On 05/05/04 11:50 -0700, Hallam-Baker, Phillip wrote:
I get the feeling you're happy with certain blacklists.
I believe it is possible to run a blacklist for certain very narrow
purposes in a legal, useful and acceptable fashion. I do not think
it is remotely possible to stop spam through blacklists.
Let us say I block mail from certain network blocks, depending ov
criteria of my choosing.
This step is definitely not illegal.
I choose to share this information with the world via a DNS based
mechanism.
Not illegal.
The administrator of some third server shares my views and trusts me not
to cause too many false positives for him and hence hooks into my DNSBL.
Not illegal.
Useful and acceptable are issues to be decided by the administrator of
the recipients server and any contracts he may have with his customers.
In any case, I do not see the blacklists as being provably illegal.
<snip>
Anonymity
---------
We did not wish to prevent anonymity in the BCP because it provides
useful protection to the people who run these services. This
has become
necessary not because what they are doing is illegal, but because the
cost of even a failed lawsuit in the US is too much for the
creators of the blocklists to bear.
I don't believe in anonymous reputation services.
It is not a question of what *you* wish to believe in. Just to clarify a
point, I would trust the anonymous maintainer(s) of SPEWS before I trust
Verisign (ref: the false certificates issued to people claiming to be
Microsoft). As yet, SPEWS has not given me justification to withdraw my
trust. Verisign has.
If blacklists are going to demand accountability they must accept
accountability - from all parties they affect, not just the ones they
choose.
Given that the service is optional and free, I doubt that accountability
to anyone else is even a question.
I believe in the democratic rule of law, no exceptions. If the legal
system is broken then it has to be fixed. There are plenty of blacklists
that operate in the open. Spamhaus operates in a legal regime wrt libel
that is far more hostile than the US.
I do not believe that it should be legal for a public service ISP to
use any anonymous blacklist service to filter customer's mail.
Is there a contract guarantee that email will be delivered? If not, then
the question is simply whether the ISP is allowed to restrict certain
types of traffic. As of today, the network is the ISPs private network
and they choose what traffic flows on it (IIRC, this is supported by US
case law. I am not a lawyer, nor in the US, so please confirm with your
legal department). It would be easy enough for any ISP to simply put in
large blocks on their routers rather than querying DNSBLs, and that is
legal.
<snip>
The blacklist I am currently looking to establish will probably not
block any spam at all, it will block less than 1% of the web sites
mentioned in spam, hopefully though it will block 80%+ of a certain
type of fraud.
Heres a hint: We use DNSBLs to stop spam. The content of the spam is
irrelevant. Unsolicited Bulk Email can involve fraud, political
messages, religious matters, charity issues, medical stuff, mortgages,
whatever. The content is irrelevant. The issue is one of consent.
I want the blacklist to be used near universally, therefore I want
to make it practically impossible for a false positive to occur -
even though people will clearly attempt to engineer them.
I would not want a false negative in a DNSBL I use.
Devdas Bhagat
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg