Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Is it time for an RBL Code of Ethics?

RallyDriver writes: "My company provides email marketing and other services to nonprofit organizations. We're a high volume email source, but a legitimate one: we have a strict opt-in policy, and we hold customers accountable to it, though that's not a huge effort ... our clients are by choice highly ethical email users. We cooperate with and are respected by email security departments at all the major ISPs.

We recently had an experience with an RBL operation called NJABL which called me to question the lack of accountability in the entire RBL industry ... the acronym stands for Not Just Another Blacklist, but ironically, our experience exactly stereotypes the problems with RBLs and where they miss the target.

One of our clients made a typo when transcribing an email address from a paper sign-up sheet, and as a result one of their emails happened to land in the personal Inbox of the owner of NJABL (it's one guy). An honest error.

Mr NJABL did not contact us, and he did not contact our client. Instead, without any discussion whatsoever, he arbitrarily blacklisted one of our MTAs. On going to the NJABL website, the only way to contact this guy is an email address that takes about 48 hours to get a response. Meanwhile, we are shuffling email around to get it delivered.

There are multiple problems here:

1. The system is too error prone, and the "guilty until proven innocent" approach is just plain wrong ... how about asking first?

3. Most RBL operators try to assert the first amendment: "my RBL is just my opinion, no-one has to use it" but the reality is that many consumers of anti-spam software unwittingly use the default configuration which subscribes to some of these RBLs, and in any event the first amendment still requires one to defend one's opinions ... I am not free to say "I believe the editors of Slashdot are child molesters" (which to my knowledge they're not) withour risking a libel action. Adding someone's IP to an RBL is saying "they are a spammer".

3. There is absolutely no accountability — a newspaper that prints something defamatory has to stand behind its masthead, but the NJABL operator even hides his domain registration behind his ISP. I will not "out" him here, but someone claiming this much moral authority over other people's email should not hide behind a cloak of anonymity.

4. Blocking any and every volume email source because one person (even the RBL owner) got one email they didn't like is irresponsible — one unwanted email doesn't mean the source is a nest of spammers, and anyone can make a typo. The big ISPs all take a statistical measure of complaint to volume ratios, and they expect a small amount of background noise, and they provide feedback to ESPs and ISPs so they can in turn monitor their clients' behavior.

In short, a number of RBL operators seem to be so enraged that they have long since lost sight of their original goals ... it's reminiscent of the groups in Northern Ireland who are trying to secure political change and make the world a better place by shooting off taxi drivers' kneecaps.

It's time for the mainstream RBL industry to stand up and be counted, to sign up to a standard code of ethics, and to repudiate the zealots."

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde