Spam Control Considered Harmful

I am worried about the tools we are developing and deploying to control
spam.

Some of them are esentially centralsied methods of controlling Internet
content. Paul's anti-spam feed for instance prevents users of some
providers from seeing spam. The user has no choice; they cannot opt to
receive spam other than by switching to another provider. Even worse:
they may not even be aware that they are "missing" some content.

Combatting spam is considered a Good Thing(TM) by almost everybody here,
including myself. However the same technology could just as easily be
used to do Bad Things(TM). Even worse: if it works it demonstrates that
*centralised control* of the content of Internet services like e-mail is
*feasible*. This will give some people ideas we may not like, and
sometime in the future we may ask ourselves why we have done this. The
end does not always justify the means. I hope that methods like the
anti-spam feed will not be taken up widely. Please consider the
consequences before you use them.

I stress that I do not question the morality or good intentions of those
involved. I am just concerned about the almost ubiquitous and
apparently unreflected zeal that spam seems to evoke and the danger of
it making us accept methods we would otherwise despise. I would prefer
to see more work in technology that is less centralised and gives the
users a choice of the content they wish to see. Yes this may be harder
to do, but the consequences of deploying the easier methods may be just
too severe.

Waehret den Anfaengen (beware of the beginnings)

Daniel

PS: I hope this is more coherent than my contribution at the meeting
yesterday when my brain failed due to jet-lag while my mouth was still
working perfectly ;-).

Yes, right now the techniques Paul has used are for blocking his notion of
Spam, a certifiable Bad Thing(tm). What is to prevent, say, China from
requiring all ISP operators to take an "Anti-Party" Black-Hole Feed,
blocking IP blocks where "dangerous" ideas are found on some hosting
operators Web Servers? There is already at least one ISP in the US that
filters out 'un-Christian' material, using quite primitive techniques...
I'm sure they and their fellow Brothers would welcome a black hole feed
for their and related networks to block such "evil" content as
birth control material and other Bad Things(tm).

This is one, I think, that once you open the door, there is no going back.
No offense to Paul, or his good intentions, but as they say, they are what
the road to hell is paved with, no?

Just think twice, at least, I'd say, before promoting unconditional system
wide blocks on your network...Ethics is the land we're in here, and there
are no easy answers.

David Mercer
Tucson, AZ

This sounds nice and principled but who is going to pay the bill for
the spam? It's non-trivial.

Perhaps someone can make a business selling spam-able accounts. Maybe
you're willing to go into that business? Tell us how it works out, let
the market decide.

At any rate, at the heart of this one is "follow the money", spammers
will gleefully send *millions* of messages per day, each.

And if they were successful in doing that they'd no doubt send more
(that is, it might even become an effective advertising channel, why
not, it's just about free so return on investment can be tiny and
appear quite successful.)

To handle that deluge requires hardware and bandwidth which means
money, expanded without any control or check (since the spammers
aren't paying why shouldn't they double their requirements on you?
Doesn't cost them double, doesn't cost them much anything.)

No one is paying for that at this point, and the business sense is
that subscribers aren't interested in paying say, double what they pay
now for spam-able accounts.

In fact the subscribers, in my non-trivial experience, are most
vociferous about demanding that spam be blocked, tend to hold the ISP
responsible (since no one else is available to blame), and consider
blocking spam a valuable service (as I said if you believe otherwise
then perhaps you can be the next AOL, go for it.)

Anyhow, I say that your sentiment amounts to principle at someone
else's expense.

Spammers will have "rights" when they pay their way.

Right now they're just the graffitti vandals of the net, and no they
can't paint their message on my store just because maybe one of my
customers likes graffitti art.

But if you think otherwise by all means go for it and start your
service.

Yes, right now the techniques Paul has used are for blocking his notion of

> Spam, a certifiable Bad Thing(tm). What is to prevent, say, China from
> requiring all ISP operators to take an "Anti-Party" Black-Hole Feed,
> blocking IP blocks where "dangerous" ideas are found on some hosting
> operators Web Servers? There is already at least one ISP in the US that

People would simply have to protest effectively (eg, via their
free-market options) OR THEY'RE SCREWED. Nothing can protect them,
they can do this anyhow.

C'mon, this slippery slope thing is nonsense (in the sense of yielding
any effective decision.) What if you go outside and the police all
decide to kill you? YOU'D BE DEAD. Oh well, better make sure that
doesn't happen I guess.

> filters out 'un-Christian' material, using quite primitive techniques...

So? That's their right. No doubt they'll find customers for that. And
if not, then they're bankrupt. Oh well. So long as they're not
defrauding anyone then that's their business.

What's your point? I don't get it. Sounds like you're the one trying
to control things not them, they can only control their little corner
(eg, block "un-Christian" material from THEIR site and see if there's
customers for that.)

> I'm sure they and their fellow Brothers would welcome a black hole feed
> for their and related networks to block such "evil" content as
> birth control material and other Bad Things(tm).

Ok, good for them. I disagree, but so what? Should we drag the guy out
of his house at 4AM and beat him senseless for doing this?

> This is one, I think, that once you open the door, there is no going back.

The door is wide open, always has been, always will be.

Users should be aware if their ISP is blocking something,
  no matter what it is. However, that's not a technical or
  operational issue...I'm not sure what category it is.

It's a truth-in-advertising issue, J.D.

Cheers,
-- jra

How about "ethical issue"

Rik Schneider
Unix Systems Administrator
Net Asset LLC
1315 Van Ness Ave
Suite 103
Fresno CA 93721

Not at all, Rik. The only time it becomes an ethical issue is if you
_lie_ to your paying customers about what you are doing. As long as
you tell the customers what you're doing, then they have the option to
vote with their wallets. There are better than 4000 IAPs in this
country; no one has any excuse for limiting how those people can
operate their business on this particular point on the grounds of 'free
speech'.

The first amendment only limits the _government_, anyway; this has been
the topic of much case law.

Cheers,
-- jra

Jay,

I am a little confused here. First you state that I am wrong for stating
that IAP's informing users of any blocking is an ethical issue.

Then you state that lying about any blocking is an ethics issue.

IMHO not informing customers (paying or otherwise) of these blocks is as
bad as lying about them.

Rik Schneider
Unix Systems Administrator
Net Asset LLC
1315 Van Ness Ave
Suite 103
Fresno CA 93721

Ok... this is going to get interesting...

Some of them are esentially centralsied methods of controlling Internet
content. Paul's anti-spam feed for instance prevents users of some
providers from seeing spam. The user has no choice; they cannot opt to
receive spam other than by switching to another provider. Even worse:
they may not even be aware that they are "missing" some content.

Ok, so they'll have to switch providers. As long as they were informed
that the provider they chose engaged in such filtering before either
they signed a contract, or such filtering was implemented, I don't see
that the customer has recourse.

On Tue, 28 Oct 1997, J.D. Falk replied:

  Users should be aware if their ISP is blocking something,
  no matter what it is. However, that's not a technical or
  operational issue...I'm not sure what category it is.

My observation was "truth-in-advertising", but Rik had another idea:

How about "ethical issue"

I replied:

Not at all, Rik. The only time it becomes an ethical issue is if you
_lie_ to your paying customers about what you are doing. As long as
you tell the customers what you're doing, then they have the option to
vote with their wallets. There are better than 4000 IAPs in this
country; no one has any excuse for limiting how those people can
operate their business on this particular point on the grounds of 'free
speech'.

The first amendment only limits the _government_, anyway; this has been
the topic of much case law.

Then, Rik replied:

I am a little confused here. First you state that I am wrong for stating
that IAP's informing users of any blocking is an ethical issue.

Ok...

Then you state that lying about any blocking is an ethics issue.

Yes. They're not the same thing.

IMHO not informing customers (paying or otherwise) of these blocks is as
bad as lying about them.

Don't disagree. My point is that the thrust of your commentary
appeared to be that you agreed with Dan Karrenberg, that blocking was
in itself, unethical.

My point is simply that I feel it's a simple business matter of truth
in advertising, and that appeal to the (usually more ethereal) topic of
ethics isn't really necessary.

Cheers,
-- jra

As a customer with separate ISP connections for business and personal use, I would
pay, as a feature, for SPAM blocking that was managed by my ISP. I believe ALL your
major business customers would pay to have SPAM blocked from delivery to their
employees.

Being upfront with your customers will most likely be very beneficial, as well as
mildly profitable.

Cheers,

Marty

Rik Schneider wrote:

I agree. My point was that not informing ones customers about said filters
is effectively lying.

Rik Schneider
Unix Systems Administrator
Net Asset LLC
1315 Van Ness Ave
Suite 103
Fresno CA 93721

I really don't want to get into moral arguments on NANOG, but
  this one I really take issue with.

<SOAPBOX>

  Specificially, I feel that it is Very Very Wrong[TM] to charge
  people so that they don't receive messages that almost everybody
  agrees should not be sent to them in the first place!

  If the spammers had not been allowed to run rampant for as long
  as they currently have (and we all know who let them do that),
  this would not even be considered a viable option.

</SOAPBOX>

If you're willing to do for FREE, all the better! The point that I was making is
that as a customer I see "value" in having SPAM blocked. This would be an
extremely valued "feature" for business customers. You may lose customers by not
telling them even though you may be filtering for other reasons such as network
abuse. They may go to another ISP who is promoting a "SPAM free network" whether
or not it is technically feasible -- just as long as they're trying and working
with customers to eliminate it.

The bottom line...if you do filter, tell us [customers], and we thank you...

As far as letting spammers run rampant for a while, well, what's done is done.
The same thing should have been said about computer viruses. Viruses will be
with us for a long time, if not forever...and a lot of money has been made on
virus protection. Hell, who ever thought McAfee could buy a $1.3 billion dollar
company...

Cheers,

Marty

J.D. Falk wrote:

Certainly. But I don't recall anyone even striking a glancing blow off
the _side_ of suggesting that...

Cheers,
-- jra

The whole discussion is cuckoo.

Here's a better idea: If someone wants to advertise why don't they
figure out a way to do business so everyone is reasonably happy,
rather than starting wars and trying to appeal to some crazy
interpretation of "rights" made to absolutely no one (letters to the
editor, only there is no editor, as Larry Wall once put it)?

This isn't assisted suicide or abortion or some similar emotional,
moralistic issue.

It's spam, it's advertising, it's business (or some bizarre perversion
thereof.)

If it doesn't make those who have to pay for its resources a buck (or
some equivalent tangible benefit) THEN TO HELL WITH IT.

All these crazy schemes proposing to make spam somehow more "fair" are
just that: CRAZY.

Pay money and people will be happy.

Steal resources, annoy people to no possible benefit to them, bombard
them 24 hrs/day with come-ons for porn and transparently fraudulent
business claims and pyramid schemes and chain letters etc and they
won't be happy.

It's not that hard to understand: Pissing people off is not a great
way to do business. In fact, it doesn't work.

Anything else is nothing but a pretty good simulation of severe mental
illness, very simple really.

I agree with the fundamental principle, however, some people are making
money at UBE without regard to who, or how many people they piss off. The
money is being made in selling software to do spamming, or running services
that spam. At AGIS, we've seen it all. Address mungers, relay hijackers,
bcc bombers, etc.

It has always been our intent to stop this kind of abuse of technology.
Albeit, our position and motives were misunderstood, our end has always
been clear.

UBErs exploit the weaknesses in the email infrastructure of the net. I
still believe that until we can find technological solutions the the theft
of service and forgery issues, spam as we know it will continue.

Phil Lawlor
President
AGIS
Voice - 313-730-1130
Fax - 313-563-6119

The whole discussion is cuckoo.

Here's a better idea: If someone wants to advertise why don't they
figure out a way to do business so everyone is reasonably happy,
rather than starting wars and trying to appeal to some crazy
interpretation of "rights" made to absolutely no one (letters to the
editor, only there is no editor, as Larry Wall once put it)?

This isn't assisted suicide or abortion or some similar emotional,
moralistic issue.

It's spam, it's advertising, it's business (or some bizarre perversion
thereof.)

If it doesn't make those who have to pay for its resources a buck (or
some equivalent tangible benefit) THEN TO HELL WITH IT.

All these crazy schemes proposing to make spam somehow more "fair" are
just that: CRAZY.

Barry, I hate to have to say this, you are my revered elder...

but I think you missed the point of this thread.

No one's trying to make "spam more fair".

We're trying to stomp it out.

Pay money and people will be happy.

Steal resources, annoy people to no possible benefit to them, bombard
them 24 hrs/day with come-ons for porn and transparently fraudulent
business claims and pyramid schemes and chain letters etc and they
won't be happy.

It's not that hard to understand: Pissing people off is not a great
way to do business. In fact, it doesn't work.

Anything else is nothing but a pretty good simulation of severe mental
illness, very simple really.

Perfectly correct. No one, even Phil Lawlor (surprisingly enough,
perhaps) is trying to advocate spam. What was being debated was
whether the practice of implementing filtering on a transit site was
1) legal and 2) ethical.

The concensus seems to be that it's only even close to unethical if you
do it and don't at least inform users, much less let them opt out. No
one's suggested it's illegal.

And I think even the "unethical people" wouldn't argue with BGP
blackholing if the target was engaging in denial of service attacks.

How do you configure your router for that?

See http://maps.vix.com.

Cheers,
-- jra

>
>Steal resources, annoy people to no possible benefit to them, bombard
>them 24 hrs/day with come-ons for porn and transparently fraudulent
>business claims and pyramid schemes and chain letters etc and they
>won't be happy.
>
>It's not that hard to understand: Pissing people off is not a great
>way to do business. In fact, it doesn't work.

I agree with the fundamental principle, however, some people are making
money at UBE without regard to who, or how many people they piss off. The
money is being made in selling software to do spamming, or running services
that spam. At AGIS, we've seen it all. Address mungers, relay hijackers,
bcc bombers, etc.

It has always been our intent to stop this kind of abuse of technology.
Albeit, our position and motives were misunderstood, our end has always
been clear.

I don't believe that's true Phil.

The bottom line is this - delivering unsolicited email to me of *any kind*
which is unwanted (ie: solicitations, pyramid schemes, etc) is *theft of
service*.

Period.

The "IEMMC", which you were involved in at AGIS, was a fraud.

Period.

It was a fraud PRECISELY because it did not organize to handle broadcast
solicitations via the ONLY means that are defensible - that is, OPT IN.

OPT OUT is fraudulent EVEN IF IT ACTUALLY WORKS. Its a fraud because the
spammer STEALS FROM THE RECIPIENT AND THEIR ISP initially, then tells
them they won't steal any more if they ask that you not do so.

The point is that the spammer has no right to steal *IN THE FIRST PLACE*.

It doesn't matter how much or how little is stolen.

That's just not the point from a moral and/or ethical point of view. If
you steal a penny from me, you've still stolen and you've still committed
a fraud against me. Whether I can prosecute you for the theft of that
penny and see you sent to jail isn't the point.

This country has declined in its morals to the point that if I can't put
you in jail for what you do then you deem it to be "ok".

That has NEVER been the case, and it NEVER will be.

Deception, fraud, theft. They are what UBE is all about. ISPs who shelter
people who commit these acts are themselves complicit in the act. The excuse
evaporates as soon as you become aware.

Today, the rule is "anything for a buck". Its sad, but its what's happening.

UBErs exploit the weaknesses in the email infrastructure of the net. I
still believe that until we can find technological solutions the the theft
of service and forgery issues, spam as we know it will continue.

Phil Lawlor
President
AGIS
Voice - 313-730-1130
Fax - 313-563-6119

You either stand for what is right, or you don't.

Theft is immoral. Leave aside the legalities of the issue, and whether I
can send you up the river for it. They're cute discussions, but they're not
related to the actual issue, which is that UBE is *wrong*.

This sounds nice and principled but who is going to pay the bill for
the spam? It's non-trivial.

The spammers pay by hooking up with an ISP. How do your customers pay the
recipients of their messages for them downloading them? Have you not noticed
that email delivery is a cooperative process?

Matt.