[linux-elitists] Spam spam spam spam

Aaron Sherman ajs@ajs.com
Fri Feb 18 20:39:58 PST 2005

On Fri, 2005-02-18 at 16:42, Rob McGee wrote:
> On Friday 18 February 2005 12:53, Aaron Sherman wrote:

> > Damn. I was using Spamhaus specifically because they only listed
> > people who were known to originate spam (either because they were
> > zombies (XBL) or spam sources (SBL)). Either I was wrong, or they've
> > changed their policy to list groups punitively.
> I don't see that as a punitive listing. The IP is known to be under 
> control of Alan Ralsky. If he or Ruslan Ibragimov or any other known, 
> unrepentant spammer was to sit at his computer and type a personal 
> message just to me, I would see nothing wrong with blocking it.

That's called "punitive". You are specifically looking to ostracize
someone for their actions. You can do that. I just don't want to confuse
that with listing spam sources, which is what I thought SBL did.

> I am sorry, I know I sound like an obnoxious zealot. Those who get down 
> in the trenches of the spam war you tend to get that way.

I understand. I felt the same way once. Then I heard a friend talking
about spammers. I heard him say things like "I want them all dead," and
I thought about it. Other than making me look at the word "penis" more
often than I'd like, what exactly have these people done to warrant such
ire? When did we decide that mail server admin would be light, happy fun
if only it weren't for the spam? Sure it's not good. It costs money and
time, but what's so amazingly bad that it gets us this worked up?

> Spammers have that certain quality about them that triggers reverse
> peristalsis in me. They seem to lack most normal thought processes,
> and perhaps ALL ethical thought processes.

You're generalizing. I've known a few spammers in my life. Some of them
are hucksters. Some of them are just people. 

Impersonalizing a group is always an easy way to justify your actions,
and don't think you're the first to say, "They seem to lack most normal
thought processes." I've heard that said about stock brokers, movie
directors, blacks, ... you name it.

[...cutting out huge chunks here... it was a long reply...]

> Back to the Boulder Pledge: economic damage is really the only way 
> possible to stop spam. It has to begin to cost them more than they get 
> from it.

I disagree. I think that the solution to spam is and always has been
coordinated trust management. It will take years, perhaps even decades
to phase in, but it's the only viable solution.

Financial hardship will only mainstream spam, mutating it into a
long-term viable business model by force of natural selection.

Either way, blocking mail from hosts that don't send spam gets you no
closer to a solution.

> What this whole Cerf thing comes down to is that we are trying to apply 
> some pressure on MCI. I agree, it feels like we're unfairly singling 
> out Cerf, and I'm certain Vint is the kind of geek I would really like 
> to meet.
> We discussed this on SPAM-L, too. It FEELS kind of mean, but it really 
> is justified. 

Your message is littered with the kinds of statements I expect from
governments, not individuals... how did we fall so far? Or is there just
a new guard coming in that no longer applies the hacker ethic to systems
admin? (No offense if you happen to be as old as or older than me... I
simply don't know)

> > I just want to shut off the pipe when people 
> > demonstrate that they are willing to treat their pipe as a firehose.
> That's YOUR pipe, not theirs. Send Safe steals the pipe from Windows 
> machines, and their ISP's, everywhere, and then YOUR pipe.

No it's the spammers. I don't care if the spammer is a Windows box or an
SGI running in a bunker somewhere. Coordinated trust management (of
which blacklists are only a first baby-step) shuts you down quickly and
cleanly. The problem is that you have to trust the trust managers and
Spamhaus has sadly violated that trust by listing non-spammers.

> I feel guilty about blocking dynamic IP space, but unfortunately it's 
> very effective, what with so much spew coming from zombies. Thanks to 
> Send Safe et al!

Then you only see this mail by virtue of the fact that L-E doesn't take
such foolish steps. I and hundreds (probably thousands) of others don't
trust ISPs to handle our mail for us because we've been doing it longer
and better than they have. I'm in a "dynamic" IP space (even though my
IP hasn't changed for years), and will continue to manage my own mail
server and relay my own mail without going through "sanctioned" servers
until they pry my MTA out of my cold, dead hands.

☎ 781-324-3772
✉ ajs@ajs.comhttp://www.ajs.com/~ajs

More information about the linux-elitists mailing list