Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: Email

19 Jun 2005

We hate spam except, of course, when it's inconvenient to do so Email

Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT.

Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like "This is, strictly speaking, terrorism." Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no.

The SBL is a list of spammers. They list and document sources of spam, they talk to networks and hosting companies to be sure they understand why they're listed, and, most importantly, when the spam stops, the SBL unlists them. The SBL web site has extensive documentation on each listing.

In this case, the SBL listing in question is for a site called which has a long and well-documented history of spamming that has gotten them kicked off other ISPs. Spamhaus has told Yahoo that textileshop is a spammer, has documented it, and Yahoo's done nothing about it, despite having a comprehensive anti-spam policy. So the SBL did what they usually do in such cases: they added the single IP address where textileshop's web site lives to the SBL. It turns out (probably by coincidence), that it's the same server that hosts Graham's site sharing the same IP address and hence the same SBL listing.

What's telling here is Graham's reaction. Did he castigate Yahoo for failing to enforce their own policy so that he got SBL-ed due to their sloppiness? No, he blamed the SBL for inconveniencing him, even though that would have meant giving textileshop a free pass, in effect turning Graham into a human shield for any spammers sharing his server.

The biggest reason that we don't make much progress against spam is that most people don't think it's worth the effort. ISPs knowingly sell service to spammers (MCI most egregiously, according to Spamhaus) because they're not willing to forego the revenue. Tens of millions of PCs are worm-controlled zombies, because the users don't deworm them because they think it's too much trouble to fix (even when they know what's going on which they often don't), ISPs don't quarantine them from the net because it's too expensive to take the support calls, and Microsoft doesn't provide either useful worm and virus removal tools or worm- and virus-resistant versions of their software for reasons we can only speculate about. On the non-technical front, effective anti-spam laws are repeatedly derailed because they might inconvenience direct marketers.

So who are we kidding? Do we really want spam to stop? I wish I knew.

posted at: 00:53 :: permanent link to this entry :: 9 comments
Stable link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Domain Name Registration Data at the Crossroads
54 days ago

A keen grasp of the obvious
My high security debit card
521 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.