SORBS Contact

From owner-nanog@merit.edu Wed Aug 9 22:00:58 2006
To: nanog@merit.edu
Subject: Re: SORBS Contact
From: Allan Poindexter <apoindex@aoc.nrao.edu>
Date: Wed, 09 Aug 2006 20:59:36 -0600

  > so would you consider as it is my network, that I should
  > not be allowed to impose these 'draconian' methods and
  > perhaps I shouldn't be allowed to censor traffic to and
  > from my networks?

If you want to run a network off in the corner by yourself this is
fine. If you have agreed to participate in the Internet you have an
obligation to deliver your traffic.

Obligation to _whom_? My only obligations are to those who _pay_ me for
access to my systems/resources. If the people who *do* pay me for use of
my systems/resources "don't want" that cr*p, then I do 'have an obligation'
to _not_ deliver that traffic.

And _how_ I implement that, to the satisfaction of =my= customers, is NONE
OF _YOUR_ BUSINSESS, since you are *not* one of my paying customers.
I don't have to tell _you_ what I do; I don't have to listen to any of your
'complaints'; and I sure-as-hell don't have to defend, _to_you_, what I do.

the users got it wrong some small percentage amount of the time. I
was stunned at the arrogance and presumption in that comment. You
can't tell from looking at the contents, source, or destination if
something is spam because none of these things can tell whether the
message was requested or is wanted by the recipient. The recipient is
the only person who can determine these things.

Do *you* _KNOW_ how hotmail came up with that determination that 'users
got it wrong some small percentage of the time'? If you *don't*, you are
exhibiting _at_least_ as much 'arrogance and presumption' as you accuse
them of.

I *KNOW*FOR*A*FACT*, that some people _do_, occasionally 'get it wrong'.
I, _personally_, have done it. Be it an 'off-by-one' error in selecting
and marking the message, to a long-delayed response to something _I_ sent,
and that came in _without_ reference to what I sent, errors *DO* happen.

Note: it can be _really_ easy to figure out if/when people mis-identify 'spam'.
You ask them to classify a bunch of old messages, presented one at a time.
You present the _same_ message *more*than*once*. If they mark it is 'good'
three times, and 'spam' once. Then they *did* 'get it wrong' -- it's not
certain _which_ way they 'got it wrong', but it *IS* absolutely certain that
they did 'get it wrong' "at least once".

I've seen some of the stuff AOL _users_ flag as 'spam' -- "content analysis"
*alone* virtually guarantees that they were flagged in error. Things like
college acceptance letters from Division I schools, bank overdraft notices,
NDRs for mail they themselves *sent*, 'delivery receipts' and/or 'read
receipts' that they had _requested_ on mail they sent out, etc., etc.

There are simple solutions to this. They do work in spite of the
moanings of the hand wringers. In the meantime my patience with email
"lost" silently due to blacklists, etc. is growing thin.

If you want 'reliable' delivery, you _pay_ the recieving system (and the
intermediaries) for that service. Your lack of patience with something
other people _give_ you the free use of is, quite simply, an inexcusable
display of arrogance and presumption.

Obligation to _whom_? My only obligations are to those who _pay_ me for
access to my systems/resources. If the people who *do* pay me for use of
my systems/resources "don't want" that cr*p, then I do 'have an
obligation'
to _not_ deliver that traffic.

  Nonsense. You have tort obligations as well as contractual obligations.
Specifically, if you take custody of someone else's data, and you have no
contract with that person, you have a tort obligation not to destroy it.

  Your argument is similar to a mall that claims they can shoot people who
don't buy anything. After all, their only obligation is to those who pay
them. But of course neither you nor they can do that. By setting up a
network and connecting it to the Internet, you know that you will sometimes
carry packets that are neither from nor to someone with whom you have a
contract. Those are not your packets, and you have no contract with their
owners, but you handle them in the ordinary course of your business, so you
have a variety of tort obligations to them.

  The same would be the case if I used FedEx to return something of yours to
you. If they destroyed your property, you would have a claim against them
even though you didn't pay them for anything.

  I see the view you are expressing quite commonly among network operators
and it is, IMO, dangerous. It is, of course, your network. But it handles
other people's data.

  Of course, you can protect your own network. Just as FedEx can destroy a
bomb if someone tries to ship it through them. But you cannot do whatever
you want with "your packets" unless they really are your packets.

  I will defend your right to do anything reasonable. However, it is
incorrect and dangerous to assert that because it's "your network" you can
do anything you want. Even if it's your mall, you can't invite people into
it and then shoot them just because you have no contract with them.

  DS

  Your argument is similar to a mall that claims they can shoot people who
don't buy anything. After all, their only obligation is to those who pay
them. But of course neither you nor they can do that. By setting up a
network and connecting it to the Internet, you know that you will sometimes
carry packets that are neither from nor to someone with whom you have a
contract. Those are not your packets, and you have no contract with their
owners, but you handle them in the ordinary course of your business, so you
have a variety of tort obligations to them.

Whatever you're smoking, you've really gotta share some with the rest of
us. I guarantee you that there is not a single packet that I will route
which is neither from nor to someone I have a contract with. If you want
to give away free service to people without contracts that is your right,
but I sure as hell don't have to.

  The same would be the case if I used FedEx to return something of
yours to you. If they destroyed your property, you would have a claim
against them even though you didn't pay them for anything.

Packets are not property, there is no intrinsic value in returning them to
sender. Plus I guarantee you if you drop off a package with Fedex and
don't pay for it (thus entering into a contract with them for services),
they will eventually throw it in the trash rather than deliver it.

  Of course, you can protect your own network. Just as FedEx can destroy a
bomb if someone tries to ship it through them. But you cannot do whatever
you want with "your packets" unless they really are your packets.

The only thing you probably CAN'T do is take someone else's packets that
were sent to you (either under contract or not) and sniff or alter them
for the purpose of doing something Bad (tm) with the data (probably
because said bad activity is already convered under some existing law,
e.g. no extorting people, no impersonating others, etc).

> Obligation to _whom_? My only obligations are to those who _pay_ me for
> access to my systems/resources. If the people who *do* pay me for use of
> my systems/resources "don't want" that cr*p, then I do 'have an
> obligation'
> to _not_ deliver that traffic.

  Nonsense. You have tort obligations as well as contractual obligations.
Specifically, if you take custody of someone else's data, and you have no
contract with that person, you have a tort obligation not to destroy it.

You do realize that when we talk about "sending" data we are using
language in a very loose way, right? Data isn't actually sent. When I
"send" a packet of data, I still retain that data. If you lose it you
have only lost your copy of it, not mine.

Are you one of those people that makes an extra photcopy when you have
to fax one to someone?

  Your argument is similar to a mall that claims they can shoot people who

It is illegal to shoot people whether they enter your mall or not.

  The same would be the case if I used FedEx to return something of yours to
you. If they destroyed your property, you would have a claim against them
even though you didn't pay them for anything.

IANAL but I am pretty sure that my claim would be against you, not
FedEx. You would have to counter claim against FedEx because you made
the contract with them.

David Schwartz wrote:

  Nonsense. You have tort obligations as well as contractual obligations.
Specifically, if you take custody of someone else's data, and you have no
contract with that person, you have a tort obligation not to destroy it.

The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of "property" to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement.

<triviata deletia>

Laurence F. Sheldon, Jr. wrote:

David Schwartz wrote:

    Nonsense. You have tort obligations as well as contractual obligations.
Specifically, if you take custody of someone else's data, and you have no
contract with that person, you have a tort obligation not to destroy it.

The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of "property" to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement.

<triviata deletia>

Too bad I'm no longer bright enough to read my own .sig! Among other things, it says there from time to time:

"Ex turpi causa non oritur actio" which I believe to be Lawyer Latin for "No cause of action may be founded upon an immoral or illegal act".

(Thanks sixthformlaw.info for the quotation.)

Of course, that only applies if you're dumb enough to answer '250 OK' to
the '.' after the DATA. You 5xx that puppy anywhere before that, and you
haven't taken custody of that data...

This is ridiculous (not your argument, Valdis, but the whole thread in general).

If my customers ask me to, or accept via subscribing to a service with a TOS that so permits, me accepting their mail and throwing it away silently, then that's between me and them, nobody else.

This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent.

Now, *I* might have a claim against MBE, if I never authorized them to do so and they didn't have a terms-of-service document which I'd agreed to (actively or passively) which said they could do it, but that's a claim between my agent and myself, not the sender.

Cheers,
D

[combined responses]

You do realize that when we talk about "sending" data we are using
language in a very loose way, right? Data isn't actually sent. When I
"send" a packet of data, I still retain that data. If you lose it you
have only lost your copy of it, not mine.

  The packet includes its origin, destination, next hop, and like
information. If the copy were identical to the original in all respects, it
would not be a copy. There must be some distinction between the two, and it
is that distinction that makes the "copy" useful. (That's why you made it.)

Are you one of those people that makes an extra photcopy when you have
to fax one to someone?

  Why fax something to someone at all then? If the fax really is the same as
the original, why bother faxing? Obviously, there is a difference between
the two copies, and the value of the duplicate is in that difference.

  The fact that the information can change physical form doesn't mean it
isn't a coherent object. For example, my car may exchange electrons with
your sidewalk, but that doesn't make it any less my car. The value of the
car is not in which particular electrons it has (which can change) but in
their arrangement and utility (which does not).

  If I have some information that I want to get to a particular place, and I
make a copy and dispatch it toward its destination, that copy with its
destination information behaves just like my car does. It changes on the
way, but it does not ever become any less my car (or the ultimate
recipient's car) regardless of whose roads it travels over.

> Your argument is similar to a mall that claims they can
> shoot people who

It is illegal to shoot people whether they enter your mall or not.

  Precisely. Your obligation not to destroy someone else's data is a basic
tort obligation that applies to how you must treat other people's property,
even if it happens to be on "your network".

> The same would be the case if I used FedEx to return
> something of yours to
> you. If they destroyed your property, you would have a claim
> against them
> even though you didn't pay them for anything.

IANAL but I am pretty sure that my claim would be against you, not
FedEx. You would have to counter claim against FedEx because you made
the contract with them.

  You could make a claim against me and I could counter claim against FedEx.
But you could also claim against FedEx directly. They destroyed your
property.

Whatever you're smoking, you've really gotta share some with the rest of
us. I guarantee you that there is not a single packet that I will route
which is neither from nor to someone I have a contract with. If you want
to give away free service to people without contracts that is your right,
but I sure as hell don't have to.

  Transit networks route many packets that are neither from nor to anyone
they have a contract with. They pass the traffic from aggregators to
aggregators. This is the same as a person who walks from store to store in a
mall even though he has no contract with the stores, the stores have
contracts with the mall.

Packets are not property, there is no intrinsic value in returning them to
sender. Plus I guarantee you if you drop off a package with Fedex and
don't pay for it (thus entering into a contract with them for services),
they will eventually throw it in the trash rather than deliver it.

  Packets are property. There is no value in returning them to sender but
there is value in delivering them to the recipient. If the lack of return
value is evidence against property, why is the presence of delivery value
not evidence for?

  I don't deny that you can drop a packet on the floor if nobody paid you to
carry it and you did nothing to solicit its presence on your network. That
is not the same as the case where somebody paid you to carry the packet, but
the person who paid you is not the owner of the packet but merely someone
similarly contracted by the owner.

This is no different from me authorizing Mail Boxes Etc to be my
proxy for UPS packages, and them being allowed to simply discard
anything from, say, an ex-wife. My ex-wife has no claim, in this
hypothetical, against MBE for tossing my package in the trash,
because they're acting as my agent.

  You are quite correct *if* they are the agent for the intended recipient.
In the general case, a transit carrier will not be an agent for the intended
recipient and possibly not for the originator either.

Of course, that only applies if you're dumb enough to answer '250 OK' to
the '.' after the DATA. You 5xx that puppy anywhere before that, and you
haven't taken custody of that data...

  Exactly. I think the mail case is simpler though because it is quite rare
for an email message to wind up in the hands of someone who has no
contractual relationship with either the sender or the recipient. Exceptions
would include things like relay rape where I think it's quite reasonable to
argue that the purely abusive nature of the transaction (and the sender's
specific selection of your relay) justify dropping it on the floor.

  Someone who chose to hand an email to you specifically even though you are
neither the sender nor the recipient and hope that you would deliver it is
not the same as someone who sent a packet to you because you are the route
towards the recipient.

  I suppose another version of the FedEx hypothetical would be if FedEx
advertised that they would carry packages to Denver without fee but then
destroyed half of them. BGP advertisements and DNS MX records are
solicitations for other people's property.

  I would also remind everyone that the interception or diversion of
electronic communications is illegal in the United States, even if you do
not look at the contents. (There are exceptions, of course, but the law
definitely is not "it's your network, do whatever you want with the data on
it".)

  DS

The thread was originally very benefitial (for me, as
we use SORBS and provide some basic SMTP services), despite
being somewhat off-topic for NANOG... but has now evolved into
the Battle of Awful Analogies(tm). Discussions of this type
always resort to the same analogy, for that matter: cars.

It seems we've reached that point.

Also, as I'm still fairly new here: why do so many NANOG
threads go this route (pun intended)? Are some folks here
unable to simply say what they mean? Just curious.

here here! very well said entire post, I have left only this para tho,
because my second comment, and thats my suggestion is they can pay for a
co-located machine that they can go out and get a domain for and run
their own mail server on and get as much spam and virus's they want
that of course will never interfere with 99.999999999999 reptv % of
customers *dont* want.

Last time I saw someone so strenously crying that 'thou must accept
mail' and trying so hard to justify why we should accept it was a low
life toss pot scum sucking spammer, ooops I mean direct marketer, ahh
stuf fit, both the same thing ... not implying anything here but if
the shoe fits....

>
> Of course, that only applies if you're dumb enough to answer '250
> OK' to
> the '.' after the DATA. You 5xx that puppy anywhere before that,
> and you
> haven't taken custody of that data...

This is ridiculous (not your argument, Valdis, but the whole thread
in general).

Valdis's is correct, before the DATA is akin to "hello anybody home"
and then "does jack live there" if I say yes he does, it does not mean
you can come in just because jack lives there

This is no different from me authorizing Mail Boxes Etc to be my
proxy for UPS packages, and them being allowed to simply discard

It is very different because you hold a physical package or something
for someone you are paid by somebody to do it, unless you operate a
charity