Forgot your password?
typodupeerror

One Last Spamhaus Warning Before The End 632

Posted by Zonk
from the going-down dept.
kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"
This discussion has been archived. No new comments can be posted.

One Last Spamhaus Warning Before The End

Comments Filter:
  • by ellem (147712) * <`moc.liamg' `ta' `25melle'> on Tuesday October 10, 2006 @11:06AM (#16378097) Homepage Journal
    Are they or aren't they Spammers. I have never seen their emails.
    • by krell (896769) on Tuesday October 10, 2006 @11:10AM (#16378167) Journal
      Go to e360's home page. All it shows is information on their frivolous lawsuit. There's nothing to offer their marketing services, to opt in, or even opt out.
      • by ellem (147712) * <`moc.liamg' `ta' `25melle'> on Tuesday October 10, 2006 @11:29AM (#16378401) Homepage Journal
        That page was clearly set up to talk aout their lawsuit.

        The thing is you can definitely end up on Spamhaus with being a Spammer. You can usually get off the list but other times they are total dicks. They blocked an entire C class belonging to XO with the response that if you were "Stupid enough to use XO" it was your "own fault." Disregarding the fact that XO lights buildings and companies don't always have a choice in the matter. They later cleared that up but it took 3 weeks.

        So while I am pro Spamhaus I wonder what e360's deal really is.
        • Minor nit-pick. (Score:5, Insightful)

          by khasim (1285) <brandioch.conner@gmail.com> on Tuesday October 10, 2006 @11:41AM (#16378585)
          They blocked an entire C class belonging to XO with the response that if you were "Stupid enough to use XO" it was your "own fault."

          Spamhaus does not "block" anything. All they do is list the addresses that meet their criteria for listing (yeah, I know that's redundant).

          Mail admins can choose to reference that list (or not) and block / flag / delay / whatever based upon it.

          I use Spamhaus with SpamAssassin, but I don't block or deny. It just adds to the spam score.

          Spamhaus does not block. Spamhaus just lists.

          Mail admins block.
          • Re:Minor nit-pick. (Score:5, Insightful)

            by fractalus (322043) on Tuesday October 10, 2006 @12:42PM (#16379635) Homepage
            Let's be truly clear. Mail admins block, but by using Spamhaus's list, they are effectively taking Spamhaus's word that mail from that domain is worth blocking. They are ceding a certain amount of control over their mail server. For every mail admin to research every spammer would be a major waste of human time, so instead mail admins trust someone else to do that research for them and maintain the list. It's more efficient, but it means you have to trust the organization maintaining the list not to abuse it.

            Blacklists suck. Whitelists suck. Spam sucks. We do the best with what we've got. But for Spamhaus to pretend that they don't know that adding an IP to their list will result in it being blocked from delivering mail to a vast portion of the net is disingenuous. That's exactly why they list large blocks of IPs: because it prevents mail from being delivered, applying pressure to the ISP because their customers are angry. If a listing truly had no effect, they wouldn't do it. (Never mind the ethics of harming uninvolved parties in order to attack the party you dislike; it's the same tactic as another group whose label begins with "t" uses.)

            Do I use Spamhaus? Yes. Is a Spamhaus listing alone enough to get mail blocked on my server? Nope. It's just another vote of no-confidence for a particular message. Do I loathe spammers? You betcha. But Spamhaus shouldn't pretend they're not a blocking list. And these spammers should be laughed out of court, the rat bastards.
          • by Spazmania (174582) on Tuesday October 10, 2006 @02:37PM (#16381471) Homepage
            Spamhaus does not block. Spamhaus just lists. Mail admins block.

            Murders don't kill people. Guns kill people. Murderers just point and twitch thier index finger.
      • Now,now (Score:5, Funny)

        by Kludge (13653) on Tuesday October 10, 2006 @12:06PM (#16379059)
        For shame!
        Their web site has lots of useful information.
        And I think you should get it all with
        wget -r http://www.e360insight.com/ [e360insight.com]
        Repeatedly, if necessary.

    • by crayz (1056) on Tuesday October 10, 2006 @11:33AM (#16378473) Homepage
      • Re: (Score:3, Interesting)

        by db32 (862117)
        Showing this to the wrong crowd. You should send that link to the Judge.
  • The IP Address (Score:4, Informative)

    by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Tuesday October 10, 2006 @11:06AM (#16378111) Journal
    Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling.
    Ok, so we might be making a bigger deal of this than we should. I mean, after a simple ping:
    Pinging www.spamhaus.org [216.168.30.71]:

    Ping #1: Got reply from 216.168.30.71 in 79ms [TTL=57]
    Ping #2: Got reply from 216.168.30.71 in 84ms [TTL=57]
    Ping #3: Got reply from 216.168.30.71 in 79ms [TTL=57]
    Ping #4: Got reply from 216.168.30.71 in 79ms [TTL=57]

    Variation: 5.0ms (+/- 6%)
    Doesn't that mean that for all applications referencing Spamhaus, they need to push out patches that use 216.168.30.71 instead of http://www.spamhaus.org/ [spamhaus.org] ?

    I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?
    • Re: (Score:3, Insightful)

      by codegen (103601)
      They could also get a .de name. Something beyond the jurisdiction of a US. Court.
    • Re: (Score:3, Insightful)

      by OverlordQ (264228)
      Because just maybe they have some sort of load-balancing setup, so everybody hammering a single machine is just as effective as pulling the domain.
      • Because just maybe they have some sort of load-balancing setup, so everybody hammering a single machine is just as effective as pulling the domain.

        That's possible, but there is a proxy design scheme [wikipedia.org] they could implement for a single IP address that would allow them to stay in business. Is this uncommon or hard to do? I don't think dishing requests to other boxes is that hard of a thing to do.

        • by OverlordQ (264228)
          Yea, but hard-coding IP's is a very very bad thing to do, the better solution is to update your DNS servers to specify "Hey ignore the upstream servers and query spamhaus directly"
      • by shaitand (626655)
        Why don't they just register another domain? I've got a few unrelated but functional domains they can borrow.
        • Re: The IP Address (Score:5, Insightful)

          by Intron (870560) on Tuesday October 10, 2006 @01:03PM (#16379997)
          Maybe spamhaus.cuisinewiki.com doesn't appeal to them.

          Anyway, this is a good case for control of registration and domain names not being US-based. A court in Illinois should not be able to affect a legitimate .org domain. It's only because PIR (the .org registrar) is a US company that they can try to do this. If we were using a distributed naming system, not based on a single set of TLD servers, then this couldn't happen.

          "The Net interprets censorship as damage and routes around it." -- Gilmore

          What's wrong with a little anarchy? I'm sure if the suggestion were sent around, spamhaus.org would remain in DNS and e360.com and any associated businesses could be made to disappear.
    • Re: The IP Address (Score:4, Interesting)

      by From A Far Away Land (930780) on Tuesday October 10, 2006 @11:16AM (#16378249) Homepage Journal
      "Maybe this will cause the community to complain about ICANN and the American control of the internet?"

      Is the US the only country that can compell ICANN to modify the DNS record list? Can't a judge in the UK overturn the US judge's ruling and compell ICANN to reinstate the address? If not, that's insane that US law is the end all of Internet law.
      • Re: (Score:3, Informative)

        by Sycraft-fu (314770)
        Depends on the domain name. The UK has authority over .uk domains and subdomains. Most of the non-country domains (like .com .net and .org) are administered by US entities and thus subject to US law. However the country codes are administered by the countries they are assigned to and thus not. You'll discover that because of that, how different TLDs work varies greatly. .com requires that you have contact information, but you have have it be that of your hosting company, they can be a proxy for you in essen
    • by nuzak (959558)
      You can't easily query a DNSBL by its IP address. You can set up your local DNS to use it as an alternate root for just that zone, or you can issue queries directly to their DNS servers (basically doing the same thing), but many (perhaps most) companies have firewalls in place that run all DNS recursively through the gateway. Gateway resolver's not reconfigured, everyone behind it loses.

      On the other hand, you can just use spamhaus.org.uk and you'll never notice.

    • by hummassa (157160) on Tuesday October 10, 2006 @12:38PM (#16379561) Homepage Journal
      the service Spamhaus does is done via DNS records
      when my email server receive some mail from 1.2.3.4, it looks up 4.3.2.1.sbl-xbl.spamhaus.org and, if the address exists, it closes the connection (so that the mail won't even clog our intertubes). Now, I already changed it to look up 4.3.2.1.sbl-xbl.spamhaus.org.uk, but other 650 MILLION servers still have to do the same. Because if they don't, and this judge thinks it should call, their email load will get up by 20x or so. Got it now?
      • by nsayer (86181) * <nsayer AT kfu DOT com> on Tuesday October 10, 2006 @02:52PM (#16381749) Homepage
        Alas, it appears at the moment (at least from where I sit) that spamhaus.org.uk != spamhaus.org - at least in the sense that sbl-xbl.spamhaus.org.uk doesn't appear to be giving out any answers, like sbl-xbl.spamhaus.org does.
      • by Panoramix (31263) on Tuesday October 10, 2006 @06:38PM (#16384839) Homepage

        I think you should wait before changing anything. I don't think spamhaus.org.uk, or any other name besides spamhaus.org, will ever resolve the Spamhaus RBLs.

        From Spamhaus' response [spamhaus.org] to the proposed order (proposed, people, by the spammer's counsel, no judge has ordered ICANN anything), it seems they'll intend to contest this. They mention they don't think that ICANN suspending them can actually happen, for reasons I in fact agree with (go read them at their site). They also mention that "one U.S. government agency has begun working on a response."

        However, if worse comes to worst, they probably won't switch to any other domain name. They state: "... if Spamhaus gets around the court order by switching domain to maintain the blocking, the judge would very likely then rule us in criminal contempt. We don't want a criminal record for the sake of fighting spam. We normally help fit the spammers with criminal records, not the other way round."

        Which I read as, if this order is enforced, and ICANN caves in and all that, there will be no more Spamhaus, period.

        Which would really piss me off. The whole episode already already seems like a bad dream to me. To see Spamhaus destroyed by some spammer scum would be just depressing. One thing's for certain, though: it'll be a cold day in hell before any site I manage will exchange traffic with this spammer.

  • by UbuntuDupe (970646) on Tuesday October 10, 2006 @11:09AM (#16378143) Journal
    As I understand it, Spamhaus just has a list that people use in making their own blocking decisions. (Though that "own blocking decision" is of course "Is it on Spamhaus? Then block it.") They don't actually block anyone. So they could comply with the ruling by removing the "approved" spammer and then saying to all current and future customers, "We had to remove this guy from our list, but you should probably block him anyway." Then it's just a bunch of email users "on their own" deciding to block the spammer. The complies with the court order, while still defeating the spammer's goal.

    Or is my understanding about a mile off?
    • by crayz (1056)
      You're misunderstanding the technical aspects of how spam blocking works. E-mail admins don't get messages saying "block this one dude" - especially for smaller orgs, they will rely on anyone who should be blocked being listed on one of the RBLs. You're not going to sit there manually adding records to some separate internal list, adjusting it every time a spammer changes his IP
  • by Kadin2048 (468275) <slashdot DOT kadin AT xoxy DOT net> on Tuesday October 10, 2006 @11:09AM (#16378145) Homepage Journal
    What's stopping them from getting a domain name in a non-US-controlled TLD?

    I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.

    Somehow I think enough people find Spamhaus useful, that if they asked they could probably take up collection and get enough money to afford a new domain, and right now they have enough press coverage to ensure that it would be publicized. Sure, it would be a PITA for a lot of mailserver admins who would need to change the address, but that's still a lot less work than filtering their spam by hand.

    It sounds like Spamhaus is getting ready to 'cut off their nose to spite their face,' or in this case, destroy themselves in order to try and prove some point to a Federal Court in the US that couldn't give a damn one way or the other. If they're trying to make a point, this isn't the way to do it.
    • by randomErr (172078)
      How about just creating an open TLD system?

      I've been trying to make a similar service in my spare time.
    • by terrymr (316118) *
      A nice idea ... but the CCTLDs issued by ICANN to the various countries registrars, if ICANN can take down a .org name they could take down a .uk name too .... now why did the rest of he world want an independant ICANN again ?
      • Umm, no, since resolving a .uk name causes the DNS client to ask what the server for .uk is and then to continue from there.

        It doesn't know what site is going to be ultimately asked for.

        They'd need to block .uk totally to stop access to a .uk domain. I don't think that'll happen - and even if it did, people around the world would use alternate root servers.
    • by MoralHazard (447833) on Tuesday October 10, 2006 @11:32AM (#16378445)
      What's stopping them from getting a domain name in a non-US-controlled TLD?

      I don't see how a US court ruling could shut down a domain name in another country's TLD; so why don't they just go and get a name in the UK, or Switzerland, or Sealand.


      You're not the only person to make this mistake. The judge's order to pull the SOA for SpamHaus's domain has NOTHING TO DO with whether the TLD is .com, .uk, .de, or .mil. It doesn't matter where the domain is registered.

      How can this be? Well, SpamHaus is subject to the jurisdiction of a U.S. court. Once a court (any court, not just American) decides that you're subject to its jurisdiction, it can issue an order compelling you to do whatever it wants. It can also issue a court order compelling a 3rd party (in this case, the domain registrar) to take some action in regards to you. It doesn't matter whether one party in the lawsuit, or the 3rd party who isn't involved in the suit, is actually resident in the U.S.

      Enforcement of a court order is a slightly different issue. It may be very, very difficult to enforce the order of a U.S. court in a foreign country. It's easy enough in the U.S. because the court can hold the non-compliant party in contempt (and enact fines, jail time, etc.), but these mechanisms don't automatically work overseas. Some countries, under some circumstances, will honor civil court orders from other nations, but usually you would have to sue in the foreign country's courts to effect any action on the part of a foreign body.

      An important exception to the above is that many entities have assets or physical presence in multiple countries. If (hypotheticallly) the German arm of Register.com operated the .de TLD, a U.S. court could fine the U.S. company, order their CEO to jail, or do whatever else it thought necessary in order to force the German part of the company to comply with its orders. The judge might even order a German executive (residing in Germany) to jail for contempt, and when the German doesn't comply, issue an arrest warrant for the German. While German authorities will probably not be willing to act on that warrant (extradition treaties don't normally extend that far), it will be awfully hard for the German executive to travel in the U.S. with an outstanding warrant.

      In short, the Illinois court made a STUPID FUCKING BONEHEADED decision, and the judge or jury should probably be removed and caned, but it is certainly procedurally possible for them to hassle SpamHaus regardless of where you register the domain name.
  • Has anyone reading this ever opted into e360? Or have you heard of anyone that has? (I guess, to be fair, has anyone gotten email from e360 or any of its spamsocks such as bargaindepot.net ?)
  • by mpapet (761907) on Tuesday October 10, 2006 @11:16AM (#16378245) Homepage
    Clearly Spamhaus does not have enough friends in high places. If they -had- K Street influence, (Cha-Ching! $$) their dire court situation would be relieved to a great extent by legislative or some other branch of gov't giving them a way out.

    Look at how long and how much money it took for the Crackberry developer to get the federal gov't to do things like the "emergency review" and subsequent invalidation of the submarine patent owner that went after them while they were clearly set to lose in court to the submarine patent holder.

    I would be very interested to see/hear if there isn't K Street pressure to kill spamhaus off so other companies that DO legislate can make consumers pay more for the "luxury" of good spam filtering.
  • I for one whould like to see how ICANN responds when ordered to turn in a domain name. I'd like to know how the rest of the world responds when the US starts using it's ownership this way.

    As for the list, switching to spamhaus.org.uk will be trivial in most cases, i really doubt the rbl domains are hardcoded anywere. Perhaps spamhaus should see if they can make the list inaccesible to US users as well, since they seem to think everybody (even foreigners) is required to accept their commercial email.
    Just
    • by crayz (1056)
      They say on their site that they believe if they just switched domains, they would be found in criminal contempt of court. Also yes, I'm sure the address is hard-coded in many places, for example proprietary user-facing mail servers
  • How can a judge essentailly rule that a group of people, in another country, cannot add someone's already public information to a public list?
  • Not such a bad thing (Score:4, Interesting)

    by Exp315 (851386) on Tuesday October 10, 2006 @11:25AM (#16378345)
    Spamhaus and other block-list pushers are a solution to spam that's worse than the problem. I understand that it's up to individual ISPs to decide what they do with these block lists, but too many were relying on them blindly to reject email from any source that ended up on a block list. Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked. Perhaps it's indicative of the arrogant attitude of outfits like Spamhaus that this happened to them. Maybe this will serve as a wake-up call to other block-list operators to act more responsibly, but I suspect they'll ignore it and continue business as usual.
    • "Spamhaus and other block-list pushers are a solution to spam that's worse than the problem."

      I've never had a problem not receiving legitimate e-mail. But spending 20 minutes a day clearing out my inbox of some tosser trying to sell me VltAGRA is a right pain. Right now in my unusable real e-mail box 238 unwanted adverts for s@#% I don't need.

      re Re:Not such a bad thing
    • Re: (Score:3, Insightful)

      by jafiwam (310805)
      Spamhaus and other block-list pushers are a solution to spam that's worse than the problem.

      Uhm... No. For me, they are a godsend. So go fuck yourself. You don't like them, don't use them.

      Unfortunately many sources that ended up on these block lists are the common mail servers of other major ISPs, resulting in large volumes of false-positive emails being blocked.

      Do you REAALLLYYY think the users of such lists do not understand this? They do, they don't care about your problem. It's YOUR proble
  • by MECC (8478) *
    What's the difference between spamhaus and spamcop? Don't they both have blackhole lists?

  • This would be a good time to remove control of ICANN from the US government. A judgement in an Illinois court has no juristriction in an organization based in the UK. If they go ahead and suspend Spamhaus I can see the EU and the rest going their own way and setting up their own version of ICANN. Imagine what would happen if China arbitrally suspended falun.gong.org.

    The Letter That Won US Internet Control [slashdot.org]
  • by Theovon (109752) on Tuesday October 10, 2006 @11:30AM (#16378411)
    In a UK court, Spamhaus should sue ICANN for unjustifiably removing their domain name. They could argue that ICANN removed their domain for reasons that do not legally apply to Spamhaus, on top of the fact that the Illinois court has not actually ruled against Spamhaus on anything (IIRC, the spammer was granted a temporary injunction prior to a final ruling). I'm an American who believes that having a single domain name registrar under a single government is really stupid and a great way for the US government (or agents thereof) to screw other countries. I believe that Americans should have power over America and over non-Americans who are a threat to personal liberties of Americans. Controlling ICANN and screwing with Spamhaus steps outside of those bounds. Perhaps after this, people will realize that it's necessary to liberalize ICANN.

    This is a power play by Spamhaus, but it's a totally justified power play. And I applaud them for not giving in to the demands of a stupid court that has no jurisdiction over them or any reason in the first place to pass an injunction against them. If their domain name is removed, then the fallout from all of the additional SPAM will be cause a great deal of trouble.
  • a little clue (Score:3, Insightful)

    by grapeape (137008) <mpope7@NOSpam.kc.rr.com> on Tuesday October 10, 2006 @11:35AM (#16378499) Homepage
    If I subscribe to a RBL it means I dont want the junk no matter who is on the list. It means that opt out or opt in doesnt really matter to me. Im really tired of companies arrogant enough to think that my happening to hit their website once constitutes permission to spam the crap out of me on a daily basis. Here's another clue, the folks you are objecting to are the ones who you dont have a snowballs chance in hell of selling a product to. If we are smart enough to know what a RBL is we are smart enough not to read the crap your sending. At least with paper junk mail I know that it cost them something to get the crap to me and I can throw it out or burn it, spam is the only situation I know of where I have to pay for someone else to annoy me.

    I really think the idea of white lists or per email fees is starting to come due. Yep its a hassle and the idea of paying for email kind of sucks but if done right it would have little effect on the average user but really make spammers accountable. I'd like to see a monthly or weekly cap over that and you pay. I also would like to see the Icann or someone rule that non working or non existant opt out's result in an immediate revocation of ALL domains owned by the offender.
  • by iambarry (134796) on Tuesday October 10, 2006 @11:36AM (#16378519) Homepage
    As stated by numerous other posts, Spamhaus needs DNS records as the RBL works using DNS.

    However, just because ICANN suspends a domain doesn't mean that its out of DNS. Anyone with a DNS server can still serve the records. Not all root servers are under ICANN control.

    Many email servers have their own DNS server (if only for caching). I say, manually add the records in defiance of the SPAMers and their abuse of our legal system!
  • They're not all created equal and citizens should pay attention to how they get on the bench.

    Are you in a place that elects judges? It's hard to get good information about them, but the Bar Association ratings are better than nothing. Are you in a place that appoints judges? Maybe there are retention elections later.

    Are you in a place that's completely appointed? Ask candidates how they would go about nominating judges. Watch their platform and their colleagues for signs that they might appoint sleazy hacks
    • Re: (Score:3, Interesting)

      by interiot (50685)
      Does the court even have much room to make decisions here? Spamhaus should have entered a motion to dismiss in Illinois to say they don't have jurisdiction there. And at this point, Spamhaus should appeal, and enter the motion to dismiss. Now that a default judgement has been filed, aren't judges compelled to uphold the ruling?
  • Big deal (Score:3, Insightful)

    by saikou (211301) on Tuesday October 10, 2006 @11:38AM (#16378553) Homepage
    People who chose to use them for filtering will just as easily update their configs to a new domain. Those who can't because they did it "automatically" probably shouldn't have as they need to understand how it works and how to balance black listing with other ways to control spam.
  • by InfinityWpi (175421) on Tuesday October 10, 2006 @11:43AM (#16378623)
    ...where was it... oh, I know! This is from Ghostbusters, right? Shutting down the containment grid would be a big mistake... cats and dogs, living together... government authority figure who thinks what he's doing is best... a storm of ectoplasmic spam descending on the world...

    It's okay, guys. Spamhaus will lose their domain for a night, then get it back along with a huge government grant to go find a way to stop th emess that was made when they were shut down, and it'll all be cleaned up in time for a sequel.
  • by tlhIngan (30335) <slashdot AT worf DOT net> on Tuesday October 10, 2006 @11:43AM (#16378629)
    In the long run.

    Think about it - let's say Spamhaus is effective enough that they're stemming the tide of spam (which I've noticed has increased 50% in the past month or two).

    So they shut down, and everyone using them suddenly gets lots more spam. Those who only use Spamhaus as a suggestion won't notice too much, but now everyone else realizes how big the problem really is. Which may call for action, like revamping the email infrastructure. It only takes one important congresscritter to suddenly have his blackberry reject emails from other congresscritters because it was full of spam. Or heck, imagine government paralyzed because they're spending more time deleting than responding.

    Sometimes you have to realize that spam filters may be part of the problem - those who rely on them start to get a distorted idea of how much spam is out there. So turning off the filters for a few weeks may be a better solution to get people moving.

    Or rapidly degenerate email to the point where the only use of it is spam, so no one bothers using it anymore. Which would be a good solution too as it can lead to fast implementation of next-generation email solutions. (Forums have replaced mailing lists, IM has replaced quick "how are you doing?" emails, and so on). If people's phones ring multiple times a minute... or if a junk fax started using up all your paper and toner/ink in the course of an hour...

    Like I for once would like to kill bounce emails - you'd be surprised at the number of MTAs and spamfilters that contribute to the spam problem - their bounce replies are spam basically (no viable From address, etc). And those that whitelist, well, depending on the mood, I intentionally whitelist them. If they spam me because they don't want spam and don't bother believing that From addresses can be forged, too bad.

    Sometimes letting the broken thing (SMTP) break down is a good thing rather than continuously patching something to do what it really can't do.
    • by int2str (619733)
      From the linked article it's apparent that many people are ignorant to the problem simply because mail admins block spam quietly, before it becomes a problem to the user. The journalists who think spam isn't a problem should really have their spam filters turned off.

      Maybe we should disable _all_ spam filters for one day.
      Let's call it "Spam awareness day" and show the journalists just what Spamhaus etc. really do.

      This ruling is a total farse IMHO, but with ignorant journalists, judges and so called "experts"
  • wakeup call (Score:4, Insightful)

    by Tom (822) on Tuesday October 10, 2006 @11:44AM (#16378635) Homepage Journal
    Maybe that's exactly what is needed. A flood of spam, drowning everything and especially e-commerce.

    So far, the war has been fought by amateurs vs. increasingly aggressive and organized criminals. But the amateurs have been fairly successful, so nobody really noticed. Open the floodgates and let everyone realize that spam really is a problem that needs to be dealt with, once and for all.

  • One last time... (Score:5, Insightful)

    by Anonymous Coward on Tuesday October 10, 2006 @11:44AM (#16378637)
    Spamhaus implicitly asked the court to take jurisdiction when they ask for the case to be transferred from state to federal court.

    If they had done nothing, the court probably would have dismissed the charges for lack of jurisdiction.

    If they had asked the court to drop the charges because they were a UK entity and a US court doesn't have jurisdiction, the court probably would have agreed.

    But no, they explicitly asked for the case to be transferred to federal court, implicitly acknowledging the jurisdiction of the court and then they never came back.

    The judge is saying, "You asked for this. We went to a lot of trouble to accommodate you. Where are you? If you don't show up, I'll have to find for the plantiff."

    They shot themselves in their own foot.

    Matthew Prince has a good summary [securiteam.com].
  • by dpilot (134227) on Tuesday October 10, 2006 @11:50AM (#16378787) Homepage Journal
    The real problem here is that spam is considered an "annoyance" and is legislatively treated as such. In that light, it becomes "my business model, revenue, and profitability" vs "your annoyance" vs "their attempts to help others deal with spam." It also gets into a delightfully grey realm of defining "spam" vs "legitimate commercial email." Because these aren't simple issues, and the defined reason to stop spam is "annoyance," nothing substantive happens.

    Think differently...

    From what I've heard, spam constitutes something over half the traffic on the Internet. Think of blocking half of a water main, or half of a sewer, or half the lanes on the highway. No doubt at all that this would be considered more than just "an annoyance," but that's pretty much what spam is doing each and every day. Look at the legislative "encouragement" to build more bandwidth and the end-to-end compromises being threatened, but in reality we're wasting over half of what we've got, already. Spam is much more serious than just an annoyance.

    How's this for an idea - link it to terrorism!
    Imagine for a moment that you want to transmit secret, untracable terror plans all around the world. Simply put "V1agra" on the subject line, send it to EVERYBODY, and you're pretty much guaranteed that NOBODY will read it. You could probably send your plans in clear-text safely, but steganography would be advisable.
    So here it is... Spam is really a secret terrorist communications channel! It needs to be stopped!
  • by Harmonious Botch (921977) on Tuesday October 10, 2006 @11:55AM (#16378875) Homepage Journal
    Lindhart is the spammer at e360. On Spamhaus's website they have posted lots of email that they have received from him. It included the following:

    From: david linhardt
    Subject: mail fraud and identity theft

    Be advised, I am aware that members of the spamhaus organization are using my personally identifiable information to fraudelently order products and services on my behalf. I know this is true because I mistakenly provided you with my home address...


  • by pembo13 (770295) on Tuesday October 10, 2006 @12:03PM (#16379009) Homepage
    The fact that they seem to be purely a marketting firm with nothing better to put on their frontpage would be enough for me to manually blacklist them. They go as far as calling Spamhaus a secret organisation: http://www.e360insight.com/ [e360insight.com]
  • Too bad so sad (Score:3, Interesting)

    by geekmansworld (950281) on Tuesday October 10, 2006 @12:39PM (#16379571) Homepage
    Despite all the predictions of doom and gloom, and despite the attempts to mitigate blame from Spam blacklists to mail admins, I say that this is the inevitable conclusion to the way broad "spam blacklists" are run. As annoying as SPAM is, it can't possibly compete with the damage that spam-blocker's false positives have on the e-mail system. The company I work for has never sent a single piece of spam, but we routinely find ourselves dealing with problems relating to open blacklists and spam-catching software. You have to understand that when business relies to e-mail as a communications medium, it can't afford to have that vital conduit blocked because some asshat administrator insists that your company spams or is an open relay or whatnot when it is in fact not. Even my ISP's domain is frequently blocked, even though they're one of the largest telecomm companies in Canada. One of two things needs to happen: either spam needs to be legislated out of existence, or a proper organization needs to be set up in order two blacklist spam servers while doing their utmost to prevent false positives. Because when it comes down to it, getting a load of annoying junk in your inbox can't compare with never getting a critical e-mail about your job, family, business, or finances.
  • What else can we do (Score:3, Interesting)

    by Midnight Thunder (17205) on Tuesday October 10, 2006 @12:51PM (#16379785) Homepage Journal
    e360 asks:

    "They are thumbing their nose at an order of the court," Loethen said. "What else can we do?"

    How about trying to sue them in the UK, unless they are just interested in taking advantage of the way the US legal system works - which seems more like the case.
  • by WhiteWolf666 (145211) <sherwinNO@SPAMamiran.us> on Tuesday October 10, 2006 @02:20PM (#16381197) Homepage Journal
    Guys, I know that everyone (oddly enough, especially Europeans) want to make this into a Europe v. U.S. issue, but it isn't.

    A. First, Spamhaus argued that this case belongs in U.S. Federal Court. That's mistake number one; you don't tell a judge that your case belongs in a certain court, and then refuse to show up. Even odder, they say this, "But, to ensure this doesn't happen we are working with lawyers to find a way to both appeal/contest the ruling and stop further nonsense by this spammer." The question is, why didn't you guys work with lawyers before hand?

    Take a look at http://www.spamhaus.org/legal/answer.lasso?ref=3 [spamhaus.org] . Spamhaus makes a compelling case there as to why the court should not have jurisidction over them. So why would you _not_ present this evidence in court; especially after you've already told a court that they DO have jurisidiction over you.

    B. Look at Spamhaus.org (or a mirror, if you can now). What logos does Spamhaus display on their "About Spamhaus" page. I'll cut and paste the organization names, about whom Spamhaus says, "Spamhaus works with many Law Enforcement agencies and cyber-crimes teams worldwide, assisting investigations and compiling evidence on illegal spam operations. Our main working partners are:"

    1. Federal Bureau of Investigation
    2. National Cyber-Forensics and Training Alliance
    3. United States Postal Inspection Service
    4. National White Collar Crime Center
    5. Internet Crime Complaint Center
    6. Department of the Treasury
    7. Internal Revenue Service

    When you work with this group of U.S. government services, and claim that they are your first line of working partners, it's difficult to argue that U.S. courts should have no standing over you.

    C. Spamhaus does business in the U.S.! :

    Spamhaus makes this claim, which I do think is one that would require discussion in court:
    "
    Claim: An Illinois court has jurisdiction over Spamhaus in the United Kingdom because Spamhaus does business in the State of Illinois.

    This statement is false. Spamhaus does no business in the State of Illinois. Spamhaus has no office or agent in the State of Illinois nor any affiliation with any Illinois resident or entity. Spamhaus is a British organization and is not subject to Illinois County Court jurisdiction. Spamhaus advises Mr. Linhardt to re-file his case in the proper venue, a law court in the United Kingdom.
    "


    Consider that Spamhaus has a public mirror (perhaps several) in the U.S., over which Spamhaus has tight control. Furthermore, consider that Spamhaus sells a Datafeed service to U.S. residents. On http://www.spamhaus.org/datafeed/pricecalculator.l asso [spamhaus.org] , prices are listed in Dollars, not Euros.

    Given that they sell this service, and given that they manage servers in the U.S., it is difficult to argue that they don't do business in the U.S., and certainly is an issue for substantive debate. Not something you can win by default, and certainly something that a non-technical Judge would (fairly) decide without a defense.

    Summary: The Judge, in this case, made a good decision. A company brought forth a fairly legitimate looking claim, one which may be somewhat feeble but had some legal grounding. The defense argured that it was not within Illinois's jurisidction, which *is* true, and then argued that it belonged in Federal court. The illinois judge said, "fine". Spamhaus then proceeded to ignore the federal court.

    What did they expect?

    They should have argued from the begining that this did not belong in U.S. courts at all, and the proper jurisidiction would be Britain. That *might* have been a lengthy discussion, because Spamhaus does, indeed, offer services within the U.S. for pay, as well as free listing services; and being listed on a spam list may or may not interact with libel laws.

    Either way, I think Spamhau
  • by cpt kangarooski (3773) on Tuesday October 10, 2006 @07:37PM (#16385533) Homepage
    I'll try to shed some light on how this sort of thing works, more or less.

    There are two kinds of jurisdiction ('jxn'): subject matter jxn and personal jxn. Both must be proper in order for a court to hear a case.

    Subject matter jxn deals with matters like standing, the subject of the case (e.g. is it a patent case), diversity, etc. It's really not an issue in this case, and will only crop up once, and be briefly noted later on.

    Personal jxn deals with whether the parties in the case are within the court's jxn. American law generally has very broad personal jxn. The limits on this are basically those put in place by state and federal law, including the Constitution. This is because jxn is basically the extent to which the court is permitted to reach by law, and those are the relevant laws. Whether the court can effectively exercise power over people is an entirely different matter -- fleeing to a faraway country or holing up in a bunker with a lot of guns are the sorts of tactics used to escape the law, and don't have anything to do with jurisdictional matters.

    In any case, jxn is how far the law allows the court to reach, regardless of practical matters of enforcement. The law generally put it to be as far as possible, ultimately limited by the Constitution. It could arbitrarily be shorter, but this is not common.

    There are several ways in which a court may find that it has personal jxn. The easiest is when someone is physically present. But physical presence is not actually required. For example, if you are a resident of a state, but are not currently in the state, there is still personal jxn. Or if you are not a resident of a state, but drive a vehicle in the state, you are deemed by law to have consented to the matter of personal jxn by driving there. (Again: personal jxn is what the law says it is, not what you think it ought to be, and totally apart from the matter of whether enforcement is practical)

    Still, when the applicable law is simply that personal jxn extends as far as the Constitution permits, the question becomes one of Constitutional law: does the guarantee of due process in the Constitution permit jxn to be exercised here? The traditional test to find out is the minimum contacts test.

    Roughly, there must be at least a minimum number of contacts of sufficient quantity and quality that it would be fair and just to exercise personal jxn.

    For example: did the defendant engage in business dealings in the jxn? Did they avail themselves of the benefits of the jxn's law (e.g. by entering into contracts which the jxn's law could be called upon to enforce in some manner). Do they solicit business within the jxn? Do they sell goods or services, directly or indirectly, to people in the jxn?

    The more contacts there are, the more likely that jxn will stand. If there are few contacts, then it is less likely. However, where a suit is closely connected to a particular contact, personal jxn may be found with less of a contact than if there is no such connection. (E.g. if you only do business with one person in California, then probably only that person would be able to sue you there based on that contact)

    Some contacts are too attenuated or minor to support personal jxn, but they're the exception, particularly where we're dealing with business matters.

    The other important thing to note about personal jxn is that it is waivable. The law permits someone to consent to personal jxn. You often see this sort of thing in contracts. But going to court to defend yourself will count too. If you want to argue that a court lacks personal jxn over you, then you have to do so in a very precise fashion, lest you inadvertantly waive it, irrevocably. This might seem odd to you, but let me reiterate: jxn is what the law says it is, and the law says that personal jxn is waivable, and has to be brought up in a very specific way, at a very specific time (immediately, basically), or else it is waived. It has nothing to do with what country you're in (unless that matt

Brain fried -- Core dumped

Working...