Spam: The last crusade

If last month's column taught me anything, it's never to question people's religious beliefs. Apparently, if I disagree with someone's opinionsââ,¬"especially about something that attracts as much fundamentalist devotion as Linuxââ,¬"then I can't write, am stupid, can't use a slide rule let alone a computer, don't understand logic, and wear women's underwear. (I'm as stumped as you are about that last one.)

On the other hand, I'm a slow learner.

Aside from its occasional amusement value, spam is just plain annoying. Who wouldn't be interested in making money without leaving the house, helping out Nigerian ex-ministers, giving themselves an extra three inches, or seeing the photos of 18-year-old Vicki's recent sleep-over at her girlfriends' place?

But what annoys me even more than spam are self-styled anti-spam vigilantes.

A Perth-based company called T3 Direct recently sued a man who the company claims dobbed it in to an anti-spam blacklist called SPEWS (spam prevention early warning system). The details of the case are complicated, to say the least, but it highlights some important issues.

Organisations like SPEWS, ORDB (open relay database), and MAPS (mail abuse prevention system) build lists of mail server IP addresses that they claim are known to send spam. The idea being, organisations wishing to reduce spam need only subscribe to these lists, and configure their mail servers not to accept any mail from the IP addresses listed.

Sounds good, if these lists were compiled and managed in an open, transparent, and accountable manner. But they're not. Not even close. How does an IP address get on the list in the first place? How do the list organisers prove the owner of the IP address is actually sending spam? Can companies sue for lost income if falsely accused? Is there an appeals system? And how do IP addresses get removed? In answering the first two questions, these groups claim they have rigorous technical criteria. You can't just dob in a spammer, they pronounce. I wonder how true this claim is; after all, dobbing in a spammer is what T3's lawsuit is all about.

But T3 is suing the person who tipped off the list's organisers, not the list itself. By operating in secret, SPEWS' organisers hope to avoid the lawsuits that have shut down other anti-spam groups. (Like all vigilantes, they would like to think of themselves as above the law, in any case.)

Most importantly, how do you appeal the decision, or get IP addresses off the lists?

You can't. Organisations who have tried have discovered the anti-spammers don't respond to e-mail and of course don't list their phone numbers or postal addresses.

SPEWS' attitude is indicative. In answer to the question -How do I get off the list?", SPEWS' FAQ answers -Sorry, SPEWS is a list of known spammers, spamming operations, and spam supporters, if you fit the criteria there's a good chance you will be listed and stay listed. If you are a spammer, may we suggest you get a real job?" In other words, if we say you're a spammer, you're a spammer. Forever. And if you're not a spammer?

Aside from the incredible leeway for political censorship, corporate sabotage, and just plain pigheadedness this situation creates, it ignores the fact that IP addresses change quite often. When the ACT Brumbies rugby club inherited a set of IP addresses from a company that was on SPEWS' blacklist, the club found it easier to get Telstra to change the IP addresses than to get the addresses removed from SPEWS' list. Knowing how bureaucratic Telstra can be gives you an idea of how intractable the anti-spam zealots are.

Religious fervour tends to blind people to subtleties; they tend to see everything in black and white, good and evil. Anti-spam vigilantes view spam as evil, therefore everything they do to combat spam is good. But this sort of arrogant zeal makes it all too easy to ignore the complexities and responsibilities of the real world.

May I suggest to the anti-spammers to take their own advice: get a real job, folks. Or treat spam prevention as a real job, not a crusade; do it professionally, openly, and most of all, fairly--you could even make some money that way.

Subscribe now to Australian Technology & Business magazine.

• Related stories

• Alerts

Add your opinion

Your article is poorly researc ...Cracker -- 09/07/02

Your article is poorly researched. The IPs that T3 Direct claim in court were blocked by SPEWS were not owned by T3 Direct, but were obtained from a Perth Christian charity and were being used "without permission":

http://australianit.news.com.au/articles/0,7204,4467442%5E15318%5E%5Enbv%5E,00.html

While SPEWS may indeed operate a "closed shop", MAPS and ORBS do not. Around 2 years ago, our server was listed at MAPS as an open relay, and it was quite easy to be removed. I simply had to close the "relay".

You write this article as if anti-spammers are a larger problem than spam, which is a little immature.

Spam certainly exists, and it is costing all of us an increasing amount of time and money. What harm have any of the spam "blocking lists" done to you that it is not even mentioned in your article?

Unlike direct mail, the recipients of spam have to bear the cost of these messages, and the time it takes to delete them from their in-box, which I consider a breach of the spirit, if not the letter, of the National Privacy Principles:

http://privacy.gov.au/publications/npps01.html#a

By the way, SPEWS have removed the IPs that T3 Direct did not own, but claims were blocked, as it is now clear that the IPs will no longer be used to send unsolicited bulk e-mail.

Fortunately, they have included the new mail server used by T3 Direct: bta.net.cn (202.106.196.70). The SPEWS listing for this ISP in China makes for interesting reading:

http://spews.org/html/S1639.html

What is really at stake in this case is Joey McNicol's life savings, not yours. He, at least, is making a stand. You're just coming across as petulant, dismissive and judgemental.

It is clear that you reserve the right to get mad about spam later, when it has grown beyond a manageable state. That way you can just say it wasn't important enough to fight "until now".

As to your arguments about political censorship, coporate sabotage, they are merely figments of your overblown imagination.

Please, if you are to write more articles on spam, get your facts right. In a year or two, you will be eating your words anyway :)

• Reply to comment
• Reply to story
• Report offensive content

Myself, I have no problem with ...Anonymous -- 09/07/02

Myself, I have no problem with SPEW's classification of spam sites.

If users at an ISP that gets blacklisted by spews or another such service have a problem with being blacklisted, perhaps they should change ISP or pressure the ISP to remove the spammers and.or tighten up their own usage policies.

As for de-listing, check out the spews site and you'll find that sites are automatically delisted after a time of having no spam reported against them. Check out their news pages to see how many sites get deregistered from spews and why. It looks to me like the organisers of spews put as much effort into ensuring that ISPs that clean up their acts are removed form the lists.

Of course, if we didn't have spam, this wouldn't be a problem now.

• Reply to comment
• Reply to story
• Report offensive content

Your attitude in this post is ...Anonymous -- 25/07/02

Your attitude in this post is pesimistic and shows that you lack the understanding of the core issues of spam as a problem and the solutions to it.

Spam has become a problem, no question. However due to the lack of action by the Legislature and Judiciary internationally, the problem has got to the point where is now unmanagable and systems administrators and the like have to employ alternative stratigies to protect the users of our network from unsolictied junk email.

You seem to class the various blocklists as rogue operators who see themselves as above the law. As mentioned by a previous poster, they are far from it and actually publically list on their respective sites what you need to do in order to have your listing removed from their database. Your comments in this area give me the strong impression that either yourself or your research assistant or both were asleep the day they taught reading in your school, either that or you were too dammed lazy and went off on your own little crusade against these blacklist operators.

As also mentioned, Joey is fighting to survive. This case has the sad potential to financially cripple him - something you also lack the understanding of. However, the placing of T3 Direct on spews.org shows their independance, as they seeked out various independant sources to confirm the problem, and only then did they take action. It was not something done on a whim.

Secondly, something you (sic) article fails to address is the uniqueness of this case. Whichever was this case goes, it has the potential to set a very large precident in the uncharted waters of Information Technology Law. You might have wanted to look at that angle a little more, as to date with the exception of the recent European Parliment decision to force opt-in mailing lists upon their region of jurisdiction, there are no adequate laws to prevent unsolicited bulk email.

Until these are brought in by the various leglislatures, there will continue to be a need for blocklists. Let's not sit here and call the operators of these lists sad, but let's pat them on the back for providing a good service which will be needed until the government finally does something to curtail this unacceptable practice of sending spam.

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials