Discussion:
[linux-elitists] Spam spam spam spam
Rob McGee
2005-02-17 22:07:20 UTC
Permalink
If you don't like spam
AND
If you're a member of ACM
OR
if you're NOT a member of ACM
OR
if you've never heard of ACM

That should include about everyone here.


http://spamkings.oreilly.com/archives/2005/02/protest_brewing.html


Executive summary:

Vinton G. Cerf, Senior Executive VP of MCI and a co-creator of the
TCP/IP protocol suite, is scheduled to be honoured for that creation by
the ACM ( http://www.acm.org/ ) in June. Dr. Cerf has paid lip service
to anti-spam efforts whilst his company provides the largest source of
"bullet-proof" spam hosting on the planet. When confronted, Cerf makes
lame excuses for this inexcusable corporate behaviour. Members of the
SPAM-L mailing list are preparing to lodge a formal ethics complaint
against Cerf with the ACM.


Your participation and ideas are invited.

I, one of the instigators of this idea, expect to see this thing get
into the mainstream media eventually.
--
Rob - /dev/rob0
Aaron Sherman
2005-02-17 22:26:04 UTC
Permalink
Post by Rob McGee
http://spamkings.oreilly.com/archives/2005/02/protest_brewing.html
Vinton G. Cerf, Senior Executive VP of MCI and a co-creator of the
TCP/IP protocol suite, is scheduled to be honoured for that creation by
the ACM ( http://www.acm.org/ ) in June. Dr. Cerf has paid lip service
to anti-spam efforts whilst his company provides the largest source of
"bullet-proof" spam hosting on the planet. When confronted, Cerf makes
lame excuses for this inexcusable corporate behaviour.
Neither the article nor the mail you sent have any specifics. Assume I
don't know anything, but am unwilling to simply be a gun, pointed at any
Internet-related personality and fired.... explain to me exactly what
this company is doing. MCI claimed "spamware [is not] a violation of its
terms of service"... what does that mean? Is this company sending out
UCE in bulk, originating from MCI IPs? If so, I can't imagine why MCI
isn't terminating their contract, as it is a clear violation of the ToS.

Does anyone have a raw quote from Cerf or MCI reps explaining their
position?
--
☎ 781-324-3772
✉ ***@ajs.com
☷ http://www.ajs.com/~ajs
Martin Pool
2005-02-17 22:37:47 UTC
Permalink
Post by Aaron Sherman
Post by Rob McGee
http://spamkings.oreilly.com/archives/2005/02/protest_brewing.html
Vinton G. Cerf, Senior Executive VP of MCI and a co-creator of the
TCP/IP protocol suite, is scheduled to be honoured for that creation by
the ACM ( http://www.acm.org/ ) in June. Dr. Cerf has paid lip service
to anti-spam efforts whilst his company provides the largest source of
"bullet-proof" spam hosting on the planet. When confronted, Cerf makes
lame excuses for this inexcusable corporate behaviour.
Neither the article nor the mail you sent have any specifics. Assume I
don't know anything, but am unwilling to simply be a gun, pointed at any
Internet-related personality and fired.... explain to me exactly what
this company is doing. MCI claimed "spamware [is not] a violation of its
terms of service"... what does that mean? Is this company sending out
UCE in bulk, originating from MCI IPs? If so, I can't imagine why MCI
isn't terminating their contract, as it is a clear violation of the ToS.
No, as I understand it they are hosting a site, send-safe, that sells
software for sending spam, and also access to a list of zombie
machines through which it may be sent. On the other hand, there is
something almost admirable in publishing unpopular speech.

I think I would rather see a criminal case against send-safe and MCI
for aiding violations of unauthorized intrusion and computer crime
laws. (Assuming the allegations are substantiated; I haven't
personally checked.) Relaying through a zombie in Australia for
example should, in theory, get up to 10 years per offense.

It is interesting to imagine what would happen if send-safe were
publishing something that annoyed the copyright cartels rather than
ordinary people.

--
Martin
Aaron Sherman
2005-02-18 04:17:58 UTC
Permalink
Post by Martin Pool
Post by Aaron Sherman
explain to me exactly what
this company is doing. MCI claimed "spamware [is not] a violation of its
terms of service"... what does that mean? Is this company sending out
UCE in bulk, originating from MCI IPs?
No, as I understand it they are hosting a site, send-safe, that sells
software for sending spam, and also access to a list of zombie
machines through which it may be sent.
[...]
Post by Martin Pool
I think I would rather see a criminal case against send-safe and MCI
for aiding violations of unauthorized intrusion and computer crime
laws.
Huh, well certainly I'd love to see a case against send-safe, assuming
they do indeed sell spamming software and zombie lists. But, I'm stunned
that people are pushing MCI to have send-safe removed. If they're not
spamming, then they're just scumbags, not violators of MCI's ToS. No
vendor should be required to take action against a customer for criminal
behavior without due process. None. Ever.

Pointing the FBI at them might make sense, but trying to drag Cerf's
name through the mud in a political move through ACM seems damn near
worse than spam in the first place. If we have to sink to those levels
to combat spam, then have we gained anything in the fight? And do you
try to ruin Cerf's day just because he's being honored for a major
contribution to modern technology?

How sad.
Karsten M. Self
2005-02-18 04:33:23 UTC
Permalink
Post by Aaron Sherman
Post by Martin Pool
Post by Aaron Sherman
explain to me exactly what
this company is doing. MCI claimed "spamware [is not] a violation of its
terms of service"... what does that mean? Is this company sending out
UCE in bulk, originating from MCI IPs?
No, as I understand it they are hosting a site, send-safe, that sells
software for sending spam, and also access to a list of zombie
machines through which it may be sent.
[...]
Post by Martin Pool
I think I would rather see a criminal case against send-safe and MCI
for aiding violations of unauthorized intrusion and computer crime
laws.
Huh, well certainly I'd love to see a case against send-safe, assuming
they do indeed sell spamming software and zombie lists. But, I'm stunned
that people are pushing MCI to have send-safe removed. If they're not
spamming, then they're just scumbags, not violators of MCI's ToS. No
vendor should be required to take action against a customer for criminal
behavior without due process. None. Ever.
Pointing the FBI at them might make sense, but trying to drag Cerf's
name through the mud in a political move through ACM seems damn near
worse than spam in the first place. If we have to sink to those levels
to combat spam, then have we gained anything in the fight? And do you
try to ruin Cerf's day just because he's being honored for a major
contribution to modern technology?
How sad.
No, how appropriate.

Don't be evil.


Peace.
--
Karsten M. Self <***@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The question is not whether I'm paranoid, it's whether I'm paranoid enough.
Bulent Murtezaoglu
2005-02-17 22:38:35 UTC
Permalink
AS> ... MCI claimed "spamware [is not] a violation of its terms
AS> of service"... what does that mean? Is this company sending
AS> out UCE in bulk, originating from MCI IPs?

I found this two (?) links away:

http://spamkings.oreilly.com/archives/2005/02/mci_criticized_1.html

As far as that link goes, it appears the sentence you quoted refers
to selling spam injecting programs online, not spamming.

I also took a peek at:

http://www.spamhaus.org/news.lasso?article=158

which roughly says the same thing. As far as these two go I
understand what MCI is saying, I am unsure I understand the full
implications of what spamhaus seems to be advocating.

cheers,

BM
Karsten M. Self
2005-02-18 04:30:45 UTC
Permalink
Post by Aaron Sherman
Post by Rob McGee
http://spamkings.oreilly.com/archives/2005/02/protest_brewing.html
Vinton G. Cerf, Senior Executive VP of MCI and a co-creator of the
TCP/IP protocol suite, is scheduled to be honoured for that creation by
the ACM ( http://www.acm.org/ ) in June. Dr. Cerf has paid lip service
to anti-spam efforts whilst his company provides the largest source of
"bullet-proof" spam hosting on the planet. When confronted, Cerf makes
lame excuses for this inexcusable corporate behaviour.
Neither the article nor the mail you sent have any specifics. Assume I
don't know anything, but am unwilling to simply be a gun, pointed at any
Internet-related personality and fired.... explain to me exactly what
this company is doing. MCI claimed "spamware [is not] a violation of its
terms of service"... what does that mean? Is this company sending out
UCE in bulk, originating from MCI IPs? If so, I can't imagine why MCI
isn't terminating their contract, as it is a clear violation of the ToS.
Spamhaus's dossier on MCI is here:

http://www.spamhaus.org/sbl/listings.lasso?isp=mci.com
Found 192 SBL listings for IPs under the responsibility of mci.com
Listings in yellow are known spam gangs with ROKSO records

Each entry has specific information, e.g.:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL24036

157.130.205.94/32 is listed on the Register Of Known Spam Operations
(ROKSO) database as being assigned to, under the control of, or
providing service to a known professional spam operation run by Alan
Ralsky.

Pointer Record: Alan Ralsky (AS701 >>> AS33407)
193.ATM7-0.GW4.LAX4.ALTER.NET (152.63.113.97) [AS 701] 200 msec
phoenixconsulting-gw.customer.alter.net (157.130.205.94) [AS 701] 204 msec
ns1.webplacedns.info (207.244.52.254) [AS 33407] 208 msec

<...>

Specific to Send-Safe:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL23896

Ref: SBL23896

65.203.151.213/32 is listed on the Spamhaus Block List (SBL)

14-Feb-2005 05:28 GMT | SR09

Ruslan Ibragimov / send-safe.com
65.203.151.213/32 is listed on the Register Of Known Spam
Operations (ROKSO) database as being assigned to, under the control
of, or providing service to a known professional spam operation run
by Ruslan Ibragimov / send-safe.com.

65.203.151.213 hosted domains
Domains hosted on 65.203.151.213 as of Feb 14, 2005.
Most can be googled for spam sightings.

1 ALONE-N-READY.COM.
2 BESTGRL.COM.
3 COMFKME.COM.
4 COMSEEME.COM.

<... 22 more elided>
Post by Aaron Sherman
Does anyone have a raw quote from Cerf or MCI reps explaining their
position?
Spamhaus lists:

http://www.spamhaus.org/news.lasso?article=158

<...>

MCI responded to Spamhaus' accusations in the Washington Post,
Spamhaus notes that MCI's rebuttal is a dishonest dodge:

(http://www.washingtonpost.com/wp-dyn/articles/A61901-2005Feb3.html)

"Timothy Vogel, who heads MCI's legal team for technology issues,
said that (MCI UUNet) does not host the site but instead leases the
Internet address to a company that in turn hosts Send-Safe's Web
site."

This is smoke and mirrors, the 'company' is none other than the spam
operation "MTI" listed in Spamhaus' ROKSO database of the world's
worst 200 spam gangs, MTI is spammer Rusty Campbell, Ibragimov's
partner. By pretending the MTI spam outfit is a legitimate customer
who just happens to be hosting another spam outfit, MCI is
attempting to pretend they don't know MTI is the same spam gang.

Here are Spamhaus records on MTI, which MCI know about well:
<http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Rusty%20Campbell%20-%20DesktopServer>

"More important, he said, MCI does not want to censor Internet
content. If MCI had evidence that the Send-Safe company was
spamming, that would violate MCI policy. But merely advertising its
product is a form of speech that should not be censored, Vogel
said."

This also is seriously incorrect, MTI and Send-Safe are not
advertising it, they're selling and distributing it. As in "Talking
about heroin is a lot different than selling heroin". While
commercial speech is given qualified protection under the first
amendment, advertising the sale of software designed for the prime
purpose of allowing the end-user to engage in illegal activities is
not protected under the first amendment. It fails the first test of
the four-pronged test that the u.s. supreme court uses to measure
the validity of restraints upon commercial expression. MCI's lawyers
are either badly misinformed or incompetent on this issue and need
to read the US Government's document on this issue:
http://www.gpoaccess.gov/constitution/index.html

But we note that MCI's lawyer Timothy Vogel didn't say that MCI
"can't terminate" Send-Safe.com, he said "we do not want to". In
fact, Mr. Vogel does not honestly believe that his company is
legally bound not to dump send-safe and other illegal spam gangs,
the issue is solely that his company will lose income from the
spammers if they do.

<...>


From an InternetNews.com interview:

http://www.internetnews.com/infra/article.php/3370411

June 18, 2004
Vint Cerf, 'A Father of the Internet'
By Michael Singer

Q: Seriously though, who should be responsible for spam? What is the
role of the ISP?

A: I am unhappy with the thought that an ISP in a literal sense
should be responsible for filtering out spam. First of all, we are
running packets at 10 billion bits per second and we can't look at
them that fast, let alone move them that fast. We get 2 to 3 million
spams per day.

What one would want to avoid is some situation where you are held
accountable for not successfully filtering all of the spam out -- or
worse -- what if you filter something out that wasn't spam and have
someone sue for damages. This is really a hard problem. You could
probably argue that this is the equivalent of the Turing Halting
Problem (defining the terminating program task). No algorithm that I
can fathom can guarantee something is or is not spam just by
looking. In spite of all of that, e-mail is still potentially a
powerful and enabling tool.


From a TechCentral interview:

The father of the Internet speaks
by JULIAN MATTHEWS, trinetizen.com
http://star-techcentral.com/exclusives/special/story.asp?file=/2003/3/3/ThefatheroftheInternetspeaks&sec=exclusives
http://tinyurl.com/5sgln

Trinetizen: Spam is proving to be an unstoppable menace. What
solutions would you suggest? Can astronauts on Mars one day expect
to be spammed with ads for thermal underwear?

Vint: LOL! The problem is very clear: we like inexpensive (almost
free) email and this preference invites spammers to send email to us
because it is less expensive than any other form of mass
communication.

If we tried to charge spammers, we would also have to charge
ourselves for "legitimate" email. Of course, one person's spam may
be of interest to another - rather like the free catalogs one
receives in abundance in the regular post. It feels close to
impossible to eradicate.


From a spam FAQ, apparently filched from
http://www.euro.cauce.org/en/index.html:

http://churchofireland.net/spam/

"Spamming [the sending of unsolicited email] is the scourge of
electronic-mail and newsgroups on the Internet. It can seriously
interfere with the operation of public services, to say nothing of
the effect it may have on any individual's e-mail mail system. ...
Spammers are, in effect, taking resources away from users and
service suppliers without compensation and without authorization."

- Vint Cerf, Senior Vice President, MCI
and acknowledged "Father of the Internet"



From a story on the MCI/Verizon merger, no comment:

MCI-Verizon deal sparks spam fears
Dan Ilett
ZDNet UK
February 15, 2005, 15:15 GMT

Vint Cerf, who is senior vice-president of technology strategy for
MCI and regarded as the father of the Internet due to his work on
TCP/IP, was unable to comment in time for the publication of this
article.


From a UK Guardian interview:

http://www.guardian.co.uk/online/talktime/story/0,13274,1161365,00.html
Talk time: Vinton Cerf
Thursday March 4, 2004

Q: How effective has the Can Spam Act been in the US?

A: All the attempts to try to reduce spam have not been very
successful. The one possibility is that if you have legislation that
says it's illegal to do certain things and the parties who are doing
these activities are in business to do it, then you would think they
would be traceable. Not by trying to track their email but simply
trying to find them with a "sting"-like operation. These courses of
action will probably prove more effective. At the moment, my best
friend is my Delete key.



HTH.


Peace.
--
Karsten M. Self <***@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Experience is one thing you can't get for nothing.
- Oscar Wilde
Aaron Sherman
2005-02-18 18:53:17 UTC
Permalink
[...]
Post by Karsten M. Self
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL24036
157.130.205.94/32 is listed on the Register Of Known Spam Operations
(ROKSO) database as being assigned to, under the control of, or
providing service to a known professional spam operation run by Alan
Ralsky.
Damn. I was using Spamhaus specifically because they only listed people
who were known to originate spam (either because they were zombies (XBL)
or spam sources (SBL)). Either I was wrong, or they've changed their
policy to list groups punitively.

So, I'm back to the drawing board. Does anyone know of a DNSBL that ONLY
lists IPs that are known to be actively originating bulk UCE? I really
do want to be able to get legitimate mail, even if it's from an email
list retailer, spam software vendor, spammer's home system, a child
molester, delinquent dad, or someone who speaks out against the
government. I just want to shut off the pipe when people demonstrate
that they are willing to treat their pipe as a firehose.

I'm so tired of the punitive responses of listing those "providing
service", "advertized by spam", netblocks with innocent users, netblocks
which are "not valid mail sources" according to whatever criteria, etc.
I just want a clean, well-maintained, timely list of IPs that have
connected to SMTP ports and delivered spam. I'll even pay for it!
--
☎ 781-324-3772
✉ ***@ajs.com
☷ http://www.ajs.com/~ajs
Teh Entar-Nick
2005-02-18 19:48:43 UTC
Permalink
Post by Aaron Sherman
So, I'm back to the drawing board. Does anyone know of a DNSBL that
ONLY lists IPs that are known to be actively originating bulk UCE?
While we're at it, does anyone here know of a Fascist Dictator that
ONLY builds domestic infrastructure and improves the local economy
without all of the oppression?

PS: I work for a big company and I need this by tomorrow. Thanks in
advance.
--
"virii" would be the plural of the mythical masculine Nick Moffitt
noun "virius". The neuter plural of "virus" would be ***@teh.entar.net
"vira" (as "opus" & "opera"), and "viri" is the plural
of the masculine "vir" (man). It really is "viruses"!
Aaron Sherman
2005-02-18 20:36:42 UTC
Permalink
Post by Teh Entar-Nick