(Sorry for the length, if you hate the wall of text, the last three paragraphs contain the essence of my thoughts and concerns on this)
On Wed, 20 Feb 2008, Justin Mason wrote: > > Matt Kettler writes: > > In general I'm somewhat averse to systems with undocumented or vague > > policies in SA. Case in point, razor used to be disabled by default due > > to a rather vague policy about "high volume" use, that didn't really > > define what that volume was. > > +1. > > We haven't decided *not* to remove Spamhaus usage from the base ruleset > yet... it just hasn't come up in discussion again. So nobody should > take the remaining inclusion of Spamhaus as any kind of indication that > we approve of such policies. I respect your desire to withold judgement; it's not always a clear cut issue depending on your perspective. If nothing else, making people aware of the potential future fees would perhaps be a good idea before their customers arrange their filter thresholds based on what amounts to a introductory trial service. For what it's worth, with dcc, razor, but no bayes, checking the cache of missed spam going back the past three months that we were unknowingly blocked from uribl.org, I have to say the impact has been very minimal. In fact, TimeElapsedSpamCheck seems to have dropped an average of over half a second (perhaps it would be a smaller difference if we were not blocked), so overall this is still a win-win, uribl doesn't get our bogus traffic, and we can delay the deployment of the next filtering server to the cluster for a bit, as this equates to a potential ~15% increase in efficiency. I have a certain amount of respect for anybody who gives their time and effort to help fight mail abuse, even if I don't agree with their tangential policies. Good luck to you Dallas. Hopefully you will at least be upfront and inform the people (this relies on an assumption on my part) who submit samples to URIBL and provide free mirrors that there exists a possibility that more money will be generated than is consumed by expenses related to the project. Perhaps he does disclose their financials and I'm just being a douche...but I seriously doubt it, given that they openly ask for paypal donations, have google ads, and sell branded merchandise, while never mentioning on a non-password protected page (that I could find) that they also sell data feeds. Perhaps that would provide negative motivation to donate or support the cause by buying a uribl t-shirt? Overall I just feel like they're leveraging the default inclusion in spamassassin to eventually create revenue streams from unsuspecting companies who would happily just pay the fee. Afterall, those who generate 400k queries today will eventually generate 500k queries, and then comes the email suggesting you obtain a data feed (giving no impression of associated fees). I guess I have grown too accustomed to the long standing symbiotic relationship between spam warriors and service providers. We rely on you to help us filter our incoming mail, you rely on us prevent or at least diligantly mitigate spam coming from the large number of potential sources on our networks. We're supposed to be in this together, working from both sides of the equation. As soon as the motivation stops being about preventing spam and becomes about making money, you essentially equate yourselves to the various large networks providing transit to spammers out of desperation to pay for their overbuilt networks and meet quarterly revenue goals. Does this apply to uribl? Perhaps not. But it sure felt like it when the "data feed request form" magically turned into a shopping cart once I selected responses from the first three dropdowns. I just can't parse the logic; the seperation between those who should pay and those who shouldn't is based on volume, yet if those who generate too much volume wish to eliminate the traffic entirely...they must pay for the traffic of those who do not hit the arbitrary cutoff? At least MAPS was logical in charging those who are for-profit, providing free to those who are non-profit. Or take Vernon's DCC project, he provides a value added service to those who pay, not available free to anybody. What would make sense would be if an RBL charged people who generate more than 500k queries IF THEY DID NOT obtain a data feed and wanted to still query at at high volume, perhaps the RBL would provide a special low latency server only queryable by paying customers, which perhaps get the latest updates faster than the public servers. These arrangements are appropriate and valid from an ethical and logical point of view and charge the appropriate parties a cost-based fee. Vern is charging for his additional time, MAPS charges those who in theory profit (directly or indirectly) from the filtering, and in the last case the RBL would be charging for the traffic and exclusive access. Perhaps I'm simply tired and unable to escape my Max Weber-esque Iron Cage and grasp this seemingly inconsistent paradigm of charging those who wish to reduce the bandwidth costs of an organization openly begging for donations! They even charge non-profits for a barely reduced fee for the data feed! How does that make sense unless profit is the motivation? They take an organization who has no profit motive and charge them for reducing uribl's bandwidth, all in the name of a common desire to reduce mail abuse? The website seems to have a motto of "because spam sucks." That certainly serves as no explanation or motive for charging those whose primary desire would be to both reduce spam AS WELL AS the expenses of a donation requesting, swag peddling, ad profiting organization! (are google ads a mild yet socially accepted form of spam? I would say no, some might say yes) I must be stupid, I'm not able to invent an explanation that doesn't involve a profit motive. I'd think they were taxing the rich to provide to the poor if they weren't providing free service (in theory) to those who generate 400k queries per day from dozens of individual nameservers around the globe who then charge for spam filtering (we do not btw), and then turn around and charge a non-profit who generates 600k queries per day from their single primary caching nameserver they setup to reduce their own bandwidth costs as much as possible. Somebody help me here. This was way too long but I'm waiting on a couple buildworlds and the more I think about this the more shady it feels to me. Good luck regardless, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
