On Wed, 2 Feb 2000, Chris McCraw wrote:
>
> the roadrunner folks have been kind enough to get in touch with me
> ([EMAIL PROTECTED] as well as postmaster@)
> directly and i've decided to turn off ORBS on our listserv. however
Well, I for one am glad to hear this. It should be sufficient to use the
rbl, dul, and rss. I personally do not agree with the philosophy behind
ORBS. I am appending a letter which I sent to ORBS regarding this is
which they never replied.
In any case, with a little extra work, you could tag rather than reject
the messages, and then set majordomo to require that messages with the tag
require manual approval.
That's my 2 cents.
Simon
From: Simon Hill
To: [EMAIL PROTECTED]
Subject: An opinion
Hello,
I hate spam as much as the next guy. My mail servers use all of the
mail-abuse.org lists: rbl, dul, and rss. My personal network's mail
servers have always been as secure as I can make them, though I have had
to fix one of my employers mail servers that I thought was secure, due to
receiving an ORBS notice (apparently RedHat 5.2 wasn't using the most
recent sendmail hacks).
However, something about ORBS struck me as not quite right. After thinking
about it for a while, I finally figured out what was bothering me. It has
some implications that you might want to consider.
Most anti-spam philosophies take the position that spam is trespass and
theft of service. Accordingly, most anti-spam lists are passive - a
server gets listed because it was actually used to relay spam.
Your active approach, IMO, has a serious problem. It is, simply put,
trespass. Just as no Internet user has the right to send me spam if I
don't want it, similarly, no Internet user has the right to probe the
workings of my mail servers without my permission. I have installed my
mail servers to receive mail, and for no other purpose.
Using what I assume to be your rationale, which I notice that you do not
address at all on your web site, then I would be justified using SATAN or
some other network security tool to probe your network without your
permission with the justification that if your network is insecure, then
it might pose a threat to my network should crackers happen to compromise
yours. I hope that you would agree with me that doing that would not be
right at all. How exactly is what you are doing any different?
It seems to me that the lack of a clearly defined rationale for your
actions on your web site it due to the fact that they can't actually be
justified. While you may rightly sneer at spammers who threaten you with
lawyers and law suits, I think that you may actually be wide open to
criminal charges of computer tresspass.
Please don't misunderstand me. I am not threatening to initiate any such
action myself. I am just concerned that if the wrong person figures this
out and presses criminal charges against you, that you might very well be
found guilty, and that would be a great victory for spammers, and the
precedent might then be improperly applied to other services which do not
actually involve trespass, such as mail-abuse.org.
Please think about what I have said, and if you can actually justify your
actions, then post your arguments on your web site. Unfortunately, I don't
think there are any legal reasons which justify trespass (except perhaps
life or death situations), and I don't think that you can convincingly
argue that what you are doing is not trespass.
Please note that I am not a lawyer, you might want to talk to one about my
observations...
Sincerely,
Simon Hill
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
