NSI to be RBL'ed? 152
From: Paul A Vixie
Subject: possible RBL event coming up involving NSI
------- Blind-Carbon-Copy
To: interest@mail-abuse.org
cc: rbl@mail-abuse.org
Subject: possible RBL event coming up involving NSI
Date: Fri, 30 Jul 1999 16:02:14 -0700
From: Paul A Vixie
You are receiving this because you are either an interested outsider, or a staff member or volunteer, or a customer of M.A.P.S., LLC. Note our new domain name, mail-abuse.org. (The old maps.vix.com domain name gave some the false impression that MAPS was not a separate company.)
Today we received the letter below from NSI in response to our repeated attempts to get them to stop sending unsolicited bulk commercial e-mail to all domain holders. In this letter, NSI implies that they will sue us for damages and incite entities like Amazon.com to do likewise if we decide to blackhole them, and then go on to say that they have no intention of stopping the current business practice of these which caused our complaints.
They are pretty much daring us to blackhole them. The board of MAPS, LLC will make its final determination in the next few days, and if we do decide to blackhole NSI it's going to get ugly. As an interested party, we want you all to know what's happening.
=================================
July 30, 1999
VIA FIRST CLASS AND
ELECTRONIC MAIL
Nick Nicholas, Executive Director
Mail Abuse Prevention System, LLC
950 Charter Street
Redwood City, CA 94063
Re: Nomination of NSI for Black List
Dear Mr. Nicholas:
Thank you for the opportunity to respond to your email to me dated July 16, 1999, regarding the Realtime Blackhole List ("Black List") managed by the Mail Abuse Prevention System LLC.
Enclosed is a copy of a letter I sent today to Mr. James Wagner, President of Hypertouch, Inc., the complainant who apparently prompted your July 16 email to me. Network Solutions has removed Mr. Wagner's name from its mailing list. As noted in the letter, Mr. Wagner could have avoided receiving the subject email in the first place had he simply followed the mailing list removal procedure specified in an email transmitted to him on March 30, 1999.
There can be no doubt that Network Solutions has an existing business relationship with the administrative, technical and billing contacts for a given domain name registered with Network Solutions. These people are the principal points of contact through which Network Solutions transacts business with its customers. They have been so designated by our customers in their domain name registration agreements with Network Solutions.
These are precisely the types of relationships that the California legislature wanted to shield from the restrictions contained in its unsolicited email statutes. Indeed, the statute's protection of communications between persons involved in existing business relationships reflects the state's determination that such communications are not "spam," but rather vital catalysts to free and open commerce. We are aware of no law that prohibits companies from communicating with their own customers.
We respectfully suggest that MAPS and any other person involved in the compilation and dissemination of the Black List adopt a definition of spam that is consistent with the principles recognized by California. Any more expansive definition is overly broad and may unreasonably restrain trade. Indeed, it is apparent that Mr. Wagner's principal concern about Network Solutions' emails is the competitive threat they represent to his company's ISP business. Those emails reference Internet companies that are competitors of Mr. Wagner's company, Hypertouch, Inc. It appears Hypertouch, Inc. hopes to shelter itself from such competition by combining with those who control the Black List and its technology to restrain such competition.
If inclusion on the Black List will effectively block Network Solutions from contacting 40% of the Internet, as you claimed in your email of July 29, 1999, MAPS's actions would have severe and irreparable consequences on the company's relationship with its customers. Network Solutions has over 5,000,000 customers. Consequently, if you place Network Solutions on the Black List, 2,000,000 (40%) of its own customers presumably would be unable to receive important information from Network Solutions, including invoices and deactivation notices, possibly leading to the revocation of their domain name registrations. You should be prepared to accept the consequences of your actions should a company such as Amazon.com lose its domain name, and thus its e-commerce business, as a result of having its notices and invoices intercepted and destroyed. It is difficult to believe that MAPS would be willing to take such drastic actions based on the self-serving complaint of Mr. Wagner.
Indeed, MAPS's overly expansive definition of spam exposes MAPS and those who own or control the Black List to, inter alia, civil claims of: (1) illegal combination in restraint of trade violating Section 1 of the Sherman Act, 15 U.S.C. ? 1; (2) unfair competition; and (3) intentional interference with contractual relationships.
Network Solutions will not hesitate to take all actions necessary to protect its rights and ensure that its channels of communications to its own customers remain open. I hope that such measures will be unnecessary and that you will opt not to include the company on the Black List. p
Please advise me of your decision and do not hesitate to contact me if you wish to discuss this matter further.
Very truly yours,
Jonathan W. Emery
==============
Re:Geek hypocracy make me sick (Score:1)
--
Re:L.O.L.... (Score:1)
Sites that use the RBL have chosen to deny their customers access to email. If those customers can't receive email from you, it is because their ISP has chosen not to allow them to.
Guess who pays the bills? (clue- not the SysAdmin) Take another guess who makes more money by limiting traffic to flat-fee paying customers.
Re:Some Ideas to Fight Spam (Score:1)
Instead of filling the spam lists with random "chaff" addresses, use this method to put "canary" e-mail addresses on to the spam lists instead. "Canary" e-mail addresses are designed to catch spams, and serve only to receive spam. Automated software attached to the "canary" can then filter spam based on what the "canary" receives. The canary idea is not new, of course.
A more evil idea would be to attach to the address of the "canary" some software (similar to that found on the web site spamcop.net [spamcop.net]) that traces the e-mail back to the spammer by examining the "Received:" headers. If done in real-time, one could potentially alert an ISP to a spammer's activity in time for them to disconnect a spammer while they were still sending spam.
The best part is that we use the spammers' own resources (collections of e-mail addresses) to fight spam.
---
The only SPAM I like: www.spam.com [spam.com] (The home page of the canned meat)
Re:Won't the problem resolve itself? (Score:1)
to rust.net when became known that sanford wallace got his access there?
Re:Corrupt argument (Score:1)
You knocked that one down real good. Shall I set up another? Would you like it filled with polyfoam, old rags, or the traditional straw?
Of course, the argument for banning spam is not that it is in some vague sense "bad for me". The argument for banning spam is that it constitutes theft of the recipients' bandwidth.
If you want to control spam, find a way of passing the cost on to the originator.
Additional requirements: 1) No added burden on legitimate users of e-mail, 2) The spammer shells out the cash to his victims, not to some cookie jar accessible to politicians and other lower life forms. Extending the junk fax laws to cover e-mail would work, provided that the definition of the prohibited activity is properly crafter.
/.
Re:Big deal. (Score:1)
/.
Re:L.O.L.... (Score:1)
Re:Hahahahaha!!! (Score:1)
Re:I work for a large national ISP. Here's the dea (Score:1)
I have yet to ever sign up to an email service, nor do I know anyone who ever has, who WANTS to receive advertisements.
Usually, the longer people have been on the net,the LESS email they want to receive, especvially since many of them are actively part of various email lists which fill their boxes fast enough as it is.
If I want advertisements, then I'll either hit a search engine looking for company sites on a topic, or watch TV, or, *gasp*, hit the yellow pages. It's worth the effort, not to be bothered by constant spam.
Once again, some part of my brain is making the mistake of thinking that this should be, in fact, patently obvious...that our societal and utter hatred of junk mail should in some way clue people in that nobody in their right mind (ie, the common consumer) wants and enjoys spam...especially the newbies, who have a low comprehension rate about how they can stop it. This isn't a service. And at least you can, to some degree, cut down on the junk mail by making requests to the post office or the sender. No such service often exists on the net except for buggy filters, which often must be added to each and every day as the spam sender finds yet another email service to sign up with...
Customers pay for service. Spam does not serve, it extorts. Thus true service protects from spam.
Todd Erickson
Re:Good riddance! (Score:1)
Re:L.O.L.... (Score:1)
Re:they claim list removal is possible... (Score:1)
mailing list.
I sent my "remove" request to the MAPS RBL
team, and I hope NSI is RBL'd.
Screw NSI (Score:1)
IMHO I think they deserve to be blacklisted.
They'll back down and stop sending out bulk
email as soon as their listed.. Either that or
they drag it out in court forever and that hurts
even more.
Re:L.O.L.... (Score:1)
Here's a clue for you: A system administrator is not a god. You're not obligated in any way to serve your customers. But you are obligated to disclose that you're blocking your customer's access to certain materials. To do otherwise and advertise that your service provides 'full access to the Internet' is an act of fraud.
Of course, you may find customers who approve of you doing their spambusting for you. But your 'rights' do not extend to making decisions for other people without their consent.
Re:MAPS sucks. (Score:1)
Re:Geek hypocracy make me sick (Score:1)
Re:Unauthorized reproduction (Score:1)
Re:I run an ISP (Score:1)
-Joe
What if... (Score:1)
in the world sent a single polite solicitation to
Mr. Emery? After all, he claims to have a
relationship with us such that this is not abuse.
It is a transformational experience to realize
that one-to-many is just as abusive as many-to-one.
Clueless bunch (Score:1)
Don't want to deal with them again.
L.O.L.... (Score:5)
I love lawyers. All they seem to know how to do is threaten and bully, regardless of how empty their threats are.
As I understand it, RBL is a subscription service. That is, the sites that use the RBL have chosen to participate, and are voluntarily not receiving email from anyone on the list. So, if you can't send mail to me, it's because I've chosen not to listen to you. All the ISP's that I've seen that use the RBL announce this fact, so businesses that use them should be aware of this.
Secondly, email is not a legally binding (or allowable) method of conducting business. You can't send invoices only by email, and then claim in court that you gave proper notice (at least in the US). Email has no guaranty of delievery, and the courts have not reconized it as a reliable method for transmitting legal/business documents. So NSI's invoice threat is moot. If they aren't sending invoices to Amazon via methods other than email, then terminate Amazon.com for some reason that was indicated in the email, well, guess who's liable for interference of interstate commerce? NSI!
Dolts.
I don't like the RBL. I think it's a poor (both technical and political) method of attempting to control SPAM. However, I dislike NSI even more. And if the Commerce Department is now stating that the whois database is it's property (which it is), then I can't wait for them to stick it to NSI for illegal use of government property for private commercial gain.
NSI sucks hard. They just need to die. Or at least fire all their top management.
-Erik
Buh-bye MAPSie (Score:1)
After all, it's basically Beezelbub versus Lucifer (NSI is Lucifer). They're both equally evil, but one is a lot more powerful. If Lucifer kills Beezelbub, you cheer, even though Lucifer wins a battle, because one demon is eliminated.
Same here. NSI is rich, powerful, and going to give MAPS a good solid humbugging. Does anyone remember their history? Stealing the "A" server from Postel, actually standing up to ICANN, smiting anyone that crosses them? Do you think they're going to let a bunch of moralistic hackers get in their way?
In fact, I could imagine a world where the first domain that gets pulled is mail-abuse.org. And that would be good.
Didn't Churchill say something like "if Hitler invaded Hell, I'd invite the devil to tea?"
Placing NSI on RBL illegal? (Score:1)
Now if I have chosen to use RBL and they add NSI on it, how is it any different? I could have done the same thing locally, but instead I have trusted RBL admins.
I think they should concentrate more on keeping the domain system running and less time writing bs. Still waiting for that domain server info to be updated..
TOO MUCH POWER! (Score:1)
What right to they have to decide that AGIS should get blocked, just because they choose to provide services which someone else misuses. This would be the rough equivalent to ordering all Ford drivers off the roads because a couple of people did hit-and-runs with them. The difference is, IRL, nobody has the POWER to exclude Ford cars. MAPS does. Overkill by an organization that has this much power needs to be stopped by a "600 pound gorillia." Good job NSI.
MAPS sucks. (Score:2)
mail-abuse.org is simply a collection of poorly (crappily even) written documents (sounds more like propaganda to me actually) randomly linked in an unorganized manner. It took me forever (so I am a bit dumber than the elite hackers that run mail-abuse.org) to figure out what the RBL was about, and I find that somewhat scary considering the great impact the RBL could possibly have on me.
Imagine the confusion a poor random user goes through upon realizing his email, for some unknown reason, cannot reach the intended destination and is referred to mail-abuse.org/rbl/. He goes there, and what help does he find?
"We have not singled you out", you are only 'collateral damage' in the war against spam. Oh well, too bad. If you want to get your email through, go talk to your system administrator.
I find that very irresponsible. We all know the frustration of calling some big company and having your call juggled between two departments. This is exactly what is happening here. MAPS is simply pushing the responsibility for blacklisting an IP and taking a passive role in solving the problem.
"If we made a mistake, oh well. We'll just wait until someone notices that they've been fucked and contacts us, then we'll try and push the responsiblity on their system administrators, and wait a bit more. And since we usually fix things up within minutes, the system administrators are the ones responsible for the users wasted time".
RBL is overkill. It keeps unsolicted email away from those who haven't solicited it, but it also keeps everything else away too.
Here's an interesting situation:
What if I love recieving spam? What if I WANT to recieve 'spam'? What if what you consider unsolicted email is actually what I like to read? Are you now able to decide what emails I can recieve, and what emails I cannot?
Just my two cents, but the solution to spam is not to censor everything.
Anyway...that was a fragmented rambling and messy opinion piece. If you understand it and realize that MAPS sucks, great. If not, well..I was never a good writer anyway.
unsolicited flames sent to lgrimani@hotmail.com will get reported to MAPS!
I see their logic. (Score:1)
I'm all for it. NSI doesnt own the net. They just want you to believe they do.
Bowie
Re:TOO MUCH POWER! (Score:1)
First of all, MAPS' RBL lists mail servres which get blocked, and it does it in a surgical manner. It is very slow and careful about which servers it blocks. Take Real Networks. It only has ten servers on the list -- the spam spewing servers. Normal communications not using those servers is unaffected.
Second, the RBL only blocks mail servers and the SMTP service to those who subscribe to it. Since these are hard-core spammers, isn't it worth while?
I volunteer to subscribe to MAPS. I also subscribe to RRSS, the Radparker Relay Spam Stopper. A similar system, but blocks relaying servers which are broken. The RRSS is similar in design to MAPS RBL in the case that it manually checks each report before throwing it in the listing.
What right to they have to decide that AGIS should get blocked, just because they choose to provide services which someone else misuses. The right given to them by the owners of all the servers which got spammed by the downstream. AGIS turned a blind eye to the downstream repeatedly after many complaints. Heck, it had to disable ICMP pings because too many individuals were flooding their routers trying to see if CyberPromotions was still up.
Because of repeated ignoring of complaints, it was thrown in for a while. And it repented.
MAPS is a last resort tool. And NSI isn't letting up. Throw 'em in.
---
Spammed? Click here [sputum.com] for free slack on how to fight it!
The implications are tremendous (Score:2)
Re:TOO MUCH POWER! (Score:1)
Indeed, might I say, even double guilt by association. First the ISP is punished for associating (doing a simple business transaction with, which won't be eliminated if you hurt the ISP, just moved) with the spammer. Then the innocent customers are punished for associating with the ISP. In the AGIS incident, we can call it quadruple guilt by association. They punished AGIS for dealing with cyberpromo, then punished AGIS's clients for dealing with AGIS, the punished those client's users for dealing with their ISP's.
Now HOW can those users make the connection between "hey, my mail doesn't get through" and "I better agitate to get cyberpromo censored."
It's simple bullying. Now, you may have a "right" to do so, legally or whatever. But that doesn't make it justified.
Think of it this way. AGIS is on the backbone, right? Carries huge chunks of traffic on the net, right? What if AGIS decided to stop dealing with the ISP's who subscribed to MAPS, to stop carrying their traffic? And what if they got all the other big deal folks to do so as well? UU.net, etc. etc. etc. Would you feel that was, how shall we say, bullying?
And why can't the ISP's block spammers their own damn selves?
Is that not a good thing?
MAPS is a last resort tool. And NSI isn't letting up. Throw 'em in.
I totally agree. The surest way to check a bully is for the bully to try and push around someone even bigger.
WTF? (Score:1)
I think you can figure out how to email me
Re:MAPS sucks. (Score:2)
-russ
Re:L.O.L.... (Score:1)
"They are pretty much daring us to blackhole them. The board of MAPS, LLC will make its final determination in the next few days, and if we do decide to blackhole NSI it's going to get ugly. As an interested party, we want you all to know what's happening."
Is Paul an attorney? I don't think so. Interpreting Emery's email as a "dare" strikes me as a somewhat juvenile attitude. The real danger of a weapon like RBL is, the more time and effort spent on creating such a weapon, the greater the temptation to resort to it. In other words, you spend years and ten thousand bucks training your Rottweiler attack dog, you naturally want to sic the dog on something to see how all that work paid off.
The additional danger of the juvenile attitudes of both Emery and Vixie here is the dick-measuring element. Without a doubt a lot of unsuspecting people will be confused, inconvenienced, and possibly hurt by an NSI blockade -- this would amount essentially to conviction without trial IMHO.
And when it comes down to it, I own many domains and I get the NSI spam, and is it SUCH a hardship to delete it? What kind of a geek are you if you can't figure out how to operate your own bloody mail filters?
Wax-On dudes.
Hahahahaha!!! (Score:3)
I wonder if they really thought anyone would give a flying fsck about some non-existant risk of Amazon suing them. If I was Amazon.com, and my ONLY billing invoice was set to be e-mail, and I lost my domain, there's three things I'd do:
1) Sue Network Solutions for removing my domain because of a lack of a response on a non legally-binding communcation medium.
2) Fire the admin who set up the domain not to have postal billing notification
3) Contact anyone I could to have said admin "disappeared"
Personally, I don't understand why someone would set up e-mail notification in the first place. I mean, come on! Sure, most clients are that stupid, but most ISP's should have the brains to point out to the clients the problems inherant in doing that.
Blacklist them. Serves them right. As has been said many times before, Network Solutions do not own the Internet, they're just unfairly utilizing an inappropriate monopoly situation created by a US Government that repeatly shows itself to be the premier organization of cluelessness and idiocity in the world.
Maybe the Government should be blacklisted to, just on general principle.
A tidy reminder... (Score:1)
Re:Geek hypocracy make me sick (Score:1)
Re:Geek hypocracy make me sick (Score:2)
Either ya allow the censorware morons out there censor any page with a naughty wordy-word or ya don't censor anyone that spams
Most of the people upset about censorware is that they miss many naughty words, and censor other sites that have none.
Then there's the fact that RBL really is reviewed by human beings, and tries to work with the site that is about to be black holed (censored) to give them a chance to avoid the action.
They are both opt-in agreements. No one has to be apart of that arrangement if they do not wish to be.
RBL is opt in. Most censorware providers are actively involved in efforts to require censorware for schools and libraries. In that case, there is no 'opt' at all. Part of their involvement is to 'assure' legislators that every site is checked and re-checked by human beings (patently false).
That's the difference you're looking for. That and that RBL actually works.
You're a fool if you can't control use of RBL (Score:1)
Before accusing others of being too stupid to operate mail filters, you should consider how ridiculous you look as you accuse voluntary RBL participants of being "unsuspecting." Yes, in case you didn't realize it, participation in the RBL requires active effort and is necessarily voluntary.
You forget that RBL is voluntary (Score:1)
In short, no one who loves receiving spam will ever have anything blocked by RBL, simply because they would not be subscribed to RBL.
As for mails we send to your personal address, I doubt that such a mail would be a bulk mail. As such, it would not fall under the definition of spam, "Unsolicited Bulk Email."
Re:L.O.L.... (Score:1)
Regarding the original matter, how about (say) a "blacklisted" webpage the ISP puts up detailing who's gotten on it and why, and inviting open discussion on the ISP's newsgroups by its users?
The problem is volume, not content (Score:1)
Censorship, by definition, operates on the content of the message. Spam, on the other hand, is defined by its volume, not by its content. If you send unsolicited bulk email, your email is spam, no matter what its content. Contrariwise, if your email is solicited, or not bulk, then it's not spam, no matter what its content.
The fact that spam is characterised by volume, and not content, is the single most important difference between spam filters and content-based censorship.
they claim list removal is possible... (Score:1)
anyway, just reading NSI say they have 5,000,000 customers pisses me off, since they deserve about 3% of that.
It makes sense to RBL NSI (Score:1)
Clearly this is a no-brainer. This is what MAPS exists for. NSI not only refuses to change their policy on spam, they are threatening MAPS with what will happen if it does its job for its subscribers.
Black hole them, MAPS. I'm sure if you are worried about legal fees, plenty of us will be glad to chip in for your defense. Set up a web page for that now if you haven't already.
Something that NSI seems to be unaware of... (Score:4)
Anyone remember when Microsoft was RBL'ed?
They poised, and they threatened, and then they backed down... MS is bigger than NSI could ever hope to be, and they have WAY more money to throw at lawyers.
AOL, also was blackholed as well; with the same results; denials, threats, submission.
If MS couldn't win, then what makes NSI think they will? This letter just shows exactly how clueless they are. Someone should send them a wake-up call. Paul Vixie doesn't back down.
It's hardly geek hypocrisy ;) (Score:1)
clifyt wrote: You're absolutely right. There's nothing illegitimate about my using censorware to filter out some piece of the Internet. Though most people I know wouldn't use the stuff, since the particular sort of filtering it does seems unnecessary and amusingly inept. It's different for those people who have not opted in. If I am an ISP user and my ISP is performing some sort of filtering with which I disagree, why, I can change ISP's. If I am a 13-year-old trying to get information at a library and I have no other access to the Internet, I have not opted into whatever inept filtering scheme is used, and yet I am stuck with its effects.
This is more of a problem with censorware, because it often blocks useful information people are actively trying to get, and rarely a problem with spam email, since it is unsolicited.
This is clearly untrue in the cases cited. There's no need to pass laws to prevent either spam or censorship. To prevent spam, clearly the RBL works nicely. One good way to prevent censorship is to keep the government from passing laws requiring it in the first place. Cryptography is another case where there would be no problem if government hadn't gotten involved in the first place.Definition of "customer" (Score:3)
1) NSI's definition of "customer" is bogus. Yes, a company has certain rights to communicate with its customers (see below). But the status of "customer" implies the meeting of a willing buyer and willing seller. Because NSI has had a monopoly these past few years, we can't assume "willing buyer". Who knows how many people would have gone to a different source for TLDs had one been available? I know I would have. Therefore, we as buyers are in an *enforced* customer relationship, and NSI shouldn't assume that the usual privileges apply.
2) Even if we were truly NSI's "customers", opt-out bulk e-mail is still not part of the "usual privileges" package vendors earn from such a relationship. I've seen the e-mail in question -- it's a pure sales pitch, *not* administrative. It's not central (or even related) to the functioning of the relationship, and one has no opportunity to opt-out at the time the relationship is started. In short: appallingly bad marketing. But what moves NSI from the world of Bad Marketing and into the sphere of Theft is the cost-transference nature of e-mail.
--Tom
Re:MAPS sucks. (why was this flamebaited?) (Score:4)
>
>
Opens with ad hominem arguments and ends with moot threats. I think I can see why it got flamebaited.
That said, the AC who wrote the article did have some good points, which probably bear repeating:
and consequently,
One problem, though - most of these concerns are valid only for situations in which an ISP is RBLed, and customers of the ISP wonder why their mail is blocked. For a blocking of NSI (or RealNetworks' mail servers), only those machines would be blackholed - and thus, only users on those spamming machines (in this case, presumably just a mailing 'bot) are likely to suffer collateral damage.
An RBL for an ISP is different - it passes the support load from the newbie customers of the ISP on to the support department of the ISP. On the other hand - when all else, including the efforts of the RBL team to resolve the situation peacefully, has failed, maybe that's the only option left. If an ISP chooses to harbor spammers, its customers will suffer, and leave.
Maybe that's fair, maybe it's not (and it's certainly a valid subject for debate), but that's not what we're talking about here.
An RBL for a spam-spewing mail server in a single domain inconveniences only the ability of that server to spew spam. If the server exists solely as a spam hydrant, then the collateral damage is essentially zero.
Finally, in MAPS' defence, it's hard to get a site on the RBL. Writing Nick (Nick Nicholas, former pacbell.net abuse god :) and saying "I mailed abuse@isp.com and they ignored me" isn't enough. A history of abuse must be established and documented, as well as attempts by phone as well as e-mail to resolve the situation. The MAPS team then goes out and attempts to resolve the situation themselves. Their decision to place a site on the RBL isn't an everyday occurrence; it's a last resort reserved for the most brazen of offenders.
Re:NSI could have avoided this --- Re:MAPS sucks. (Score:2)
Vixie wants a suit (Score:1)
They want to be sued, preferrably by a large well-known company, so that they can establish a precedent.
Sure you have a choice. RBL exceptions. (Score:2)
> put Internic on RBL we would have no choice
> but to turn RBL off.
No, just add them to ACCESSDB (/etc/mail/access)
as OK.
Any time the RBL blocks someone, you get an
easily parsed log message. If you're worried
about losing mail, make RBL return a 45x rather
than 55x; the sender's server will retry.
In a year of using the RBL I don't believe we've
inconvenienced more than a handful of
non-spammers. The only case that comes to mind is
an open relay at UPenn -- 99% of what the RBL
delayed from that relay was spam, but there might
have been some legit users too. And then they
fixed the problem.
MAPS doesn't go off half-cocked like ORBS. They
only add to the list after the site has had ample
opportunity to respond. It's not really
"realtime."
I wouldn't be surprised.. (Score:1)
Won't the problem resolve itself? (Score:1)
How does this rate against UCITA? (Score:1)
Does UCITA legitimize spam in general, if a customer "agrees" to it?
NSI would have grounds, under UCITA, to disable a domain if a domain owner signed up with spam-blocker, if it is specified in the service agreement (or equivalent) that the customer must go through NSI to end the spammage. Actually, that's a scary damn thought, because it could apply to any electronic service (incl. telcos).
(I read a draft after the
Absolutely. (Score:2)
Maybe you personally don't object to deleting spam. I, myself, don't especially mind sorting known-good email into special mailboxes and then having the inbox be the spamtrap, sometimes meaning that cmd-A delete is all I need to do. I've discarded good messages because I thought they were spam, a couple times, and it didn't cause me too much trouble, just a bit of ribbing from my boss who'd got his message deleted by mistake.
However, I fully support these draconian measures against spammers, because the problem is the 'I could do that' factor. There are a certain number of new spammers every day, and many of them noisily advocate spamming to others, and some of the spams are themselves for spam tools. It's a recipe for 'meltdown'.
Even a fairly humble linux box can saturate a T1. If any concessions are made to spamming, and it gains any sort of acceptability, it's a 'tragedy of the commons' situation but will happen so fast it'll make your head spin- and suddenly, the networks will be saturated, ISPs and backbones collapsing under the weight of one person in a hundred, or one in ten, deciding that 'it doesn't cost anything' to send their advertising note to, well, heck, how about sending it to everybody? There's this neat program a spam pointed them to, and it can run 24/7...
I get spams authored in Frontpage using some non-English language that might be Japanese or some 2-byte language. I've been getting quite a few of those, more and more. Why be restricted to 'customers' who can read your language? Why not just send email to everybody on the internet and then those who can't understand it should just throw it away- or 'opt out'? Let's _everybody_ do that. Then each of us will only have to throw away 1 email/day from everybody in the world. No, that's silly, call it one in a thousand. So each of us will only have to throw away or opt out of several million spams a day...
Hell with that. RBL 'em. The net is not necessarily a safe place. In particular, spammers don't have rights to network access, and have no reason to expect fairness.
Re:Geek hypocracy make me sick (Score:1)
The customers decide what mail they do or don't want blocked via their choice of ISP. It's called the free market. Home Depot doesn't carry Nelson's sprinkler products, so if I want to buy them, I go to a competing chain.
Re:Who controls .us? (Score:1)
http://www.isi.edu/us-domain/
Re:List removal (Score:1)
Blackhole 'em! (Score:1)
People subscribe to the MAPS RBL to help them
identify networks and companies that have
good UCE practices.
If NSI doesn't have good UCE practices, they
should be in the RBL.
With competition, if I find that I can't
do business with NSI because they are in the
RBL (which I subscribe to), I'll find another
registrar that has UCE practices I find
acceptable.
Cheers,
- Jim
Re:If you blackhole us ... (Score:1)
(1) NSI would be in breach of contract (IANAL tho)
(2) There would be huge publicity advertising MAPS
and RBL to all kinds of people that have never
heard of them before
(3) Even if they do delete the vix.com domain, you'll
note that this still wouldn't stop the use of RBL
by any domain which slaves the rbl.maps domain,
since you configure bind with the IP's of the
master's for the zone.
NSI: Beware the death of e-commerce! (Score:1)
Um, reality check. Let me get this scenario straight:
- Amazon.com joins the realtime black hole list.
- Amazon's technical contact doesn't realize that NSI got put on the RBL (despite the fact that just the news of the possibility is making its way into every technical contact's internet news feed).
- Amazon's domain is suddenly revoked by NSI -OR- Amazon's business, technical, and administrative contacts all forgot about that small part of the contract that says it has to be renewed.
- Amazon loses their domain name and doesn't realize it in time.
- Poor little Amazon and 40% of other e-commerce sites go out of business. (accordingly, NSI loses 40% of its business)
- To recover losses, Amazon and the other 40% of e-commerce sites who go out of business are going to sue the pants off MAPS (not NSI).
Now that would be funny!"...do not hesitate to contact me if you wish to discuss this matter further. "
From what I've heard, Slashdot never hesitates. For those of us that are technical contacts, how can we contact you directly?
Re:Hahahahaha!!! (Score:1)
decide whether you get email or snail mail
notifications.
I seem to have gotten snail mail.
Golden opportunity to displace NSI? (Score:2)
- MAPS blackholes NSI
- NSI starts deregistering domains - perhaps starting with MAPS' own.
- Network connectivity starts to go to hell.
- One or more alternate registries set up root servers and publish the old domains' data, along with new registrants. They have essentially all the domains while NSI, having deregistered many, has fewer. (Use of their services, of course, is strictly voluntary.)
- Sysadmins reconfig their named.root to pick up the new registries in preference to NSI's, in order to retain maximum connectivity.
- The net is now migrated to competitive registries.
NSI's misbehavior and the (entirely appropriate) blackholing of NSI thus create a Shelling Point for the migration of the net away from the NSI monopoly.
(For those not aware of them, Shelling Points are those moments in history where a large bulk of people, without explicit advanced agreement, realize that "This is the moment for action X, and everybody else knows it too." The British attempt to sieze the colonists' arms was a Shelling Point for the American Revolution. The acquittal of the policemen accused of beating Rodney King was the Shelling Point for the L.A. Riots, and so on. With a Shelling Point a mass of people can act in concert to great effect - for good or bad. Without one people must forge an agreement on timing, "go off" according to individual thresholds which don't match, or be boiled like a frog in a slowly heated pot.)
Goliath cries as he falls on david. (Score:1)
Like all other long-standing institutions which are facing eminent demise/change. It's sad, because we all remember nsi.. we've know them since our youth. We now have to watch, red-faced, as they cry like babies who are made to eat instead of bottle-feed. Can't they just accept the change gracefully?
Especially with the spamming, good-riddance.. The last use I had for them was to register domains I knew I wanted but didn't have the $$ for at the time, that's gone so I might as well go with a service that doesn't stand for beauracracy, but for a newer company.. that is seperate, not independent of a central organization (wasn't the arpanet originally designed for the sole purpose of a non-central based network that can't be taken out by nuclear attack? to stay true to those goals, you just can't have any sole entity on-line for such an important service)
Re:MAPS sucks. (Score:1)
-russ
By any chance... (Score:1)
I have seen the "What if I love spam?" argument before, repeatedly. But I have only seen it from anonymous posters or identifiable spammers.
As for MAPS, the only time I looked at their web site I had no trouble finding instructions on how to get off the list - even using Mosaic for a browser. The first link on the index page is "MAPS Realtime Blackhole List". Hit that and you get a page with a list of resource links:
End User information on the RBL
Our rationalle for the MAPS RBL
Reporting spammers to the MAPS RBL team
How to get into the MAPS RBL
How to get out of the MAPS RBL
How to use the MAPS RBL to protect your network
Some of the sites that use the MAPS RBL
Look up an entry on the MAPS RBL
Trace the route from the RBL server to someplace else.
An explanation of "greeting-card spam."
RBL in the news
How hard is it to figure out that "How to get out of the MAPS RBL" is the one you want?
Re:MAPS sucks. (Score:1)
I think that Vixie is wearing hypocricy very well. The action against Real was just testing the water to go after companies like Netsol. Now they are flexing their muscles again, to see just how far they can push their power.
I hope they do Blackhole NSI, and that NSI sues them, joined by any other company that has been affected by the overly broard definitions that MAPS has been using of late.
I work for a large national ISP. Here's the deal. (Score:2)
"What if I love recieving spam? What if I WANT to recieve 'spam'? What if what you consider unsolicted email is actually what I like to read? Are you now able to decide what emails I can recieve, and what emails I cannot?"
I work for an ISP. We block sites like popsite.net because the ONLY E-MAILS we EVER get from them are SPAM. Spam costs us lots of $$$, for these reasons:
1. We have to have a netabuse team (several people) who do NOTHING ALL DAY except watch the mail and news servers for crackers and spammers. Believe me, they are seldom idle!
2. Our sysadmins have to keep an eye on the mail, news, and other servers as well.
3. Our network operations center has to spend time contacting the various networks when Abuse is either saturated with tracking all the jerks and assholes, or out for the evening. You may have noticed that it's kind of expensive to call the office of another network provider (or anybody else for that matter) 2,500 miles away...
4. We have to add huge amounts of extra disk space to handle news and e-mail. Much of this is occupied by spam. This costs us MONEY that SHOULD be spent on building/leasing POPs, hardware/memory upgrades, etc. Instead, we have to spend our member's money defending them from crackers and spammers. It's not fair to us, and it's REALLY not fair to them!
5. This is kind of off on a tangent, but it bears saying. When someone unloads a ton of spam onto our servers, WE SEE IT. We have an algorithm that checks the mail servers' syslogs for repetitive instances of text in the headers, etc. When it sees this, it notifies us. Think you can get away with it? We'll call your provider, have them knock you offline, and then forward them the logs so that you get CANCELLED. Same if you try to crack our systems or initiate a DOS attack against anything we own. We'll get you kicked off and we'll also do everything we can to get you cancelled from whatever ISP you're coming from. And since most dialup gear keeps a record of your phone number, we might even call you and demand to speak to your mommy at 3AM. B3W4RE, SKR1P7 K1DD135!!! Whenever you try to spam or crack us, WE SEE IT. Don't think that a dynamic IP makes you anonymous, because every ISP in the world logs what IP was used and at what time. They have to for legal reasons.
Re:A tidy reminder... (Score:2)
My first though was to reply to this with an "Amen". NSI is not, has never been, and will never be the "Internet Authority" (Patent Pending [or so they think]).
Aside from the other officially sanctioned registrars, I seem to recall reading about a volunteer organization (probably on /.) offering to provide DNS services without the value-added BS of NSI. Anyway, with more registrars being accredited, I'd say its time to put NSI behind us completely.
While considering the implications of all this, I was perusing www.iana.org [iana.org] and was delighted at the prominent notation:
Please note that this transitional site presents both initial steps and currently accepted practices that are subject to input by the international Internet community and approval by the Board of Directors.
If you go to their site, there is a forum for public comments. /.'em with honest, frank, unflaming input on why the agreement with NSI should be terminated.
Now, if you want to be horrified, go to www.internic.net [internic.net] to read about the coming changes in Domain registration. First, you'll notice that you're really at networksolutions.com. But wait! If you read really, really slow (just leave the window open), you will be automatically forwarded to the NSI front door.
Going deeper into the ICANN FAQ [icann.org], I found Ammendment 11 [doc.gov] to the Dept. of Commerce/NSI contract. An excerpt regarding existing NSI customers:
- Commencing upon the Phase 1 deployment of the Shared Registration System, and for a period of 18 months thereafter, NSI shall permit any customer with whom it has a contract pursuant to which NSI provides registration services that is either facially or effectively exclusive as to registration services, to terminate the registration provisions of such contract (following payment of all amounts due up through the time of such termination) and obtain registration services from other registrars; provided, however, that NSI may enter into agreements pursuant to which NSI's counterparty agrees not to utilize proprietary intellectual property or confidential proprietary information provided by NSI to the counterparty pursuant to their agreement.
Now, I wonder why NSI has been putting up such a forcefull argument that the info in the WHOIS database is "proprietary intellectual property". As far as I can see, you can change registrars by giving them the same contact information you originally gave NSI. It may be proprietary in their database, but it is not when it's your personal information on an application form.If I'm reading that right, anyone registered with NSI can switch to another registrar, with a pro-rated refund of domain fees.
Back to the original topic: Putting NSI on the RBL would be a serious wake-up call that without the participation of each and every transport provider on the 'net, they are worthless (Ok, MORE worthless).
NSI = Numb-nuts Screwing-up the Internet (Score:1)
Dumb asses....
Re:Geek hypocracy make me sick (Score:2)
So, if I were to create the technically perfect Web censorship software, Jon Katz would not be annoyed at its use? "Most of the people" who usually complain would not? No.
I and others who are bothered by censorship are usually bothered because censorship implies a power of control. Control of ideas, in fact, which is one of the most powerful forms of control.
The RBL presents the same danger, but the original poster was incorrect in assuming that that danger can be acted upon. Because the RBL is voluntary (and in fact is only the most popular of several such efforts, some of which are more technically sound, but have a higher barrier to entry) it can never have the same impact as, say, the V-chip which is required in every television set in the US.
I have a problem with some of the applications of the RBL, however. For example, WebTV applies the RBL to your mail whether you like it or not, and that's exactly the problem with things like the V-chip (granted, this is WebTV's problem, not MAPS').
NSI is not being censored, they are being refused access to the pockets of millions of consumers because of bad business practices. The consumers do not have to deny access (except as noted above), but they WILL because they don't WANT unsolicited EMail. If NSI wants to put those messages on their Web site, and slam out ad banners to every major Web portal on the planet, there's nothing wrong with that. BUT, it would cost them money, and NSI doesn't want to have to spend any actuall money! Therein lies the rub. Spam costs money, but not to the sender. Thus it is refered to as theft. NSI is commiting theft, and what's worse, they are doing so because of their relationship with the US government that gives them a monopoly over one of the most important communications technologies in history.
Let me repeat, this is not a censorship issue, this is a simple case of abuse. NSI is abusing their customers, and their customers are not pleased (that includes me).
Re:A declaration of independence from NSI. (Score:1)
Corrupt argument (Score:1)
There are good arguments why spam is bad: mainly because the burden of cost is not on the sender and therefore there is no negative feedback mechanism to control it. Arguments that try to dictate what a person can or cannot receive are superfluous, and always unfair to someone or other.
If you want to control spam, find a way of passing the cost on to the originator. In this hugely dynamic free-ISP scene, blocking the output is a fool's game that doesn't cure the disease at all.
Re:I work for a large national ISP. Here's the dea (Score:1)
Re: RBL clarification (Score:1)
This is exactly what I'm talking about - doesn't this seem precisely like mob lynching?
--
I would actually like to pose a question to clarify a point here:
Suppose my ISP was an RBL "member." I go to NSI to try to register a new domain, and those of you who are familiar with the registration process know that you have to send an email based on their template.
Normally, the NSI automails a response indicating the success/failure of your registration request.
But if NSI was blocked, I would not receive this confirmation. Is that correct?
Let them know... (Score:1)
How about all of the domain holders amongst us send an email as follows:
To: hostmaster@internic.net
Subject: NOT INTERESTED IN BUSINESS
As a resgistered domain contact for , I would like to notify you, and Mr Jonathan Emery, that I have no desire to conduct a business relationship with NSI. At the first opportunity I will be seeking to conduct my business with an alternative vendor. I have not CHOSEN to be an NSI customer, I simply wish to have a domain.
As a result of this notification, any future emails or postal mails sent to me by NSI, not relating to the function, administration, status or billing of my domain, are demonstrably unsollicited.
Spread the word (and the email) to anyone else you know to be a domain name owner.
Re:I work for a large national ISP. Here's the dea (Score:1)
Re:The implications are tremendous (Score:1)
Illiad has it right (Score:1)
Sunday's User Friendly [userfriendly.org]
Re:Geek hypocracy make me sick (Score:2)
Jon Katz would not be annoyed at its use? "Most of the people" who usually complain would not? No.
Most of them would not complain if it was opt-in as well. I was perhaps not explicit enough that censorware would have to be both accurate and opt-in to be acceptable to most'geeks'
Re:WTF? (Score:1)
NSI, on the other hand, gets paid by your money. Accepting their advertising at my expense is not part of the deal. I never agreed to it anyway.
-russ
Re:The implications are tremendous (Score:1)
If they continue and remove the domain, take them to court.
(Might be hard to win since NSI's seem to have no employes except lawyers.)
Let me see, they require an email address... (Score:1)
And yes, I've gotten the NSI spam, and no, they have no right.
-russ
Re:L.O.L.... (Score:1)
This is the idea. They don't want 2 million customers to just go bye bye. They like sending out worthless email for whatever reason (probably cause it is a lot cheaper than sending normal mail) Can you imagine the funds that they are raking in from not sending out the mail USPS? They wouldn't be quite as rich otherwise.
Re:I see their logic. (Score:1)
If you blackhole us ... (Score:3)
Good riddance! (Score:2)
Can you stop it? (Score:2)
Re:Can you stop it? (Score:1)
-russ
Re:Good riddance! (Score:1)
Re:The implications are tremendous (Score:1)
If NSI gets blacklisted, and you still want to receive mail from them, you should be able to add their mail server to the RBL filters exception list. Check your mailserver or filter documentation.
Re:Can you stop it? (Score:1)
Different rules where I come from. You can trespass on my land, and all I can do is tell you to leave, use minimum force to make you leave, and eventually call the police and have them remove you. In real space this rule makes a lot of sense (not least because property boundaries are less than obvious). If you don't want people wandering onto your land, build a damn fence.
However, that said, the same rules can't be applied on the net. Trespassing in real-space uses up a lot of the intruders time, and there's no obvious advantage to it. I don't see any serious problems with individual trespass (mass trespass is illegal) where I live, but I do (did) have serious spam problems until our SMTP servers were configured to use RBL-like tactics.
Nick.
Re:L.O.L.... (Score:2)
Is Paul an attorney? I don't think so. Interpreting Emery's email as a "dare" strikes me as a somewhat juvenile attitude.
The use of the word "dare" was perhaps unfortunate, but isn't NSI simply calling MAPS' bluff? If MAPS doesn't follow through with their stated MO, isn't this going to weaken MAPS' ability to impliment such Spam-reduction in the future? Perception is key, here.
The additional danger of the juvenile attitudes of both Emery and Vixie here is the dick-measuring element. Without a doubt a lot of unsuspecting people will be confused, inconvenienced, and possibly hurt by an NSI blockade -- this would amount essentially to conviction without trial IMHO.
Ok, repeat after me... RBL is not a government, nor is it a law, nor is it implimented by either of the above. The Black-holing of NSI will be a public action taken by the public. The equvalent would be a newsletter that displayed picutres of salesmen that stick their feet in doors in order to give a sales pitch. The newsletter does not lock people's doors. It simply gives them a good idea of when that might be appropriate. In the case of the RBL, there are automatic ways to have your door lock, but that doesn't change the fact that the public recipient of the hostile sales pitch (yes, Spamming is textbook hostile sales) is the one shutting it off, and they can choose not to.
The case that keeps getting pointed out is where an ISP uses RBL and will be blocking NSI mail to all of their users. This is much like the case where an office building management company does not let hostile salesment into the building to see the tenents. The tenents are going to get grumpy at some point, and say "hey, I wanted to see that guy, he's selling widgets that I need". This is what has already been mentioned where some ISPs will stop using RBL based on the NSI blackhole. This is a Good Thing(tm). It demonstrates that these ISPs are willing participants, and they can and will leave if and when they feel that it is no longer appropriate.
What kind of a geek are you if you can't figure out how to operate your own bloody mail filters?
What kind of geek are you if you don't create a way for non-geeks to do the same thing.... Gee, that would be RBL!
-AJS
Re:List removal (Score:1)
Re:Sure you have a choice. RBL exceptions. (Score:2)
ORBS, on the other hand, sucks. I've had a bunch of my own mail get bounced by ORBS for various reasons, either because the mailserver I was using was open-relay or because the ORBS people happened to be in a bad mood.
I find the cure, in that case, worse than the problem.
Re:Good riddance! (Score:2)
NSI Drivel (Score:2)
The only way for Amazon.com, or anyone else, to have their domain registration-related E-mail traffic disrupted would be if amazon.com willingly subscribed to the MAPS RBL feed.
NSI is whistling through their ass here. MAPS RBL is a purely voluntarily blacklist. If someone does not wish to have their mail to/from NSI blocked as a result of the RBL, it will take approximately five seconds for them to disable RBL filtering on their mail server/routers, or provide an exception for NSI's IP address space. Someone should ask the Looney Tune who wrote that letter whether or not he would have any objections if someone were to have him sign up to a few thousand mailing lists, on a condition that every one of them will have a working remove address. According to this Looney Tune, as long as there's a functioning remove address, there's no problem, so he will have no reason to object.
--
NSI could have avoided this --- Re:MAPS sucks. (Score:2)
There are some key words that have to be recognized. One, I am a subscriber. They created their own list. I, as an administrative decision, chose to use their list. Two, they make it abundantly clear that, or at least they did when I signed up for the service, that RBL is not perfect, that you have to be willing to occasionally throw out the baby with the bathwater. For me, spam had gotten so bad that I finally relented and enabled RBL. I've been happy ever since.
As for the NSI debacle. It comes down to one key point. I haven't seen their spam message (well, not the most recent one). If I use the whois database to mine for email addresses and send SPAM, NSI will try to (1) sue me?, (2) block my access to the database, (3) who knows what else. Yet, they are doing the exact same thing.
Bottom line. I used them as a registry service. I created a business relationship with them as a registry service. As such I suppose I would get some spam from them as a registry service. However, if they started spamming me with messages about hosting, or non-registry issues -- that that most definitely is SPAM. Look at it this way. Let's say magazine publisher XYZ Corporation publishes magazines on 50 different topics ranging from Apples to Zebras, and you subscribed for a magazine on wireless data. Your now on their mailing list. You've created a business relationship with them. Would you be upset if you got junk mail from XYZ Corporation encouraging you to subscribe to adult mags?
The line between spam and acceptable commercial email is getting slimmer and slimmer. In a way, depending on what information is being sent out, NSI does have a valid business relationship with people in their database and can send email to them. They've learned from all those that mined the whois database for email addresses just how valuable such a targeted list of names can be.
NSI could have avoided all of this by 'announcing' in their first SPAM message "You are receiving this from NSI because you have at least one registered domain name in our database. You have been included on a list which will send you periodic updates on new services and features available from NSI. If you do not wish to receive these messages, here is how to remove yourself from this list. If you take no action, you will automatically receive news on any new and important services and features available from NSI."
That first message would not have advertised anything, yet it would have alerted everyone on the list of what was to come and could have avoided this entire problem!
Bad Attitude (Score:4)
NSI: We're a 600 pound gorilla, and we intend to behave as badly as we want to. Get in our way, and we'll squash you.
If RBL is to mean anything, they really have no choice but to blacklist NSI at this point. MANY people have complained about SPAM from NSI.
NSI, because of their special monopoly position, has a higher obligation than most companies to not spam. It's not as if most of the people on their list could have chosen another registrar that doesn't spam (at least not when they gave NSI their email address).
For those who will have problems if NSI is blacklisted, there are several options. Tell NSI to send invoices by snail mail, de-configure RBL, or go to another registrar. I suggest the latter if at all possible.
MAPS RBL, NSI, and other blockers. (Score:4)
The MAPS RBL has blocked whole backbones before (AGIS, for the Cyberpromotions fiasco they had). Real Networks got thrown in, even after they sent a legal threat to MAPS. MAPS has not received any orders against the listing.
---
Spammed? Click here [sputum.com] for free slack on how to fight it!
Re: (Score:2)
Wrong default (Score:2)
Make that "If you wish to receive these messages, here is how to add yourself" and I could concede the point - provided they put a checkbox in their signup form for new registrations and/or gave the instructions in their signup confirmation mail, and only sent the above, ONCE to OLD accounts.
We consider it spam if somebody repeatedly sends mail to everybody on a list he buys unless they opt out. Why should it be different for a "somebody" who just happens to have had a government mandate to monopolize the internet registry?