North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Sorbs.net

  • From: Dean Anderson
  • Date: Mon Mar 28 18:25:40 2005

On Mon, 28 Mar 2005, Jay R. Ashworth wrote:

> On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote:
> > There are consequences, of course, to doing irresponsible things, and to
> > misleading your subscribers, and to blocking email that your subscribers
> > didn't authorize you to block.
> 
> Dean: it seems to make running a blacklist *at all* A Bad Thing...
> which, my perception is, is *not* the sense of the Net.

Not at all.  Responsible blacklisting doesn't have to do irresponsible
things.  For example, most people agreed that MAPS had no business
blocking Exactis;  Exactis didn't meet the MAPS definition for
blacklisting. SORBS clearly doesn't have to lie about Av8 Internet's
address blocks: 130.105/16 and 198.3.136/21. etc.

I'm definitely not saying that all blacklisting is bad: It isn't.

> As for "didn't authorize you to block", two thoughts come to mind:
> first, the person with the last clear chance in a mail blacklisting
> situation is the mail admin in question, is it not?  If you're running
> blacklists, and you're concerned about what they block, I should think
> it would be up to you to back-check the judgement of the BL operator by
> doing end-to-end testing.

I agree the mail admin is usually the last chance for assessing BL
reputation before use. But nearly every call I make to an admin using
SORBS results in a response of the sort: "Gee, I didn't know they were
doing this sort of thing, give me a second...they're gone. let me know if
you any more problems".  Before that it was ORBS, etc--the list is long
and ignomious. But most people "in the know" just know. Its the people
"not in the know" who get misled.

> And second, to the extent that you *are* using a given list, I suspect
> (and IANAL, of course), that you are -- constructively -- allowing them
> to act as your agent for the purpose of deciding which mail to block
> (absent caselaw to the contrary, which I'll admit I haven't
> researched), which gives you a lot less leeway to be mad at them.

I agree. But they said they were going to block _spam_. They don't usually
say 'we're going to use the list to boycott non-spammers'. And they don't
usually say they just block whoever we feel like. They usually don't say
"we want you to help us on our non-spam vendetta quest".  They usually say
they are trying to block spam.  They usually have some criteria for
blocking, which they then violate.

> And of course, the only *real* liability you ought to have in the first
> place is to *your users*, and as long as you're disclosing to them that
> you use mail BL's, then that one's a bit arguable, as well.

However, most ISPs don't disclose what BL they use until there is a
problem.  I've yet to find the BL listed in the product service
description for email services.  

And I've never found an ISP that says "We're going to participate in
boycotts for personal vendetta's, your email is a weapon for us."  The BLs
don't say that to the subscribers/ISP's; the ISPs don't say it to the
users.  Neither the ISPs nor the end users want that.

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000