sorbs.net contact?

[nealr]

   I see from the archive that there is someone on this list who is a 
contact for sorbs.net. Please contact me offline as soon as possible. 
No, forty eight hours isn't going to cut it. Thanks :-)



--
mailto:[EMAIL PROTECTED] // IM:layer3arts
voice: 402 408 5951
cell : 402 301 9555
fax  : 402 408 6902

Re: Sorbs.net

[Jay R. Ashworth]

On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote:
 Look, if I want to publish a blocklist of all domains with the
 string er in them and all IP addresses ending in .7, that would be
 a silly thing to do: but after all, it's just a list.  
 
 There are consequences, of course, to doing irresponsible things, and to
 misleading your subscribers, and to blocking email that your subscribers
 didn't authorize you to block.

Well, you know, as much as a pain as everyone seems to think SORBS is,
this approach to the thing has a certain baby/bathwater feel to me,
Dean: it seems to make running a blacklist *at all* A Bad Thing...
which, my perception is, is *not* the sense of the Net.

As for didn't authorize you to block, two thoughts come to mind:
first, the person with the last clear chance in a mail blacklisting
situation is the mail admin in question, is it not?  If you're running
blacklists, and you're concerned about what they block, I should think
it would be up to you to back-check the judgement of the BL operator by
doing end-to-end testing.

And second, to the extent that you *are* using a given list, I suspect
(and IANAL, of course), that you are -- constructively -- allowing them
to act as your agent for the purpose of deciding which mail to block
(absent caselaw to the contrary, which I'll admit I haven't
researched), which gives you a lot less leeway to be mad at them.

And of course, the only *real* liability you ought to have in the first
place is to *your users*, and as long as you're disclosing to them that
you use mail BL's, then that one's a bit arguable, as well.

Cheers,
-- jr 'IANAI,E' a
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer  Baylink RFC 2100
Ashworth  AssociatesThe Things I Think'87 e24
St Petersburg FL USA  http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system administrator.  Or two.  --me

Re: Sorbs.net

[Dean Anderson]

On Mon, 28 Mar 2005, Jay R. Ashworth wrote:

 On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote:
  There are consequences, of course, to doing irresponsible things, and to
  misleading your subscribers, and to blocking email that your subscribers
  didn't authorize you to block.
 
 Dean: it seems to make running a blacklist *at all* A Bad Thing...
 which, my perception is, is *not* the sense of the Net.

Not at all.  Responsible blacklisting doesn't have to do irresponsible
things.  For example, most people agreed that MAPS had no business
blocking Exactis;  Exactis didn't meet the MAPS definition for
blacklisting. SORBS clearly doesn't have to lie about Av8 Internet's
address blocks: 130.105/16 and 198.3.136/21. etc.

I'm definitely not saying that all blacklisting is bad: It isn't.

 As for didn't authorize you to block, two thoughts come to mind:
 first, the person with the last clear chance in a mail blacklisting
 situation is the mail admin in question, is it not?  If you're running
 blacklists, and you're concerned about what they block, I should think
 it would be up to you to back-check the judgement of the BL operator by
 doing end-to-end testing.

I agree the mail admin is usually the last chance for assessing BL
reputation before use. But nearly every call I make to an admin using
SORBS results in a response of the sort: Gee, I didn't know they were
doing this sort of thing, give me a second...they're gone. let me know if
you any more problems.  Before that it was ORBS, etc--the list is long
and ignomious. But most people in the know just know. Its the people
not in the know who get misled.

 And second, to the extent that you *are* using a given list, I suspect
 (and IANAL, of course), that you are -- constructively -- allowing them
 to act as your agent for the purpose of deciding which mail to block
 (absent caselaw to the contrary, which I'll admit I haven't
 researched), which gives you a lot less leeway to be mad at them.

I agree. But they said they were going to block _spam_. They don't usually
say 'we're going to use the list to boycott non-spammers'. And they don't
usually say they just block whoever we feel like. They usually don't say
we want you to help us on our non-spam vendetta quest.  They usually say
they are trying to block spam.  They usually have some criteria for
blocking, which they then violate.

 And of course, the only *real* liability you ought to have in the first
 place is to *your users*, and as long as you're disclosing to them that
 you use mail BL's, then that one's a bit arguable, as well.

However, most ISPs don't disclose what BL they use until there is a
problem.  I've yet to find the BL listed in the product service
description for email services.  

And I've never found an ISP that says We're going to participate in
boycotts for personal vendetta's, your email is a weapon for us.  The BLs
don't say that to the subscribers/ISP's; the ISPs don't say it to the
users.  Neither the ISPs nor the end users want that.

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000   

Re: Sorbs.net

[Dean Anderson]

Hi folks. A few points about Sorbs (I've also started a web site
www.iadl.org to track abuse of the internet for defamation purposes. The
web site isn't finished, yet.)

1) Someone said Sorbs is just Matthew Sullivan.

Well, _Sullivan_ said it isn't just him. Yeah, sure, that has
credibilty...

However, my own experience with Sorbs has revealed that it is also Alan
Brown (formerly of ORBS) and Kai Schlicting. We all remember Alan from the 
ORBS shutdown, I hope. Alan was found by three courts in separate cases to 
be defaming people (two by using a blacklist). 

Well, Alan claimed our address space was hijacked and that the OSF didn't
exist anymore. This was picked up verbatim by Sorbs.  When I contacted
Sullivan to tell him this was false, Schlichting send an anonymous
message from [EMAIL PROTECTED] to The Open Group. (www.osf.org goes to
www.theopengroup.org).  After that, they dropped the part of OSF not
existing anymore.

[You all know the The Open Group (TOG): They do Motif, X Window System,
DCE, CDE (used on sun, hp, compaq, ibm, etc). They own the Unix trademark,
XPG4 suite, they do standards compliance testing, etc. They do lots of
things.]

The general counsel for TOG forwarded me the defamatory email from
Schlicting demanding that TOG explain why we provide them services and
why we are allowed to use 130.105/16 and other nonsense.  Here's just a
sample, indentation his:

  however ARIN regulations
  and their predecessor's (the
  Internic: operations funded by
  ARPANET)
  regulations make it quite clear that
  the resources allocated by these
  registries are for the public
  benefit, and are nothing short of a
  government grant for use of a public,
  shared resource. Government
  grants are not transferable without
  explicit and advance permission,
  and their beneficial details and use
  are open to the public for
  inspection, and likely covered by the
  FOIA.

Yeah, right.

The message was anonymous, from [EMAIL PROTECTED], which I tracked back to
Schlichting.

After a complaint to their hosting provider, (at the time, XO), Sorbs was
apparently booted from XO for its defamatory statements in violation of
XO's AUP. Another Sullivan site that was threatening mailbombing was also
booted.  Interestingly, Sullivan tried to convince XO that Sorbs.net and
dnsbl.sorbs.net were different and that he wasn't responsible for
dnsbl.sorbs.net, and so XO shouldn't boot www.sorbs.net. XO didn't buy it,
I guess.  SORBS was then given hosting by ISC.ORG, which doesn't have an
AUP (interesting by itself), and apparently doesn't mind being associated
with court-proven liars and mailbombers.

Also interestingly, the Sorbs web site contains (or used to contain) a lot
of logos for vendors. At first glance, these seem to be endorsements or
support. But if you read the text, it just says not to complain to these
other companies about Sorbs. Sorbs did claim that Sun donated equipment. I
contacted Sun in Australia, and they had no record of donating anything to
Sorbs.  The most I have been able to find out about Sullivan is that he
is/was a student at the University of Queensland in Australia.  In his
email to me, he claimed that I should sue him because he has no assets.  

Well, indeed, we can sue him for defamation and expect the similar results
as in the 3 similar ORBS lawsuits. Brown/ORBS tried to say his false
claims were just opinion.  As did MAPS in Exactis V. MAPS.  
Interestingly, in his messages to me, Sullivan claimed that the (US) First
Amendment protects him. This has been refuted in US courts and is a
frivolous claim even in the US, but certainly it doesn't protect
Australians in Australia.  The court, in addressing ORBS's false claims,
noted they were basically a personal attack.

But, indeed, I have not so far located any substantial assets other than
Sorbs itself, which doesn't seem very substantial.  I'm still looking.  
Australian law gives us 5 years from the last false claim to file suit. So
we have (at least) until March 2010. If anyone has any more information
about Sullivan or his personal assets, please let me know.  I note that
Brown lost his ISP to pay for damages in his ORBS court cases. This was
followed by a strategy posted by Ron Guillmette for preventing assets from
being put at risk by abusive blacklists. Sullivan seems to be following
that strategy.  When Sullivan says sue me I have no assets, he's telling
me that it is of little point to lay out $50K to sue someone who's
economic substance amounts to being barely above homeless and who almost
certainly can't pay the damages when they lose.

Rich Kulawiec mused:
On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote:
 unfortunately, that *still* didn't stop people from using

Re: Sorbs.net

[Dean Anderson]

  o could this be used as a dos and then become extortion?
has this actually happened, or is it just black heli?

It has happened, in a legal sense anyway. See Exactis V. MAPS.  One of
Exactis' claims was civil extortion.  (Claim 4 on complaint).  Exactis
also claimed that MAPS could block 40% of their email, an that this was a
denial of service and interference with communications in violation of
Colorado's electronic communication privacy act.  MAPS moved for dismissal
but was denied.  Exactis was granted a temporary restraining order (TRO).
This is significant, given the case was settled.  The standard for
granting such an order is that the stated case, if the asserted facts are
assumed true, must be able to win on the stated law. In other words, it
has state enough facts to fulfill the claimed statutory requirements.

To explain TROs, let me put it this way: Imagine you have a washing
machine where you have to put the right coins in the right slots to get it
work.  For the TRO, if they have all the right coins (assuming they are
real), for all the right slots in the law, (and they pay bond), they get
it.  The trial is where the judge checks to see that the coins are real.  
Getting a TRO is a strong indicator of the technical merits of their case.  
If the defendant can't show some of the asserted facts false, they will
almost certainly lose.

  o the tscs would seem to indicate that the donation is
voluntary, and proportional to the spam generated.  e.g.,
if you generated no spam, no donation.  do i understand
this correctly?

Its voluntary except that the subscribers are misled as to the purposes
of the blacklist.  The abuse of by blacklist is not something subscribers
voluntarily agreed to.  No subscribers agreed to have their non-spam mail
intentionally blocked.

Demanding payment for generated spam, in return for de-listing is pretty
plainly extortion. Here is the Colorado statute: (Caps from state page)

(1)  A PERSON COMMITS CRIMINAL EXTORTION IF:

(a)  THE PERSON, WITHOUT LEGAL AUTHORITY AND WITH THE INTENT TO 
INDUCE ANOTHER PERSON AGAINST THAT OTHER PERSON'S WILL TO PERFORM AN ACT 
OR TO REFRAIN FROM PERFORMING A LAWFUL ACT, MAKES A SUBSTANTIAL THREAT TO 
CONFINE OR RESTRAIN, CAUSE ECONOMIC HARDSHIP OR BODILY INJURY TO, OR 
DAMAGE THE PROPERTY OR REPUTATION OF, THE THREATENED PERSON OR ANOTHER 
PERSON; AND

(b)  THE PERSON THREATENS TO CAUSE THE RESULTS DESCRIBED IN 
PARAGRAPH (a) OF THIS SUBSECTION (1) BY:

(I)  PERFORMING OR CAUSING AN UNLAWFUL ACT TO BE PERFORMED; OR

(II)  INVOKING ACTION BY A THIRD PARTY, INCLUDING BUT NOT LIMITED 
TO, THE STATE OR ANY OF ITS POLITICAL SUBDIVISIONS, WHOSE INTERESTS ARE 
NOT SUBSTANTIALLY RELATED TO THE INTERESTS PURSUED BY THE PERSON MAKING 
THE THREAT.

Seems like the victim is induced against their will to perform or refuse 
to perform a lawful act,

Seems like a blacklist is a 'substantial threat to cause economic 
hardship'. 

Thats a)

I'm not sure I understand b)I. I don't know if an Unlawful act here 
means something that is civilly unlawful, such as unlawful participation 
in a group boycott, or unlawful interference in a contract. Or if it 
requires criminally unlawful act, like threatening physical harm.

Seems like the actions of the subscribers of the blacklist fullfill b)II
because their interests are different from those of the blacklist.  
Subscribers interests in in blocking spam, not ham.  Spam doesn't usually
come from companies that would sue for extortion, like Exactis.  CAN-SPAM 
establishes a definition for what can be considered spam.

--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000   

Re: sorbs.net

[Michael . Dillon]

 .. it means that the guy should know when to do it -
 and when not to.  And he should be reachable, and should know enough
 to realize he's screwed up, and to fix it.  Sadly, this is rather less
 common than simply knowing how to throw filters in - that's the easy
 part.  Kind of like the difference between a mining engineer
 triggering carefully shaped and placed demolition charges, and Wile E
 Coyote lighting the fuse on a bundle of dynamite.

There are a lot of people in this industry who claim to
be engineers but they're not. In fact, I am of the opinion
that there is no such thing as an Internet network engineer 
because there are no published best practices for Internet
network engineering and there is no formal oversight for
Internet network engineering. This is the fundamental problem
in Internet operations today. Too many cowboys and Wile E Coyotes.

--Michael Dillon

P.S. Has anyone else had a look at the PITAC report to the
President on Cyber Security? http://www.itrd.gov/pitac/

Re: sorbs.net

[Wes Hardaker]

 On Tue, 22 Mar 2005 09:35:02 +0530, Suresh Ramasubramanian [EMAIL 
 PROTECTED] said:

Suresh Luckily, quite a few people who turn on dumb spam filters do
Suresh turn them off when contacted and told about their bad
Suresh filtering.  Some make the mistake of not doing so - and
Suresh they'll be destined to lose email for their users, on a
Suresh permanent basis.

I wish it were always so easy.  I've been talking to an administrator
lately who's policy is that loosing occasional email is ok if it
means we keep out a whole bunch of spam.  If they're that far over
the fence I'd need a strong bull with a long rope to try to pull them
back to my side.  I keep trying to tell him I'm potentially losing
business due to his position, but he's convinced spam is worse.

Some people simply can't be educated.

-- 
In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find.  -- Terry Pratchett

Re: sorbs.net

[Valdis . Kletnieks]

On Tue, 22 Mar 2005 07:27:21 PST, Wes Hardaker said:

 I wish it were always so easy.  I've been talking to an administrator
 lately who's policy is that loosing occasional email is ok if it
 means we keep out a whole bunch of spam.  If they're that far over
 the fence I'd need a strong bull with a long rope to try to pull them
 back to my side.  I keep trying to tell him I'm potentially losing
 business due to his position, but he's convinced spam is worse.
 
 Some people simply can't be educated.

On the other hand, which should he choose - *you* losing business due to
his position, or *HIM* losing business if he takes the other position?

If he lowers his spam filters enough to allow your *potentially* lost
business through, and he loses 10% of his customers to someplace that has
a heavier-duty spam filter policy, are you going to repay him for that
lost revenue?


pgp1s8OFT7Buo.pgp
Description: PGP signature

Re: sorbs.net

[Suresh Ramasubramanian]

On Tue, 22 Mar 2005 07:27:21 -0800, Wes Hardaker [EMAIL PROTECTED] wrote:
 I wish it were always so easy.  I've been talking to an administrator
 lately who's policy is that loosing occasional email is ok if it
 means we keep out a whole bunch of spam.  If they're that far over

That is a far cry from far dumber filtering mistakes that keep
happening, and that I have an issue with.

If an admin has spam in hand - go ahead.  Block till its fixed, if the
numbers add up the way this guy says.  And be prepared to listen, and
to unblock

If you are blocking based on your misreading of forged spam, or are
implementing over-extreme filters, and dont want to listen to
complaints about it, or to address false positives, consider
downgrading the infrastructure you manage from production mailserver
to etch a sketch

More on spam-l or some other more appropriate list.  I'm starting to
repeat myself

-srs

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: sorbs.net

[Jay R. Ashworth]

On Tue, Mar 22, 2005 at 09:47:00AM +, [EMAIL PROTECTED] wrote:
 There are a lot of people in this industry who claim to
 be engineers but they're not. In fact, I am of the opinion
 that there is no such thing as an Internet network engineer 
 because there are no published best practices for Internet
 network engineering

If there were a centralized site to which to contribute such things, a
site based on MediaWiki, for example (the engine which drives
Wikipedia), would the members of this list contribute to it?

Cheers,
-- jra
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer  Baylink RFC 2100
Ashworth  AssociatesThe Things I Think'87 e24
St Petersburg FL USA  http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

Re: sorbs.net

[Michael . Dillon]

 On Tue, Mar 22, 2005 at 09:47:00AM +, [EMAIL PROTECTED] 
wrote:
  There are a lot of people in this industry who claim to
  be engineers but they're not. In fact, I am of the opinion
  that there is no such thing as an Internet network engineer 
  because there are no published best practices for Internet
  network engineering
 
 If there were a centralized site to which to contribute such things, a
 site based on MediaWiki, for example (the engine which drives
 Wikipedia), would the members of this list contribute to it?

For those who have never heard of Wikipedia, it is an
online encyclopedia that anyone can contribute to. However,
it is not a free-for-all. There is some structure to it and
it has evolved to the point where where it really does provide
accurate and comprehensive information at least equal to
the big paper encyclopedias.

It could actually help us solve the problem of getting
best practices published. However, the Mediawiki tool itself
is not the solution to the problem, only a vehicle towards
a solution. We would need a large percentage of NANOG members
to write (or review and correct) sections relating to their
expertise.

And Jay, before you put up this site, I suggest that you think
long and hard about who will run/promote the site. The technical
aspect of getting MediaWiki running on a server are trivial. The
real challenge is in promoting the site and getting a high enough
calibre of contributor. That will mean repeated status update
presentations at NANOG meetings and a lot of chasing people in
hallway discussions to get them to contribute.

However, it could work and I'm glad that you suggested this
because it is a nice incremental and evolutionary technique
to collect and publish the knowledge of the profession.

--Michael Dillon

Re: sorbs.net

[Jay R. Ashworth]

On Tue, Mar 22, 2005 at 04:38:27PM +, [EMAIL PROTECTED] wrote:
[ Me: ]
  If there were a centralized site to which to contribute such things, a
  site based on MediaWiki, for example (the engine which drives
  Wikipedia), would the members of this list contribute to it?
 
 For those who have never heard of Wikipedia, it is an
 online encyclopedia that anyone can contribute to. However,
 it is not a free-for-all. There is some structure to it and
 it has evolved to the point where where it really does provide
 accurate and comprehensive information at least equal to
 the big paper encyclopedias.

In general, and you can get a fairly good idea of the provenance of a
given fact if you need to rely on it for something.

 It could actually help us solve the problem of getting
 best practices published. However, the Mediawiki tool itself
 is not the solution to the problem, only a vehicle towards
 a solution. We would need a large percentage of NANOG members
 to write (or review and correct) sections relating to their
 expertise.

Correct: we would.  I'm a fairly good general and structural editor,
but for this, I'd likely even need for someone(s) to contribute a good
structural framework onto which to hang the necessary information.

Wiki's *do* have the nice advantage that the content is structure free:
you can build and rebuild any ontology around the information that
suits you, and indeed multiple ones (topic index, tutorial, etc) around
the *same* information.

 And Jay, before you put up this site, I suggest that you think
 long and hard about who will run/promote the site. The technical
 aspect of getting MediaWiki running on a server are trivial. The
 real challenge is in promoting the site and getting a high enough
 calibre of contributor. That will mean repeated status update
 presentations at NANOG meetings and a lot of chasing people in
 hallway discussions to get them to contribute.

As far as running it, I was considering letting Wikipedia do it.

They've got a service that the founder of Wikipedia cooked up called
Wikicities; same rough idea as Geocities (centralized hosting, your
content), but they're pickier about who'll they'll start one for (for
obvious reasons).  I need to investigate whether they host those sites
on the Wikipedia cluster (where, in general, the connectivity and
support are reasonably good and improving)...

though as you note, installing and maintaining a small one is pretty
trivial.

As far as promoting it?

If we build it, they will come.  Google is your friend.  Making clear
what it is and who's writing for it is enough for the second-tier
visitors, and they'll likely word-of-mouth it to the first-tier.

As far as I can see, the fact that it's all in one place makes the
making the net a better place motivation more applicable.

 However, it could work and I'm glad that you suggested this
 because it is a nice incremental and evolutionary technique
 to collect and publish the knowledge of the profession.

I've become *quite* fond of Wiki's for knowledge capture.  The ease of
editing and linkage locality of reference they provide make it *much*
simpler for people to post the things they know and believe (though
distinguishing the two can be ... interesting at times).

Not alone because I *am* a network operator (however customer-side and
small) who knows that they don't know everything, it's something I'd
like to see happen.  Somehow.

Cheers,
-- jra
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer  Baylink RFC 2100
Ashworth  AssociatesThe Things I Think'87 e24
St Petersburg FL USA  http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

Re: sorbs.net

[Jay R. Ashworth]

On Mon, Mar 21, 2005 at 10:55:13AM -0500, Jason Slagle wrote:
 This is the risk you run - this product either had it on by default, or it 
 was in a list of options to turn on.  End users don't know what it is, and 
 only know it'll help eliminate spam, and they turn it on.  Then they 
 generate support load when their email breaks.
 
 Average user, or even sysadmin, doesn't know about dnsbl's.  To state that 
 you make a concerted effort to use them nowadays may be false. 
 Spamassassin comes out of the box poking SORBS and adding score if it's in 
 there.  I turned it off because of questionable listings, but how many 
 users of SA know how to do that?

This sounds like an excellent sales point for value added mail
processing...

Cheers,
-- jra
-- 
Jay R. Ashworth[EMAIL PROTECTED]
Designer  Baylink RFC 2100
Ashworth  AssociatesThe Things I Think'87 e24
St Petersburg FL USA  http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

Re: sorbs.net

[Christopher L. Morrow]

On Mon, 21 Mar 2005, Jason Slagle wrote:


 Lady was running exchange.  She had the Symantec virus/spam/crap filter
 for it installed..  All email to her was bouncing with a 550 spam site
 deny.

 We jerked around with it for quite some time before we realized that one
 of the dnsbl's that the Symantec product was using was returning positive
 for ALL queries.

 This is the risk you run - this product either had it on by default, or it
 was in a list of options to turn on.  End users don't know what it is, and

actually the risk being run is 'not understanding what you are doing' :(
mark this admin of mail systems up with the others who blithely use ANY
RBL without knowing how/what/where/when it gets made.

-Chris

Re: sorbs.net

[Suresh Ramasubramanian]

On Mon, 21 Mar 2005 10:58:00 -0500, Jay R. Ashworth [EMAIL PROTECTED] wrote:
 
 This sounds like an excellent sales point for value added mail
 processing...
 

It is not just clueless end user exchange admins who deploy dumb filter rules.  

If I had a nickel for every time I've run into stupid spam filtering
(read: filtering that affects mail from my over 40 million users,
because an admin was too dumb to read forged headers) at surprisingly
large operators [ISPs, huge corporate networks etc] I'd be rich.

Luckily, quite a few people who turn on dumb spam filters do turn them
off when contacted and told about their bad filtering.  Some make the
mistake of not doing so - and they'll be destined to lose email for
their users, on a permanent basis.

Its that old Spiderman quote - With great power comes great
responsibility.  Having root / enable / postmaster access at a site
means its not enough to know how to do access list 101 deny or vi
/etc/mail/access .. it means that the guy should know when to do it -
and when not to.  And he should be reachable, and should know enough
to realize he's screwed up, and to fix it.  Sadly, this is rather less
common than simply knowing how to throw filters in - that's the easy
part.  Kind of like the difference between a mining engineer
triggering carefully shaped and placed demolition charges, and Wile E
Coyote lighting the fuse on a bundle of dynamite.

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: sorbs.net

[Jason Slagle]

On Tue, 15 Mar 2005, Paul G wrote:
unfortunately, that *still* didn't stop people from using it, which
translated into an unresolvable headache for me as a sp. if you don't
consider a blacklist to be usable by the public, don't publish it. however,
publishing a draconian blacklist seems to get you a 'hardcore' label/clout
in certain circles and is thus irresistible for some.
Sorry if this thread is older, but I ran into a PRIME operational example 
of this last week that cost one of the techs here a few hours headache.

Lady was running exchange.  She had the Symantec virus/spam/crap filter 
for it installed..  All email to her was bouncing with a 550 spam site 
deny.

We jerked around with it for quite some time before we realized that one 
of the dnsbl's that the Symantec product was using was returning positive 
for ALL queries.

This is the risk you run - this product either had it on by default, or it 
was in a list of options to turn on.  End users don't know what it is, and 
only know it'll help eliminate spam, and they turn it on.  Then they 
generate support load when their email breaks.

Average user, or even sysadmin, doesn't know about dnsbl's.  To state that 
you make a concerted effort to use them nowadays may be false. 
Spamassassin comes out of the box poking SORBS and adding score if it's in 
there.  I turned it off because of questionable listings, but how many 
users of SA know how to do that?

Food for thought.
Jason
--
Jason Slagle
/\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
\ /   ASCII Ribbon Campaign  .
 X  - NO HTML/RTF in e-mail  .
/ \ - NO Word docs in e-mail .

Re: sorbs.net

[Michael . Dillon]

  What if the USPS decided any magazine you subscribed to was 
  suddenly unfit for delivery and decided it should blocked (thrown 
away)?
 
 They don't decide. I do.

This is not factually true. The USPS has a Postal Inspection Service
that can intercept your mail for various reasons. Details are in 
39 USC 3013. The quote below comes from a report on their activities
for the year ended March 31 2004. During that period there were 21
withholding mail orders issued.

-quote begins---
POSTAL INSPECTION SERVICE
The Postal Service reports to the Office of Inspector General information 
related to investigative activities designed to protect the public against 
unscrupulous mailers perpetrating fraudulent schemes. The following 
information summarizes the administrative and judicial actions initiated 
and resolved during the reporting period. These actions include the 
issuance of cease and desist orders directed to mailers, actions to 
intercept payments fraudulently induced, and orders seeking to intercept 
fraudulent mailings.
--quote ends--

In operations of any sort, network or otherwise, it is
important to get the facts straight to ensure that you
are not acting on the basis of bogus information.

--Michael Dillon

Re: sorbs.net

[Steve Sobol]

Hannigan, Martin [EMAIL PROTECTED] wrote:


 Third and finally, if you are really not a spammer, or you are truly
reformed,
 de-listing is relatively easy. You donate US$50 to a charity or trust
approved
 by, and not connected with, SORBS for each spam received relating to the
 listing (This is known and refered to as the SORBS 'fine'). 
 
 That doesn't make a lot of sense. It's an interesting answer to 
 the BotNet spamming problem, but not really a solution, IMHO.

[EMAIL PROTECTED] is who you want to talk to, IIRC.
 
--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED

The wisdom of a fool won't set you free
--New Order, Bizarre Love Triangle

Re: sorbs.net

[Jay Hennigan]

On Wed, 16 Mar 2005 [EMAIL PROTECTED] wrote:

   What if the USPS decided any magazine you subscribed to was
   suddenly unfit for delivery and decided it should blocked (thrown
 away)?
 
  They don't decide. I do.

 This is not factually true. The USPS has a Postal Inspection Service
 that can intercept your mail for various reasons. Details are in
 39 USC 3013. The quote below comes from a report on their activities
 for the year ended March 31 2004. During that period there were 21
 withholding mail orders issued.

OK, they decide, for extremely small values of decide.  21 withholding
mail orders vs. how many trillions of items handled?

--
Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED]
WestNet:  Connecting you to the planet.  805 884-6323  WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

sorbs.net

[Micah McNelly]

Nanog,
Anyone on the list involved with this project?  I need to speak to 
someone ASAP.  No, I am not going to pay your ridiculous fine.

--
/m
I bet the human brain is a kludge.  - Marvin Minsky

RE: sorbs.net

[Hannigan, Martin]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
 Micah McNelly
 Sent: Tuesday, March 15, 2005 12:59 PM
 To: nanog@merit.edu
 Subject: sorbs.net
 
 
 
 Nanog,
 
 Anyone on the list involved with this project?  I need to speak to 
 someone ASAP.  No, I am not going to pay your ridiculous fine.

From http://www.us.sorbs.net/faq/spamdb.shtml

Third and finally, if you are really not a spammer, or you are truly reformed, 
de-listing is relatively easy. You donate US$50 to a charity or trust approved 
by, and not connected with, SORBS for each spam received relating to the 
listing (This is known and refered to as the SORBS 'fine'). 

That doesn't make a lot of sense. It's an interesting answer to 
the BotNet spamming problem, but not really a solution, IMHO.


-M

Re: sorbs.net

[Gadi Evron]

From http://www.us.sorbs.net/faq/spamdb.shtml
Third and finally, if you are really not a spammer, or you are truly reformed, 
de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and 
not connected with, SORBS for each spam received relating to the listing (This is known 
and refered to as the SORBS 'fine'). 
That doesn't make a lot of sense. It's an interesting answer to 
the BotNet spamming problem, but not really a solution, IMHO.
It's just cynicism at it's best. I like people who can be smartasses 
without being asses, but this is ridiculous if they want to be a serious 
service, and cute if they are looking to make jokes.

	Gadi.

Re: sorbs.net

[Robert Bonomi]

 From [EMAIL PROTECTED]  Tue Mar 15 11:59:40 2005
 Date: Tue, 15 Mar 2005 09:59:21 -0800
 From: Micah McNelly [EMAIL PROTECTED]
 To: nanog@merit.edu
 Subject: sorbs.net


 Nanog,

 Anyone on the list involved with this project?  I need to speak to 
 someone ASAP.  No, I am not going to pay your ridiculous fine.


SORBS is a one-man operation out of Australia.

I really doubt that he participates in the NORTH AMERICAN network operators
group.

SORBS -- like _any_ other blocklist -- is simply an expression of opinion.
if you feel that somebody is 'wrongly' blocking mail because of a SORBS
listing, your _first_ step should be to contact *that* party, and request
that either (a) they stop using SORBS, or (b) that they 'whitelist' you.
*THEY* are the ones that made the decision to block your mail to their
system.

Contact means for SORBS *is* provided on the web-site.  it works reliably. 
Be advised, however, that a 'need' on your part does not translate to 
urgency on the part of anyone else.

Note: *Nobody*, not even SORBS, says you 'have to' make that charitable
  contribution.  All the 'spam' listings _do_ age off the SORBS
  system, eventually.


Caveat: I have nothing to do with SORBS. I don't use it -- or *any* blocklist,
for that matter -- myself (I use other means that are better suited for _my_
requirements).  I don't even know the operator thereof.   Everything I've
said is based on published and publicly available information.

Re: sorbs.net

[Micah McNelly]

Actually I got a response quickly from a list member who represent sorbs 
at some level.  Do you really think opinion has a place in mail 
delivery?  What if the USPS decided any magazine you subscribed to was 
suddenly unfit for delivery and decided it should blocked (thrown away)?

/m
Robert Bonomi wrote:
From [EMAIL PROTECTED]  Tue Mar 15 11:59:40 2005
Date: Tue, 15 Mar 2005 09:59:21 -0800
From: Micah McNelly [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: sorbs.net
Nanog,
Anyone on the list involved with this project?  I need to speak to 
someone ASAP.  No, I am not going to pay your ridiculous fine.


SORBS is a one-man operation out of Australia.
I really doubt that he participates in the NORTH AMERICAN network operators
group.
SORBS -- like _any_ other blocklist -- is simply an expression of opinion.
if you feel that somebody is 'wrongly' blocking mail because of a SORBS
listing, your _first_ step should be to contact *that* party, and request
that either (a) they stop using SORBS, or (b) that they 'whitelist' you.
*THEY* are the ones that made the decision to block your mail to their
system.
Contact means for SORBS *is* provided on the web-site.  it works reliably. 
Be advised, however, that a 'need' on your part does not translate to 
urgency on the part of anyone else.

Note: *Nobody*, not even SORBS, says you 'have to' make that charitable
  contribution.  All the 'spam' listings _do_ age off the SORBS
  system, eventually.
Caveat: I have nothing to do with SORBS. I don't use it -- or *any* 
blocklist,
for that matter -- myself (I use other means that are better suited for _my_
requirements).  I don't even know the operator thereof.   Everything I've
said is based on published and publicly available information.

--
/m
I bet the human brain is a kludge.  - Marvin Minsky

Re: sorbs.net

[Dave Dennis]

On Tue, 15 Mar 2005, Micah McNelly wrote:


 Actually I got a response quickly from a list member who represent sorbs
 at some level.  Do you really think opinion has a place in mail
 delivery?  What if the USPS decided any magazine you subscribed to was
 suddenly unfit for delivery and decided it should blocked (thrown away)?

 /m


Well, anyone remember the Comstock Act?

But seriously, the analogy here is a bit false.  It would be like
the recipient of the mail signed up to use a service that inspected
their mail for them, and made the decisions you are describing.

You can argue that signing up for such a service is silly, wrong headed,
ill informed and results in unintended consequences.  But you cannot argue
that it is government censorship.

+-
+ Dave Dennis
+ Seattle, WA
+ [EMAIL PROTECTED]
+ http://www.dmdennis.com
+-

Re: sorbs.net

[Jerry Pasker]

It's just cynicism at it's best. I like people who can be smartasses 
without being asses, but this is ridiculous if they want to be a 
serious service, and cute if they are looking to make jokes.

	Gadi.

I totally agree.  Although $50 is a little steep.  I've seen people 
fly in to gargantuan rant -dare I say temper tantrum- over a $5 
parking fine.  One only needs to charge a fine of any type to get 
people worked up about it.  A $5 you were stupid, now pay here to 
get off the blacklist fine would probably be much easier to deal 
with for a lot more people, but still be considered No, I am not 
going to pay your ridiculous fine. (and there's not a darn thing you 
can do about it!  I'm mad has heck, and by gosh, I'm not gonna take 
it any more!) by about the same number of people as before.

The thing about running a dns blacklist, is that one doesn't have to 
be a serious service.  One merely has to operate a blacklist on a 
whim, and certain [equally irresponsible] mail admins, fed up with 
spam, will use it no matter how ridiculous one's listing or delisting 
procedures are.

On the flip side, when one finds their IP on a blacklist, it's nearly 
impossible to know how many servers are actually using the blacklist, 
so it's impossible to gage the seriousness of the blacklist entry. 
It's blacklist terrorism.

And yes, I'm still kicking around the idea of a bgp route feed style 
aggregation blacklist.  I wonder if that makes me an ip routing 
terrorist?  :-)

-Jerry

RE: sorbs.net

[David Schwartz]

 SORBS -- like _any_ other blocklist -- is simply an expression of opinion.
 if you feel that somebody is 'wrongly' blocking mail because of a SORBS
 listing, your _first_ step should be to contact *that* party, and request
 that either (a) they stop using SORBS, or (b) that they 'whitelist' you.
 *THEY* are the ones that made the decision to block your mail to their
 system.

Come on, that's just nonsense. If the New York Times publishes a front 
page
article about how you're an idiot, should you contact each individual person
who reads the article and try to convince them you're not? Or should you try
to convince the New York Times that they're incorrect and should publish a
correction?

DS

Re: sorbs.net

[Steve Gibbard]

This is straying a bit far from network operations, and would probably be
better discussed elsewhere.

-Steve

On Tue, 15 Mar 2005, Dave Dennis wrote:


 On Tue, 15 Mar 2005, Micah McNelly wrote:

 
  Actually I got a response quickly from a list member who represent sorbs
  at some level.  Do you really think opinion has a place in mail
  delivery?  What if the USPS decided any magazine you subscribed to was
  suddenly unfit for delivery and decided it should blocked (thrown away)?
 
  /m
 

 Well, anyone remember the Comstock Act?

 But seriously, the analogy here is a bit false.  It would be like
 the recipient of the mail signed up to use a service that inspected
 their mail for them, and made the decisions you are describing.

 You can argue that signing up for such a service is silly, wrong headed,
 ill informed and results in unintended consequences.  But you cannot argue
 that it is government censorship.

 +-
 + Dave Dennis
 + Seattle, WA
 + [EMAIL PROTECTED]
 + http://www.dmdennis.com
 +-



Steve Gibbard   [EMAIL PROTECTED]
+1 415 717-7842 (cell)  http://www.gibbard.org/~scg
+1 510 528-1035 (home)

Re: sorbs.net

[Robert Bonomi]

 From [EMAIL PROTECTED]  Tue Mar 15 12:53:30 2005
 Date: Tue, 15 Mar 2005 10:53:22 -0800
 From: Micah McNelly [EMAIL PROTECTED]
 Subject: Re: sorbs.net


 Actually I got a response quickly from a list member who represent sorbs 
 at some level.  Do you really think opinion has a place in mail 
 delivery?

*MY* opinion on that matter doesn't count for sh*t.

Neither does yours.

The _only_ opinion that matters is that of the *owner* of the destination
mail-server.  As in My server, *my* rules.

Quite obviously, the server operator at the place you were trying to mail
_to_ *DOES* believe that 'opinion' has a place in e-mail delivery.

Like I said, the _first_ place you should take your 'problem' is to *them*. 
*NOBODY* is 'forced' to use SORBS, or any othe blocklist.  The mail-system
owners/administrators that *CHOOSE* to do so, have made a voluntary decision
to restrict incoming mail to their system on that basis.  THEY did it, nobody
else.

RE: sorbs.net

[Hannigan, Martin]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
 Robert Bonomi
 Sent: Tuesday, March 15, 2005 2:11 PM
 To: nanog@merit.edu
 Subject: Re: sorbs.net
 
 
 
  From [EMAIL PROTECTED]  Tue Mar 15 12:53:30 2005
  Date: Tue, 15 Mar 2005 10:53:22 -0800
  From: Micah McNelly [EMAIL PROTECTED]
  Subject: Re: sorbs.net
 
 
  Actually I got a response quickly from a list member who 
 represent sorbs 
  at some level.  Do you really think opinion has a place in mail 
  delivery?
 
 *MY* opinion on that matter doesn't count for sh*t.
 
 Neither does yours.
 
 The _only_ opinion that matters is that of the *owner* of the 
 destination
 mail-server.  As in My server, *my* rules.

ObOps: 

Blocking by SP ip addr + asking for user cash = operational problem for SP


-M

 

Re: sorbs.net

[Randy Bush]

a few questions

  o could this be used as a dos and then become extortion?
has this actually happened, or is it just black heli?

  o the tscs would seem to indicate that the donation is
voluntary, and proportional to the spam generated.  e.g.,
if you generated no spam, no donation.  do i understand
this correctly?

randy

Re: sorbs.net

[Dan Hollis]

On Tue, 15 Mar 2005, Micah McNelly wrote:
 Do you really think opinion has a place in mail delivery?

Yes. My mailbox. My computer. My private property. My rules.

 What if the USPS decided any magazine you subscribed to was 
 suddenly unfit for delivery and decided it should blocked (thrown away)?

They don't decide. I do.

-Dan

Re: sorbs.net

[Bruce Campbell]

On Tue, 15 Mar 2005, Micah McNelly wrote:

 Do you really think opinion has a place in mail delivery?

Yes.  For instance, you might be lucky enough to live somewhere where the
the local default postal service actually obeys the 'No junk mail' sticker
on your letterbox and only delivers cards and bills.

 What if the USPS decided any magazine you subscribed to was
 suddenly unfit for delivery and decided it should blocked (thrown away)?

Sorry.  The mechanics of Internet Mail delivery are more like
inter-company couriers, with each company (mail server) having its own set
of bonded couriers to deliver packages to remote companies.  There is no
lowest-common-denominator delivery service such as the USPS in Internet
terms.

Blacklists, in the company courier terms, are the equivilant of packages
being delivered to (your company's) reception by a courier, and your
company refusing to accept said packages because they do not meet with the
company's guidelines (eg, sending company has a bad credit rating, as
reported by the BadCreditAgency Inc).  The other company's courier must
then take the package back and perhaps try another office of your company.

--==--
Bruce.

  SORBS is a one-man operation out of Australia.

Note that the netblock that the primary SORBS server is in is currently
having routing hiccups between connect.com.au and netgate.nz, leaving some
destinations unreachable except via proxies.

Re: sorbs.net

[Robert Bonomi]

 From [EMAIL PROTECTED]  Tue Mar 15 13:21:45 2005
 From: Randy Bush [EMAIL PROTECTED]
 Date: Tue, 15 Mar 2005 11:21:35 -0800
 To: nanog@merit.edu
 Subject: Re: sorbs.net


 a few questions

   o could this be used as a dos and then become extortion?
 has this actually happened, or is it just black heli?

_Legally_, it is *not* extortion, unless the thing that is 'taken' (*with*
the 'under duress' consent of the victim) goes, directly or indirectly, to 
the party making the 'threat'.

Noting also, that the legal definition of extortion requires a the property,
goods or services be given up in response to a threat to do something if
that property, goods or services are *not* turned over to the threatener;
Thus, a situation where somebody does *not* act unless something is recieved,
cannot be, legally, extortion.

SORBS has been running for much longer than a year.  To the best of my
knowledge, strictly within their published guidlines. 

As with any other 'voluntary use' blocklist, it's clout is only as good
as the number of people using it.  If serious questions arose as to the
'integrity' of the list, or the list operator, the vast majority of the
mail-server operators using it would *stop* doing so. And any lack of
integrity would be a moot issue, since 'practically nobody' would still
be using it.  It is _textbook_perfect_ self regulation at work.

   o the tscs would seem to indicate that the donation is
 voluntary, and proportional to the spam generated.  e.g.,
 if you generated no spam, no donation.  do i understand
 this correctly?

As I understand it -- and I'm -not- an expert on SORBS -- they list 
individual IP addresses on various lists, for various different kinds
of problems.  Far and away,the biggest being originating spam.  

Listings _do_ age off, taking an unknown period of time after 'someone'
makes a request for removal.  The donation is purely voluntary, and
when provided, the SORBS operator does 'expidate' handling of the removal
request.  For some strange reason he believe that those people are 'more
serious' about ensuring that problems don't occur from their machines
again.  I have no opinion as to the validity of that reasoning.

Re: sorbs.net

[Valdis . Kletnieks]

On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said:

 As with any other 'voluntary use' blocklist, it's clout is only as good
 as the number of people using it.  If serious questions arose as to the
 'integrity' of the list, or the list operator, the vast majority of the
 mail-server operators using it would *stop* doing so. And any lack of
 integrity would be a moot issue, since 'practically nobody' would still
 be using it.  It is _textbook_perfect_ self regulation at work.

This is, of course, making the rather big assumption that the person who
decided to use said blocklist:

a) was fully cognizant of the list's goals and policies when they chose to use 
it.
*and*
b) is willing and able to track deviations on an ongoing basis.
*and*
c) whoever replaces them is also able to do so.

If it was in fact textbook perfect, we'd never hear about stuff breaking when
a block list goes belly up with six month's warning, and people *still* being
surprised when suddenly everything returns 127.0.0.2 and a lot of mail goes 
kaboing.


pgpz6IsqONrqL.pgp
Description: PGP signature

Re: sorbs.net

[Robert Bonomi]

 From [EMAIL PROTECTED]  Tue Mar 15 14:28:29 2005
 To: Robert Bonomi [EMAIL PROTECTED]
 Cc: nanog@merit.edu
 Subject: Re: sorbs.net 
 From: [EMAIL PROTECTED]
 Date: Tue, 15 Mar 2005 15:28:17 -0500


 On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said:

  As with any other 'voluntary use' blocklist, it's clout is only as good
  as the number of people using it.  If serious questions arose as to the
  'integrity' of the list, or the list operator, the vast majority of the
  mail-server operators using it would *stop* doing so. And any lack of
  integrity would be a moot issue, since 'practically nobody' would still
  be using it.  It is _textbook_perfect_ self regulation at work.

 This is, of course, making the rather big assumption that the person who
 decided to use said blocklist:

 a) was fully cognizant of the list's goals and policies when they chose to 
 use it.

nope.

 *and*
 b) is willing and able to track deviations on an ongoing basis.

Yup.  That _is_ an implicit part of *any* filtering/blocking job -- and many
other tasks as well.  That you _check_ on an ongoing basis, to make sure that
the automation *is* doing what you think it is doing.

 *and*
 c) whoever replaces them is also able to do so.

If they aren't competent to do the job, they shouldn't *have* the job.
If management doesn't know what all the job requirements are, that is
managements failing, and they _deserve_ the consequences thereof. wry grin

 If it was in fact textbook perfect, we'd never hear about stuff breaking 
 when a block list goes belly up with six month's warning, and people *still* 
 being surprised when suddenly everything returns 127.0.0.2 and a lot of mail 
 goes kaboing.

Beg to differ.  textbook perfect self-regulation means that when the list
starts returning excessive numbers of false positives, that 'practically
everybody' _stops_using_it_. And in fairly short order.  Which is, in fact,
precisely what DID happen.  The list operator was relying on the effectiveness 
of said self regulation mechanism to get the word out to those who had
_not_ heard about the shutdown from other sources.

Re: sorbs.net

[Paul G]

- Original Message - 
From: Gadi Evron [EMAIL PROTECTED]
To: Hannigan, Martin [EMAIL PROTECTED]
Cc: Micah McNelly [EMAIL PROTECTED]; nanog@merit.edu
Sent: Tuesday, March 15, 2005 1:15 PM
Subject: Re: sorbs.net



 From http://www.us.sorbs.net/faq/spamdb.shtml
 
  Third and finally, if you are really not a spammer, or you are truly
reformed, de-listing is relatively easy. You donate US$50 to a charity or
trust approved by, and not connected with, SORBS for each spam received
relating to the listing (This is known and refered to as the SORBS 'fine').

 
  That doesn't make a lot of sense. It's an interesting answer to
  the BotNet spamming problem, but not really a solution, IMHO.

 It's just cynicism at it's best. I like people who can be smartasses
 without being asses, but this is ridiculous if they want to be a serious
 service, and cute if they are looking to make jokes.

... and perfect if they want to become sentimental favourites with the
nanas/nanae crowd/mob, which is what they're shooting for imo. how about
they buy me a lollipop if i'm a service provider who just booted a spam
source and needs ip space delisted?

-p

---
paul galynin

Re: sorbs.net

[Valdis . Kletnieks]

On Tue, 15 Mar 2005 14:56:15 CST, Robert Bonomi said:
 If they aren't competent to do the job, they shouldn't *have* the job.
 If management doesn't know what all the job requirements are, that is
 managements failing, and they _deserve_ the consequences thereof. wry grin

To misquote Randy: I encourage my competitors to choose managers that way. ;)

The fact is that there's a *lot* of clue-deficient people in those jobs.

 Beg to differ.  textbook perfect self-regulation means that when the list
 starts returning excessive numbers of false positives, that 'practically
 everybody' _stops_using_it_. And in fairly short order. 

The fact that so many people get caught and surprised when it goes to 100%
false positives indicates that they'd likely have had *no clue* what was wrong
if the false positive rate was down in to 5% to 10% range.  Remember that your
analysis is leaving out the fact that a lot of these people *are* clueless and
subscribe to wave a dead chicken 3 times, sacrifice money to Redmond, and
reboot and hope that things have miraculously changed, even with no actual
change of configuration...

If it *actually* worked right, why do I *ever* encounter people that don't even
know what block lists they're using?

Because enough people running networks are idiots.  Why do these network even 
stay
in business?

Because their competitors are often equally mercifully free of the ravages
of intelligence


pgpxP30LXbdS8.pgp
Description: PGP signature

Re: sorbs.net

[Jerry Pasker]

If it *actually* worked right, why do I *ever* encounter people that 
don't even
know what block lists they're using?

Because enough people running networks are idiots.  Why do these 
network even stay
in business?

Because their competitors are often equally mercifully free of the ravages
of intelligence

I'm sorry, but the correct answer that we're looking for is :
Customers.   Because they have customers who don't just put up with 
it, but encourage them by *PAYING THEM MONEY*

All really stupid companies that make really stupid products, 
stay in business becausereally stupid customers pay them them 
really stupid money.  So, who's stupid?

This is not only relevant to network operation, but life, as a whole.
It's not my opinion, it's the truth.   (is it not a fun world we live in?)
-Jerry

Re: sorbs.net

[Paul Vixie]

  If it *actually* worked right, why do I *ever* encounter people that
  don't even know what block lists they're using?

As MAPS found out during some early legal imbroglios, it is very easy to
convince a judge that at least one ISP has subscribed to a blackhole list
without understanding the full effects that this choice would produce.

The whole click to agree (or press F8 after scrolling to the last page)
thing from software vendors is no better.  There's no way a judge (nor, one
assumes, a jury) will ever believe that everyone who signalled agreement,
understood.  The last couple of times I've signed closing papers for a
house I've had to write several times I agree, and I understand english
longhand and then sign my name -- but I don't think that'd hold up to a
challenge of nonunderstanding, either.

Every non-P2P non-anonymous reputation system will be vulnerable to this,
and every P2P or anonymous reputation system will be full of sludge.  We
don't have a mature enough system of accountability, anywhere in meatspace,
to account for the kinds of relationship and transactions the Internet
makes possible.
-- 
Paul Vixie

Re: sorbs.net

[Rich Kulawiec]

On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote:
   o could this be used as a dos and then become extortion?

Unlikely.  Blocklists are used by choice, and blocklists which
either aren't effective or don't have sane policies don't get
chosen often.  (See BLARS, which even blars was recommending
that you don't use the last time I checked.)  So if someone
tried this approach, the most likely outcome is that those
using it would stop and the problem would evaporate.

---Rsk

Re: sorbs.net

[Paul G]

- Original Message - 
From: Rich Kulawiec [EMAIL PROTECTED]
To: nanog@merit.edu
Sent: Tuesday, March 15, 2005 5:43 PM
Subject: Re: sorbs.net



 On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote:
o could this be used as a dos and then become extortion?

 Unlikely.  Blocklists are used by choice, and blocklists which
 either aren't effective or don't have sane policies don't get
 chosen often.  (See BLARS, which even blars was recommending
 that you don't use the last time I checked.)

unfortunately, that *still* didn't stop people from using it, which
translated into an unresolvable headache for me as a sp. if you don't
consider a blacklist to be usable by the public, don't publish it. however,
publishing a draconian blacklist seems to get you a 'hardcore' label/clout
in certain circles and is thus irresistible for some.

-p

Re: sorbs.net

[Matthew Sullivan]

Robert Bonomi wrote:
Anyone on the list involved with this project?  I need to speak to 
someone ASAP.  No, I am not going to pay your ridiculous fine.

   

SORBS is a one-man operation out of Australia.
 

Not quite, though it is owned by me.
I really doubt that he participates in the NORTH AMERICAN network operators
group.
 

erm, no ;-)
Contact means for SORBS *is* provided on the web-site.  it works reliably. 
Be advised, however, that a 'need' on your part does not translate to 
urgency on the part of anyone else.
 

(multiple contacts) and fortunately and thanks to 18 or so _very_ hard 
working volunteers the response time has gone from weeks to hours (in 
most cases).

Note: *Nobody*, not even SORBS, says you 'have to' make that charitable
 contribution.  All the 'spam' listings _do_ age off the SORBS
 system, eventually.
 

Correct - it just takes time, and depending on the reason different 
amounts of time. (eg if you have 'BlueRockDove' or 'NewAgeOptIn' on your 
network there is currently and 'indefinite' aging time)

Caveat: I have nothing to do with SORBS. I don't use it -- or *any* blocklist,
for that matter -- myself (I use other means that are better suited for _my_
requirements).  I don't even know the operator thereof.   Everything I've
said is based on published and publicly available information.
 

No, but you did a fine job of explaining it (best I have seen 
personally), thank you.

The original poster has already noted a contact has been made, and I 
will watch it with interest - and the poster may note at least one of 
the entries has probably been resolved already.

Regards,
Mat

Re: sorbs.net

[Paul G]

- Original Message - 
From: Matthew Sullivan [EMAIL PROTECTED]
To: Robert Bonomi [EMAIL PROTECTED]
Cc: nanog@merit.edu
Sent: Tuesday, March 15, 2005 6:07 PM
Subject: Re: sorbs.net


 The original poster has already noted a contact has been made, and I
 will watch it with interest - and the poster may note at least one of
 the entries has probably been resolved already.

how do you justify asking me, a colo shop for example, to pay (it matters
not whom) to get address space delisted? i caused the spam source to be shut
down as soon as i learned of the incident, a shared hosting customer on one
of my customers' machines for example, and had no practical way of
preventing it from happening. in all respects, i've done all that could be
practically and realistically expected of me to deal with the problem, but i
can't pay $50xmessages to every blacklist operator's and their dog's chosen
beneficiary every time someone dodgy signs up with one of my customers. your
blacklists' 'customers' may not be aware of this issue, but you surely are,
so how is this not a violation of the public trust?

-p

Re: sorbs.net

[william(at)elan.net]

On Tue, 15 Mar 2005, Paul Vixie wrote:
If it *actually* worked right, why do I *ever* encounter people that
don't even know what block lists they're using?
As MAPS found out during some early legal imbroglios, it is very easy to
convince a judge that at least one ISP has subscribed to a blackhole list
without understanding the full effects that this choice would produce.
The whole click to agree (or press F8 after scrolling to the last page)
thing from software vendors is no better.  There's no way a judge (nor, one
assumes, a jury) will ever believe that everyone who signalled agreement,
understood.  The last couple of times I've signed closing papers for a
house I've had to write several times I agree, and I understand english
longhand and then sign my name -- but I don't think that'd hold up to a
challenge of nonunderstanding, either.
Mortgage agreement is not the best choice for comparison on how blocklists
are used, its slightly different concept.
Blocklist use is example of delegating responsibility which is common and 
rooted in our political system (and concept is in use both by government 
and private businesses). Since one person can not possibly make a decision
about each and every detail of their life (although libertarians claim 
otherwise) we choose to delegate responsibility for certain tasks to certain
other people or organization that specialize in those areas. This is both
more manageable and as far as overall costs are concerned.

By delegating the task we accept the consequence that somebody else would 
be making decision on our behalf on this particular subject but this is 
done by choice and either each person participates in directly choosing 
who would be doing the decision or accepts decision make by majority 
social group he's in or delegates making decision on who would be doing
involved to somebody else (delegation chain).

In terms of use of blocklists, the end-user directly delegates responsibility
for making decisions about which emails are good or bad to his ISP. In 
parcticular if user uses email with ISP's domain name than in fact ISP has 
full rights to make decisions about their domain and user has to accept it 
by default as he/she just buys partial use with that domain, but if user 
has his own domain, then he/she makes decisions by buying mail hosting 
service and delegating responsibility regarding how email is delivered 
has to be explicit as part of such mail hosting service agreement. Now 
ISP then delegates responsibility further by choosing select list of 
organizations they believe are better qualified to make decision if the 
source of the email is good or bad - these are blocklist operators, so
there exists delegation chain from end-user to blocklist operator
(just like there exist delegation chain about regulations regarding 
telecom services which we buy, thse regulations are made by FCC which
is in turn chosen by the government and approved by the parliment
to which end-users deligated this reponsibility by selecting it).

In each case by delegating responsibility you accept consequence that 
somebody else would make a decision and you have to live with such 
consequence, such as that those others may occasionally be wrong (and
if they are wrong too often you can be vocal about it and they either
change based on your comments or you make different choice). If you do
not like all this, feel free (with your own domain name) to not use
filtering service and make decision about every email by yourself, however 
the problem is that you'll spend more time on that  that you could be 
spending on something else more productive and as such this time in fact 
does cost you something even if it provides you better granularity and 
direct access to the decisions. At the same time by delegating responsibility
you accept (often free) service provide by blocklist and it is usually 
more cost-effective (both to each individual and definetly to society 
costs in general).

--
William Leibzon
Elan Networks
[EMAIL PROTECTED]

RE: sorbs.net

[Edward B. Dreger]

MH Date: Tue, 15 Mar 2005 14:17:01 -0500
MH From: Martin Hannigan

MH Blocking by SP ip addr + asking for user cash = operational problem
MH for SP

It could be an interesting way to make a few bucks. ;-)


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman  Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

Re: sorbs.net

[Rich Kulawiec]

On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote:
 unfortunately, that *still* didn't stop people from using it, which
 translated into an unresolvable headache for me as a sp. 

Then gripe at the people who chose to use it: it was *their*
decision, and if it was a poor one, then they are the people
who need to be held accountable for it.

Look, if I want to publish a blocklist of all domains with the
string er in them and all IP addresses ending in .7, that would be
a silly thing to do: but after all, it's just a list.  It doesn't
_do_ anything until someone decides to use it for some purpose.
And if they're insane enough to do so, well, shrug, so be it.
It's their system/network; they're free to decline any inbound
traffic they don't wish to receive.  And you, and I, and everyone
else who's not on their system/network, don't get a vote.

---Rsk

Re: sorbs.net

[Niels Bakker]

 From: Martin Hannigan

 Blocking by SP ip addr + asking for user cash = operational problem
 for SP

* [EMAIL PROTECTED] (Edward B. Dreger) [Wed 16 Mar 2005, 02:04 CET]:
 It could be an interesting way to make a few bucks. ;-)

Try it and report back?  Until then I think this thread is welcomed
more on spam-l  similar venues than here


-- Niels.

-- 
  The idle mind is the devil's playground

Re: sorbs.net

[Edward B. Dreger]

NB Date: Wed, 16 Mar 2005 02:33:49 +0100
NB From: Niels Bakker

NB * [EMAIL PROTECTED] (Edward B. Dreger) [Wed 16 Mar 2005, 02:04 CET]:
NB  It could be an interesting way to make a few bucks. ;-)
NB
NB Try it and report back?  Until then I think this thread is welcomed
NB more on spam-l  similar venues than here

smiley = attempt at cynical humor
admittedly OT
actual opinions notably absent, as such would only prolong the thread
maybe it's not so far-fetched, and extortion lists [will] exist :-(

I don't follow too closely these days, but thought NANOG was moderated
now and that totally out-of-line threads would have been nipped in the
bud.  Must... grep... mailboxes...


Eddy
--
Everquick Internet - http://www.everquick.net/
A division of Brotsman  Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita

DO NOT send mail to the following addresses:
[EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.

RE: sorbs.net

[Hannigan, Martin]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
 Edward B. Dreger
 Sent: Tuesday, March 15, 2005 9:04 PM
 To: Niels Bakker
 Cc: nanog@merit.edu
 Subject: Re: sorbs.net
 
 
 

[ SNIP ]

 
 I don't follow too closely these days, but thought NANOG was moderated
 now and that totally out-of-line threads would have been nipped in the
 bud.  Must... grep... mailboxes...

The opposite. This thread is a reasonable example. People
are showing displeasure at the thread and it's winding down.

It's more efficient for the readers to determine what's on and off
topic than the list administrators. We'll inevitably have a false
positive. Using tools and visual cues is reasonable insurance
against that and fosters greater communucations and hopefully
cooperation amongst the readers and posters, namely us. 

We're still discussing the future of the mailing list on the
[EMAIL PROTECTED] list and anyone can join. If you have
an opinion on how the list should operate, subscribe up and
post. It's been productive for the most part.

-M