ORBS Forks

Noxxus writes: "Wired is carrying this article about the shutdown of Alan Brown's Open Relay Behavior-Modification System, more commonly known as ORBS. Brown, of New Zealand, closed his operation after two local companies won legal injunctions against him for listing them." It seems the list of 94,000 open relays will be maintained by: "Open Relay Black List of Phoenix, AZ, Open Relay Block Zone (ORBZ), of Basingstoke, England, and the Open Relay Database (ORDB), of Aarhus, Denmark." We've gotten a zillion ORBS submissions since the day its website went down, but this is the first post-ORBS story with enough info to be worth a mention. Guess the dust just needed to settle.

We're obviously in the minority, but I think the EFF's John Gilmore has cut to the chase:

For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.

"I noticed years ago that the community tends to go 'mob' and lose its morals and principles when it comes to spam," Gilmore says. "Free speech, interoperability, inclusiveness, tolerance, privacy, anonymity -- all go out the window when they get in the way of killing off those damn spammers."

I wonder if he'll get added to spam lists now, like I do every time I post a story critical of anti-spam activists. Yeah, subscribe me and Rob to more mailing lists under the handle "Spamlover." That's real mature.

Re:Three things...

[chuck]

The recipients typically can't block mail from open relays.

Typically, no. However, if you're using procmail you can, using a utility such as rblcheck [sourceforge.net]. If anyone's interested, just email me for some handy scripts.

Censorship vs. censorship?

[chuck]

I don't understand all this anti-ORBS talk about censorship... "ORBS is bad because it censors people, etc..."

Let's do some logic to find out who the censors are. What does Mr. Brown do?

• He probes mail servers to find open relays. (This is the only "questionable" activity of which I would accuse Alan.)
• He compiles a list of these open relays.
• He publishes this list to those who specifically ask for it.

Now, what word would you use to describe someone who forcefully stops Mr. Brown from publishing his information?

Think for a second....

Riiiiiight....

Censorship? Bullshit.

[Stormie]

Calling a blacklist of open relays "censorship" is like calling a virus-scanner censorship. Hey, just the other day I got some email with the "Mawanella" VBS trojan in it.. and goddamn McAfee VirusScan deleted it!! That's censorship!! It's a violation of my first amendment rights!! (never mind that McAfee isn't a government body, and I'm not in the USA anyway, it's still a violation of my first amendment rights!!)

Come on, open relays are flat out misconfigured, broken and harmful to the internet as a whole. In a perfect world, if you didn't know how to set up a mailserver, then your mailserver simply WOULD NOT WORK. Unfortunately this is not a perfect world, and there are ways in which people who don't know how to set up a mailserver can end up with something which APPEARS to work, but is, in fact, broken and harmful. These people should NOT have their mail successfully delivered until they fix their problems.

However, just in case I seem too rabid, I will add that of all the responses I've gotten to my spam complaints (all of which involve open relays being raped by spammers), those from the postmasters of said relays are invariably more polite and friendly than those from the ISPs hosting the spammers.

Re:Make a decision, folks

[nathanh]

Censorship is either good or bad. Pick one.

Censorship is bad.

Rejecting spam is not censorship [*].

[*] although it might be censorship if you use a position of power (eg, postmaster at an ISP) to reject spam sent to your users, without their knowledge and/or approval.

Re:Make a decision, folks

[iabervon]

These lists don't actually list spammers. They list machines which are configured incorrectly such that people can misuse them. People aren't on the list because of what they are trying to say.

This assumes, of course, that the lists actually do what they're intended to do: prevent unresolved problems from hurting other people. Ideally, you would only end up on such a list if you were running an open relay, you would be notified, and you would be able to get off the list as soon as you fixed your mail server. The censorship issues have been with people getting on such lists when they were not, in fact, running an open relay, or not being removed from the list when they fixed it. That sort of thing, in addition to being generally bad for freedom, also reduces the effectiveness of the lists.

Re:Make a decision, folks

[WWWWolf]

...but don't email it to me and don't tap it into my forehead and don't shout it via megaphone at 3:00 AM outside my house.

Er, that's not the correct analogy. This would be better: Spammers force us to pay for the priviledge that we can tap the message with morse code on our own foreheads, or they want us to buy studio time from local recording studio to use sound-proof room so that no one else gets annoyed when they shout the message at us with a megaphone at 3 in the morning.

That'd look more accurate.

=)

Email is not a public forum

[zaf]

This is not free speech. If you are forced to pay for it, it is not free. And you do pay for it, however minimally it may seem. Bandwidth, drive space, etc, are all wasted to house and transport spam.

Would you call it free speech if somebody pasted a sticker detailing human rights abuses in China to your car?? I call it defacement, and and forcing me to use MY resources (not free) to remove and repair their damage.

It doesn't matter what the message is, you do not have the right to force it on someone else. There is no double standard, just idiots who don't understand the meaning of the word freedom.

Re:And good riddance!

[Falsch Freiheit]

The instant I'm paying for it and I didn't ask for it, it's spam. Yes, even if it's about human rights abuses in China.

Re:Make a decision, folks

[Goonie]

Sex is either good or bad. Pick one.

Go you big red fire engine!

Re:Make a decision, folks

[scrytch]

Censorship is either good or bad. Pick one.

Oh please. Do look up "fallacy of excluded middle" on your favorite search engine then come back with an actual argument.
--

A man's home is his castle

[PD]

Said the supreme court when they decided that the physical mailbox on the curb was part of a man's house, and that man had say over who could send mail to him or not. As a result, there is a Form 1500 [junkbusters.com] that provides official notice to stop sending shit to a certain box, or face criminal penalties.

An e-mail box should be treated the same way, although I expect that a supreme court decision will be required to make this happen.

This isn't censorship, this is cutting through all the marketing bullshit.

Re:You twisted the question though.

[ansible]

Hello? Not everyone has broadband access to the Internet. Not everyone has untimed access to the Internet.

In many countries, there is a per minute charge for dial-up connections. Every second spent downloading spam is directly costing the user money.

I'm sorry, but you need to get a clue.

If the end user chooses it isn't censorship

[FreeUser]

As long as it is the end user, and not ISPs, that are filtering based upon the ORBs databases, then it isn't censorship, rather it is simply filtering based upon another's suggestion.

One could argue that personal email is not a public forum, such as USENET and places like slashdot, and that any form of filtering, at any point along the way, is not censorship in the real sense of the word.

In any event, as long as the end user is informed, and has a choice, it isn't the kind of institutional censorship so often, and so correctly, decried here, it is merely voluntary filtering of what those who subscribe to it view as noise, as is their right.

As for slashdot being united about anything, a quick perusal of any discussion, on any topic, should dissuade you of that erroneous assumption.

Re:And good riddance!

[Tim C]

Well, spam is defined as being unsolicited commercial email, so unless they were offering to sell me something to help ease the plight of the Chinese, I'd consider it speech.

If they *were* trying to get me to buy something, then it'd be spam.

Cheers,

Tim

Re:Free Speech?

[Tim C]

The argument in this case would be that by denying them free speech in this case, you are preventing them from denying you and many others the right to free speech.

Of course, spam is not a free speech issue; Freedom of Speech does not cover freedom of making others pay for that speech. Spammers are still free to stand on a street corner and tell passersby of their wares, or even pay for their advertising.

Cheers,

Tim

Re:Three things...

[Todd Knarr]

The main problem is that it's the spammer's computer that decides ( theoretically based on MX records ) which mail server to connect to. The only way to make this happen is to use multiple hostnames for users, eg. x@open.domain.net vs. x@orbs.domain.net, instead of vanilla x@domain.net. You'd need the servers configured with lists of users they should accept mail for, and some way for users to maintain that list. I'd prefer headers myself, but I'm a firm believer that if an ISP doesn't do procmail I don't want to use that ISP for mail.

Three things...

[Todd Knarr]

1. The recipients typically can't block mail from open relays. Doing that requires rulesets in the mail server that process based on the IP address the incoming SMTP connection is coming from. That requires root access to the ISP's mail servers. Few ISPs give that access to ordinary users, and gods help the ones that do. And it'd require a mailserver for each user. The best you can do is have the ISP use services like MAPS and ORBS and add headers to the message that users can use to reject mail, and that depends on the users being able to set up procmail or something similar, which isn't feasible for Windows-based users.
2. Gilmore's own argument works against him. If ISPs have a right to transport mail, then they have a right to not transport mail. Gilmore's going beyond advocating free speech and into the unacceptable to me area of requiring a third party to pay for the hall for the spammers to excercise their free speech in.
3. Yes, MAPS and ORBS do cut off legitimate mail. If they didn't, then there's be no incentive for anyone to clean up the spam. The recipients of spam who're complaining about it typically aren't customers of the ISPs being used to send the spam, so the ISP loses no money by ignoring their complaints. Only when their customers start complaining because all mail from that ISP is being rejected do the ISPs feel any pressure to shut down the spammers. It'd be nice if it were otherwise and ISPs acted politely, but reality is they don't and we have to live with it.

ORBS is free speech, spam is theft

[Medievalist]

I run several mailservers. I need them to be at least profit-neutral, preferably profitable.

Why? So I can keep running them. I don't get government grants, and I have a spouse & kiddies to support. If I am to continue to contribute to the Internet community, I must not only survive, I must be able to pay for my links.

Spam, generated with the help of people who insist on open relays, finds my users and clogs their mailboxes. They (the users) no longer receive optimum value from time spent interfacing with my mailservers. This in turn impacts profitability.

State-supported academics and wealthy ideologues can rant as they please, but stifling the right of anti-spam zealots to list open relays is pure censorship - the suppression of someone's right to speak out. In contrast, spam is the theft of disk space and bandwidth - and whenever I try one of those "opt out" things the spam load noticeably INCREASES, incidentally.

Open Relay blacklists let me continue to feed my family while doing work that helps the Internet as a whole. Spam eats my time and other resources and robs the Internet of any potential fruit of those lost resources. My preference should be obvious.

--Charlie

PS- All the things the open relay advocates claim they need to do can be accomplished without the use of open relays. Except spamming and mailbombing.

The problem is that mail gets MIXED UP

[Skapare]

If all mail servers fell precisely into one of these two categories:

• sends mail that people do not want to receive
• sends mail that people do want to receive

then the situation would be simply solved by not accepting mail from servers that send what you don't want. The problem comes into play when a mail server, usually as the result of misconfiguration (which itself is usually the result of an incompetent or ignorant system administrator, or the management above them restricting what they can do), mixes up legitimate mail with the spam. What many people who run clean mail servers then choose to do is to just not accept the whole lot.

Gilmore is certainly well intentioned. Anti-spam measures do pose a risk to true free speech, which unfortunately due to the way society and its leadership tends to react, must often be done anonymously to avoid risks of retaliation. However, he has the mechanism all wrong. Once unwanted mail has been accepted at a server, the damage is already done. Now processing cycles must be used to analyze it to filter it out by other means, and storage is occupied over time to hold on to what then takes up human time to read it (usually because of a misleading subject like "oh, I forgot to mention" which could cause almost anyone to read it thinking it might be legitimate mail). The real practical solution is to use mechanisms that are the most efficient at discovering the most accurate level of unwanted mail and separate it from the wanted mail. And one of those mechanisms to choose from are the various lists of mail servers that are discovered to be sources of generally unwanted mail called SPAM.

Different people do vary in their belief in the benefit of losing unwanted mail like SPAM versus the cost of losing wanted mail. One could think of it as a ratio. How many pieces of SPAM would a scheme need to be able to get rid of to make it acceptable to lose one piece of legitimate and wanted mail? Some people will say there is no acceptable number. They won't be filtering SPAM at all. Others consider it acceptable to lose some legitimate mail to reduce their costs of processing and the time taken to read the junk. When it is realized that the senders could move on to a different network services which carries out actual and effective measures to ensure their mail server is in the 2nd category above, then for many people it is acceptable to lose some mail because they know the sender can remedy the situation.

I use the MAPS databases in blocking spam coming in to my servers from various classes of known spam sources, including open relays. I review the logs and have found that so far it has been very effective in blocking spam while not blocking legitimate mail. It's not as effective as desired in being comprehensive in blocking all open relays. But I have found that if I also block mail arriving from mail servers which have no PTR record available at all (reverse DNS) for its IP address (reversed in the in-addr.arpa zone), the blocking is nearly as effective as MAPS. In fact it blocks more SPAM than MAPS does, although there have been 3 cases of apparently legitimate mail being sent in and lost (one of those being from OSDN itself ... heads up Kurt!).

In general there appears to be a very high level of correlation between servers misconfigured to allow SPAM to be relayed and servers misconfigured to not have functional reverse DNS. It's not perfectly 100%, but it is well over 99%. Most of the open relays seem to be the rapid growth of businesses connecting to the network, especially outside of the United States (the US having done most of its initial connection growth already). This is probably made worse by the fact that most of the documentation is in English, and English is not really universally understood. That doesn't mean that when a new mail server comes online in China as an open relay that the administrator intended this to be so. More likely they are not getting good documentation in their own language to explain to them the importance of making sure the server is closed for relaying, and the steps needed to do it. Another problem that is probably contributing is a very high use of pirated software, which tends to be older versions of Microsoft Exchange server, and limits the ability to get service packs for it.

Where's there smoke there's often fire. If the server lacks reverse DNS it most likely is also an open relay (or worse, a direct spammer).

Still, the fact that an administrator would not want to relay SPAM does not in my mind mean I should go ahead and accept SPAM from them. So I find it perfectly acceptable to use at least some of the databases of SPAM sources out there, and even additional techniques, to block the unwanted and costly mail. It's my server. And my customers can move on to someone that lets SPAM in if they so choose. And I am now setting up a 2nd mail server with NO anti-SPAM measures (it won't relay, but it will take mail from all sites to be delivered here) and let customers choose which they want their incoming mail to go through. I wonder which one they will choose. I wonder how long it will be until they go back.

And BTW, I did test out using a context based mail filter for my own mailbox once. It killed more legitimate mail than I found acceptable; far more than my current methods do.

Re:How I dealt with my spam...

[Skapare]

They added you to their list. You added them to your list. Sounds fair enough to me. They finally deleted you from their list, so you in turn deleted them from your list. Still sounds fair enough to me.

Was it criminal for you to add them to your list when they didn't want to be added? If yes, then it would be the same for them as well, right? I think so.

Good job!

Re:Honestly...

[Skapare]

If you want someone else to do the filtering for you, would you be satisfied by using an ISP that used MAPS/ORBL/ORBZ/ORDB to block spammers? Or would you be complaining that the ISP is "messing with your mail"?

Re:Honestly...

[Skapare]

Some spam does indeed have the filtering. Some does not. In fact most does not. Most are from throw away or even non-existant accounts, usually mangled to bypass the filters. The only safe way is to have a list of everyone that can send you legitimate mail and block everyone else. But then, you'd miss out on some mail anyway.

Re:Spam is *not* free speech!

[Skapare]

Which is one of the reasons I blocked the entire country of Korea. I'm lucky that I can do this because I have no legitimate mail coming from Korea. Taiwan and China are similarly blocked, though I might have to unblock some of Taiwan since there are businesses there I might end up working with. Even Japan is a huge source of relayed SPAM, and I'd like to block it as well, but I get a lot of legitimate mail from there so it's not an option (I just block the networks that happen to send SPAM).

Then there is that guy who has 500 dots in his PTR receord (so he must be using some static IP) that causes mailers to overflow their header and hide his IP address. I had to block "9netway.com" to get rid of that guy. And he may even be forging that.

An alternative idea

[Skapare]

Right now the various MAPS/ORB* type databases are hard to get removed from. In my experience the bulk of open relaying (as opposed to direct spam, which is in a separate list now anyway) comes from places that won't even try to do anything about it, much less try to be removed from the list. My idea is to have the usual method of detecting open relays, but making it easy (an easy to use web form) to be removed from the list. The web form will use an email verification by sending the usual verification code to the provided email address, and then once verified on the web page, automatically remove the specified address. Those places that continue to relay spam are going to end up back on the list anyway, probably real soon, too. Oh, they can go through the cycle of having themselves removed again. If the web form is structured to make automated bots filling it in not viable, it should be effective. This way anyone who thinks they have been placed on the list inappropriately can just remove themselves.

Oh, and there would be an opt-out "would you like to receive our newsletter" selection for those whose email address is used more than 10 times :-)

Since when is helplessness a virtue?

[Zach Frey]

Sheesh. I understand that not everyone has the time and talent to write their own mailfilters and admin their own servers, but why sneer at those who do? Got something against taking responsibility?

So why not grow your own food so you only eat what you control and sew your own clothing and manufacture your own car and build your own house?

You say that as if these were bad things. Why not indeed?

But there is another strong objection which I, one of the laziest of all the children of Adam, have against the Leisure State. Those who think it could be done argue that a vast machinery using electricity, water-power, petrol, and so on, might reduce the work imposed on each of us to a minimum. It might, but it would also reduce our control to a minimum. We should ourselves become parts of a machine, even if the machine only used those parts once a week. The machine would be our master, for the machine would produce our food, and most of us could have no notion of how it was really being produced.
-- G. K. Chesterton

Re:Since when is helplessness a virtue?

[Zach Frey]

Regarding that G. K. Chesterton quote: the extreme likelihood that you didn't create the silicon wafers, design the circuit boards, mold the plastics, and do the soldering on the machine you're using to post to your message indicates the hypocrisy of your argument.

Oh, how silly of me. Of course, I should have realized that since I am unable to build my own computer out of sand and copper ore, that any attempt to exercise some modicum of self-sufficiency is doomed to be hypocritical.

No doubt the fact that when I make waffles from 'scratch', I haven't ground my own flour from wheat that I've grown myself, churned my own butter from my own cow, and gotten the eggs from my own chickens proves my hypocrisy as well. I should just be a good little corporate consumer and serve my family Eggo [eggowaffles.com].

Thanks for setting me straight. I'll make sure to stop trying to write my own software and uproot those tomato plants in my back yard so that I won't be a hypocrite for failing to be entirely self-sufficient.

Re:Make a decision, folks

[ivan256]

I am against the censorship of this list of open relays. Don't forget to look both ways next time you cross the street.

Re:Make a decision, folks

[Codeine]

"There is a huge freaking world of difference between censorship and closing open mail relays."

And there is now a huge freaking difference between the actions of ORB.*/MAPS and "closing open mail relays."

They do a lot more than just that, and some suspicion has fallen on the motives of some of the shutdowns that have been instituted, with no right to petition for redress.

It's not just for Open Relays anymore.

I suppose in some idealistic sense,

[mindstrm]

you might have a point.. however.
SO what if the ISP blocks it? THEY are then eating the cost of that incoming traffic, they just aren't forwarding it on to you, so you pay for it with higher fees.

The reality is, spam doesn't really cost us that much, we just don't like it.

Spam is not Theft of Service, I'm sorry. You have an email box which anyone can send email to, whether you like that mail or not. They have not 'stolen' any service from you by sending you mail, just as when you go to a web page and get a big graphic you didn't expect.
By the super-idealistic mentality people use, I could say that NO service has been stolen from you, because your POP client CHOSE To download those messages from the mail server; you could have left a few out.

This is not someone walking into your house and ransacking it. This is someone leaving junkmail in your mailbox.

Maybe, if you pay per-message for your email, you'd have a point.. similar to why telemarketers can't call cellular phones... because it costs the receiver.. but...

Can you show how an unwanted email address cost you money? Would Your or I have more money to show for it if we didn't get 200 some pieces of spam a week? I doubt it.

Get them for deceptive advertising, fraudulent communications, or harassment... but not for 'theft of service'. By your logic, when the Jehova's Witnesses knock on my door and waste my time, that would be 'kidnapping'.

Re:I suppose in some idealistic sense,

[mindstrm]

Okay. Let me try to put it a different way.. forgive me, I'm having trouble explaining what I mean.
Where is it stated that nobody can send you snail mail without approval?
Where is it stated that nobody can phone you without approval?

All I'm saying is that, yes, in an idealistic sense, they are wasting your resources in a way they should know is unapproved, but realisticly, it's NOT costing you anything appreciable. If it is, please show me how you have more money if you don't get spammed.

If someone were to use the resources your are paying for without your permission, by hooking up to your home network and abusing your connection, that's akin to trespass, I agree.

As for your ISP, they have a server that accepts smtp-compliant email from anywhere else on the internet. When I spam you, I don't send the mail to your house, YOUR COMPUTER goes out and fetches it. It's no more 'theft' of your services than when you go to a web page and it's not what you thought it was, or it's 10x the size you thought it was....

The other thing is, are you paying for bandwidth? What about someone who sends you mail without asking you for permission? If I'm your friend, I still can't break into your house and use your shit, that's illegal.. but it would be okay for me to mail you without asking for permission? Get real.

A few discussion points.

[mindstrm]

These are all how I feel on the subject... what do y'all think?

1) Spam sucks.
2) Even though it may not cost that much in ISP fees, people argue that TIME=MONEY. I'll grant that.
3) The average anti-spam activist spends far more time whining on the net about spam and/or configuring anti-spam systems than it would to simply delete their spam every day.

If time=money, why not simply take the quick route, delete those spams, and get on with your day?

Wow.. put words in my mouth.

[mindstrm]

I didn't say I hate them, I don't. I also didn't say I like spam, I don't, and I realize that if we got hundreds or thousands of pieces a day, it would be a different story. But we don't.

I think there are several legal avenues by which we can reduce spam.

My point was that, currently, far more time is spent working on anti-spam systems (which also only treat the symptom, not the disease) than would be simply ignoring/deleting spam.

I'm not saying don't work on them either... simply that some kid who whines about how 'valuable' his time is so he spends it working on his anti-spam system to save him time is being a hypocrite.

I also think that, the reason spam persists is because SPAM WORKS. As long as people respond to spam, then there is a reason to spam. And if spam is working for some people, who are we to block it from them? We're better off to educate people and have people refuse to do business with companies who spam... when spam no longer gets a response, it will stop.

Re:You twisted the question though.

[mindstrm]

Yes, I'm aware of that, I live in one of those countries.

Most poeople, however, who are whining about spam are NOT living in those countries, funny isn't it?

I don't dispute that spam is bad... just that people need to make a better and more convincing case for it.

Re:You twisted the question though.

[mindstrm]

Yes yes, I know that it costs money.. but how much money? Show how much more/less your monthly bill would be without spam... that's what I'm saying.

I'm not implying that bandwidth is free, only that the amount lost to spam by end users is negligible.

Thank you.

[mindstrm]

All I asked for was an example, and you provided the first one that actually makes really good sense.

Yes, I can appreciate that spam will cost you money.

What about a protocol that lets you choose which messages to download? I mean, that's what I do.. the beauty of imap.
You are still making the choice to download eachindividual message, even if you simply chose to download them all.

I still maintain that the bulk of people who whine about spam are just whining for the sake of whining; it's not costing them anything.

Once again...

[mindstrm]

You're twisting it around. I agree with what you said completely....

BUt I'm not talking about the abuse of a mail server by brute-force spamming, I have no problems seeing how that should be illegal.

I'm talking about Joe Average who checks his email now and then, online, because that's who whines about spam the most.

You are talking about the mechanism used to deliver the spam, I'm talking about the end users actually fetching the mail.

Re:You twisted the question though.

[mindstrm]

I have no sympathy for spammers either... and I support anti-spam policies of ISP's... open relays are bad, etc etc etc.

I live in europe, I know full well how the fees work.

My point is that so many of the people who whine about spam are people who spend far more time trying to block it from entering their mailbox than they would simply deleting it.

Cool.

[mindstrm]

I understand perfectly. As I said, I understand that spam can cost money. My question is how much does it cost YOU.

As you have this information readily available, can you give a good guestimate as to how much extra money you paid last month because of spam?

You twisted the question though.

[mindstrm]

I'm saying that, all other things being equal, how do you have more money if you don't get spammed. How does the presence of 'spam' in your inbox cost you money.

Yes, time is money, but please show me how you actually would have earned more money had you not had to delete, let's say, 20 pieces of spam a day.

Now.. a mail relay getting hacked or otherwise used for bulk spamming, THAT Is theft of services, no doubt about it. That's not what I was talking about. I'm saying that, when you, as the end user, get some spam, it is NOT 'theft of service'. You're mixing up two different aspects of it.

I'm not in favor of spammers, I think there are several legal avenues to persue regarding making email sane again, I just don't think end users claiming 'theft' of services is the way to do it.

I understand what unsolicited means.

My time is worth a great deal to me (and those who pay me), but I'm realistic. Most spam whiners spend FAR more time whining about spam and setting up filters than they would simply deleting the spam. I know deleting the 30+ pieces I get a day takes me LESS THAN 2 minutes a day. I spend more time than that going to the watercooler and back. Get real.

Re:You twisted the question though.

[WNight]

If spam was actually marked as spam, then yes, it would be much faster to delete it. Or, write a filter to do so.

But it's not. It's intentionally disguised to look like non-spam email.

I'm on a few mailing lists, and have a bunch of people contacting me from places like Slashdot, Kuroshin, etc. Not to mention potential clients.

A lot of them send me mail with subjects like "Hi!", "Re: posting", or "We talked at COMDEX"... I can't just whip through and delete spam, I actually have to look at every message.

This takes probably a minute for every five messages I get, because some of my potential clients actually send me gaudy HTML email.

For 75 messages then, spam costs me about $45, my billable rate for general consulting. It's time I spend on work-related matters, for which I can't actually bill.

And 75 messages of spam is fairly common, sometimes I get many more.

Re:Make a decision, folks

[Rupert]

That's like giving everyone in the world a key to your house and getting angry when people you don't want in there come in anyway.

Actually, it's like leaving the door unlocked. I expect you to go away if I ignore you. If I go a step further and tell you to go away, I don't expect you to sell my address to a thousand of your mates who will knock on my door because they know I'm at home.

My phone number is in the phone book. That doesn't give everyone in the world the right to make collect calls to it (particularly not from Korea).

--

Spam will destroy email if not stopped

[Mike Van Pelt]

How many people are on this planet? It's about six billion now, right?

How many of them have something to sell? What if it's only one person in a thousand?

People who naively say "spam is free speech, just delete it" are fundamentally missing the point. If you get six million spam messages in your inbox daily (and based on the above "one person in a thousand has something to sell", that's what you'll get if spam is "OK")then email has ceased to be a usable communications medium.

I am postmaster@the.company.I.work.for, and I see a continuous flood of spam - dozens of emails a day - to the address of one person who left the company over ten years ago. For ten years, this email was all bounced "No such user", but since the return addresses on the spam are forged, they never see it, and the address remains on all the spam lists. (I'm now using his old address as a "spam poison pill" address.)

The postmaster mailbox gets hundreds of megabytes of "no such user" bounces a day. In an ideal world, I would scan the "no such user" bounces and facilitate legimate senders of email getting their mail to its intended recipient. In the spam world, all I can do is procmail all "no such user" mail into a separate mailbox that is deleted daily, and never looked at. (No, I am *not* exaggerating when I say "hundreds of megabytes per day.")

Contrary to Gillmore's naive ideological purist anarchism, spam is not a trivial problem, and the volume is such that it constitutes a Denial of Service attack. It must be treated as such.

Re:Spam

[EasyTarget]

Why can't people just select all and hit delete

Because my delete key wore out.

I can delete a couple of spams a week, but the current several hundred? Get real.

Oh damn, I just responded to a troll.

EZ

Re:Make a decision, folks

[bravehamster]

This is no troll, it's the truth, the overall sentiment that I've seen in comments on the site in the last several years is "Oh my God they're trying to stop us from saying what we want" on one day and "We must censor spammers" on the next.

There is a huge freaking world of difference between censorship and closing open mail relays. This is *not* a free speech issue. The people using open mail relays are not legitimate businesses. They are hijacking other peoples 1)ignorance or 2) goodwill in order to hide their origins and make it impossible for the *end user* to block these unwanted messages. If people want to send spam, fine. All the best of luck to them. But they should at least be honest about it. This has absolutely nothing to do with free speech.

Re:And good riddance!

[Dr.Evil]

Maybe you missed it -

We're obviously in the minority... and I wonder if he'll get added to spam lists now, like I do every time I post a story critical of anti-spam activists.

jamie is on your side. It's just that you're both wrong. You may have a right to free speech, but you don't have a right to force the television news to broadcast your message, and you don't have a right to force me to listen to you. With the ORBkins, it's like having a news director at the TV station - yes, sometimes important things don't get covered (at which point some people will complain, and perhaps something will get done), but most of the time, it's just raving loonies who get ignored, and no one but the loonies gives a damn.

Until it's government mandated, or public institutions start requiring its use, there's no censorship issue involved. When the Southern Poverty Law Center [splcenter.org] maintains and publicizes a list of suspected hate groups [splcenter.org], that's not a violation of civil liberties (although if they're wrong it might be libel). When the FBI does it, it's a different issue.

Re:If the end user chooses it isn't censorship

[Dwonis]

Except... the costs for spam don't just get paid by the end user. Spam incurs costs on everyone between the spammer and the end user, especially on the ISP running the mail server, so if an ISP wants to deny SMTP connections from hosts on the ORBS list, that ISP has every right to do so. If you don't like it, run your own mail server (make sure it's an open relay).

I get very tired of people who think their opinions are valuable when they haven't ever researched the damn issues, and want to impose this on others!
------

Re:Make a decision, folks

[Dwonis]

Sigh. Anyone who knows anything about debate knows that the "slippery-slope" argument is not a good argument.
------

It's not censorship, it's protecting your property

[Jay Maynard]

I run my own mailserver. I see no reason at all that I should not be allowed to filter access to it by whatever means I believe are appropriate, just as I guard any other access to my personal property.

MAPS and the various ORB* systems are not censoring my email. I am doing so myself, on a conscious decision that those who send or facilitate spam are not welcome to send to me. Nobody else has the right to question my decision in the matter.

I believe that ISPs have the right to determine who can use their property. They should disclose fully what filters, if any, they use to their customers, so that those customers may make an informed choice, but the decision of what to filter is theirs alone, influenced only by market pressures.
--

Re:Make a decision, folks

[Coward, Anonymous]

Nobody's saying spammers shouldn't be allowed to say what they're saying, it's how they're saying it. Pepsi can run commercials on TV telling me to drink pepsi all they want, but if they hire someone to tap the message "Drink more pepsi" in morse code on my forehead then they've gone too far and should be stopped. If someone wants to sell me a list of 50 billion email addresses of eighteen year old girls who want to enlarge my penis while making money fast that's fine, I have no problem with them doing that, get an ad in a newspaper or magazine but don't email it to me and don't tap it into my forehead and don't shout it via megaphone at 3:00 AM outside my house.

Re:Make a decision, folks

[signe]

Yes, I agree with this. However there is a difference when it's free speech at someone's expense. You can shout at the top of your lungs as much as you want, but as soon as you try and make me pay to listen to you, your rights to "free speech" with regards to me end.

And yes, I've heard all the arguments about how the cost of receiving an email is miniscule. However there is still a cost, and that's all that matters. It may only cost a cent for me to receive an email, but if I get 20 spams a day, that's 20 cents a day, $5 a month, $60 a year. These things add up, and the point is not that I have to shell this obscene amount of money out, it's that I shouldn't have to pay for someone else's advertising. You hear griping about junk mail (postal), but you don't see the pure hatred that you see for spam. Why? Because they're paying to send it out. The costs are in the right place.

So while I agree that you can't have it both ways, you also have to concede that there is a difference here. If spammers were paying to send out their ads, it would be a different story. However it can't just be a matter of them paying their provider to send out the ads, they have to *remove* the cost of receiving it from us.

-Todd

---

Gilmore doesn't get it

[brickbat]

For someone who advocates freedom and choice on the "electronic frontier," John Gilmore is sure quick to sacrifice other people's property in the name of a free Internet.

His analogies simply don't wash: the guy on the street corner, and the bulk-mailer leaving ads in my postbox, are bearing nearly all of the transmission costs. That's not how it works on the Internet. Bulk-mailers have no right to consume my resources without compensation. It's really that simple, and I don't understand how pseudo-libertarians and bulk-mail supporters can't grasp this simple concept. And while it would be great if every 'net user understood how to write procmail filters, most don't (and won't), and it's unreasonable to expect them to.

The censorship argument doesn't wash, either. Private networks have the right to decide what data to carry through their wires and servers. Whether they make morally or ethically sound decisions on what to censor can be debated, but their fundamental right to do so cannot be abrogated.

To make matters worse, Gilmore is willfully choosing to remain part of the problem by running his own open relay. He doesn't get that his rights end where others' begin. Maybe he will never get it.

Re:And good riddance!

[bwt]

Spam is free speech, people! When you prevent someone from telling people about their issue or product, what ever it might be, in the United States, you are restriting their Constitutionally-guarenteed rights to free speech. (emphasis added)

This is false. The Constitution prevents THE GOVERNMENT from regulating such speech. It does not prevent me or any private third party from doing so, nor does it obligate me or them to use my private resources to forward on an endless supply of mindless chatter. And it most certainly does not stop us from sharing information on who we think is irresponsible enough to privately block.

In fact, it is an exercise of free speech (and property rights) for me or them to put a privately owned mail server on the internet and choose not to forward mail designated by whatever source I choose to. If you don't like it, too bad. You are free to start routing your own mail with your own resources, but I'm free to block whatever mail I feel like from being transferred by my private property.

Everyone should have a right to tell people about events.
They do, but not with the assistance of private resources of those who oppose their message or editorial style.

procmail recipe

[Refried Beans]

I would prefer that my provider use the blacklists, but in case they don't, I fashioned this procmail entry to help out. It strips out all of the IPs from the Received: headers and checks them all against whatever blacklists you want to use. rblcheck is used.

* !? /usr/local/bin/formail -xReceived: | egrep \[[0-9.]+\] | sed -e 's/.*\[//' -e 's/\].*//' | xargs -n 1 /usr/local/bin/rblcheck -c -q -s blackholes.mail-abuse.org -s dialups.mail-abuse.org -s relays.mail-abuse.org -s inputs.orbs.org -s spamsources.orbs.org

SpamCop

[staplin]

And you can even simplify the process of fighting back by using SpamCop [spamcop.net] to help identify all the appropriate places to report the abuse.

Re:And good riddance!

[staplin]

Spam is free speech, people! When you prevent someone from telling people about their issue or product, what ever it might be, in the United States, you are restriting their Constitutionally-guarenteed rights to free speech.

I agree that preventing someone from speaking is wrong, however, this is not quite that cut and dried... In the case of product based spam, it is restricting them from speaking anonymously. They are still free to send their message without using an open-relay. If they truly are trying to sell a worthwhile product they believe in, why are they often hiding their identity?

Re:SpamCop

[staplin]

Problem is, Spamcop redacts the sender's address when forwarding reports. Makes it rather hard to resolve the complaint, when I have no idea what address to get removed from the mailing list.


I agree that this is the wrong thing to do when it's a legit mailing list, especially when it's an opt-in list. And the SpamCop instructions explicitly ask users to try unsubscribing first.

The problem is when I get 52 copies of "Buy Viagra Now!" emails where the sender/reply-to/remove addresses are completely unrelated to each other or the URL for purchasing. And if I did reply to the remove request address, I bet I'd only get an undeliverable error because some poor schmuck has been bombarded with 50,000 unsubscribe requests for a product he's never heard of and has overflowed the mail limit set by his ISP.

That's what SpamCop is designed for, and where it should be used. You can't guarantee a tool will be used properly every time, but that shouldn't prohibit you from making the tool available.

Default Deny

[wfrp01]

IP filter rules fall into two general categories: default allow or default deny. Perhaps we're headed towards the day when the only thing that makes sense is to apply the same default deny rules to urls. I'm seriously thinking about it. Maybe then ORBS won't seem so draconian.

Since we're talking about SPAM, I will plug once again for a spam tax. Allow spam. For a per-copy fee. Then make sending unsolicited bulk /unpaid-for/ email a crime. People should not be forced to use paper to advertise. But they should not take advantage of bulk email.

Stop mis-using First Amendment!

[Speare]

First, I definitely think that ORBS-style blacklisting at the ISP level is bad for consumer choice, and blacklisting at the recipient level is where it should be done.

But PLEASE stop mis-using the First Amendment.

When you prevent someone from telling people about their issue or product, what ever it might be, in the United States, you are restriting their Constitutionally-guarenteed rights to free speech.

Here's the First Amendment of the Constitution of the United States, in FULL:

• Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Does that say anywhere in it that ISPs cannot choose who or what to block from their networks? Let me repeat: ORBS at ISP level is bad business because it removes choice from the consumer. It is not, however, against the First Amendment. ORBS and ISPs are NOT the US Federal Government. They are NOT beholden to the First Amendment. They can do whatever boneheaded bad business decisions they want to do, with respect to controlling their own networks.

Secondly, the right to free speech does NOT mean that you have the right to be heard. If someone refuses to listen to your advertising message, that's their choice. You do not have the right to force them to hear your jingles or your offers for sexy hot teens.

It's such a short amendment, with such clear wording. Why does everyone mistake it so much?

Re:Make a decision, folks

[Greyfox]

And you're saying you believe filtering spam is censorship? Wouldn't that be rather hypocritical given the E-Mail address you have attached to your account name?

Let me see if I can sum this up

[Greyfox]

1) You're all hypocrites for deying the spammers their right to free speech.

Do you have a nospam in your user profile E-Mail address? Do you even list a user profile E-mail address? If so, you're a hypocrite and a troll. Why do you do that if you believe spamming is someone's constitutionally guaranteed right?

If you do have an unadulterated E-Mail address in your user profile, I'll hit all the porn sites in your name and see if you feel the same way about spam in a month or two.

2) The end user should filter the spam...

Once it's hit the wire, you've already paid for most of it. Actually once it's hit your provider's wire, you've already paid for most of it. The cost of all your users' data transfers are worked into the monthly bill one way or another. If your bill's dirt cheap, your ISP is probably massivly overcommitted on resources and you spend more time waiting for your files to come down or waiting for a line to open up. Don't think for a second that you're not paying for spam, even if it's not listed as a line item on your bill each month.

3) The user should run his own mail server...

See number 2. Not everyone can run a mail server either. In fact, most people can't. You need a static IP, a dedicated connection and an ISP that isn't an asshole about you running your own servers. You won't find a reliable provider who will give you all that on the $20 a month plan.

I'd like to see a revised mail server RFC that operates on the web of trust model. To talk to a server, your server's key would have to be registered with it. If mail admin Dan trusts mail admin Paul, anyone trusted by Paul's server would also get to talk to Dan. If Paul turns out to be a spam house, Dan just revokes his key and shuts everyone coming through Dan down. The mail log would list all relevant keys that allowed a transaction.

Re:And good riddance!

[Greyfox]

Sorry, I missed your E-Mail address in your user profile. Please post it so we can help the spammers practice their constitutionally guaranteed right of free speech on you.

Re:And good riddance!

[Lish]

This is a terribly uninformed post. Legally, commercial speech, for example advertising, does not receive the same free-speech protections as other speech. There are legal categories of speech and the protections accorded them are different. A mass unsolicited mailing is not necessarily the same as a mass unsolicited advertising mailing, so your example doesn't work. I might not want my mailbox filled with mass emails about Chinese human rights abuses, but I'd prefer that to the "Make Money Fast" and such. It's not a "slippery double-standard." It's a legal definition, the recognizing that some forms of speech should be accorded higher protections than others.

One of the major cases on this issue is Valentine v. Chrestensen. There is a short version of the relevant points here, [abuse.net] the full argument can be found by searching for "commercial speech" here [gpo.gov].

Furthermore, the first amendment only applies to the government's actions to restrict speech. "Congress shall make no law..." It has nothing to do with what individual companies or persons do to restrict speech. If an ISP decides they're not going to deliver or relay spam because it costs them money and resources to do so, that is their business and not a violation of the first amendment.

---

Re:Since when is helplessness a virtue?

[crucini]

Regarding the Chesterton quote, I think you may be missing the point of control. Chesterton lived with technology, and would have been miserable without clothes, boots, beer and tobacco. But he was unhappy when control of technology (in the most general sense) was taken from the small, independent operator and given to the huge monolithic operator. Public houses were becoming tied houses, openly or secretly chained to a particular brewery. Chesterton didn't want to abolish the beer; he wanted to free the beer from corporate control.
To relate this to your complaint about wafers and boards: the PC hardware market is one of the best markets from a Chestertonian perspective because it's filled with tons of small shops and the customer has a lot of choice and control. I have more control over the composition of my PC than I ever had over the construction of a typewriter.
With regard to hypocrisy, Chesterton didn't sew his clothes, make his boots, brew his beer or grow his tobacco. And yet his dependence on tailor, cobbler, brewer and planter did not smack of slavery.

My reactions

[crucini]

Every time a spam story is on slashdot, the same ideas are expressed. I tend to disagree with all of them. Here are the common themes, with my comments:

1. Free speech does not apply, because mail servers are private property. I disagree. Free speech is a positive value which ought to be actively preserved, not merely the absence of government coercion of speech. Corporations have tried many tricks to suppress speech, and have been frequently blocked by courts and legislature from doing so. Moreover, I think the absolute right of property is weakened when the property is used in a highly public manner. Your home is your castle, but when you open a huge store that employs and sells to half the people in town, you develop some of the obligations (and privileges) of a public institution. With DSL providers dropping like flies, we are approaching a world where broadband is offered by two large monopolistic entities in each town. If they decide to start censoring your internet connection based on obscenity or copyright violation or other private agenda, are you going to champion their 'private property' rights as you would champion the rights of a homeowner to control his living room? If you do, you are failing to see that gap in status between you and the communications provider.
2. I don't get much spam. What's the big deal? You are probably downstream of MAPS filtering already. And even if you aren't, you're indirectly benefiting from the huge efforts of others to make spam unprofitable. So this question is like asking, "Why bother drilling for oil? There's lots of gas at the gas station."
3. Just keep your email off web/usenet. That's what I do. Having to conceal or munge one's mail address to avoid harvesting is an admission that abusers have taken over the medium. I reluctantly make that concession in some fora, but there are places where a public address is essential. Email should allow well-intentioned people to contact me.
4. Spam is theft. Not really. When two mail servers exchange messages, it's a consensual transaction. There is no way to inject a mail message into a properly functioning server without the cooperation of that server. Imagine that your wife is home while you're working. A man comes up to your gate and sells her a leaflet of advertisements for one cent. That night you tear it up in disgust and tell her not to buy another. But she does, and the peddler keeps coming back until your house is awash in these leaflets. You don't really have a case against the peddler - you have a dispute with your wife. She has the right to admit items into the house, and she's exercising that right in a way that displeases you. If you run a mail server, you've delegated the right to admit mail messages into the spool based on whatever criteria you specify. If you don't like the messages you get, change the criteria. Don't call the messenger a thief.
5. ISP's should give users a choice of filtering. Some do. But generally this is going to be more expensive than router-level blackholing. ISP's compete in a cost-sensitive marketplace, and the cheapest approach is to null route the spam domains. Accepting spam traffic into the network so users can have the luxury of applying their own filters costs money.

In summary, I'm on neither side. I have little sympathy with spam-fighters, and none with spammers. I'm afraid MAPS is the only bandaid keeping spam in check for the time being, and it must be constantly watched for abuse.

Re:And good riddance!

[Sc00ter]

And how is advertising not a form of free speech? An advertiser is trying to get you to buy a product yes, but how is that different then say any site trying to get you to buy into they belive in?

--

Honestly...

[11thangel]

I tend to assume that spam can only be handled on the level of me and my personal friends. Which is why i own and/or control every server that hosts my email, and i can filter what i want/dont want. The "if you want the job done right, do it yourself" attitude may seem a bit cynical, but it works, and doesnt rely on some company thats either a) struggling to stay afloat or b) trying to make more profits of my personal info.

Re:Good Riddance

[doogles]

SPAM hasn't been reduced to any noticable degree.

I implement[ed] ORBS for my personal email account (rather than server-wide) and blocked 1563 "spams" from November 2000 through May 2001. 4 of those were legitimate emails.

"Noticable" is objective, but for me, the ORBS was cherished because that was a huge chunk of my inbound email.

Good Riddance

[keithmoore]

The ORBS folks have done a tremendous disservice to the community - first by mis-reporting sites as open relays even when they had effective mechanisms in place to prevent being used as an effective spam relay; second, by mis-representing how effective their countermeasures were; third, by giving bad advice about relay blocking to naive mail system administrators.

As far as I can tell, these are the chief results of ORBS:

• SPAM hasn't been reduced to any noticable degree.
• Many people have had legitimate mail blocked because their sysadmins naively trusted ORBS's blacklist.
• Many SMTP servers cannot accept mail for the domains for which they are listed as mail exchangers, because of broken relay-blocking code. This is now a primary cause of failed mail for my mailing lists.

Misrepresentation of others (or for that matter, their SMTP servers) is not part of free speech, especially when it harms the operation of essential services such as email.

Re:Honestly...

[jgerman]

And additionally, you empower yourself, not some other agency that may one day not act as you'd prefer.

Re:Make a decision, folks

[jgerman]

Insightful?? What an odd moderation for a post that entirely misses the point. I never said open relays were good, my comment was based on the thread that said censorship is good or bad you have to choose. If you read first, and thought before posting and maybe you would have seen that I was talking about the hypocrisy over getting mad that RBL ORBS sites were censored, and celebrating when spammers are censored.

Re:Spam is *not* free speech!

[jgerman]

Again, I said nothing about keeping relays open, try reading the post. If you have a comment about open relays, respond to a post that is discussing them, not to one that's looking at the larger issues.

Re:Make a decision, folks

[jgerman]

It's completely justifiable to censor your mailbox, I wouldn't have it any other way. Any attempt to censor the internet at large is number one doomed to failure and two a step away from opening the avenue for the government to come in full force and take over. Before someone thinks they're smart yes I know the internet was started by the government, but it is not the governments possesion. My worst fear is that one day we have an MVA type organization governing the net.

I hate to say it but it's just too bad that you didn't ask for it. You have a address in a public medium, that means that anyone who wants can use it. You can filter it all you want, and you have every right to, but you cannot prevent, or ask anyone else to prevent access for you. That's like giving everyone in the world a key to your house and getting angry when people you don't want in there come in anyway. It's not someone elses responsibility to filter who comes in, it's yours. If you're so concerned with privacy only give keys to those you want to have access.

Re:Spam blocking

[jgerman]

Yes, I find it hard to believe that anyone could get an injuction on an organization like this. It doesn't seem much different, to me, than an organization like PETA providing a list of all those companies that are known to be dolphin un-friendly, so that concered people could boycott their products.

Organizations like this are GOOD, they allow freedom of choice on the personal level by providing information to anyone who wants it.

Spam is *not* free speech!

[Yekrats]

You do not have a right to spam my email-box. Spam has become impossible to stop using blocking at the user level. Spammers set up a dozen free "throwaway" accounts a week, so a user blocking one will do no good. Usually the accounts are cancelled after a few days anyway.

Saying "spam is free speech" is like saying "I, posing as you, using your neighbor's phone card, calling some guy in California to sell him a penile enhancement tool which he doesn't want" is free speech.

The best strategy I can see for limiting spam is ending the open relays. I don't see any legitimate use for an open relay. Anyone care to enlighten me?

Re:Spam is an ISP's headache

[slamb]

A responsible and level-headed version of ORBS is very possible and quite welcome to me.

You're talking about RSS [mail-abuse.org], right?

RSS has the same stated goal as ORBS - to allow people to block open relays if they so choose. But RSS is run by different people and is run much more responsibly. They do not probe IP blocks looking for open relays. They wait until someone submits a piece of spam with full headers. Then they check the relay listed in the spam to see if it is indeed open. If so, a human looks at it and blocks it. Once the open relay has corrected the problem, the RSS people take them off the list.

I believe ORBS also blocks anyone who does not allow their probing. RSS is blocked by ORBS, for example. I've also heard people say that it is very hard to get off the ORBS list. None of this is true of RSS.

Make a decision, folks

[SuiteSisterMary]

Censorship is either good or bad. Pick one.

Shameful Corporate Behavior and its Consequences

[ayden]

"Wired is carrying this article about the shutdown of Alan Brown's Open Relay Behavior-Modification System, more commonly known as ORBS. Brown, of New Zealand, closed his operation after two local companies won legal injunctions against him for listing them."

Anyone know which two local companies? I'd like to publicly shame them.

I Meta Moderate [slashdot.org] and I lose karma?

Scooped by The Reg weeks ago

[alanjstr]

ORBS is reborn [theregister.co.uk]
ORBS splits into ORBZ and ORBL [theregister.co.uk]
ORBS now split into three [theregister.co.uk]

Re:Shameful Corporate Behavior and its Consequence

[oob]

One of them was XTRA, the ISP owned by the ex-SOA telco Telecom New Zealand. I believe the other was Actrix, a Wellington based ISP. Before you go "publicly shaming" those two organisations, you should be aware that their blacklisting may very well have had more to do with Alan Brown's personality (I like the guy and respect him immensely but must acknowledge that he can be extremely difficult) and his commercial interests than it did spam. That said, more power to him and Manawatu Internet services. He keeps "the Man" on his toes.

Free Speech?

[icqqm]

As much as I agree that cutting spammers off upstream is a bad idea, but isn't shutting down a website that lists you ALSO cutting off free speech?

TiVO

[geekoid]

To shut down ORBs and force the individule to get unsolicited emails must also mean that TiVO is illegal because it prevents advertisers from expressing there 'free speech' advertisements.
I will also presume that everybody who is for spam never turns the channels, or leaves the room when a comercial is on.
I don't want spam. why is my rights come secondary to somene who wants to sell something that 99% of the people the spam don't want? If there is something I want, I'll search for it.
The solution is really pretty easy. Make it illegal to:
a)use a false or incorrect return
b)not have a return
c)not have a standard solicitors identification.
those are the only way to protect the individule while still alowing companies to spam.
It is reasonable, protets all parties rights, and easy to impliment.
I know the spammers won't like it because they seem to think we're not allowed to chose what we want to view, and they seem to think sending repeated spam to everybody over and over again generates revenu for someone besides address sellers.
Next I'll be sued for not leaving my TV on all the time and blocking all those advertiser free speech.

Re:Make a decision, folks

[Sir Tristam]

Censorship is either good or bad. Pick one.

Fine. Tell your church that you're going to put a copy of Hustler next to the hymn book in every pew, and if they tell you you can't you'll sue them for violating your free speech. After all, the parishoners can decide to look at them or not.

You seem to have forgotten something called property rights. The church pays for their property, they get to decide how it's used. You pay for your mailbox at the ISP, you get to decide how it's used. Spammers claim violation of free speech rights to validate their violation of property rights, ignoring the fact that nobody's preventing the spammers from getting their own property (web site) and doing whatever they want to on it. Hypocrites. Thieves. No sympathy.

Chris Beckenbach

Spam is an ISP's headache

[xmgrant]

While there is no question that Brown was too often a bulldog, a service like ORBS noticeably helped cut down on spam for our ISP that services about 16,000 customers. Significantly.

Anyone who says that spam should only be blocked/fought at the recipient level doesn't have to run a mail server for thousands of customers. Spam bogs down our mail server often and we also have to respond to complaints from our customers, etc.

There is a lot of room between censorship and giving spammers free reign. A responsible and level-headed version of ORBS is very possible and quite welcome to me. For example, they can help notify us, and our customers who run their own mail servers, when a mail server allows open relays and we can try to get that blocked before a spammer compromises their machine and our bandwidth.

Spam doesn't only affect the mail boxes of end users, after all. Most spammers are reprehensible and a couple of procmail filters isn't enough to keep this in check. I just hope that one or more organizations will step up, learn from the mistakes as well as the successes of ORBS and help us no drown in spam.

Re:And good riddance!

[nomadic]

Even it's most basic premise, its original intended function, was to strike down free speech.

Actually, it was an expression of free speech itself. It simply was someone saying "these ip addresses are used to send mass unsolicited e-mail"; ISPs and individuals could deal with that information how they saw fit. There is no free speech issue involved; I may have a right to say just about anything I want, but you don't have the obligation to have to listen to me.
--

Re:Honestly...

[nomadic]

So why not grow your own food so you only eat what you control and sew your own clothing and manufacture your own car and build your own house? Personally my time is too valuable to me to filter 3 million spam e-mails; it can be very time consuming, especially on a low-speed modem, and I'd prefer someone else do it. It's simply a division of labor.
--

I hate to say this, but much spam comes from *.tw

[TheGratefulNet]

read the NANAE (news admin net-abuse email) usenet group and you'll see the large ip-block filtering that many admins use. which region are they filtering the most? china and korea! its true. when you get spammed from countries that lovingly harbours spammers and when you complain to its 'postmaster@' address - only to find that that guy was in collusion with the spammer (or WAS the spammer) and that now you've -verified- your address to them - you finally throw your arms up and say 'enough is enough - I'll whitelist the few folks who I need to email from those country-codes and blacklist the rest of that region'.

its a damn shame. it sucks to have to blacklist a whole region of our world. but its been demonstrated again and again that most of the admins in china and korea don't seem to be 'white hats' (using the NANAE term; it means 'good guys') and that complaining to 'abuse@' and 'postmaster@' falls on deaf ears.

I'm now fine with filtering all email from .tw and .kr in my return error code (to the spammer), I include a web address that they could go to mail me, manually. if they really need to get hold of me, they can; but none have, so far - which means the spamblocking I'm doing based on country-code sure is working.

--

Re:I suppose in some idealistic sense,

[TheGratefulNet]

Okay. Let me try to put it a different way.. forgive me, I'm having trouble explaining what I mean. Where is it stated that nobody can send you snail mail without approval? Where is it stated that nobody can phone you without approval?

in both cases, its their dime and if they choose to spend their own money on originating the mail or phone call, its their decision.

but in email, the bandwidth is mostly paid for by the guy closest down the line (eg, me). in this case, its theft-of-service when they send packets on my wire that I didn't accept.

non-username-protected web ports are, by definition, open to the public. email is not quite the same thing. contacting my machine is quite different than contacting me. in the first case, my machine doesn't charge the hourly rate that I do [g]. in the second case, the webserver doesn't get a flood of hits, over and over again, trying to probe for usernames to send the same stoopid messages to over and over. web hits are usually once; email hits aren't. this concept doesn't "scale" and is one reason why email is in a different catagory than any other kind of tcp traffic.

--

Re:Spam blocking

[TheGratefulNet]

For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.

can't you see that that's too late?

by the time the packet has reached my wire, it has already stolen my resources. I can block on the Rx side all I want; but the PDUs will still eat up my precious wire bandwidth.

blocking at the source is the only way to stop theft of service. spam is TOS - no other way to look at it.

suppose you didn't lock your doors at home, so that any thief can come in and poke around your stuff. then, as he's walking out, you automatically snap a photo of him. what good does that do? he's already come in and messed around and had his way - 'protection' after-the-fact is totally useless once the crime has been committed.

--

Re:I suppose in some idealistic sense,

[TheGratefulNet]

Can you show how an unwanted email address cost you money? Would Your or I have more money to show for it if we didn't get 200 some pieces of spam a week? I doubt it.

just one example for you. my time is worth money. whenever I have to fix or upgrade my mail system cause some turkey found a way to get thru my spamfilters, that takes time away from actual work that I need to get done. whenever a third party relay gets jammed and those sysadmins have to spend time purging their queues from theft-of-service (you obviously don't agree, and this shows you've never had to admin a large ISP's mailsystem before - so your viewpoint counts for nothing in this context) THAT costs time and money.

stop being a jerk and start understanding what the word unsolicited means.

--

ORBS/MAPS has forced me to learn my mail system

[TheGratefulNet]

a few weeks ago, I was FLOODED with dictionary attacks to my home mail system.

some joker in mpinet.net just wouldn't give up - I had several hits PER SECOND on my home dsl line. quite the TOS attack.

I was forced to learn more about my mail system (qmail on openbsd) and the oh-so-useful tcp-wrappers. I also learned about the ORBS, MAPS/RBL/RSS servers.

in a few days I had hacked my qmail and tcpwrappers system to consult the RBL lists and if there was a hit, add the offender to a local cache (so that I can recognize him quickly next time).

since my site has very very few valid usernames, it was also easy to honeypot the spammers and when an invalid username was sent to, the source IP and username would be logged for future auto-blacklisting.

I've found that cutting the spammers off at the tcp-env level is quite effective in cutting down bandwidth. they can't even telnet to my port 25 anymore - I immediately shutdown the connection! no more megabyte-of-.doc crap, no more offensive spam, no more crapola, nada. just clean and quick tcp rejects ("connection refused").

the only shame is that I fear most mass abusers don't check the return codes of mail attempts and more than that, they engage the STOLEN use of open relays. so its the open relay that queues and retries and retries (I see it in my logs..) over and over. I almost wonder if I should let them complete their junk email exchange (only after hours, when I don't need my line) just to help purge their queues (?).

at any rate, the following scripts are quite useful in this battle:

rlytest.pl, checks (sends mail to) open mail relays [unicom.com]

blq.pl, checks the MAPS,ORBS,RSS,DUL realtime blocking lists [unicom.com]

--

Re:Spam blocking

[zaius]

Yeah, but the problem was that large, enterprise-scale ISP's (eg. Earthlink) decided it would be a good idea for them to block mail from these IP's, so then people who were incorrectly added to the list could no longer send mail to 3% of the internet. That blows.

Re:And good riddance!

[connorbd]

This is one of those situations that strikes me as being a misguided application of civil liberties thinking. Fact is, this is a technical and financial problem, not a freedom-of-speech problem. Spam annoys people and cuts bandwidth. I really don't think freedom of speech extends to dumping junkmail by the grocerybag-full in my backyard, which is essentially what spam is. A spammer makes a mess of my mailbox, I have to clean it up (maybe pay for it if I'm using a service like Palm.net -- there are still services that charge for downloads), and this is protected speech? There's a gap missing in the logic here.

Just out of curiosity, what's Gilmore's take on junk fax? I'm sure even he realizes that that's an issue...

/Brian

Re:Three things...

[peccary]

The recipients typically can't block mail from open relays. Doing that requires rulesets in the mail server that process based on the IP address the incoming SMTP connection is coming from. That requires root access to the ISP's mail servers.

False. End users can check the IP addresses in the postmarks on the envelope. I do it automatically without root access. Anything that came through an open-relay gets automatically filed in a Spam folder, which I check rarely.

What it comes down to for me is...

[TOTKChief]

...choice. I can choose to use ORBS [in a way, I do, since I use SpamCop [spamcop.net]], or I can choose not to use it. Using ORBS will block mail, some legitimate, from reaching me. But hey, that's my choice.

While the Internet is open [for the most part] territory, each of the ISP's are private entities and, if they so choose, can choose to use ORBS [or similar] to protect their customers from spam. Some will like it, some won't. The spam policy is one of the things I research about an ISP before I use them--and when they make changes in that policy, I sort through them. I have left an ISP because of a spam policy, and I won't hesitate to do so again.

If you don't like that Earthlink is using ORBS and its child processes, don't use Earthlink. It's as simple as that.

How I dealt with my spam...

[Gruneun]

Granted, I only did this on rare occassions when the amount of spam from a particular company irritated me.

The last time was when I was investigating an application for our company. I visited their website and downloaded the trial version. When I filled the online form I used a "spam" address that I use specifically for occassions like this. However, when I contacted one of their sales people for an extension on the trial period, the guy added my name to a newsletter. Incensed, I wrote the guy and told him to remove me ASAP. When it became apparent that he was either unable or unwilling to remove me, I reversed the situation. I began forwarding all of my spam to him... all of it... from 3 accounts, including my "spam" account, averaging 200-300 emails a day.

Knowing he was a salesperson and maintaining an unchanging email address was vital, I wasn't surprised to be contacted within 2 days by their administrator. At which point, I informed him that until I received a formal, snail-mail (I loved that part) apology from the salesperson, that it would continue.

Then I added the administrator.

Knowing my mail was probably getting blocked, I used several accounts on several machines, rotating the names daily, and religiously adding a header explaining the situation. All in all, I was contacted by 5-6 people on my "important" email address and each time I added that name to my forwarding list (checking the company overview page and adding some execs probably didn't hurt, either). It took under a week and I received a fedex letter from that salesperson. I promptly stopped my forwarding and have yet to receive a single email from the company.

I know this isn't the ideal way to stop spam, as most spammers are near impossible to reach, but it worked for me. Getting a taste of their own medicine never hurts.

Re:Make a decision, folks

[Rogerborg]

• Censorship is either good or bad. Pick one.

Censorship is bad.

Making people responsible for their actions is good.

ORBS does not censor content. ORBS gives people the information they need to make an informed decision to filter traffic from incompetent idiots.

Is that clear enough, or do I need to use shorter words?

Re:Make a decision, folks

[GreyPoopon]

It's not a lack of decision here. This is not simply a war on censorship. Obviously, preventing somebody from expressing their opinion is censorship. But I'm under no obligation to allow anybody to express their opinion to the world while I'm paying for it. How would you like it if I spray painted my opinion all over your car windshield? I bet you'd enjoy paying to have it removed so that you could actually see where you're driving, too.

Look at the facts.

• I PAY for my internet service. I have a limited amount of space available in my e-mail account. When somebody spams me, they are benefiting from what I have paid.
• My ISP is paying for servers and storage space. They are paying for bandwidth. When they have to receive and store all of the spam, they are basically paying for the spammer to use their services.
• Everybody in between me and the ISP is paying for the spammers to use their services.

Now, I can see two possibilities (neither of which will ever happen) that could help with this situation. The first is for the headers of spam to contain an obligatory item indicating that the e-mail is commercial and unsolicited. This would allow ISPs to choose whether or not to route the e-mail. The second is to have a centralized list, similar to ORBS, that includes per-user registration. If a user "opts out" of spam, any subscribing servers could refuse to route e-mail from likely spam sources that have the opted out user as a destination.

Face it, this is not just a battle over censorship.

GreyPoopon
--

Re:Spam

[siegesama]

The main goal wasn't so much filtering spam as it was getting people to close their mail relays. If you had a mail server with an open relay, and knew that most of the mail from that server would never GET anywhere because of that, it'd be a pretty logical and obvious step to just turn relay-ing off.

Hence the name ORBS "Open Relay Behavior-Modification System". Modifying the behaviour of open relays by getting them to not BE open relays any more.

The filtering was a (nice) side-effect, or a means to get to the end.

Spam blocking

[Violet Null]

For Gilmore, spam blocking should occur at the recipient level, not at the level of self-appointed upstream censors.

Now, I could be wrong here, but wasn't ORBS something that you used if you wanted to, and didn't use if you didn't want to? Doesn't that mean it qualified as 'at the recipient level'? I mean, it's not like ORBS forces you to block traffic from these sites, but it's a good resource to use if you _want_ to.

Re:Spam blocking

[Violet Null]

While I understand that, it still sounds like a problem with the ISP, not with ORBS. If Earthlink (to use an example) is going to spam block open relays, they'll use ORBS, or ORBZ, or ORDB, or what have you, and if there's no such list being maintained, they may just start their own internally.

What I'm much more worried about is the fact that ORBS got shut down over a legal injunction, but the Wired story unfortunately doesn't go into that.