[linux-elitists] FC: SpamCop's Julian Haight replies to Politech, and other defenses (fwd)

Eugen Leitl eugen@leitl.org
Tue Nov 5 03:16:53 PST 2002


-- 
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02


---------- Forwarded message ----------
Date: Tue, 05 Nov 2002 00:11:16 -0500
From: Declan McCullagh <declan@well.com>
To: politech@politechbot.com
Cc: julian@spamcop.net
Subject: FC: SpamCop's Julian Haight replies to Politech, and other defenses

The second time SpamCop incorrectly listed the Politech server, I wrote at 
the time that: "I give the SpamCop folks high marks for responsiveness." 
(http://www.politechbot.com/p-03734.html)

Not so now. I'm glad to offer Julian Haight the opportunity to reply to the 
list, but his reply is needlessly antagonistic. Julian has declined to 
whitelist the Politech server, saying he'll "perhaps" do it if he feels 
like it. He suggests that I was "paraphrasing" parts of his July message to 
me (about the second blacklisting) that I "want to remember," when in fact 
I copied-and-pasted.

These are not the actions of someone who wants to work with the Internet 
community. I agree with Ray Everett-Church, who says Julian "seems to 
relish" harming innocent people. I advise Politech readers not to use SpamCop.

It seems that SpamCop's users weren't even told about SpamCop's new policy 
of blacklisting not actual spammers -- but people at the same Internet 
provider as a suspected spammer:
http://news.spamcop.net/pipermail/spamcop-list/2002-November/022715.html

In a column in September (http://news.com.com/2010-1074-957024.html), I 
predicted what will happen as the market for SpamCop and its brethren 
develops: "As spam increases and a reliable blacklist becomes something 
that Internet providers will pay for, the discipline of the free market 
means their quality is likely to improve."

Part of the discipline of the free market, of course, is that less capable 
firms will vanish as customers turn to more attractive products. I wouldn't 
be surprised if that happens to SpamCop.

-Declan

---

Date: Mon, 4 Nov 2002 10:14:58 -0800 (PST)
From: Julian Haight <julian@spamcop.net>
Sender: <julian@shadowfax.julianhaight.com>
To: Declan McCullagh <declan@well.com>
cc: <politech@politechbot.com>, Argyle <service@admin.spamcop.net>,
    "deputies@admin.spamcop.net" <deputies@admin.spamcop.net>
Subject: Re: Politech incorrectly blocked by SpamCop -- for the third time
In-Reply-To: <5.1.1.6.0.20021104085626.0221b328@mail.well.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 4 Nov 2002, Declan McCullagh wrote:

 > First, SpamCop incorrectly listed the Politech server as a source of spam
 > on Feb. 11. Then SpamCop incorrectly listed the Politech server as a source
 > of spam for three or four days (if I recall properly) circa July 8. Now
 > SpamCop  lists Politech on its spammer-list because some other servers also
 > hosted at Rackspace.com are alleged spammers.

Rackspace has been negligent in this case.  They had an open relay which
they should have been aware of since at least 9/6/02.  That relay is still
on their network, sending massive amounts of spam.  Since complaints from
their spam-victims don't seem to have any effect, perhaps complaints from
their paying users will!  If rackspace does not take action to stop this
source of spam, it is quite possible that other, innocent rackspace
customers will be affected again.

That said, if you would like to send me your IP address again, I'll again
investigate and perhaps give your server a temporary break.

 > I wrote to SpamCop's Julian Haight in July asking him if he could prevent
 > this from recurring. He wrote back: "I don't see what proactive action I
 > can take. There is nothing wrong with the system and it may well happen
 > again. Sorry."

Perhaps you are paraphrasing the parts you want to remember.

 > SpamCop is a commercial service that compiles a list of alleged spammers
 > and charges $30 a year for individual email accounts and far more, I
 > imagine, for corporate filtering.
 >
 > No spam has ever been sent from the Politech server. Nor was I notified
 > when it was placed on SpamCop's list again.

Rackspace was certainly notified.  Many, many times.  I myself sent them a
very stern warning on friday and have no response yet.  The open relay on
their network (216.110.36.16) is still wide open.  I would appreciate
anything you can do to bring their attention to this glaring problem.

There are several other sources of spam on this same rackspace network -
IP (qty in past week):
216.110.36.18 (1) 216.110.36.149 (9) 216.110.36.21 (4) 216.110.36.70 (1)
216.110.36.16 (88) 216.110.36.89 (6)

If you would like to get copies of all reports about your server, or even
about the whole /24 network, you can.  Use the tool documented here:
http://spamcop.net/fom-serve/cache/94.html

That will give you early warning about problems on that network, which
will in turn let you know if there is a pending blacklisting by spamcop.

 > Don't get me wrong. SpamCop has the right to compile and publish
 > blacklists, even if they are not vetted for accuracy and are therefore
 > overbroad and certain to block legitimate mail. But we also have the right
 > to speak out against SpamCop's practices and criticize it where appropriate.

I'm glad you feel that way.  Plenty of people threaten to sue me, and it
only makes me question their credibility.  My system is mostly mechanical,
and the rules which govern it are public.  I feel that as long as I'm
truthful about what rules I'm using, I'm at least free from liability.
It's up to the people using the list to block mail.  Each user or
administrator gets to decide for themselves if my rules are a close enough
approximation of their definition of 'spam', and if they want to reject
mail on that criteria.

 > I invite SpamCop to defend this overbroad listing -- and say why anyone
 > should trust their service in the future, if my experience with SpamCop is
 > any indication. Personally, I use SpamAssassin and am very happy with it.

Thank you, there are a few points I'd like to make.

First is that this new "list the whole network" policy is new, and your
feedback is certainly something I'll take into account when evaluating
it's effectiveness.

Second, this policy is not intended as a way of punishing the innocent
neighbors of a spam source.  There are spammers who have been avoiding my
filters by rotating through different IPs.  This whole-network rule helps
stop that type of spam.  Although I argue above that rackspace is too
slow, punishing them is also not the intent here - it's a secondary
effect.  Some would say it's even a beneficial effect, and I would agree
to a certain extent.  But if it were the only effect, I would not be
doing it.  It is intended to make my filters better at filtering out spam,
not coercing ISPs into action.

Third, spamassasin, though different in some ways, is similar in one
important way to spamcop and many other spam-fighting tools:  false
positives.  Practically any attempt to filter spam will result in false
positives.  Spamassassin is no different.  Perhaps it works better for you
than spamcop.  Part of it's effectiveness is that it considers spamcop's
list in making it's determination.  So depending on your configuration,
you are actually using spamcop.  If it works for you, and you continue to
use it, please give a donation ;)

Finally, I don't think your experience with spamcop is typical.
Primarily becuase you are a publisher.  Most users don't ever see it from
that perspective.

A few far-sighted comments on the state of email:

Unfortunately, spam is killing email.  Anti-spam reaction is killing
legitimate bulk email with the illegitimate.  I suggest that bulk emailers
find another medium for their message.  I am actively encouraging the
development of a new protocol to deliver opt-in bulk messages.  It should
not 'push' the message to the user, rather it provides a system whereby
the user's agent (mail software)  can 'pull' messages in a timely manner
from the publisher.  To the user, this system would be much easier to use
(opt-in/out).  To the publisher, the user would still be presented with
the message in a familiar format (text or html).

- -=Julian=-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9xrkikdq17G+XLoYRArYJAJ9FlMKpyMlxznhhhxHhm+eHUTDlEACeIXgx
uFi4bFt2GMq6L0L+JTDzZ6g=
=2eTj
-----END PGP SIGNATURE-----

---

Date: Mon, 4 Nov 2002 10:26:07 -0800 (PST)
From: Julian Haight <julian@spamcop.net>
Sender: <julian@shadowfax.julianhaight.com>
To: Declan McCullagh <declan@well.com>
cc: <politech@politechbot.com>, <service@admin.spamcop.net>,
    <deputies@admin.spamcop.net>
Subject: Re: Politech incorrectly blocked by SpamCop -- for the third time

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just called and spoke with Ron Simmons in Rackspace's security
department.  He vowed to look into this problem and get it resolved ASAP.

- -=Julian=-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9xru/kdq17G+XLoYRAg7MAJ44hZAxlfvGJH3TpvxpLZSTbhkXQACeM/uh
BPHim+sEL8+Q84iVxGIcJow=
=eIqu
-----END PGP SIGNATURE-----

---

Date: Mon, 4 Nov 2002 13:28:21 -0500 (EST)
From: "Matthew G. Saroff" <msaroff@fellspt2.charm.net>
Reply-To: "Matthew G. Saroff" <msaroff@pobox.com>
To: declan@well.com
Subject: SpamCop and Politech

	It seems to me that the criteria used by SpamCop are exactly what
they sell their customers:  that the volume of spam will be markedly
reduced, and that it will be done so in a manner that will make it more
difficult for spammers to find friendly havens.

	While unfortunate for Politech, this is an example of an honest
vendor serving the customers.

-- 
Matthew Saroff

---

From: "Downes, Stephen" <Stephen.Downes@nrc.ca>
To: "'declan@well.com'" <declan@well.com>
Subject: RE: Ray Everett-Church on systemic problems with SpamCop
Date: Mon, 4 Nov 2002 20:36:12 -0500

Hiya,

This one is a bit trickier:

"Now SpamCop lists Politech on its spammer-list because some other servers
also
hosted at Rackspace.com are alleged spammers."

Assume for the sake of argument that your service provider, Rackspace.com,
does indeed host spammers (if it doesn't, it's an erroneous listing and my
comments do not apply).

If Rackspace is delivering spam, then that could be construed as a good
argument for refusing any traffic from Rackspace. This includes your
newsletter.

The good being done by Rackspace - sending your newsletter - does not
mitigate the bad being done by rackspace. By accepting email from Rackspace,
even if it is benign, the service is showing tolerance to a spam host. It
also opens the door to abuse by spam providers who, in an effort to appear
innocuous (and much harder to block) mix innocent content among the spam.

In such a case, I would argue that you, as an innocent party, are the victim
of Rackspace's abuse of the net, and not SpamCop's attempt to counter that
abuse.

This is not to excuse any other errors SpamCop may have made in the past,
and it is not to endorse them in any way. But on this particular point, I
would side with SpamCop.

My recommendation would be that you obtain a new service provider, and
explain clearly to Rackspace that their policy of distributing spam is what
has caused you to close your account.

-- Stephen

[Comments in this email almost certainly do not reflect the views of my
employer. ;) ]

----------------------------------------------------------------------------
-
Stephen Downes ~ Senior Researcher ~ National Research Council
Moncton, New Brunswick, Canada

---

Date: Mon, 04 Nov 2002 21:55:02 -0500
To: Declan McCullagh <declan@well.com>
From: "Lawrence R. Ware" <larry@waywardhome.com>
Subject: Rackspace and SpamCop

Hi Declan,
I've been reading politech list via the web interface for a
couple of years now.

Saw your comments re Spamcop.
You said:
 >Now SpamCop  lists Politech on its spammer-list because some
 >other servers also hosted at Rackspace.com are alleged spammers.

My first thought was amazement that Rackspace actually had a
legitimate customer. :-)

I'm not trying to defend SpamCop because Julian should of white listed
Politechbot after the first problem back in Feb.
His system does have problems.

But at the same time I would point out that if I had subscribed to
the email version of your list, I'd never see it. Not because of
SpamCop, but because just about all of Rackspace is in many blocking
lists including several I use to filter mail.

Rackspace is an un-repentant provider of spam support services and
if you believe in the Boulder Pledge you will move your site instead
of supporting people who believe pissing in the community well is fine as 
long as they get a dollar for it.

Once a lot of evidence is available that a hosting company like
Rackspace doesn't care how many spammer web sites they host, blocking
lists often start to increase the size of the blocks in order to
put pressure on the provider. I use these lists and I support turning
up the pressure on providers like Rackspace.

A little googling would let you know just who you are doing business
with and why most anti-spammers can't say the word "Rackspace" without 
swearing.

Sincerely,
Lawrence Ware

PS: Why do journalists always ask Ray Everett-Church what he thinks about
spam related issues? The majority of working anti-spammers, (those
running networks and fighting spam day in and day out) consider him
and his organization CAUCE about as relevant to spam fighting as the
Libertarian presidential candidate is to tomorrows election.

---

Subject: Re: FC: Ray Everett-Church on systemic problems with SpamCop
From: "B. Johannessen" <bob@well.com>
To: Declan McCullagh <declan@well.com>
In-Reply-To: <5.1.1.6.0.20021104150745.02294388@mail.well.com>
References: <5.1.1.6.0.20021104150745.02294388@mail.well.com>
Content-Type: text/plain; charset=UTF-8
Date: 05 Nov 2002 00:33:02 +0000
Message-Id: <1036456382.10255.24.camel@getafix>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit

Declan,

(you may include my email, should you decide to forward this)

as there has been no reply from Julian or anyone else coming
out in favor of SpamCop, and since I'm the one who brought
this to everyones attention in the first place, I'd like to
contribute a few words from the perspective of a satisfied
SpamCop user.

First of I would like to address a few of the comments made
by Mr. Everett-Church

 > > "There is nothing wrong with the system and it may well
 > > happen again. Sorry."
 > If you find this statement nonsensical and outrageous, you
 > should.

There is nothing nonsensical about the above statement. You
are being told that the system is performing exactly like it
was designed to do. You are free to disagree with the stated
goals of the SpamCop system, but calling in nonsense just
proves that you have not taken the time to learn how the system
works.

 > Julian's system is designed to have a hair-trigger response
 > to any spam complaint from a SpamCop user -- no matter how
 > wrong the complaint is -- which translates through some
 > arbitrary algorithms into a blocklist entry.

There is a fairly good explanation of what Mr. Everett-Church
above describes as “arbitrary algorithms” on the following link

http://spamcop.net/fom-serve/cache/297.html


This page is also liked to from the page referenced in my
original message. Once again comments like the above leaves
me with the impression that Mr. Everett-Church did not take
the time to research the issue at hand.

In closing I would like to include a few words about my
personal experience as a SpamCop user.

In the time that I've been using SpamCop (since March of this
year) I would guesstimate that SpamCop has filtered about 5000
messages as spam. Out of these, less the 50 has been legitimate
email. In addition SpamCop neither rejects nor deletes the
“suspected” messages, they are placed in the (IMAP) folder
“Held Mail” for me to inspect.

I think we can all agree that a perfect automated system for
dealing with spam is an impossibility. For me, the quality of
such a system is measured by the time I spend correcting it's
mistakes. As for my use of SpamCop, this has turned out to be a
few minutes per day. Your mileage may vary.


	B. Johannessen




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?qÞclan
-------------------------------------------------------------------------





More information about the linux-elitists mailing list