Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
Home :: Email
19 Jun 2005
Paul Graham is a smart guy who popularized naive Bayesian spam filtering
in 2002 with A Plan for Spam
and has organized a series of informal spam
conferences at MIT.
Earlier this month he was shocked and horrified to discover that his web
site, hosted at Yahoo where he used to work, had appeared on the widely used
Spamhaus blacklist, and he wrote
a portentous web
page about it, called The Destiny of Blacklists with quotes like
"This is, strictly speaking, terrorism."
Nobody, including Spamhaus, thinks that Graham is a spammer.
Does this mean that Spamhaus has gone rogue?
The SBL is a list of spammers.
They list and document sources of spam, they talk to networks and hosting
companies to be sure they understand why they're listed, and, most importantly,
when the spam stops, the SBL unlists them.
The SBL web site has extensive documentation on each listing.
In this case,
the SBL listing in question is for a site called textileshop.com which has a long and
well-documented history of spamming that has gotten them kicked off other
Spamhaus has told Yahoo that textileshop is a spammer, has documented it,
and Yahoo's done nothing about it, despite having
So the SBL did what they usually do in such cases: they added the single
IP address where textileshop's web site lives to the SBL.
It turns out (probably by coincidence), that it's the same server that hosts
Graham's site sharing the same IP address and hence the same SBL listing.
What's telling here is Graham's reaction.
Did he castigate Yahoo for failing to enforce their own policy so that
he got SBL-ed due to their sloppiness?
No, he blamed the SBL for inconveniencing him, even though that would
have meant giving textileshop a free pass, in effect turning Graham into
a human shield for any spammers sharing his server.
The biggest reason that we don't make much progress against spam is
that most people don't think it's worth the effort.
ISPs knowingly sell service to spammers (MCI most
egregiously, according to Spamhaus) because they're not willing to
forego the revenue. Tens of millions of PCs are worm-controlled
zombies, because the users don't deworm them because they think it's
too much trouble to fix (even when they know what's going on which
they often don't), ISPs don't quarantine them from the net because
it's too expensive to take the support calls, and Microsoft doesn't
provide either useful worm and virus removal tools or worm- and
virus-resistant versions of their software for reasons we can only
speculate about. On the non-technical front, effective anti-spam laws
are repeatedly derailed because they might inconvenience direct marketers.
So who are we kidding? Do we really want spam to stop? I wish I knew.
posted at: 00:53 :: permanent link to this entry ::
comments... (Jump to the end to add your own comment)
As I understand it...
The IP address that was listed wasn't textileshop.com. It was the IP address of store.yahoo.com (which is used to handle credit card purchases from textile shop.com, amongst other places). Despite textileshop.com moving around they continue to use Yahoo Stores for shopping cart, billing, that sort of thing.
So the SBL listing is for the Yahoo Stores server that is commonly used by spammers (and non-spammers).
So... why is Paul Grahams website at the same IP address as the Yahoo ecommerce portal?
Well, Paul Graham wrote the original code for Yahoo Stores, a long time ago, sold it to Yahoo and presumably still has a close relationship with them. That makes his coincedentally being hosted at the same address less of a coincedence and more of an intentional choice. That also explains why he's unlikely to acknowledge that Yahoo is at any fault here.
(by Steve Atkins
19 Jun 2005 13:29)
Well written piece, John.
This situation is what you get when you add the normal, understandable reaction of "I'm not a spammer, why am I getting blocked" to a huge amount of hubris and short sightedness.
(by Suresh Ramasubramanian
19 Jun 2005 14:44)
Making the effort
To be more specific: in many instances the perceived payback for making the effort to stop spam isn't worth the cost involved in the effort. Spammers get away with what they do very often because they are so adept at spreading the cost they impose on others thin enough that it is not economically feasible to stop them. They benefit because they aggregate the output of their efforts, right into their own pockets.
Applying a bit of circular logic to the Spamhaus - Graham affair might bring one to the conclusion that the way to aggregate the costs imposed by spam -- that is, make the cost of not fixing the problem high enough to justify the cost of fixing it -- is via use of the Spamhaus list and others like it.
(by WD Baseley
19 Jun 2005 15:06)
Paul Graham's Circular Reasoning
While it may not be strictly evident from this one article of his, Paul Graham's motivation for promoting Naive Bayesian spam filters is not borne of an unselfish desire to stop spam. He promotes end-user filters as a "better alternative" to DNSBL's which he views as crude tools administered by "vigilantes". This is his opinion from page one, which he treats as a given.
Spamhaus' behavior, legitimate though it may be, simply fits with Paul's notion of DNSBLs as "blacklists", and their refusal to delist "his" IP address, as evidence of a personal vendetta against him for not towing Spamhaus' line (Talk about hubris!).
Paul Graham has no interest in stopping spam. Naive Baysian filters are completely ineffective in that regard. The only thing such filters do is hide the problem from the end-users who employ them.
In fact, it's hard to find ANYONE who is involved in writing spam-filters who has a good grasp of the issues. There's a great deal of selfishness in terms of not caring about spam besides keeping it out of one's own inbox. Alas, this mode of thinking extends to ISPs as well. Protecting one's own users against spam is a marketable item. Actually being proactive about terminating spamming customers, sand-boxing infected PC's, and interacting with other providers to PREVENT spam, is seen as a total non-starter, because you can't market it to the consumer and make a buck.
(by Brian McNett
19 Jun 2005 18:28)
DNS RBL == Abuse
There are other anti-spam tactics, more or less efficient. DNS RBL sometimes work, but... I've seen too much abuse cases to believe a RBL is working fine today (nor in the future).
I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range.
Should I blame my ISP or the people that bans me without authority?
20 Jun 2005 06:08)
Quoting JuanJo: " There are other anti-spam tactics, more or less efficient. DNS RBL sometimes work, but... I've seen too much abuse cases to believe a RBL is working fine today (nor in the future)."
You are painting with a very broad brush. That is your choice, however your generalization is provably incorrect.
More JuanJo: "I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range.
Should I blame my ISP or the people that bans me without authority?"
Dynamic IP addresses that send non-spam mail are rare. I think many postmasters (myself included) feel they can be whitelisted where needed. If you were inconvenienced by being blocked, then contact your correspondents beforehand (to be whitelisted) or get a static address.
As for whom to blame, instead I suggest you view it as the result of your using an unusual configuration. Like it or not, sending mail from an ISP's dynamically allocated space is unusual. I'm sure you have your reason(s). It's just a cost of doing business that way.
(by Karl Barth
20 Jun 2005 11:10)
Yes, we do want spam to stop.
> So who are we kidding? Do we really want spam to stop? I
> wish I knew.
Everyone wants spam to stop, including Mr. Graham. The problem is there are too many solutions and too little cooperation. The advocates of each method want everything done their way, and will not compromise on even the most frivolous of incompatibilites.
Those who are in a position to "referee" the competition (the IETF and the FTC) have abdicated their responsibility. We need a Benevolent Dictator to provide a neutral standard or platform within which all methods can operate.
The BD will have to listen to the tortured screams of the method advocates, and distingish between "hate it" and "can't live with it". The method advocates will hate the compromise, but they will quickly make the necessary adjustments to deploy their method. There will be no "lock-in". Any method that shows the dire consequences predicted by its competitors,will be quickly replaced.
Spam will stop, at least for those who care, when we can know the identity and reputation of the sender of any email wanting our attention.
(by David MacQuigg
20 Jun 2005 14:50)
Mail from dynamic IPs is dead...
"I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range."
You've also been blocked simply because you're on a dynamic IP. I don't accept connections from dynamic IPs (along with a whole bunch of other sources) simply because I can't afford the bandwidth charges from handling spam from botnets any further than "HELO" "GOODBY".
If some Benevolent Dictator bans DULs, I'll have to maintain them myself. Maybe do a reverse lookup and ban anything with an address that looks like a dialup, or look up half a dozen IPs in the same subnet and see if they match a pattern. Won't that be an improvement?
(by Peter da Silva
20 Jun 2005 16:39)
I have written a tool that addresses this very issue. It uses no real time blacklists and administrators have absolute control of how it behaves. Please visit http://tanaya.net/DynaStop/ for more information.
(by Matthias Darin
21 Nov 2006 18:33)
Add your comment...
Note: all comments require an email address to send a confirmation
to verify that it was posted by a person and not a spambot.
The comment won't be visible until you click the link in the
Unless you check the box below, which almost nobody does, your email
won't be displayed, and I won't use it for other purposes.
My other sites
Who is this guy?
Airline ticket info
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
A keen grasp of the obvious
My high security debit card
306 days ago
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse