The owner of a spam-prevention website said it has been taken down following unfounded complaints from fellow anti-junkmail organization Spamhaus. Spamhaus strenuously denied the claim. Spamwise.org owner Ian W. Rudge said the site and an unrelated property for his IT consultancy were taken down after their IP address was added …
Dear gods where do we start?
Rudge should consider himself suitably educated.
So Spamhaus test mx's to see if they'll relay and then emails one of the addresses any mailserver admin monitors. If it doesn't get fixed within a reasonable timescale then they assume the mailserver is run by an idiot - or more likely not really "run" by anyone.
Where's Morely Dotes when you want him? ;-)
Wild wild west
live by vigilante justice, die by vigilante justice.
@Wild, wild west
I'd go easy on that vigilante stuff. Consider:
Law enforcement, militaries and other kinds of public protection evolved from the primitive days where one protected oneself with rocks and sticks and swords, or didn't and died instead. As communities and societies formed, it was natural to designate some individuals who were the best qualified for the purpose to take care of defending the whole, to train and equip them as best possible and depend on them thereafter*. What's happened since then is simply more formalizing and technical advancement of the same general idea.
Then, as now, most aggressors were physical entities who were individual criminals, crime syndicates or aggressor nations (sometimes networks of allied ones) tied to a geographical area. To simplify a bit, defense could be achieved by apprehending the criminals and opposing aggressor nations with one's own military defenses.
This model that evolved from those primitive societies is only marginally effective on the Internet with its global nature and potential anonymity, often with no obvious physical entity to hunt down and fight, plus the problem of when effective defenses induce collateral damage, inflicting harm on harmless others not involved in the crimes. Problems unprecedented in human defense, such as, for one example, the question of what role registrars should have in yanking rogue domains whose offenses are unrelated to their domain registrations, rise up all the time and the answers are not often obvious or without controversy.
This means we're starting at square one again. In cyberspace we are back to the sticks and clubs and rocks again, and need to evolve a protective model that works differently. And just as those early armies and police had very little regulation beyond their own self-determination, today's seem like vigilantes. The difference is, the vigilance committees of old, at least the more lawless ones, acted in their own interests, and often even when proper law enforcement already existed. (Many were very honorable and careful in their efforts.) We don' t have the kind of enforcement system that can work and at the same time not hobble the system it is trying to protect, so we are inventing new ones which work independently. Hence the usually inappropriate tag "vigilante."
( *It is understood, of course, that those bodies soon engaged in aggression unrelated to protection; that's another matter.)
comment != thesis
Spamhaus - Bunch of *******************************************
Spamhaus took us offline for a number of weeks, they unblocked us only after we paid a large amount of money through a third party. I'm sorry but these guys are an un-regulated bunch of so and so's who frankly, seem able to take the law in to their own hands. Their amusing comments annotated over our emails published for the whole world to see. No professional, not impressed.
"we paid a large amount of money through a third party"
Think that might be your problem, Spamhaus don't charge for delisting.
Anybody who sits out on Usenet's N.A.N.A.E can guess who this Anonymous poster is. :-P
Sorry folks he's a loon.
spamhaus != SORBS
No wonder you post anonymously--it's embarrassing to be that stupid.
Smudges on the white hats
I think Steve might be a bit over the top on this one--maybe. Some things I'd like to know:
When Spamwise sends its notifications, do they include promotion of their products? It's a sad commentary that even gentle marketing can be such a sore spot, but if the emails go beyond strictly notifying about a problem, that just won't fly in today's world, particularly in this kind of situation, and are likely to generate complaints. On the other hand, a notification of a technical problem that includes nothing that could be construed as promotional, if sent to the proper party, is hard to characterize as spam, solicited or not. Nearly all legitimate mail to an abuse address is unsolicited practically by definition, being as it is reaction to a problem.
The name Spamwise is a bit misleading. Leaks of email addresses may be juicy fodder for spammers, but the fundamental problem isn't spam; it's protecting personal information.
Abuse addresses are perfectly proper places to send legitimate complaints, if such these are. The guy is interpreting 'inappropriate public behavior' too narrowly.
All that said, it seems that Steve's being a bit more hostile than the situation merits--on the surface, anyway. Of course, in an article like this, only a few high/low-lights of the exchanges are described; things might look different from the inside.
Smudges on the white hats (followup)
I just saw the update the article which arrived after my post above. Some things there aren't quite as relevant now.
I cannot understand why Rudge's system sends mail to the addresses his system finds have been leaked. I can understand the motives, but it is so obviously up to the site operators to deal with it (including notifying those whose addresses were leaked from their own systems) that I have to find with Spamhaus.
Allowing unverified parties to trigger responses also is a very strange decision, or perhaps just a poorly thought-out one.
(I could withdraw my earlier post but as a general policiy, I am disinclined to that to avoid any hint of hit-and-run posting.)
Spamhaus don't block you, they list you.
People who trust their list, block you when you are listed by them. Not the same thing, at all.
This is in fact why they are better than having and "internet police". They aren't the only ones - there is rbl, uribl, enemieslist, and a whole array of others, and each recipient can choose who to use.
Spamhaus, at the moment, are the best and most trusted. The minute they stop being good, they will lose their power.
If only we could say that about the government!
More beer now.
Beat me to the punch...
"The dispute points up the darker side of ad hoc net police."
Spamhaus has no powers except those that people on the net give them.
They have no police authority or powers except that they do assist law enforcement.
You don't like Spamhaus, you don't have to use them to filter sites. If enough people do this... Spamhaus becomes irrelevant. Only one small problem... Spamhaus does a good job. So people will continue to use them. Its that simple.
Spamwise were spamming their services
I've seen a sample of what they were sending, and it includes this gem:
"Spamwise is ... a bona-fide IT
operation, offering a professional standard of advice and services to
So basically this "awareness-raising" wasn't meant to educate people about e-mail, but rather to raise awareness of the creator's consulting business.
Also, the assertion that website-scraping leads to 90% of the spam is just laughable. How many of your relatives' e-mail addresses show up on a google search? The vast majority of people don't have a website, nor do they post to publicly-archived mailing-lists, so they cannot be easily scraped.
On the other hand, compromising someone's machine to dump their Outlook contacts, or hijacking their social media account to scrape their friends list WILL yield a large number of e-mail addresses. I could list half a dozen other great ways to generate e-mail lists off the top of my head, but that's pointless.
This guy is an idiot and got what was coming to him. Playing the victim only makes him look him worse.
isn't the first time
This isn't the first time something like this has happened.
+1 for spamhaus, who cares about spamwise.
When you cop an attitude with spamhaus your never going to win, who'd this guy think he was.
Kudos to spamhaus, I love it when they shaft those that get cocky with the man.
Well spamwise is now officially blacklisted on all servers I admin. I agree with spamhaus in that's their service is UCE. Spamhaus don't charge for delistings, I'm sure that's SORBS your thinking of (they are a bunch of cowboys btw).
No one is forcing anyone to use the spamhaus list people choose them because they trust their listing. I don't envy them having to deal with numpties that don't have a clue about running a secure server.
"this reporter failed to notice that the message was caught in a spam filter"
I had to laugh as when my mail server was abused as a relay a few years back and spamhaus blacklisted us (correctly), I applied to be delisted after fixing the hole and their response was spam filtered at my end :-S
Delayed the whole process by about a week ;)
Richard Cox? Anyone?
Very interesting and all, but do I have to take it upon myself to point out there's a barely disguised Dick Cox in the article?
I come to the comments section for juvenile puns and have been let down on this occasion. Please try harder in future.
Dick (fnarr) Cox (pfft).
How Spamhaus retain their sanity is beyond me
If I had to deal with an endless tirade of "YUO BITCHAZ Y BLOX ME WHO DU U THIKN U R U BETTA BAK OFFF RITE NOWE OR I DESTORY U NINJA STILE!!!!1!!" I think I'd go mental in short order.
Anyone who doesn't know by now that the only way to get off the Spamhaus shit-list is to...
1) Stop being a dick.
2) Explain calmly and politely why you don't think you're being a dick, with references and a "Pretty please"
...has no business calling themselves an anti-spam consultant. Like them or loathe them, Spamhaus are certainly consistent.
..but anyone who relies on Spamhaus to do their thinking for them and uses their blocklists blindly deserves what they get.
They're reactionary loons, and when they make mistakes, they don't even apologise. They justify their unaccountability and indifference on the basis of "we didn't block you" as if they fail to see the cause and effect relationship between their listings and people who have been convinced they run a good/responsible blacklist. Tiresome.
Google is your friend!
"How do spammers get your email address"
This lists 1.5 million pages. I checked the first few, and they all say that addresses are got from webpages, web directories, mailing lists, etc.
No need to take my word for it either. Someone else can check the other 1.4999 million if they like, and report back here.
Yet, all antispam-software sellers say categorically that this is bunk, that anyone saying things like this is a moron, etc, etc.. Mostly, written with a generous helping of capslock.
Hmmmphhh... Yeah. Draw your own conclusions.
Admin AND business owner
Any decision whether to deploy a blocklist should not be made just by an admin, it should be done only after consultation at top level in a business. Blocking legitimate email addresses (or IP addresses - or worse, whole blocks) can cost companies customers - or suppliers.
Anyone who's tried to get the likes of yahoo not to block their legitimate mail server (no spam), with limited email from domains with SPF records, and fully rDNS IP addresses along the chain, even on the broadband fixed static address connections, will understand what a complete pain ignorant and unnacountable admins such as yahoo have, can be.
As a business owner I'm also server admin, and I don't currently use an RBL, exactly because the blocklist owners are lords of their own domain - as am I!
Even a cowboy needs a silver star...
.. or else he ain't no lawman, no matter what.
Admin AND business owner, you are correct that blocklists are a heavy-handed tool. That said, I think Spamhaus are probably within their rights to compile blocklists and sell them. They are after all an opinion and not a defamation of the site owners.
Where Spamhaus have gone badly wrong here is in acting to have the site taken down, and the siteowner made to suffer loss as a result. That goes way beyond blacklisting, and into the realm of 'Taking the Law into one's own hands' -which is regarded as a crime in most jurisdictions.
Anyway, who are Spamhaus to judge whether another antispam outfit's actions are correct, or not? Point of fact they are probably the worst people to be allowed to judge as they are business competitors, therefore the question of anti-competitive (mal)practice enters-into this.
Spamhaus have done a lot of good for the Internet community, but if they get 'taken to the cleaners' over this, I won't shed any tears. Own goal. Stupid own goal, at that.
Perhaps what's really needed here is ACCOUNTABILITY and ACCREDITATION of any organization doing blacklisting work - and heavy fines for those who act outside of their remit. That would put a stop to the 'cowboy police' aspect.
The final decision on blocking...
...Is NOT spamhaus's (Aothough their opinion will be considered when deciding whether to accept mail or not)
It''s the admin of the mailserver who makes that call. If he finds that Spamhaus no longer suits his purposes, he'll stop using it.
This happens all the time. Jumped up sad little ignoramuses who rave on about "vigilante justice" and pretend to be journalists should perform some reality checks.
To the wannabee spammers:
Spamhaus didn't block you. I BLOCKED YOU. Sucks to be you, it's MY server and MY rules.
When YOU start paying ME to accept and handle mail then I might feel differently.
Simples - and additional whining will see that DNS blacklist entry which might easily go away turn into tens(or hundreds) of thousands of individual mailserver block entries which will _never_ be removed.
Why do you think all those tossers who try and sue blacklists go to great pains to keep the litigation secret? They KNOW what will happen if they get found out.