One Last Spamhaus Warning Before The End

kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"

How can they be legit?

[krell]

Go to e360's home page. All it shows is information on their frivolous lawsuit. There's nothing to offer their marketing services, to opt in, or even opt out.

Re: The IP Address

[From A Far Away Land]

"Maybe this will cause the community to complain about ICANN and the American control of the internet?"

Is the US the only country that can compell ICANN to modify the DNS record list? Can't a judge in the UK overturn the US judge's ruling and compell ICANN to reinstate the address? If not, that's insane that US law is the end all of Internet law.

Not such a bad thing

[Exp315]

Spamhaus and other block-list pushers are a solution to spam that's worse than the problem. I understand that it's up to individual ISPs to decide what they do with these block lists, but too many were relying on them blindly to reject email from any source that ended up on a block list. Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked. Perhaps it's indicative of the arrogant attitude of outfits like Spamhaus that this happened to them. Maybe this will serve as a wake-up call to other block-list operators to act more responsibly, but I suspect they'll ignore it and continue business as usual.

Re:How can they be legit?

[ellem]

That page was clearly set up to talk aout their lawsuit.

The thing is you can definitely end up on Spamhaus with being a Spammer. You can usually get off the list but other times they are total dicks. They blocked an entire C class belonging to XO with the response that if you were "Stupid enough to use XO" it was your "own fault." Disregarding the fact that XO lights buildings and companies don't always have a choice in the matter. They later cleared that up but it took 3 weeks.

So while I am pro Spamhaus I wonder what e360's deal really is.

Re:So...get a new domain?

[MoralHazard]

What's stopping them from getting a domain name in a non-US-controlled TLD?

I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.

You're not the only person to make this mistake. The judge's order to pull the SOA for SpamHaus's domain has NOTHING TO DO with whether the TLD is .com, .uk, .de, or .mil. It doesn't matter where the domain is registered.

How can this be? Well, SpamHaus is subject to the jurisdiction of a U.S. court. Once a court (any court, not just American) decides that you're subject to its jurisdiction, it can issue an order compelling you to do whatever it wants. It can also issue a court order compelling a 3rd party (in this case, the domain registrar) to take some action in regards to you. It doesn't matter whether one party in the lawsuit, or the 3rd party who isn't involved in the suit, is actually resident in the U.S.

Enforcement of a court order is a slightly different issue. It may be very, very difficult to enforce the order of a U.S. court in a foreign country. It's easy enough in the U.S. because the court can hold the non-compliant party in contempt (and enact fines, jail time, etc.), but these mechanisms don't automatically work overseas. Some countries, under some circumstances, will honor civil court orders from other nations, but usually you would have to sue in the foreign country's courts to effect any action on the part of a foreign body.

An important exception to the above is that many entities have assets or physical presence in multiple countries. If (hypotheticallly) the German arm of Register.com operated the .de TLD, a U.S. court could fine the U.S. company, order their CEO to jail, or do whatever else it thought necessary in order to force the German part of the company to comply with its orders. The judge might even order a German executive (residing in Germany) to jail for contempt, and when the German doesn't comply, issue an arrest warrant for the German. While German authorities will probably not be willing to act on that warrant (extradition treaties don't normally extend that far), it will be awfully hard for the German executive to travel in the U.S. with an outstanding warrant.

In short, the Illinois court made a STUPID FUCKING BONEHEADED decision, and the judge or jury should probably be removed and caned, but it is certainly procedurally possible for them to hassle SpamHaus regardless of where you register the domain name.

ICANN suspending domain != no DNS

[iambarry]

As stated by numerous other posts, Spamhaus needs DNS records as the RBL works using DNS.

However, just because ICANN suspends a domain doesn't mean that its out of DNS. Anyone with a DNS server can still serve the records. Not all root servers are under ICANN control.

Many email servers have their own DNS server (if only for caching). I say, manually add the records in defiance of the SPAMers and their abuse of our legal system!

Re:Shoulda seen this coming...

[AviLazar]

The #2 reason is that if they were to spend the money to defend themselves, they would open a precedent for any other spammer to sue them the same way

No i do not understand this. In fact someone else mentioned it but it seems silly. If John decides to sue Bobby for X reason....if Bobby defends against X reason or not does prevent Dave from sueing Bobby for X reason. Remember, this is civil, not criminal, and that means the person can be sued a billion times over. So why not defend yourself? Spamhaus is also big enough that they have lawyers on the payroll who could have said "hey if you don't defend yoursel,f you will lose your domain name."

Spamhaus shutting down may be a good thing

[tlhIngan]

In the long run.

Think about it - let's say Spamhaus is effective enough that they're stemming the tide of spam (which I've noticed has increased 50% in the past month or two).

So they shut down, and everyone using them suddenly gets lots more spam. Those who only use Spamhaus as a suggestion won't notice too much, but now everyone else realizes how big the problem really is. Which may call for action, like revamping the email infrastructure. It only takes one important congresscritter to suddenly have his blackberry reject emails from other congresscritters because it was full of spam. Or heck, imagine government paralyzed because they're spending more time deleting than responding.

Sometimes you have to realize that spam filters may be part of the problem - those who rely on them start to get a distorted idea of how much spam is out there. So turning off the filters for a few weeks may be a better solution to get people moving.

Or rapidly degenerate email to the point where the only use of it is spam, so no one bothers using it anymore. Which would be a good solution too as it can lead to fast implementation of next-generation email solutions. (Forums have replaced mailing lists, IM has replaced quick "how are you doing?" emails, and so on). If people's phones ring multiple times a minute... or if a junk fax started using up all your paper and toner/ink in the course of an hour...

Like I for once would like to kill bounce emails - you'd be surprised at the number of MTAs and spamfilters that contribute to the spam problem - their bounce replies are spam basically (no viable From address, etc). And those that whitelist, well, depending on the mood, I intentionally whitelist them. If they spam me because they don't want spam and don't bother believing that From addresses can be forged, too bad.

Sometimes letting the broken thing (SMTP) break down is a good thing rather than continuously patching something to do what it really can't do.

Re:One lesson is that judges do matter

[interiot]

Does the court even have much room to make decisions here? Spamhaus should have entered a motion to dismiss in Illinois to say they don't have jurisdiction there. And at this point, Spamhaus should appeal, and enter the motion to dismiss. Now that a default judgement has been filed, aren't judges compelled to uphold the ruling?

Re:Shoulda seen this coming...

[linuxhansl]

Please think of this the next time when a court from another country tries to tell you what a US bases company can do. Maybe US citizen should fly to Iran to defend themselves in trial there?

Spamhaus is in the UK. The court in the US. End of story.

I hope ICANN pulls the DNS records; that will be the final sign for the EU and other parties to take control over their own domains.

If Spamhaus is not liked here, have the US build a huge firewall around the country to "protect" itself.

Ignorance is bliss...

[int2str]

From the linked article it's apparent that many people are ignorant to the problem simply because mail admins block spam quietly, before it becomes a problem to the user. The journalists who think spam isn't a problem should really have their spam filters turned off.

Maybe we should disable _all_ spam filters for one day.
Let's call it "Spam awareness day" and show the journalists just what Spamhaus etc. really do.

This ruling is a total farse IMHO, but with ignorant journalists, judges and so called "experts", nobody will ever be aware of the repercussions.

Re:Shoulda seen this coming...

[masklinn]

Works the other way too dude.

Let's say that you're posting WWII revisionism on an american website. You're protected by the 1st amendment.

Now the website is browsable from... say... France. France has laws against revisionism, so your post is a crime as far as the french law is concerned. Since your post arrived to france, it falls under french juridiction, your crime -- in your own opinion -- was comitted in France even though there was no crime comitted in the USA (interresting isn't it?), and you could be extraded to France to be judged and put in prison.

Fun isn't it?

Becomes much funnier when you put "interresting" countries into play, like, say, China.

Re:Don't let the door hit your ass on the way out.

[Wakko Warner]

also not-receiving tons of legit email from people within the netblocks that get blacklisted by these sites. loads of fun.

not being able to send mail to people because your IP is included in a range of blacklisted IPs is fun too!

Re:Damage is what USA does best

[Aladrin]

So, if someone from Australia sues you for violating their daughter, you'd fly to Australia to defend yourself, even though you've never been there?

Of course you wouldn't. It's obviously so stupid as to not bear considering.

So why should a business in the UK worry about complaints from a company in the US that is ITSELF committing acts that are against the law. (In both countries.)

And what portion of the spammer's argument holds up in court? 'We are trying to send millions of emails to people that don't want them, and that company is providing a service that allows those customers not to get them.' ... WTF? The judge fell for that? NO! Our screwed up legal system just awards the case without hearing a single shred of evidence.

But okay, let's say the judge DID make a good decision. How the hell does the US get the right to make a world-wide judgement like that without talking to any other country? Shouldn't there be a decision making body for things like this? We could call it the 'United Nations.'

I will explain this because I'm tired of this arg

[hummassa]

the service Spamhaus does is done via DNS records
when my email server receive some mail from 1.2.3.4, it looks up 4.3.2.1.sbl-xbl.spamhaus.org and, if the address exists, it closes the connection (so that the mail won't even clog our intertubes). Now, I already changed it to look up 4.3.2.1.sbl-xbl.spamhaus.org.uk, but other 650 MILLION servers still have to do the same. Because if they don't, and this judge thinks it should call, their email load will get up by 20x or so. Got it now?

Too bad so sad

[geekmansworld]

Despite all the predictions of doom and gloom, and despite the attempts to mitigate blame from Spam blacklists to mail admins, I say that this is the inevitable conclusion to the way broad "spam blacklists" are run. As annoying as SPAM is, it can't possibly compete with the damage that spam-blocker's false positives have on the e-mail system. The company I work for has never sent a single piece of spam, but we routinely find ourselves dealing with problems relating to open blacklists and spam-catching software. You have to understand that when business relies to e-mail as a communications medium, it can't afford to have that vital conduit blocked because some asshat administrator insists that your company spams or is an open relay or whatnot when it is in fact not. Even my ISP's domain is frequently blocked, even though they're one of the largest telecomm companies in Canada. One of two things needs to happen: either spam needs to be legislated out of existence, or a proper organization needs to be set up in order two blacklist spam servers while doing their utmost to prevent false positives. Because when it comes down to it, getting a load of annoying junk in your inbox can't compare with never getting a critical e-mail about your job, family, business, or finances.

What else can we do

[Midnight Thunder]

e360 asks:

"They are thumbing their nose at an order of the court," Loethen said. "What else can we do?"

How about trying to sue them in the UK, unless they are just interested in taking advantage of the way the US legal system works - which seems more like the case.

Re:So...get a new domain?

[yuna49]

ICANN's accredited registrar for www.spamhaus.org, is hereby ordered to suspend or place a client hold on www.Spamhaus.org

Is this the actual text of the order? Isn't it possible to comply with this order simply by abolishing www.spamhaus.org and keeping the various other hostnames which are used for IP lookups? Obviously ICANN can't ban a specific hostname, but couldn't Spamhaus make a token contribution to compliance by taking down www.spamhaus.org?

Sometimes the best strategy is to comply with the letter of the law, especially if it's written by someone who doesn't really understand what he or she is talking about!

As I understand it, the original case revolved around whether 360 was slandered by being listed on the Spamhaus website. Why not just remove them from the website listing, but keep them in the reverse domains? I admit I haven't read the legal documents involved in this case, but it sounds to me like there's room here for some fancy lawyering.

Re:Minor nit-pick.

[swillden]

But when their data is false? I have a static IP. For whatever reason, it is listed as a Dynamic IP. For again whatever reason, LOADS of people seem to block dynamic IP's even ones not implicated in Spam.

Oh, believe me, I understand the issue. I used to run a mail server on a static IP that was listed as part of a dynamic IP block. Now I run a mail server that is on a dynamic IP (well, semi-dynamic -- it doesn't seem to change more then once every couple of years). I ran my server with direct delivery for a long time, without any trouble, but I eventually had to configure my mail server to deliver via my ISP's SMTP server because too much of my mail was blocked.

I say we should treat all IP's as innocent until proven guilty.

In principle, I agree. In practice, it's those dynamic IPs that generate nearly all of the spam, and it's not that difficult for non-spammers to route their email through their ISP's mail server.

In any case, I still have to say that the problem is with mail admins that misuse the Spamhaus list, not with the list itself. The list doesn't claim to be a list of spamming IPs, just a list of IPs that are likely spammers. Your IP is a likely spammer, even if it isn't a spammer. Personally, I use Spamhaus, but I only use it to add an "X-Listed-By-Spamhaus: yes" header to the messages, so that bogofilter can use that information. I find it increases the accuracy of bayesian filtering considerably.

Re:BULLSHIT

[tinkerghost]

If they had defended themselves in a US court that would have legitamized the US jurismydicktion of the matter, thus opening Steve and Spamhaus to challenges from ANY court in the WORLD.

Per my understanding, they hired a US company to defend themselves - who properly indicated that the Il. court had no jurisdiction & moved it to federal court. At which point their UK legal team told them the US had No jurisdiction at all & to ignore it - which they did.
The problem isn't that they persued the wrong legal strategy, it's that they persued both of them. Either strategy would have worked. But by changing mid-stride, they screwed themselved.

Re:they are spammers, see here

[db32]

Showing this to the wrong crowd. You should send that link to the Judge.

Re:Shoulda seen this coming...

[Misch]

That was gotten rid of [com.com] thanks to the recent cybercrime treaty that the US and a bunch of other nations signed.

Re:Shoulda seen this coming...

[Impy the Impiuos Imp]

I would like to see the US extradite someone to another country for something done in this country that isn't illegal here.

Especially something related to free speech. I'd bet that part of the extradition law would be thrown out of court before the SC would let someone be extradited.

Re:Shoulda seen this coming...

[Impy the Impiuos Imp]

However, there is a lot of precedence that US courts feel it's their right to apply judgement worldwide. Several Canadian executives, for instance, can't travel through the US because their company does business in Cuba -- and the US doesn't like Cuba, therefore Canadian businesses don't have the right to do business in Cuba. Or so some American judges think.

A Canadian business can do business in the US, or in Cuba, but if you do business in Cuba and in the US, US laws let you sue Canadian businesses also operating in the US for damages, such as Cuba's seizure of private property.

So if you want the financial goodies of the US, you'd better think twice about doing business in Cuba, or pay the US's penalty for operating in both.

As a businessman, it's your choice, consider it the cost of doing business in both countries.

Re:I will explain this because I'm tired of this a

[nsayer]

Alas, it appears at the moment (at least from where I sit) that spamhaus.org.uk != spamhaus.org - at least in the sense that sbl-xbl.spamhaus.org.uk doesn't appear to be giving out any answers, like sbl-xbl.spamhaus.org does.

Re:So...get a new domain?

[Rogerborg]

Just so we're clear, the court had no choice in the matter. If I file a suit against you accusing you of being an agent of the brain slugs, and you don't show up to defend yourself, the court is obliged to accept my version of the truth, without doing any investigation. That's the basis of an adversarial system. Justice is blind to everything but what is placed before it in the court. And yes, it's very, very stupid.

Re:One last time...

[djp928]

The OP is essentially saying the US has the right to make judgements against people who aren't US citizens, don't live in the US, and don't do business in the US. THAT'S flamebait.

No, what the OP is saying is that the US has the right to make judgements against people who aren't US citizens WHEN THOSE PEOPLE IMPLICITLY ACKNOWLEDGE that the US court in question has jurisdiction. The point is, if Spamhaus hadn't specifically requested that the US Federal court hear the case, they probably wouldn't be in this mess at all, because the case WOULD have been dismissed as you claim it should have. However, they implicitly acknowledged the jurisdiction of the US Federal courts (rightly or wrongly--probably WRONGLY) and now are paying for that screw-up by getting a summary judgement against them because they didn't show up for the case.

-- Dave

Re:I'm still a little fuzzy on e360

[jacquesm]

I can see how they would blacklist themselves, but removal could be a bit tricky.

I've just sent the following email to the lawyers for e360:

to: amertes@synergylawgroup.com
from: j@ww.com

Hello there,

It seems you are the people responsible for leading the charge on 'spamhaus' on behalf
of your customer, 'e360'.

if you cause spamhause.org to no longer function then you can rest assured I'll do my best to forward each and every spam message received on my servers to yours.

fair warning

It's one thing to play clever lawyerly games, it's quite another to
piss off just about everybody on the net on behalf of some lowlife.

    Jacques Mattheij
    CEO ww.com

Re:Shoulda seen this coming...

[cpt kangarooski]

Actually, I don't recall that Spamhaus was accused of blocking emails per se. They were accused of tortious interference and defamation, both of which are entirely possible in a scenario involving a list that people choose to subscribe to.

And it's very wrong of you to claim that the judge is incompetent. Because Spamhaus refuses to go to court and present its side of the story, the judge is only hearing one side of the case. He really has no option but to side with e360; the law says that they will win by default if they're the only ones that bother to show up. Anyway, don't insult him just because you wrongly imagined what the issues were in the case and because you disagree with him.