Perspectives on Spamhaus's Dilemma

The Illinois court that told Spamhaus to stop blocking the spammer filing suit against them — an order which Spamhaus ignored — is now considering ordering ICANN to pull Spamhaus's domain records. While Gadi Evron, whose blog posting is linked above, urges everyone to beat the judge with a clue stick, a guest writer on his blog counsels much greater restraint. Anti-spam lawyer Matthew Prince explains how Spamhaus got into its current pickle — apparently by following conflicting legal advice at two points in the process — and what they might have to do to get out. One spamfighter of my acquaintance says that Spamhaus's SBL and XBL blocklists knock out 75% of the spam at his servers before it hits and requires more CPU-intensive filtering. If ICANN is ordered to unplug Spamhaus from the DNS, and does so, is the Net prepared to deal with a 4-fold increase in spam hitting MTAs overnight?

Re:What'll happen if spamhaus disappears from DNS?

[Kelson]

I'll put them in my hosts file.

Um... you are aware of how Spamhaus's list is distributed, right?

You convert the IP address of the server you're trying to check into a host name, such as W.X.Y.Z.sbl.spamhaus.org, then do a DNS lookup on that hostname. The result you get indicates whether the original IP is liste or not.

Trust me, you don't want to put 4 billion records in your hosts file!

Go ahead - there's ALWAYS a workaround

[The Blue Meanie]

So go ahead and pull their domain from the DNS hierarchy.

# cat >> /etc/named.conf
zone "spamhaus.org" in {
                type forward;
                forwarders {216.168.28.44; 204.69.234.1; 204.74.101.1; 204.152.184.186; };
};
^D
# pkill -HUP named

All fixed!!

Um, the problem was that they switched horses...

[Mr. Protocol]

According to the article by the John Marshall Law School lawyer, the problem is not that Spamhaus ignored the initial TRO. The problem is that they didn't. They appeared in state court and asked that the case be moved to Federal Court, which it was. By doing so, they implicitly agreed that the Federal Court had jurisdiction.

Then they claimed it didn't.

I can't think of anything more likely to P.O. a judge than to ask to get into his courtroom, then call him a buffoon.

In the end, as the article says, ICANN may be forced to pull 'spamhaus.org', but ISPs that use it are savvy enough to move to using 'spamhaus.or.uk' or something similar, outside the court's control. But the individuals affected by the order may be unable to set foot in the U.S. for the rest of their lives, even to change planes.

Re:Not just DNS.

[Tony Hoyle]

No they couldn't. Spamhaus is european and its IP addresses are allocated by RIPE.

I don't think ICANN even give out IP addresses in the US.

Plus if they did everyone would probably ignore them anyway.

Re:What'll happen if spamhaus disappears from DNS?

[Anonymous Coward]

Um... Are you familiar with how DNS works? He'll put the address of the modified Spamhaus DNS server in his hosts file. That way his MTA can still do the lookups even if their domain no longer resolves.

URL for original Court Order

[RedneckJack]

Link to Court Order [spamhaus.org]

Spamhaus is still on the air !

Confusing ICANN with the court

[shani]

They can do what they want if the registrar's offices are in USA. The data is stored on a hard disk in the USA then the court can sieze it.

The original poster was talking about ICANN not being able to do anything, and rightly so. I haven't read the contract between PIR [pir.org] and ICANN, but I doubt it includes the ability for ICANN to remove specific delegations from the .ORG domain.

You are correct that the court could theoretically size the servers that are located in the USA, although I'm not sure what the legal justification would be. PIR is not a party in this legal proceeding, as far as I know.

Re:What'll happen if spamhaus disappears from DNS?

[TCM]

Hell, NO!

You would be trying to use their DNS server as a recursive resolver. DON'T do that! It wouldn't work and you'd be an annoyance to them.

I suggest you read about DNS before doing things of which you don't understand the impact.

What could work is running BIND and doing something along the lines of

zone "spamhaus.org" {
    type forward;
    forwarders <their ip address>;
};

Gadi Evron, eh?

[Anonymous Coward]

Wow. I never once thought that I'd see Gadi's name on /. -- he can be very k00ky at times.

Gadi's tactics in a nutshell:

1) develop a long-term habit of posting off-topic stuff to nanog
2) get called on it repeatedly
3) challenge what's supposed to be "on-topic" for the mailing list anyway
4) start a new mailing list in an attempt to take real content away from nanog
5) ???
6) profit!

Don't fall for it, people.

Re:Ghostbusters

[The Mgt]

They just should be careful enough to widely publish their new .co.uk address before the hammer hits
It's spamhaus.org.uk [spamhaus.org.uk].
spamhaus.co.uk is an unrelated site flogging antivirus software

Re:I'm amazed

[Cosmos_7]

Unless I've misread, I don't believe Spamhaus has ever acknowledged jurisdiction. The reason they never responded in court was that they believed the action had no bearing on a UK company.

IF...

[SmoothTom]

...the judge orders ICANN to pull their DNS, and IF they actually do it, the estimate is that SPAM could incease 4X.

If so, I sincerely hope that somehow the increase in SPAM to the judge's court is even higher - at least double that.

The only way that folks who purposely damage the system for the majority of users will learn, no matter that it may be just not understanding what they are doing, is if they see a direct effect - a strong direct effect - on their own personal use of the system.

--
Tomas

Re:Ghostbusters

[Anonymous Coward]

You signed up for Comcast internet. If you don't like that Comcast uses Spamhaus, call Comcast and complain or put your money where your mouth is and go elsewhere for internet access. There is no right to free speech in a private forum. Spamhaus isn't the government, the first amendment doesn't apply.

Re:Jurisdiction

[McDutchie]

From here: (and elsewhere with a trivial search). http://news.com.com/5208-7350-0.html?forumID=1&thr eadID=21191&messageID=184631&start=-91 [com.com]

And yes, Spamhaus is a a non-profit corporation, yes, but it pulls in millions and millions of dollars a year from internet providers in PROFIT which is paid out to the executives every year.

That is libelous nonsense. The post, which sounds like it was written by a spammer, probably refers to Spamhaus' Data Feed service [spamhaus.org] for ISP's and large organizations. You can easily see with the price check on that page that the costs per year, even for large sites, are nowhere near such amounts and are simply designed to cover the costs of the operation (including their free public DNS query servers). Don't believe something just because some kook posted it in a discussion forum.

Re:I'm amazed

[zzatz]

You have misread it.

Spamhaus asked that the case be transferred from state to federal court. In other words, *Spahaus* claimed that the federal court had jusrisdiction, the court agreed, and the case was transferred.

That's what people are missing. Spamhaus *asked* the federal court to take jurisdiction, and then decided to ignore the court.

Re:Reconfigure your MTAs NOW..

[Ungrounded Lightning]

Oops. Meant to link to The Blue Meanie's instructions WITH the server addresses filled in. [slashdot.org]

Re:Ghostbusters

[jonadab]

> However, we, in the US, have this little thing called the first amendment. The right to
> free speech. What Spamhaus (or rather, the email server admin) does is interfere with
> end users ability to receive free speech.

No. The stuff Spamhaus publishes does happen to be information that users or mail admins can use to decide which "speech" (in the form of email) they wish to listen to, but Spamhaus does not itself prevent anyone from receiving anything.

> This, in theory, should be up to the end user to OK.

No, it's up to the owner or administrator of the receiving mail server. They get to decide what information ("speech") may be published via their server, just as a newspaper publisher gets to decide which letters to the editor they want to publish, and if you write one and send it to them and they file it permanently, or for that matter shred and burn it, you have no valid complaint.

If the reader of the newspaper doesn't like this, he can buy a different paper, or, on the other side of the analogy, get email service from a different provider. (I do think ISPs should be up-front with their users about what services and techniques they use to limit spam, although frankly most end users are not deeply concerned with the technical details.)

If the writer of the letter, or the spammer, is unhappy with this arrangement, he can jolly well start his own newspaper (or mail service) and try to convince people to subscribe to it.

Personally, I'm not a large fan of blacklist-based approaches to limiting spam, but fundamentally it's up to the owner or administrator of the mail server, and Spamhaus is just offering advice.

The real problem in the legal case, according to one of the linked articles, appears to be one of jurisdiction or, more particularly, that Spamhaus apparently agreed to go to trial in the US and then backed out on it later. If that's true, it sounds like a pretty big mistake that will probably cost them.

Big PDFs

[JumperCable]

Wow. For being such big a-holes they sure do put up a lot of big PDF files on their website: http://www.e360insight.com/case_history.html [e360insight.com]

Re:Ghostbusters

[Anonymous Coward]

I'm the head of the email security team on a network with several million mailboxes. I have to set you straight on spam filtering and free speech. I won't talk about free speach, b/c I have no idea what that might be.

The network belongs to the company who built and operates it. No one else has any rights on that network. If you're buying bandwidth/an email address/hosting, etc., your contract with them may give you certain rights, but those rights are arbitrary and may or may not include any amount of freedom of speech, and are certainly not secured by the Constitution. The contract usually also gives them the right to unlitaterally change it, either any time they feel like it, or at least at renewal. If you don't like the levels of rights (actually, privileges) they give you, your sole option is to vote with your feet.

Second, freedom of speech, as detailed in the Constitution, has no relation to private organizations whatsoever. It is only about the government. The First Amendment limits the government's ability to limit speech. My employer, on the other hand, may limit my speech in any way it likes, at least when I'm on company time, and on my own time as well to the extent that I cannot reveal confidential information without facing the consequences if caught, or publicly defame the company (at least if I value my job).

Third, *no one* has a right to send email to anyone else, period. We own our network, and we are the sole authority on what may or may not traverse it. If we choose to trust the opinions of Spamhaus or any other third party to assist us in making that judgment, that is our prerogative. If we choose to ban a netblock, a domain, a sender address, or even a country (I wish I could, in a couple of cases), we are the sole authority on that. If that harms our business, that's our problem, but no one who can't send us mail has, or should have, any recourse. If I don't want to receive email from someone, whether I consider that person to be a spammer, or just someone I don't like, and I bounce, /dev/null, or otherwise prevent that sender from getting to my inbox, that sender has no cause for complaint, damages, or anything else. No right exists to send me email, not in the Constitution, statutory law, common law, or just common sense.

I've been hearing bogus arguments like this for the entire 8 years I've been involved with email security, and it amazes me that even though such arguments always fail and are always thoroughly debunked every time they pop up, they nevertheless continue to appear like mushrooms in my lawn.

Re:This could be the end of U.S. DNS control

[ScrewMaster]

Congratulations on posting one of the most arrogant, clueless remarks I've heard in a long time. The rest of you had just as many centuries as we did to come up with something like the Internet and failed. We gave it to you for free, let all of you use it, even our bitterest enemies, and have managed it with a far more even hand than ANY of you "people who understand how serious this stuff really is" would ever have done.

Truthfully, your comment smacks more of blindly uninformed anti-Americanism and unadulterated sour grapes than anything resembling a legitimate complaint. Ask yourself just how useful the Internet would have been to the ENTIRE WORLD had China (Great Firewall aside) been running the show for the past thirty years. Would the fractious European Union have managed it particularly well? Would they have been able to resist the temptation to use the Domain Name System as a political tool? That is, I might add, exactly what the European Union was doing last year with all their posturing and threats to take over the root servers. The EU's governing bodies have already shown their irresponsibility in this regard, and I certainly wouldn't trust them with that much power.

Could it be that you are you one of those misguided individuals that wants DNS placed under United Nations control? Good luck with that, my friend. I figure the ENTIRE WORLD will eventually find a way to balkanize and limit the capability of the Internet to levels that suit your average totalitarian state, and make it much less useful than it is today. When that finally does happen (and it will) you'll be looking back to the glory days of United States control, when you could send data anywhere in the world, anytime, anywhere, for whatever reason you wanted.

As you say, this is serious stuff so you'd best be careful what you wish for. You just might get it.