Lawsuit threat against RBL users

Karl Denninger <karl@Denninger.Net> writes:

RBL policy is that they won't block anything more general than
is warranted by particular spam complaints and the subsequent
actions in response to those complaints or to a pattern of complaints.
For example, a bunch of complaints come in reporting that various
dialups spammed ads for, a masochist oriented porn site,
which is hosted on an IP address which is part of .
The proper procedure is that people complaining to RBL have to
have contacted and not gotten appropriate responses.
RBL people will (always?) contact for a final warning
and status check prior to the block, and will only block
the /32 corresponding to's actual IP address.
Thus, no customer other than biteme will be inconvenienced.

That does nothing at all, since the only listener on's
address is a web server.

It punishes for having spammed by blocking access to
their web server. That's the point.

So yes, under (as I understand them) existing RBL rules, it is possible
for purely innocent parties to get bitten (other non-spam related
customers of if the ISP fails to respond properly
for a significant length of time and number of incidents.
I feel that's fair; if the ISP becomes the problem, then they
should feel some heat. As long as the criteria for the ISp
being RBled as a whole are sufficiently demanding so ISPs that
are merely slow or not-entirely-cooperative don't get unnecessarily
RBLed, that makes sense to me.

That's not the scenario that was postulated and led to the latest threat.

Which exact "scenario" did you have in mind? There have been a whole
bunch posted recently by a number of people. Are you referring to
the NSI block threat, which falls under a similar scenario where
it's parts of one company rather than an ISP and its varied customers?
Last I saw, Paul stated that NSI's systems were in distinct IP blocks
from internic and internic wasn't being approached as a potential
blockage target.

I've seen a lot of "scenarios" fly around which bear little semblance
to reality and greatly misunderstand how the RBL is (as far as I can
tell from the outside) operating. Those scenarios are only worth
considering as a theoretical exercise in how a RBL-like entity could
go bad and as examples of how RBL isn't publicizing some of its policies
enough so that people won't be confused about what they do.
RBL in the sense simply don't do some of the things
that have been at one time or another accused of them,
to my knowledge. Again, one can postulate a scenario about
a generic blacklist service unfairly affecting innocent parties,
but the actual RBL has what ppear to me to be adequate policies in place
to protect third parties. People afraid of it really should
at least listen enough to assuage fears based on policies it doesn't
really have.

-george william herbert I speak for myself only