Spam Blackhole List Sued, Injunction Ordered
from the ah,-this-again dept
We’ve discussed multiple times in the past how some anti-spam blackhole lists seem to go too far in blacklisting sites without providing any recourse, leading to plenty of false positives — however, does that mean they should be sued? We’ve seen spammers sue anti-spammers in the past, including the case in Texas where some spammers tried to pretend that because they complied with CAN SPAM it was illegal to block their spam, but the latest lawsuit is interesting, because the person in question (whether he can be called a spammer is apparently an open question) has convinced a judge to issue a temporary restraining order barring the blackhole list from including his IP. This seems pretty questionable. A blackhole list is just that: it’s a list. What individuals or ISPs choose to do with that list is really up to them. It shouldn’t be blamed on the list if people filter out those emails. We may complain that these blackhole lists do a poor job of responding to false positives, but really the problem is with those who rely too much on those lists, rather than the lists themselves. If the lists are doing a bad job, and blocking too many legit sites, than that news will get out, and the list will lose its usefulness.
Comments on “Spam Blackhole List Sued, Injunction Ordered”
No Subject Given
What individuals or ISPs choose to do with that list is really up to them. It shouldn’t be blamed on the list if people filter out those emails.
This might possibly be called slander, depending on how the black hole list portrays itself and how it defines who is and isn’t on the list.
If the lists are doing a bad job, and blocking too many legit sites, than that news will get out, and the list will lose its usefulness.
Very true. Especially in an open and non-monopolistic market where people can choose one product or service over another for its effectiveness and accuracy.
Re: No Subject Given
Unfortunately this is a theoretical argument that doesn’t have a lot of meaning in the real world. Given asymmetry of information in the market place; it takes time for RBLs with bad practices to get weeded out; by which time a lot of damage can be done.it is well known that many RBLs have shoddy practices around how they qualify and vet a complaint.there should be recourse to litigate and make sure RBLs clean up their act.your argument is as specious as saying Goodyear killed a bunch of people with their crappy tires but it’s ok since over time people will switch to michelin and we’ll be ok. we all know that the market can’t take care of everything efficiently.
Re: No Subject Given
IANAL, but I don’t think you can slander an IP address.
Re: Slander!?
It’s only slander to a clueless judge. Check out how the lists portray themselves. Every list I’ve seen is quite clear about this.
Furthermore, lists are purely opt-in. Anyone using the list is aware of the risk of false positives. Anyone filtering has a right to filter on any basis he likes. Suing the list is like suing Microsoft or Apple or IBM for creating mail clients that allow filtering: it’s incredibly stupid. The only (big!) difference is that Microsoft or Apple or IBM have more than enough resources to make sure the judge understands how stupid it is, while the blacklists don’t. So they make easy targets for litigious senders of bulk e-mail.
No Subject Given
Blaming companies or people that use the lists instead of the people and companies that make that bad lists is misdirection (bullsh*t). The guilty party is the list maker not the list user. Put the blame where it belongs, on the people that make the bad lists, not the people that trust those people to make the lists.
What you are suggesting is that faulty products are the fault of the consumer not the maker. Yes, that is the idea meme that the makers want spread out there, but it is total and utter bull.
Re: No Subject Given
I have seen how these blacklists work. Our firm simply sent out confirmation emails from our server to people that filled out a form online and then our corporate email gets dumped in Yahoo, AOL and Google. That is plain wrong. We never remarketed the list, just sent them a thank you email. How many of us have also gotten email that mistakenly got dumped into our spam filter. When someone figures out the right way to authenticate, they’re going to be google rich. But the list makers playing God and damaging one’s abiltity to do business need to be held accountable.
Re: Re: No Subject Given
I set up an exchange server for a small non-profit orginization which worked for years wothout many issues.
To keep costs down they used a cable company modem so their ip was considered dynamic allthough it had not changed in years.
They were blacklisted. I had to change to a static ip from a dsl provider at 5 times the cost with 1/4 proformance.
Re: Re: Re: No Subject Given
I agree. I also work for a non-for-profit organization, one of the black listing services black listed the entire Class-C from a cable provider of which we had 5 total IPs. It took SEVERAL weeks to even find any recourse and then several more for the cable comapny to work with the blacklisting service to release the 5 IPs we use for legitimate corporate e-mail.
Re: Re: No Subject Given
I wasn’t aware the Yahoo, AOL or Google used RBLs. Do you have a URL that states this is true?
Re: No Subject Given
Blaming companies or people that use the lists instead of the people and companies that make that bad lists is misdirection (bullsh*t). The guilty party is the list maker not the list user. Put the blame where it belongs, on the people that make the bad lists, not the people that trust those people to make the lists.
So it’s illegal to make lists?
What you are suggesting is that faulty products are the fault of the consumer not the maker. Yes, that is the idea meme that the makers want spread out there, but it is total and utter bull.
No. That’s not what I’m suggesting at all. I’m saying that the ISPs are *misusing* the lists.
If the consumer *misuses* the product, then how is it the maker’s fault?
Re: Re: No Subject Given
Eventually bad lists may die if list users stop using them. But that’s little comfort to somebody inappropriately blocked by a list right now, with no recourse. Such a person/organisation can’t reasonably be expected to explain to every single user of a list that their inclusion is unfair; it is the list owner who has included them unfairly, and it can only practically be the list owner who can fix things.
Of course all that hangs on the nature of unfair inclusion. It’s hardly unreasonable not to take people saying that they are not spammers completely at face value. But it is unreasonable either to ignore them, or to assume that the list owner has the monopoly on accurate information. If the person who thinks they have been unfairly treated wants an independent view, that’s perfectly understandable. Ideally that wouldn’t involve the courts – but it’s not clear that there is a real alternative.
Re: Re: "Misusing" the list
“So it’s illegal to make lists?
Well done, Mike. You have just given us the perfect example of a straw man argument.
“If the consumer *misuses* the product, then how is it the maker’s fault?”
If the consumer is using the list the way it’s inteded to be used, how is the consumer “misusing” the list?
Products that cause injury when used as intended are defective. That’s plain-old products-liability law, nothing new about that.
Re: Re: Re: Ah the joys of mass mailing.
Only use it for legislators, and people affilliated with the media.
Re: Re: Re: Re:
If the consumer is using the list the way it’s inteded to be used, how is the consumer “misusing” the list?
Using the list to completely block out mail, rather than simply flag it is a misuse. The lists are intended to alert you to potential spam. ISPs that simply reject blackhole emails are misusing the list — assuming that they’re perfectly accurate when they’re not. Flagging is better than outright rejection.
Either way, the lawsuit argument is ridiculous. No one has the right to email you. The end user has the right to decide whether or not they want to use a filter or not, and by choosing their ISPs that use filters, they’re saying they want that — and that they’re willing to accept the occassional missed legitimate email.
Re: Re: Re:2 Re:
While it’s harder to get off the spamhaus lists it’s also harder to get on them. Spamcop tends to be a lot more trigger happy about adding.
Re: Re: Re:2 Re:
>Using the list to completely block out mail, rather than simply flag it is a misuse. The lists are
>intended to alert you to potential spam. ISPs that simply reject blackhole emails are misusing
>the list — assuming that they’re perfectly accurate when they’re not. Flagging is better
>than outright rejection.
No, flagging is NOT better. In fact it is far worse. Flagging leaves the mail in the receiver’s
spam file, unseen, while a legitimate sender thinks it was delivered.
Rejecting the mail causes legitimate mailers to bounce it back to the legitimate senders, so they
can know it didn’t get delivered.
Rejecting is far less harmful to legitimate senders
than flagging.
Re: Re: Misuse of Product
I belive that most of these Black Lists advertise themselves as lists of known Spammers or ISPs that allow spamming, and the instructions are to ban all sites listed. I don’t think you can make a case that someone is misusing a product, when they are just using it as advertised and instructed. Liability misuse is only pertenent when you use a product in a way not intended by the manufacturer. This is not the case with someone blocking URLs on a purchased Blacklist
Re: Re: No Subject Given
“No. That’s not what I’m suggesting at all. I’m saying that the ISPs are *misusing* the lists.
If the consumer *misuses* the product, then how is it the maker’s fault?”
more bull. How is the user misusing the lists? The lists are incorrectly labeling someone as a spammer. Someone that takes the list at its word is “misusing ” the list? Come on. You are just shifting the blame from the list maker to the list user.
The list maker is responsible for justifying his list. If it is a fake list then he should be held accountable. Just like any other product that is fake or broken or inaccurate.
Why defend these people, mike? They are clearly hurting innocent websites and are not helping in any way the fight against spam.
Re: Re: Re: No Subject Given
I’m not defending them. If you’ve read my past statement against many of the list makers, you’d see that I have serious problems with them.
However, as I’ve made very clear, I don’t think just because they create a bad list they deserve to be sued.
My point about “misuse” is two-fold. First, the lists should be used for flagging, not blocking. Second, it’s the ISPs responsibility to know about the lists they’re using.
I could easily createa blackhole list that has every IP address on it. Should I be sued? Well, no one would ever use such an RBL because it would suck. The problem is that ISPs are believing these RBLs are accurate when they’re not.
Re: No Subject Given
The real problem is the spammers. The worst (and the majority?) have few discernible priniciples or ethics. They care little for individuals who do not want their inbox cluttered with email that is not interesting nor desired.
Put the blame where it belongs
Yes… on the spammers!
Re: Re: Couple questions?
So is it wrong to create a list that stops people from contacting to you? So are you saying I cannot compile a list of IPs, sites, etc that I don’t want contacting me or risk being sued?
Re: Re: No Subject Given
To paraphase Justice Frankfurter, I may not be able to define spam but I sure as hell know it when I see it. I think most folks can.
Spammers Eat Excrement
All spammers should be intercoursed repeatedly with prejudice.
spam black list
what crap. According to them an ip is a spammer. Good for the judge and I hope the ISP who use these lists get hit as well.
Ya wanna play step up to the plate. If you get hit by a ball then don’t piss off the pitcher. Don’t go hide behind your mommy’s skirt.
Re: spam black list
Hey Twaddles, my server = my rules. You don’t know much about life yet apparently.
Spam
I think anyone should be able to create a list of sites to block if they so desire. They list creator might not even have a reason why they think the sites should be blocked. As another pointed out, it is up to those who use the list to verify the quality of the entries.
However, could it be slanderous/libleous to call a site a “Spam” site? Such an accusation could be damaging to the business potential of a site.
No Subject Given
Spammers suing anti-spammers is simply ludicrous. I mean, think about it. The sharpened focal point these days, however, should be email accessed by mobile phones. Live software may be the future; mobile access is key though. Google’s acquisition of Android is an evidence. Any enterprise that can take grip of this enormous, ripe market will be able to garner substantial profit. The emergence of cell phone jammers, however, pose more questions than many care to answer. For details, check out ????????????.
Blackhole Lists
I hope that the lawsuit against the anonymous black hole lists brings about some sort of change in the system. Like just about any other community project, it started out with, and may still have, noble motives. But with no real control on the system it has gotten out of hand. Just read the posts from NANAE and you will see that the current system is broken.
What should replace it? Not sure, obviously it will mean more work or more money spent to achieve similar results, but the system borders on net vigilanteism right now, so something should be done.
Re: Blackhole Lists
the people on NANAE by and large do not run black hole lists. Most of us are quietly in the background.
Re: Blackhole Lists
I screamed, “COCKY DOODY!” when I saw the latest spam in my emailbox.
Spammers should be punished harshly
Spammers do not realize the damage that they can cause. As an admin of a Hospital, I see queues delaying mail up to 3 hours. Some of those messages in the queue are needed to save lives. If someone were to die due to the spam influx, should a spammer be accussed of murder? Now ask yourself this question as a spammer, if it was your new born daughter, whould you do this?
Re: Spammers should be punished harshly
If your hospital is relying on email for life and death information, then I think they have a communication problem more important than spammers.
There is face to face and telephone communication to ensure that people get life or death information.
There are some things that shouldn’t be left into the void that is email. And if a hospital cannot understand that, then they shouldn’t blame the spammers, they should blame themselves.
My doctors call me. My hospital hand carries important test results. One of the finest hospitals in NYC and indeed the USA.
Re: Spammers should be punished harshly
Um, email is a store and forward system. There are no delivery time guarentees. Use Instant Messaging for stuff that needs real time delivery.
block this
i wanna know who that jerk is so i can make sure he’s blacklisted on my puter. tis better to blacklist a thousand innocents than to let 1 spammer thru.
We had someone spam us then threaten to sue
I work for a small non-profit. We got sent spammed from a “newsletter” that no one signed up to receive. I requested removal which didn’t happen, so I reported this IP and domain to SPAMCOP, the California State Attorney General, and CC’d the spammer. He went ballistic and threatened litegation. I told him if that’s what it took to get removed from his list, then sue away. All was quiet for about 4 months, then it started all over again. More threats of litegation on SPAMCOP and the non-profit. I told him I think discovery for this case would be interesting. I’d love to see this guy’s server logs and database audit trails proving we opt-ed in as per California’s Anti-SPAM laws. He removed us again and so far it’s been quiet.
This is the first time I’ve heard someone convince a judge the blocklist needed to be TRO’d. SPAMCOP’s IP addresses drop off after 48 hours if not further SPAM is detected. I hear SPAMHAUS isn’t so fair about getting people off their list.
Re: Spamming so bad, calling someone a spammer wrongly
Some of these lists are run by cowards who like to be “powerful.” They often put blocks of IPS on the list because of 1-2 incidents where a hosting provider or ISP didn’t shut down their definition of a spammer, often nothing compared to the real offenders. And some of them have NO CONTACT info, just a loyal following of partially informed IT geeks looking to block real spam.
Sort of like saying “I saw Joe buying an adult movie, he must be a sex offender and so is everyone in his town because the cops didn’t arrest him for it.” Except they then just add thousands of homes to what people thought was a list of sex offenders and soon a town can’t get jobs etc. Because their home address comes up on a sex offender list.
It is digital slandar in some cases, because there are no standards for why someone is on a list. And no way to get removed.
I think like domain names, ICANN needs to take the role of hosting any lists of bad IPs etc. Not anonymouse groups of geeks well meaning or power hungery that make up standards as they go.
Sue the list holder, and tell them clearly what is legal and not legal. That may be another solution.
Re: Re: Spamming so bad, calling someone a spammer wro
Well, here’s the thing. If the lists are so bad, why do ISPs use them? If they were really that bad, then you’d expect they would get so many complaints that ISPs would abandon using them.
So, yes, while we, PERSONALLY, have had problems with a few of these lists, who have even wrongfully put our IP address on the list, I find suing the list makers to be problematic.
No Subject Given
The people who maintian these black hole lists are the most irresponsible and ignorant people on the web. I hope they one tries to sue me for slander for that statement so I can prove it in a court of law. They punish many for the crimes of a few and then refuse to listen to reason. I’ve been there (punished for spam from a complete stranger in my IP block).
Go F yourselfs blackhole list morons. I hope to see you on the street one day. Sea Man Out!
spam
If the lists are doing a bad job, and blocking too many legit sites, than that news will get out, and the list will lose its usefulness.
That “supply and demand” analogy doesnt really fit spam blacklists, though. Even though you might be inconvenienced by getting “sorb’d,” are you really going to go to all the effort of switching ISP’s for one or two sites? And even if you wanted to switch providers, odds are there isnt going to be much competition for you to switch to (if any). Where i am, Charter is the only game in town.
And if you pester your ISP to pester SORBS, theyll just ignore you. They could care less that 1% of their users cant access a couple sites. For them, its not worth the risk of accidentally unleashing more spam.
SORBS (et al) is an instance of well-meaning individuals just royally fucking things up… and then refusing to try and rectify the problem.
Re: spam
Agreed
After several weeks of trying to make SORBS understand the static IP address provided for us by BT are NOT dynamic (and BT insist they have asked for it to be delisted many times), I am at the end of my tether and contemplating a virtual Jihad againt these “people” (although I am not convinced they aren’t some sort of AI gone mad!).
Even though Friends Reunited is a top 10 internet brand and a company actively known for its non-spam policy, we are still being made to suffer for the bullishness of these anti-spammers.
If you can’t put the resources into the customer service side of the fight against spam (and believe me I hate it as much as the next email admin person) then you should not get involved because the negative impact of false positives is costing a lot of companies a lot of money, to say nothing of my grey hairs!
I appreciate the effort guys but you need to be more professional when you mess with people’s messaging systems…
No Subject Given
Seems like this article really ticked of a bunch spammers here.
Try This List, Mike
Mike wrote:
However, as I’ve made very clear, I don’t think just because they create a bad list they deserve to be sued.
So, Mike, if your name somehow ended up on the Megan’s Law list of sex offenders, you wouldn’t think the list maker deserved to be sued?
I don’t have any problem with spammer lists. However, like any provider of a product, they are responsible for the quality of that product (even if they don’t charge for it). If their product does harm to an innocent party, they certainly should be held liable.
As for ISPs misusing the list, I’ve heard of plenty of people and companies getting sued and losing for somebody misusing a product. Why do you think an opaque cardboard sun shade has the warning “Do not drive with sun shade in your windshield”?
Re: Try This List, Mike
the fact remains that Mr Scoville IS a spammer (someone who sends UCE/UBE), DOES harass anti-spammers(see link below and his website), and hosts a website which arguably falls under the auspices of good samaritan blocking under 47USC230.
47USC230:
(2) Civil liability. No provider or user of an interactive computer service shall be held liable on account of–
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).
Evidence of spam:
http://groups.google.com/group/news.admin.net-abuse.sightings/search?q=freespeechstore&start=0&
Now you have to ask
1. is the blocking in good faith?
2. is the person breaking the standard set in (A)?
These are really the same question, if 2 is true 1 must be, if either is false both must fail. Lets argue the law and not how we feel about blacklisting.
Re: Re: Try This List, Mike
Here is a question for you. Was this list blocking a range of IP’s or just 1 IP? Seems kind of an abuse of resources to block an entire range rather than just taking it up with the IP that is in question.
Re: Try This List, Mike
So, Mike, if your name somehow ended up on the Megan’s Law list of sex offenders, you wouldn’t think the list maker deserved to be sued?
Whoa, talk about making the argument ridiculous. The sex offender list is a specific list with clear qualifications to get on it (be a convicted sex offender). Spam IP lists are nothing of the sort. Because spam is still very much in the eye of the beholder… er… receiver, it’s perfectly reasonable to come up with all sorts of different lists without opening yourself up to lawsuits.
overly enthusiastic unresponsive blacklists
The assertion that the list maker isn’t responsible for someone’s being blacklisted because they just make a list hanging out in space is quite hypocritical. The entire purpose of such lists is to blacklist people. Perhaps such lists are useful as recipes for apple pie, but I think they’re used to blacklist people.
What exactly would be the point of a blacklist if the users of the list have to check everybody on the list?
SORBS
We use SBLXBL at the University I work for. SBL’s are not perfect and it really is quite easy to get one’s server on one or more SBL. It is also quite easy to get your server’s off of a SBL, except when it comes to SORBS. Now I personally do not care if we stay on SORBS SBL forever, but some of my users do. We train medical personel, do research, and provide many critical resourses to the local community, state and the world, and some of those institution use SORBS. Why the hell would anyone use that SBL? SORBS is run by extortionists. Some of those unstitutions that use SORBS have real A-HOLES in their IT departments and make one jump through hoops to get them to White List your domain.
I don’t care that SORBS has us listed, I do care that they will not communicate with you unless you pay them. F SORBS!
Re: SORBS
I have been on the SORBS DUHL list. They added a huge block of IP’s from our ISP saying they were dynamic when in fact they were all static. Our ISP finally gave up as SORBS kept relisting the same block. Even Microsoft is using SORBS. We are a Microsoft Partner and could not even get white listed by them. It took me 18 days to finally get our IP on the exclusion list. I wonder how long that will last. My corporation would gladly join a class-action lawsuit against SORBS.
Re: SORBS
We used SORBS as well for a while. But it quickly became appearant that they blocked multiple dutch ISP-mailservers. When a custommer of us complained about mail not arriving, I started investigating and found out that SORBS was giving a lot of false positives. We removed SORBS (and found similar experiences with SORBS on several newsgroups/forums) and since then we haven’t had false positives.
I keep monitoring the mailserver in order to quickly detect when a blocklist is generating false positives. We block mail using 4 blocklists which we found (After research) to be reliable. I think all ISP’s should monitor the blocklists they use. This simply because it are non-profit systems that block IP’s that are in their opinion spam/exploit/virus-sources.
Blocklists aren’t holy, they are maintained by humans. Every human has an opinion, and a blocklist reflects it’s creator’s opinion. Blocklists are usefull tools for reducing spam (and thus our bandwidth and other resources which aren’t for free).
I feel a blocklist should not be sued for listing someone that in their opinion is a abusive host. Minor note about most blacklists I’ve come across: They all note they are not responsible for false positives, and if one disagrees, should not use the list.
The most famous “Do not use” list is BLARS. That’s the only list our IP-range is on, because it was listed in a /16 netblock way before we got our own /24 netblock (in the range of the /16 block). BLARS never replied to a request, and BLARS asks a fee that is not financially acceptable for the small company I work for.
Just my 2 cents!
SORBS is rotten to the core
I have some IP’s also added to SORBS DUHL list. They claim that the IPs are dynamic and have no rDNS. THis is obviously not true since I can go to dnsstuff.com and verify everything is true. SORBs is using faulty scanning to arbitrarily add people to their list. Then you can never get off. I have been trying for 1 month now. I will join a class-action against them.
DON’T USE SORBS
Anything that stops the cr*p ending up in my inbox is welcome.
Keep it up!
Spin from spammers!
Keep in mind that several of the comments here are from spammers trying to spin this, and their PR flunkies. Astroturfers, they are. When folks report listing errors like the ones mentioned here, when they provide enough info to determine the the details of what IPs were listed where for what, it’s clear that the victims generally are not victims at all, but perpetrators. The claims about the SORBS DUHL, for example, are bogus. As for responsiveness, I’ve contacted SORBS a couple times (not about erroneous listings), and they have always responded promptly.
Spam Lists
Most spam blackhole lists have been very responsive, and answer emails quite promptly in my experience. The only blackhole list I’ve had problem with was SpamHaus from England. I received several emails from some person named John claiming to be the owner threatening me with bodily harm if I took actions against his company. After forwarding the email including full headers and mail server logs to the appropriate authorities my server was removed promptly from their list. Apparently I wound up on their list due to an arguement I had with this so called SpamHaus owner in a chat room on IRC.
As to the people that say the government should control these blacklists. Is our court system fair? Innocent until proven guilty yet you get taken to jail and stay there until proven innocent. Even if you are innocent our government will do everything it can to lock you up. Should our government be given absolute power over the internet? I think not.
Mike Cole
Eats the weenie.
Eats el weenio.
Kissa mya assa.
Gazorta
Jesus is a MYTH, you idiots!
There was NO Jesus.
There IS no Jesus.
There WILL BE NO Jesus.
It was a myth. He was married. He had a kid. He didn’t get resurrected. He was a rebel of the time. What a cute idea: let’s blame the Jews forever for the death of a Jew which was caused by the Italians!
And let’s have ‘pictures’ of this supposed Jesus and guess what? He looks like a Brit! Not like a swarthy, hooknosed Jew like the ones you like to hate.
C’mon assholes, read your ancient myths: like Leda and the Swan. The god figure has sex with a human and a ‘special’ child is born. Lots of cultures have the same myth. And you then kill and kill and kill Jesus’ own people for 2000 years.
Christians, you are a bunch of morons.
Sorbs helps big corporations.
We are a small company competing against two of the biggest corporations on the internet, Amazon and Ebay. We try to send newsletters to our users and then always blacklisted by Sorbs despite following all required and generally accepted protocols and standards.
Whether they intend to be doing so or not, I can not say, Sorbs is assisting the big corporations stifle competition. If there is anyone else out there in the same situation we find ourselves in, or if you have been in this situation, please contact me at roger@gemm.com to inform me of whatever you have done successfully or to join together to seek some sort of legal remedy.
Also, I would be interested in receiving contact from any journalists who would find this worth shedding light on. I believe Google/Bing search results are also designed, possibly purposefully, to favor big corporations over struggling competitors. Let’s join together and do something about it. -Roger Raffee