Click the comments link on any story to see comments or add your own.
Subscribe to this blog
19 Jun 2005
Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like "This is, strictly speaking, terrorism." Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no.
The SBL is a list of spammers. They list and document sources of spam, they talk to networks and hosting companies to be sure they understand why they're listed, and, most importantly, when the spam stops, the SBL unlists them. The SBL web site has extensive documentation on each listing.
In this case, the SBL listing in question is for a site called textileshop.com which has a long and well-documented history of spamming that has gotten them kicked off other ISPs. Spamhaus has told Yahoo that textileshop is a spammer, has documented it, and Yahoo's done nothing about it, despite having a comprehensive anti-spam policy. So the SBL did what they usually do in such cases: they added the single IP address where textileshop's web site lives to the SBL. It turns out (probably by coincidence), that it's the same server that hosts Graham's site sharing the same IP address and hence the same SBL listing.
What's telling here is Graham's reaction. Did he castigate Yahoo for failing to enforce their own policy so that he got SBL-ed due to their sloppiness? No, he blamed the SBL for inconveniencing him, even though that would have meant giving textileshop a free pass, in effect turning Graham into a human shield for any spammers sharing his server.
The biggest reason that we don't make much progress against spam is that most people don't think it's worth the effort. ISPs knowingly sell service to spammers (MCI most egregiously, according to Spamhaus) because they're not willing to forego the revenue. Tens of millions of PCs are worm-controlled zombies, because the users don't deworm them because they think it's too much trouble to fix (even when they know what's going on which they often don't), ISPs don't quarantine them from the net because it's too expensive to take the support calls, and Microsoft doesn't provide either useful worm and virus removal tools or worm- and virus-resistant versions of their software for reasons we can only speculate about. On the non-technical front, effective anti-spam laws are repeatedly derailed because they might inconvenience direct marketers.
So who are we kidding? Do we really want spam to stop? I wish I knew.
My other sites
© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.