[vox-tech] smtp question - blocked ip

[Ted Deppner]

On Wed, Jan 15, 2003 at 12:25:47AM -0800, Joel Baumert wrote:
> On Tue, Jan 14, 2003 at 07:24:02PM -0800, Ted Deppner wrote:
> > their jobs if the retail store goes under...  At some point, public
> > opinion places blame collaterally.  The only question is at what point.
> 
> No... This is a matter of expectations.  When I use and RBL, I expect
> the hosts in the list to be the source of spam, not the source of spam 
> software.  They are not breaking what a reasonable assumption of the rules
> by distributing software.

That's a fine viewpoint.  I desire the collateral impact because it serves
as a deterent.

> I poked around and it looks like the suits against MAPs have been either
> settled or dismissed.  I was pleasantly surprised by this.

Yup.  I think ORBZ gave up because of the cost of defending themselves...
not because anyone won an injuction... though I'm not sure of all the
details.

> I think that "restraint of trade" is more complicated than you are making
> out and is not restricted to monopolies, but you would have to ask a 
> lawyer... It looks like people have tried to sue RBLs, but I didn't find
> anything other than temporary orders that were later lifted.  Again, I
> think that MAPs and other RBLs have the right to do what they are doing
> as long as the end customer knows what they are getting from the service.

There's really no "as long as" from a legal standpoint.  McDonalds can
sell anything on their menu they want.  An RBL can operate anyway it
wants.  The only thing left to decide is 1) does the majority of their
users agree with it, and 2) do they care?

> Yeah, but if I had a problem with UPS because they shipped something to
> me I didn't want I wouldn't be allowed to stand outside other people's 
> houses and keep them from delivering the package to my neighbors.  In 

Sure.  But that's not the RBL case.  In your example, there'd be a third
party, let's say "anti-UPS", and you'd subscribe to their service, or your
company would subscribe to their service.  The fact that you voluntarily
chose to use that service (or your company did) would mean that anti-UPS
would be effective and working.  There's nothing wrong with that.  No one
is infringing on anyone else.  Nothing illegal here.  If your neighbors
didn't subscribe to anti-UPS they wouldn't be impacted by it at all
(except possibly in the occasional collateral sense).

> effect that is what is happening in some cases where a naive user signs
> up for this blocking service and can no longer do business with a 
> company that happens to be on an ISP that happens to sell software that
> some RBL decides is spamware.  It isn't as clear cut as you are trying 
> to make it.

Sure, in the micro case it's not that simple, but in the macro case it is.
If there's a real problem, the public will respond, and intelligent
vendors will too.

Do you eat at every fast food restuarant?  I'm sure there are some you
avoid... bad food, bad parking, bad service.  Is there anything wrong with
that?  Do "bad food" places still exist?  Sure, but they're not as
effective as "good food" places.

Similarly, savvy netizens should probably want to avoid being put in a
situation where collateral damage could affect them.  How many still use
Windows and suffer the collateral damage of crashes?  Would you go back
now that you have linux?  Why would you want to be on an ISP that is spam
friendly?

I see nothing inherantly wrong with these things... it's your choice to
place your dollars at these places, and enjoy the benifits and suffer the
consequenses.

> So far :-).  I suspect more and more people are going to move to permission
> based messaging for their personal email where you have to give someone
> credentials that they need to present before you accept any correspondence.
> This is already happening with instant messagers and this will be eventually
> called email.

I too think whitelists will become ubiquitous at some point... probably
the next killer app.

> > IMHO, systems that have false positives (due to false matches like
> > spamassasin uses) are utterly useless.  RBLs, which penalize bad sites,
> > occasionally generating false positives, but which are known to come from
> > bad sites are an acceptable and thus far, necessary evil.
> 
> Works for us... For me it works so well that I though the mail server
> was down :-).  It has made things pretty tolerable and for the most
> part made my wife happy.  I may cut my home network off from at least
> Asia because I'm still getting some spam and hacking attacks from
> overseas.  Though it would be nice to keep Australia and Japan in the
> list, but it looks like they mixed in pretty good.  Currently I am 
> dropping all packets except for SMTP and HTTP for these networks:

Glad you found something that works for you.

In the end, that's really what this all is about.  If it works for you,
great, it'll gain some usage and popularity and therefore power.  If you
don't agree with how it works, you can change it or stop using it.

That goes for RBLs, pattern matchers, and even ISPs.  ;)

-- 
Ted Deppner
http://www.psyber.com/~ted/