[governance] Re: Antispam practices

Peter Dambier peter at echnaton.serveftp.com
Thu Sep 28 02:28:14 EDT 2006 

tapani.tarvainen at effi.org wrote:
> On Tue, Sep 26, 2006 at 07:40:20PM +0200, Vittorio Bertola (vb at bertola.eu.org) wrote:
> 
>>I'm glad I sparkled an interesting debate on such a specific and 
>>important policy issue, including (finally!) the technical level :)
> 
> 
> I can get as technical as you like in this (probably more so,
> all the way down to SpamAssassin or sendmail code and the like).
> But I'll stay on a a bit more abstract level for now.
> 
> 
>>>forbidding blacklist maintenance or by
>>>forbidding their use is also very problematic from political point of
>>>view: it is like forbidding organizing consumer boycotts,  a rather
>>>radical restriction of freedom of expression.
>>
>>To me, this does not look like boycott, since it is not that you are 
>>stopping to buy some ISP's products (something that affects only you and 
>>the company you are boycotting): you are actively shutting out of the 
>>network all customers of that ISP, by blocking their traffic. It does 
>>not affect only you and the company, but all customers of that company: 
>>in other words, you are forcing everyone else to boycott that company as 
>>well, and this goes well beyond your freedom of expression.
> 
> 
> Who am I forcing to do what, if I refuse mail from some IP?
> 
> OK, I'm forcing those who want to send mail to me to find other means.
> But I think I'm within my rights to do that.

You are one of those guys who force me to have some 20 mailers, depending
to whom I want to send. It is nasty to have to use some 20 mailers but
when you dont want everybody to snoop into your personal mail your are
forced to run your own mailer. That is what I am doing.

Ok, this mailer cannot send to you. Now I have to get a gmail account
with a nonesense name to send you emails. I have already another one
for the AOL guys who can only receive mail from AOL or spammers.

Curiously enough it is my local mailer on its dynamic ip-address who
gets the fewest spam and it is the big ones who get the most. They seem
to except only spam and no private mailes. That is why they are mailblockers
and not spamfilters.

> 
> For comparison:
> 
> A courier firm makes deal with US Post to handle packages destined
> to Finland. They do it cheaply, but there's a catch: they charge
> recipients, too - without telling senders about it.
> (This has actually happened, by the way.)
> 
> May I now refuse to deal with that, and tell people they'd better
> send packets to me some other way, and even boycott (as in not
> buying stuff from) companies that insist on using it?
> 

Yes, Santa Claus will boycott you. No Christmas gifts this your.

But please go outside and look into your letterbox at least once
every day because a lot of people tend to print their bounced
email send send them by avian carriers :)

> May I also publicise information about the courier company and
> its annoying practices and suggest others boycott it, too,
> along with all its clients, even if they had nothing to do
> with the change and may not even know about it?
> 

If I am allowed to publicise your annoying practices and
ask them to exclude you from newsletters because you bounce
them anyway.

> The comparison is apt: accepting email from spam-prone
> address spaces is also expensive.
> 

That is what I am doing right now. I have found out it is much
easier to sort out the spam than having to look into the spamfolder
for lost emails.

There are other means like greylists ...

> 
>>It looks to me (with due proportions) more like racism: since a certain 
>>number of members of a group did not behave well, we actively prosecute 
>>all members of that group, just because they are members of that group.

It is a religious war. Some people giving up email completly because it
has shown not to work any longer - others trying to fix it.

The guys trying to fix it fall into different cults using different
means to kill each other.

> It's not like racism because the group is not something you are born
> into. And few people have deep feelings about their IPs.
> 
> Sure, sometimes there's not much choice in practice. If the only
> job you can get is in a misbehaving company, you'll be hurt by
> boycotts directed at the company, without much fault of your own.
> Should we refraining from boycott because of that?
> 

It is not at all about companies. It is about people.
People trying to get things done the way they like it, have to
run their own mailers or they can CC all the big brothers.

> Sometimes "collateral damage" cannot be avoided.
> In the present case, innocents will suffer also if
> dynamic IPs are not blacklisted, indeed even more so:
> dynamic IPs are *the* major source of spam today,
> and spam can effectively make email useless to
> even more innocent people.
> 
> 
>>In some cases, it even gets down to plain assertions that "dumb users 
>>should not be allowed on the Internet" and so on - as if connecting to 
>>the Internet with a Windows machine (and all the 'security' that 
>>Microsoft allows), on a €20 dynamic DSL line, without understanding a 
>>word about technicalities, was a fault per se.
> 
> 
> Which it of course isn't. But the only way to allow technically naïve
> people to connect is by providing them safe email and other services by
> someone, and easily - which in effect means ISP has to arrange it,
> and make it automatic, default.
> 
> 
>>Also, I am very interested in the principle point about having users 
>>forced to go through their ISPs.
> 

I could not use it because they did not support linux.

And my ISP is more often on everybodies blacklist than not.

> 
> That is indeed bad in my book also. But setting it as default, so
> that if you don't have the technical skill to manage your own mail
> server or whatnot, is a different thing, as long as those who want
> can get the ports open. (Yes, I understand very well why some
> people prefer to run their own mail servers. I am one of them.)
> 
> Indeed, an ISP that took good care of their dynamic pool might be able
> to keep it out of blacklists. But I can't think of any way to do that
> other than restricting ports by default, open only on request.
> 
> Incidentally, I run my own mail server in my home, behind an ISDL line
> that blocks incoming smtp port (but not outgoing, for some weird
> reason). Now I am able to work around that by arranging relays using
> non-standard ports, but I know that for some it would be prohibitively
> expensive or otherwise effectively impossible.
> 
> 
>>>After all, nobody
>>>running a mail server is forced to use any blacklist, it is just
>>>information they can use or ignore - like a suggestion to boycott
>>>a manufacturer for whatever reason.
>>
>>Sure, but, in practice, most mail servers come with blacklists enabled 
>>out of the box,
> 
> 
> I doubt that very much - do you have some statistics?
> Tools to use them are generally easily available, though,
> and commonly used, but not enabled by default, in my experience.
> 
> 
>>and no sysadmin would care to remove them only because 
>>of some "collaterally damaged" users.
> 
> 
> The ones I use allow making user-specific exceptions.
> 
> 
>>In the end, it all gets down to common sense. If everyone did not push 
>>things to the limit, the Internet would not break :)
> 
> 
> :-)
> 
> Unfortunately, common sense not common enough these days. :-(
> 
> 
>>but you can't force ISPs not to use dynamic IP(v4) ranges, can you?
> 
> 
> Actually, I think you could. I'm not arguing it'd be a good idea or
> politically feasible, but technically it'd be possible and I can
> imagine even political will to do it. (In effect it'd mean requiring
> ISPs to maintain lists of their clients' MAC addresses and mapping
> them to specific IPs. I know of one doing this so it's not impossible,
> and it could be sold to politicians as means of making it easier to
> catch criminals.)
> 
> 
>>So the basic issue with blacklisting IP ranges just because they're
>>dynamic will stay.
> 
> 
> What would you do?
> Make it illegal to publish information about which IPs are dynamic?
> Make it illegal to filter mail on the basis of sender IP?
> 
> How about instead requiring ISPs to provide static IPs and/or open
> ports to customers who request it, at no (significant) extra cost?
> (Perhaps requiring signature on some kind of "I understand what
> this means and take responsibility" -type paper would be OK.)
>  
> 
>>By the way - to add one more anecdote - there was an interesting 
>>discussion between my CEO and my sysadmin (we're a very small 
>>company...) earlier today. This is absolutely true, almost word by word 
> 
> 
> :-)
> 
> Language barriers between CEOs (or even lesser bosses) and sysadmins
> are notorious. However:
> 
> 
>>SysOp (looking more shocked): "No, I can't add a special rule just for 
>>that, you know, these rules are being developed for months with lots of 
>>powerful algorithms, you shouldn't mess with them, these rules are right 
>>by default!"
> 
> 
> I rather suspect the sysadmin was pretending here. 
> Setting up exceptions to spam rules isn't that hard.
> 

Try my ISP "dtag.de". It is the biggest guy in germay but I remember
calls to their hotline. I dont think they do even know what spam is.

Kind regards
Peter and Karin

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at echnaton.serveftp.com
mail: peter at peter-dambier.de
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list