Internet and e-mail policy and practice
including Notes on Internet E-mail


2005
Months
Jun

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email


19 Jun 2005

We hate spam except, of course, when it's inconvenient to do so Email

Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT.

Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like "This is, strictly speaking, terrorism." Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no.

The SBL is a list of spammers. They list and document sources of spam, they talk to networks and hosting companies to be sure they understand why they're listed, and, most importantly, when the spam stops, the SBL unlists them. The SBL web site has extensive documentation on each listing.

In this case, the SBL listing in question is for a site called textileshop.com which has a long and well-documented history of spamming that has gotten them kicked off other ISPs. Spamhaus has told Yahoo that textileshop is a spammer, has documented it, and Yahoo's done nothing about it, despite having a comprehensive anti-spam policy. So the SBL did what they usually do in such cases: they added the single IP address where textileshop's web site lives to the SBL. It turns out (probably by coincidence), that it's the same server that hosts Graham's site sharing the same IP address and hence the same SBL listing.

What's telling here is Graham's reaction. Did he castigate Yahoo for failing to enforce their own policy so that he got SBL-ed due to their sloppiness? No, he blamed the SBL for inconveniencing him, even though that would have meant giving textileshop a free pass, in effect turning Graham into a human shield for any spammers sharing his server.

The biggest reason that we don't make much progress against spam is that most people don't think it's worth the effort. ISPs knowingly sell service to spammers (MCI most egregiously, according to Spamhaus) because they're not willing to forego the revenue. Tens of millions of PCs are worm-controlled zombies, because the users don't deworm them because they think it's too much trouble to fix (even when they know what's going on which they often don't), ISPs don't quarantine them from the net because it's too expensive to take the support calls, and Microsoft doesn't provide either useful worm and virus removal tools or worm- and virus-resistant versions of their software for reasons we can only speculate about. On the non-technical front, effective anti-spam laws are repeatedly derailed because they might inconvenience direct marketers.

So who are we kidding? Do we really want spam to stop? I wish I knew.


posted at: 00:53 :: permanent link to this entry :: 9 comments
posted at: 00:53 :: permanent link to this entry :: 9 comments

comments...        (Jump to the end to add your own comment)

Well, actually...
As I understand it...

The IP address that was listed wasn't textileshop.com. It was the IP address of store.yahoo.com (which is used to handle credit card purchases from textile shop.com, amongst other places). Despite textileshop.com moving around they continue to use Yahoo Stores for shopping cart, billing, that sort of thing.

So the SBL listing is for the Yahoo Stores server that is commonly used by spammers (and non-spammers).

So... why is Paul Grahams website at the same IP address as the Yahoo ecommerce portal?

Well, Paul Graham wrote the original code for Yahoo Stores, a long time ago, sold it to Yahoo and presumably still has a close relationship with them. That makes his coincedentally being hosted at the same address less of a coincedence and more of an intentional choice. That also explains why he's unlikely to acknowledge that Yahoo is at any fault here.

(by Steve Atkins 19 Jun 2005 13:29)



Well written piece, John.

This situation is what you get when you add the normal, understandable reaction of "I'm not a spammer, why am I getting blocked" to a huge amount of hubris and short sightedness.

(by Suresh Ramasubramanian 19 Jun 2005 14:44)


Making the effort
To be more specific: in many instances the perceived payback for making the effort to stop spam isn't worth the cost involved in the effort. Spammers get away with what they do very often because they are so adept at spreading the cost they impose on others thin enough that it is not economically feasible to stop them. They benefit because they aggregate the output of their efforts, right into their own pockets.

Applying a bit of circular logic to the Spamhaus - Graham affair might bring one to the conclusion that the way to aggregate the costs imposed by spam -- that is, make the cost of not fixing the problem high enough to justify the cost of fixing it -- is via use of the Spamhaus list and others like it.

(by WD Baseley 19 Jun 2005 15:06)


Paul Graham's Circular Reasoning
While it may not be strictly evident from this one article of his, Paul Graham's motivation for promoting Naive Bayesian spam filters is not borne of an unselfish desire to stop spam. He promotes end-user filters as a "better alternative" to DNSBL's which he views as crude tools administered by "vigilantes". This is his opinion from page one, which he treats as a given.

Spamhaus' behavior, legitimate though it may be, simply fits with Paul's notion of DNSBLs as "blacklists", and their refusal to delist "his" IP address, as evidence of a personal vendetta against him for not towing Spamhaus' line (Talk about hubris!).

Paul Graham has no interest in stopping spam. Naive Baysian filters are completely ineffective in that regard. The only thing such filters do is hide the problem from the end-users who employ them.

In fact, it's hard to find ANYONE who is involved in writing spam-filters who has a good grasp of the issues. There's a great deal of selfishness in terms of not caring about spam besides keeping it out of one's own inbox. Alas, this mode of thinking extends to ISPs as well. Protecting one's own users against spam is a marketable item. Actually being proactive about terminating spamming customers, sand-boxing infected PC's, and interacting with other providers to PREVENT spam, is seen as a total non-starter, because you can't market it to the consumer and make a buck.

(by Brian McNett 19 Jun 2005 18:28)


DNS RBL == Abuse
There are other anti-spam tactics, more or less efficient. DNS RBL sometimes work, but... I've seen too much abuse cases to believe a RBL is working fine today (nor in the future).

I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range.

Should I blame my ISP or the people that bans me without authority?

(by Juanjo 20 Jun 2005 06:08)



Quoting JuanJo: " There are other anti-spam tactics, more or less efficient. DNS RBL sometimes work, but... I've seen too much abuse cases to believe a RBL is working fine today (nor in the future)."

You are painting with a very broad brush. That is your choice, however your generalization is provably incorrect.

More JuanJo: "I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range. Should I blame my ISP or the people that bans me without authority?"

Dynamic IP addresses that send non-spam mail are rare. I think many postmasters (myself included) feel they can be whitelisted where needed. If you were inconvenienced by being blocked, then contact your correspondents beforehand (to be whitelisted) or get a static address.

As for whom to blame, instead I suggest you view it as the result of your using an unusual configuration. Like it or not, sending mail from an ISP's dynamically allocated space is unusual. I'm sure you have your reason(s). It's just a cost of doing business that way.

(by Karl Barth 20 Jun 2005 11:10)


Yes, we do want spam to stop.
> So who are we kidding? Do we really want spam to stop? I > wish I knew.

Everyone wants spam to stop, including Mr. Graham. The problem is there are too many solutions and too little cooperation. The advocates of each method want everything done their way, and will not compromise on even the most frivolous of incompatibilites. Those who are in a position to "referee" the competition (the IETF and the FTC) have abdicated their responsibility. We need a Benevolent Dictator to provide a neutral standard or platform within which all methods can operate.

The BD will have to listen to the tortured screams of the method advocates, and distingish between "hate it" and "can't live with it". The method advocates will hate the compromise, but they will quickly make the necessary adjustments to deploy their method. There will be no "lock-in". Any method that shows the dire consequences predicted by its competitors,will be quickly replaced.

Spam will stop, at least for those who care, when we can know the identity and reputation of the sender of any email wanting our attention.

(by David MacQuigg 20 Jun 2005 14:50)


Mail from dynamic IPs is dead...
"I've been blocked because my dynamic IP due the blocker says my ISP allows sending spam from this IP range. Guess what... I don't send spam, nor the most people banned on this range."

You've also been blocked simply because you're on a dynamic IP. I don't accept connections from dynamic IPs (along with a whole bunch of other sources) simply because I can't afford the bandwidth charges from handling spam from botnets any further than "HELO" "GOODBY".

If some Benevolent Dictator bans DULs, I'll have to maintain them myself. Maybe do a reverse lookup and ban anything with an address that looks like a dialup, or look up half a dozen IPs in the same subnet and see if they match a pattern. Won't that be an improvement?

(by Peter da Silva 20 Jun 2005 16:39)



Hello,

I have written a tool that addresses this very issue. It uses no real time blacklists and administrators have absolute control of how it behaves. Please visit http://tanaya.net/DynaStop/ for more information.

(by Matthias Darin 21 Nov 2006 18:33)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
New!

A keen grasp of the obvious
My high security debit card
306 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.