Affects of the balkanization of mail blacklisting

> > The INNOCENTS caught in MAPS were usually affiliated with
> someone guilty in
> > some way in another; eg would Mitch's customers be considered innocent
> > victims of MAPS, even though their victimness is directly due to their
> > decision to do business with someone who is guilty?
>
> Guilty of what, Vivien? You are accusing me of being a spammer? NetSide's
> customers were fully informed of our stance published on a web site
> dedicated to the problem, most agreed, and those that chose to stay and
> endure the year-long MAPS blockade obviously like their communications
> uncensored, and truly appreciate being able to transparently use their
> accounts from elsewhere (i.e., from the office).

MAPS accused you of operating an open relay.

You posted to NANOG saying you proudly operate an open relay.

That, ladies and gentlemen, is pretty much the textbook definition of an
open and shut case. (In my book, that makes you guilty of operating an open
relay.)

Since when is operating an open relay against the law? Please quote the
federal law NetSide has broken in having its mail servers configured as
they always were since we started in 1995.

Now let me ask you, if it's legal to operate an open relay, then why
should we willingly submit to Vixie's law?

Tell me, if you hate MAPS so much, why haven't you sued them for
slander/libel? Is it perhaps because your lawyers told you that MAPS'
accusations are TRUE and you'd get yourself laughed out of court?

Several law firms we have consulted gave a figure around half a million
dollars for a trial to proceed in federal court. That is not only to
file, but to actually go to trial in court for a year or so. Plain and
simple, we don't have that kind of money. It would make case law, as
MAPS desires, but such endeavor requires proper funding.

> > Funny, I could say the same about you:
> > "You never gave a s**t about facts, you cared only about your agenda -
> > no matter who got spammed in the way".
>
> The "collateral damage" they inflicted is simply unacceptable. The MAPS

They inflicted no damage.

Example: your local $ILEC has some Yellow Pages, where you are listed as an
ISP. Some bad thiefs want to steal a T1 router or a Sparc 5, and figure an
ISP would be a good place to get this equipment. They see your listing,
break into your facility, and steal your hardware.

Do you sue $ILEC for having set you up for being robbed?

Vivien, I'm sure you heard of the right of any phone customer to request
and obtain and unlisted number. You may even withhold a physical address
listing and just have them publish the number without an address. They
are very accommodating, you know?

Now, MAPS publishes a listing of people who operate an open relay. You admit
running an open relay. Someone else uses that listing to refuse mail from
you.

Why is MAPS in that second example more evil than $ILEC in the first one?

The ILEC publishes the phone listing for the purpose of enhancing a
subscriber's business. It is for the convenience of their customers.
People even pay hefty fees for flashy display ads in the yellow pages.
Conversely, MAPS publishes their list because they don't agree with
someone's practices, and with the ultimate purpose of destroying that
person's business if they don't conform to whatever they demand. It
publishes the list against the will of the listed parties, and most
businesses they list haven't broken any laws.

Both provided a listing. You suffered damage in both cases because a THIRD
PARTY used this listing to cause damage to you. How is the provider of the
second listing more to blame?

Now let me give you an example: some anti-abortion activists publish a
list of doctors to be targeted. Funny thing, there is a law against that.

> "agenda" came fully into the limelight with the fees they now ask for
> the "service". I dare to be as bold as to imply that their agenda is akin

I don't blame them for charging; being in the business of operating a
mostly-free service, I have found that people are very hesitant to open
their wallet unless they're forced to... when, quite often, a decent amount
of wallets are likely to snap open, while the others of the remaining
wallets scream "bait and switch". Coincidence? Perhaps it's human nature.
(Note: before I get flamed, we haven't pulled that kind of thing on our
users - we're too much a bunch of nice naive guys)

I do have a problem with how they're making a living. Most private agencies
that provide such services are regulated (i.e., credit reporting, insurance,
professional associations like realtors). Since it affects the free flow
of communications between millions of persons, maybe the time has come for
Uncle Sam to take a look at MAPS' line of business and define some rules.

> > Vixie's done a lot of things other than MAPS that have done a
> lot of good;
> > BIND, anyone? I'm sure there are a bunch of others but exposure to such
> > stupidity as your post has caused my mind to go blank.
>
> So Der Fuehrer constructed the German autobahn, Il Duce made the Italian
> trains roll on time, etc. Are they good people? While I don't

I'll leave that to the historians to judge. Last time I checked, this wasn't
NAHRG - North American History Research Group.

Hey, it was just a counter argument using examples from history that most
people are familiar with. No one is perfect, and absolute power corrupts.

> even question
> Vixie's great contributions such as BIND, I am fighting his little MAPS
> charity based strictly on the belief that no private party has the right
> to appoint themselves as communications censors. That role, if it ever
> comes to it, can only be filled by laws and a government mandate.

Censors?

How has MAPS interfered in ANY way with your mail? Let's say I use MAPS (I
don't, FYI... we don't have a need for it). You send mail to me. Based on MY
decision to have my server trust MAPS' judgment, my server tells your mail
to go screw itself. What did MAPS do other than ADVISE me to reject your
mail? If I didn't TRUST MAPS' judgment, then I wouldn't use it.

To some people that write to me directly from this list I can't reply,
because they're using MAPS. Some are not even aware that they are
blocking NetSide and my replies bounce off their servers. Sorry about
that.

The problem is, I haven't done anything bad against YOUR service. You
would punish me and my users simply because a third party says so. In
most cases, you wouldn't even know who else was blacklisted by them, or
for what "crime".

That, my friend, is the difference between MAPS and your government censors
you seem to WANT. If you have government censors saying "Good ol' Mitch is
bad", then it will be the LAW forcing everybody to block you, and you are
totally gone. If you have MAPS blacklisting you, then it is ONLY the people
who have chosen to TRUST (and pay, nowadays) MAPS that are rejecting your
mail. If I were you, I'd prefer the second alternative... at least for your
customers' sake.

Vivien

The law would apply equally to everyone. We would have a level playing
field, and no private party could claim a position Above the Net
Right now, I'm not breaking the law of the land, only Vixie's law.
My only "crime" seems to be that I have disobeyed his commandments.
And I will continue to do so until his operation is regulated by the
law and has a government mandate.

--Mitch
NetSide

Okay Tim, I would like to start by mentioning an interesting Jul 16, 2001
article titled "European Parliament doesn't want to ban spam":
http://www.cnn.com/2001/TECH/internet/07/16/parliament.spam.idg/index.html

It goes as far as to state: "The EU Citizens' Freedoms and Rights,
Justice and Home Affairs Committee voted on a directive stating that it
should be legal for companies to send spam by e-mail or SMS (short message
service) mobile text messages, just as long as the solicitation comes
with an address that allows recipients to request that they be removed
from the mailing list".

This stance is mirrored by some bills introduced in the US Congress,
although to date we don't have a federal law in force regulating spam.
Some states have adopted their own measures, but nothing exists yet
at the national level.

Hence, strictly from a juridic viewpoint, spam is legal in the US and
Europe. While providers may complain that a million spam messages brought
down their server, and if they find the culprit they have a cause of
action for denial of services, they can't prosecute somebody for sending
a single UCE. Yet my service was blacklisted by Dave Rand for a single
count of UCE relayed to his domain bungi.com by a Corecomm user. They now
claim that in order to get off the MAPS blacklist, the server has to be
open to their probing. As far as I'm concerned, MAPS causes NetSide's
communications to be censored for the deed of another provider's user.

What's next? This is what can happen when MAPS/Abovenet are allowed to
exercise censorship powers without accountability:

http://www.peacefire.org/stealth/group-statement.5-17-2001.html
http://www.nwfusion.com/archive/1999b/0308kobielus.html
http://slashdot.org/yro/00/12/13/1853237.shtml
http://slashdot.org/yro/01/05/21/1944247.shtml
http://www.dotcomeon.com/abovenet_blackhole.html

As you can read for yourself, the block wasn't only for SMTP servers,
but it blanked out communications from entire sites, including their
web servers. If that kind of communications disruption is not censorship,
then what do you call it?

--Mitch
NetSide

Congratulations, you just won an entry into my sendmail '571 list'.
And guess what, I dont even need MAPS to do it.
The sendmail access hash database works just fine.

I suspect many other listmembers who dont run MAPS are manually making
entries to block your open relays as well.

-Dan

Dan, if as an ISP I would block access to anything that offends me
personally, or to a service that employs a staff member who vexed
my feelings, pretty soon I would have no services to offer to our
users. The world is a diverse place, and people have antagonizing
opinions at times. I respect anyone's convictions if they are sincere
and they don't use brute force to threaten my legitimate business.

I suspect that many other list members run, or are employed, by
businesses, and make business decisions, rather than personal ones.
I also happen to view Internet access as a service similar to those
provided by a common carrier.

Doubting seriously that any of our users is interested in corresponding
with you about that cute bunny girl you display on your web page, there
is nothing to mourn about your personal decision. Nevertheless, if it
ever happens that one of our users asks why he/she can't send you email,
I will forward them this message. I'm sure they will be thrilled to do
business with you.

--Mitch
NetSide

> The INNOCENTS caught in MAPS were usually affiliated with someone guilty in
> some way in another; eg would Mitch's customers be considered innocent
> victims of MAPS, even though their victimness is directly due to their
> decision to do business with someone who is guilty?

Guilty of what, Vivien? You are accusing me of being a spammer? NetSide's
customers were fully informed of our stance published on a web site
dedicated to the problem, most agreed, and those that chose to stay and
endure the year-long MAPS blockade obviously like their communications
uncensored, and truly appreciate being able to transparently use their
accounts from elsewhere (i.e., from the office).

Have you ever considered being a televangelist Mitch? If you've got your
customers convinced that you're "fighting evil" by not closing your
mailservers, you could make the money Jim Bakker bilked from people look
like chump change. And Hey! We wouldn't have to see your shit on NANOG
constantly!

The "collateral damage" they inflicted is simply unacceptable. The MAPS
"agenda" came fully into the limelight with the fees they now ask for
the "service". I dare to be as bold as to imply that their agenda is akin
to extracting "protection" money from ISPs. Do you really expect them to
blackhole some of their paying "customers"?

Mitch, you also dare to be so bold as to suck up oxygen from those of us
who actually have something to contribute to the human race. "Protection
money?" Give me a break. And Yes. I fully expect them to blackhole a
paying SUBSCRIBER if that SUBSCRIBER has a SPAM problem and refuses to
address said problem.

So Der Fuehrer constructed the German autobahn, Il Duce made the Italian
trains roll on time, etc. Are they good people? While I don't even question
Vixie's great contributions such as BIND, I am fighting his little MAPS
charity based strictly on the belief that no private party has the right
to appoint themselves as communications censors. That role, if it ever
comes to it, can only be filled by laws and a government mandate.

Mitch, in case you hadn't noticed, MAPS did not appoint themselfs as
ANYTHING. Their listing someone in any one of the database has NO effect
at all on anything in and of itself. Those of us who DO use MAPS had to
make changes to our configurations. We choose to use the list of sorry
low-life pond scum sucking SPAM relaying cry like a baby because they're
listed but won't fix the damned problem bastards, such as yourself, that
MAPS provides to protect ourselfs and our customers from the same.

You want government mandate? How about this. Self government. As the
administrator of my domain/AS, I declare them sovern entities and myself
the head of state of each. As head of state, I mandate that all said
entities shall make use of a proscribed ANTI-SPAM technology. I proscribe
the MAPS system as said technology and hereby mandate it's use.

Now, you get what you want, I get what I want.

What can I say? We all have our idols and foes. Being objective and
impartial about their actions, and having the courage to point at
your friend's errors, or dare to disagree with something viewed as
"politically correct" in some circles is a different story. It certainly
wont't win you any popularity contests...

You think you're objective? BWAHAHAHAHA! And you are VERY popular. I'd
venture to say that you're listed in more procmail filters than the whole
rest of the subscribership of NANOG combined!

Now, please, I BEG YOU -- GO AWAY!

Some of us run our own vanity plate domains to separate personal from
business. It is unlikely there would be any "business" involved as there
is no "business" traffic at this domain, it is my own personal PC and my
own domain.

Still, its quite amusing to see you threaten to try to damage a business
reputation where no business exists to damage the reputation of.

And as you've already invoked Godwin's law, this discussion is finished.

-Dan

You publically advertised repeatedly that you run an open relay. If it
weren't for the RBL (and presumably your link size, as an ISP without
an ASN and running a single MX) your open relay would be streaming full
of UBE. As it is, you're lucky -- your open relay is "poisoned" by
being on many blacklists so spammers probably don't bother with
it as much as other, "fresh" open relays.

RBL, and formerly ORBS, are/were useful services. ORBS was a bit more
contraversial than RBL/MAPS but still far more mature than those
who have come to replace it such as ORBZ and ORBL, who have things
like mandatory 24 hour delays before they'll do a re-check to
confirm a relay as fixed and remove it from their lists.

As I'm sure most medium sized ISPs can tell you, you can't be on
RBL without significant customer complaints. ORBS listing would
also attract a reasonable amount of complaints. RBL and ORBS listings
were sufficient to coerce the largest non-multinational ISPs in
Australia to change their ways and become more careful about
relays.

Another way of saying it - relay blocking lists (in general, not
just RBL) are the e-mail communities' equivalent to the Usenet
Death Penalty, which in turn has caused many a large ISP to
review their Usenet spam problems -- possibly not as effectively.

You talk of government control. The Internet doesn't exist under
one government. Even the ISP I work for spans half a dozen
governments ranging from one with extreme censorship, a virtual
police state to a country where it costs less than a single note to
get someone killed. Consider this. The users vote with their
custom to the ISP. The ISPs vote with their configuration and
choose the trusted community members who can determine who is
right and who is wrong. Paul Vixie is one of those trusted
members of the internet community.

As to inconvenience, in each country we handle multi-level open
relay cases involving our clients daily. At a university I worked
at, I developed a class B network scanner to scan for open relays
in a class B of address space in under a minute in order to prevent
open relays at the university. Initially there were many hundreds;
in fact, in March 1998, 255 of our 394 mail servers at that
university were open relays. But by August that year, that number
had dropped to 13 of the 230 machines which remained as mail servers
(almost half the machines which were running e-mail servers at
the university were doing it because it was installed by default).

Sure, it's a major hassle to clamp down on all open relays -- but
open relays are used for the transfer of massive amounts of spam to
avoid the blacklisting of the original source.

We're even having to code new restrictions for formmail.pl scripts
all over the place because spammers are abusing formmail.pl scripts
(forged headers to make the submission look legit to the traditional
criteria for a valid post) out of desperation now that open relays
are becoming increasingly rare.

I guess you block SpamCop reports too as an intrusion on your time
or your free rights to determine what is abuse and what isn't?

Example: your local $ILEC has some Yellow Pages, where you are listed as an
ISP. Some bad thiefs want to steal a T1 router or a Sparc 5, and figure an
ISP would be a good place to get this equipment. They see your listing,
break into your facility, and steal your hardware.

Do you sue $ILEC for having set you up for being robbed?

Now, MAPS publishes a listing of people who operate an open relay. You admit
running an open relay. Someone else uses that listing to refuse mail from
you.

Why is MAPS in that second example more evil than $ILEC in the first one?

Intent Vivien, pure and simple. In the former case of the LEC, there was
no _intent_ to inflict damage, as well as no reason to believe that the
listing would inflict damage. In the latter case we have a listing whose
*stated purpose* is to inflict damage.

There are plenty, but most of us are too goddamn lazy to do it ourselves,
and ask for an ORBS or MAPS like service to do it for us. We have ?
NEVER had a spam problem (we've been here since 1994) going out - not > a

single incident (not that we probably won't haqve one *someday*, but ?

still, it's a hell of a good track record).

There aren't plenty of ways. If it were such an easy task, we would not be
having this conversation.

The SPAM problem goes up and down to be sure, but you know what?
PROCMAIL
is your friend. All you need to look for are the basics (ADV, Make Money,
etc) and you can instatly filter 90 percent of this trash into the
bitbucket.

So lets see, I write an email to a client and use the words "make money"
either in the header or in the body of the message... did someone all of a
sudden give you the right to filter my mail based on content? Glad I don't
have you doing my mail.

Lets get my position straight: I think spam is annoying as heel, and
should not be done. I don't think that SPAM is going to cause any major
social upheavals. I also disagree that all people want to be spared from
SPAM, and with thaqt in mind, I believe everyone should defend themselves
to the best of their interest, and leave the next guy alone: he or she
probably has *way* more important things to worry about.

SPAM is a major problem. It is causing large ISPs and SP a great deal of
money and resources. Why should I have to spend my hard earned profits
purchasing filtering solutions like Brightmail. If there is an industry
created due to problems dealing with SPAM, we have a big issue on our hands.

Lets Make a List of Things we need to get done

1) World Peace 2) End to Hunger 3) Elimination of SPAM

Since when is operating an open relay against the law? Please quote the
federal law NetSide has broken in having its mail servers configured as
they always were since we started in 1995.

To my understanding it is _undefined_ at this point and therefore legal.
Neither is is _illegal_ to engage the necessary resources to avoid them.
The courts, God help us, will sort this out and there will likely be some
form of legislative definition too.

The root of the issue really goes to the question of whether an ISP
is a Common Carrier. I am of the opinion that most would say both
Yes and No, and that we are now in the process (here in the US) of
trying to hammer this out. I can't really speak for other countries.

Now let me ask you, if it's legal to operate an open relay, then why
should we willingly submit to Vixie's law?

MAPS is at best "subscriptive", requiring the implementing party to
enable it. (I am of the mind that the so-called evidence of source
modifications to Sendmail is weak.)

In time our legislators will prescribe governing law and the cycle of
enforcement, challenging and refining the law will begin its tedious
process.

One could use Dun and Bradstreet or other reporting agency as an analogy.
There are due-process issues that must be handled carefully, but it is
hardly illegal. MAPS is simply a reporting service.

I, for one, have grown weary of the villification of Paul Vixie and Dave
Rand. Adding such quips only undermines the anti-MAPS arguments and gives
this an emotional quality that it does not merit.

-----BEGIN PGP SIGNED MESSAGE-----

Since when is operating an open relay against the law? Please quote the
federal law NetSide has broken in having its mail servers configured as
they always were since we started in 1995.

Now let me ask you, if it's legal to operate an open relay, then why
should we willingly submit to Vixie's law?

Folks, this twit is like a religious zealot. His agenda is rationalizing
open relays and demonizing Vixie et al., and no amount of reasoning is
going to get him to see the error of his ways.

I should have done this months ago:

:0
* ^From:.*mitch@netside.net
/dev/null

In the interests of operational content and a higher SNR, I ask that you
all do the same. IGNORE HIM.

Matt

- --
Matthew S. Cramer <mscramer@armstrong.com> Office: 717-396-5032
Lead Security Analyst Fax: 717-396-5590
Armstrong Information Technology Services Pager: 717-305-3915
Armstrong World Industries, Inc. Cell: 717-917-7099

Matt Cramer wrote:

Folks, this twit is like a religious zealot. His agenda is rationalizing
open relays and demonizing Vixie et al., and no amount of reasoning is
going to get him to see the error of his ways.

I should have done this months ago:

:0
* ^From:.*mitch@netside.net
/dev/null

In the interests of operational content and a higher SNR, I ask that you
all do the same. IGNORE HIM.

Please. I'm beginning to feel like I'm subscribed to cypherpunks again. I'm
not sure why any one is treating this argument as though it had two sides,
and both of them were rational. Just ignore him. Just ignore them, before
they attract more like them. Please.

The irony meter reads.... 10!!!!

More so, it is trivial to "overrrule" a MAPS listing in your mail server
or router if you don't agree with it. So there's no "all or nothing" rule
either. This applies to any DNS-based, and probably other types, of BLs.

-C

Making a living at disrupting other providers' communications

Disruption: Are we talking MAPS itself here, or all the
crap on this list about it?

Does the Godwin principle apply on mailing lists too? or just on
SnoozeNet?

**SJS (wondering if measl@ is an admin at the Minnesota Freenet, but
figuring "probably not")

alright, this is the last thing I'm going to say on this particular
point... (heh, how many times have we heard *that* from me...)

There are plenty, but most of us are too goddamn lazy to do it ourselves,
and ask for an ORBS or MAPS like service to do it for us. We have NEVER
had a spam problem (we've been here since 1994) going out - not a single
incident (not that we probably won't haqve one *someday*, but still, it's
a hell of a good track record).

OK, fine. For the purposes of this argument I'll take that statement at
face value, although I'd be curious where you work. If you're an IT type
at a big corporation whose primary line of business isn't Internet access,
then your statement means nothing as outgoing spam is much easier to
control when you're not an ISP/IAP/NSP/*SP.

The SPAM problem goes up and down to be sure, but you know what? PROCMAIL
is your friend. All you need to look for are the basics (ADV, Make Money,
etc) and you can instatly filter 90 percent of this trash into the
bitbucket.

This sounds like "Just Hit Delete". Most of us who dislike spam would
prefer to remove the problems, not just the symptoms.

At work (not mfn.org), I get several orders of magnitude more mail
(usually obnoxious at that) from the "gentle anti-spammers" than the poor
"victims" get themselves!

And why is it that you're getting all this mail? Most anti-spammers I know
of just don't go looking for targets to shoot at, they complain to the
sources of spam that they have *actually received.*

should not be done. I don't think that SPAM is going to cause any major
social upheavals. I also disagree that all people want to be spared from
SPAM, and with thaqt in mind, I believe everyone should defend themselves
to the best of their interest, and leave the next guy alone: he or she
probably has *way* more important things to worry about.

I think you have an agenda. I think further that you are not being
completely honest with us about why you have a bone to pick with MAPS.

The people who read this mailing list aren't naive. You won't find John
Q. AOL-Member reading your posts. I have plenty of experience working on
the net, and I actually consider myself one of the least experienced
people who regularly posts here... I look at reading many of the NANOG
threads as a learning experience, and contribute what little I have to
contribute. Anyhow, you'll find that most of the people here are pretty
good at critical thinking, which is a necessity in the line of business
in which we work. And I am sure that others will be happy to pick apart
your arguments.

For my own edification... all I am asking is that you come clean and tell
us the ENTIRE story.