[Gllug] Re: www.spews.org - spamming blacklist

Tue Jun 3 00:16:07 UTC 2003

On Tue, 2003-06-03 at 00:03, David Damerell wrote:
> On , 2 Jun 2003, Mike Brodbelt wrote:
> >On Mon, 2003-06-02 at 22:57, David Damerell wrote:
> >>On , 2 Jun 2003, Mike Brodbelt wrote:
> >>>Yep, that's spews. Nice reasoned, rational response. Find a spammer,
> >>>then proceed to completely screw over a whole load of totally innocent
> >>>people just because they happen to have the same ISP.
> >>This response is both reasoned (perhaps not reasonable) and rational.
> >>This _really_ motivates the ISP to do something about the spammer.
> >It's an unacceptable level of collateral damage.
> 
> Unacceptable to you, maybe. Not to them.

Fine - they should keep it to themselves then. I filter my own spam too,
according to my arbitrary criteria. Unlike SPEWS, I don't try to force
my viewpoint of what should be filtered onto others.

>  And, to be honest,
> remembering the great days of spammer haven ISPs, before the spammers
> had to exploit open relays or crack machines as a matter of
> course... hmmm. Sometimes it _is_ the only solution. SPEWS is badly
> run, but the underlying idea is a sound one.

SpamAssassin demonstrates quite well that netblock lookups are an
unnecessary blunt instrument. Content based filtering and Bayesian
analysis can remove spam more effectively, and under the user's control.
The only case I see for SPEWS and its like is as a rule in a scoring
system, where the actual block/don't block decision is left to the end
user.

> However, you're also perpetrating a basic untruth about this sort of
> operation. SPEWS do not block anyone's mail.

While strictly true, I think that's a flawed argument. They know full
well the impact they have, and thus they, as well as the systems
operators who implement the blocks, carry responsibility for the
results.

> The only reason they can
> have an effect is that a significant number of systems _agree_ with

Phrasing it like that avoids the basic truth that in 99% of cases where
SPEWS is used a sysadmin just inflicts this on the users without their
knowledge or consent.

> them that their identification of tainted netblocks is reasonable, and
> _those systems_ - not SPEWS - block people's mail.

Unfortunately, many of the users of those systems don't know what SPEWS
is, and don't get any choice in the matter. If SPEWS was an end user
tool, where each user could make their own mind up, fine. It isn't
though - a sysadmin somewhere makes the choice for those users, and
their only way of complaining about the choice (assuming they ever find
out why their mail doesn't work properly) is to find another ISP.

> >>But there's no point saying there's not a clearly thought out
> >>rationale behind this approach; in general, it weakens any valid
> >>arguments you may have if you present invalid ones at the same time.
> >Point taken. I should have said "they have a reasoned argument in the
> >limited sense of being thought out, but they have failed to apply
> >proportional judgement in considering the consequences of their actions,
> >and somehow consider the damage they cause to the network to be more
> >morally acceptable than the damage caused by spammers, despite it being
> >far more severe for those unfortunates caught in the firing line."
> 
> What you're saying here is essentially "they are wrong because they do
> not agree with me".

I don't give a damn whether or not they agree with me - they're entitled
to their opinion, and it carries neither more nor less weight than my
own. What I object to is them electing themselves at the email police
force, making up the law as they go along, and then ramming it down the
throats of people who want nothing to do with them.

> >but to *improve* the quality of the network for other users. It's the
> >same attitude evinced by the home office to justify legislative
> >excesses.
> 
> Please, spare us the bogus analogy. Next you'll be spouting "for the
> sake of the children".

That point is *precisely* the opposite of what I was saying. Random
sysadmins are spouting "for the sake of the users" as they break
people's mail.

If I want to remove all spam from my machine, I can just unplug it from
the network. Most people would think that's overkill, but it's my
choice. If, however, I choose to wander round unplugging machines at
random to save other people from spam, I'd expect to get into trouble
for damaging people's systems. SPEWS does almost exactly this, but
digitally as opposed to physically. That some of the people they unplug
may agree with them and some not is entirely irrelevant - it doesn't
give them the right to do it.

Mike.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug