Journal wowbagger's Journal: Doing my part against spam 6
In the March issue of Linux Journal, I had a letter to the editor published. In it, I took the time to inform LJ, and the readers thereof, of the fact that Rackspace, who had taken a full page ad out in the previous month's LJ, were well known for being unwilling to enforce their TOS against spammers, and encouraged anybody considering doing business with Rackspace to do some additional research on their spam history.
LJ's response was less than encouraging - it was basically "We do business with them, we like them, they good, you bad, blacklists bad."
I would have included a link here, but LJ online does not seem to have a ready link to letters to the editor. If any of you find such a link, please post a comment and I shall update this.
OK, so I did my part. I didn't expect much to come of it, but nothing will come of it if I do nothing. Sure, it would be nice if many people wrote in to LJ about their response, but oh well.
Flash forward to yesterday. I received the following series of emails. I have the author's permission to repost them here, but in the interest of not making his (nor my) email addresses spam havens I shall redact tha info. I just wish I'd thought to keep all my outbound letters. (Interesting side note: many of history's great writings are exchanges of letters between learned men. If modern day learned men are as bad about keeping email around as I am, what of our legacy to future generations?)
Date: Sun, 13 Apr 2003 19:55:18 +0200 (MET DST)
From: Anders <redacted>
To: <my email redacted>
Subject: Re: Rackspace vs. Spam Blacklists
David,
I don't know you, but I happened to buy a copy of Linux Journal
(March 2003 issue) while waiting for my train in Stockholm today,
and I want to thank you for stating your position on buying
hosting services from Rackspace.
We have had our share of abuse from Rackspace spammers as well,
which has rendered them an entry in our local blocking list.
Unfortunately that entry eventually led to us having to stop
using that blocking list ourselves, because of disagreement over
the amount of "collateral damage" we should tolerate here as a
department (I still use that list privately)...
I'm disappointed with the response you got from the LJ editor,
as they appearantly haven't got the point, that _no_ mail is
technically "legitimate" when coming from a blacklisted server.
They seem happy to fund the spammers with their own money, and
now I'll be wary about buying another copy of Linux Journal.
I'm also disappointed with Don Marti's editorial on page 4, where
he correctly points out that neither draconian legislation nor
making non-standard modifications to the communication protocol
will put an end to spamming, but then seems to conclude that
employing sophisticated mail sorting technology is the answer,
i.e. essentially leaving the victims to foot the bill anyway!
20 billion junk e-mail messages sent per day may potentially
take 20 billion seconds to delete, manually. A human life is
a mere 2 billion seconds long. In effect, spammers kill ten
people each day. Put another way, spammers hold one million
people in slave labour, and I don't think the slaves should
be forced to build the robots that may one day replace them.
Sorry for my unsolicited ranting, but if you know who I should
be talking to in order to solve my problem, please let me know.
Yours sincerely,
Anders <redacted>
---------------------------------------------
From: Anders <redacted>
To: Linux Journal <ljeditor@ssc.com>
cc: Rackspace <abuse@rackspace.com>, SSC <hostmaster@cymitar.net>
Subject: Re: Rackspace vs. Spam Blacklists
In the March 2003 issue, David D. Hagood and other readers are
advised to avoid blacklisting Rackspace, since that's where the
www.linuxjournal.com web site is hosted. I find this attitude
irresponsible, given the general noise level on the Internet.
Most users simply don't have the time and resources to spend
filtering their e-mail based on content, whether automatically
or manually, and rejecting all mail from likely sources of
abuse may be their only option.
20 billion junk e-mail messages sent per day may potentially
take 20 billion seconds to delete, manually. A human life is
a mere 2 billion seconds long. In effect, spammers kill ten
people each day. Put another way, spammers hold one million
people in slave labour, and I don't think the slaves should
be forced to build the robots that may one day replace them.
If Linux Journal financially supports a business which offers
web hosting services to spammers, then Linux Journal in effect
backs spamming. Not only do you provide Rackspace with a solid
revenue, but you also ask spam victims to tolerate more abuse
from other customers of the same hosting company than from the
rest of the Internet, thus making it even more attractive to
spammers.
It would be more appropriate for Linux Journal to question the
allegations that Rackspace harbours spammers, than to question
the need of the Internet community to take meaningful action
against network abuse.
---------------------------------------------
I replied, thanking him for his comments. Unfortunately I did not think to keep this mail, and I routinely scrub my mail folders.
---------------------------------------------
From: Anders <redacted>
To: <my email redacted>
Subject: Re: Rackspace vs. Spam Blacklists
>First, thank you for the kind words. I feel that each of us should
>always strive to make the world a little better place.
I agree, but one problem is that just about everybody have
their own definition of "better", and people keep pulling
in opposite directions, hence leading them nowhere at all.
>You've done what I hoped would happen - if enough people write into LJ
>critizing Rackspace, then perhaps Rackspace will feel enough heat to
>change their policies.
I figured that was part of your intent, though I was hesitant
at first since I'm not a regular LJ reader and didn't expect
to see any letter of mine in print. However, after writing to
you I thought I could reuse part of that mail. I hope readers
will be intrigued enough to verify my calculations and realize
themselves what it means. With ten people killed every day,
imagine how many that will be in a year and try to remember
when you heard such a death toll mentioned last time.
>Since you are "in the business", all I can say is try to get others to
>write in to LJ.
I did send a copy to our department Linux user mailing list,
but I doubt anybody here will care to write, and my personal
network doesn't extend far beyond that.
>And don't judge LJ too harshly - they are a good magazine, just a bit
>blind, is all. Hopefully you and I can open their eyes.
Blindness isn't an isolated phenomenon, and it seems to be
contagious as well. Even technically minded people appear
to have trouble getting the point that if you are going to
blacklist spammers by address, you will eventually lose also
legit mail, which in that case is actually a good thing!
When you boycott French wine, it's supposedly because you
dislike the foreign policy of the French government, not
because you dislike the wine... Just imagine people trying
to voice their opinion by merely boycotting items they have
no interest in buying anyway.
However, since LJ doesn't buy their services directly from
Rackspace, but rather use the SCC which in turn buy their
services from Rackspace, you could argue that LJ has already
distanced themselves sufficiently from the spammers to escape
responsibility for any incidents of abuse.
>Personally, I'd just like a nice, three month long hunting season on
>spammers....
I'm afraid that would be illegal in Sweden. Besides, I'm not
too interested in hunting, whether for food or for pleasure.
Anyway, I'm curious about what blacklist setup (if any) that
you use yourself. I'm starving for blacklist reviews which
may provide some reliable advice from peer users. I'd also
want to know how you deal with listed SMTP clients, what
rejection error messages you use and so on.
---------------------------------------------
In my reply (another I didn't keep), I responded to his wine boycott analogy by stating my opinion on the various boycotts of French and Russian products by my fellow Americans.
I also told him what I know of my ISP's spam filtering operation.
---------------------------------------------
Date: Mon, 14 Apr 2003 04:23:55 +0200 (MET DST)
From: Anders <redacted>
To: <my email redacted>
Subject: Re: Rackspace vs. Spam Blacklists
>Actually I think Chirac may have a point, so I wouldn't boycott the
>French. But I do think Chirac's just defining himself as "not Bush's
>yes-man", which is a bit pathetic.
Political point or not, it's not the wine that is the problem.
Still that's what most people seem willing to part with...
>My ISP runs a pretty tight blacklist - Spamcop, MAPS, a few others. I
>don't know the details. The biggest problem I have with spam is at work,
>where our IT department doesn't want to run any significant filtering
>for fear of dropping the mythical "US$1M order" email...
My ISP uses a similar setup, even as I happen to disagree with
using the MAPS blacklists. Now, it's not at all sufficient,
and I run my private script to bounce most e-mail to me anyway.
See <url redacted> for a
log of bounced mail since March 2002. Turns out I catch very few
false positives (I don't use that address for correspondance).
Unfortunately, bouncing mail _after_ my ISP has already accepted
it means that the bounce may itself bounce back at my ISP, but
they have said they tolerate it.
At work we now use relays.ordb.org, proxies.relays.monkeys.com,
dsn.rfc-ignorant.org and bl.spamcop.net, in that order. Then
we also have a number of ad-hoc rules in our local access file,
such a known spammer domains. Messages that fail one of the
tests will be immediately rejected by the server, thus putting
the burden of creating a Delivery Status Notification on the
client host itself.
>All I know is that I have reported many dozens of spams to RackedWaste,
>to no effect. When I saw that full-page ad I just couldn't let it slide.
I'm thinking of establishing a simple abuse-reporting tool for
IP addresses, similar to SpamCop, but not as complex. It should
preferrably be taught not to bother unresponsive abuse desks,
but concentrate on those that appear to provide good service.
Then I could let mail to my private address do the reporting
itself, on my terms. I don't need any Bayesian statistical
analysis to find out that 100 percent (or next to it) of the
e-mail that I receive from any blacklisted network is junk.
---------------------------------------------
From: <my email redacted>
To: Anders <redacted>
Subject: Re: Rackspace vs. Spam Blacklists
With your permission, I'd like to post these letters to my slashdot
journal. I will redact your email address if you wish.
As for MAPS - I assume your objection is the "deliberate collateral
damage" issue. While I agree that for an ISP to use such a list without
giving users a choice is bad, I also feel that things won't change until
ISPs that host spam and fail to do anything about it feel some heat.
If only AOL would tell some of the worst offenders (e.g. Rackspace,
UUNET, Exodus) "Clean up your act or be blocked at our border routers."
While extreme, it would probably engender some change.
---------------------------------------------
From: Anders <redacted>
To: <my email redacted>
Subject: Re: Rackspace vs. Spam Blacklists
>With your permission, I'd like to post these letters to my slashdot
>journal. I will redact your email address if you wish.
Not only do you have my permission, even Swedish law may allow you
to publish my mail to you _regardless_ of my permission, to the
extent those messages are considered to be statements by me acting
in my capacity as an <place of work redacted> staff member - whether they
are is however debatable, but I'll give them any slack they want.
My <email address redacted> address is currently exempt from any blocking
list protection, meaning that I'd rather not see it on any public
web page yet, but feel free to use my <other email address redacted> address
instead if you like. Again, Swedish law prohibits me from trying
to put any restrictions on what you can publish, but I trust that
you will make a wise decision.
>As for MAPS - I assume your objection is the "deliberate collateral
>damage" issue. While I agree that for an ISP to use such a list without
>giving users a choice is bad, I also feel that things won't change until
>ISPs that host spam and fail to do anything about it feel some heat.
No, deliberate collateral damage is ok to me, as long as their
rationale and intent is clearly stated.
Instead, I stopped using MAPS in 2001 when they began requiring users
to sign non-disclosure agreements with respect to the "proprietary"
data provided by them. I had by then submitted around 250 addresses
to the MAPS RSS myself, and now MAPS claim proprietary rights to what
I and others gave them for free. They have compilation rights, but
that's all, I would say.
Not only was I personally offended by their move, but it appeared
that we as a university were unable to enter into an agreement with
MAPS under those terms. is a public entity,
meaning that our activities are funded by the taxpayers, and any
information provided to us is by default available also to members
of the public for the mere asking. Certain kinds of information
may be protected by secrecy, but the law offers no provisions for
filtering or rejecting e-mail based on secret criteria.
My other objections to MAPS are specific to individual lists, and
I'm becoming more and more wary of rejecting mail simply because
the SMTP client is using a dynamically assigned IP address. While
statistics show these are frequently abused for spamming, I can't
accept a general prohibition against dynamic IP address allocation
without evidence of actual spam from that network.
As for the original MAPS RBL, I believe they also list providers
for offering spam software. While the Internet certainly would be
a better place if that software wasn't so easily accessible, I
think rejecting e-mail from the provider's network on such grounds
is overdoing it quite a bit, and I'm also concerned doing so might
be illegal for a public entity in Sweden. We don't reject e-mail
from websites hosting nazi propaganda either, as long as they don't
spam us with it.
>If only AOL would tell some of the worst offenders (e.g. Rackspace,
>UUNET, Exodus) "Clean up your act or be blocked at our border routers."
>While extreme, it would probably engender some change.
Indeed. All this seems to stem from disagreement over what policy
to adopt, and a lot of providers try to evade the issue by simply
not being clear about what their real policy is, enforcing it only
when it suits their stockholders.
Spammers have set out to insult every inhabitant of the Internet in
alphabetical order. However, neither can they spel, nor have they
learned the alphabet. As a result, they are running in circles.
---------------------------------------------
Date: Mon, 14 Apr 2003 17:38:26 -0500
From: <my email redacted>
To: <email redacted>
Subject: Re: Rackspace vs. Spam Blacklists
Anders <redacted> wrote:
> Not only do you have my permission, even Swedish law may allow you
> to publish my mail to you _regardless_ of my permission, to the
It would not matter to me if Swedish law, nor even US law allowed me to
publish - MY personal code of ethics would require you to give
permission. I shall treat your email address as I treat my own - it
shall be redacted.
>
> Spammers have set out to insult every inhabitant of the Internet in
> alphabetical order.
Hey now, insulting people in alphabetical order is my schtick (see my
user ID on my ISP.) Though my scope is a bit larger than the Internet....
---------------------------------------------
And there you have it. Perhaps I am being idealistic, but when something like this happens, I get just a quantum of hope for things getting better.
(then I read at 0, and that quantum disappears.)
Spam, Spam, Spam Eggs and Spam... (Score:2)
I'm glad to see another person being proactive on the issue. Spam is one of those things that we NEED to get under control in order to preserve email as a useful medium.
While I haven't been as active regarding spam, I've shared my displeasure with a few webmasters that chose to implement their entire site as a giant flash application. While my feedback generally seems to be ignored (How DARE this (l)user tell me how to write MY website!!), I figure enough of it and they may eventually w
As a former Rackspace customer... (Score:2)
Personally, I think it's a shame. Rackspace are, in many regards, a very good company. Their services are good, at a reasonable price, and they have an excellent support department. The only drawback I've noticed is their lack of spam enforcement. To me, that's a big drawback.
I have to admit though, that it wasn't the spam issue
Re:As a former Rackspace customer... (Score:2)
Now, listings in the anti-spamming community obviously don't work, but perhaps, if enough people write in to places like LJ, there will be enough customers pointing to those letters and saying "Care to explain this?"
It's about all that
look up (Score:1)
Why blacklisting sucks or Why spam is good (Score:2)
Think about it... really think about it. Why would spam EVER be considered good?! For the following reasons:
Spam is a bit like pollen. Yes, it's annoying and/or harmful to those who are sensitive to it, and no one much likes it. When it gets really heavy it can cause all sorts of problems from mere aesthetic ones (who likes to come out of the house to find their car coated in a mottled smear of plant spoo?) to serious health risks. But, I don't see the Ameri