Re: Principles of Spam-abatement

Dean Anderson <dean@av8.com> Wed, 10 March 2004 11:26 UTC

Received: from asgard.ietf.org (asgard.ietf.org [10.27.6.40]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA03137 for <ietf-archive@odin.ietf.org>; Wed, 10 Mar 2004 06:26:07 -0500 (EST)
Received: from majordomo by asgard.ietf.org with local (Exim 4.14) id 1B11XN-0000kG-N9 for ietf-list@asgard.ietf.org; Wed, 10 Mar 2004 06:06:09 -0500
Received: from ietf.org ([10.27.2.28]) by asgard.ietf.org with esmtp (Exim 4.14) id 1B11XH-0000if-Lm for ietf@asgard.ietf.org; Wed, 10 Mar 2004 06:06:03 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA00587 for <ietf@ietf.org>; Wed, 10 Mar 2004 05:13:26 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1B10iL-0001yG-00 for ietf@ietf.org; Wed, 10 Mar 2004 05:13:25 -0500
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1B10hL-0001kX-00 for ietf@ietf.org; Wed, 10 Mar 2004 05:12:24 -0500
Received: from cirrus.av8.net ([130.105.36.66]) by ietf-mx with esmtp (Exim 4.12) id 1B10gQ-0001MD-00 for ietf@ietf.org; Wed, 10 Mar 2004 05:11:26 -0500
Received: from cirrus.av8.net (cirrus.av8.net [130.105.36.66]) (authenticated bits=0) by cirrus.av8.net (8.12.11/8.12.11) with ESMTP id i2AAAlbx021564 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf@ietf.org>; Wed, 10 Mar 2004 05:10:51 -0500
Date: Wed, 10 Mar 2004 05:10:47 -0500
From: Dean Anderson <dean@av8.com>
X-X-Sender: dean@cirrus.av8.net
To: ietf@ietf.org
Subject: Re: Principles of Spam-abatement
In-Reply-To: <g3u116smfs.fsf@sa.vix.com>
Message-ID: <Pine.LNX.4.44.0403022210230.6504-100000@cirrus.av8.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Sender: owner-ietf@ietf.org
Precedence: bulk

Joe Abley, you should be aware that your company is using a revenge list
for spam blocking. You might want to consider using a different email
address.  But it makes an interesting end to this discussion, I think.

   ----- The following addresses had permanent fatal errors -----
<jabley@isc.org>
    (reason: 553 Service unavailable; Client host [130.105.36.66] blocked 
using dnsbl.sorbs.net; Hijacked/Disused Netblock See:
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=130.105.36.66)

The SORBS list falsely claims that our netblocks are hijacked.  The
falseness of this claim was communicated to Matthew Sullivan, the operator
of SORBS, last June.  Mr. Sullivan first denied responsibility for SORBS,
and then said that 'he has no assets to lose, so we should go ahead and
sue him or contribute to him'. He operated other sites that threatened
mailbombing. (Mailbombing is basically spam by anti-spammers.  
Anti-spammers don't think of what they do as spamming--they call it
mailbombing. But the recipients can't really tell the difference.).

Mr. Sullivan was then booted from XO.  Later, he found a home on ISC.  As
near as I can tell, the original source of these lies was Alan Brown, who
operated ORBS until it was shutdown. Alan Brown has lost 3 separate
lawsuits involving defamation and false statements. 2 of those lawsuits
involved him making false statements about ISPs he simply didn't like,
that is, he put them in his blacklist falsely, just like Mr. Sullivan is
doing now. Most people aren't involved in three lawsuits their entire
lives. Yet Mr. Brown has __lost__ three involving false statements. Does
that make him a pathological liar? ISC (Paul Vixie, Bill Manning) has been
aware of the abusive and defamatory nature of SORBS for some time now, but
either don't seem to mind being associated with such disreputable people,
and don't mind that their services are being used for unlawful and
defamatory sites, or share in Mr. Sullivan's and Mr. Brown's spite.

And what are we to make of Mr Sullivan's association with this, and Mr
Vixie's and Mr. Manning's assocation with Mr. Sullivan?  Shouldn't they be
judged by their association with disreputable people?

All rather interesting in light of the statements below by Vixie about
trust and rogues, I think. 

On 3 Mar 2004, Paul Vixie wrote:

> as i've said twice before on this thread in the past several days, i don't
> care who you are but i do care who you know.  if the world has its hooks
> into you -- mutual trust, bond, or some combination -- then i will probably
> consent to communication with you even if you remain anonymous behind some
> kind of trust brokerage in finland.  however, if you are completely rogue,
> i will probably not give my consent to communicate with you.

So says the person who doesn't have an AUP, doesn't accept abuse
complaints, and hosts defamatory, abusive web sites that other responsible
ISP's have booted. Without going into the causality constraints on giving
consent, it is blatently hypocritical to talk about rogue behavior yet not
act to prevent such rogue behavior in their own area of responsibility, or
worse, actively participate in such rogue behavior. Someone once said that
"slander is the revenge of an ignoble mind".

It is hypocritical to talk about "trust", when the subsribers to anti-spam
lists expect and __trust__ that those lists aren't being used for spiteful
reasons having nothing whatsoever to do with spam. They __trust__ the list
to be honest, and they generally stop using lists that are found to be
dishonest.  Yet, very few (if any) such lists are honest. Technical lists
are replete with people posting questions seeking recommendations for
"good" blacklists.

Indeed, with the exception of ISC, 100% of the SORBS users we contacted
stopped using SORBS after viewing the 130.105/16 entries or 198.3.136/21
entries.  This type of thing has also been true of other lists, including
MAPS, which was started by Vixie.  For example, MAPS lost a suit to
Exactis/Experian, after it blocked email in violation of its own criteria.
A really interesting thing about the case is the email from MAPS that
threatened Exactis not to resort to legal action, while hypocritically
claiming on it's web site to be looking for legal challenges. MAPS
actually told Exactis that if it even mentioned lawyers, MAPS would
blacklist it until the case was over regardless of whether it complied
with MAPS demands.  Apparently MAPS had not heard of "Temporary
Restraining Order" or perhaps hoped that Exactis hadn't.  Or perhaps they
believed the internet to be out of the reach of the law. MAPS lawyers were
chastised in the case.  While I've heard of many spammers losing various
cases, I've yet to hear of their lawyers being chastised for frivolous
disagreement.

One cannot have a system where "rogue" is determined by the very people
who act irresponsibly, or who act significantly at variance with social
norms and obligations such as honesty and integrity, or regard for the
law.

I don't think this kind of hypocrisy can go unnoted because it is at the
very core of the anti-spam systems based on trust. Some people basically
want to appoint themselves judges of what is "rogue", and then use those
systems to take revenge.  In doing so, they deceive and mislead their
subscribers, and genuinely harm the anti-spam cause.  While it's human to
make mistakes, and its even human to be hypocritical at moments, it is
unacceptable to continue hypocrisy after it is has been pointed out--when
that happens, very serious criticism and questions of credibility are
quite properly in order.

Such violations of trust on the part of Vixie, Manning, Sullivan, and
Brown (and others) show very little respect for the anti-spam cause, and
virtually no respect for their subscribers. If they were truly concerned
about spam issues, they wouldn't allow their credibility to be compromised
by obviously false statements motivated by nothing other than spite, or by
association with disreputable people engaging in same. Either they are
extremely irresponsible, or they don't think that spam is a very serious
problem. Or perhaps they, too, are just pathological liars. If so, it is
rather ironic that they should share this trait with so many "spammers"
(though consider "mailbombing" again, and perhaps it isn't so odd).

I said near the start of this discussion that one principle should be that
we acknowledge that radical anti-spammers are making the problem worse,
and deal with them. I think another principle should be that those
entrusted with responsibility should be responsible, ethical, and
accountable for every decision, and that disreputable people or associates
of disreputable people should not be allowed to have control or influence
in the decision making process regarding "trust".

		--Dean