Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Censorship Your Rights Online

Open Relays, Free Speech, and Virus Propagation 488

Posted by michael
from the now-boarding-at-port-25 dept.
sirsnork writes: "There is a story about John Gilmore running an open relay that is being used by a virus to propagate running over at Newsbytes. His defence? He wants his friends to be able to send email through his server from whereever they are. You'd think he'd know better." Gilmore has been skirmishing with Verio for some time over his open mail relay. Is it a good thing because it promotes the free flow of information? Is it bad for promoting the free flow of spam? Do the ethics change because someone writes a virus that uses the server to propagate? Interesting questions.
This discussion has been archived. No new comments can be posted.

Open Relays, Free Speech, and Virus Propagation

Comments Filter:
  • by Tony Hoyle (11698) <tmh@nodomain.org> on Thursday March 07, 2002 @12:08PM (#3125093) Homepage
    I'll add his domain to my blacklist.

    I suppose he leaves his front door unlocked too so his friends can watch cable whenever they like?
    • by FransUNC (518475) <scott@scot[ ]ans.com ['tfr' in gap]> on Thursday March 07, 2002 @12:20PM (#3125243) Homepage
      I suppose he leaves his front door unlocked too so his friends can watch cable whenever they like?

      I've done this plenty of times. I guess that's why the last time I came home my air conditioning was set on 50, the oven was still on, and all my french bread pizzas were gone. :[

      Jokes aside, there are sometimes that you just have to take responsibility for something. And this is one of those times. His refusal to close it is just plain a) apathy b) want for attention c) pathetic.

      Ok, maybe his defense is the same of that used by file sharing programs, which unfortunately might make hypocrites out of a lot of us who complain, but anybody with common sense would know how to handle this situation. Don't be rude, Gilmore, close the damn relay!
    • by Zocalo (252965) on Thursday March 07, 2002 @12:42PM (#3125394) Homepage
      Quoth the article:

      The address of the server, Toad.com, is one of 25 open mail relays hard-coded by its unidentified author into the W32.Yaha worm, according to analyses by anti-virus firms Symantec and Sophos.

      Quoth my shell:

      # nslookup toad.com

      Non-authoritative answer:
      Name: toad.com
      Address: 140.174.2.1

      # echo 140.174.2.1 >> /etc/mail/BannedIPs
      # /etc/rc.d/init.d/sendmail restart

    • by geekoid (135745) <dadinportland AT yahoo DOT com> on Thursday March 07, 2002 @02:28PM (#3126286) Homepage Journal
      Just because you leave your door unlocked, doesn't mean strangers can legally come into your home.

      I'd love to see your statement if a cable company went after someone whoi did that.

      In other news: Just because you leave your car unlocked doesn't mean you want it stolen, either.
  • Jackass (Score:2, Insightful)

    This guy is a jackass. There are a number of ways to allow his friends to send mail without running an open relay.

    • Re:Jackass (Score:5, Interesting)

      by tcr (39109) on Thursday March 07, 2002 @12:14PM (#3125165)
      I agree.

      But weird how the article said Gilmore, a life member of the Libertarian party, has accused Verio of censorship and said he configured the mail server to accept and forward e-mail from anyone in part so that friends could use it while traveling around the world.
      (Emphasis mine).

      Seems to imply there are other motives...

      • has accused Verio of censorship and said he configured the mail server to accept and forward e-mail from anyone
        So, I'm assuming he doesn't lock his house, or car, because that would infringe upon my freedom to travel? Christ, my four year old used to use logic like that.
    • Re:Jackass (Score:4, Insightful)

      by eam (192101) on Thursday March 07, 2002 @12:36PM (#3125357)
      My first thought after reading the materials on his web page was: Man, what an idiot.

      It is unfortunate that Verio caved. On his page he says:
      When thugs come onto your block and go from door to door telling you that if you don't change how you run your business, your knees will be broken, and your children harassed until you leave town, what do you do? Lots of people change their business or quietly leave town.
      Unfortunately, he doesn't seem realize that HE is the thug who is forcing Verio to change how they run their network.
    • by Chasing Amy (450778) <asdfijoaisdf@askdfjpasodf.com> on Thursday March 07, 2002 @02:53PM (#3126494) Homepage
      Isn't it obvious that the reason he wants to keep his relay open is so that his cypherpunk friends can send less-traceable e-mails? A noble goal, even though it has unfortunate side-effects regarding spam and this new virus.

      In this day and age of government snooping, Carnivore, shutting down anti-globalization websites, justifying mass surveillance of all citizens under the rubric of anti-terrorism, and the other atrocities reported every damn day on /., surely the hypocrites here can retract their heads from their asses long enough to see the adantages of a static open relay for helping to safeguard the privacy of e-mails. Does it have unwanted side effects? Yeah. Freedom always does.

      Look, let's be frank here: spammers will always find open relays in Asia. Always. China's recent baby steps forward notwithstanding, you know that this is true. This is part of the spammer's job. If spammers couldn't find open relays, they'd just purchase ISP accounts, start flooding out of their own servers, and move on when they get cut off. They sometimes do it now, even though open relays aren't hard to find.

      Toad, on the other hand, is just a way for the privacy conscious to have a little conrol over how their e-mail gets routed without having to work like a spammer to keep up-to-date lists of Asian relays. It's just an added layer of obfuscation. Shutting it down won't curb spam or viruses, it'll just take away a privacy tool.
  • If he wants his friends to use the server from anywhere, why not use an authentication scheme like SMTP AUTH or POP-before-SMTP?
  • It's bad. (Score:4, Insightful)

    by strredwolf (532) on Thursday March 07, 2002 @12:10PM (#3125118) Homepage Journal
    Gilmore should know better. Verio's being majorly blocked by this person, and when Verio gets a clue, they may get their laywers in on the game and sue him.

    He should at least know how to lock the server down to use SMTP Authorization. Even better, if he wants his friends to communicate freely, he should give them Unix shell access. Open relays being free speech? YEAH RIGHT! There's no goverment there, so the First Admendment does not apply! (If you think otherwize, REREAD your Admendments.)
    • Re:It's bad. (Score:5, Insightful)

      by Anonymous Coward on Thursday March 07, 2002 @12:20PM (#3125244)
      So basically, you're saying that instead of going after the people that are breaking the law, we should go after the people that are facilitating it? It's not his fault people are using his service illegally, just like it's not the fault of Morpheus or Kazaa, as I've heard justified many times on this forum. Perhaps we should outlaw computers, because after all, they enable people to break the law. Same for cars, right?
      • Re:It's bad. (Score:5, Insightful)

        by strredwolf (532) on Thursday March 07, 2002 @12:48PM (#3125449) Homepage Journal
        You're missing the point, already. Verio has a ton of spammers that it knows about -- spam complaints keep flooding in, SPEWS/SBL keeps tightening the noose, independent sysadmins keen adding them to their own private lists. Verio should of gotten a clue by now... and it hasn't. It's forgotten.

        However, to address your question: Only in a few states is it illegal to spam, and even then the spam has to violate a few basic rules. Fortunately, spammers are stupid (Rule #1) and spammers lie (Rule #3). There is no federal anti-spam statue because our (USA) goverment is that slow! (The only good thing they're doing about spam is prosecuting the fraud that results from the spams to begin with. Eh, as much as we can get, we'll take it).

        BUT, the entire Internet community has said "Close your servers, they are being abused." The guy hasn't. It's being abused. Negligence? Aparently so. Conspiracy to spam? Maybe. The server's listed on blocklists. The guy hasn't fixed it yet. He's virtually required, or his ISP gets wind. His ISP is Verio. They've been sent notice. Neither he nor Verio has fixed the problem in a timely matter. The only recorse is to block all of Verio, because they're not playing nice.

        Now, you say about outlawing the tools. Is Napster/Gnutella commiting copyright violations? No, they make software that shares files eazily. Any file. Every file. You configure it. It's a *general purpose tool*. It's like a car or a computer. That's ok, we shouldn't outlaw that. We should outlaw *specific purpose tools* -- programs which have only one or two functions which allow the user to break laws. Spamware falls under specific purpose tools. E-mail gatherers/spiders fall under specific purpose tools.

    • Re:It's bad. (Score:2, Interesting)

      by xonker (29382)
      when Verio gets a clue, they may get their laywers in on the game and sue him.

      I don't see why they don't just cut him off entirely. Surely their ToS allow them to disconnect any customer who has an open relay.

      Since they have that option, I can't see that they'd have grounds for action. But it's insane that Verio is letting this loudmouth intimidate them into continuing his service.

      I do wonder if it'd be possible for another ISP or the recipients of spam sent through his relay to sue him for negligence. Wish I had the money to do so.
      • Re:It's bad. (Score:3, Interesting)

        by Dimensio (311070)
        Verio allows postmastergeneral.com, a known spamhaus, to operate. I don't think that they are going to be concerned with the negligence of one of their customers facilitating criminal activity when another of their customers is openly engaging in criminal activity.
    • Re:It's bad. (Score:4, Insightful)

      by b1t r0t (216468) on Thursday March 07, 2002 @12:50PM (#3125466)
      Even better, if he wants his friends to communicate freely, he should give them Unix shell access.

      Even better yet, give them SSH access. Then they can port-forward to his mail server from the inside, where there are no open relay problems.

      Either way, if he's really only leaving the relay open for his friends, and not for so-called "friends" whom he's never met before, he should make them prove their identity as his friends through some means of authentication. There is no reason that I can think of that should require him to run an un-authenticated server so that a handful of people can use it.

  • Free flow. (Score:5, Funny)

    by saintlupus (227599) on Thursday March 07, 2002 @12:11PM (#3125122) Homepage
    Is it a good thing because it promotes the free flow of information?

    Information wants to be free, but my mail client does not want to be chock-full of herbal pot alternative spam.

    If this were still the 'net of the pre-WWW days, I would see the point of running an open relay for friends. It's not, though. The vultures are here. And they really want to sell penis enlargers.

    --saint
    • by DataPath (1111) on Thursday March 07, 2002 @12:20PM (#3125245)
      I have to ashk you about the penish mightier.

      Gushy it up however you like, trebek, the question is does it work?
    • by CoolVibe (11466)
      Saw this in someone's .sig:

      Steph: "Don't these people realize that if you outlaw SPAM, only CRIMINALS will have spam?"
      Piotr; "Sounds good to me...."
      Steph: "Okay wait, that didn't come out right..."

      :)

    • Re:Free flow. (Score:3, Flamebait)

      by TekPolitik (147802)
      Information wants to be free, but my mail client does not want to be chock-full of herbal pot alternative spam.

      The problem with Gilmore (and the EFF, which is Gilmore's mouthpiece), is that he first got involved in lobbying to get copyright for software through (so people wouldn't copy his software), and since then he's basically opposed every single law relating to technology that has been proposed. It doesn't matter if the law is a good one, or if it's beneficial to the geek community - if it's a law relating to technology, he'll oppose it.

      Certainly there are some things that need to be opposed, but with the EFF there is no discretion - if it's a law that relates to technology, it must be bad. Except copyright law because it helped Gilmore make his millions.

      Gilmore and the EFF have long since ceased to represent the groups and interests they claim. They are utterly without relevance, although they seem to be able to con a few people to donate to them. Frankly, donating to the EFF is a bad idea - if Gilmore wants a personal mouthpiece for irrationally opposing all tech law, he can pay for it himself (and can afford to do so) without begging others to subsidise him.

  • by spotter (5662) on Thursday March 07, 2002 @12:11PM (#3125128)
    If you want people to use you as a relay from where ever you are, use smtp authentication. it doesn't have to be a real account, and using things like cram-md5 the password isn't set in the clear (or one can use smtp-tls, but that's less supported)

    I do this with evolution, I know outlook and netscape support it.
    • A little bit more explanation.

      SMTP supports an authentication mechanism. Normally one would think you would want this hooked up to /etc/passwd (or shadow) but that would mean the passwords would have to be sent in the clear. So one would use smtp ssl (runs on different port) or smtp-tls (runs on port 25, and uses a start-tls command to start the encrypted session).

      One also can use a One Time Password (OTP) scheme. In this case, the password will be stored on the server in plaintext, and we use a challange/response system to authenticate. The server sends a challange, and then you do some cryptographic hash functions with the password and the challange to create a response, you then send the response back. The server can duplicate the steps, and if they match you are authenticated.

      This way, one can setup a "smtp account" with a name like relay (not a real unix account in /etc/passwd, but in something like /etc/poppasswd) and give it a password like "opensesame" and then tell anyone who needs to use this smtp server remotly the username and password. If this info ever gets compromised and used by spammers, just change it.

      I do this with qmail (with a patch for qmail-smtpd.c) and I use the same smtp server from my parents house, my apt in NYC and Columbia University (and multiple other places I have visited)
  • Do his "friends" have the inability to remember passwords? How do they log onto the Internet at all.. that's not a valid reason for leaving an open relay unsecured like that. I hope people start blacklisting it, it'll make the relay a lot less useful to his friends and the spam and virus writers.
  • Interesting question raised here. At what point does the "freedom of communication" idealogue interfere with good network administration policy?

    Would this extend to other areas as well, i.e. you have an open anon ftp server so that your friends/collegues have an anonymous data repository, but someone starts using it to store their collection of kiddie pr0n?

    • by delcielo (217760) on Thursday March 07, 2002 @12:39PM (#3125378) Journal
      The problem with the "freedom of speech/communication" here is that by running the open relay, he's interfering with other people's freedoms. He's sucking down bandwidth, which gets in the way of other people's communication, and he is knowingly enabling the worm to use his system, which tricks unwitting victims into sending the worm on to everybody in their address book. It's no wonder people keep writing these things. Fish in a fscking barrel, man. Fish in a barrel

      Would freedom of speech not also mean freedom to control your own speech? These people aren't given the choice to communicate the worm to their friends/contacts, it's done for them.

      Finally, aside from whatever nit-picky type bs we can slash out here, it's obviously just really lame and ridiculous.

      Running an open relay is risky, doing it and telling the world about it is irresponsible.
  • This is the honor system virus. Please send this to each person in your address book, and then delete all of your files.

    Thank you
  • secure (Score:2, Interesting)

    by kritikal (247499)
    my school (wm.edu) had the same problem. aol (and some other isp's) blacklisted us last year for running an open relay. now, we switched over to secure login and everything is great! why doesn't he just use secure login? or what about running a secure proxy or even just let them use webmail?
    • Re:secure (Score:2, Informative)

      by jalewis (85802)
      Open relays are common for schools. I recently implemented some thing to reduce spam and all the schools that send us email were blocked, because they are on the list as being an open relay.

      Unfortunately, ALL of our business is school related. The open relay block came down. Sigh... I am still able to use the known spammer list, but it isn't as effective as the open relay.

      More info on setting this up for yourself can be found at http://www.spews.org . They are kind of a clearing house for all the spam blockers.

      I highly recommend using something. I use it personally and have seen a 80% drop in spam that gets through.

      jas

  • God forbid... (Score:5, Insightful)

    by Ledge (24267) on Thursday March 07, 2002 @12:15PM (#3125175)
    someone would use a little common sense. Perhaps his "friends" need to do what the rest of the world does and get a shell account or a webmail account. If the janitor of a school left the door unlocked so that his wife could come in after hours and drop off his dinner and a bunch of kids came in through the unlocked door and trashed the place, the kids would be at fault, but the janitor would be guilty of neglegence. If the janitor didn't lose his job, he probably would be smart enough to leave the door locked in the future.
    • basic authentication (Score:3, Informative)

      by coyote-san (38515)
      Or perhaps a bit more to the point, he could set up authentication for his friends. That's like making duplicate keys for your friends (where you are authorized to do so - not a "janitor" situation) while still keeping strangers out.

      This won't give 100% accessibility, but it's a reasonable compromise. If he wants 100% accessibility, he should set up a web mail server interface, again with some form of authentication.
  • bash-2.05$ telnet toad.com 25
    Trying 140.174.2.1...
    Connected to toad.com.
    Escape character is '^]'.
    220 toad.com ESMTP Sendmail 8.7.5/8.7.3; Thu, 7 Mar 2002 09:11:09 -0800 (PST)
    helo toad.com
    250 toad.com Hello [12.32.42.180], pleased to meet you
    mail from:<asdfasdf@asdfasdf.com>
    250 <asdfasdf@asdfasdf.com>... Sender ok
    rcpt to:<dick@dick.com>
    250 Recipient ok
    data
    354 Enter mail, end with "." on a line by itself

    .
    250 JAA03142 Message accepted for delivery
  • by Dolph (132127)
    John Gilmore assertion that he wants his freinds to be able to send through the server are invalid, as he could always allow authenticated relaying instead of open relaying. This would allow authorized users to relay from anywhere without allowing abuse of the system.

    Of course, everyone knows that this isn't the reason for his running of the relay - it's simply an issue of free speech, as I understand.
  • by Technician (215283) on Thursday March 07, 2002 @12:17PM (#3125200)
    I wonder how long it will take him to get a clue when his domain gets on all the major blacklists now it's well known. His view of the internet is going to get very small very fast. He needn't worry about being DOS'ed by angry netizens. Most of their packets will no longer be able to get through soon.
  • Everyone's right! (Score:5, Insightful)

    by Frater 219 (1455) on Thursday March 07, 2002 @12:18PM (#3125219) Journal
    John Gilmore has every right to run an open mail relay.

    Verio has every right not to sell Internet service to people who want to use it to run open mail relays. John Gilmore has no right to demand Internet service form Verio.

    MAPS, ORDB, ORBZ, and the other blackhole lists have every right to tell me that John Gilmore is running an open relay. John Gilmore has no right to gag the blackhole lists' truthful speech about him.

    I have every right to refuse to accept email from John Gilmore's open relay. I may do this on my own information, or on the advice of a blackhole list. John Gilmore has no right to force me to allow him or his traffic on my property.

    So everyone's right, as long as everyone stays within their rights.

    • Re:Everyone's right! (Score:3, Informative)

      by romkey (145460)
      Part of John's complaint was that Verio was filtering mail to their customers based on the RBL, and that John couldn't send mail to his own ISP because of this.

      I largely agree with what you said, but I think part of John's complaint which you missed is that Verio is making the decision for their customers as to whether or not to accept email from John's open relay, and not allowing their customers to make that decision themselves.
      • Re:Everyone's right! (Score:3, Informative)

        by FreeUser (11483)
        I largely agree with what you said, but I think part of John's complaint which you missed is that Verio is making the decision for their customers as to whether or not to accept email from John's open relay, and not allowing their customers to make that decision themselves.

        As long as Verio is being upfront and honest with their customers that they are using RBL, then their customers have made the choice, by choosing Verio. It would be nice if verio provided a facility for their customers to opt in or out of using the RBL list, but really that is just a convinience: their customers can easilly opt out of the RBL by choosing another ISP.

        As a previous post said, "everyone is right." John has the right to run an open relay, Verio has the right to sell him service (or not), and I (as well as Verio) have the right to filter his site because I don't like his actions. His rights stop at my home's router (whether I've chosen to block him of my own accord, or because of RBL's recommendation, or not at all, is my buisiness, not his).
      • by Frater 219 (1455) on Thursday March 07, 2002 @12:47PM (#3125438) Journal
        Part of John's complaint was that Verio was filtering mail to their customers based on the RBL, and that John couldn't send mail to his own ISP because of this.

        So what? I'd say this might be a problem if he couldn't get in touch with Verio's administrators -- but he doesn't have any right to send email to Verio's other customers from his open relay. Even if he could not email Verio's administrators, I don't think that would be an issue of rights -- more an issue of Verio's competence or good sense. If he thinks they're incompetent, insensible, or malicious, he shouldn't keep sending them money.

        I largely agree with what you said, but I think part of John's complaint which you missed is that Verio is making the decision for their customers as to whether or not to accept email from John's open relay, and not allowing their customers to make that decision themselves.

        I don't think this changes the rights involved, although it may be a valid comment on Verio's desirability as one's ISP. (Spam filtering makes an ISP more desirable to me, but may make it less desirable to John Gilmore. Neither of us have the right, though, to impose our preference on any particular ISP.)

        In general, do customers of a business have the right to force that business to change the services it offers? No. I don't have the right to force McDonald's to serve me a charbroiled hamburger made from USDA Choice beef, when all they are selling is fried hamburgers made from inferior beef. In fact, I wouldn't even have that right if there were no high-quality burger joints in my town.

        McDonald's thinks it can do better by selling burgers I don't like. Good thing I don't have to eat them. Verio thinks it can do better by selling Internet service John Gilmore doesn't like. Good thing he doesn't have to use it. I think I can do better by not accepting mail from John Gilmore's open relay. Good thing I can choose to do so.

    • Re:Everyone's right! (Score:2, Informative)

      by thczv (541683)
      > Verio has every right not to sell Internet
      > service to people who want to use it to run
      > open mail relays. John Gilmore has no right to
      > demand Internet service form Verio.

      I think this is wrong. It sounds like the contract that governs Gilmore's internet service places NO content restrictions on his use of the service. That is what one of those links above says.

      thczv

    • Re:Everyone's right! (Score:2, Informative)

      by dachshund (300733)
      MAPS, ORDB, ORBZ, and the other blackhole lists have every right to tell me that John Gilmore is running an open relay. John Gilmore has no right to gag the blackhole lists' truthful speech about him.

      A lot of people would have made similar arguments for Napster. Turns out that there are a number of legal principles that override the "right to free speech" under various circumstances. I sincerely doubt that any of them come into play in this case, but don't imagine that the the 1st amendment provides MAPS or any other service with blanket protection.

    • by Anonymous Coward
      Frater wrote:

      Verio has every right not to sell Internet service to people who want to use it to run open mail relays.

      No, actually, Verio doesn't. It's bound by the terms under which it (indirectly) acquired The Little Garden (tlg.net), which very clearly specified [toad.com] that there was to be no blocking of service on grounds of content.

      Remember this, if you're ever tempted to business with Verio: It breaks its commitments. Accordingly, you can't believe a word it says.
      • No, actually, Verio doesn't. It's bound by the terms under which it (indirectly) acquired The Little Garden (tlg.net), which very clearly specified [toad.com] that there was to be no blocking of service on grounds of content.

        I'm not party to the acquisition agreement that TLG signed when it was bought by Verio. However it is very common for Terms of Service of the acquired entity (TLG) to be replaced by the Terms of Service of the acquirer (Verio).

        Basically Verio bought the TLG business under a contract. If that contract says words to the effect: "Verio pays the owners of TLG x dollars and agrees to be bound by the TLG terms of service" then you are right. However I suspect it says something more like: "Verio pays the owners of TLG x dollars and has the right to alter the Terms of Service to the standard Verio ToS". I doubt any business would acquire another and bind itself to keep the previous business' terms forever.

        If John Gilmore doesn't like Verio's terms of service he should find an ISP that will let him do what he wants. He doesn't have some magic right to do whatever he likes. Verio are quite within their rights to impose terms of service that disallows running an open mail relay.
      • by Frater 219 (1455) on Thursday March 07, 2002 @01:00PM (#3125538) Journal
        No, actually, Verio doesn't. It's bound by the terms under which it (indirectly) acquired The Little Garden (tlg.net), which very clearly specified [toad.com] that there was to be no blocking of service on grounds of content.

        Refusing to provide Internet service to an open mail relay is not "blocking of service on grounds of content." The attribute of being an open mail relay is a formal property of a mail server. It is defined without reference to the content of the messages transmitted or rejected by that mail server.

        If Verio were blocking every message that contained the word "spam", then they would be blocking on the basis of content. If they were refusing service to John Gilmore because of the political views he expresses using that service, they would be blocking on the basis of (intended or past) content. They aren't doing that. They aren't inspecting the content of the messages at all -- just the formal (and thus content-neutral) attributes of the transmitting host.


        Let's say Verio goes into the bookselling business, and promises to sell any book regardless of its content. I publish pornographic novels, and you publish travel books. One month, we both decide to publish books of our respective genres which weigh one ton apiece and are the size of a small car. Verio chooses not to sell these particular books, on the grounds that they will not fit on its shelves and will cause damage to its facilities due to their weight.

        I then complain that Verio lied, and is not selling my pornographic book because of its content. Is my complaint valid? No, it is not. The decision wasn't on the basis of the content of the book, but its form. Verio chooses not to sell books which weigh a ton, regardless of their content, be they travel books or porn.

  • It really is.

    It's also your right as an end user or mail server administrator to block traffic from his server / network.

    A common carrier, however, does not have the right to block his traffic because they want to stop spam.

    This is really clear-cut.
  • by romkey (145460)
    I've argued with John about this.

    On the one hand, I believe he's saying that the ISP should not make the choice for its customers as to what mail it accepts and what mail it doesn't accept. I have to agree with this, it's a slippery slope and easily abused. However I believe a lot of customers are happy to have their ISP try to reduce the amount of spam they receive.

    Also, I believe John's attitude is that any spam-prevention mechanisms should not block valid mail from getting through. I have to agree with this.

    And, having been (incorrectly) attacked by anti-spammers a few times I have to say that often the anti-spammers are worse than the spammers.

    On the other hand, I think John's insistence on running open relays is just plain a bad idea, and that using technological means such as SMTP Authentication could completely remove the need for having open relays.
  • Let him be free. (Score:5, Interesting)

    by www.sorehands.com (142825) on Thursday March 07, 2002 @12:20PM (#3125247) Homepage
    Allow him to keep an open relay. But also require that he would be liable responsible for ALL spam that passes through his server.


    That means that he would have to be paying out large amounts of money to anyone who is a victim of spam through his server.

    It is interesting to know that a while back, Verio was scraping the register.com database to spam people who had registered with register.com

  • Great example (Score:4, Insightful)

    by JordoCrouse (178999) on Thursday March 07, 2002 @12:21PM (#3125253) Homepage Journal
    This is a perfect example of why ethical issues like freedom of speech, fair use, and the right to carry a gun are not as cut and dried as we would like them to be.

    It all boils down to this: While 99% of any given set of a population may be honest, ethical or safe, there is always that 1% that will take advantage of that very fact. In this case, Gilmore wants the freedom to do what he wishes with his mail server, and though most people respect that, a malious few have used that trust to damage others.

    You can extend this to any argument: While most of us respect fair-use laws, there are those that take advantage of those laws and pirate music and movies. While most people with concealed gun permits have honorable intentions, there is always a small contingent that does not.

    I always say, you have the right to [ speak freely, copy music, carry a gun ] until it infringes on my rights. The problem is, determining who's rights are being infringed on.

    This episode is a great reminder that the issue is much more complicated that most people are willing to admit.

  • Isn't really a freedom worth fighting for. Just switch the damn thing off and stop being a dick.

    At least it's well known so it's easy to add to the spam blockers. Hope he didn't have anything he wanted to send me in an email.

    TWW

  • by toast0 (63707) <slashdotinducedspam@enslaves.us> on Thursday March 07, 2002 @12:26PM (#3125295) Homepage
    then use of email through his gateway is free expression. however, people blacklisting his box is also free expression.

    additionally, i gather he has an account with verio, which has certain provisions you must agree with to have an account, one of which i imagine compells him to avoid running an open relay. If he has a problem with these provisions, he needs to find a new provider, and if he can't find a provider w/out those provisions, he needs to suck it up and realize that in the civilized world, open relays are bad.

    Yelling anything during a movie is expression, but unless you're at Rocky Horror, it just isn't appropriate, and could get you kicked out of the theatre. If you take passing spam as yelling, and the internet as the theatre, it makes a decent analogy.

  • by SpookComix (113948) <spookcomix@NOspAm.gmail.com> on Thursday March 07, 2002 @12:27PM (#3125302) Homepage Journal
    ...by my mail server is not and open relay, effectively blocks Spam, and requires authentication to send through, but I can send email from anywhere I get an Internet connection. I just have to provide my username and password.

    Is that too much of him to ask of his users? Or is he just unaware of how and what to do?

    Clue me in, folks.

    --SC

  • by cluge (114877) on Thursday March 07, 2002 @12:33PM (#3125344) Homepage
    The gentleman in question has a home page here [toad.com] He also has an e-mail address of gnu@toad.com and gnu@eff.org so you can e-mail him here [mailto] and here [mailto]

    May I suggest instead of bitching on slashdot you take a second and send an e-mail to the John and let him know how you feel. Practice your first amendment rights. Visit his web page as well. Perhaps the "slashdot affect" can do some good. Take a second and stop being so apathetic and send John Gilmore an e-mail.

    • The following text of the e-mail that I sent

      To: gnu@toad.org
      Cc: gnu@eff.org, drg@verio.net
      Subject: RE: Your fight with Verio

      Dear Sir,

      I find myself in an unusual position, agreeing with Verio. They (Verio) isn't trying to censor your mail, it is trying to prevent your mail server from being used by people to spread SPAM, viruses and other vermin of the e-mail world. It has nothing to do with trying to censor your free speech, or your opinions.

      Allow me to provide a parallel this for you. Say you maintain a building on public property with a printing press. You leave the building unlocked so that your neighbor can use it as well. You do this because making a key for your friend is "just too much trouble". The building starts being used by violent gangs and an anarchist who builds his bombs there. The public ask you nicely to lock the building so that this activity will stop. You refuse saying that they are trying to censor you because you have a printing press in the building. That is patently untrue you are in affect aiding and abetting criminals by your negligence.

      As an administrator that has to defend against SPAM attacks, sometimes coming by the hundreds and thousands for small domain that has at most 10 mailboxes I have no sympathy for you. This is not about free speech, this is about theft, denial of service and common sense.

      aaron@NoitalianSpam-carsPlease.com

      • The gentleman in question has a home page here [toad.com]

      Please mod the parent up. You have to read some of Gilmore's own words to believe how aggressively and unreasonably stubborn he is on this issue. Gilmore has done some wonderful things, but he flat out refuses to ignore the changing realities of living on the 'net, calling anti-spammers "extortionists", "thugs", "blackmailers", and asserting that this is an "antitrust" issue. Regarding spam itself, Gilmore says: "I don't even want a "tyranny of the majority", if the majority happens to prefer to smash spammers (and suspected spam-sympathizers). I don't want a rerun of Joe McCarthy's witch- hunt, with spammers in place of Communists. I want to have everyone's right to communicate with each other protected, whether or not they disagree with the majority."

      Which is all well and good. Gilmore argues that any censorship is reprehensible. OK, then why did Gilmore voluntarily censor mail passing through his gateway in a token attempt to appease Verio? He argues on a point of principle, then breaks that principle quite cynically so as to create an appearance of having offered a reasonable compromise (when the real solution is much simpler: authorisation). He is a very jolly, persuasive and genial old hypocrite. Harsh comment, but judge him by his actions, not his protestations.

      Gilmore is an extremely confused man, well intentioned, but in severe denial that the world has changed around him. He has found a cause to fight (using EFF lawyers) and is enjoying playing hardball on an issue of principle (while breaking that principle himself) when there's good grounds for believing that the real issue is that he's just pissed at Verio for buying up the ISP he founded and imposing terms of usage on him. Any terms. Gilmore is pro-free speech in the shouting-fire-in-a-crowded-theatre-is-OK way. Information doesn't just want to be free, it wants to be thrown out of the door and helped along with a cattle prod. While he's done a lot of good in his life, I believe that this extremist stance actually damages the EFF and the free-speech lobby.

      Before you judge him, go and read his specific thoughts [toad.com] on this issue, and decide for yourself whether he deserves contempt or pity. I'm rather leaning towards the latter.

  • He should just hack his relay so that it's extreeeemly slow; nobody will much care if they're using it on the road, but this will make it next to useless for spammers.

    There is a fine line between exercising your rihts and being an asshole; right now he's straddling it.
  • not about censorship (Score:2, Interesting)

    by djweitzner (527230)
    This is a hard problem, but it's not about censorship. Censorship is what *governments* do when they are either trying to shut down political debate (a.k.a. totalitarianism) or subject minorities to the cultural values of the majority (repression),or both. Verio is not the government nor should it be treated like one, lest we get into a whole bunch of real censorship problems (like forced use of porn/content filters by ISPs).

    This problem is about messed-up technology (as others have pointed out) and the difficulty of dealing with anti-social behavior (from spammers, not Gilmore). Since it appears that John can close his relay without interrupting his traveling friends, I hope he will do so. This is about cooperating with the relatively harmless means that the community has evolved (without recourse to legal repression) to help curb spam.
  • Although I am against open relays, it does pose and interesting question. As of late, I've been pondering the fate of the internet as I see firewalls and especially proxy servers cropping up all over the place.

    I work for a company that provides a web based application to our clients. Increasingly I'm having to answer questions as to why some guys browser has nothing in it when he goes to the url that we provided them to access this web-based app. So far it has been because of their proxy servers restricting them. It looks like even though the internet is all inter-connected there are lots and lots of checkpoints that restricts movement. I'm sure Berlin-wall had roads connecting either sides. Except most people couldn't use those roads. Now our company wants to somehow restrict access to even the general/informational/marketing company web-site based on IP addresses or some such. I found that so against the 'internet' idealogy that I voluenteered (sp?) myself out of that project. I mean, we do have passwords to protect client data and what not but why restrict information that you would otherwise put on a newspaper-ad?

    On the flip side, our clients usually have proxy servers and what not and at the beginning of these projects I usually have to talk to their sys-admins and ask them to open-up our web-site to their users. When everyone and their brother installs proxy-servers and firewalls the only thing we'll be sharing is the connection. What will we use that connection for? I mean, large companies already restrict your access to the local lan only + a few other 'approved' sites. So you can't do jack with the connection at work. You come home, and well your ISP thought it would protect you from the monstrosities on the internet too and has now created this little sandbox that you can access.

    The internet is going down the drain. It came too quick too soon with no good business model that people could think of. Now everyone is trying to 'restrict' access and hope to make money by doing that since that's the only business model we know of. In the meantime, restricting access is killing the internet. At least the idealogy of sharing information. Pretty soon we're going to have all these nodes refusing access to each other.

  • Why doesn't Gilmore? (Score:5, Informative)

    by Hieronymus Howard (215725) on Thursday March 07, 2002 @12:43PM (#3125398)
    My provider allows anyone to use SMTP, provided that they have first made a successful POP connection. Once the POP connection is made and the user authenticated, then their IP address is added to the relay, for a period of time (a few hours, I think).

    Why doesn't Gilmore implement something like this? Then his friends could still use his relay from anywhere in the world, but spammers wouldn't be able to.

    I'm inclined to agree with the comment in the article at Gilmore is "being a stubborn old fool for leaving his mail systems as open relays"

    HH
  • I need to be able to send/receive email while I travel. So what did I do to allow this?

    Simple. I turned on SMTP AUTH.

    It was hard. I was using an Exchange server. I had to click two checkboxes. One on the Exchange Admin tool and one in Outlook Express.

  • It would be easier for his friends to use web based email instead. He could install SquirrelMail [squirrelmail.org] with SSL authentication instead, for example. His friends would be happier, and he wouldn't be causing a problem for others. He also wouldn't be running his mail server and bandwidth flat out processing spam. No infringment on his rights, and he's not being used as the tool to infinge on the rights of others. Win-win.
  • The guy should know better (smtp auth, pop-before-smtp).
    The guy seems as fanatic and rooted firmly outside of reality as RMS. I wonder if all bearded men over fifty that are into free software will eventually develop this mental illness...
  • by Hard_Code (49548) on Thursday March 07, 2002 @12:55PM (#3125498)
    A herd of anonymous cowards and email harvesters whooshing to the open relay...
  • Missing point... (Score:5, Insightful)

    by Fnkmaster (89084) on Thursday March 07, 2002 @12:56PM (#3125501)
    Lots of people seem to be missing the point. This guy isn't ignorant of SMTP AUTH or other possibilities and doesn't think they'd be too hard to implement. He is trying to make a political statement against MAPS, ORBZ, etc. The problem is that Gilmore is wrong.


    ISPs are out there to make a living, like the rest of us. The reality is that spammers are people who don't care about inflicting what we call a "negative externality" on everybody else. That means they are inflicting a cost on those who have to read through spam, or figure out how to block/filter it, and the ISPs who have to carry large volumes of unsolicited commercial email. While ORBZ, MAPS, etc. may be annoying, these organizations do serve a function. Gilmore is free to run his open relay on his T1, but it's akin to parking your Ferrari in the middle of Harlem, with the keys in the car, and the driver's side door open. Technically, you may not be legally responsible, but ethically, if somebody walks into that car and goes joy riding and gets into a crash killing/maiming others, well, what the hell did you expect?


    Society does get to set rules about permissible behavior, and we do get to enforce them by exclusion. Hell, if 40% of ISPs (by volume, or by number, I don't know) use MAPS, ORBZ, by their own choice it's probably for a reason. And frankly, I'd rather use an ISP that does, because I don't want to be on the receiving end of any more spam than I already get.


    Gilmore may be right that RBLs are not the correct long term solution. I've heard it said before, so I won't take credit for it - the correct solution is a change in Internet standards - make it more "costly" in some way (bandwidth or other) to send bulk emails. This would bring the economic cost back to the spammer and remove or reduce the negative externality. Make it so it doesn't pay to spam. And no, I don't have the solution to this problem, but I could imagine alternatives to SMTP/mail routing procedures that address the problem. Of course somebody might argue that this just reduces the utility of email. Ah well. Until then, for god sakes, close your open relays.

  • by Lumpish Scholar (17107) on Thursday March 07, 2002 @01:02PM (#3125561) Homepage Journal
    I vaguely remember that at one point, Richard Stallman didn't want to use any Unix machine that didn't support guest accounts (user: "guest"; password: ""), because he thought that was a violation of freedom. For a while, that meant he didn't use any system hooked up to the Internet.

    It's not that he didn't understand the security implications; it's that he thought they were less important than what he considered the moral implications.

    Can anyone back this up?
  • Gilmore & Verio (Score:4, Insightful)

    by maggard (5579) <michael@michaelmaggard.com> on Thursday March 07, 2002 @01:12PM (#3125637) Homepage Journal
    It might help by explaining that Gilmore was a Founder & Principal of "The Little Garden" ISP. They were distinguished by their "You are free to resell the service that we provide to you, and we will not censor it" policy. TLGnet was bought by Best which was then bought by Hiway which was then bought by... tadaah: Verio. So in short he's dealing with a company he once owned part of (or at least knows important folks at.)

    As to why he's not taken steps to make his relay more responsible it's anyone's guess. Gilmore likely has the skills himself and certianly knows enough folks who could do it properly in a minute. If he's doing it as some way to support anonymity he could doubtless put in place mechanisms that would offer that but still prevent spew.

  • Dear John (Score:5, Funny)

    by sharkey (16670) on Thursday March 07, 2002 @01:12PM (#3125642)
    Gilmore takes credit for helping establish the "alt" Usenet discussion groups.

    Thank you for the pictures. They helped many a night pass quickly in college.
  • by Royster (16042) on Thursday March 07, 2002 @01:13PM (#3125649) Homepage
    John Gilmore complained in a recent post [politechbot.com] on Declan McCullagh's Politechbot [politechbot.com] that Earthlink was blocking his email and not allowing him to speak to its customers. He implied that the Scientologist ownership of Earthlink was somehow to blame.

    Now we see that it was because he runs an open relay.
  • by ahde (95143) on Thursday March 07, 2002 @01:18PM (#3125702) Homepage
    and waited a bit for them to have their effect, I'd like to make a couple points.

    One, John Gilmore is not some dipshit with DSL. Take a look at <a href="http://www.toad.com/gnu/">his webpage</a>. He is one of the founding members of the EFF. He knows what he's doing-- technically, morally, and legally.

    Two, he's not sending spam. He's not enabling it, or allowing it. This "virus" doesn't exploit his computers, it exploits other dipshits, and then sends mail through his relay. But Spammers could send their mail through any other open mail relay (there are plenty0) -- but plenty don't. There are other ways to send spam. The virus could be written to use any open relay, why does it target his?

    Maybe his definition of "friends" include people he wouldn't necessarily trust with personal accounts on his service. Maybe they include people he hasn't met personally. Would you deny strong encryption to people in countries whose government would supress their opinions, if expressed openly? No, but you would deny them the ability to send email?

    This is a ridiculous scenario. No one in China or Iraq is going to use John Gilmore's mail server. But he's making a point. And the point isn't just about radicals in bad bad countries. Wouldn't it be nice if there were phones on every block and they were free to use? If everyone who could chipped in a little, the cost of sending email would drop sufficiently. Not to mention the increase in efficiency. Why should the email I send to my neighbor have to go to MAE-WEST and back? Do I really want every piece of mail I send to be routed through Verio or UUNet once they've got carnivores in place. The FBI can't put one in every geek's basement, but they can place them at strategic upstream locations and catch a huge majority the way we're currently set up.

    The problem is spam, not open relays. Don't ban guns, or cars, or forks because people may do bad things. Spam will still come, in larger amounts than ever, even if all open relays are closed.

    You wouldn't accept a company that has multiple expliots in their product to just advice all their customers to just disable the service that has the most frequently used exploit. Should we ban all webservers because Code Red took advantage of a vulnerability in IIS? Browsers because of bubble boy (an Active X exploit)?

    This is a flawed analogy because there are other products that do not suffer from these exploits, and because these were coding flaws by one company. But other implementations could potentially be dangerous. Netscapes brown alert?

    What about porn -- should we let net filters block anything that may be considered inappropriate for children?

    Let's treat the problem, not one of the symptoms. Open relays enable spam. So does DSL. So does weak passwords. So does Hotmail. Is there any question where more spam comes from, toad.com or hotmail.com?

    Wouldn't it be nice to live in a would where spam is not sent? You won't get there by ignoring the problem. Blackhole lists are like burying your head in the sand. They don't even save much on bandwidth. And they're getting further behind in the battle against spammers.
  • Who is John Gilmore? (Score:5, Informative)

    by SiliconEntity (448450) on Thursday March 07, 2002 @01:23PM (#3125747)
    Readers should be aware that John Gilmore is not just a clueless know-nothing who refuses to close his mail server out of ignorance.

    Gilmore is a true Internet pioneer and activist, a dedicated supporter of free speech. A short list of his accomplishments is available here [isoc.org], including being one of the first employees at Sun and helping found the EFF. In addition he was an early activist in getting the Usenet alt. groups going as an alternative to the rest of the hierarchy where tight controls were in place. He has been active in supporting free access to cryptography, helping found the Cypherpunks and participating in a number of law suits and FOIA actions to get the government to reduce restrictions on crypto. He has funded the FreeSwan effort to build transparent point to point crypto into the Linux kernel.

    He also founded Cygnus Support, probably the first company to prove that you could make money off of open source software. The company was sold to Red Hat in 1999 for $674 million.

    John Gilmore was fighting for free speech and the right to communicate before most of us had ever heard of the Internet. If his actions seem out of step with an increasingly paranoid and closed Internet community, I suggest that we not be so quick to assume that everyone else is right and Gilmore is wrong. History has shown him to be a far sighted thinker who has been on the right side of virtually every issue.

    • John Gilmore is not just a clueless know-nothing who refuses to close his mail server out of ignorance.

      Unfortunatly, you are correct. He is not doing this out of ignorance. He is doing this out of malice.
  • by DocSnyder (10755) on Thursday March 07, 2002 @01:35PM (#3125860)
    I wonder if John Gilmore administrates his mail server and reads Postmaster mails on his own. If he did, he would spend the whole day on cleaning it up.

    A bit more than a year ago I worked at a company which was running an open relay to allow their customers sending mails through it. It has been blacklisted everywhere, no one has ever read Postmaster, they just reinstalled the mail server (out-of-the-box system, which they are developing) or removed the entire mail spool if it got too bad.

    Yet they had of course plenty of problems with sending their own mail - so had their customers who used the relay, too. Being blacklisted on RSS, ORBS and dozens of other DNS-based lists causes quite some mails to be rejected - the percentage is certainly too high to ignore.

    To make it short, it took several weeks to persuade each customer to change his mail server's configuration into using the ISP's mail relay instead of ours. Meanwhile the company moved its former 64k Internet connection to a 2Mbit/s line, which made relayed spam spread as fire.

    Within the few weeks between the new line went up and we were finally able to replace the old mail server with a new system running Postfix, the mail relay was almost unusable for us - it took about a minute to even have a TCP connection of any type accepted, the system load was always between 10 and 20, and the ISP bill was _really_ high.

    After putting Postfix into work, it was my job to keep the mail system running. As it ran on the same IP address as the old server, the spammers didn't stop trying to relay their trash through it. AFAICT almost no spam flood mailer checks SMTP return codes, and if it does, it tries to connect to the secondary MX. As a consequence the syslog has been filled with thousands of "Relaying denied" messages, SMTP sessions have been kept up for hours, and as they discovered after some time that this relay has been closed, they scanned our networks for some more open SMTP servers - not only - they scanned almost everything, so as if they can't relay spam through us, they at least want to look for an open FTP or HTTP server to share pr0n and w4r3z. It didn't take them too long to find an open proxy, and they caused 80 GB (the ISP bill was 6000 € that month) of bandwidth until we discovered it. They found an open FTP server, too, and uploaded about 5 GB of m0v13z until the partition went full what made us notice it.

    What is more, the mail server has been fixed, but the IP address has still been blacklisted. After two weeks of notifying blacklist operators and having our mail server tested as secure, it has been unlisted from most services. Spam continued, of course, Postmaster notifications due to recipients who blacklisted our mail server manually continued to occur, and some customers who forgot to change their mail relay or were unable to do so (it's an easily-installable out-of-the-box system which they bought from us, so they just lacked basic knowledge to run a mail server). It has been a mess even months after we closed the mail relay.

    So my advice for John Gilmore and anyone else who operates an open relay, intentionally or not: Close it! You are having the worst problems of all involved parties! If possible, move to a different IP network or you won't get any rest in the near future.
  • by arcade (16638) on Thursday March 07, 2002 @01:37PM (#3125869) Homepage
    OKay. now, why do I argue that Gilmore is right? Well its quite simple. You see, if we want to get rid of the chickenboners, we have to:

    a) Get rid of all open relays (impossible!)

    b) Get rid of all socksproxys (Do we want to get rid of this great way of staying anonymous?)

    c) Get rid of all open squid-servers (Do we want to get rid of this great way of staying semi-anonymous?)

    d) Get rid of all other ways you can use/abuse all sorts of relays.

    The problem is that the fight against spam hurts not only email administrators anymore, but hostmasters, webmasters, people that want to run anonymous proxies of any sort, and so forth. If one wins the fight against anonymous relaying, one removes the option of staying completely (or semi-completely) anonymous in many cases.

    Do you think the "antispammers" like anonymous remailers? Nope, not unless you're the customer of one, or that there are ways they may limit/stop the spamflow.

    I hate the spam as much as anyone, but I really don't think the solution is to block every possibility of staying anonymous. The solution is to rewrite the fucking mail protocol, not to let _everything_ suffer because of spam beeing intolerable.

    end of rant.
  • by mikl (2371) on Thursday March 07, 2002 @01:59PM (#3126029)
    From: Michael Merritt
    To: drg@verio.net
    Cc: gnu@toad.com
    Date: Thu, 7 Mar 2002 12:47:17 -0600

    Mr. Darren Grabowski
    Verio Security

    Mr. Grabowski,

    I write to you in response to the web page located at
    http://www.toad.com/gnu/verio-censorship.html

    I encourage you to continue your actions against Mr. Gilmore in response to
    his refusal to comply with the terms of your company's AUP.

    Let me state that I firmly uphold Mr. Gilmore's RIGHTS to run an open mail
    relay as "free speech". Yet, I also firmly uphold your company's ("Verio")
    RIGHTS to deny him service if he does not adhere to the terms of the service
    contract which you offer him. Mr. Gilmore's continual payment of the service
    charge for his T1 connection is acceptance of the terms of Verio's service
    contract.

    Furthermore, I firmly support the RIGHTS of Internet users, system and
    network administrators, and blacklists to REFUSE to accept mail from Mr.
    Gilmore's server/connection/domain.

    I am exercising my RIGHTS to freedom of speech and expression in this
    message, as any American citizen is permitted. I also respect the fact that
    you have a RIGHT to disregard, ignore, or otherwise disagree with my views,
    beliefs, and practices.

    If Mr. Gilmore is truly concerned about everyone having the freedom to
    exercise their RIGHTS, he will accept the fact that Verio has the RIGHT to
    deny him a connection, and he has the RIGHT to seek a connection to the
    Internet elsewhere. I do not find a law or governing statute anywhere that
    declares every free man has a RIGHT to access the Internet.

    Thank you for your time and consideration of this matter,

    --
    Michael Merritt
    SPAM filtering by SubLimeMail -- http://www.sublimemail.com/
    (remainder of signature snipped for /. "junk filter")
  • by hoggoth (414195) on Thursday March 07, 2002 @02:00PM (#3126037) Journal
    Come on people! John Gilmore is going on and on about his freedom of speech and how he is running a mail relay for his friends.

    He is lying.

    If he really wanted to run a mail relay for his friends you could authenicate them on a properly administered CLOSED mail relay. Here are a few ways to do this:
    POP before SMTP authentication
    SMTP authentication
    SSH accounts for his friends
    Webmail accounts

    And John Gilmore certainly knows these and other methods of properly administering his mail server.
    I doubt he is running a spam relay for profit, I think he is just trying to stubbornly make some minor point of personal philosophy, and hiding it with his words.

  • A good argument (Score:3, Informative)

    by randombit (87792) on Thursday March 07, 2002 @02:40PM (#3126389) Homepage
    I went and saw a talk this afternoon, given by John Peter Barlow (another co-found of EFF) at my school. Someone asked about this, and he had a very good response, one which makes me side with Gilmore on this:

    The whole point of the internet is dumb network, smart nodes. If the end nodes aren't smart enough to deal with spam (99.9% is quite easy to identify) and viruses (hello MS, I'm talking to you), then that is the problem of the end nodes, not the network.

    <possible flamebait>
    If I take a bus to downtown and proceed to throw a brick through a store window, is that the fault of the city, for running the bus service? (I know this isn't a particularly good analogy, but it's the best I can come up with on short notice)
    </possible flamebait>

    Posting at +2 on purpose. Moderate as you like.
  • by madhakr (119990) on Thursday March 07, 2002 @02:50PM (#3126476)
    When did Free Speech become about allowing more bits to be pushed around in the network? Raw data can't be speech; information has to be meaningful and understandable, and understood, to be speech. Running an open mail relay, especially one which is known to be relaying spam, viruses, etc, actually hampers the flow of free speech, since it makes valuable information more difficult to find amid the junk.

    If you want to apply the usual ethics about freedom of speech, you ought to require him to use some form of authentication for his friends, to ensure that their speech is accessable (since he won't be blacklisted) and free of excessive noise (spam, viruses). VPN tunneling, IMAP, shell accounts, webmail, authenticated POP, and POP over SSH come to mind.

    Of course, I'm assuming that spam and viruses are not valuable examples of free speech in action, a view that may be difficult to justify. I consider them to not be speech for the same reason that I don't think the signals generated by a garage door opener are speech--they are signals, possibly meaningful in some context, whose intended purpose as used is to cause some event to occur. The spammer says, "I push this button, and our monthly page views go up!"; the virus distributor says, "I push this button, and 3y3 0wnz j00!"; I say, "I push this button, and my garage opens!" In none of these cases is the button pusher trying to convey any information to another person. If the signal (virus, merchandise, scam) is itself an object of conversation, I can see it being speech, but that context isn't relevant to open mail relays.

  • by alexburke (119254) <slashdotmail.alexburke@ca> on Thursday March 07, 2002 @03:33PM (#3126783)
    To: drg@NOSPAMverio.net
    Cc: gnu@NOSPAMtoad.com, gnu@NOSPAMeff.org, nospam@NOSPAMeff.org

    Darren:

    Further to my phone call of a few minutes ago, here's a followup email of which I'm also sending copies to John Gilmore and the EFF.

    Having just learned of this whole saga (http://slashdot.org/article.pl?sid=02/03/07/16232 13&mode=nested&tid=153), here are my thoughts.

    I find Mr. Gilmore's behaviour and attitude absolutely abhorrent. He apparently thinks that he has the moral right to run an open relay, and that noone should stop him.

    Has he never heard of SMTP authentication (http://www.imc.org/rfc2554)? This would allow his mail server to accept socket connections from anyone, yet only allow his authorized users to send mail through his relay. Most modern MUAs support this.

    Now, supposedly, a virus is (or has been) using his relay to propagate. (http://securityresponse.symantec.com/avcenter/ven c/data/w32.yaha@mm.html) This in and of itself should be grounds for immediate termination of Gilmore's T1, or at least an ACL entry on your router serving his connection to block all outbound port 25 traffic, until he straightens this mess out by implementing some sort of security on his relay. I understand this is already the case. If not, perhaps it should be?

    If this were 1992, one could see how beneficial an open relay might be on the Internet. Unfortunately, this is no longer the case under any circumstances.

    Being a paying member of the EFF ([My EFF-registered email address went here]), I am sincerely disappointed that the EFF is taking such an anti-Internet stance as to support the maintenance of an open relay which has, without any doubt, been abused in the past (and will no doubt continue to be). This makes me sincerely rethink my desire to continue to be a paying member, as well as my advice to friends and relatives to make donations to the EFF in lieu of giving me gifts at the holidays.

    I find it amusing that Mr. Gilmore himself asks (http://www.toad.com/gnu/verio-censorship.html) for a copy of any correspondence regarding this matter be sent to nospam@eff.org -- how ironic.

    Thanks in advance for helping to keep the Internet free from spam and virii, Darren. Knowledgeable Internet users everywhere thank you.

    [My sig went here.]
  • by tuxlove (316502) on Thursday March 07, 2002 @04:09PM (#3127008)
    I've posted numerous times here about Gilmore's open relay. Each time I think it will be the last time this silly topic arises, and each time I'm wrong. Here I am posting again.

    Many others here have reiterated the things I've been saying all along, that there's no excuse for his open relay and that there are numerous solutions he could easily employ to stop spammers from using his mail server, so I won't belabor those points.

    There is one point that still needs to be made, though. Despite his past record as champion of the Internet oppressed, John Gilmore is a danger to the rights of anyone who gets in his way, be they oppressed or oppressor. He is *filthy* rich from his days at Sun (and perhaps other things), and is apparently willing to throw his weight around with no regard for legal costs if he feels like making some sort of point. The problem is, he's a cantankerous, arrogant person with often strange views on right and wrong. There is a seeming randomness to the causes he takes on these days, and in cases like this, where the entity he opposes is clearly in the right, he does nothing but hurt the Internet community at large. Not only is his relay a spam engine, causing immediate but somewhat localized harm, his fight with Verio threatens to undermine an ISPs ability to enforce reasonable acceptable use policies. This latter point has broad implications for the entire Internet.

    I see him as a sort of "legal terrorist". His cause is on the side of a very small faction (spammers, lazy admins, and himself - though he might also fall into one of the preceding categories), he has an undue amount of firepower (vast quantities of money to pay lawyers) and has a fanatic will to use that firepower. He is known for taking on causes, sometimes without due research, simply because it offends his often skewed viewpoint. And with the EFF behind him, with its history of legal success against the toughest of opponents, most people quail when confronted with his opposition. Spammers generally do not have the werewithal or the reputation to stand against an ISP who shuts them down. Gilmore has indirectly taken on their cause, and because of the size of his guns, might actually help them in ways they could never help themselves.

    I have had dealings with Mr. Gilmore in the past, and feel obliged to say that, in my opinion, he was arrogant, uninformed and misguided. He is the quintessential kneejerk activist. He has done good things for Internet freedom, but his obtuse actions in recent history seem to say that it's time for this horse to be put out to pasture. Mr. Gilmore, I think it's time to pack your bags and move to a beach in Bermuda and enjoy your piles of money. Or perhaps feelings of guilt at being uncommonly rich are what drives you to do these things?
  • by lynx_user_abroad (323975) on Thursday March 07, 2002 @04:16PM (#3127057) Homepage Journal
    Just for a moment, suspend your instinctive outrage and listen to reason.

    The Internet used to be about openness and trust. Back before Canter & Siegel; the "Green Card Lawyers [mit.edu]", back before the Net was opened-up for the Dot Com's and commercial postings.

    Back then, having an open relay was no big deal (it was even expected) because we were all friends working for the betterment of the Net, and each other. There was no "cut off their air" because the Internet was a cooperative; their air was our air. A network gains strength as a whole whenever any part of it is strengthened.

    That was the Internet that Gillmore grew-up on (and helped found). Perhaps you can't remember, or perhaps you were just too young to remember what it was like back then.

    That was back before the Fall of '93.

    First it was spamming shutting down USENET groups, which begot CancelMoose.

    Next we started seeing email SPAM, which begot procmail and it's necessary filters.

    Then port 25 was blocked, and peer-to-peer email was to be nevermore.

    Now we're starting to reap what we have sown.

    The Internet will soon be owned by one or maybe two large network providers (AOL/Time Warner and/or MSN) and every packet you send will travel only with their permission; through paid transport or non at all. Intelligent routers will give these network providers the ability to block (or charge for) any activity they think they can make a buck off of.

    And once there's a single majority player, it's all over. Internetworking always benefits the smaller organization more than the larger one (because it gains access to more resources in the bargain) but only benefits both sides until one gains a majority (at which point providing network access for your competitor cost more incrementally than providing the resource yourself).

    We have lost the Internet to those who would claim it as their own and carve it up over those who come in good faith and trust to build and to share.

    Think about those whom you loath the most, and what characterizes them all. We hate airline shoe bombers because they exploit the trust inherent in our air travel system to harm us where we are vulnerable. As a result, we must all remove our nail clippers when we fly.

    We hate the RIAA and the MPAA because their actions to shutdown legitimate sharing of copyright materials. Their actions are a response not to the person who wants to rip the CD for their car, but to those who abuse the trust by ripping a track and making it available to all comers over the internet. And we (most of us here, anyway) hate them because of the price we must now pay as a result. We may find ourselves losing Fair Use forever because of the actions of a few individuals who's use was anything but fair.

    We rant for columns on end about Microsoft's abuses of the market; and what we complain about is the abuse of trust we have placed with them. Then we complain about the latest Microsoft security vulnerability, and again it's about trust misplaced.

    We complain about spyware, about online privacy, about the rights we've lost, about abuses of the GPL, and in each case it's the trust we've lost, and usually about how many Karma points we're going to grant to whichever post points this out in the funniest way.

    So when Gillmore sticks his nose out and actually still trusts the community he helped to create, you shoot the messenger when you should be shooting the message.

    It's not the open relay that's harming your computer; it's the virus, and the impure pond scum who wrote it!

    You want the RIAA off your back? Give them a reason to trust you.

    You want Microsoft to change their ways? Stop paying them for the trust they've stolen from you.

    You want to keep spammers from sending UCE to you? Spread the word that spammers lie.

    And if you want a free (speech) Internet where ideas are judged by their merits, rather than by the forum where they are delivered? Speak up and be heard.

    Or don't. This Internet is already lost. Trust takes decades to build and seconds to destroy, and all of it which was once here is now gone for good.

    You want to know what built the free software community? Trust is the operating system of the free software movement. Destroy that trust and free software will not survive. That's one reason why it's so important to assign your copyrights to the FSF (so they can defend them) and to contribute to the EFF (who understand all this stuff).

  • by Fizzlewhiff (256410) <jeffshannonNO@SPAMhotmail.com> on Thursday March 07, 2002 @04:48PM (#3127226) Homepage
    It looks like the majority of /.ers are siding with Verio on this one. I read Gilmore's web site and he has some interesting views on a lot of things. His opinons [toad.com] on SMTP blacklisting and list operators control over ISP's is a very good read. I think Gilmore makes some valid points and raises some valid concerns. For example, The current list of anti-spam restrictions is not written down anywhere that I could find; you only find out when a blacklist notice appears in your inbox, telling you that you are going to be thrown off the Internet unless you immediately change. Next week they could demand that any ISP which is also a phone company must cut off phone service to alleged spammers; the following month demand that every ISP turn over credit card and/or customer address information on demand. (Some people claim that thir "fee" for reading a spam is $50 or $500; I'm sure they would like to immediately charge somebody's credit card for it,and let the details and legalities sort themselves out later).

    One thing that is being missed is he was once the co-founder of this ISP which over time and various mergers is now Verio. When he founded his ISP their policy was to give the subscribers the ability to do what they wanted. My ISP has changed hands several times in the last three years. With each change of hands there is a new TOS agreement. What is acceptable use today might not be acceptable use by the owners of tomorrow. As it stands my service is getting cut down one port at a time. Rather than educate its customers about viruses and exploits my ISP would rather just block the ports that are exploited. In their mind as long as they provide a portal web site to thier subscribers they are providing service.

    I'm glad there are people like Gilmore who have the resources to challenge ISP's. Who else is there who stand up for the rights of the customers? Surely its not our government who passes laws like the DMCA which strips away our privacy when it comes to the internet. Today Gilmore's battle is with SMTP relays and blacklist operators. Tomorrow it might very well be the RIAA and ISP's blocking ports of known P2P clients.

    Call the guy crazy if you want but I think his fight is a good one. Its about freedom, something which is slowly dying on the internet.
  • by macdaddy (38372) on Thursday March 07, 2002 @04:59PM (#3127285) Homepage Journal
    His right to free speech on the Internet ends at my inbox. Period.
  • by Anonymous Coward on Thursday March 07, 2002 @05:21PM (#3127448)
    His defence? He wants his friends to be able to send email through his server from whereever they are.
    There are lots of ways to do that without running an open relay. I could explain his position as simple cluelessness, but given his background it seems more likely that he is just playing dumb, knows full well how to do it and has hidden agenda.
    Is it a good thing because it promotes the free flow of information?
    No. In fact, it obstructs the free flow of information, because the spam it facilitates drives users over their quotas and causes them to lose messages that they wanted to receive.
    Do the ethics change because someone writes a virus that uses the server to propagate?
    No, the ethics don't change, but the evaluation of his actions changes. The Devil is in the details, as always.

    The classic example is to ask what you think of the ethics of throwing an old woman to the ground and beating on her. I'm sure that most people would agree that it is wrong. But add the additional data that she was on fire and you were beating out the flaims, and the whole picture changes.

    Gillmore whines Any measure for stopping spam should have as its first goal "Allow and assist every non-spam message to reach its ecipients." That is bogus, as I'm sure he knows. The first goal should be to use all available ethical and legal means to impede and penalize those who spam or support spam. Gilmore's open realy is one of the legitimate targets. Gilmore can set his own goals, but for him to presume to tell us what our goals should be is chutzpah, and, IMHO, ample reason to add him to private deny lists.

    Gilmore, throughout his diatribe, ignores the first principle of the anti-spam community: It's not about content. Nobody is searching his messages for naughty words or non-PC text. Rather, they are processing whatever messages he choses to send from IP blocks that they are willing to accept traffic from.

    My ISP blocks traffic from certain addresses. Are they censoring my correspondents? No. Are they interfering with my personal liberty? No: in fact, they are enhancing it: I dropped my previous provider because they were not willing to impliment blocking, for technical rather than ideological reasons.

  • To Be Fair (Score:3, Informative)

    by overunderunderdone (521462) on Thursday March 07, 2002 @05:30PM (#3127490)
    To John's credit he acknowledges this problem with spam and also proposes a solution Grokmail [toad.com]. It looks like it will be an email reader that will use an intelligent agent to filter your mail. But as I see it his solution fails in two ways.

    1) It is not yet a reality.
    2) it doesn't address the burden on the network of masses of unsolicited mail. His solution will actually make this much, much, WORSE. If his system works and everyone uses it. Then it makes the most sense to send your commercial email to (quite literally) everyone! Those that don't want it won't even see it (though it will have been sent to them), those that do will. Win/win for everyone right? You don't see unwanted spam though occasionally you will get an unsolicited commercial email that actually interests you (hey, it could happen). The spammer gets his message in front of every single interested potential customer in the whole freakin' world! Yay!! But behind the scenes the network is transmitting EVERY SINGLE commercial message to EVERY SINGLE user. Masses of useless data that will never even be seen - probably many orders of magnitude a greater volume of data than that which is actually going to be seen and used. Perhaps technology will make this a viable system (seems outrageously inefficient though)
  • by ccandreva (409807) <chris@westnet.com> on Thursday March 07, 2002 @05:47PM (#3127585) Homepage
    Connected to 140.174.2.1.
    Escape character is '^]'.
    220 toad.com ESMTP Sendmail 8.7.5/8.7.3; Thu, 7 Mar 2002 14:40:04 -0800 (PST)

    Sendmail 8.7.5 ? Forget open relay -- unless he's been patching this by hand,he's going to be rooted any minute !

    http://www.netcraft.com/presentations/interop/se nd mail.html

1 Angstrom: measure of computer anxiety = 1000 nail-bytes

Working...