[governance] Antispam practices

Ray Plzak plzak at arin.net
Thu Sep 21 08:39:50 EDT 2006 

At the upcoming ARIN Public Policy meeting in St Louis, 11 - 13 October,
there will be a panel discussing blacklisting. Members of the panel will be
from various parts of the community that are affected by or are involved in
the process. All are invited to attend. For those who can not attend in
person the meeting will be webcast.

Ray

> -----Original Message-----
> From: Vittorio Bertola [mailto:vb at bertola.eu.org]
> Sent: Thursday, September 21, 2006 7:48 AM
> To: WSIS Internet Governance Caucus
> Subject: [governance] Antispam practices
> 
> Hello,
> 
> I wanted to share the nasty experience I had today with anti-spam
> blacklists.
> 
> This morning I was working from home, connected through one of Italy's
> major ISPs via a DSL line. When I tried to send email as usual, the mail
> server of my own company started to reject them, as my IP address
> appeared in a couple of international anti-spam blacklists.
> 
> I checked the sanity of my systems - both my laptop and my Linux gateway
> to the world - and I checked the blacklists; it turns out that,
> yesterday, a previous user of the same IP (which is dynamically
> attributed each time you connect, and, given the quality of our copper,
> my gateway disconnects and reconnects relatively often) had been using
> it to spam (voluntarily or not).
> 
> So I go to the website suggested in the error message (cbl.abuseat.org),
> I try to delist my IP and... apparently, since it is a dynamic IP
> address, they would refuse to do so, or even if they accepted, according
> to their website, it is likely that the IP would be blacklisted again
> quite soon.
> 
> In this case, I was trying to connect with my company's mail server, so
> there were plenty of possible solutions. However, given the ridiculous
> policy of these people, I chose to disable these blacklists all at once.
> But if, by chance, I had been using my own gateway as outgoing mail
> server, something I often do, I would have been completely shut out of
> the Internet for what regards email, without having any chance to get
> this fixed, apart from finding patchy workarounds such as disconnecting
> and reconnecting to get another IP address (which could have been
> blacklisted as well).
> 
> Well, there is a "proposed" solution (which means, they unilaterally
> decide you have to do things that way) on the blacklist's website: stop
> using your own server and use your ISP's one. Now, you might have
> noticed that just yesterday, here in Italy, the head of security of the
> major national telco was arrested for illegally intercepting and
> recording phone calls and emails of thousands of people, so that does
> look like a sound suggestion, really. (While discussing this accident
> with a nerder friend involved in the anti-spam circles, he replied "but
> why do you care to be intercepted, if you don't have anything to hide".
> Oh well, you really got the point about privacy!) And what if my ISP
> didn't provide reliable mail servers, or didn't provide them at all?
> Should then I change ISP? And what else do you want to decide for me?
> The color of my shirt?
> 
> Practically, these people are suggesting that I should give up the basic
> principle of the Internet, and my right to set up my own servers and
> services at any public IP address, and pay someone else to send my mail,
> only because my IP address is dynamic. And I don't know about elsewhere,
> but here, many ISPs won't even sell you a fixed IP address, unless you
> are a corporate customer. Ah, sure, I forgot I should get the ISP they
> like, not I.
> 
> But what really gets me mad is that this policy, which indeed deeply
> affects what I can or cannot do with the Internet, was never discussed
> with me, meaning, the final users. I've been attending a good number of
> the existing Internet governance forums around, but where there ever was
> an open discussion and subsequent broad consensus on the correct
> policies for blacklisting and delisting? This policy affects me in deep,
> how can I influence it? Sure, there is a comment form on the CBL
> website, accompanied by the message: "WARNING! Comments are not read
> routinely and will not be responded to.". Thanks for the kindness.
> 
> Please don't misunderstand me. I realize the great service that
> blacklists provide, for free. I realize in full the technical difficulty
> of managing this situation, and of fighting spam with the current email
> protocols. But I do not support the idea that there can be
> self-appointed sheriffs of the Internet, that can in fact block (censor)
> your bits according to any policy they like. Sure, one could think that
> blacklisting won't be used if it's not reasonable, but if you're just an
> individual being unjustly blocked, which sysadmin will ever care to
> alter its default mail server configuration just because of you? And how
> do you ask for that, if you can't send email? And who ensures that, in
> the middle of ordinary spam blockings, there will not be networks or
> individuals that are being blocked for their opinions or for political
> judgements or to alter market competition?
> 
> I should have the right not to be blacklisted if I didn't do anything.
> If blacklist managers can't handle the operational requirements to do
> so, then please don't run a blacklist.
> 
> I hope we can have a fruitful discussion on this specific point at the
> next IGF in Athens. And volunteer for that, wholeheartedly.
> 
> Ciao,
> --
> vb.             [Vittorio Bertola - v.bertola [a] bertola.eu.org]<-----
> http://bertola.eu.org/  <- Prima o poi...
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      governance at lists.cpsr.org
> To be removed from the list, send any message to:
>      governance-unsubscribe at lists.cpsr.org
> 
> For all list information and functions, see:
>      http://lists.cpsr.org/lists/info/governance

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list