[governance] Spamhaus

Suresh Ramasubramanian suresh at hserus.net
Thu Mar 28 05:07:06 EDT 2013 

Hi Adam

A very simplistic analogy would be a movie.  You will find a wide variety of reviews about it - from somebody who saw it and writes about it on his blog or fb / twitter, to Roger Ebert reviewing it for the Chicago Sun-Times.

Now, if joe user sees, say, "The Artist", and dismissively posts "Artist sux. No dialog at all!!!" on his twitter, versus if Ebert sees the movie and praises it to the skies [or conversely, gives it two thumbs down], do you see the difference in impact in ticket sales for the movie?

That's the very same thing with blocklists.  Some like spamhaus are in the Roger Ebert position - more than one movie will make or break its reputation [*] based on his review, and any site that lands in Spamhaus' blocklist will quite soon feel the impact - and, more often than not, start to remedy whatever problem it is, whether a hacked server hosting a malware command and control, or a marketer / other mailing list operator with sub-optimal mailing list processes.

Others - well, if joe user tweets that the movie sucks, just how many people other than his close friends and family are going to read it, or care two hoots for his opinion?  That is the position of the various other blocklists.  There are some that are Eberts and Siskels. There are others that are joe user.   Of course allow for the difference in spread that a reputation [*] for good or poor maintenance, and word of mouth popularity, gives either blocklists or reviews by joe users.

** reputation is a term quite often used in the email world, to indicate a more nuanced concept of filtering based on multiple parameters, and shifts dynamically over time ..

--srs (iPad)

On 28-Mar-2013, at 14:19, Adam Peake <ajp at glocom.ac.jp> wrote:

> On Thu, Mar 28, 2013 at 5:28 PM, Suresh Ramasubramanian
> <suresh at hserus.net> wrote:
>> There are best practices.  But all these blocklists are run by various
>> individuals, and getting them all to follow best practices is almost as (if
>> not more) difficult than trying to make people on this list stay on topic
>> and not go off on rants about anything from tax avoidance onwards.
> 
> consequences of our rants are a little less harmful :-)
> 
>> 
>> The advantage that blocklists have over this situation is that only the best
>> managed and most professionally run blocklists will survive for long and
>> have a significant adoption in the market.
> 
> And while these "others" are failing to survive is someone likely to
> suffer from their poor work?
> 
> Is more transparency and accountability needed?
> 
> Suresh, I know this is a topic you're expert on.  Would be good to
> hear more about how blacklisting/blocklist services work. If those of
> you in the business think there should be changes made to how
> blocklists are operatred? (and other mechanism? If there are "other"?)
> 
> Adam
> 
> 
> 
>> --srs (iPad)
>> 
>> On 28-Mar-2013, at 13:49, "Carlos A. Afonso" <ca at cafonso.ca> wrote:
>> 
>> A crucial failure of the antispam services is the lack of clear methods to
>> communicate with legitimate services which they unilaterally decide to
>> blacklist. Like any other service, blacklisting a legitimate service without
>> first informing the service of  impending action is unacceptable, even if
>> some of these blacklisters are nonprofit.
>> 
>> Whatever the several RFCs on the subject recommend, most do not  follow
>> basic rules which, if violated, would be illegal in any country with
>> reasonable consumer laws and rules which regulate proper business practices.
>> 
>> We operate our nonprofit Internet services since the beginning of the 90s.
>> In several cases in which one of our services was about to be blacklisted,
>> we received proper communication and were able to act to fix the problem.
>> But recently most of these services do not bother to get in touch, and
>> provide scant or non-existent ways to check why the service was blacklisted.
>> The fact that several blacklisters are derivations from others compounds the
>> problem, which is aggravated when these services are converted into
>> money-making joints (even if disguised as nonprofit).
>> 
>> Above all, there is need for far better coordination and a clear code of
>> conduct.
>> 
>> fraternal regards
>> 
>> --c.a.
>> 
>> ------------
>> C. A. Afonso
>> 
>> 
>> 
>> -------- Original message --------
>> From: Suresh Ramasubramanian <suresh at hserus.net>
>> Date: 27/03/2013 21:15 (GMT-03:00)
>> To: governance at lists.igcaucus.org,"Carlos A. Afonso" <ca at cafonso.ca>
>> Cc: governance at lists.igcaucus.org,Deirdre Williams
>> <williams.deirdre at gmail.com>
>> Subject: Re: [governance] Spamhaus
>> 
>> 
>> Barracuda is a single vendor .. One out of two or three comparatively more
>> obscure ones that seem to do this.
>> 
>> In the over a decade spamhaus has operated I have not seen spamhaus people
>> take a single penny from anyone at all in matters to do with listing or
>> removal of IPs.
>> 
>> Did you get listed by spamhaus ever?  I am not counting any of the dozens of
>> poorly operated blocklists out there, most of which have one guy and his
>> family dog using them compared to spamhaus that has a footprint of billions
>> of mailboxes across ISPs, civil society organizations, industry and
>> individuals with their own mail servers using it.
>> 
>> --srs (iPad)
>> 
>> On 27-Mar-2013, at 23:20, "Carlos A. Afonso" <ca at cafonso.ca> wrote:
>> 
>>> I have been reporting cases revealing the absurd autonomy antispam
>>> businesses have, our services being one of the thousands of victims. Now it
>>> seems that finally more voices are joining in trying to at least discuss the
>>> issues.
>>> 
>>> We have all of our addresses perfectly identified in *thick* WHOIS, we
>>> keep to all rules regarding relating our addresses to our services, and
>>> still we eventually get caught by an antispam "service" proposing we pay
>>> them money to get out of it. I recall the case of the infamous Barracuda,
>>> which sells antispam software, as the first to try and extort money from us.
>>> Since we protested in quite strong terms and made a bit of a noise, they
>>> left us alone. But there are plenty of others.
>>> 
>>> Where is the technical community when we need it? :)
>>> 
>>> frt rgds
>>> 
>>> --c.a.
>>> 
>>> On 03/27/2013 10:33 AM, Deirdre Williams wrote:
>>>> And meanwhile, quietly, and apparently below the radar ...
>>>> http://www.bbc.co.uk/news/technology-21954636
>>>> Deirdre
>>> 
>>> ____________________________________________________________
>>> You received this message as a subscriber on the list:
>>>    governance at lists.igcaucus.org
>>> To be removed from the list, visit:
>>>    http://www.igcaucus.org/unsubscribing
>>> 
>>> For all other list information and functions, see:
>>>    http://lists.igcaucus.org/info/governance
>>> To edit your profile and to find the IGC's charter, see:
>>>    http://www.igcaucus.org/
>>> 
>>> Translate this email: http://translate.google.com/translate_t
>> 
>> 
>> ____________________________________________________________
>> You received this message as a subscriber on the list:
>>     governance at lists.igcaucus.org
>> To be removed from the list, visit:
>>     http://www.igcaucus.org/unsubscribing
>> 
>> For all other list information and functions, see:
>>     http://lists.igcaucus.org/info/governance
>> To edit your profile and to find the IGC's charter, see:
>>     http://www.igcaucus.org/
>> 
>> Translate this email: http://translate.google.com/translate_t
>> 

-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list