Don't spam!There are better waysto get rich quick:
by Lawrence Lessig
[email protected] |
|
There will be a day when folks will need to pay to transit email. (Paul Vixie, 1998)
The little MAPS charity is likely a front; for Vixie's de-facto enforcement arm is his employer, Metromedia Fiber Network (NASDAQ: MFNX), their AboveNet Internet subsidiary, and their "neutral" PAIX exchange.
what is this site about?On July 13, 2000, NetSide Corporation's SMTP server mailhost.netside.net [205.159.140.2] was included on big brother's MAPS RSS blackhole list for being an "open relay". NetSide had the honor of being blackholed by Vixie's pal Dave Rand himself, the big cheese at Metromedia/AboveNet, prominent spam trapper, and hobbyist owner of bungi.com Needless to say that the single offending spam message which got our mail server blacklisted was easily traceable to a customer of Corecomm, a Chicago-based ISP. Their nose is clean, and we got bloodied... Even the most vocal anti-spam fighter must admit that some injustice was done here. This was NOT our customer spamming, yet we fell victims to a system rigged to ruthlessly punish ALL innocent users of an ISP for someone else's client misdeed. So, instead of sheepishly giving into being bullied, we decided that some documented research into the extortionate vigilante practices of MAPS was in order. Like, who is really behind this, and why?
whois vix.com?
who are the players?Follow the hidden trail. A paragraph extracted from the MAPS RSS FAQ at http://maps.vix.com/rss/faq.html reveals:
Isn't performing an open relay check network abuse? No; not in our opinion, and not in the opinion of our internet service provider.
First, MAPS RSS has already received evidence of an unsolicited email advertisement
from the relay; second, we clearly describe our intent in the exchange with the other
machine; third, we send a message back to MAPS RSS, not to an unwilling third party.
Finally, a relay test uses less than 2k of the server's space for an average of 30
seconds or less; this is less than one tenth of one percent of what the average spam
run uses when it exploits open relays. The first one was Verio, now owned by NTT (Nippon Telegraph and Telephone Corp), which provided Internet connectivity and routed the sendmail blackhole checks for maps.vix.com and mail-abuse.org (both are configured on the same ip 204.152.184.74). Sometime after the Japanese connection was exposed on our pages, the Verio NTT route mysteriously disappeared. You may read the full story by clicking HERE.
all routes lead to MetromediaVerio connected the former M.I.B.H. (mibh.net), one of Vixie's companies. M.I.B.H. was a "network outsourcing provider offering full-service management of business Internet connectivity solutions". Connectivity indeed! Like MAPS is one of their connectivity solutions... to break your connectivity! Someone pointed out the actual meaning of M.I.B.H. was "Men In Black Hats". Probably inspired by THIS photo (http://home.pacbell.net/nicnic/mib.jpg). Someone else explained it as "Men In Black Helicopters": 'www.mibh.net used to have a picture of a silhouetted helicopter, but it was removed several months ago.' The latter is probably the correct meaning. On Jan 19, 2000, M.I.B.H., Inc. was sold to Metromedia Fiber Network, Inc. for $51 million in cash and MFNX stock, as outlined in their press release. Vixie, the former M.I.B.H. president,became a lot richer that day, and was named Senior Vice President for Network Services for Metromedia Fiber Network and Chief Technology Officer for PAIX, a subsidiary of Metromedia. PAIX (Palo Alto Internet Exchange) was created in 1996 by Digital Equipment Corporation, who was bought out by Compaq in 1998 for $9.6 billion, who sold PAIX in June 1999 to AboveNet Communications, Inc. for approx $75 million, who merged with Metromedia in Sep 1999 in a stock swap deal. Dizzy? It gets better. Vixie is one of the "founding architects of PAIX", which takes pride in being "the first neutral commercial Internet Exchange". In Aug 1998, after Compaq bought DEC, a new PAIX technical advisory board headed by Vixie was formed. At that time, Vixie vowed to uphold the PAIX policies of "neutrality toward all carriers and customers". On the other hand, neutral Paul's MAPS organization was busy blackholing even those that were neutral to spammers (quote extracted from http://maps.vix.com/rbl/rationale.html):
Perhaps we should add: or the parts of the Internet they are now controlling. In March of 2001, Daddy Warbucks Metromedia appointed Paul Vixie president of PAIX by reasons of his 'impressive background and proven track record', and because he, 'Paul was a driving force behind the creation of the Internet'. Uh oh, wasn't that Al Gore? Neutrality among big brothers, biased against y'all! And AboveNet is the fiercest of them all... "Neutral" PAIX and parent Metromedia/ABOVE.NET are the other ISP that gave the blessing, and now route and blackhole traffic for Vixie's MAPS. After all, M.I.B.H. was bought out by Metromedia. Only the don't call it mibh.net anymore: Vixie just changed hats and renamed his transit ips to something.unnwo.net, which stands for United Nations New World Order.
AboveNet's parent Metromedia is quietly beefing up their shock troops with a retired general at the helm to build a "cyber crime unit, which will further enhance MFN's Information Security Program". As outlined in THIS press release, Daniel Doherty, the former Commanding General of the U.S. Army's Criminal Investigation Command, will "implement and enforce an international security policy consistent with MFN's strategic plans". Enforcing plans like AboveNet strategically disrupting international communications to eliminate competition, as detailed HERE? Is that the New World Order? And while they purposely disrupt the communications of other providers, Metromedia's CTO Paul Vixie confidently issues guarantees of 100% ip network availability to their AboveNet co-located customers.
Vixie's hammer: Dave RandThere exists in San Jose, California, a tiny network called bungi.com, which is operated by one Dave Rand, private citizen:
Now it makes sense: this little altruist network is in fact a clever spam trap! Dave Rand was a co-founder of AboveNet, which he sold just in time, before the dotcom stock bubble collapsed. Dave Rand is a very heavy executive indeed: he was just appointed Executive Vice President of Metromedia Fiber Network. And he made a bundle from insider trades, by exercising and unloading his MFNX stock options. His buddy Paul Vixie became Chief Technology Officer, and will continue their "aggresive momentum". Aggresive indeed: why would such corporate heavyweights monkey around with little charities that blacklist other providers' ips? As Vixie states in THIS Dec 1997 interview, Dave Rand from AboveNet was his first ever subscriber. Rand is a member of the MAPS board of directors, and his MAPS-published bio even indicates that he co-founded the RBL with Vixie (http://maps.vix.com/about-us.htm). It probably occurred to them soon enough that there is a lot of money to be made here.
Vixie's chisel: Chip RosenthalVixie was the catalyst in uniting various fighters to further his objectives. Their original anti-relay campaign, now MAPS TSI (Transport Security Initiative) is based on work by Chip Rosenthal at his little Texas company, Unicom Systems Development. While Chip admits that "In the past mail relay was a useful tool" (http://maps.vix.com/tsi/ar-what.html), he now actively campaigns against it, because he really wants to put his two cents into shaping your future. He authored utilities to test a mail server for open relay, and put these tools into the public domain (rlytest and blq). As indicated on http://maps.vix.com/tsi/ar-test.html, they even offered a relay testing service, but had to stop it because of complaints from systems administrators and (of course) because of abuse by the very spammers they were trying to stop. So why is Chip so bent against other ISPs that have open relays and is giving y'all these wonderful tools to annoy other systems administrators? Because Chip also has a job with Laser Link Communications, which was acquired by Covad Communications. In Chip's own words "This is a business that LaserLink started. We help organizations set up ISPs." In other words, they compete with existing ISPs who don't need to buy any of their services, and may throw in a monkey wrench into other people's works when nobody's watching and grease their own skids. Here's what Chip was working on (extracted from his published resume):
Aha! Is it possible that Chip needed to first compromise existing mail relays out there, which were perfectly capable to support a distributed services platform, to create a market for his new product? After all, users could connect to their open relay SMTP servers from all over the world just fine, before MAPS started to apply the pressure. On THIS page about "Mechanisms and Experiences Securing Mail Relay", Chip presents the Laser Link implementation that combines open source and proprietary software solutions and is, of course, not free. An ISP must become their customer. They admit that POP-before-SMTP Authorization, a clumsy form of authentication, was hated by their users, "particularly those using MS Outlook". So let's see, why do we need to buy Laser Link's software, when mail relay (according to Vixie and Chip and the other vigilantes) is a "little used" feature? It turns out this feature is used a lot by a majority of legitimate users in distributed networks, and spammers are a paltry minority. As Paul Vixie confessed in a Q&A article on sendmail.net, "The TSI succeeded more because it was an advertising forum for cooperative transport vendors than because it offered recipes on how to secure existing transports. The RSS actually blocks more spam, for most users, than the RBL." Why, of course it does Paul, because the RSS blackhole knocks out the SMTP server for an entire network, not only an individual spammer's address. You knowingly punish all innocent users of an ISP with your scud missile for a deed performed by someone else's client! There is no question that Vixie knew the kind of havock he could inflict upon other providers' network connectivity from the very beginning. In THIS 1997 NANOG thread, he himself likens the collateral damage resulting from his BGP router blackholing method to the firebombing of Dresden!
what is an open relay?According to Paul Vixie, an ISP must "secure" their SMTP server by refusing to relay any message that does not originate from the ISP's local network. They do perform a relay test to check if an ISP's mail server is configured in their prescribed way. One strike, and you're blacklisted until you cave in to pressure! The Vixie-prescribed configuration basically assumes that all SMTP traffic that is not specifically allowed is denied. NetSide, an old-fashioned ISP in business since 1995, takes a different position: all SMTP traffic that is not specifically denied is allowed. This is how sendmail has always been configured, and we don't need a lesson from Vixie Enterprises or giant telcos turned ISPs on new ways to "secure" our mail server against our own users! A relay SMTP server is explained in RFC 2821 as a server that "may accept or reject the mail in the same way it accepts or rejects mail from a local user. If it accepts the task, it then becomes an SMTP client, establishes a transmission channel to the next SMTP server specified in the DNS ... and sends it the mail. If it declines to relay mail to a particular address for policy reasons, a 550 response SHOULD be returned". We define an open SMTP relay as a server that accepts and relays absolutely and unconditionally ALL messages, regardless from where they originate. But we don't relay quite everything, and we do fight spam in our own way! Historically, sendmail up to version 8.9.x was configured by default to relay mail from everyone. That's how it was originally developed and first Copyrighted in 1983 by the Regents of the University of California for use on Unix based servers. A version of sendmail comes included with the Sun Solaris operating system we use on our sparc servers. Over the years, NetSide has developed in-house a list of denied ips (/etc/mail/DeniedIP). Our ip list currently blocks over 250,000 individual ips and ip ranges that were used to transmit spam. With very few and for good cause exceptions, NetSide doesn't block any major ISPs' SMTP servers, just dial-in ips frequently used by spammers, and also blocks spam domains (known spam sites). Unfortunately, we cannot make this list available to the public for legal considerations, but it can be viewed by any NetSide user that has an account here and knows Unix shell commands. In all fairness, we should at least mention that NetSide now blocks all ips in Vixie's NETBLK-MIBH-2BLK and NETBLK-USW-COLORHOUSEINC from relaying any SMTP messages through our servers, and for good cause. These very ips were used in the relay test, aparently with the blessing of upstream providers and MAPS supporters Verio NTT and US West (a Baby Bell recently acquired by Qwest). They do advocate that we should not allow relaying, so we obliged, at least as far as their address space on our server is concerned... There is strong evidence that Paul Vixie pressured Sendmail, Inc. into modifying their source code and default setup to suit his purposes. Predictably, few would have paid attention to Vixie's blackhole lists, were it not for the vix.com references in new revisions of the software. As published in a Q&A article on sendmail.net, the original author of sendmail, Eric Allman, recalls:
So why were people annoyed by the changes? First, because some systems administrators are not quite so technically competent as their job demands. Most take the default settings that the software comes configured with, and don't know how to make source code changes (sendmail is notoriously difficult to configure). Second, because these changes broke things, i.e., roaming customers couldn't use their email accounts. Third, some may have realized that, by implementing the changes, they gave up control over their own mail servers to Vixie. The guy that wants to bring upon you the New World Order.
why is there a need for an open relay?An ISP with customers all over the world doesn't necessarily know from where a user may connect. Restricting SMTP server access to the local network of an ISP will restrict customers from using a dial-in Internet connection they may have elsewhere (i.e., at work, while traveling, or simply for those customers that live elsewhere and have an account with a non-local ISP). For example, NetSide had a few users living in Singapore who opened accounts because they could avoid their country's censorship. Wasn't it in Singapore where they still beat folks over the bare buttocks with rattan canes as punishment for petty crimes? We had a Cuban American father open an account for his son who was still living in communist Cuba, so that they could communicate freely and reliably by email. And how about the AOL "Bring Your Own Access" deal where you can use your own ISP for the dial-in connection and also have an AOL account for a reduced fee of $9.95/month? Isn't that relaying? For commercial clients, relay restrictions would prevent those that have domains hosted from using the ISP's email services, unless they can dial-in locally for their connection. This can only fatten those few giant ISPs and telcos that already have a wide dial-in coverage, because they can push their own "total solution" package and eliminate the competition. Guess what happens when they win? For the government, relay restrictions would make it so much easier to control and monitor your private communications (no need to explain, you get the picture). Although the government should be quick to realize that concentrating the power to control Internet communications in the hands of a group of organized extremists is a matter of national security and can have dire consequences (say someone at Vixie Enterprises decides to list any of the .MIL ip address space, or even 198.137.241.40 [whc.eop.gov, the MX of record for whitehouse.gov] as a blackholed ip). You think that is unlikely to happen? The mighty Vixie gang even threatened to blackhole the domain registrar Network Solutions! Government concerns about terrorism, as outlined in THIS Reuters report, do address the protection of computer networks:
Clinton's national coordinator for the counter-terrorism effort, Richard Clarke, said there was a threat of "information warfare" in which a rogue nation, terrorist group, or criminal cartel could perform a "systematic national intrusion" into computer systems, with effects comparable to the strategic bombing of infrastructure during the World War II.
"What we're concerned about is in the future, nations will have that same capability to destroy each other's infrastructure, not by bombs, but by cyber attack," Clarke told reporters.
Guess what? We already have such an infiltrated cartel, with the demonstrated power to disrupt any connected network's US and foreign electronic communications at will. THIS is not a drill! Even worse, let's not forget that the 'F' Internet root server (F.ROOT-SERVERS.NET, formerly NS.NIC.DDN.MIL) is also under civilian Vixie's control:
And finally for you: why give up a privilege that has always been part of the Internet communication structure? For the want to punish a few die-hard spammers, you will give up your own freedom to communicate at will...
what is Vixie's stake?Did you think that Paul Vixie, the "outspoken advocate for responsible Internet citizenship", rigged sendmail simply because he loves you? Hell no! The "crusader against spam and the abuse of online communications" furthers his hidden agenda as a board member of Whitehat.com, Inc, a de-facto spam mill (only they call it an "opt-in certified email program" if you give them permission to send it). The quotes were extracted from his biography published by Whitehat at http://www.whitehat.com/board.cfm#vixie_bio . The "enforcer of responsible and ethical business practice relevant to online commerce and communications" in fact modeled his MAPS enterprise after the Microsoft predatory monopoly principles, to eliminate competition, by blackmailing other companies into submission. And as a board member of a legalized spam outfit, which "enables direct email marketers [aka spammers] to engage in ethical targeted e-marketing [aka spam]", he now likely profits handsomely from his scheming. A wolf in sheep's clothing? You may draw your own conclusions... Perhaps we should remind Paul Vixie what he himself warned us about in THIS 1997 interview:
We are worried and victimized by it. In an article published in dmnews.com, Michael Rathbun, Director of Operations at MAPS, spills the beans:
In this new world, competitive advantage will belong to the advertiser that discovers new ways of becoming an invited and welcome guest in the inbox, rather than an unwanted intruder. Direct marketing is big business indeed. They are well organized, came with plenty of beads to bribe the hostile natives, and now have the competitive advantage (MAPS) on their side, so they will get their cut somehow from your little naive online business. As Vixie explains, "the revenue source that spammers want to tap into is advertisers. And advertising, if done well, is expensive". And they can't let a bunch of freeloaders dilute their advertising revenue stream, right? Thus, one of the reasons for MAPS subscribers who blindly block traffic according to Vixie's prescriptions may just be a convenient way to screen out their rogue competition. If you think advertising revenue is not a hot issue, just follow the business news, for the dramatic effect the dotcom advertising slowdown had on falling stock prices in the third quarter of 2000. This argument is validated by a glimpse of things yet to come from Vixie's evangelist Nick Nicholas, who recently got a whiff of the big money and left his post as MAPS Executive Director to establish his own little charity - APEX (Alliance for the Preservation of E-mail eXchange):
Using the Basic Mailing List Management Principles for Preventing Abuse (http://mail-abuse.org/rbl/manage.html) as a starting point, APEX will be drafting standards for the distribution of bulk e-mail, a set of Intermediate and Advanced Principles, if you will. APEX will then audit and certify compliance with these standards. Companies passing the audit and certification process may use the APEX "seal of approval" on their web site. APEX will also investigate complaints regarding the e-mail practices of the companies it certifies, and may withdraw permission to use the seal if its investigations show that a company is no longer complying with standards. In addition to the certification program, education will be a significant component of APEX activities. Mainstream companies will be targeted in the hope that they can be prevented from sliding into "mainsleaze" companies. If they choose not to take advantage of the "carrot" APEX offers, there will always be the "stick" courtesy of MAPS.
In a Feb 1998 NANOG (North American Network Operator's Group) meeting, Vixie had your future already planned:
The day has come! For now, your ISP needs to pay the piper. Vixie's new service, the RBL+ master blackhole list, charges as follows (http://maps.vix.com/rbl+/):
In query mode, the cost is US$1,500 per year for sites with up to 1,000 users; each additional 500 users will be priced at US$750 per year. Transfer mode, in which you transfer a copy of the DNS zone to your local nameserver, is US$1,250 per year per nameserver, plus US$50 per 1,000 users. Educational institutions, non-profits, and members of selected ISP trade associatons may (at our sole discretion) be eligible for discounts; please contact us with a proposal. So Vixie has a hand in the spam market. So he found a way to corner the market with his rules for "legal" spam. So his evangelist is tightening the rope. That in itself would not hurt other ISPs, just competing bulk emailers and advertisers. Let them become the next generation of Spamfords, for all we care. But when "neutral" Paul started implementing the United Nations New World Order agenda by using embedded sendmail source code, BGP routing, BIND DNS, Verio NTT and giant Metromedia's AboveNet and PAIX subsidiaries to squeeze other providers by disrupting their traffic, that's when we got involved.
is blackholing legal?The following arrogant paragraphs were extracted from http://maps.vix.com/rbl/rationale.html
You can bet that the community will be hearing from us if we ever need a legal defense fund. Given that the number of spam victims numbers in the tens of millions, we suspect that the spammers don't want to sue us because of the popularity of our cause. And by the way, Paul, many of your blackholed victims want to sue you, but few have half a million dollars laying around to throw at a law suit in federal court... As a first step, we complained to the Federal Trade Commission, Bureau of Competition, asking them to investigate USC Title 15 violations in this matter. A courtesy cc email to [email protected] bounced because the fool is using the MAPS RBL+ combined list to block us and his other hapless victims. Blocking on vix.com is his right, it's his own server and his own list. Here's why MAPS cannot blacklist an ISP, then turn around and sell the service of blocking the provider's traffic to other competing ISPs (Sec. 3 of the Clayton Antitrust Act, 15 USC Sec. 14):
It shall be unlawful for any person engaged in commerce, in the course of such commerce, to lease or make a sale or contract for sale of goods, wares, merchandise, machinery, supplies, or other commodities, whether patented or unpatented, for use, consumption, or resale within the United States or any Territory thereof or the District of Columbia or any insular possession or other place under the jurisdiction of the United States, or fix a price charged therefor, or discount from, or rebate upon, such price, on the condition, agreement, or understanding that the lessee or purchaser thereof shall not use or deal in the goods, wares, merchandise, machinery, supplies, or other commodities of a competitor or competitors of the lessor or seller, where the effect of such lease, sale, or contract for sale or such condition, agreement, or understanding may be to substantially lessen competition or tend to create a monopoly in any line of commerce. By blocking other unaffiliated providers' communications for whatever arbitrary rules they made up, the very existence of MAPS et al violates the spirit of Sec. 2 of the Sherman Antitrust Act, when considered as 'Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize any part of the trade or commerce among the several States, or with foreign nations' (15 USC Sec. 2). We then researched California laws in force at Vixie's place of business, and found the following paragraphs of interest in the Business and Professions Code, Section 17538.45 (a):
(5)(d) An electronic mail service provider shall not be required to create a policy prohibiting or restricting the use of its equipment for the initiation or delivery of unsolicited electronic mail advertisements. (5)(e) Nothing in this section shall be construed to limit or restrict the rights of an electronic mail service provider under Section 230(c)(1) of Title 47 of the United States Code, or any decision of an electronic mail service provider to permit or to restrict access to or use of its system, or any exercise of its editorial function.
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. According to this, an "open relay" server of a mail service provider is therefore perfectly legal, and the provider's rights are protected under the law! MAPS RSS and the RBL+ combined lists treat the content publisher (spammer) and the provider (relay) the same. It can further be argued that the MAPS blackhole lists are a form of organized denial of service (DoS) attack on all providers listed, regardless of where they are located, in violation of the amended Section 502 of the California Penal Code:
There is also a supporting paragraph in USC Title 18, Sec 1030 (Fraud and related activity in connection with computers):
(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; Note that our approach doesn't defend the actual spammer. Hey, fight spammers 'til you drop! We fight them too. But Vixie crossed the line when he spiked sendmail to refer to his own network and MAPS started to viciously attack the network connectivity and the innocent customers' rights of American providers. On this issue, we'll stand our ground!
the MAPS defenseThere were 5 law suits filed against MAPS to date (Yesmail, Harris, Black Ice, Exactis, and Media3). Invariably, the MAPS legal justification in their press releases was that:
(http://maps.vix.com/pressreleases/2000-08-08.html)
"We fully expect to prevail on the merits, and on the
basis that the First Amendment grants us a right to
publish our opinion, just like Consumer Reports, or a
restaurant reviewer. Can you imagine McDonald's suing
a restaurant reviewer for saying that their hamburgers
could be better?" Are MAPS' business practices the same as Consumer Reports, or a restaurant critic? No way! The latter provide a public service by evaluating and comparing a product of a company (this hamburger would taste better grilled than fried), or a service (the waiters are nicer). MAPS on the other hand are imposing their own product standards on a company (you cannot serve chicken nuggets), prescribe their own rules of service (you cannot use the restroom unless you're a customer), and are maliciously interfering with the perfectly legal business of a company (here's a list of restaurants you need to boycott until they go vegetarian - save the chickens!). You may think this is an absurd example, but that's exactly what they are doing (i.e., there are a lot of very outspoken animal rights activists out there that think you shouldn't hunt, eat meat, wear fur, etc., but they don't go around blacklisting restaurants simply because they serve meat). Fortunately for hamburger lovers, vigilantes don't make the laws. So what about the First Amendment free speech MAPS wants protected? This is not about MAPS publishing their opinions about the practices of an online business, but rather about hit lists of blackholed ips, which cause "intentional loss of connectivity" and carry a "risk of damage to parties who are listed". MAPS lists are NOT openly published, but a closely guarded secret:
(http://maps.vix.com/rbl/usage.html) Why is that? Consumer Reports makes their findings public. A restaurant reviewer does too. Without a need for the consumer to indemnify the creator of the speech! Perhaps they are afraid that a close examination of blackholed victims on their hit lists may reveal a pattern? We hereby issue a challenge to Vixie and his followers to let the public know exactly with whom they cannot communicate freely. Besides, whatever contract between MAPS and their customers exists is quite illegal in the US. According to Sec. 1 of the Sherman Antitrust Act, 'Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations, is declared to be illegal.' (15 USC Sec. 1). According to USC Title 18, Section 1030, the following form of speech is not protected by the First Amendment and constitutes an offense:
(7) with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer;
(e) As used in this section We consider ip blacklisting as damaging the interstate and foreign connectivity to the Internet of a connected host or computer network, and an attempt to extort a provider's compliance with arbitrary rules and sanctions imposed by MAPS. More specifically in our case, extortion through a must abide MAPS prescription for configuring an email server as to what traffic we should not carry, and the associated threat of blacklisting for not complying with their rules. For NetSide, the right to serve non-local customers is a thing of value. While we did lose both individual users and commercial clients with domains hosted because of the MAPS blockade, we would lose even more if we gave in to Vixie's demands. In a letter published in dmnews.com, Michael D. Scott, Esq. observes that MAPS is ripe for a class-action suit from consumers:
Arrogantly, MAPS considers itself a law enforcement agency on the Internet. As published on their web site, Michael Rathbun, MAPS Director of Customer Operations, offers us the following piece of brilliant reasoning (http://maps.vix.com/rbl/candidacy.html):
Make sure you tell this to the judge, officer!
so what's your solution?NetSide hereby proposes that the central MAPS blackhole lists be dissolved, the references to vix.com be stricken from the sendmail source code, and that each ISP be solely responsible for implementing their own spam control lists or no restrictions at all if they or their customers so desire. Any ISP that entrusts a third-party big brother with the power to regulate electronic communications is outright lame! Or corrupt. It becomes increasingly clear that what the extortionate vigilantes and their followers are really after is to somehow squeeze others into paying them for the privilege to send email. Some of Vixie's peers since the early days instinctively opposed centralized control and foresaw some of the problems we face today (as well as those yet to come), as documented HERE. Paul Vixie himself boasted in 1998 of technically being a censor. A comprehensive analysis of Unsolicited Bulk Email: Mechanisms for Control was prepared in 1998 by the Internet Mail Consortium. Solutions other than blackholing do exist. The freedom of each ISP to control their own mail server must be respected. No one can dictate whose traffic an ISP may not carry as a condition for Internet connectivity. Just like paid account providers have to live with and accept the competition of free Internet access, email accounts and web sites provided by others, and cannot regulate which clients those going-for-broke providers may serve, so should Vixie's followers respect our freedom to serve whomever we please on our own mail servers. They may continue to fight spam by targeting the actual spammer, rather than blackholing an entire network for a single relayed spam complaint from a crony, like they did in our case. In fact, what is the difference between a provider that has an "open relay" and a free email account provider? None! Absolutely none. Any idiot can open a free email account with false information and spam away, or use it as a dropbox, until caught (which usually takes several weeks or even months worth of complaints). Then the spammer simply opens up another one, under a different false identity, and continues spamming. Sounds familiar? Yet the MAPS vigilantes do not block those venture capital financed free-for-all servers, no matter how annoying it gets. Each ISP should also truly become responsible for handling their own spammers. We do boot all spammers immediately, do you? Apparently not, as we see the same spammer from the same source week after week before action is finally taken. Plenty of examples are available. Spam wouldn't be such a widespread problem if all ISPs would act promptly in disconnecting offenders and treat other ISPs' complaints with professional courtesy. Eventually, all professional spammers would run out of providers that are willing to take them on as clients. What to do about "throw-away" accounts opened by spammers? Most customers open a new account with a valid credit card and address information, so they are traceable. If such information given is fake, then the ISP could simply pose as a client, request details, then go after the beneficiary of the advertised product or service in the spam. Professional spammers know that credit card fraud is a felony. Can an ISP always trace the relaying spammer's ip? Sure, sendmail keeps a log of each SMTP connection attempt (/var/log/syslog), which include those from banned ips and spam domains. Thus an ISP could extract this information and notify the spammer's ISP if there is persistent heavy pounding on the SMTP port from a particular ip address. Offending multiple connections also show within a netstat report.
the bottom lineConcentrating the de-facto power to regulate Internet communications in the hands of a single private organization without government mandate will invariably lead to a predatory monopoly and the abuse of such power. Do you know what their next "rule" to strike you may be? Have you heard of RICO? Predictably, the control freaks have begun a fierce fight among themselves. Read the following paragraph found on http://maps.vix.com/rss/submit.html
Our mail server is listed on ORBS. (No, it was never an open relay, and no, this isn't the first time we've been listed on ORBS "manual entries" list.) If you'd like to make submissions to RSS, then we'd recommend that you don't use ORBS. We can't accept submissions from folks we can't reply to. Your use of ORBS would make that an issue. At least, there are some providers down there that had a bit more common sense than Verio: BC Tel bumped ORBS off its network after the vigilantes blacklisted MIT. Although ORBS has in principle the same goals as MAPS RSS (blocking other people's open relay servers), the evidence we saw so far indicates that Metromedia's AboveNet is the 800 lbs gorilla. If they can do THIS to a supposedly friendly spam fighter, and even blackmail a domain registrar with impunity, can you imagine what they can do if they come after YOU?
are there others who dissent?Yes. Although NetSide doesn't necessarily endorse all ideas expressed on these sites, we suggest the following links for further research:
For published news and information about blackholed companies, visit the BLACKHOLED! page. For a discussion of unacceptable collateral damage inflicted by email blocking, visit the Blackholed in a State of Emergency page.
disclaimerNothing that was published here should be taken as supportive toward the sending of Unsolicited Bulk Email (UBE). NetSide Corporation does not support spam or spammers in any form, and actively fights email abuse by reporting UBE to the spammer's upstream provider in each incident. We do disconnect users that send UBE from our system, and do not provide safe harbor to web sites that promote through spam. We don't complain about email filtering in principle, and believe each ISP should be free to set their own in-house email policy. We strongly warn the public that the creation of a central blackhole list controlled by some self-appointed big brother entity is vulnerable to abuse of monopoly power over world-wide electronic communications. NetSide believes this to be a good cause to fight for, and we urge everyone, including federal regulators if that's what it takes, to get involved before it's too late.
updateOn February 27, 2001, NetSide Corporation's SMTP server mailhost.netside.net [205.159.140.2] was mysteriously removed from the MAPS RSS blackhole list. Vixie et al's blockade lasted seven and a half months (since July 13, 2000)! Nothing has changed in our server's configuration, nor were we contacted or otherwise notified by anyone whatsoever. Nevertheless, this site will remain active for reasons of firm beliefs in the ideas expressed therein. You may be the next one on the list...
second updateOn May 10, 2001 someone from mail-abuse.org started poking at our main server's SMTP port:
Suddenly and without warning, MAPS blackholed us again! Uh oh, you may think something grave might of happened? Nah, read their capricious 'reasons' HERE. In a nutshell, now we're being accused of blocking MAPS from testing our server! Just who gave them the right to test and police the net for anything? This issue may best be settled on legal grounds in federal court, but we simply don't have the kind of money it takes to initiate legal action. Although NetSide may be a small fry compared to the ultimate trophy these people yearn to grab for themselves, at least we had the courage to stand up and expose the problem to the world, while much larger and wealthier organizations caved in to pressure. How about you? While you may ignore our fight for our company's survival today, you may discover too late that you have lost many of your basic rights to freely communicate at will tomorrow. To Big Brother's New World Order. Only it's not science-fiction anymore, it's happening right now!
and should not be considered legal advice. This page is fully compatible with text-only browsers such as lynx. Copyright © 1995-2001 NetSide Corporation - All rights reserved
|