sorbs.net contact?
I see from the archive that there is someone on this list who is a contact for sorbs.net. Please contact me offline as soon as possible. No, forty eight hours isn't going to cut it. Thanks :-) -- mailto:[EMAIL PROTECTED] // IM:layer3arts voice: 402 408 5951 cell : 402 301 9555 fax : 402 408 6902
Re: Sorbs.net
On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote: Look, if I want to publish a blocklist of all domains with the string er in them and all IP addresses ending in .7, that would be a silly thing to do: but after all, it's just a list. There are consequences, of course, to doing irresponsible things, and to misleading your subscribers, and to blocking email that your subscribers didn't authorize you to block. Well, you know, as much as a pain as everyone seems to think SORBS is, this approach to the thing has a certain baby/bathwater feel to me, Dean: it seems to make running a blacklist *at all* A Bad Thing... which, my perception is, is *not* the sense of the Net. As for didn't authorize you to block, two thoughts come to mind: first, the person with the last clear chance in a mail blacklisting situation is the mail admin in question, is it not? If you're running blacklists, and you're concerned about what they block, I should think it would be up to you to back-check the judgement of the BL operator by doing end-to-end testing. And second, to the extent that you *are* using a given list, I suspect (and IANAL, of course), that you are -- constructively -- allowing them to act as your agent for the purpose of deciding which mail to block (absent caselaw to the contrary, which I'll admit I haven't researched), which gives you a lot less leeway to be mad at them. And of course, the only *real* liability you ought to have in the first place is to *your users*, and as long as you're disclosing to them that you use mail BL's, then that one's a bit arguable, as well. Cheers, -- jr 'IANAI,E' a -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Sorbs.net
On Mon, 28 Mar 2005, Jay R. Ashworth wrote: On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote: There are consequences, of course, to doing irresponsible things, and to misleading your subscribers, and to blocking email that your subscribers didn't authorize you to block. Dean: it seems to make running a blacklist *at all* A Bad Thing... which, my perception is, is *not* the sense of the Net. Not at all. Responsible blacklisting doesn't have to do irresponsible things. For example, most people agreed that MAPS had no business blocking Exactis; Exactis didn't meet the MAPS definition for blacklisting. SORBS clearly doesn't have to lie about Av8 Internet's address blocks: 130.105/16 and 198.3.136/21. etc. I'm definitely not saying that all blacklisting is bad: It isn't. As for didn't authorize you to block, two thoughts come to mind: first, the person with the last clear chance in a mail blacklisting situation is the mail admin in question, is it not? If you're running blacklists, and you're concerned about what they block, I should think it would be up to you to back-check the judgement of the BL operator by doing end-to-end testing. I agree the mail admin is usually the last chance for assessing BL reputation before use. But nearly every call I make to an admin using SORBS results in a response of the sort: Gee, I didn't know they were doing this sort of thing, give me a second...they're gone. let me know if you any more problems. Before that it was ORBS, etc--the list is long and ignomious. But most people in the know just know. Its the people not in the know who get misled. And second, to the extent that you *are* using a given list, I suspect (and IANAL, of course), that you are -- constructively -- allowing them to act as your agent for the purpose of deciding which mail to block (absent caselaw to the contrary, which I'll admit I haven't researched), which gives you a lot less leeway to be mad at them. I agree. But they said they were going to block _spam_. They don't usually say 'we're going to use the list to boycott non-spammers'. And they don't usually say they just block whoever we feel like. They usually don't say we want you to help us on our non-spam vendetta quest. They usually say they are trying to block spam. They usually have some criteria for blocking, which they then violate. And of course, the only *real* liability you ought to have in the first place is to *your users*, and as long as you're disclosing to them that you use mail BL's, then that one's a bit arguable, as well. However, most ISPs don't disclose what BL they use until there is a problem. I've yet to find the BL listed in the product service description for email services. And I've never found an ISP that says We're going to participate in boycotts for personal vendetta's, your email is a weapon for us. The BLs don't say that to the subscribers/ISP's; the ISPs don't say it to the users. Neither the ISPs nor the end users want that. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Re: Sorbs.net
Hi folks. A few points about Sorbs (I've also started a web site www.iadl.org to track abuse of the internet for defamation purposes. The web site isn't finished, yet.) 1) Someone said Sorbs is just Matthew Sullivan. Well, _Sullivan_ said it isn't just him. Yeah, sure, that has credibilty... However, my own experience with Sorbs has revealed that it is also Alan Brown (formerly of ORBS) and Kai Schlicting. We all remember Alan from the ORBS shutdown, I hope. Alan was found by three courts in separate cases to be defaming people (two by using a blacklist). Well, Alan claimed our address space was hijacked and that the OSF didn't exist anymore. This was picked up verbatim by Sorbs. When I contacted Sullivan to tell him this was false, Schlichting send an anonymous message from [EMAIL PROTECTED] to The Open Group. (www.osf.org goes to www.theopengroup.org). After that, they dropped the part of OSF not existing anymore. [You all know the The Open Group (TOG): They do Motif, X Window System, DCE, CDE (used on sun, hp, compaq, ibm, etc). They own the Unix trademark, XPG4 suite, they do standards compliance testing, etc. They do lots of things.] The general counsel for TOG forwarded me the defamatory email from Schlicting demanding that TOG explain why we provide them services and why we are allowed to use 130.105/16 and other nonsense. Here's just a sample, indentation his: however ARIN regulations and their predecessor's (the Internic: operations funded by ARPANET) regulations make it quite clear that the resources allocated by these registries are for the public benefit, and are nothing short of a government grant for use of a public, shared resource. Government grants are not transferable without explicit and advance permission, and their beneficial details and use are open to the public for inspection, and likely covered by the FOIA. Yeah, right. The message was anonymous, from [EMAIL PROTECTED], which I tracked back to Schlichting. After a complaint to their hosting provider, (at the time, XO), Sorbs was apparently booted from XO for its defamatory statements in violation of XO's AUP. Another Sullivan site that was threatening mailbombing was also booted. Interestingly, Sullivan tried to convince XO that Sorbs.net and dnsbl.sorbs.net were different and that he wasn't responsible for dnsbl.sorbs.net, and so XO shouldn't boot www.sorbs.net. XO didn't buy it, I guess. SORBS was then given hosting by ISC.ORG, which doesn't have an AUP (interesting by itself), and apparently doesn't mind being associated with court-proven liars and mailbombers. Also interestingly, the Sorbs web site contains (or used to contain) a lot of logos for vendors. At first glance, these seem to be endorsements or support. But if you read the text, it just says not to complain to these other companies about Sorbs. Sorbs did claim that Sun donated equipment. I contacted Sun in Australia, and they had no record of donating anything to Sorbs. The most I have been able to find out about Sullivan is that he is/was a student at the University of Queensland in Australia. In his email to me, he claimed that I should sue him because he has no assets. Well, indeed, we can sue him for defamation and expect the similar results as in the 3 similar ORBS lawsuits. Brown/ORBS tried to say his false claims were just opinion. As did MAPS in Exactis V. MAPS. Interestingly, in his messages to me, Sullivan claimed that the (US) First Amendment protects him. This has been refuted in US courts and is a frivolous claim even in the US, but certainly it doesn't protect Australians in Australia. The court, in addressing ORBS's false claims, noted they were basically a personal attack. But, indeed, I have not so far located any substantial assets other than Sorbs itself, which doesn't seem very substantial. I'm still looking. Australian law gives us 5 years from the last false claim to file suit. So we have (at least) until March 2010. If anyone has any more information about Sullivan or his personal assets, please let me know. I note that Brown lost his ISP to pay for damages in his ORBS court cases. This was followed by a strategy posted by Ron Guillmette for preventing assets from being put at risk by abusive blacklists. Sullivan seems to be following that strategy. When Sullivan says sue me I have no assets, he's telling me that it is of little point to lay out $50K to sue someone who's economic substance amounts to being barely above homeless and who almost certainly can't pay the damages when they lose. Rich Kulawiec mused: On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote: unfortunately, that *still* didn't stop people from using
Re: Sorbs.net
o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli? It has happened, in a legal sense anyway. See Exactis V. MAPS. One of Exactis' claims was civil extortion. (Claim 4 on complaint). Exactis also claimed that MAPS could block 40% of their email, an that this was a denial of service and interference with communications in violation of Colorado's electronic communication privacy act. MAPS moved for dismissal but was denied. Exactis was granted a temporary restraining order (TRO). This is significant, given the case was settled. The standard for granting such an order is that the stated case, if the asserted facts are assumed true, must be able to win on the stated law. In other words, it has state enough facts to fulfill the claimed statutory requirements. To explain TROs, let me put it this way: Imagine you have a washing machine where you have to put the right coins in the right slots to get it work. For the TRO, if they have all the right coins (assuming they are real), for all the right slots in the law, (and they pay bond), they get it. The trial is where the judge checks to see that the coins are real. Getting a TRO is a strong indicator of the technical merits of their case. If the defendant can't show some of the asserted facts false, they will almost certainly lose. o the tscs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly? Its voluntary except that the subscribers are misled as to the purposes of the blacklist. The abuse of by blacklist is not something subscribers voluntarily agreed to. No subscribers agreed to have their non-spam mail intentionally blocked. Demanding payment for generated spam, in return for de-listing is pretty plainly extortion. Here is the Colorado statute: (Caps from state page) (1) A PERSON COMMITS CRIMINAL EXTORTION IF: (a) THE PERSON, WITHOUT LEGAL AUTHORITY AND WITH THE INTENT TO INDUCE ANOTHER PERSON AGAINST THAT OTHER PERSON'S WILL TO PERFORM AN ACT OR TO REFRAIN FROM PERFORMING A LAWFUL ACT, MAKES A SUBSTANTIAL THREAT TO CONFINE OR RESTRAIN, CAUSE ECONOMIC HARDSHIP OR BODILY INJURY TO, OR DAMAGE THE PROPERTY OR REPUTATION OF, THE THREATENED PERSON OR ANOTHER PERSON; AND (b) THE PERSON THREATENS TO CAUSE THE RESULTS DESCRIBED IN PARAGRAPH (a) OF THIS SUBSECTION (1) BY: (I) PERFORMING OR CAUSING AN UNLAWFUL ACT TO BE PERFORMED; OR (II) INVOKING ACTION BY A THIRD PARTY, INCLUDING BUT NOT LIMITED TO, THE STATE OR ANY OF ITS POLITICAL SUBDIVISIONS, WHOSE INTERESTS ARE NOT SUBSTANTIALLY RELATED TO THE INTERESTS PURSUED BY THE PERSON MAKING THE THREAT. Seems like the victim is induced against their will to perform or refuse to perform a lawful act, Seems like a blacklist is a 'substantial threat to cause economic hardship'. Thats a) I'm not sure I understand b)I. I don't know if an Unlawful act here means something that is civilly unlawful, such as unlawful participation in a group boycott, or unlawful interference in a contract. Or if it requires criminally unlawful act, like threatening physical harm. Seems like the actions of the subscribers of the blacklist fullfill b)II because their interests are different from those of the blacklist. Subscribers interests in in blocking spam, not ham. Spam doesn't usually come from companies that would sue for extortion, like Exactis. CAN-SPAM establishes a definition for what can be considered spam. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Re: sorbs.net
.. it means that the guy should know when to do it - and when not to. And he should be reachable, and should know enough to realize he's screwed up, and to fix it. Sadly, this is rather less common than simply knowing how to throw filters in - that's the easy part. Kind of like the difference between a mining engineer triggering carefully shaped and placed demolition charges, and Wile E Coyote lighting the fuse on a bundle of dynamite. There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering and there is no formal oversight for Internet network engineering. This is the fundamental problem in Internet operations today. Too many cowboys and Wile E Coyotes. --Michael Dillon P.S. Has anyone else had a look at the PITAC report to the President on Cyber Security? http://www.itrd.gov/pitac/
Re: sorbs.net
On Tue, 22 Mar 2005 09:35:02 +0530, Suresh Ramasubramanian [EMAIL PROTECTED] said: Suresh Luckily, quite a few people who turn on dumb spam filters do Suresh turn them off when contacted and told about their bad Suresh filtering. Some make the mistake of not doing so - and Suresh they'll be destined to lose email for their users, on a Suresh permanent basis. I wish it were always so easy. I've been talking to an administrator lately who's policy is that loosing occasional email is ok if it means we keep out a whole bunch of spam. If they're that far over the fence I'd need a strong bull with a long rope to try to pull them back to my side. I keep trying to tell him I'm potentially losing business due to his position, but he's convinced spam is worse. Some people simply can't be educated. -- In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find. -- Terry Pratchett
Re: sorbs.net
On Tue, 22 Mar 2005 07:27:21 PST, Wes Hardaker said: I wish it were always so easy. I've been talking to an administrator lately who's policy is that loosing occasional email is ok if it means we keep out a whole bunch of spam. If they're that far over the fence I'd need a strong bull with a long rope to try to pull them back to my side. I keep trying to tell him I'm potentially losing business due to his position, but he's convinced spam is worse. Some people simply can't be educated. On the other hand, which should he choose - *you* losing business due to his position, or *HIM* losing business if he takes the other position? If he lowers his spam filters enough to allow your *potentially* lost business through, and he loses 10% of his customers to someplace that has a heavier-duty spam filter policy, are you going to repay him for that lost revenue? pgp1s8OFT7Buo.pgp Description: PGP signature
Re: sorbs.net
On Tue, 22 Mar 2005 07:27:21 -0800, Wes Hardaker [EMAIL PROTECTED] wrote: I wish it were always so easy. I've been talking to an administrator lately who's policy is that loosing occasional email is ok if it means we keep out a whole bunch of spam. If they're that far over That is a far cry from far dumber filtering mistakes that keep happening, and that I have an issue with. If an admin has spam in hand - go ahead. Block till its fixed, if the numbers add up the way this guy says. And be prepared to listen, and to unblock If you are blocking based on your misreading of forged spam, or are implementing over-extreme filters, and dont want to listen to complaints about it, or to address false positives, consider downgrading the infrastructure you manage from production mailserver to etch a sketch More on spam-l or some other more appropriate list. I'm starting to repeat myself -srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: sorbs.net
On Tue, Mar 22, 2005 at 09:47:00AM +, [EMAIL PROTECTED] wrote: There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it? Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: sorbs.net
On Tue, Mar 22, 2005 at 09:47:00AM +, [EMAIL PROTECTED] wrote: There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it? For those who have never heard of Wikipedia, it is an online encyclopedia that anyone can contribute to. However, it is not a free-for-all. There is some structure to it and it has evolved to the point where where it really does provide accurate and comprehensive information at least equal to the big paper encyclopedias. It could actually help us solve the problem of getting best practices published. However, the Mediawiki tool itself is not the solution to the problem, only a vehicle towards a solution. We would need a large percentage of NANOG members to write (or review and correct) sections relating to their expertise. And Jay, before you put up this site, I suggest that you think long and hard about who will run/promote the site. The technical aspect of getting MediaWiki running on a server are trivial. The real challenge is in promoting the site and getting a high enough calibre of contributor. That will mean repeated status update presentations at NANOG meetings and a lot of chasing people in hallway discussions to get them to contribute. However, it could work and I'm glad that you suggested this because it is a nice incremental and evolutionary technique to collect and publish the knowledge of the profession. --Michael Dillon
Re: sorbs.net
On Tue, Mar 22, 2005 at 04:38:27PM +, [EMAIL PROTECTED] wrote: [ Me: ] If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it? For those who have never heard of Wikipedia, it is an online encyclopedia that anyone can contribute to. However, it is not a free-for-all. There is some structure to it and it has evolved to the point where where it really does provide accurate and comprehensive information at least equal to the big paper encyclopedias. In general, and you can get a fairly good idea of the provenance of a given fact if you need to rely on it for something. It could actually help us solve the problem of getting best practices published. However, the Mediawiki tool itself is not the solution to the problem, only a vehicle towards a solution. We would need a large percentage of NANOG members to write (or review and correct) sections relating to their expertise. Correct: we would. I'm a fairly good general and structural editor, but for this, I'd likely even need for someone(s) to contribute a good structural framework onto which to hang the necessary information. Wiki's *do* have the nice advantage that the content is structure free: you can build and rebuild any ontology around the information that suits you, and indeed multiple ones (topic index, tutorial, etc) around the *same* information. And Jay, before you put up this site, I suggest that you think long and hard about who will run/promote the site. The technical aspect of getting MediaWiki running on a server are trivial. The real challenge is in promoting the site and getting a high enough calibre of contributor. That will mean repeated status update presentations at NANOG meetings and a lot of chasing people in hallway discussions to get them to contribute. As far as running it, I was considering letting Wikipedia do it. They've got a service that the founder of Wikipedia cooked up called Wikicities; same rough idea as Geocities (centralized hosting, your content), but they're pickier about who'll they'll start one for (for obvious reasons). I need to investigate whether they host those sites on the Wikipedia cluster (where, in general, the connectivity and support are reasonably good and improving)... though as you note, installing and maintaining a small one is pretty trivial. As far as promoting it? If we build it, they will come. Google is your friend. Making clear what it is and who's writing for it is enough for the second-tier visitors, and they'll likely word-of-mouth it to the first-tier. As far as I can see, the fact that it's all in one place makes the making the net a better place motivation more applicable. However, it could work and I'm glad that you suggested this because it is a nice incremental and evolutionary technique to collect and publish the knowledge of the profession. I've become *quite* fond of Wiki's for knowledge capture. The ease of editing and linkage locality of reference they provide make it *much* simpler for people to post the things they know and believe (though distinguishing the two can be ... interesting at times). Not alone because I *am* a network operator (however customer-side and small) who knows that they don't know everything, it's something I'd like to see happen. Somehow. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: sorbs.net
On Mon, Mar 21, 2005 at 10:55:13AM -0500, Jason Slagle wrote: This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and only know it'll help eliminate spam, and they turn it on. Then they generate support load when their email breaks. Average user, or even sysadmin, doesn't know about dnsbl's. To state that you make a concerted effort to use them nowadays may be false. Spamassassin comes out of the box poking SORBS and adding score if it's in there. I turned it off because of questionable listings, but how many users of SA know how to do that? This sounds like an excellent sales point for value added mail processing... Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
Re: sorbs.net
On Mon, 21 Mar 2005, Jason Slagle wrote: Lady was running exchange. She had the Symantec virus/spam/crap filter for it installed.. All email to her was bouncing with a 550 spam site deny. We jerked around with it for quite some time before we realized that one of the dnsbl's that the Symantec product was using was returning positive for ALL queries. This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and actually the risk being run is 'not understanding what you are doing' :( mark this admin of mail systems up with the others who blithely use ANY RBL without knowing how/what/where/when it gets made. -Chris
Re: sorbs.net
On Mon, 21 Mar 2005 10:58:00 -0500, Jay R. Ashworth [EMAIL PROTECTED] wrote: This sounds like an excellent sales point for value added mail processing... It is not just clueless end user exchange admins who deploy dumb filter rules. If I had a nickel for every time I've run into stupid spam filtering (read: filtering that affects mail from my over 40 million users, because an admin was too dumb to read forged headers) at surprisingly large operators [ISPs, huge corporate networks etc] I'd be rich. Luckily, quite a few people who turn on dumb spam filters do turn them off when contacted and told about their bad filtering. Some make the mistake of not doing so - and they'll be destined to lose email for their users, on a permanent basis. Its that old Spiderman quote - With great power comes great responsibility. Having root / enable / postmaster access at a site means its not enough to know how to do access list 101 deny or vi /etc/mail/access .. it means that the guy should know when to do it - and when not to. And he should be reachable, and should know enough to realize he's screwed up, and to fix it. Sadly, this is rather less common than simply knowing how to throw filters in - that's the easy part. Kind of like the difference between a mining engineer triggering carefully shaped and placed demolition charges, and Wile E Coyote lighting the fuse on a bundle of dynamite. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: sorbs.net
On Tue, 15 Mar 2005, Paul G wrote: unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp. if you don't consider a blacklist to be usable by the public, don't publish it. however, publishing a draconian blacklist seems to get you a 'hardcore' label/clout in certain circles and is thus irresistible for some. Sorry if this thread is older, but I ran into a PRIME operational example of this last week that cost one of the techs here a few hours headache. Lady was running exchange. She had the Symantec virus/spam/crap filter for it installed.. All email to her was bouncing with a 550 spam site deny. We jerked around with it for quite some time before we realized that one of the dnsbl's that the Symantec product was using was returning positive for ALL queries. This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and only know it'll help eliminate spam, and they turn it on. Then they generate support load when their email breaks. Average user, or even sysadmin, doesn't know about dnsbl's. To state that you make a concerted effort to use them nowadays may be false. Spamassassin comes out of the box poking SORBS and adding score if it's in there. I turned it off because of questionable listings, but how many users of SA know how to do that? Food for thought. Jason -- Jason Slagle /\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .
Re: sorbs.net
What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? They don't decide. I do. This is not factually true. The USPS has a Postal Inspection Service that can intercept your mail for various reasons. Details are in 39 USC 3013. The quote below comes from a report on their activities for the year ended March 31 2004. During that period there were 21 withholding mail orders issued. -quote begins--- POSTAL INSPECTION SERVICE The Postal Service reports to the Office of Inspector General information related to investigative activities designed to protect the public against unscrupulous mailers perpetrating fraudulent schemes. The following information summarizes the administrative and judicial actions initiated and resolved during the reporting period. These actions include the issuance of cease and desist orders directed to mailers, actions to intercept payments fraudulently induced, and orders seeking to intercept fraudulent mailings. --quote ends-- In operations of any sort, network or otherwise, it is important to get the facts straight to ensure that you are not acting on the basis of bogus information. --Michael Dillon
Re: sorbs.net
Hannigan, Martin [EMAIL PROTECTED] wrote: Third and finally, if you are really not a spammer, or you are truly reformed, de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and not connected with, SORBS for each spam received relating to the listing (This is known and refered to as the SORBS 'fine'). That doesn't make a lot of sense. It's an interesting answer to the BotNet spamming problem, but not really a solution, IMHO. [EMAIL PROTECTED] is who you want to talk to, IIRC. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED The wisdom of a fool won't set you free --New Order, Bizarre Love Triangle
Re: sorbs.net
On Wed, 16 Mar 2005 [EMAIL PROTECTED] wrote: What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? They don't decide. I do. This is not factually true. The USPS has a Postal Inspection Service that can intercept your mail for various reasons. Details are in 39 USC 3013. The quote below comes from a report on their activities for the year ended March 31 2004. During that period there were 21 withholding mail orders issued. OK, they decide, for extremely small values of decide. 21 withholding mail orders vs. how many trillions of items handled? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
sorbs.net
Nanog, Anyone on the list involved with this project? I need to speak to someone ASAP. No, I am not going to pay your ridiculous fine. -- /m I bet the human brain is a kludge. - Marvin Minsky
RE: sorbs.net
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Micah McNelly Sent: Tuesday, March 15, 2005 12:59 PM To: nanog@merit.edu Subject: sorbs.net Nanog, Anyone on the list involved with this project? I need to speak to someone ASAP. No, I am not going to pay your ridiculous fine. From http://www.us.sorbs.net/faq/spamdb.shtml Third and finally, if you are really not a spammer, or you are truly reformed, de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and not connected with, SORBS for each spam received relating to the listing (This is known and refered to as the SORBS 'fine'). That doesn't make a lot of sense. It's an interesting answer to the BotNet spamming problem, but not really a solution, IMHO. -M
Re: sorbs.net
From http://www.us.sorbs.net/faq/spamdb.shtml Third and finally, if you are really not a spammer, or you are truly reformed, de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and not connected with, SORBS for each spam received relating to the listing (This is known and refered to as the SORBS 'fine'). That doesn't make a lot of sense. It's an interesting answer to the BotNet spamming problem, but not really a solution, IMHO. It's just cynicism at it's best. I like people who can be smartasses without being asses, but this is ridiculous if they want to be a serious service, and cute if they are looking to make jokes. Gadi.
Re: sorbs.net
From [EMAIL PROTECTED] Tue Mar 15 11:59:40 2005 Date: Tue, 15 Mar 2005 09:59:21 -0800 From: Micah McNelly [EMAIL PROTECTED] To: nanog@merit.edu Subject: sorbs.net Nanog, Anyone on the list involved with this project? I need to speak to someone ASAP. No, I am not going to pay your ridiculous fine. SORBS is a one-man operation out of Australia. I really doubt that he participates in the NORTH AMERICAN network operators group. SORBS -- like _any_ other blocklist -- is simply an expression of opinion. if you feel that somebody is 'wrongly' blocking mail because of a SORBS listing, your _first_ step should be to contact *that* party, and request that either (a) they stop using SORBS, or (b) that they 'whitelist' you. *THEY* are the ones that made the decision to block your mail to their system. Contact means for SORBS *is* provided on the web-site. it works reliably. Be advised, however, that a 'need' on your part does not translate to urgency on the part of anyone else. Note: *Nobody*, not even SORBS, says you 'have to' make that charitable contribution. All the 'spam' listings _do_ age off the SORBS system, eventually. Caveat: I have nothing to do with SORBS. I don't use it -- or *any* blocklist, for that matter -- myself (I use other means that are better suited for _my_ requirements). I don't even know the operator thereof. Everything I've said is based on published and publicly available information.
Re: sorbs.net
Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery? What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? /m Robert Bonomi wrote: From [EMAIL PROTECTED] Tue Mar 15 11:59:40 2005 Date: Tue, 15 Mar 2005 09:59:21 -0800 From: Micah McNelly [EMAIL PROTECTED] To: nanog@merit.edu Subject: sorbs.net Nanog, Anyone on the list involved with this project? I need to speak to someone ASAP. No, I am not going to pay your ridiculous fine. SORBS is a one-man operation out of Australia. I really doubt that he participates in the NORTH AMERICAN network operators group. SORBS -- like _any_ other blocklist -- is simply an expression of opinion. if you feel that somebody is 'wrongly' blocking mail because of a SORBS listing, your _first_ step should be to contact *that* party, and request that either (a) they stop using SORBS, or (b) that they 'whitelist' you. *THEY* are the ones that made the decision to block your mail to their system. Contact means for SORBS *is* provided on the web-site. it works reliably. Be advised, however, that a 'need' on your part does not translate to urgency on the part of anyone else. Note: *Nobody*, not even SORBS, says you 'have to' make that charitable contribution. All the 'spam' listings _do_ age off the SORBS system, eventually. Caveat: I have nothing to do with SORBS. I don't use it -- or *any* blocklist, for that matter -- myself (I use other means that are better suited for _my_ requirements). I don't even know the operator thereof. Everything I've said is based on published and publicly available information. -- /m I bet the human brain is a kludge. - Marvin Minsky
Re: sorbs.net
On Tue, 15 Mar 2005, Micah McNelly wrote: Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery? What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? /m Well, anyone remember the Comstock Act? But seriously, the analogy here is a bit false. It would be like the recipient of the mail signed up to use a service that inspected their mail for them, and made the decisions you are describing. You can argue that signing up for such a service is silly, wrong headed, ill informed and results in unintended consequences. But you cannot argue that it is government censorship. +- + Dave Dennis + Seattle, WA + [EMAIL PROTECTED] + http://www.dmdennis.com +-
Re: sorbs.net
It's just cynicism at it's best. I like people who can be smartasses without being asses, but this is ridiculous if they want to be a serious service, and cute if they are looking to make jokes. Gadi. I totally agree. Although $50 is a little steep. I've seen people fly in to gargantuan rant -dare I say temper tantrum- over a $5 parking fine. One only needs to charge a fine of any type to get people worked up about it. A $5 you were stupid, now pay here to get off the blacklist fine would probably be much easier to deal with for a lot more people, but still be considered No, I am not going to pay your ridiculous fine. (and there's not a darn thing you can do about it! I'm mad has heck, and by gosh, I'm not gonna take it any more!) by about the same number of people as before. The thing about running a dns blacklist, is that one doesn't have to be a serious service. One merely has to operate a blacklist on a whim, and certain [equally irresponsible] mail admins, fed up with spam, will use it no matter how ridiculous one's listing or delisting procedures are. On the flip side, when one finds their IP on a blacklist, it's nearly impossible to know how many servers are actually using the blacklist, so it's impossible to gage the seriousness of the blacklist entry. It's blacklist terrorism. And yes, I'm still kicking around the idea of a bgp route feed style aggregation blacklist. I wonder if that makes me an ip routing terrorist? :-) -Jerry
RE: sorbs.net
SORBS -- like _any_ other blocklist -- is simply an expression of opinion. if you feel that somebody is 'wrongly' blocking mail because of a SORBS listing, your _first_ step should be to contact *that* party, and request that either (a) they stop using SORBS, or (b) that they 'whitelist' you. *THEY* are the ones that made the decision to block your mail to their system. Come on, that's just nonsense. If the New York Times publishes a front page article about how you're an idiot, should you contact each individual person who reads the article and try to convince them you're not? Or should you try to convince the New York Times that they're incorrect and should publish a correction? DS
Re: sorbs.net
This is straying a bit far from network operations, and would probably be better discussed elsewhere. -Steve On Tue, 15 Mar 2005, Dave Dennis wrote: On Tue, 15 Mar 2005, Micah McNelly wrote: Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery? What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? /m Well, anyone remember the Comstock Act? But seriously, the analogy here is a bit false. It would be like the recipient of the mail signed up to use a service that inspected their mail for them, and made the decisions you are describing. You can argue that signing up for such a service is silly, wrong headed, ill informed and results in unintended consequences. But you cannot argue that it is government censorship. +- + Dave Dennis + Seattle, WA + [EMAIL PROTECTED] + http://www.dmdennis.com +- Steve Gibbard [EMAIL PROTECTED] +1 415 717-7842 (cell) http://www.gibbard.org/~scg +1 510 528-1035 (home)
Re: sorbs.net
From [EMAIL PROTECTED] Tue Mar 15 12:53:30 2005 Date: Tue, 15 Mar 2005 10:53:22 -0800 From: Micah McNelly [EMAIL PROTECTED] Subject: Re: sorbs.net Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery? *MY* opinion on that matter doesn't count for sh*t. Neither does yours. The _only_ opinion that matters is that of the *owner* of the destination mail-server. As in My server, *my* rules. Quite obviously, the server operator at the place you were trying to mail _to_ *DOES* believe that 'opinion' has a place in e-mail delivery. Like I said, the _first_ place you should take your 'problem' is to *them*. *NOBODY* is 'forced' to use SORBS, or any othe blocklist. The mail-system owners/administrators that *CHOOSE* to do so, have made a voluntary decision to restrict incoming mail to their system on that basis. THEY did it, nobody else.
RE: sorbs.net
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Bonomi Sent: Tuesday, March 15, 2005 2:11 PM To: nanog@merit.edu Subject: Re: sorbs.net From [EMAIL PROTECTED] Tue Mar 15 12:53:30 2005 Date: Tue, 15 Mar 2005 10:53:22 -0800 From: Micah McNelly [EMAIL PROTECTED] Subject: Re: sorbs.net Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery? *MY* opinion on that matter doesn't count for sh*t. Neither does yours. The _only_ opinion that matters is that of the *owner* of the destination mail-server. As in My server, *my* rules. ObOps: Blocking by SP ip addr + asking for user cash = operational problem for SP -M
Re: sorbs.net
a few questions o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli? o the tscs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly? randy
Re: sorbs.net
On Tue, 15 Mar 2005, Micah McNelly wrote: Do you really think opinion has a place in mail delivery? Yes. My mailbox. My computer. My private property. My rules. What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? They don't decide. I do. -Dan
Re: sorbs.net
On Tue, 15 Mar 2005, Micah McNelly wrote: Do you really think opinion has a place in mail delivery? Yes. For instance, you might be lucky enough to live somewhere where the the local default postal service actually obeys the 'No junk mail' sticker on your letterbox and only delivers cards and bills. What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? Sorry. The mechanics of Internet Mail delivery are more like inter-company couriers, with each company (mail server) having its own set of bonded couriers to deliver packages to remote companies. There is no lowest-common-denominator delivery service such as the USPS in Internet terms. Blacklists, in the company courier terms, are the equivilant of packages being delivered to (your company's) reception by a courier, and your company refusing to accept said packages because they do not meet with the company's guidelines (eg, sending company has a bad credit rating, as reported by the BadCreditAgency Inc). The other company's courier must then take the package back and perhaps try another office of your company. --==-- Bruce. SORBS is a one-man operation out of Australia. Note that the netblock that the primary SORBS server is in is currently having routing hiccups between connect.com.au and netgate.nz, leaving some destinations unreachable except via proxies.
Re: sorbs.net
From [EMAIL PROTECTED] Tue Mar 15 13:21:45 2005 From: Randy Bush [EMAIL PROTECTED] Date: Tue, 15 Mar 2005 11:21:35 -0800 To: nanog@merit.edu Subject: Re: sorbs.net a few questions o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli? _Legally_, it is *not* extortion, unless the thing that is 'taken' (*with* the 'under duress' consent of the victim) goes, directly or indirectly, to the party making the 'threat'. Noting also, that the legal definition of extortion requires a the property, goods or services be given up in response to a threat to do something if that property, goods or services are *not* turned over to the threatener; Thus, a situation where somebody does *not* act unless something is recieved, cannot be, legally, extortion. SORBS has been running for much longer than a year. To the best of my knowledge, strictly within their published guidlines. As with any other 'voluntary use' blocklist, it's clout is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ self regulation at work. o the tscs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly? As I understand it -- and I'm -not- an expert on SORBS -- they list individual IP addresses on various lists, for various different kinds of problems. Far and away,the biggest being originating spam. Listings _do_ age off, taking an unknown period of time after 'someone' makes a request for removal. The donation is purely voluntary, and when provided, the SORBS operator does 'expidate' handling of the removal request. For some strange reason he believe that those people are 'more serious' about ensuring that problems don't occur from their machines again. I have no opinion as to the validity of that reasoning.
Re: sorbs.net
On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said: As with any other 'voluntary use' blocklist, it's clout is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ self regulation at work. This is, of course, making the rather big assumption that the person who decided to use said blocklist: a) was fully cognizant of the list's goals and policies when they chose to use it. *and* b) is willing and able to track deviations on an ongoing basis. *and* c) whoever replaces them is also able to do so. If it was in fact textbook perfect, we'd never hear about stuff breaking when a block list goes belly up with six month's warning, and people *still* being surprised when suddenly everything returns 127.0.0.2 and a lot of mail goes kaboing. pgpz6IsqONrqL.pgp Description: PGP signature
Re: sorbs.net
From [EMAIL PROTECTED] Tue Mar 15 14:28:29 2005 To: Robert Bonomi [EMAIL PROTECTED] Cc: nanog@merit.edu Subject: Re: sorbs.net From: [EMAIL PROTECTED] Date: Tue, 15 Mar 2005 15:28:17 -0500 On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said: As with any other 'voluntary use' blocklist, it's clout is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ self regulation at work. This is, of course, making the rather big assumption that the person who decided to use said blocklist: a) was fully cognizant of the list's goals and policies when they chose to use it. nope. *and* b) is willing and able to track deviations on an ongoing basis. Yup. That _is_ an implicit part of *any* filtering/blocking job -- and many other tasks as well. That you _check_ on an ongoing basis, to make sure that the automation *is* doing what you think it is doing. *and* c) whoever replaces them is also able to do so. If they aren't competent to do the job, they shouldn't *have* the job. If management doesn't know what all the job requirements are, that is managements failing, and they _deserve_ the consequences thereof. wry grin If it was in fact textbook perfect, we'd never hear about stuff breaking when a block list goes belly up with six month's warning, and people *still* being surprised when suddenly everything returns 127.0.0.2 and a lot of mail goes kaboing. Beg to differ. textbook perfect self-regulation means that when the list starts returning excessive numbers of false positives, that 'practically everybody' _stops_using_it_. And in fairly short order. Which is, in fact, precisely what DID happen. The list operator was relying on the effectiveness of said self regulation mechanism to get the word out to those who had _not_ heard about the shutdown from other sources.
Re: sorbs.net
- Original Message - From: Gadi Evron [EMAIL PROTECTED] To: Hannigan, Martin [EMAIL PROTECTED] Cc: Micah McNelly [EMAIL PROTECTED]; nanog@merit.edu Sent: Tuesday, March 15, 2005 1:15 PM Subject: Re: sorbs.net From http://www.us.sorbs.net/faq/spamdb.shtml Third and finally, if you are really not a spammer, or you are truly reformed, de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and not connected with, SORBS for each spam received relating to the listing (This is known and refered to as the SORBS 'fine'). That doesn't make a lot of sense. It's an interesting answer to the BotNet spamming problem, but not really a solution, IMHO. It's just cynicism at it's best. I like people who can be smartasses without being asses, but this is ridiculous if they want to be a serious service, and cute if they are looking to make jokes. ... and perfect if they want to become sentimental favourites with the nanas/nanae crowd/mob, which is what they're shooting for imo. how about they buy me a lollipop if i'm a service provider who just booted a spam source and needs ip space delisted? -p --- paul galynin
Re: sorbs.net
On Tue, 15 Mar 2005 14:56:15 CST, Robert Bonomi said: If they aren't competent to do the job, they shouldn't *have* the job. If management doesn't know what all the job requirements are, that is managements failing, and they _deserve_ the consequences thereof. wry grin To misquote Randy: I encourage my competitors to choose managers that way. ;) The fact is that there's a *lot* of clue-deficient people in those jobs. Beg to differ. textbook perfect self-regulation means that when the list starts returning excessive numbers of false positives, that 'practically everybody' _stops_using_it_. And in fairly short order. The fact that so many people get caught and surprised when it goes to 100% false positives indicates that they'd likely have had *no clue* what was wrong if the false positive rate was down in to 5% to 10% range. Remember that your analysis is leaving out the fact that a lot of these people *are* clueless and subscribe to wave a dead chicken 3 times, sacrifice money to Redmond, and reboot and hope that things have miraculously changed, even with no actual change of configuration... If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using? Because enough people running networks are idiots. Why do these network even stay in business? Because their competitors are often equally mercifully free of the ravages of intelligence pgpxP30LXbdS8.pgp Description: PGP signature
Re: sorbs.net
If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using? Because enough people running networks are idiots. Why do these network even stay in business? Because their competitors are often equally mercifully free of the ravages of intelligence I'm sorry, but the correct answer that we're looking for is : Customers. Because they have customers who don't just put up with it, but encourage them by *PAYING THEM MONEY* All really stupid companies that make really stupid products, stay in business becausereally stupid customers pay them them really stupid money. So, who's stupid? This is not only relevant to network operation, but life, as a whole. It's not my opinion, it's the truth. (is it not a fun world we live in?) -Jerry
Re: sorbs.net
If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using? As MAPS found out during some early legal imbroglios, it is very easy to convince a judge that at least one ISP has subscribed to a blackhole list without understanding the full effects that this choice would produce. The whole click to agree (or press F8 after scrolling to the last page) thing from software vendors is no better. There's no way a judge (nor, one assumes, a jury) will ever believe that everyone who signalled agreement, understood. The last couple of times I've signed closing papers for a house I've had to write several times I agree, and I understand english longhand and then sign my name -- but I don't think that'd hold up to a challenge of nonunderstanding, either. Every non-P2P non-anonymous reputation system will be vulnerable to this, and every P2P or anonymous reputation system will be full of sludge. We don't have a mature enough system of accountability, anywhere in meatspace, to account for the kinds of relationship and transactions the Internet makes possible. -- Paul Vixie
Re: sorbs.net
On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote: o could this be used as a dos and then become extortion? Unlikely. Blocklists are used by choice, and blocklists which either aren't effective or don't have sane policies don't get chosen often. (See BLARS, which even blars was recommending that you don't use the last time I checked.) So if someone tried this approach, the most likely outcome is that those using it would stop and the problem would evaporate. ---Rsk
Re: sorbs.net
- Original Message - From: Rich Kulawiec [EMAIL PROTECTED] To: nanog@merit.edu Sent: Tuesday, March 15, 2005 5:43 PM Subject: Re: sorbs.net On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote: o could this be used as a dos and then become extortion? Unlikely. Blocklists are used by choice, and blocklists which either aren't effective or don't have sane policies don't get chosen often. (See BLARS, which even blars was recommending that you don't use the last time I checked.) unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp. if you don't consider a blacklist to be usable by the public, don't publish it. however, publishing a draconian blacklist seems to get you a 'hardcore' label/clout in certain circles and is thus irresistible for some. -p
Re: sorbs.net
Robert Bonomi wrote: Anyone on the list involved with this project? I need to speak to someone ASAP. No, I am not going to pay your ridiculous fine. SORBS is a one-man operation out of Australia. Not quite, though it is owned by me. I really doubt that he participates in the NORTH AMERICAN network operators group. erm, no ;-) Contact means for SORBS *is* provided on the web-site. it works reliably. Be advised, however, that a 'need' on your part does not translate to urgency on the part of anyone else. (multiple contacts) and fortunately and thanks to 18 or so _very_ hard working volunteers the response time has gone from weeks to hours (in most cases). Note: *Nobody*, not even SORBS, says you 'have to' make that charitable contribution. All the 'spam' listings _do_ age off the SORBS system, eventually. Correct - it just takes time, and depending on the reason different amounts of time. (eg if you have 'BlueRockDove' or 'NewAgeOptIn' on your network there is currently and 'indefinite' aging time) Caveat: I have nothing to do with SORBS. I don't use it -- or *any* blocklist, for that matter -- myself (I use other means that are better suited for _my_ requirements). I don't even know the operator thereof. Everything I've said is based on published and publicly available information. No, but you did a fine job of explaining it (best I have seen personally), thank you. The original poster has already noted a contact has been made, and I will watch it with interest - and the poster may note at least one of the entries has probably been resolved already. Regards, Mat
Re: sorbs.net
- Original Message - From: Matthew Sullivan [EMAIL PROTECTED] To: Robert Bonomi [EMAIL PROTECTED] Cc: nanog@merit.edu Sent: Tuesday, March 15, 2005 6:07 PM Subject: Re: sorbs.net The original poster has already noted a contact has been made, and I will watch it with interest - and the poster may note at least one of the entries has probably been resolved already. how do you justify asking me, a colo shop for example, to pay (it matters not whom) to get address space delisted? i caused the spam source to be shut down as soon as i learned of the incident, a shared hosting customer on one of my customers' machines for example, and had no practical way of preventing it from happening. in all respects, i've done all that could be practically and realistically expected of me to deal with the problem, but i can't pay $50xmessages to every blacklist operator's and their dog's chosen beneficiary every time someone dodgy signs up with one of my customers. your blacklists' 'customers' may not be aware of this issue, but you surely are, so how is this not a violation of the public trust? -p
Re: sorbs.net
On Tue, 15 Mar 2005, Paul Vixie wrote: If it *actually* worked right, why do I *ever* encounter people that don't even know what block lists they're using? As MAPS found out during some early legal imbroglios, it is very easy to convince a judge that at least one ISP has subscribed to a blackhole list without understanding the full effects that this choice would produce. The whole click to agree (or press F8 after scrolling to the last page) thing from software vendors is no better. There's no way a judge (nor, one assumes, a jury) will ever believe that everyone who signalled agreement, understood. The last couple of times I've signed closing papers for a house I've had to write several times I agree, and I understand english longhand and then sign my name -- but I don't think that'd hold up to a challenge of nonunderstanding, either. Mortgage agreement is not the best choice for comparison on how blocklists are used, its slightly different concept. Blocklist use is example of delegating responsibility which is common and rooted in our political system (and concept is in use both by government and private businesses). Since one person can not possibly make a decision about each and every detail of their life (although libertarians claim otherwise) we choose to delegate responsibility for certain tasks to certain other people or organization that specialize in those areas. This is both more manageable and as far as overall costs are concerned. By delegating the task we accept the consequence that somebody else would be making decision on our behalf on this particular subject but this is done by choice and either each person participates in directly choosing who would be doing the decision or accepts decision make by majority social group he's in or delegates making decision on who would be doing involved to somebody else (delegation chain). In terms of use of blocklists, the end-user directly delegates responsibility for making decisions about which emails are good or bad to his ISP. In parcticular if user uses email with ISP's domain name than in fact ISP has full rights to make decisions about their domain and user has to accept it by default as he/she just buys partial use with that domain, but if user has his own domain, then he/she makes decisions by buying mail hosting service and delegating responsibility regarding how email is delivered has to be explicit as part of such mail hosting service agreement. Now ISP then delegates responsibility further by choosing select list of organizations they believe are better qualified to make decision if the source of the email is good or bad - these are blocklist operators, so there exists delegation chain from end-user to blocklist operator (just like there exist delegation chain about regulations regarding telecom services which we buy, thse regulations are made by FCC which is in turn chosen by the government and approved by the parliment to which end-users deligated this reponsibility by selecting it). In each case by delegating responsibility you accept consequence that somebody else would make a decision and you have to live with such consequence, such as that those others may occasionally be wrong (and if they are wrong too often you can be vocal about it and they either change based on your comments or you make different choice). If you do not like all this, feel free (with your own domain name) to not use filtering service and make decision about every email by yourself, however the problem is that you'll spend more time on that that you could be spending on something else more productive and as such this time in fact does cost you something even if it provides you better granularity and direct access to the decisions. At the same time by delegating responsibility you accept (often free) service provide by blocklist and it is usually more cost-effective (both to each individual and definetly to society costs in general). -- William Leibzon Elan Networks [EMAIL PROTECTED]
RE: sorbs.net
MH Date: Tue, 15 Mar 2005 14:17:01 -0500 MH From: Martin Hannigan MH Blocking by SP ip addr + asking for user cash = operational problem MH for SP It could be an interesting way to make a few bucks. ;-) Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Re: sorbs.net
On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote: unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp. Then gripe at the people who chose to use it: it was *their* decision, and if it was a poor one, then they are the people who need to be held accountable for it. Look, if I want to publish a blocklist of all domains with the string er in them and all IP addresses ending in .7, that would be a silly thing to do: but after all, it's just a list. It doesn't _do_ anything until someone decides to use it for some purpose. And if they're insane enough to do so, well, shrug, so be it. It's their system/network; they're free to decline any inbound traffic they don't wish to receive. And you, and I, and everyone else who's not on their system/network, don't get a vote. ---Rsk
Re: sorbs.net
From: Martin Hannigan Blocking by SP ip addr + asking for user cash = operational problem for SP * [EMAIL PROTECTED] (Edward B. Dreger) [Wed 16 Mar 2005, 02:04 CET]: It could be an interesting way to make a few bucks. ;-) Try it and report back? Until then I think this thread is welcomed more on spam-l similar venues than here -- Niels. -- The idle mind is the devil's playground
Re: sorbs.net
NB Date: Wed, 16 Mar 2005 02:33:49 +0100 NB From: Niels Bakker NB * [EMAIL PROTECTED] (Edward B. Dreger) [Wed 16 Mar 2005, 02:04 CET]: NB It could be an interesting way to make a few bucks. ;-) NB NB Try it and report back? Until then I think this thread is welcomed NB more on spam-l similar venues than here smiley = attempt at cynical humor admittedly OT actual opinions notably absent, as such would only prolong the thread maybe it's not so far-fetched, and extortion lists [will] exist :-( I don't follow too closely these days, but thought NANOG was moderated now and that totally out-of-line threads would have been nipped in the bud. Must... grep... mailboxes... Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
RE: sorbs.net
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Edward B. Dreger Sent: Tuesday, March 15, 2005 9:04 PM To: Niels Bakker Cc: nanog@merit.edu Subject: Re: sorbs.net [ SNIP ] I don't follow too closely these days, but thought NANOG was moderated now and that totally out-of-line threads would have been nipped in the bud. Must... grep... mailboxes... The opposite. This thread is a reasonable example. People are showing displeasure at the thread and it's winding down. It's more efficient for the readers to determine what's on and off topic than the list administrators. We'll inevitably have a false positive. Using tools and visual cues is reasonable insurance against that and fosters greater communucations and hopefully cooperation amongst the readers and posters, namely us. We're still discussing the future of the mailing list on the [EMAIL PROTECTED] list and anyone can join. If you have an opinion on how the list should operate, subscribe up and post. It's been productive for the most part. -M