like any industry, you will find some companies use the RBL, and others don't. It's no more censorship than a private corporation not allowing someone to shout obscenities within their building.

A libertarian (which is what I generally consider myself) would laud the RBL for providing a service - a list of confirmed offenders - to the public. The public can choose if they want to use the list or not. It's that simple. If you'd rather receive mail from known spam sources, then you can switch to a competing company.


- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Not quite.

[HappyHead]

First, and foremost, anyone who actually winds up on the list is there because they chose to be there. They chose to 'run their mail server as an open relay', they chose to 'run their buisness through spamming', or even they chose to 'run a mailing list that dosen't require a conformation for subscription'. Thing is, they get a whole MONTH warning ahead of time, and free assistance in fixing the problem if there is one. If they then CHOOSE not to fix the problem, then they are on the list, plain and simple.

Second, they don't even go after people unless they have recieved complaints about them, and have investigated those complaints and found them to be valid. If they get an open relay reported to them, the first thing they do is verify it. If they get complaints of spamming, they check to see if there realy is a problem, and once again, they don't immediately drop them into the killfile, they discuss the matter with the person who has been accused, and try fix the problem if possible. And fixing the verification problem with a properly built mailing list program is easy if you're using something like MajorDomo, it's the default setting once you properly install it. The people who don't do things right are typically using spamware, or poorly configured systems, and they can get free help fixing it if they're willing to listen.

Unfortunately, there are some people out there who don't listen, don't care, or want to have something to fight about. After all, court fights make great publicity. I wonder how much yesmail.com's web trafic has gone up since they filed this lawsuit? Do you really think they're not profiting from the increased attention?

Where's the /. reading lawyer?

[sbeitzel]

A few weeks ago I saw a comment from a lawyer who said, if I may paraphrase, "STFU, all you 'IANAL but..' idiots. I am a lawyer and here's the way it really works..."

Okay. I want to see the lawyers talking about this. I don't want bored sysadmins who read a few Nolo Press DIY law books; I want the guys who do this for a living. What do you think? What does this really mean? Is this just smoke-blowing, or should we all start funneling money into the MAPS legal defense fund?

Re:Go for it!

[seebs]

You're right, it *is* your choice whether or not you want mail from cyberpromotions, or yesmail, or RealNetworks.

You exercise that choice by deciding whether or not to use the RBL.

You see, the RBL will *not* prevent you from getting mail, unless *YOU* decide to use it.

It's that simple.

Intelligent filtering doesn't solve the problem. The problem is not people *getting* junk mail, it's people *sending* it. This is a network abuse problem.

The internet is a cooperative network; if you don't cooperate, we don't network with you.

Re:Where's the /. reading lawyer?

[Vassily Overveight]

Okay. I want to see the lawyers talking about this. I don't want bored sysadmins who read a few Nolo Press DIY law books; I want the guys who do this for a living.

"Thank you for contacting Web Legal Opinions. Please deposit $500 for your first hour ..."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Maybe this can work both ways

[AnalogDiehard]

So Yesmail wants to "opt-out" of the RBL, huh?

I can't believe the irony :)

Re:Weird

[TekPolitik]

The Supreme Court has explicitly ruled that "commercial speech" is afforded a lesser protection than political speech.

Are your denying that MAPS is in any sense political? In fact, it is in part an organised protest against practices that the community finds objectionable. Listing sites that use those practices so as to coordinate organised protests is in fact clearly political speech.

Nothing wrong with open relays???

[Nicolas MONNET]

You've got to be kidding. If there was no spammer ... hell if there was no robbers there would be no need for locks either.

Damn it, this open relay problem has been documented and well-known for years, I've had a mail server completely stuck while I was on vacation (yeah that's usually when that kind of things happen ...) because some fucking spammer was able to send thousands of messages a minute thanks to an open relay, and happened to use a domain I administrate as a fake return address ...

And in that case the RBL (which I use) was of no help since all I got was all the bounces ...

That's what will happen ...

[Nicolas MONNET]

I guess that a significant number of sysadmins using the RBL will add those fuckers to their blocking list manually ... and now good luck getting unblocked!

And while we're at it

[mosch]

Yes, and car dealerships should stop bothering with gates and locks on the cars. After all, the problem is with car thieves. If they would just let anybody drive off with a car, it'd make many more cars available for legitimate purposes, like test drives.

I say unlock the cars, leave the keys in the ignition, and go after the car thieves.
----------------------------

Re:E-commerce

[Ungrounded Lightning]

What gives you (or anybody else for that matter) to decide what mail should or should not be allowed?

You misunderstand, or misrepresent, what is going on.

A lot of people don't want to receive unsolicited commercial eamil. And a lot of ISPs and business sites don't want their resources used to forward it, or their employees distracted from doing work while deleting it.

MAPS publishes a list of sources of unsolicited email. ISPs, businesses, and individual users may chose to use this list to filter out mail they don't want to bother to read or forward.

Use of the list is strictly voluntary.

Having your email forwarded, on the other hand, is not a right. It is a voluntary service of whomever forwards it. If a site does not wish to forward unsolicited commercial email - or any other email - originating from you, that's that site's prerogative.

Double opt-in

[CaptainSuperBoy]

I love the euphemisms that spammers use to further their lies. What we call using confirmation emails, they call "double opt-in", as if there were any acceptable "single opt-in" solution. With their "single opt-in", though, they are free to use their dirty lists as they please because if you complain to them they can just say "oh, sorry, someone else must have signed you up!" or, "You dummy, you must have signed up at one of our 'affiliates' and asked to be put on their mailing list". If you had to confirm all the lists you were on, they know that their dirty practices for putting you on lists would never work.

--

my take on it

[congiman]

A: First off, maps represents 3 types of blocking lists.
1: The RBL, which contains IP addresses of spammers
2: The DUL, which contains IP addresses of machines that should not be able to send mail to your server directly. Ie: a user at earthlink should always send mail to their mail server and then it should be routed to you. If they have a system that connects straight to you, it most likely is spam,
3: the RSS (relay spam stopper) that contains a list of open relays. This is a nice trick of spammers to send mail through someone else's machine and have them do the job of mailing everything out.

B. Getting your address.
Now, my take on the philosophy of MAPS, is that you should only receive what you elect to receive. ie: getting mail-bombed from 100's-1000's of companies just because you once posted to usenet without masquerading your e-mail address just should not happen. (This is not an exaggeration).

So, if you sign up for a newsletter, you receive the newsletter. Also, you should have a clear way on how to be removed from the newsletter. etc.

You also should have a choice in that they should not sell the e-mail addresses on the newsletter.

C: Legality, from the receiver's point of view
As to the legality of maps?
Personally, I like it.
Its 100% opt in, and you choose for yourself what list(s) you want to subscribe to, and away you go.

If you go to an ISP, you can usually find out very quickly if they subscribe to MAPS, and which particular lists.

D: Legality from the sender's point of view.
The basic idea, is that if you do nothing wrong, you have nothing to worry about.

To actually be listed on the RBL is not a slam dunk. You will be contacted more than once and you will have ample opportunity to make changes.

Ok so some of the changes may be considered completely rude by some, lets give examples:
1: the ability to unsubscribe yourself
2: The ability to make sure that only you sign yourself up, and not someone with a bogus e-mail address
3: Not to add users by a "buy 50million users on cdrom for $20" import utility.
4: if you are an ISP, not willing to do anything about people complaining you have spammers.
Usually, you can get by #4 by having a strong AUP against spam, and kicking user accounts that send UBE

E: Legal arguments
1: Restraint of trade?
Not in my opinion.
I consider and trust MAPS to be a meta-introducer. I want them to let me know who I should talk (receive e-mail from) to and who not to.
Its my/my companies/my ISP's choice, as its their machine.

2: Malicious
Not hardly, You will receive every chance not to make the RBL list.
The DUL list is usually contributed by the ISP themselves
the RSS is contributed by vitcims. Usually the Sysadmin of the victim's machine will ask for help to get it fixed, and maps will help do that.
Harly what I would consider malicious, when they help upgrade a victim's sendmail.

F: how to use it,
if you know how to make your own sendmail.mc insert these lines:

FEATURE(rbl)
FEATURE(rbl, `dul.maps.vix.com', `Dialup - see http://www.mail-abuse.org/dul/')d
nl
FEATURE(rbl, `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abu
se.org/rss')dnl

and away you go.

-- C

Re:Hmmm...

[John Jorsett]

Excellent point! If Yesmail can drag this thing out and make as much noise as humanly possible, they'll get a tremendous amount of free publicity (not all good, but remember the saying: "As long as they spell your name right ..."). And then if they finally capitulate to satisfy MAPS and get taken off the list, they can use the occasion to paint themselves as the now-conforming good guys whom advertisers should use. I wonder if they're really that Machiavellian?

Re:People should becarefull

[MostlyHarmless]

It happens. I've gotten bsods because of conflicts between programs, such as neoplanet and ie. If you have screwed up settings then it can happen a LOT; at a museum where I volunteer, they have one computer that will literally last no longer than 10 minutes max. without BSODing or otherwise crashing. Hardware problems and such can REALLY destabilize your machine because of priveliges given to device drivers that they shouldn't have (when was the last time Linux crashed because of a device driver?)

So open your SMTP port...

[Ungrounded Lightning]

God, I don't need internet censors deciding what I can and cannot see.

So open an SMTP port on your machine, publish an MX record pointing to it, and don't filter the mail with the MAPS list.

I don't believe that ISP's should turn to censoring their client's mail.

Isn't that a matter for the ISP and the client to agree on by contract? Isn't it the client's right to switch to a different ISP if he doesn't like the way the service is handled?

Why should ISPs be constrained to filter or non-filter mail according to YOUR preferences, rather than that of their clients?

And if all you're asking for is a signup option, why don't you try asking an ISP for it? If enough people ask for an option to have their mail unfiltered, I'm sure some ISPs will be willing to provide it.

Perhaps at an extra charge, to cover all the extra processing. B-)

But somehow I doubt that there's all that much demand for this "service".

Meanwhile, you can always sign up with an ISP that gives you a fixed IP address and a nameservice, open an unfiltered SMTP port, post an MX record pointing to it, and get all the spam you want.

Post a few netnews articles to get your ID on a few spammer lists, while you're at it. It might change your mind.

Re:The RBL is a scam.,..

[YoJ]

What examples are you thinking of? I would be very interested to hear of companies on the RBL that have never had spam complaints filed against them, and do not allow spam through their network.

Re:The RBL is a scam.,..

[seebs]

I can't find a single documented case of the RBL blocking someone for more than a day or so without a clear understanding that that entity was willfully supporting spammers.

Consider ibill, who did credit card processing for spammer scams. As long as ibill kept giving the people new credit card service, they could get free web sites, spam them, and collect money. Forever.

As to "the RBL's opinion of how to run an opt-in list", that "opinion" seems to be based on the fundemental truth that, if people are complaining about being added to a list, they must not have opted in. It really is that simple.

The RBL follows its charter excellently. If you'd like to name counterexamples, get specific; name companies, times, dates, and show your evidence that the entity in question did *not* contribute to a significant flow of spam.

Re:Go for it!

[Mullen]

Yes, you have right to free speech, but I also have the right to not listen to your speech. I also have the right to use a trusted source of my choice. If your speech costs me money (Time and resources dealing with your speech) then I have the right to block your speech towards me. You can talk to whom ever you want, on whatever topic, but I have the right not to listen.

If a customer, that gets email through my machines and resources, does not like that I block some speech for whatever reason, they are free to find a new ISP. There is plenty of competition in the free market.

Surely the restraining order lists them.

[Russ Nelson]

Surely the restraining order lists the exact entries that MAPS is prohibited from adding. Otherwise, how could they comply?
-russ

The types of SPAM and how MAPS works.

[Jimithing DMB]

There are several ways to send spam, for more information, look at the MAPS website [mail-abuse.org].

One type of SPAM comes directly from a dial-up account to your ISP's mail-server. This type of spam can be prevented if your ISP uses the MAPS DUL (Dialup User List). The idea is that no-one should be using a dynamically assigned IP to send mail, they should forward through their ISP's mail-server. Spammers don't want to do this though, because their ISP's mail-server will keep a very detailed log the messages sent.

Many times spammers will find what is known as an open relay. An open relay is a system which is accepting mail from anywhere and sending mail to anywhere. In the old days (that is, a few years ago) that was common practice. Now that spammers abuse this, any system which is an open relay and has been known to have had spam sent through it and has been reported to MAPS will be placed into the MAPS RSS (Relay Spam Stopper). Again, you must encourage your ISP to use the RSS to filter mail. There is one drawback to the RSS though: it blocks ALL mail from an otherwise legitimate mail-server. However, if the sysadmin of that mail-server gets his act together and stops the open relay, the system will be immediately removed from the MAPS RSS. The sysadmin can even contact MAPS for help, and there are volunteers available to help with server configuration.

The final list is the RBL, which is the one that is being challenged. The RBL is very unlike the other two lists. The RBL exists to stop known spammers. By using the RBL, a sysadmin is really putting his/her trust in MAPS. Personally, I do use the RBL because it does help keep the spam problem down. To get on the RBL, there must be a repeated abuse shown. The reason MAPS wants to add yesmail to the RBL is because they are being bad net citizens by allowing anyone to enter anyones e-mail address to subscribe to one of yesmail's mailing lists. So basically, one of your friends (or enemies) could send them your address and you would start receiving "marketing materials" from them on a regular basis. It is then your responsibility to opt-out of the list that you didn't even opt-in to in the first place!

What MAPS would rather see is for them to send one and only one e-mail to the address that contains further instructions to verify that the e-mail should really be subscribed to the list. If the person who receives the e-mail actually wants to be subscribed, then it is only one extra step for him/her. If the person does not want the e-mail, he/she does not have to do anything because yesmail should never send further correspondence unless requested to again.

Those are the basic facts about what is going on. I am sure several people have submitted yesmail to the RBL. Obviously, there are plenty of MAPS RBL subscribers who want yesmail on the RBL. Note that your ISP must subscribe to the RBL to actually have the e-mail blocked.

Now, for those of you saying that you don't want your ISP to use the services of MAPS, I say, tough shit, take it up with them. Do not forget that it is your ISP's server space and you are merely leasing the rights to use it and have an e-mail account and accesss and so on. If you don't like them filtering by the MAPS lists, then either ask them specifically not to filter your mail (which can be done) or get another ISP. Personally, I think you are crazy if you don't want your mail filtered by the MAPS lists, but to each his own I guess.

Anyway, talk to your ISP about filtering using MAPS and see if they will do it. Mention that it does reduce the load on their server resources because they no longer have to store and transmit mail that you don't want to see anyway!!

It's sad, really.

[AugstWest]

MAPS, as well as orbs.org [orbs.org] are really doing quite a service for the entire internet community.

After upgrading Exchange to sp6a (yes, 6, and yes, a. Ah, the life of an NT admin...), the server suddenly started relaying mail for outside machines, despite all of the changes I'd made to it pre-sp6a.

If I hadn't gotten the email, I wouldn't have known. MS never would have mentioned it, I had to dig for a day through their "KnowledgeBase" to find out what the problem was.

It's sad to see that companies are trying to stop these services from listing them.

Re:Where's the /. reading lawyer?

[rjh]

IANAL, but my father is a judge, my cousin is a DA, another is an ex-cop, another is... well, you get the idea. My experience is practical, not professional, and I am not suggesting that this is in any way a substitute for real legal advice. That being said:

1. YOU CAN BE SUED FOR ANYTHING.

There are laws on the books which are meant to cut down or eliminate frivolous lawsuits, but judges rarely reprimand attorneys for wasting the court's time.

2. LAW REALLY DOESN'T MEAN ALL THAT MUCH.

As soon as the jury is seated, it's an entirely different ballgame. Juries occasionally follow the law with diligence and probity, and occasionally they completely buck the judge's counsel and do whateverthehelltheydamnwellplease.

In this instance, a jury wasn't seated--the reason why I bring it up is because many legal proceedings do involve juries, and most /.ers seem unaware of just how mercurial juries can be.

3. TEMPORARY INJUNCTIONS ARE JUST THAT.

Temporary, and injunctions. Judges are prickly people, as a rule. Most of them are control freaks of such a high order as to dwarf absolutely any other profession out there--including doctors. There are two things which judges universally fear, though: one is being overturned on appeal, and the other is being humiliated.

If someone comes before a judge and says "Your Honor, this bad person over here is doing something which will cause substantial and irreparable harm unless you do something to help me right now", the judge has three choices:

* He can schedule a full hearing, and tell the aggrieved party "well, let's wait two or three months and just handle a full, permanent injunction hearing"

* He can execute summary judgment and declare that no such irreparable harm exists, and refuse to do anything

* He can issue a temporary injunction, and schedule a permanent injunction hearing for later.

... Remember: judges hate to be overturned on appeal and they hate to be humiliated. If the judge chooses the first or second option, that leaves him (a) free to be overturned, and (b) if the judge is wrong and irreparable harm does occur because the judge didn't issue an injunction, the judge will be publically humiliated.

Judges, therefore, overwhelmingly tend to be very lenient with temporary injunctions. Many of them claim that this leniency is in everyone's best interests, and it may well be--but I'm a cynic, and this colors my analysis. :)

4. TEMPORARY INJUNCTIONS ALWAYS EXPIRE.

This one is simple. Temporary injunctions always expire, and permanent injunctions last for as long as the Court (not the parties involved--at least, not necessarily) wants them to. In order to move from a temporary injunction to a permanent injunction, well--let's skip the procedural details, because it's likely not interesting to /. readers. Instead, just remember what I said about judges; they hate being overturned, and they hate being humiliated.

This gives them extremely strong motivation to consider permanent injunctions very carefully. If they misstep on procedural or logical grounds, it's cause for overturn on appeal; and if they make the wrong decision and someone loses their shirt as a result, then the judge gets humiliated.

So judges tend to view permanent injunctions with a much more careful, and skeptical, eye than they do with temporary injunctions.

... But, as I said, I'm not a lawyer and I don't know beans about the legal system. You'd be a fool to think that this is anywhere near competent legal advice. :)

What's the problem? spammers are theft of service

[ajv]

I've worked in ISP's before. The abuse queue at one of them (a very large one) jumped from an undercurrent of about 1000 outstanding items to over 1200 on the basis of one single spam incident. The ISP costs each abuse incident requiring action at $25 to reply and fix. Thus this one spam incident cost the ISP more than $5000 to manage and resolve, and that doesn't take into account the good will aspects. The bandwidth stolen from the ISP and the customer costs money as well, and to maintain a responsive system, most tier 1 ISP's have excess capacity. Spam is not really a big consumer of bandwidth unless you happen to be the sucker with an open relay, but the management costs are astronomical. In addition, of the twenty or so times I saw the results of abusive "customers" who bought $20 pre-paid internet accounts and injected several million messages per account before having it closed, the account costs this ISP many hundreds of dollars. The headers are all forged (who do you want to be today?), the recipients entirely unwilling. The mail administrators in one of the worst incidents worked until 2 am fixing this problem up. Does the spammer pay for this? I don't think so. If the local mail relays are full of unwanted messages from non-paying (or abusive) customers they cannot service the other 100,000+ customers legitimate traffic in a timely fashion. If they paid *all* the intervening ISPs (as if) for the full cost of their actions, and everyone opted in rather than the other way around, this would not be a major problem. It's not about free speech, but simply this: A is stopped from sending to C,D,E...n by B. A is stealing from C,D,E,..n's ISP and from C,D,E,..n, and from many intervening networks, and thus many managers and administrators do no like this loss, thus signing up for B's service. "A" does not pay for the privilege and they forge their identity. Why does "A" think they have a *right* to steal? UCE is theft of service. End of story.

Re:This is great!

[Foogle]

What if I published a list of homosexuals? And what if you were on that list? No crime there, but what if you weren't a homosexual? What if, because of that list, your wife left you and took the kids? There'd easily be grounds for a lawsuit then.

Now flashback to MAPS. What if yesmail isn't a spammer. Because of the list, yesmail will lose customers, and a potentially large amount of money. I'm not saying that yesmail isn't a spammer, but if they can convince a jury that they aren't... Well that's grounds for libel.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Comment removed

[account_deleted]

Comment removed based on user account deletion

How is this any different

[voidptr]

How is this any different from a mass boycott by subscribers of the RBL? Last time I checked, that was still a valid method of protest.

Re:I agree - spam demands legal solutions

[gilroy]

Blockquoth the poster:

While it greatly reduces spam sent to sites that subscribe to it, it can also be infuriating to be a customer of a company that is on the RBL and is unwilling to fix its open relays.

Um, that's the point, isn't it? If your provider is "unwilling" to fix the relays and would rather be blackholed, then you logically should move to another provider -- one who actually gives a darn about customer service. Eventually, if market theory or Darwin is right, the bad providers go out of business...

The main point: MAPS is voluntary

[Cerlyn]

Everyone seems to be skirting around the main point of this: MAPS is a voluntary system. No one says you must use it. ISPs that use MAPS normally tell their customers that they use it (or likely should). If you do not like that your ISP is using the MAPS system, you can ask for your account to be excluded (if they can), or find another ISP to use. Choosing an ISP with MAPS is choosing features, like choosing what areas with an ISP you have local dialups in.

Now IANAL, but you can say all you want. Talk and talk and talk if it makes you feel happy. If I put earmuffs on my own head (or let my ISP do so on my behalf), you have no right to take them off. I chose to have them put them on.

This is like Yesmail saying I can not hang up on a telemarketer because I must listen to what they say, no how matter how little (i.e. the subject line) I pay attention. This is not a good precendent.

Re:Weird

[dbombarc]

Jeffrey writes: Company A is suing group B to prevent group B from adding company A to a list. Once you distill it that far, it is an obvious restraint on free speech. then Silver A writes: The Supreme Court has explicitly ruled that "commercial speech" is afforded a lesser protection than political speech. The problem with turning this into a free speech debate is in that freedom of speech is supposed to be a right of actual people. The August/September 2000 Adbusters points out that corporate entities only gained access to constitutional protections once they became recognized as 'natural persons' under the Santa Clara County vs. Southern Pacific Railroad supreme court decision. This perverse mutation of buisnesses into people has given dangerous power to both companies like YesMail and MAPS. I am assuming that MAPS is a much less profit motivated group, and I respect their cause entirely, but they still are a buisness or sorts. Any buisness that has the same rights as people can use their power of free speech in combination with large sums of money to put up their words on billboards and tv ads while individuals must resign themselves to being voiceless in comparassion. I believe that MAPS should be supported. They defend people from the corporate word, aka the public word as weapon. It is not MAPS' freedom of speech that one needs to be concerned about. rather, we should be concerned with maintaining the right companies should have to defend individuals' freedom of speech. By undermining advertisment email, even ones that people have intentionaly subscribed to, MAPS is helping protect true freedom of speech, that of people.

What a moronic thing to do on Yesmail's part...

[Anonymous Coward]

This is incredibly moronic. The only thing yesmail achieves with an action like this is to land themselves on thousands of private block lists. I have made sure to update my access.db with all of their netblocks. Numerous others have been doing so as well, according to the comments in news.admin.net-abuse.email. It will be much harder, if not impossible for yesmail to get off of these blocks than it would have been to get off of a single list.

If I were yesmail's upstream providers, I would dump them like a hot pototato. Remember what happened when AGIS refused to dump Spamford Wallace? The rest of the Internet decided to route around them. Upstreams don't need entire /16 blocks of their network being effectively routed off of the Internet.

Remember, the average user may believe in the "Just hit delete" crap, but most of the people running networks are vehement anti-spammers.

Re:Weird

[softsign]

Didn't AOL sue a bunch of spammers a couple months back for "theft"?

Anybody know what ever happened to that?

--

even catholics have to request confirmation

[SomePoorSchmuck]

Well hooray for them. I'd define spam as "content delivered to a user without desire or request on the part of the user and prior warning/confirmation on the part of the deliverer"

I've had email since '90 (a moment of silence for the late, great BBSes), and though spam wasn't nearly as bad back then as it is now, I still quickly got over my timidity of telling everyone from strangers to close friends, "Don't bother sending me blonde jokes, political action reports, or anything that begins with 'FWD: FWD: RE: RE: Fwd: Re: READ THIS!!!!!!!!!'. I refuse to read such crapola -- I intend to use email as a way of increasing meaningful, first-hand COMMUNICATION between human persons."

Of course, not everyone was happy with this simple directive. Either they got over it, or *I* got over *them*, but it was/is not tolerated.

In any case, some of the people with whom I have casual, unprotected e-mail do not bother to conceal recipients when they send out a mass forward of "top ten reasons dogs are better than men having sex with dogs" or whatever putrid meme-virus is going around that week. One particularly annoying episode last year was due to morons who indiscriminately use the Reply-All button. I ended up getting harvested onto the mailing-list of a political interest group I didn't really like (let's just say if I had been in the military it could have been grounds for a discharge), receiving a long newsletter update about their URGENT ACTION ITEMS!!!!!! almost every day.

So I took some URGENT ACTION!!! of my own:
1)Reply to sender of the message, requesting removal (subject, body, non-script english).
no response, two days later, received newsletter.
2)Go to website look for unsubscribe area.
none there, receive four newsletters over the next week.
3)Send email to designated "Contact Us!" including copies of their newsletter along with my request to be removed from list; also suggest webpage removal form.
no response, receive several newsletters over the next week.
4)Send to abuse@ webmaster@ postmaster@ [domain.org] requesting personal removal, including copies of past requests and newsletters; re-iterate webpage suggestion.
no response, receive newsletters over the next four days.
5)Use DNS lookup to find addresses for the registrant, send request for removal including history (numbers 1-4).
finally, someone removes me from the list. although to be honest, it would have been nice to receive an apology from the bastards, or some indication that "we are adding a new form on our page whereby users may request removal in the future".

THE POINT IS: by having mailback-confirmation of list-adds (providing info on removal) they could have saved:
a)their time and resources
b)MY time and resources
c)my newly-earned, personal opposition to their cause (amusingly, protesting to end violations of civil liberties)

nmx [slashdot.org] is absolutely right on this.

___
the problem with teens is they're looking for certainties.

Re:E-commerce

[Ungrounded Lightning]

You need to take your troll detector in for a checkup. If the last sentance of his post didn't tip you off, I'm amazed you can operate a keyboard.

One of the forms of hacker humor is to respond literally to a totally outrageous statement or question.

B-)

Bad strategy

[emcdermid]

While in most cases any publicity can be good, Yesmail would be foolish to try this. Why? Because every ISP out there has the capability (and the right) to add Yesmail to their own private blackhole lists (not shared with anyone else; just preventing their own email servers from acception email from Yesmail, which is entirely within their rights). Yesmail will wind up on thousands of individual blacklists. Worse, because of the inertia of such lists, they'll never get back off all of them. It's already happening -- check out news.admin.net-abuse.email (NANAE). Precedent exists for this -- look at the history of AGIS, which was (for a time) a spam-friendly provider. They wound up on so many blacklists that they essentially became just a private network. They cleaned up their act, but could never get off enough private lists, and finally delared bankruptcy a while back. In a sense, MAPS was doing Yesmail a favor -- at least you can get back off the RBL.

And harder to get off...

[Ungrounded Lightning]

Even the injunction wouldn't be able to keep MAPS from publishing their address in a way that is NOT automated.

If MAPS had put them in the RBL, they could get things working again within hours after cleaning up their act. If thousands of individual sysadmins start adding them to their sites' individual black hole lists, it's likely they'll NEVER get their domain's mail working right again.

I think that even if the suit succeeds they're dead meat - as is any other domain operator that uses the legal system to block MAPS from black-holeing them.

Re:Weird

[Detritus]

Its not about MAPS right to put Yesmail on a list... MAPS, aparently, is slandering Yesmail. Slander is illegal.

Even if you assume that MAPS is slandering Yesmail, slander is not a crime, it is a tort, or civil wrong.

Re:I would rather filter my email myself

[Darchmare]

It seems to me that you need to read up on what the RBL is, then, before you pass judgement.

This is how it works:

1. People report open relays and the like to the RBL.
2. RBL puts that on a list.
3. Various ISPs receive a copy of that list, and make it so that email from those sources is not received.

Note that step 3 is 100% consensual. As the owner of an ISP, you can choose to receive mail from those on the RBL. You can even ignore the list entirely. Each ISP gets to choose if they want to use the list or not, and by virtue its customers get to choose whether or not to use that ISP. Basically, it's a way for people to ignore known spam sources if they want to.

It's not a 'big brother' type organization as you don't have to use their list of spam sources if you don't want to. They simply provide a service to those who trust them to root out spam sources (and they are very open on their criteria for putting people on the list, as well as providing proof of their actions).

Now, my guess is that you spoke before doing your research - and that you ARE a true libertarian. However, saying that the RBL doesn't have the right to publish a list of spammers (that your ISP can and can not choose as a commercial organization to filter) is antithetical to libertarian thought. Yeah, there are variations on the same theme, but this is basically a free speech issue. They're not forcing anyone to use it, after all.


- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:I would rather filter my email myself

[Darchmare]

---
First off, 'spam' is a subjective term used to describe a lot of different things.
---

While some people use it incorrectly, the generally accepted definition of spam is 'unsolicited bulk email' - commercial in nature or not.

Regardless, the RBL focuses on open relays - those aren't subjective at all. It's either open or it's not.

---
Companies shouldn't be deciding much of anything for their customers where it comes to filtering the content they receive.
---

Sure they can, as long as they are open about it. That's why an open marketplace is so vital - you as a consumer can choose who you want to work with. If a given ISP filters stuff based on known spam sources and you don't like it, there are a number of competing ISPs that would be more than happy to take your business away from them.

---
They're certainly no longer a 'common carrier' once they've started applying filters....
---

Hrm.

If I block incoming mail from a given ISP due to their listing on the RBL, should that lose me common carrier status? It's not really being 'published' in a public space, and you're not really censoring existing _content_, so it's hard to say.

Where does it stop? If I apply a block to a certain IP range due to a denial of service attack, does that lose me the common carrier status? If so, that needs to change. I consider spam to be the equivelent to an attack of sorts, so I'm not sure why there would be a difference. In either case it's the hijacking of 3rd party computing resources for an insidious purpose.


- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:What is "Double opt in?"

[Chas]

Okay now. Opt-Out: Basically they can send you stuff until you send them a notice or fill out a form stating that you don't want their content. The only problem with this is, there's nothing to prevent you from being put right back on a similar list later on. Also, the act of notification probably gets you chucked onto a couple more lists. Opt-In: Basically it's as simple as "fill out your e-mail address and we'll send you our content". There's no verification that the person submitting the address is actually the person utilizing that address. So, if someone wanted to be a real idiot, they could simply submit your address to the Opt-In for "Fill your mailbox with "SOMETHING". Double-Opt-In (or Verified): Like a properly set up majordomo mailing list. You submit yourself to the list. The listserv sends back an e-mail saying, essentially, "Someone subscribed you to this list. If you really want to be on this list, just reply to this message, or go to this webpage and confirm it". Once you've confirmed it, you're on the list. DOI makes sure you actually WANT the content BEFORE sending any of the content your way. The only problem with some DOI's is that some of them allow your e-mail address to be submitted over and over again. Causing you to receive multiple confirmation requests, and essentially amounting to mailbombing. Some better DOI agents will accept a particular e-mail address once, then won't accept addition submissions for it. At least until confirmation is received.


Chas - The one, the only.
THANK GOD!!!

Re:Go for it!

[Chas]

1. It's your network. You have a right to decide what traffic goes across it. Since you're paying for the bandwidth.
2. The RBL is a SERVICE. They don't impose their filters on recipients who don't want to use the RBL filter. You have to WANT it to have it.
3. Please cite these "numerous cases". They make every effort to help the "offending" sites fix their node. Only after all attempts have failed, and the site appears unwilling to rectify the situation, do they nominate it for the blacklist.
4. Intelligent filtering is all well and good, but the problem is that the server is compromised in some way. And while it'd be nice to allow some of the legitimate users through, if the server's compromised, it's nearly impossible to tell who the legitimate users are.
5. Again, the RBL is VOLUNTARY. Your provider either opts in or they don't. Either way, the offending mail server still functions. It merely cannot relay messages to users on mail servers which utilize the RBL. And since you have the option of changing ISP's, or requesting exclusion from the filtering, you DO have the freedom. Remember, freedom doesn't guarantee you a cablemodem and high speed access. Some choices have consequences.
6. The RBL does NOT limit your connectivity to the outside world. You have the right to opt-out, either through a request for exclusion to your ISP, or by changing ISP's.
7. Connectivity isn't a right. High speed connectivity isn't a right. Utilization of your ISP's bandwidth in a manner contrary to their SOP and user agreement isn't a right.

Chas - The one, the only.
THANK GOD!!!

Legal question...

[SvnLyrBrto]

>MAPS is in California, the order is from a
>court in Illinois,

Okay... this is something that's bugged me in in a number of other stories here on /.

By what streach of the law, imagination, or simple arrogant presumption does an Illinois judge claim jurisdiction over people in California?!?!?!? Or vice versa, for that matter (MPAA's restraining order on 500 john does, many of which most certianly live outside CA comes to mind)?

Is this a *FEDERAL* judge, whose bench just happens to be in Illinois? Or does any old state judge have carte blanche to order around people outside their jurisdictions? Seems like MANY states would STRENOUSLY object to such a violation of what little sovereignity the states have left (Texas and Mass come to mind, for starters) And if the latter *IS* the case, why do we bother with jurisdictions at all?

Of course, it *IS* a common arrogance for our legal system to presume that it has domain outside its jurisdiction (certian OTHER DeCSS-related actions, in Norway, for example, come to mind).

I'm *SURE* that there are at least a FEW bona fide lawyers who read Slashdot. Could one of you PLEASE shed some enlightenment here?

john


Resistance is NOT futile!!!

Haiku:
I am not a drone.
Remove the collective if

Re:What most people don't know about MAPS-RBL is

[marvinglenn]

When people run listservs that don't require confirmation, they run a process that can be easily used to harass and DOS attack other people. Every heard of a listserv bomb? (i.e. subscribing your enemy to every listserv you can)

Re:Weird

[Stephen Samuel]

"Ever notice how MAPS spelled backwards is SPAM? I wonder why... :P"
Because SPAM spelled backwards is MAPS. :-|

I believe that MAPS' inclusion of them into the RBL may cause some collateral damage to that. It is imperative to point out that this is the design and function of MAPS -- to provide an effective deterrant against errant mailing practices and to companies that provide spammer support services

I would disagree. At the bottom of http://www.mailabuse.org/rbl/rationale. html [mailabuse.org], they say:

Our goals in doing this are to stop spam and educate relay operators.

(emphasis theirs).
The primary purpose of the RBL is to stop SPAM. If there were a more precise method of doing so with similar effectiveness and effort, I think that they would do so. Their site includes reference to the problem of throwing out the baby with the bathwater in their cautions to people considering using the list. Collateral damage is, I think, part of the reason why they they waited so long before adding, for example MSN to their list.

Collertal damage does provide some 'carrot and stick' incentive to spammer allies, but it is a double-edged sword. If the RBL were able to provide true 'smart bomb' accuracy, I expect that more people would be willing to use it. Remember: They originally generated it for themselves, and then made it available to others.

Re:Free speech violation, that's what it is.

[Darchmare]

---
If an online 'White Power' organization were to be established, that posted lists of Websites they objected to, for itemized specific reasons, would that be considered legitimate?
---

Sure. I may not agree with it, but if they want to rally the rest of their white trash bretheren, then they should be allowed to do so. Free speech is funny that way...

- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:I would rather filter my email myself

[Darchmare]

Addendum - I made a mistake. you don't report to the RBL, you report to MAPS. The RBL is a list they keep. There are a number of similar lists that network providers can use to decide who they should and should not accept connections from.

Of course, it's all voluntary. You don't need to use these blacklists if you don't want to...

- Jeff A. Campbell
- VelociNews (http://www.velocinews.com [velocinews.com])

Re:The main point: MAPS is voluntary

[PigleT]

Quite so. The precedent is bad, although it might have a favourable outcome for the wrong reasons: the RBL and DUL (in particular) are things your ISP subscribes to in order to censor your email for you - if I send mail to somebody from my dialup box and it bounces because of "administrative prohibition", then it will very rarely be the case that I send it through some smarthost or other, and I'll probably tell the recipient to stop using that ISP.

MAPS, RBL and the DUL should be disbanded for censorship reasons, not legally.

~Tim
--
.|` Clouds cross the black moonlight,

Re:Free speech violation, that's what it is.

[Stephen Samuel]

If an online 'White Power' organization were to be established, that posted lists of Websites they objected to, for itemized specific reasons, would that be considered legitimate?

If they posted my address so that people knew to avoid me, that's completely legitimate. If they posted my address and told people to burn down my house and lynch me, that would be a different case -- arson and murder are illegal. They would be advocating and aiding the commission of felonies. Similarly, If they put me on a list of people who agreed with, and supported the white-power movement, that would be slander.

Rejecting your email is legal. Giving me a list of people that you're rejecting because I might want to reject their email for the same purposes would also be legal.

These people are not suing RBL because it is improper for them to be on the list. They are suing RBL because they disagree with the criteria for being added to the list. Vixie & Co. don't say "these people are spammers". They say "These people do one or more of these N things that we really disagree with -- mostly because they cause us problems.
============
As to the question of legislative vs technical solutions:
Theft is illegal. There's already legislation against it. A couple of weeks ago I left my window open. Some bastard snuck in through the open window and stole my laptop. Locks are a technical solution to a problem that already has a legislated solution.

Even if CAUCE [cauce.org] is successful in getting effective legislation against SPAM, prosecutions and lawsuits are expensive and slow (often taking years). If only for that reason, RBL will remain as at least a stopgap solution.

Re:Where's the /. reading lawyer? u talking to me?

[geeklawyer]

Which lawyer you talking about? I think there are 2/3 of us. I'm a UK lawyer so I can only give a good view of the position this side of the pond.

What do I think of this injunction? its a crock of shit - interlocutory injunctions arent hard to get in practise as long as you have;

at least an arguable case.

a good trial lawyer

no opponent - an emergency ex-parte application is, therefore, best for the spammer.

My quick view is that just because YEsmail have contracted with X to deliver spam to Luser via ISP there is no legal relationship between YEsmail and ISP. It can however be argued that there may be an implied term in the contract between Luser and ISP to deliver communications by Yesmail or X. And this maybe the case if Luser has requested spam from X or YEsmail. This would not apply if the email address Luser@isp.com had been harvested but it might be so if it had been given voluntarily by Luser in response to an offer or suchlike. And in any event privity of contract would only permit Luser to sue not Yesmail (disregarding arguments about equity)

This is basic contract law and provides no good basis for an action. however things get a little foggier when one considers tortious acts such as nuisance, defamation, interference with contractual relations, etc etc. Defamation could be argued but it depends on the detailed facts so I cant say. Interference with contractual relations is a possibility but the question here is interference between whom? if between Luser and X its quite a good cause of action. If however its interference between X and Yesmail? dont make me laugh! ISP doesnt exist to help Yesmails business or X's, only to link Luser to the Internet. If ISP makes Yesmails life harder, or refuses to make it easier, tough titties: "I am not my brothers keeper".

Additionally MAPS can argue two other things.
1) that Luser can still receive email from non-RBL users. Though that wont be possible if Lusers ISP uses RBL. But if upstream ISPs dont all use I guess routing is still possible allbeit slower and less certain. Id want a technical view on this argument.
2) Public policy. Spam has all but rendered Usenet useless.Makes the uses of email a hassle or the giving out of email addresses undesireable. this all reduces the utility of the Internet which most people politicians and judges think would be a "Bad Thing(TM)"

There are a lot of other legal considerations/angles and I could say a lot more but you aint paying me
maybe my brother US /. lawyers could chip in...

(any chance of decent karma for a change....)

Re:Open Relays

[Eggplant62]

Nathaniel P. Wilkerson mumbled some stuff about:

"There is nothing at all wrong with an Open Relay in fact if we had less spammers there would probably be many more available for legitimate use. The problem is with the Spammers, I say go after them not the ISP's and others trying to provide relays for us to use."

There's *everything* wrong with an open relay. Which came first, the spammer or the open relay with which the slimy bastard sent out 10,000 messages? Disable the ability of spammers to send 10,000 messages at a time, close open relays and I think the problem would cure itself. I can't see any reason why John Q Public would need to send 10,000 email messages at one time unless he were a snivelling piece of shit spammer. Limit one's traffic to five addresses at a time and no more than five messages per hour and the problem of spam would cure itself. There is no reason to provide an open relay at all. Either send mail directly to your addressee's mail exchanger or don't send it, it's rather simple.

Egg Plant

Re:Weird

[thogard]

Or...
Company X says Company Y is a spamer and Company Y sues Company X which isn't a real company anyway and has lots of friend that have permission to send route updates to the bigest badest routers on the net so... Compay Z starts routing Company Y's packets to hell and back because "its the most effective route at the time".

ISP's should announce their alliegence

[jesterzog]

Firstly let me say that I agree entirely with what MAPS does.

That said, I think it would be ethically right for ISP's that use MAPS to announce to users in an agreement or contract that they might block some incoming email in accordance with the list supplied by MAPS.

As long as they do this, MAPS can strengthen it's case even more because it can argue that the users themselves have agreed with their ISP's that they don't want to receive email that MAPS considers annoying.

===

Re:Time to manually block yesmail

[griffjon]

make sure you write to yesmail and tell them that you are doing this and why. I'm going to do the same, put a filter that searches all headers and auto-trashes it.

Re:The RBL is a scam.,..

[seebs]

The fact is, the amount of porn spam I got dropped dramatically when IBill was forced to change their policy.

MAPS isn't about *blocking* spam. It's about *EDUCATION*.

Once, everyone thought it was excessive to add the hosting company for a web site to the RBL, unless the spam came from there. After all, they're not *sending* the spam, right?

Then we found out that, if you don't take down a spammer's page, the spammer will keep spamming. Forever. So, the page *has* to come down. So, now, if you host web pages for spammers, you can be listed.

Ibill was in the same situation. They chose to provide a service that was being abused. They chose to overlook the damage to *everyone else*, because it was a cash flow for them.

The RBL listing caused them to recognize the costs they were inflicting on everyone else.

There is no such thing as a "vigilante" in this context. We *are* the legitimate authorities, we sysadmins.

I am sorry that innocent people were affected by IBill's listing. However, if you want to blame someone, blame the people (Ed Cherry being the most obvious, of course) who decided that they *couldn't* be listed on the RBL, and who felt that millions of dollars a day of distributed damage to other networks wasn't *their* problem, even though they could stop it.

That's what it comes down to. If you can make someone stop spamming, and you don't, you're going to get listed.

Fair enough.

So Yesmail goes after the RBL...

[Randy Rathbun]

Now that they have, I now know about this outfit. So, MAPS can't list them (for right now), but I sure as the hell can put in a filter.

It is truly amazing to me how folks like Yesmail don't seem to understand that the RBL is not the only group that filters. They have to deal with us, the public - be it some guy with LookOut filters, or sysadmins at large ISPs/companies. Either way the mail is gonna get sent to /dev/null.

Re:Open Relays

[tzanger]

There is nothing at all wrong with an Open Relay in fact if we had less spammers there would probably be many more available for legitimate use.

What, praytell, is a legitimate use for an open relay? If you have internet access you have a server or two you should be sending your mail through. MTA software like qmail [qmail.org] have "relay-after-pop check" methods which allow roaming users to send email from anywhere after a valid POP3 mail check.

I've spent a few minutes trying to find a single reason to have an open relay. I can't think of one. Your turn.

Use SpamCop

[Brian Kendig]

A highly useful service available to individuals in the fight against spam is SpamCop (http://spamcop.net/ [spamcop.net]). I'm not affiliated with that service in any way except as a happy customer.. They offer two useful services:

One is free: paste any spam email you receive into a form on their site, and it will analyze the spam's headers to find out who's responsible for that spam getting to you, then it will automatically email a complaint to the relevant postmasters and system administrators, and also pass information about open relay abuse to ORBS. I've been using SpamCop this way for a few months, and I've already received several dozen responses from ISP's that the offending email accounts have been shut down due to terms-of-service violations. It gives me that warm fuzzy feeling that I'm doing some small part to help stop spam.

The other service comes for a paltry fee: you can get a 'spamcop.net' email address which filters out email for you. I believe that it will still let you see spam if you want to, and I think you can customize it to make absolutely sure it doesn't block legitimate email, so this might satisfy the people here who want more control over the way their mail is filtered.

Re:The RBL is a scam.,..

[happystink]

You just learned a valuable lesson of business on the internet: Research who you are doing business with beforehand, and if they are spam-friendly in any way, do not do business with them. I don't say this like "it's a moral decision", I say it as "Their quality level WILL drop because of the fact they are spam-friendly".

It's a shame that you had problems with iBill if you really are legit, but it's your own fault. If your doctor had his license taken away because he killed someone would you get angry at the medical association because now you had to find a bad doctor?

Re:The RBL is a scam.,..

[seebs]

Except that, if I use a confirmed opt-in, when you complain, I go to MAPS and show them the confirmation email from you, and they tell you you're mistaken.

Even if I run a plain opt-in list, *one* person complaining will get nothing done.

The most you can do is force me to start using confirmations - which I should probably do anyway.

It's much harder to get listed than you seem to think. You have to make it clear that:

1. You will do something which results in unsolicited email reaching people.
2. You will not correct this.

If you don't have both elements, you will *not* be listed.

Some thoughts.

[mindstrm]

I can see how you would be initially pissed that RBL was 'preventing' you from sending mail....
But everyone must remember one other thing:
RBL is not an authority. IT works because ISP's DECIDE that they *WANT* to use RBL to get their block lists. They understand and know how RBL works, and are willing to live with the consequences.
REmember, email is not 'the phone system'. It's not centrally planned, and you have no common 'right' to send email to anyone, anywhere. It works because everyone agrees on common protocols, and to freely accept data from each other under certain terms. Period. Much like the internet itself.

So.. perhaps this company needs to SUE the ISP's that are actually USING the RBL. RBL doesnt' make them, it just publishes a list.

Re:I would rather filter my email myself

[mindstrm]

IF you don't want your ISP to use RBL, then find out if they are or not, and don't use that ISP.

Perhaps you are unaware, but a large number of mail servers are *privately owned* by collectives of people, companies, individuals, etc, and I will *NOT* have anyone dicatating to *ME* what *MY* mail server will or will not accept. I am *perfectly* happy with RBL providing me with a list of sites; I understand their method and think they are fair, and I don't care if someone gets wrongly listed from time to time. It's *MY* mail server. And people who have accounts on it can either live with it or go elsewhere.

So.. while you are complaining, does your ISP actually use RBL? Did you ask them?
Hmm. Many ISP's have size limits on outgoing mail (so you don't mail 20GB files). Is that censorship? SOme only allow 20 recipients to a message at a time. Is that censorship? WHo decides what 'email' means. If it's my mail server it means 'incomign message meets certain RFC's, plus my own filters, plus doesn't get a match in RBL'. If it doesn't meet those criteria, it's not a message.

Laughable

[nehril]

Does anyone else see the irony of Yesmail fighting to get off a list they don't want to be on?

If they didn't spend so much effort putting regular people on their damned spam lists they wouldn't have this problem.

Re:The RBL is a scam.,..

[mindstrm]

I have my own computer that sends it's own mail.
My own mail server.
My own piece of the net.
And I *chose* to accept that, if ibill is doing business with spammers, (which is against the spirit of the net, and totally rude), then I do not wish to have any relations with them.
Do I want to force this on anybody else? Certainly not. But it won't happen on my mail server.
Your rights end where mine begins. YOur legislation of the Internet begins where my equipment starts.

Re:My spam comes from dialups, not websites

[mindstrm]

Well.. how it is done is simple.
There is absolutely nothing special, network-wise, about a mail server, other than the fact that it's running mail server software.
If all you want to have the mail server do is send mail out.. you don't need any 'special' privelege. YOu can do it with your own computer.

Special settings in DNS and such are only required to receive mail...

Re:Yes, hopefully a good precedent will be set.

[Anomalous Canard]

Gee.... MAPS can't be any more hypocritical there. MAPS' whole reason to be is because they claim spammers are tresspassing on peoples' net connections. Yet, if you ban MAPS, no matter whether you have an open relay *OR NOT*, you are listed as being an open relay.

You seem to be confusing MAPS [mail-abuse.org] with ORBS [orbs.org]. ORBS does testing for open ralays. MAPS works on the basis of actual SPAM received.
Anomalous: inconsistent with or deviating from what is usual, normal, or expected

Re:Sue Happy

[friedo]

It amazes me how companies bring these frivolous lawsuits to the courts over absurd issues.

This lawsuit is neither frivolus nor absurd. Yesmail has a legitimate slander complaint. If a COURT OF LAW decides that Yesmail has not been slandered, then MAPS wins.

If Yesmail was really legitimate they would contact MAPS and would work out whatever issues or problems they might have.

If you had read the article, you would know the Yesmail and MAPS did negotiate, and were unable to agree on a resolution.

Whenever, companies are forced to bring things to a lawsuit you can usuall y expect that there is some foulplay.

This is the most rediculous statement yet. You're saying that whenever a company tries to protect its copyright, patent, reputation, or financial resources, it is necessarily involved in foul play? Let me clue you in on something: Corporations are not evil. Yesmail has a perfectly legitimate case.

Obviously, Yesmail is the culprit here, not MAPS. If there business was legit, MAPS would recognize that and they would come to some sort of amiable agreement.

See above.

Companies such as Yesmail are a blight and should be shut down in my opinion.

I wonder what we would happen if we shut down every corporation that was trying to stay in business...

Re:MAPS RBL

[tgeller]

I got stuck on this list for having an open relay

I doubt that. You're probably confusing the MAPS RBL with ORBS. The MAPS RBL usually doesn't list open relays, unless the owner takes the attitude of, "We leave the relay open so people can spam thhrough it." They go to great lengths to contact spam-producing domains before listing, and makes an honest effort to get them to change their ways. It's REALLY HARD to get someone listed on the MAPS RBL: Merely reporting an open relay ain't enough. They require extensive documentation.

ORBS, on the other hand, actively probes networks and lists them without notification if they have an open relay.

--Tom

Re:Rod Loss

[Ungrounded Lightning]

It was found. But the new twenty character nickname/handle limit was permanent. So they'd have had to cut off something else to have it reattached.

One of the big names (I think it was Cmdr Taco, but I'm not sure, and don't have the old email handy) volunteered to perform the operation. But given that the default credit line comes out:

by Ungrounded Lightning (rod@node.com)

and given that I couldn't figure out a 20-character nickname that worked as well and would still be easily recognizable to people used to the old nick, I decided to decline the surgery.

By the way: The handle is a reference to an incident at a former employer - one noted for promoting open access to computer networks and electronic publishing - and also for being somewhat far out. Netnews had just been installed, and he was asked whether there were any posting limits (besides not disclosing company secrets). He said that as a matter of policy they weren't, but he'd prefer that we avoided jepoardizing the company's already-strained credibility by making far-out posts on unrelated matters as someone recognizably employed by the company. He referred to this as "being a lightning rod".

So I created a "guest account" for myself for participating in certain controversial newsgroups, and from that account never posted about who I actually was or whether I was an employee or a friend-of-the-company. (The company also had a history of handing out guest accounts to controversial figures who were friends of project members or had done something to support the project in its early days.)

YesMail is definitely lying about opt-in

[nazgul@somewhere.com]

I have mail logs of over 1000 postings from YesMail to email addresses @somewhere.com that never existed. So not only do they accept email addresses without verification, they don't clean their lists of bounces--every one of those messages bounced, yet they keep sending to them.

The real scam though, is that they are charging customers for mail sent to those addresses.

And of course, YesMail never responded to any of my complaints.

Re:E-commerce

[StenD]

What gives you (or anybody else for that matter) to decide what mail should or should not be allowed?

Ownership of the system receiving the email. I own the system, I get to decide under what conditions I accept email. Among those conditions is that the sender not appear on the RBL, DUL, or RSS lists.

Re:Use SpamCop, but understand how it works.

[Animats]

Spamcop is a useful service, but the spam filtering option basically works by sending back a message to each new correspondent requiring them to click on a link before the mail is delivered. This filters out spam, but is a pain for new people who want to e-mail you. It's incompatible with most mailing lists, and annoying to people who "cc" you. If you need to receive e-mail from lots of people, Spamcop probably isn't the answer.

I use it on Downside [downside.com] because, as a site that makes negative comments on failing dot-coms, it attracts unwanted, and sometimes hostile, mail. One nice thing about running mail through Spamcop: if a threat makes it through the filters, you have a solid E-mail address for it.

Re:my take on it

[Bob Uhl]

The DUL is highly annoying. It bounced mail from my Linux box because my sendmail was configured to deliver mail properly, i.e. to the appropriate machine. I had to reconfigure it to be stupid and send all mail to my ISP, which slows thigns down and adds another point of failure to things. Thanks loads.

Mail from dial-up accts has a higher probability of being spam, granted. But with the marked increase in intelligent hosts (i.e. hosts which are properly configured and act as their own mail servers) installed in user's homes increases, this probability will decrease. I call on all right-thinking mail admins to Do the Right Thing and turn off the DUL.

I also call on the US Congress, acting under its authority to regulate inter-state commerce, to ban spam sent across state lines, and on the legislatures of the states to do the same for intra-state spam, and on foreign legislative bodies to do the same. A federal law declaring the sending of spam across our national borders an actionable act would be nice too:-)

The RBL is a good idea, one which I agree with.

Re:Legal question...

[DHartung]

SvnLyrBrto asks:
Okay... this is something that's bugged me in in a number of other stories here on /. By what streach of the law, imagination, or simple arrogant presumption does an Illinois judge claim jurisdiction over people in California?!?!?!? Or vice versa, for that matter (MPAA's restraining order on 500 john does, many of which most certianly live outside CA comes to mind)?

Don't take this personally ... but I am sick and tired of people who don't seem to have a junior-high-school level of knowledge of the world posting away on Slashdot. The legal system of this country isn't exactly simple, but it surely shouldn't be beyond the abilities of the self-taught coders who allegedly populate Slashdot. Unfortunately, every time we have a legal story here, it's a self-evident truth that nobody listened in Government class.

I'll try to use short words.

To start, the United States Constitution, Article IV, Section I, states the following:

Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof.

This is why you can be arrested in California for murdering someone in Maine. It's also why you can be sued in Florida by a customer you have in Montana. Often contracts actually specify which court will be the first choice of the contracting parties.

Beyond that, an injunction is simply an order covering the parties in a lawsuit. As such, it does not have to actually conform to any law -- in fact injunctions can be quite broad (e.g. a gag order, which does not violate the first amendment) to suit the requirements of the case. Injunctions are intended to prevent one party from accomplishing a de facto win while losing a de jure case.

It's pretty irrelevant to this case, though, which is in a Federal court.

Is this a *FEDERAL* judge, whose bench just happens to be in Illinois?

Yes, and Illinois happens to be where Yesmail.com is headquartered, therefore the most likely place for them to choose to sue. They are suing in Federal court because they are seeking injunctive relief under Federal law.

Or does any old state judge have carte blanche to order around people outside their jurisdictions?

When the judge has jurisdiction, YES. Sometimes jurisdiction is indeed a matter of dispute, which is why the other side will enter an appeal. This is normal. (Frankly, it's normal for any target of a court injunction to argue against it.)

Seems like MANY states would STRENOUSLY object to such a violation of what little sovereignity the states have left (Texas and Mass come to mind, for starters)

Uh ... I hate to say this, but they signed the Constitution. Quite some time ago. In other words, they exchanged certain kinds of sovereignty for certain presumed benefits. This is the way that a federal republic works.

And if the latter *IS* the case, why do we bother with jurisdictions at all?

Because normal criminal and civil law is handled by the states. The presumption is that doing business in a state (which can be merely, e.g. selling to someone there) exposes you to its jurisdiction (for the protection of the person you sold to). Anyway, again, this is a FEDERAL lawsuit under FEDERAL law so the assumption is that it applies to all parties in the jurisdiction of the United States.

Of course, it *IS* a common arrogance for our legal system to presume that it has domain outside its jurisdiction (certian OTHER DeCSS-related actions, in Norway, for example, come to mind).

The copyrights of one nation are recognized by another nation under the Berne convention, a treaty which the United States signed in 1985. Again, under the Constitution, treaties have the effect of federal law. Norway, as a signatory to the treaty (much earlier than us!), has to recognize our copyrights just as we promised to recognize theirs.

You may not like the particular application of copyright in this case, but you should be able to understand the legal process.

I'm *SURE* that there are at least a FEW bona fide lawyers who read Slashdot. Could one of you PLEASE shed some enlightenment here?

IANAL. But I do have a college education, and I can pick up a World Almanac and read the Constitution. It is highly suggested that you do the same. This isn't some boring quiz for half-asleep eighth-graders, after all -- this is REAL LIFE, and as we see is not inconsequential.

Besides, this is the real bottom line:
MAPS lists a page on its Web site (http://www.mailabuse.org) titled "how to sue MAPS," hoping a legal case would establish that its tactics were legal. Yesmail is the first company to take up the challenge.

In other words, MAPS has been waiting eagerly for this day in court. They've probably had briefs prepared well in advance, and pro bono legal counsel all lined up.
----

Re:The main point: MAPS is voluntary

[Bob Uhl]

The problem with the DUL is that a well-configured host should act as its own mail server and send mail directly from that host to whatever machines are the appropriate recipients. Instead, we are forced to configure our machines to use an external mail server, which slows things down, takes up bandwidth and in many other ways is a right royal pain in various body parts.

I quite agree with the RBL.

Hidden costs of blocking.

[Convergence]

There are hidden costs with spam. We all know and agree with that. There is the time that people waste downloading and deleting it.

But noone mentions the hidden costs of trying to BLOCK spam. Filters don't work perfectly. Good email gets rejected and blocked. Which is worse? Blocking 10 legitimate emails while blocking 1 spam? Blocking 10 spams while blocking one legitimate email?

Which is worse for the users and which is worse for the ISP?

If an ISP blocks legitimate email, first-time senders will forget it or not try again. Neither you nor they will never know what happened to; you'll probably blame it on the net-gods. But if the ISP doesn't block spammers they get complaints out the wazoo. Which will they choose?

That's what pisses me off about the RBL, they *are* a vigilante group. Would they have condoned DDOS against CyberPromotions? I'd say yes!

If I go with an ISP, I expect my ISP to *not* add my dialup range to the DUL. If I want to connect manually to a destination mail server (use the local sendmail to queue up mail) I'm paying for that service. Similarily, if they block any email destined for me without my consent, I'll change service providers.

I don't like the Spam, and the RBL's targets somewhat justify what they get, but I won't condone how the RBL acts.

They're like the ALF arsonists who would `` `bring to a screeching halt what countless protests and letter-writing campaigns could never stop.' '' by arsoning a slaughterhouse with some homemade napalm.

MAPS is just the coordinator; it's the people who use the list who are at fault and liable for the damages. It's harder to sue the thousands of people who use the RBL than it is to sue the coordinators. The coordinators just make a list.

Yesmail has just shot themselves in the foot

[bee]

This is likely to be worse for Yesmail in the long run than any simple 'being added to the RBL' could be.

Here's why: even now, many sysadmins that use the RBL are reading this story, and are going in by hand and adding Yesmail to the list of domains they don't accept mail from. Even if Yesmail and MAPS come to an agreement where Yesmail follows MAPS's policy, all those sysadmins that added in Yesmail by hand aren't just going to take them out again overnight. While not as widespread as if they were on the RBL, they will be on many systems' blackhole list permanently.

---

And how is what you did any different then spam?

[Byter]

"In my experience, it really isn't that hard to get listed on MAPS. My previous employer decided to harvest Usenet one time to gather addresses of people that might be interested in our service. A couple of months later, MAPS listed us after one person spent some time harassing us to remove his and other's addresses (which we did, promptly, when asked)."

Hmm. "harvest Usenet one time to gather addresses of people who MIGHT be interested
in our services." Translation: You grabbed e-mail addresses from newsgroups and then
sent people at those addresses an UNSOLICTED advertisement. That sounds like SPAM
to me. You may have been one of the few companies that act on good faith and actually
opt-out people who ask for it, but you were still spamming people. These days, maintaining
an
opt-out list (or more accurately, CLAIMING that you maintain an opt-out list) isn't
any excuse
to spam. Most people won't dare to respond and ask to be opted out, because
that marks their e-mail address as ACTIVE and makes it much more likely that they will receive much more spam.

So what really happened here was:
1) You spammed a bunch of people.
2) Someone got really pissed off about it (actually, most of the people probably got pissed
at your company, but didn't respond because they didn't want their e-mail address to
be marked as "active").
3) That person reported you to MAPS and gave them evidence of your spam.
4) MAPS RBL'ed you for being a spammer. (Not just RELAYING spam, but actually being
the source of it.)

"When he finally submitted his "evidence," MAPS listed us right away, without even so much as asking us if his take on things was accurate (which it was not in certain key areas). We were notified, but not until after the listing was made. The damage was already done."

What wasn't accurate about it? They didn't notify you because this wasn't a spammer sending mail through your open relay without your knowledge, this was you KNOWINGLY spamming people!

Once you stopped spamming people (an opt-in list means that your e-mail is no longer unsolicted), MAPS stopped blacklisting you because you stopped spamming people.