Perspectives on Spamhaus's Dilemma 420
The Illinois court that told Spamhaus to stop blocking the spammer filing suit against them — an order which Spamhaus ignored — is now considering ordering ICANN to pull Spamhaus's domain records. While Gadi Evron, whose blog posting is linked above, urges everyone to beat the judge with a clue stick, a guest writer on his blog counsels much greater restraint. Anti-spam lawyer Matthew Prince explains how Spamhaus got into its current pickle — apparently by following conflicting legal advice at two points in the process — and what they might have to do to get out. One spamfighter of my acquaintance says that Spamhaus's SBL and XBL blocklists knock out 75% of the spam at his servers before it hits and requires more CPU-intensive filtering. If ICANN is ordered to unplug Spamhaus from the DNS, and does so, is the Net prepared to deal with a 4-fold increase in spam hitting MTAs overnight?
Ghostbusters (Score:5, Insightful)
Yeah, I know it's just fiction but it seems like this could be the same kind of thing.
Excerpt from the movie:
Dr. Ray Stantz: Everything was fine with our system until the power grid was shut off by dickless here.
Walter Peck: They caused an explosion!
Mayor: Is this true?
Dr. Peter Venkman: Yes it's true.
[pause]
Dr. Peter Venkman: This man has no dick.
Walter Peck: Jeez!
[Charges at Venkman]
Mayor: Break it up! Hey, break this up! Break it up!
Walter Peck: All right, all right, all right!
Dr. Peter Venkman: Well, that's what I heard!
I think the problem that the Ghostbusters faced in the movie was that the guy from the EPA was a prick and didn't bother doing any follow up or open a channel of communication with the Ghostbusters. Now, Spamhaus might be violating rules at the same time they provide the public a valuable service. Has the United State's judicial system attempted any lines of communication with them aside from a cease-and-desist letter threatening them with $11.7 million?
Where does it say that e360insight is a spammer? I think that Spamhaus should have to present proof that e360insight is an illegitimate spamming business [spamhaus.org]. I think that's important. If e360insight is a spammer, I'm siding with Spamhaus. Since they have taken the roll of deciding who is spamming and who isn't, I think they could use more accountability [spamhaus.org] than what I find indicated on their website.
Re: (Score:2, Insightful)
Yup, they would have allowed them to defend their actions in court. Spamhaus chose not to appear, and instead have a default judgement rendered aginst them.
Re:Ghostbusters (Score:5, Insightful)
Re:Ghostbusters (Score:5, Insightful)
They just should be careful enough to widely publish their new .co.uk address before the hammer hits, so that we can reconfigure our MTA's in time.
Indeed, a fart is not really a fart if it doesn't smell...
Re: (Score:3, Informative)
It's spamhaus.org.uk [spamhaus.org.uk].
spamhaus.co.uk is an unrelated site flogging antivirus software
Reconfigure your MTAs NOW.. (Score:4, Interesting)
- Use IP numbers or
- host a domain resolution for spamhaus in a local name server and configure your MTA to hit that first. (Have your nameserver serve as an unofficial secondary pointing to their primaries, and squirrel a dump of their name service just in case the court gets their primaries shut down.)
Then ICANN can pull the record and it won't do squat.
For your convenience (from nslookup):
> server 204.74.101.1
Default Server: udns2.ultradns.net
Address: 204.74.101.1
> set type=soa
> spamhaus.org
Server: udns2.ultradns.net
Address: 204.74.101.1
spamhaus.org
origin = need.to.know.only
mail addr = hostmaster.spamhaus.org
serial = 2006100802
refresh = 3600 (1H)
retry = 600 (10M)
expire = 2419200 (4W)
minimum ttl = 3600 (1H)
spamhaus.org nameserver = udns2.ultradns.net
spamhaus.org nameserver = udns1.ultradns.net
spamhaus.org nameserver = ns8.spamhaus.org
spamhaus.org nameserver = hq-ns.oarc.isc.org
ns8.spamhaus.org internet address = 216.168.28.44
(I'm presuming that the spamhaus.org domain contains the
servers in question. But if not, perhaps someone who
actually administers an MTA using their services can
follow up with the necessary info.)
Re: (Score:3, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
Re: (Score:2, Insightful)
If China had the ability to make your life miserable, you maybe ought to consider hiring a lawyer. You can't run something like Spamhaus without understanding that you are stepping directly on the spammer's bottom line, and you have to expect the need to defend yourself legally. Ignoring legal proceedings is an option, but not a defense. Had they chosen to fight it, they could have made the argument
Re:Ghostbusters (Score:4, Interesting)
That's a perfectly reasonable attitude, provide you are aware that the chinese business will, therefore, win their lawsuit in a chinese court. If you have no assets anyplace that a chinese court could get to, then you are fine. Just don't miscalculate, ignore them, lose to a default judgement, and then remember that you do have stuff in China!
Also, you have to be careful HOW you ignore them. For example, if you start to defend yourself on the merits, and then say "screw this...you don't have any jurisdiction over me, so bugger off" and THEN start ignoring them, that initial defending on the merits might be seen as conceding jurisdiction to the court. That's bad, because then when the winner comes to your country to collect, there is a decent chance your country's courts will recognize the debt as a valid debt, and then it is a simple matter for that Chinese business to get a judgement in your country to enforce the debt.
The bottom line: ignoring a court anywhere in the world is not something to take lightly. You need to at least get a lawyer with experience in the laws of your country to tell you HOW to ignore the foreign court so that you won't accidently open yourself up to a nasty surprise.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
In a nutshell: I agree, the Illinois has no dick.
Obviously this is wrong - it has a huge dick who wears a black robe.
Re: (Score:2)
If people want to get E-mail from 360, they can call the ISP and complain, they can switch providers, or they can use an alternatvie service. None of which require courts threatening people at gunpoint.
Why does the US seem to think it rules the world and can tell everyone what's acceptable behavior?
Gove
Re:Ghostbusters (Score:4, Insightful)
This is an opt-in DNSBL. So your little "free speach" defense doesn't work.
Even considering SPAM to be free speach, it doesn't hold up. The people subscribing to the DNSBL are doing do with their own private property. Your right to free speach ends on my property, just as your right to swing your arms wherever you want ends at my nose.
Re: (Score:3, Informative)
The network belongs to the company who built and operates it. No one else has any rights on that network. If you're buying bandwidth/an email address/hosting, etc., your contract with them may give you certain rights, but those rights are arbitrary and may or may not include any amount of free
Perspective from a damaged party (Score:5, Insightful)
Let me put an alternative perspective to the AC e-mail security guy who wrote the parent post.
I am the IT officer for a local non-profit organisation, with a few thousand members. We run a mailing list, to provide announcements to those members. The list is opt-in (double opt-in to verify all addresses, in fact) and moderated, and everyone on it has explicitly asked to be there.
Our service provider has recently sent a notice to their announcements list (to which I subscribe) indicating that certain major names, including Hotmail and AOL, are no longer accepting mail from our provider. They don't even bounce it properly; they silently drop it. This is all done in the name of fighting spam, so they claim, because our service provider forwards a lot of spam onto them. (Our service provider forwards any mail received at a paying customer's address to any forwarding address requested by that customer, in fact.) The content of any given mail, and the specific people it's going from and to, are irrelevant to this blanket ban.
As a consequence of this, we now find that some of our members who use e-mail accounts at those hosts are not receiving mails they have explicitly asked for. Neither we, nor our members, nor our service provider is doing anything unreasonable. The only reason this system is broken is because of an arbitrary decision by a big name provider to throw their weight around, by blocking all incoming mail from a small provider (who are not the only ones being hit by this problem -- far from it, by the sounds of things), even if this goes against the explicit wishes of one of their own paying customers.
Now, you can rationalise that decision all you like as a big IT honcho, but the simple fact is that these organisations are screwing their own customers, and ultimately undermining the entire working of the Internet e-mail system, by being incompetent and not playing nice with others. Sooner or later, people are going to start missing really important messages as opposed to just convenient or entertaining ones, and those providers are going to learn a harsh lesson. I imagine a few small providers will start bringing anti-competition lawsuits if the big names carry on down their current road as well. But in the meantime, your approach sucks for your customers, it sucks for people working with your customers, and it sucks for other service providers working with you. It is an indefensible attack on the openness of the Internet, and you deserve to be shot down for it.
Re: (Score:3, Interesting)
Except that Spamhaus is not spam filtering or blocking software. It's merely a DNS da
Re: (Score:2, Interesting)
Accountability certainly, but transparency would help to resolve these issues. The Antispyware industry tackled this by creating and then supporting systems/procedures that allow targeted application developers to appeal their inclusion in the AS's detection database, detection category (malicious, adware, Trojan, etc...), threat level, etc
More
Re: (Score:3, Interesting)
If it wasn't for spamhaus and other blocklist services, it would be up to individual administrators to create their own blacklists (most savvy admins do anyway BTW...) Now I don't know about other admins, but once you are in MY blacklist, you are there FOREVER. If you are in 4,556,865 blacklists, good f-ing luck getting out. Being on ONE list you have a chance.
The other option is a reputation based system where "trusted" submitters send blacklist updates via usenet (GPG signed.) Since
Re: (Score:3, Insightful)
You are right and I agree. Death to s
Would you like spam with that? (Score:4, Interesting)
On the plus side, that might convince the judge to rethink the order.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Sometimes we have to live with uncomfortable outcomes. If I get 4x as much spam to filter, and it overwhelms my system, that's my fault for not preparing adequately (and a lesson learned about depending on others, I'd say). One cannot ignore the law just because one thinks the net result of doing so is beneficial to more people -- that is why we have courts, where supposedly, laws and torts can have their day and be judged on merit.
Re: (Score:2)
What I as an administrator choose to do with that info is up to me!
what pisses me off... (Score:5, Insightful)
Damn, judges really should be expected to have a clue when sitting in on a case...
The Q-Tip Solution... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
To lose the ability to use Spamhaus would be a big blow to spam blocking.
Re: (Score:2)
Damn, judges really should be expected to have a clue when sitting in on a case...
But can you expect a judge to be as technically savvy as anyone in IT, given the broad range of cases they must try? Look at the trouble court cases with juries have when the case involves technical arguments (not just IT, but science topics as well).
While I agree that the judge should have some reasonable level of knowledge to allow him/her to judge the case, it doesn't surprise me that judges currently have little clue
Re: (Score:2)
The judge does have a clue. Spamhaus lost. Sure, it was a default judgement because they didn't feel that the court had jurisdiction so didn't defend, but that is irrelevant. The court has to treat it like any other judgement, and attempt to enforce it.
Re: (Score:2)
Which is why I'm trying to figure out where the judge gets the authority to order ICANN to do anything. ICANN does ultimately report to the US Government, but not to a district court judge.
Hopefully ICANN is rational (Score:4, Insightful)
Re: (Score:2, Interesting)
Re: (Score:2, Interesting)
Good luck.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Hopefully ICANN is rational (Score:5, Insightful)
Re: (Score:3, Interesting)
I hate to bring up that whole slippery slope thing, but we can't just have courts ordering names removed from DNS. What's next? Porn sites? Music sharing? Terrorists? Communists? Democrats? Without an independent, (relatively) impartial name registration/IP address management system the whole concept of a glo
Re:Hopefully ICANN is rational (Score:5, Insightful)
If ICANN start ordering UK websites down at the request of random US courts then that'll be a pretty hard push in that direction. Even the americans aren't that bloody stupid.
Re:Hopefully ICANN is rational (Score:4, Insightful)
What'll happen if spamhaus disappears from DNS? (Score:2)
Re:What'll happen if spamhaus disappears from DNS? (Score:5, Informative)
Um... you are aware of how Spamhaus's list is distributed, right?
You convert the IP address of the server you're trying to check into a host name, such as W.X.Y.Z.sbl.spamhaus.org, then do a DNS lookup on that hostname. The result you get indicates whether the original IP is liste or not.
Trust me, you don't want to put 4 billion records in your hosts file!
Re: (Score:2, Insightful)
Re: (Score:2)
People who use spamhaus usually have some inkling how DNS works (being, for example, ISPs).
They can just add spamhaus to their hints file.
Re: (Score:2)
People, PLEASE, if you don't understand DNS, don't suggest stuff.
See http://yro.slashdot.org/comments.pl?sid=199897&ci
Re: (Score:2)
Re: (Score:2, Informative)
Spamhaus can change their domain name (Score:2)
Sure, it'd be annoying if Spamhaus.org had to change their name to some country-code domain that's not under ICANN's thumb, becoming Spamhaus.aq or whatever, or even get a new .org, becoming SpicedHamHous.org or whatever. But they could do it.
And they could always become 71.30.168.216.in-addr.arpa instead of spamhaus.org.
The basic problem here is that the court probably shouldn't have jurisdiction, and Spamhaus asserts that it doesn't, and therefore didn't defend
Re: (Score:2)
Their website, sure. But taking down spamhaus.org will also make the SBL inaccessible. Putting the IP of their web or mail server in your hosts file isn't going to help, because you have to look up a different hostname for each IP you test. Putting it resolv.conf might, but then you have to
Re: (Score:2)
Re: (Score:2)
All of these are more complicated than putting an IP in your hosts file.
Actually if you run MS DNS it really is just as easy to add a Forwarder as it is to add a hosts entry. Simply fire up the DNS admin console, select your DNS server to manage, click on forwarders. Add the domain to forward requests for and add the ip address(es) of the DNS server(s) to answer for that domain.
Re:What'll happen if spamhaus disappears from DNS? (Score:5, Informative)
You would be trying to use their DNS server as a recursive resolver. DON'T do that! It wouldn't work and you'd be an annoyance to them.
I suggest you read about DNS before doing things of which you don't understand the impact.
What could work is running BIND and doing something along the lines of
zone "spamhaus.org" {
type forward;
forwarders <their ip address>;
};
Not just DNS. (Score:2)
Re: (Score:3, Informative)
I don't think ICANN even give out IP addresses in the US.
Plus if they did everyone would probably ignore them anyway.
Re: (Score:2)
ICANNot do it cap'n! (Score:4, Interesting)
Re: (Score:2)
Confusing ICANN with the court (Score:3, Informative)
The original poster was talking about ICANN not being able to do anything, and rightly so. I haven't read the contract between PIR [pir.org] and ICANN, but I doubt it includes the ability for ICANN to remove specific delegations from the
You are correct that the court could theoretically size the servers that are located in the USA, although I'm not sure what the legal
ICANN abuse (Score:4, Insightful)
Re: (Score:2)
Jurisdiction (Score:5, Insightful)
US court
US spammer
UK RBL
Re: (Score:2)
Re: (Score:2)
EU courts...
EU Companies complaining...
A certain giant convicted US monopolist selling to customers in the EU market cutting out those EU companies.
I'm sure the US courts can take any dollars from US customers to satisfy fines even if they can't enforce their ruling in the rest of the world. The RBL can withhold service from american customers-- but doesn't want to because of the profits involved.
Re: (Score:2)
Microsoft
Microsoft Campus
Thames Valley Park
Reading Berkshire
RG6 1WG
Service Clients Microsoft France
18 avenue du Québec
91957 Courtaboeuf Cedex
France
Microsoft Deutschland GmbH
Privatkundenbetreuung
Konrad-Zuse-Straße 1
85716 Unterschleißheim
I would say that puts them in the jurisdiction of the EU courts. This is not the case with Spamhaus and the USA.
Re:Jurisdiction (Score:5, Informative)
That is libelous nonsense. The post, which sounds like it was written by a spammer, probably refers to Spamhaus' Data Feed service [spamhaus.org] for ISP's and large organizations. You can easily see with the price check on that page that the costs per year, even for large sites, are nowhere near such amounts and are simply designed to cover the costs of the operation (including their free public DNS query servers). Don't believe something just because some kook posted it in a discussion forum.
The odour of bullshit (Score:2, Funny)
Its a stupid arguement. (Score:2)
Its a stupid arguement...they are spammers if we the general public or our trusted agent (Spamhaus) say they are...
Re:Its a stupid arguement. (Score:4, Funny)
Also, we can express our concerns directly to them at http://www.e360insight.com/contact.php [e360insight.com]. They were nice enough to have a comment submission form. I hope they have a lot of disk space for submitted comments.
Big PDFs (Score:3, Informative)
Re: (Score:2)
Go ahead - there's ALWAYS a workaround (Score:5, Informative)
# cat >>
zone "spamhaus.org" in {
type forward;
forwarders {216.168.28.44; 204.69.234.1; 204.74.101.1; 204.152.184.186; };
};
^D
# pkill -HUP named
All fixed!!
Hmm... (Score:2)
Um, the problem was that they switched horses... (Score:5, Informative)
Then they claimed it didn't.
I can't think of anything more likely to P.O. a judge than to ask to get into his courtroom, then call him a buffoon.
In the end, as the article says, ICANN may be forced to pull 'spamhaus.org', but ISPs that use it are savvy enough to move to using 'spamhaus.or.uk' or something similar, outside the court's control. But the individuals affected by the order may be unable to set foot in the U.S. for the rest of their lives, even to change planes.
Re: (Score:2, Insightful)
Is it supposed to be bad?
Perspectives (Score:2)
Re:Perspectives (Score:5, Insightful)
You obviously don't run a mail server with > 1 user. The sbl-xbl list stops ~ 80% of our spam. That's for a small email service provider, defending only about 75 million email addresses.
Bayesian doesn't stop spam. It just flags stuff as possible spam. Humans are worse filters than any software. If you have to look for false positives in a spam folder, don't even bother to filter stuff. That is just a waste of CPU cycles.
On the smaller servers I run, recipient validation handles ~ 50% of the spam, the sbl-xbl stops ~ 80% of the rest, dynamic IP blocks and hostname checks stop the remaining.
So does this need to be renamed? (Score:2)
I mean- it seems to me, if I want to pay someone to filter emails for me, I should be free to do so.
Judges should go under an exam before taking (Score:2)
this is a case to prove this point.
Get a lawyer (Score:2)
If you don't have a lawyer in that jurisdiction, consider getting a local one who can find a proxy there.
In any event, protect your interests. If you don't, you may lose them; the law tends not to protect those who sit on their rights.
This could be the end of U.S. DNS control (Score:5, Interesting)
If U.S. judges think they have carte blanche to impose their laws on foreign entities using domain listing as a weapon then we absolutely MUST get DNS control the heck out of U.S. control, i don't care what DARPA thinks they invented decades ago. The status quo currently is bad enough as it is, but if one person in a robe is going to single handedly eliminate the backbone of the international anti-spam war when the service is based in a foreign country, run by non-U.S. citizens and it's a voluntary subscription service then something drastic needs to be done.
The notion that the U.S. can 'summon' foreigners to defend themselves in U.S. domestic courts is deeply flawed to begin with. It's just amazing that anyone can mock the Chinese for their 'great firewall' when the U.S. is prepared to yank a site from the ENTIRE WORLD, and think they can just because it's domain name is published on a U.S. machine when that is mandated by an historical quirk.
Is it time we gave the United States their little
Re: (Score:2)
Militant Muslims have been telling you that for years :-)
Re: (Score:3, Informative)
Truthfully, your comment smacks more of blindly uninformed anti-Americanism and unadult
Re: (Score:3, Insightful)
1) The U.S. hasn't summoned Spamhaus to appear in court. According to the court documents posted so far, Spamhaus was never served with this lawsuit.
2) The U.S. so far hasn't shown any willingness to yank the site. Rather, there's a _proposed_ order from a Federal judge in the Northern District of Illinois which would yank the site. IANAL, but I know a court's powers to compel third parties are limited, and there might be an issue of that district's jurisdiction over IC
I propose a solution (Score:2, Insightful)
You'll see the order rescinded and the spammer's case thrown out of court with prejudice.
I'm amazed (Score:5, Insightful)
I'm amazed at the knee-jerk reaction of so many people here. I hate spam as much as the next person, but claiming that the judge is ignorant, stupid, or malicious is ridiculous. The fact is, Spamhaus responded to the suit in the most inappropriate way imaginable, by acknowledging the federal court's jurisdiction and thereafter ignoring it. If you get a traffic ticket, even if it is unwarranted, what would you expect to happen if you turn up in court, then walk out and refuse to communicate any further with the court? What Spamhaus has done is the equivalent, only federal judges have a LOT more power. Spamhaus should either have challenged the court's jurisdiction from the outset or, having accepted it, complied with its orders and defended the suit.
Other than Spamhaus trying to correct the situation, I wonder if third parties might be able to submit an amicus brief to the court along the lines of: "Yes, Spamhaus behaved liked idiots, but cutting them off is not in the public interest.":
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
No, sorry. You've ignored my argument. This is Spamhaus's fault, not the judge's. The judge was correct in ruling against Spamhaus since Spamhaus failed to defend the suit, and as a non-techie cannot be expected to realize what the consequences of taking down Spamhaus would be. Had Spamhaus behaved responsibly, they might well not have lost the suit, but if they had, they would have had the chance to explain to the judge the consequences of different remedies.
x4.. (Score:2)
Nice one, uncle Sam.
Juristiction my ass (Score:5, Interesting)
1. Spamhaus isn't in Illinois
2. Spamhaus isn't even in the US, no business presence on US territory at all.
3. Spamhaus only connection to the US is US companies utilize the service.
Based on that Illinois can only go after companies that use the database, not the provider overseas. They don't market or have any presence in the US. The court likely could go after these companies. Will they?
Now what I'd love to see is Illinois try and go after everyone in the US using the database... go ahead and try. I'll keep using it because it's a good effective database.
I've got a feeling there's money behind this ruling. It just sounds to fishy to be legitimate.
IF... (Score:3, Informative)
If so, I sincerely hope that somehow the increase in SPAM to the judge's court is even higher - at least double that.
The only way that folks who purposely damage the system for the majority of users will learn, no matter that it may be just not understanding what they are doing, is if they see a direct effect - a strong direct effect - on their own personal use of the system.
--
Tomas
Chicken Little FTL (Score:3, Interesting)
Not gonna happen.
Total number of recipients logged in one maillog file: 92033
Total number of messages in this logfile that got a SpamAssassin score increase thanks to XBL or SBL listing: 47818
Total number of scores that may have potentially been pushed over our threshhold (9.0) by the SBL/XBL score: 985
Big effing deal. All the RBLs could go offline this afternoon, and it would have minimal impact on our spam scoring system. It isn't necessary for any RBLs to exist to control spam. It just isn't.
Re:Chicken Little FTL (Score:4, Insightful)
My current estimates say that $ORK is blocking ~ 400 to 500 million messages a day using DNSBLs, about 80% of which is the sbl-xbl.
Not just the location (Score:2)
You are right. IANAL, but if I understand correctly, they will have to enter a action where ICANN is located for ICANN to be required to obey.