CDR: FW: BLOCK: AT&T signs bulk hosting contract with spammers

newer
CDR: Quick Approvals...$...Fast...

older
CDR: Fast Approvals...$...Quick...

James Wilson

1 Nov 2000 1 Nov '00

11:04 a.m.

If any of you get services from AT&T you might want to start looking for a more ethical carrier (if one exists) - AT&T has been caught red handed hosting spammers and promising not to terminate their services. - James D. Wilson, CCDA, MCP "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) -----Original Message----- From: Spam Prevention Discussion List [mailto:SPAM-L@PEACH.EASE.LSOFT.COM]On Behalf Of Steve Linford Sent: Tuesday, October 31, 2000 1:16 PM To: SPAM-L@PEACH.EASE.LSOFT.COM Subject: BLOCK: AT&T signs bulk hosting contract with spammers (just sent this to AT&T, thought SPAM-L would like a copy) AT&T, The Spamhaus Project has just received a fax copy of a Bu lk Hos ting contract written and signed by AT&T and sent to a known spamhaus, NEVADA HOSTING (aka spammers Ronnie Scelson and Bruce Connelly, in ATT.NET block NETBLK-NEVADAHOSTING-242, 12.36.242.0 - 12.36.242.255) in which AT&T agrees to provide NEVADA HOSTING with Bu lk Hos ting for spamming purposes. A copy of this fax is now at http://spamhaus.org/rokso/nevadahosting.jpg This fax proves that AT&T knowingly does business with spammers, and shows that AT&T makes 'pink' contracts with known spammers to not terminate the spammers services knowing full well that the only way it can provide this service is to either ignore or bin spam complaints on such "bu lk hos ted" web sites. Here is an extract from the pink contract which says this: "NevadaHosting wishes to operate Bu lk Host ed Web Sites. Bu lk Hos ting is defined as hosting a web site that is Spammed from other gateways. NevadaHosting only hosts the web site that is advertized in the Spam. AT&T Agrees that it will not terminate the provision of services to NevadaHosting because of NevadaHosting's operation of Bu lk Hos ted Web Sites" AT&T Abuse will appreciate that I am now going to make this contract public, and of course it will be passed to the MAPS RBL team. Therefore it is very important that this communication is passed to AT&T Management now. -- Steve Linford The Spamhaus Project http://www.spamhaus.org

Show replies by date

Kevin Elliott

2 Nov 2 Nov

6:56 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

At 07:40 -0800 11/1/00, James Wilson wrote:

...

If any of you get services from AT&T you might want to start looking for a more ethical carrier (if one exists) - AT&T has been caught red handed hosting spammers and promising not to terminate their services.

You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it cause significant (heck, even measurable) harm. -- "As nightfall does not come at once, neither does oppression. In both instances, there is a twilight when everything remains seemingly unchanged. And it is in such twilight that we all must be most aware of change in the air--however slight--lest we become unwitting victims of the darkness." -- Justice William O. Douglas ____________________________________________________________________ Kevin "The Cubbie" Elliott mailto:kelliott@mac.com ICQ#23758827

Alan Olsen

6:33 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

On Thu, 2 Nov 2000, Kevin Elliott wrote:

...

At 07:40 -0800 11/1/00, James Wilson wrote:

...
If any of you get services from AT&T you might want to start looking for a more ethical carrier (if one exists) - AT&T has been caught red handed hosting spammers and promising not to terminate their services.

You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it cause significant (heck, even measurable) harm.

As long as they are honest about where they are coming from. However, spammers have a nasty habit of lying about their return address. (And the sysadmin of that domain gets to wade through the mountains of shit-mail and hell caused by pissed off people.) Either that or they hijack open relays and cause those servers to crawl to their knees, as well as the above headaches for the site admins of the effected servers. I have had to clean up the mess from a couple of spammers doing the above. (As well as the problems caused by clueless sales people at a company I once worked for.) Not fun. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."

Tom Vogt

3 Nov 3 Nov

4:23 a.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

Kevin Elliott wrote:

...

You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it cause significant (heck, even measurable) harm.

as a matter of fact, it does. the quantity of it, you know. if your 1 mio spam mails cause every receipient half a sec (on average) to discard, you've just wasted roughly a week of worktime. then again, 90% of your receipients will most likely waste much more time every evening *willingly* subjecting themselves to advertisement (and a little entertainment between the spots) on tv anyways.

Sampo A Syreeni

4:55 a.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

On Fri, 3 Nov 2000, Tom Vogt wrote:

...

...
You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it cause significant (heck, even measurable) harm.

as a matter of fact, it does. the quantity of it, you know. if your 1 mio spam mails cause every receipient half a sec (on average) to discard, you've just wasted roughly a week of worktime.

I think it's more about the principle of it. No sane, sensible, tolerant person would go as far as to try to regulate spam. Or, indeed, UBE-friendly ISPs. But bulk mailing is such reprehensible behavior that it surely deserves a pile of social and technological sanctions. Blacklisting, shunning, DoS attacks and teergrube-kinda software immediately spring to mind, a combination of the first and last perhaps being the least intrusive. I totally fail to grasp why governments seem so intent on criminalizing most such measures. To me they seem like the essential ingredients of basic cyber-hygiene. Sampo Syreeni , aka decoy, student/math/Helsinki university

Tom Vogt

5:46 a.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

Sampo A Syreeni wrote:

...

I think it's more about the principle of it. No sane, sensible, tolerant person would go as far as to try to regulate spam. Or, indeed, UBE-friendly ISPs. But bulk mailing is such reprehensible behavior that it surely deserves a pile of social and technological sanctions. Blacklisting, shunning, DoS attacks and teergrube-kinda software immediately spring to mind, a combination of the first and last perhaps being the least intrusive. I totally fail to grasp why governments seem so intent on criminalizing most such measures. To me they seem like the essential ingredients of basic cyber-hygiene.

I guess it's just that govs see that they're losing power and thus are scrambling to get themselves involved everywhere. or, on a slightly less malicious scale, they're equally desperately trying to show that they *do* have something of consequence to contribute. maybe DMCA (as much as I hate it) and the breaking of micro$oft (as much as I love it) both stem from the same emotional source.

James Wilson

10:41 a.m.

New subject: CDR: RE: FW: BLOCK: AT&T signs bulk hosting contract with spammers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Does shifting the cost of millions of dollars every month on to other businesses, individuals and governments qualify as "significant (heck, even measurable) harm"? Yes. Spam is VERY EXPENSIVE -- this document explains why... http://www.techweb.com/se/directlink.cgi?INW19980504S0003 Spam has also been defined, *in multiple court cases*, as "trespassing upon a chattel", as denial of service attacks (from the flood of bounces from the fake return addresses crippling third party servers, )fraud and damaging business reputations (when spammers use fake addresses to blame innocent 3rd party businesses), and as theft of service. Do you consider trespassing, denial of service attacks, fraud, damaging reputations, and stealing services ethical behavior? "All that is needed for evil to prevail is for good men to do nothing." - -Edmond Burke "Shut up and eat your spam" - -Anonymous Spammer - - James D. Wilson, CCDA, MCP "non sunt multiplicanda entia praeter necessitatem" William of Ockham (1285-1347/49) - -----Original Message----- From: Kevin Elliott [mailto:k-elliott@wiu.edu] Sent: Thursday, November 02, 2000 1:40 PM To: James Wilson; cypherpunks@cyberpass.net Subject: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers At 07:40 -0800 11/1/00, James Wilson wrote:

...

If any of you get services from AT&T you might want to start looking for a more ethical carrier (if one exists) - AT&T has been caught red handed hosting spammers and promising not to terminate their services.

You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it cause significant (heck, even measurable) harm. - -- "As nightfall does not come at once, neither does oppression. In both instances, there is a twilight when everything remains seemingly unchanged. And it is in such twilight that we all must be most aware of change in the air--however slight--lest we become unwitting victims of the darkness." - -- Justice William O. Douglas ____________________________________________________________________ Kevin "The Cubbie" Elliott mailto:kelliott@mac.com ICQ#23758827 -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 Comment: I live for the sound ... of nothing but net iQA/AwUBOgLZWiavYwibXjmcEQKPFwCg6h4ZhSCJF2qBkUzFfdf/Tifx9gQAoNgS GBc8d1bx/SKe5ovFcMmA4gaa =x7sP -----END PGP SIGNATURE-----

Alex B. Shepardsen

5 Nov 5 Nov

10:12 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

On Thu, 2 Nov 2000, Kevin Elliott wrote:

...

You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it

We ought to be. If spammers feared death as a result of their actions, they would be a lot less likely to spam. Alex

jim bell

11:34 p.m.

New subject: CDR: Re: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

----- Original Message ----- From: Alex B. Shepardsen

...

On Thu, 2 Nov 2000, Kevin Elliott wrote:

...
You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it

We ought to be. If spammers feared death as a result of their actions, they would be a lot less likely to spam.

I've got a solution to that....oh, never mind. If "spammers" attached a digi-nickel to each spam, you'd only have to get 300 such pieces per month (10 per day) to pay for the typical ISP account monthly cost. Jim Bell

Declan McCullagh

6 Nov 6 Nov

9:27 a.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

Then, depending on your personal preferences and how valuable you think you are to prospective emailers, accept only email messages with $0.10, or $1.00, or $10.00... It's a market; you do the math. -Declan On Sun, Nov 05, 2000 at 08:14:34PM -0800, jim bell wrote:

...

----- Original Message ----- From: Alex B. Shepardsen

...
On Thu, 2 Nov 2000, Kevin Elliott wrote:

...
You know, I don't like spammers any more than the next guy, but come on. Unethical? we're not talking genocide and it's not like it

We ought to be. If spammers feared death as a result of their actions, they would be a lot less likely to spam.

I've got a solution to that....oh, never mind.

If "spammers" attached a digi-nickel to each spam, you'd only have to get 300 such pieces per month (10 per day) to pay for the typical ISP account monthly cost.

Jim Bell

Bill Stewart

3 Nov 3 Nov

2:56 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

At 07:40 AM 11/1/00 -0800, James Wilson wrote:

...

If any of you get services from AT&T you might want to start looking for a more ethical carrier (if one exists) - AT&T has been caught red handed hosting spammers and promising not to terminate their services.

...

-----Original Message----- From: Spam Prevention Discussion List [mailto:SPAM-L@PEACH.EASE.LSOFT.COM]On Behalf Of Steve Linford A copy of this fax is now at http://spamhaus.org/rokso/nevadahosting.jpg

Fortunately, somebody got this to the right people at AT&T; otherwise I was going to have to contact the Sales VP (Hovancak) whose name was on the contract and ask him to find the sales rep who got fast-talked into signing that contract. AT&T's privacy policies mean that we can't reveal information on our customers' networks, so it's the PR folks' problem to tell you that we've learned the error of our ways, as revealed in the CNET article below. http://news.cnet.com/news/0-1005-200-3369773.html AT&T admits spam offense after contract exposed By Paul Festa Staff Writer, CNET News.com November 3, 2000, 9:30 a.m. PT update - AT&T acknowledged Thursday that it had violated its own spam policy by providing Web-hosting services to a purported sender of unsolicited commercial email. The admission came after an English anti-spam organization publicly posted what it termed a "pink contract" between AT&T and the alleged spammer, Nevada Hosting. AT&T had been hosting the group's Web site. "This proves that AT&T knowingly does business with spammers and shows that AT&T makes 'pink' contracts with known spammers to not terminate the spammers' services," Steve Linford of The Spamhaus Project wrote in an email interview. AT&T confirmed Thursday the authenticity of the contract and said it had been discontinued. "That document represents an unauthorized revision to AT&T's standard contract and is in direct conflict with AT&T's anti-spamming policies," wrote AT&T representative Bill Hoffman. "The agreement has been terminated, and the customer has been disconnected." AT&T's spam policy specifically rules out contracts like the one it signed with Nevada Hosting. Nevada Hosting could not be reached for comment. Anti-spam groups have long suspected the existence of pink contracts that allow spammers to promote their Web sites provided they send their unsolicited emails through other Internet service providers, according to Linford. The AT&T contact confirmed those suspicions. The Spamhaus Project's success comes as anti-spam groups increasingly bypass spammers themselves and instead target those who facilitate the dissemination of unsolicited commercial email. Those groups--mostly ISPs and server administrators--are relatively few and are easier to hold accountable than spammers. Another such pressure group is the Mail Abuse Prevention System (MAPS), which maintains the Realtime Blackhole List (RBL). The MAPS RBL blacklists servers left open to abuse by spammers. While the group's stated goal is to pressure server administrators to close avenues for spammers, the MAPS RBL has weathered criticism that it has limited effectiveness in actually blocking spam. The Spamhaus Project, based in London, positions itself as kind of spam Purgatory on the way to the MAPS RBL. Spamhaus targets entities that send spam with forged addresses and the ISPs that do business with them. "When it finds a 'stealth' spamming service, or an outfit selling stealth spamware, The Spamhaus Project sends a notice to the ISP and requests the service or site be terminated," Linford wrote. "Ninety-five percent of spam sites are terminated this way, and those that aren't are then escalated to the MAPS RBL team. "MAPS are very much our heroes." AT&T representatives have taken to Internet discussion forums in an attempt to placate spam foes and reassure them that the company's stated anti-spam policy will be enforced in future contracts. "Our sales agents have been instructed as to the correct procedure to follow and have been reminded of our existing anti-spamming policies," AT&T customer care manager Ed Kelley wrote in a posting to the "news.admin.net-abuse.email" newsgroup. "AT&T is making every effort to ensure that this does not occur again in the future." Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

Tim May

6:24 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

At 11:36 AM -0800 11/3/00, Bill Stewart wrote: (about AT&T knowingly supporting Spam sites)

...

Fortunately, somebody got this to the right people at AT&T; otherwise I was going to have to contact the Sales VP (Hovancak) whose name was on the contract and ask him to find the sales rep who got fast-talked into signing that contract. AT&T's privacy policies mean that we can't reveal information on our customers' networks, so it's the PR folks' problem to tell you that we've learned the error of our ways,

Oh, I doubt AT&T has "learned the error of its ways." This is just their spin control. Like Esther Dyson's spin control..."I won't let it happen again." Until, of course, the next mass mailing to her "Dear Friends" goes out. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.

William H. Geiger III

5 Nov 5 Nov

7:19 a.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

In , on 11/03/00 at 05:20 PM, Tim May said:

...

At 11:36 AM -0800 11/3/00, Bill Stewart wrote:

...

(about AT&T knowingly supporting Spam sites)

...

...
Fortunately, somebody got this to the right people at AT&T; otherwise I was going to have to contact the Sales VP (Hovancak) whose name was on the contract and ask him to find the sales rep who got fast-talked into signing that contract. AT&T's privacy policies mean that we can't reveal information on our customers' networks, so it's the PR folks' problem to tell you that we've learned the error of our ways,

...

Oh, I doubt AT&T has "learned the error of its ways." This is just their spin control.

...

Like Esther Dyson's spin control..."I won't let it happen again."

...

Until, of course, the next mass mailing to her "Dear Friends" goes out.

Am I the only one here that sees something terribly wrong? AT&T is the bad guy because they hosted a website of an alleged spamer? AT&T may have seen the "error of their ways" because they are now performing content based censorship by shutting down the same website (no SPAM was being sent over their network)? Exactly how far down this slippery slope should AT&T go? It is amazing how members of this list can go from cypherpunks to censorpunks so easily, I guess SPAM is the root passphrase for some members principles. -- --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Data Security & Cryptology Consulting Programming, Networking, Analysis PGP for OS/2: http://www.openpgp.net/pgp.html E-Secure: http://www.openpgp.net/esecure.html ---------------------------------------------------------------

Declan McCullagh

1:12 p.m.

New subject: CDR: Re: FW: BLOCK: AT&T signs bulk hosting contract with spammers

Well, let's take this up one level of abstraction. We can stop spam from flooding our inboxes (an economic bad) by: 1. law 2. AUPs with backbone providers/hosting services (industry self-regulation) 3. cypherpunkly end-user technology I oppose the first. I think the second is what the market is moving toward, in much the same way businesses won't let customers conduct DoS attacks from their networks. If spammers want to start their own backbone provider, they are free to do so. Nobody may route their packets, but that is a choice made by free people living in a free society. In order to make it economically attractive for AT&T to route their traffic, SpamBackbone may have to write a check. Or perhaps SpamBackbone (more likely) will cut a deal with AOL and MSN and spam their customers a certain numver of times, for a fee. This fee would presumably contribute toward keeping some AOL and Hotmail accounts "free" to users, or available at a lower cost than would be otherwise, with the concomitant price of spam. Preto! We've converted spam into advertising. The third option is perhaps the best, because it's more granular. It's certainly more cypherpunkly. But I think the second is consistent with anarcho-capitalist principles as well. -Declan On Sun, Nov 05, 2000 at 07:11:23AM -0500, William H. Geiger III wrote:

...

In , on 11/03/00 at 05:20 PM, Tim May said:

...
Oh, I doubt AT&T has "learned the error of its ways." This is just their spin control.

...
Like Esther Dyson's spin control..."I won't let it happen again."

...
Until, of course, the next mass mailing to her "Dear Friends" goes out.

Am I the only one here that sees something terribly wrong?

AT&T is the bad guy because they hosted a website of an alleged spamer? AT&T may have seen the "error of their ways" because they are now performing content based censorship by shutting down the same website (no SPAM was being sent over their network)? Exactly how far down this slippery slope should AT&T go?

It is amazing how members of this list can go from cypherpunks to censorpunks so easily, I guess SPAM is the root passphrase for some members principles.

Jim Choate

1:30 p.m.

New subject: CDR: Re: AT&T signs bulk hosting contract with spammers

On Sun, 5 Nov 2000, Declan McCullagh wrote:

...

Well, let's take this up one level of abstraction. We can stop spam from flooding our inboxes (an economic bad) by: 1. law

"Congress shall make no law ...".

...

2. AUPs with backbone providers/hosting services (industry self-regulation)

I oppose these because I don't think some organization should have control of my speech simply because I purchase a service from them. If I buy, for example, a 128k ISDN line what the content of that 128k is most assuradely isn't my providers interest. It violates the spirit of the 1st. It is also clear that for any 'self-regulation' to be effective it must fall into one of two, and only, categories. The first is a traditional free market where the individuals make the decisionin in toto. The second is the traditional control economy (where there is 3rd party involved in the transaction). So, which sort of 'self-regulation' do you want, autarchic or socialist? Economics in general is not the way to set ethical standards.

...

3. cypherpunkly end-user technology

I obviously support anything an individual wishes to do with respect to making choices, provided they don't involve me without consent. This aspect should be pushed strongly. 4. social contracts (for those of anarchist and libertarian bent) Considering human psychology, not bloody likely. 5. technical standards (ala Open Source) Which raises the interesting point with respect to Lessig and his 'code is law' theory and the real power of Open Source standards. It provides a mechanism to prevent the exact sorts of scenarios that Lessig poses in his book. The Open Source community has an opportunity to keep the technical standards in the hands of the people and out of governmental influence. In the case of physical spam, there are resource limitations that simply aren't extant in a digital network. I believe that this distinction, under appreciated by almost all, is going to sink any attempts at really resolving this issue. I'm afraid we'll just have to live with spam, which means our primary protection is #3 above. To be honest, I don't think there is a lot of hope for the Open Source movement to be this effective with respect to 'Open' technical standards. Even though the cost of entry into the market is next to nil once the product is written. Put it on the primary distribution site and it goes out. I'm afraid this may be a case where the free market approach dies. My own view will be because of the economics of greed. It seems to me that most succesful open source authors do it because it helps their professional career. As a result the projects they work on will be strongly related to their professional interests as well. This, at least in my mind, is one of the primary reasons we don't see the level of innovation extant that is possible with this approach. ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Declan McCullagh

5:59 p.m.

New subject: CDR: Re: AT&T signs bulk hosting contract with spammers

On Sun, Nov 05, 2000 at 12:22:46PM -0600, Jim Choate wrote:

...

...
2. AUPs with backbone providers/hosting services (industry self-regulation)

I oppose these because I don't think some organization should have control of my speech simply because I purchase a service from them. If I buy, for

It would be part of the terms of service, aka the contract. It doesn't "violate the spirit of the 1st" (except for leftists) any more than a contract clause that says "thou shalt not launch DDoS attacks." If anything, by allowing private rules to flourish, it would expand the "spirit of the 1st." Finally, if you don't want your "speech controlled," take your business to a place that allows spammers. Similarly, if you want to publish racist or left-wing agitprop, I am under no obligation to allow you to use my printing press; take your business elsewhere. -Declan

Jim Choate

6 Nov 6 Nov

10:48 p.m.

New subject: CDR: Re: AT&T signs bulk hosting contract with spammers

On Sun, 5 Nov 2000, Declan McCullagh wrote:

...

On Sun, Nov 05, 2000 at 12:22:46PM -0600, Jim Choate wrote:

...
...
2. AUPs with backbone providers/hosting services (industry self-regulation)

I oppose these because I don't think some organization should have control of my speech simply because I purchase a service from them. If I buy, for

It would be part of the terms of service, aka the contract. It doesn't "violate the spirit of the 1st" (except for leftists) any more than a contract clause that says "thou shalt not launch DDoS attacks."

I didn't say anything about the 1st. I said "...I don't think some organization should have control of my speech simply because I purchase a service from them." I begin to see how you can mis-quote so easily...blipverts I bet. As I said before, if I buy a 128k dedicated ISDN then I expect the provider to provide that bandwidth. The content of those bits is not their business. ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Bill Stewart

7 Nov 7 Nov

5:09 a.m.

New subject: CDR: [Spam wars, continued...]

At 12:22 PM 11/5/00 -0600, Jim Choate wrote:

...

On Sun, 5 Nov 2000, Declan McCullagh wrote:

...
Well, let's take this up one level of abstraction. We can stop spam from flooding our inboxes (an economic bad) by: 1. law "Congress shall make no law ...". 3. cypherpunkly end-user technology I obviously support anything an individual wishes to do with respect to making choices, provided they don't involve me without consent. This aspect should be pushed strongly.

I agree with Jim that anti-spam laws are bad in principle; in practice they're usually worse :-) Some kinds of cypherpunks technology don't involve the law; some do. For instance, user-supplied filters can trigger libel laws ("Hey, your filter called me a SPAMMER! I'll SUE!"). Carrier-end filters have a similar effect (I'm sure Jim would prefer that any such filters be installed by the user, not the ISP, even if they do get installed at the ISP's end of the wire.) Either way, they're reputation servers of some sort. But another set of cypherpunks technology is "the cure for bad speech is more speech" - responding to unwanted streams of bits ("Buy our SPAM today") with equally unwanted bits ("Ping of Death", cracking, and other attacks.) These tend to violate ISP acceptable use policies a and occasionally laws.

...

...
2. AUPs with backbone providers/hosting services (industry self-regulation)

I oppose these because I don't think some organization should have control of my speech simply because I purchase a service from them. If I buy, for example, a 128k ISDN line what the content of that 128k is most assuradely isn't my providers interest. It violates the spirit of the 1st. ... Economics in general is not the way to set ethical standards.

...

4. social contracts (for those of anarchist and libertarian bent)

Considering human psychology, not bloody likely.

But social contracts and economics are two sides of the same coin. While the DoD-funded ARPANET policies against commercial speech were censorship, the Usenet prevailing opposition to newsgroup spam was a social-contract thing. In many cases it's broken down, except on moderated newsgroups, but a lot of it is still there. And ISPs implement spam blocking not because they care (some do, some don't, usually depending on pricing models), but because their users keep telling them "Hey, I don't want spam." And social-contract relationships between ISPs mean that if you don't want somebody spamming your ISP, you don't spam theirs, and if somebody keeps spamming you and your users don't want it, you stop doing business with them. But spam is one thing, and politically incorrect content is another. Some ISPs have no-porn policies because they see a market for it, but many have them because they don't want legal problems if some prosecutor decides that they're selling obscenity in an election year. And with others, it's a marketing / branding thing - so if you don't like that kind of ISP, don't do business with them.

...

5. technical standards (ala Open Source)

Open source technical standards doesn't have a lot of relationship to the spam problem. They do mean that you can find and fix opportunities for spamming that are being abused, and that spammers can find and exploit new opportunities. Back to the 128K problem, with an ISDN line I agree it's nobody's business. You're getting dedicated bandwidth to a router pool, and whether you're on full time or not is strictly a pricing thing (and you'll have a much different opinion depending on whether you're charged by the minute or jsut flat rate.) With cable modems, it's a bit different, because the technology is very asymmetric. IMHO, the carriers like Excite@Home are clueless and annoying in their server policies - but it's partly because they don't have consistent traffic management technology, and partly because they can get rid of most of the problems by blocking web servers and now Napster which tend to be resource hogs. They'd rather be able to shut down users blindly if they have performance problems rather than having to argue about your web server using much less bandwidth than your "client" video-conference program, even though the web server is a much more efficient way to display your fish tank and coffee pot to the world. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

Jim Choate

5:51 p.m.

New subject: CDR: [Spam wars, continued...]

On Mon, 6 Nov 2000, Bill Stewart wrote:

...

But social contracts and economics are two sides of the same coin.

No, they're two facets of a many faceted coin. Human psychology. Besides birds and bee's have 'economics' but don't have 'social contracts'. So clearly there is a context dependency you're missing. ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------

Eric Murray

6:14 p.m.

New subject: CDR: Re: [Spam wars, continued...]

On Mon, Nov 06, 2000 at 08:37:31PM -0800, Bill Stewart wrote:

...

At 12:22 PM 11/5/00 -0600, Jim Choate wrote:

...
On Sun, 5 Nov 2000, Declan McCullagh wrote:

...
Well, let's take this up one level of abstraction. We can stop spam from flooding our inboxes (an economic bad) by: 1. law "Congress shall make no law ...". 3. cypherpunkly end-user technology I obviously support anything an individual wishes to do with respect to making choices, provided they don't involve me without consent. This aspect should be pushed strongly.

I agree with Jim that anti-spam laws are bad in principle; in practice they're usually worse :-) Some kinds of cypherpunks technology don't involve the law; some do. For instance, user-supplied filters can trigger libel laws ("Hey, your filter called me a SPAMMER! I'll SUE!").

...

From: and Reply-to: to some unfortunate victim. In the latter two cases,

Maybe I'm too limited in my thinking, but I don't see this actually happening with usr-level filtering. Mostly for the simple reason that it doesn't make sense to send anything back to the spammer. They're usually spamming from a bogus address or a throw-away or pointing the recipient's email account soon overflows with complaints. So there's not much use in replying to spam. All the recpient can do is filter it into a seperate file or throw it out entirely. The spammer will not know what action users have taken, so they can't complain. This is different from the MAPS case, where the sites that use MAPS (and RBL etc) refuse to accept mail identified by MAPS as coming from spam sites or open relays. This way, the spammer finds out that their spam is rejected, and there's a big organization (MAPS or larger sites using it) to go after. If it's a "cypherpunks technology" spam filter, then there's no commercial program for spammers to test their spam on and no company to sue. In any case, I beleive that end-user spam filters should allow individual users to customize the filters or replace them entirely. I've written a simple user-level filter that attempts to recognize spam by the emails content instead of the headers. It's still a crude experiment at this point, but it seems to be working ok for me. http://www.lne.com/ericm/spammaster/ -- Eric Murray Consulting Security Architect SecureDesign LLC http://www.securedesignllc.com PGP keyid:E03F65E5

Greg Broiles

6:11 p.m.

New subject: CDR: Re: [Spam wars, continued...]

On Tue, Nov 07, 2000 at 10:50:25AM -0800, Eric Murray wrote:

...

On Mon, Nov 06, 2000 at 08:37:31PM -0800, Bill Stewart wrote:

...
I agree with Jim that anti-spam laws are bad in principle; in practice they're usually worse :-) Some kinds of cypherpunks technology don't involve the law; some do. For instance, user-supplied filters can trigger libel laws ("Hey, your filter called me a SPAMMER! I'll SUE!").

Maybe I'm too limited in my thinking, but I don't see this actually happening with usr-level filtering. Mostly for the simple reason that it doesn't make sense to send anything back to the spammer.

Even if they did, there's no argument for defamation liability - all of the popular flavors of defamation (slander, libel, invasion of privacy) require that the defamatory content be made available to third parties (e.g., not the plaintiff nor the defendant). User-configured spam blockers don't create risk of defamation (or interference with contract, etc.) liability - but supplying block lists to other users does. However, there's a line of caselaw which says that there's an exception to traditional defamation liability, where the speaker acts with a good purpose, to warn others of a perceived danger; perhaps that would be a useful approach for the MAPS people to take. They're the ones with their necks on the chopping blocks. -- Greg Broiles gbroiles@netbox.com PO Box 897 Oakland CA 94604

Bill Stewart

5:36 p.m.

New subject: CDR: Re: [Spam wars, continued...]

At 11:25 AM 11/7/00 -0800, Greg Broiles wrote:

...

On Tue, Nov 07, 2000 at 10:50:25AM -0800, Eric Murray wrote:

...
On Mon, Nov 06, 2000 at 08:37:31PM -0800, Bill Stewart wrote:

...
I agree with Jim that anti-spam laws are bad in principle; in practice they're usually worse :-) Some kinds of cypherpunks technology don't involve the law; some do. For instance, user-supplied filters can trigger libel laws ("Hey, your filter called me a SPAMMER! I'll SUE!").

Maybe I'm too limited in my thinking, but I don't see this actually happening with usr-level filtering. Mostly for the simple reason that it doesn't make sense to send anything back to the spammer.

Even if they did, there's no argument for defamation liability - all of the popular flavors of defamation (slander, libel, invasion of privacy) require that the defamatory content be made available to third parties (e.g., not the plaintiff nor the defendant).

I was thinking about filters that are installed by the user, but might get their lists of spammer / spams from a rating service, just as censorware products get lists from services. For instance, there are some patterns that are obvious spam and once you've seen them twice, you block them, but there's a lot of randomly worded spam out there which a spam-rating service could help you block. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

8749

Age (days ago)

8755

Last active (days ago)

List overview

Download

21 comments

15 participants

participants (15)

Alan Olsen
Alex B. Shepardsen
Bill Stewart
Declan McCullagh
Eric Murray
Greg Broiles
James Wilson
jim bell
Jim Choate
Jim Choate
Kevin Elliott
Sampo A Syreeni
Tim May
Tom Vogt
William H. Geiger III