September 14, 2006 9:35 PM PDT

Spam fighter hit with $11.7 million judgment

The nonprofit group behind a popular blacklist used to block spam has been hit with a multimillion-dollar judgment, but the order may not be enforceable.

The U.S. District Court for the Northern District of Illinois ordered Wednesday that Spamhaus must pay $11,715,000 in damages to e360insight and its chief, David Linhardt, who sued the U.K.-based organization earlier this year over blacklisting.

The court also barred Spamhaus from causing any e-mail sent by e360insight or Linhardt to be "blocked, delayed, altered, or interrupted in anyway" and ordered Spamhaus to publish an apology stating that Linhardt and his company are not spammers, according to a copy of the order.

"This ruling confirms e360insight's position that Spamhaus.org is a fanatical, vigilante organization that operates in the United States with blatant disregard for U.S. law," Linhardt wrote in an e-mail to CNET News.com on Thursday.

Spamhaus appears unfazed by the ruling. In a statement on its Web site, Spamhaus dismissed the judgment as invalid and charges that the court was "bamboozled by spammers." Spamhaus didn't mount a defense in the case; the ruling was a default judgment in absence of counterarguments.

"Default judgments obtained in U.S. county, state or federal courts have no validity in the U.K. and cannot be enforced under the British legal system," Spamhaus said on its Web site. "As spamming is illegal in the U.K., an Illinois court ordering a British organization to stop blocking incoming Illinois spam in Britain goes contrary to U.K. law which orders all spammers to cease sending spam in the first place."

Linhardt and his company are indeed spammers and remain on the Spamhaus blocklist, Spamhaus said. Posting a note that e360insignt was inaccurately labeled as a spammer would be a lie, Spamhaus said. If Linhardt wants a ruling that counts, he needs to refile his case in the U.K., according to Spamhaus.

The Spamhaus blocklist is a database of verified spam sources that is supplied at no cost to help e-mail administrators clean incoming e-mail streams. Spam accounts for about 75 percent of all e-mail, and the Spamhaus list is one of the most popular such blacklists to help cleanse e-mail.

"The Spamhaus guys are good guys, and they are doing the right thing. It is a pity that the court system in the U.S. can be abused in such a fashion as it is," said Dean Drako, the CEO of Barracuda Networks, a Mountain View, Calif.-based maker of antispam appliances. Barracuda offers the Spamhaus list in its appliances.

Spammers often threaten with lawsuits, but don't often follow through, Drako said. Senders of the junk mail fight blacklists because they hurt business.

"If a spammer gets listed, less spam gets through, and their revenue is related to the amount of spam that gets read," Drako said.

Like Spamhaus, Drako does not expect the Illinois judgment to have any effect in the fight against spam.

"I don't think the lawsuit actually means anything," he said.

See more CNET content tagged:
Spamhaus, judgment, spammer, Illinois, Barracuda Networks

114 comments

Join the conversation!
Add your comment
Judge?
So where'd they find this judge, anyway? Some backwoods hick who can't even spell "computer?" I guess he couldn't understand what the English guy was saying, maybe that's why he lost the case. I can't see any other good reason why anyone would judge in favor of spam.

Keep the spammer cases out of Illinois. This is a retarded precedent set by a moron.
Posted by thinkjered (17 comments )
Reply Link Flag
He lost because...
He wouldn't defend himself. The judge had no option but to hand the default punishment onto him. Not that he cares. It would be much too risky for the US to ask the UK to enforce it, thus through normal channels, Spamhaus is sitting pretty. He's got an unenforceable judgement against him in another country, whilst living in one that has a legal system that will protect his and our rights not receive spam.
Posted by djcaseley (85 comments )
Link Flag
nice try..
for someone who has a mental reminder to think in their name, you
sure didn't on this one...
Posted by regan2 (29 comments )
Link Flag
Lat off the backwoods folks like me
At 50, I'm only 3 years into computers, self taught, and I have better sense than this "liberal" judge. ("liberals" are not truly liberal,as defined by the dictionary). Your command of the English language needs remedial updating, there is nothing definitive in your post.
Posted by sadisynn (2 comments )
Link Flag
Lay off the backwoods folks like me
At 50, I'm only 3 years into computers, self taught, and I have better sense than this "liberal" judge. ("liberals" are not truly liberal,as defined by the dictionary). Your command of the English language needs remedial updating, there is nothing definitive in your post.
Posted by sadisynn (2 comments )
Link Flag
Spamhaus is an excellent tool
We reviewed thousands of emails marked as spam by the Spamhaus RBL before going live with the filter.

We did not find a single false positive during the testing period and have not had a single user complaint in the 3+ years we have been using Spamhaus.

IMO, anyone that finds themselves on the list most likely belongs there.
Posted by rcrusoe (1305 comments )
Reply Link Flag
NOT NEWS!?!?
a default judgement is not news. especially when it won't even be paid.
Posted by jeffhesser (102 comments )
Reply Link Flag
Spamhaus is the good guys
Their blacklist is accurate. It is possible to get added accidentally, but it is easy to get removed... "IF YOU ARE NOT A SPAMMER". Not to mention, Spamhaus does not block email; Postmaster who use the system and see it as helpful block the email. So this spammer has a lot of lawsuits to file.
Posted by umbrae (1073 comments )
Reply Link Flag
I disagree.
I've had a run in with spamhaus once. Took them a week to remove my website from their list. Now before you go calling me a spammer please know that my office sends out at the very most 60 e-mails a week. We got blacklisted because we are on a shared IP and a real spammer was on our shared IP. Sure they blocked the spammer, but they also blocked a good and many other non spammers.

I don't agree with blacklist. I don't think they are effective in actually fighting spam. I think companies like spamhaus are reckless in how they create their blacklist. I think they abuse that power. I think they all should be sued out of existance.

Unfortunatly that's not going to happen. What all e-mail systems need is a better e-mail system. Blacklist just don't cut the mustard. Sure they may block a few spammer, but how many non spammers do they block (and yes I know they don't "block" anybody). That's just my opinion and I know it goes against the popular norm.
Posted by System Tyrant (1453 comments )
Link Flag
This can benefit spamhaus
What better way to prove spamhaus's effectivness than a frivilous lawsuit by a spammer that has no legal effect... and then getting the story plastered on news sites. It looks to me like spamhous is doing a good job on their blacklist if spammers have to resort to threatening worthless lawsuits.
Yea for the good guys!
Posted by Seaspray0 (9714 comments )
Reply Link Flag
Yup
This spammer is now in everybody blocklist. Block on sight... Proves the old rule again: spammers are stupid...
Posted by JoeF2 (1306 comments )
Link Flag
Spamhaus Internet terrorists.
Spamhaus Internet terrorists.

Becoming what you oppose
Editorial by Dave Hayes

Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (news.admin.net-abuse.*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance.

Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists".

Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture.
The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980)

Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases.

The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server.

If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case.

Fact: Spamhaus and spews have added innocent IP blocks to their blacklists.

The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?)

So here's how this goes. Once a network provider is branded "a communist"...er excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP!

In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that their provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks.

What's wrong with this? Everything.
* First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it. * The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another. Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email. IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor. * The practice is quite criminal by many definitions and with criminals on all sides: o Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion). o Attacking innocents in the name of their cause (a.k.a. terrorism). o Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising) o Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade) o If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street)

Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous:

Fact: Spammer companies have far more money than most innocents.

Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider.

While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers.

I've established some things here:
1. In my opinion, blacklists are bad. 2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism. 3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease.

This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers?

The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know?

So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"...lol)

I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA?

No. I'm sorry. I have far better things to do.
Posted by truedomainprivacy. (3 comments )
Link Flag
Be careful, Spamhaus - you want to visit the US one day...
Don't let the spammers harass you... Hide your identities so you are not PERSONALLY held liable. We'd like all the good guys to be able to visit the US once in a while with no worries...
Posted by Fictia (32 comments )
Reply Link Flag
Not a problem...
This is not a criminal case against an individual. It's a civil case, one company against a non-profit organization. If Spamhaus was to set-up a "presence" in the US, with bank accounts here, they could go after the organizations money.

THEY CANT GO AFTER THE NON-PROFIT OFFICERS, BOARD MEMBERS, OR MEMBERS PERSONALLY!. (Even if the officers have been paid by the organization, you cant collect any money from them!)

The same is true in corporations. (In the UK, Ltd. = limited liability, which means that the individuals are not liable.) You cannot go after the officers, board members or shareholders of a corporation. Thats why you sometimes see horror stories of bankrupt corporations with angry shareholders and former employees, yet the former CEO is still living in his 10 million dollar house that he bought with his outrageous salary!

It also means that if you own a few shares of Microsoft, they cant come after you when the company goes bankrupt! And, thats actually the whole idea& to protect individual shareholders.

None of the above is true in case of criminal activity.
Posted by DougDbug (62 comments )
Link Flag
Spamhaus US Associates MUST Abide by Guidelines
Spamhaus has many individuals working in the USA. Anyone working within the confides of Spamhaus in the USA must abide by the default judgement or will be in contempt of court.
Posted by ericjohnson100 (8 comments )
Reply Link Flag
the USA is not the world
Repeat after me, the USA is not the world, the USA is not the world
Posted by stevejobless (40 comments )
Link Flag
Even that is wrong
It is a district court ruling in Illinois. As such, it has no legal standing in California, for example.
Posted by JoeF2 (1306 comments )
Link Flag
Re: Spamhaus US Associates MUST Abide by Guidelines
Nonsense. There are no judgments against any individuals and, ultimately, there is no attribution to individuals on the Spamhaus site. Hence it is an impossible burden. Furthermorem there has been no service to any individuals in the US.

We get threatened twice a week. It's a waste of time and cycles.

David Hart
<a class="jive-link-external" href="http://tqmcube.com" target="_newWindow">http://tqmcube.com</a>
Posted by dchart (1 comment )
Link Flag
contempt of court
I wonder if this can be extended to include any company using their blacklist? I also wonder why static ip addresses, as opposed to dynamic, wouldn't eliminate this problem entirely, in so far as blocking innocent e-mail users? There would be no legitimate reason to block whole ranges of addresses or specific ISPs. Maybe that would be too simple an answer, no money to be made by defenders of the freedom of the internet in their battle with spammers!
Posted by dland51 (91 comments )
Link Flag
If everybody on the web tells you that your spam...
...than your spam!

It's really sad that there is no global regulation to the web like there is in the Telco business!

I'm not saying to restrict the use of the web, but without a guaranteed determination on were the web stands from a legal point there is no merit in any ruling by any Judge!

I bet if the Judge that ruled on this were to get severely spammed by the Plaintiff than the judgement would of definitely been different. But a lack of knowledge and a lack of persistence by our legal system (Congress) has led to a free for all for Spammers, Porn Sharks, and Hackers!

There are laws that govern our land to ensure a safe environment for all, yet no laws to govern the virtual land of the World Wide Web. You know; you had to create rules and regulation for the use of highways and roads to ensure a safe driving environment. Why can't you create some laws that would ensure a safe computing environment as well as a safe Web Surfing environment?

Is it just a lack of Knowledge that holds you back? Or are you truly oblivious to the situation at hand?

J Gund
Tech01
www.Tech01.net
Tech01 Mobil
Mobil.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
illinois courts
I wonder how much that judge got paid to render that verdict?
Posted by joeskunk (1 comment )
Reply Link Flag
Nothing
Spamhaus didn't waste any time showing up, so they automatically lose.
Posted by Tortanick (19 comments )
Link Flag
verdict
He gets paid a yearly salary to render judgements whether we agree with them or not. In the event the defendant doesn't like the verdict they only have to appeal to the next level court: that is the beauty of our court system of justice, unless of course you are part of the right wing which feels the courts are making law, rather than interpreting and enforcing it! That pretty much covers any judge who renders a verdict that they oppose!
Posted by dland51 (91 comments )
Link Flag
I laugh in e360insight's face
They are SPAMMERs. Pure and simple. This judgement means absoultely nothing and SPAMHAUS doesn't have to do a thing. In fact, you have to be some kind of an idiot to get into SPAMMING in the first place but e360insight just made themselves look even dumber with this lawsuit. I don't know how much they spent in lawyer and court fees, but it was all wasted money. I specifically block every one of their domains as well as subscribe to SPAMHAUS' xbl-sbl list.

I urge all email administrators to incorporate the sbl-xbl into their AntiSpam solutions and raise our collective middle fingers at e360insight. Have a nice day.
Posted by thenet411 (415 comments )
Reply Link Flag
Spamhaus should not prevent any communications
I agree with the company seeking punitive damages. Emails can be considered confidential just as postal mail. If you were to prevent postal mail from reaching its intended recipient then you woul dbe breaking federal law here in the US.

Why should Spamhaus be allowed to block any private communications?? They should be shut down for interfearing with private communications.

Spamhaus is not the LAW. However they seem to think they are. Just because Soamhaus says its spam doesn't mean that it is spam.
Posted by ittech1 (11 comments )
Reply Link Flag
Spamhaus should not prevent any communications
I agree with the company seeking punitive damages. Emails can be considered confidential just as postal mail. If you were to prevent postal mail from reaching its intended recipient then you would be breaking federal law here in the US.

Why should Spamhaus be allowed to block any private communications?? They should be shut down for interfearing with private communications.

Spamhaus is not the LAW. However they seem to think they are. Just because Soamhaus says its spam doesn't mean that it is spam.
Posted by ittech1 (11 comments )
Reply Link Flag
huh?
Spamhaus doesn't block any communications. It
simply identifies spammers.

If I get junk paper mail, I can choose to throw
it away. If I get email from someone Spamhaus
says is a spammer, I can choose to throw it
away. That's my right, and the right of anyone
who runs a mail server.
Posted by requiem--2008 (21 comments )
Link Flag
know your topic
You should not be commenting on something you obviously don't understand; it wastes our time and makes you look inept.
SpamHaus does not block email, they maintain IP blacklists of Spammers for various pieces software and hardware appliances that DO block email (SPAM as a general rule). Also, if you know anything about the Internet (I am assuming you think you do based on your alias) then you would be well aware that e360insight is Notorious for their involvement in spam as well as malware and spyware.....

I'm not trying to flame you, I'm just saying; know your topic before you comment on it....
Posted by dallas_el (1 comment )
Link Flag
E-Mail / U.S. Postal Mail
Apparently, you're a little new to all of this.

The U.S. Postal Service is a federally mandated business, and as such, it falls under the U.S. Code, Section 39. This is where the law is spelled out regarding the legality (or the lack thereof) of interfering with the delivery of U.S. Mail. It is also worth pointing out that physical junk mail is a "paid for" service; the company mailing the letter is paying the USPS for each ad that they send out.

E-mail servers, and by extention, Spam, however, are NOT covered by U.S. Code. They are privately owned and/or administered systems. There is (or should be) no expectation of a guarantee that J. Random Spammer's junk mail can bypass my spamfilter. Especially since a staggering amount of the virtual junkmail is being sent through hijacked servers and accounts. (While blocking or blacklisting spam isn't a crime, last time I checked, hacking a private system IS.) When breaking the code of law, it is kind of stupid to expect that same code will cover your ass later when someone decides to come after you.

Further, unless there is some sort of privilige attached (lawyer/client, doctor/patient, priest/penitent), there is no expectation of privacy with regards to e-mail.

If I have an e-mail server (which I do), and if I have Spamhaus (again, which I do) this is my right as a private citizen. If I elect to not have my users and my system inundated by mail that we don't want and didn't request, then again, that is my right.

There is an expression that I heard a lawyer friend of mine use one time. Essentially, it says that "your right to swing your arms ends right before you reach my nose." Spam is the swinging arm, my nose is the server, and the "right before" is filled by organizations like Spamhaus.

I just have to ask you one question, though. After re-reading your post, I was wondering if you were clueless or if you were trolling? Sometimes it's hard to tell the difference.
Posted by mjohnson13 (5 comments )
Link Flag
Spamhaus does not block anything
They publish a list. period. In my corporation I am the one that
decides what gets blocked. And I use the SBL in part to make
that decision.

I have used the Spamhaus list on our email servers. Before
going live I reviewed thousands of messages that their list
identified as coming from spammers and they were 100%
correct. In the past 3+ years we have not had 1 user complaint.

By the way, we also reject any mail containing certain
attachments (45 different types at present). I used a list from
Microsoft as the starting point for that block list.

You think someone should sue MS for publishing that list?
Posted by rcrusoe (1305 comments )
Link Flag
People should be able to prevent spam
Spamhaus doesn't prevent communications. Spam-hating individuals use their services to prevent being flooded by spam.

You are not forced to filter your email with Spamhaus and are welcomed to receive all the spam and filth you desire.

I suspect though that ittech1 is a spammer, so wouldn't agree with me.
Posted by danxy (37 comments )
Link Flag
This is not true
You need to step back and look at the arguments for the do not call list and why cell phones do not have published list of numbers.
I pay to have my internet and phone service. I do not pay to receive mail. As a result I can not stop the mailman from stuffing my box full of junk mail but I can put my name on the do not call list to stop phone solicitations. And I do choose to do this.
Now as the owner of a small business I pay even more for my internet connection that a home user does. I do most of my business communications by email. As a result if I or my employees need to wade through a load of SPAM every day then our productivity drops off and that directly costs me money. The lists published by spam house can and do save me a lot of time and money.
Yes there are ISPs that have been randomly (it seems) blocking some other IP addresses. This is also not right but what does spamhouse have to do with that.
If you are complaining about your work blocking sites then get a life. It you are complaining about your emails getting out the I have to ask what it is you are doing to get placed on the spamhouse black list.
Posted by penguinlust (4 comments )
Link Flag
What an IDIOT!!
I don't remember where ANYONE said that Spamhaus was blocking ANY e-mails. You need to slow down and study what Spamhaus is doing (only providing a list of companies that users consider to be spammers). The people that use that list are the ones that decide to not allow e-mails from the listed companies.

So if your problem is with blocking "private" e-mails from being recieved, it is only with those that use the list.

What an IDIOT!! again:)
Posted by Bitchn' (1 comment )
Link Flag
Add RBL researc to your todo list
You need to do some reading. Unlike spam "opt-in", sysadmins configure corporate and personal email gateways to check incoming messages against online RBL databases like Spamhaus. Companies like e360 Insight wrap themselves in the American flag and claim free-speech rights as part of their PR. They want to deny us our right to manage our email systems; to not accept incoming spam.

You can send e360 Insight an email at <a class="jive-link-external" href="http://www.e360insight.com/contact.php" target="_newWindow">http://www.e360insight.com/contact.php</a> . Too bad they do not have a simple mailto: link, it is a form.
Posted by jsa13 (2 comments )
Link Flag
SpamHaus rules!
We've been using SpamHaus for a couple of years on our mail
servers (running FreeBSD and MacOS X Server). With the data in
the SpamHaus RBL we can block around 1 million messages per
month, saving lots of bandwidth and reducing the clutter in our
clients' inboxes. The savings in bandwidth amount to several
thousand dollars per year thanks to RBL's like SpamHaus.

When a client signs up with us, they have to agree that we can
filter some content on our network which we don't want to
forward. If they don't agree with those terms, they have to get
another ISP.

Once we had one of our web servers blocked by SpamHaus. A
spammer got into a client's web site through a security hole in
an open source project and uploaded a spam tool. When I fixed
the clients web site on a late Friday night, I immediately
contacted SpamHaus to be removed from their list and within
the hour our IP was able to send messages again.

In the past 30 days, our mail servers received 2370287
messages -- 85% where spam or viruses.

If SpamHaus wouldn't exist, we'd be flooded with that junk.

The SpamHaus service is a great service and combining it with
other RBL's and spam filtering tactics will help you to keep your
inbox clean!
Posted by joebuff75 (35 comments )
Reply Link Flag
sign up
Sounds like you are doing a great job and you are the only one I have heard mention that you advise any prospective clients of what you are doing so they can make that choice themselves. I do have one question though: What did the security hole someone got through have to do with an open source project? In all probability someone didn't have their system set up properly, not because they were using open source software.
Posted by dland51 (91 comments )
Link Flag
Meaningless
While this story may be of interest in the "sensational" sense, it is hardly newsworthy since the verdict has no bearing on anything. I guess since the technology world doesn't have an equivalent of tabloids, this falls within the scope of news.com to report...

Also, people should get all the facts before making idiotic comments. Information and response from Spamhaus:

<a class="jive-link-external" href="http://www.spamhaus.org/legal/answer.lasso?ref=1" target="_newWindow">http://www.spamhaus.org/legal/answer.lasso?ref=1</a>
<a class="jive-link-external" href="http://www.spamhaus.org/legal/answer.lasso?ref=3" target="_newWindow">http://www.spamhaus.org/legal/answer.lasso?ref=3</a>
Posted by nospam! (9 comments )
Reply Link Flag
Who Blocks SPAM?
Spamhaus publishes a list. Administrators block email. The judge is an @$$ to name Spamhaus as blocking SPAM, they are only providing a tool that other people find convenient and accurate. If the judge wants to punish blocking email, he needs to refine his order a bit more. And yes, I am in utter contempt of that court for the sloppy reasoning it use and promulgated.
Posted by zclayton2 (130 comments )
Reply Link Flag
contempt
The judge did what the law required when a defendant in a civil suit doesn't make an attempt to defend themselves: rule in favor of the other party. It is a shame that Spamhaus did themselves and their clients such a dis-service by apparently deciding this suit was not worth objecting to. They could have gone to court and had a request for dismissal based on a frivoulous lawsuit, but instead decided to do nothing. That seems like contempt to me, since they were saying we don't care!
Posted by dland51 (91 comments )
Link Flag
Time for a CLUE BY 4...
Note: TINLC ;-)

Ok, first, the only court docs we see is a TRO from a couple of months back. Second, since Linford didn't show, its a *default* judgement, meaning that the judge had to rule in favor of the plaintiff.

The interesting thing is that the FTC should have this guy on their radar screen. Any court documents filed by Lindhardt are a matter of public record. So he's pretty much set himself up for a fall.

So lets not knock the Courts for doing what they had to do.
Posted by dargon19888 (412 comments )
Reply Link Flag
Now the truth comes out...
<a class="jive-link-external" href="http://www.spamhaus.org/archive/legal/Kocoras_order_to_Spamhaus.pdf" target="_newWindow">http://www.spamhaus.org/archive/legal/Kocoras_order_to_Spamhaus.pdf</a>

Ok, so now things are a little bit clearer.

Spamhaus was going to fight, then backed off.
The judge's ruling kind of makes sense now...
Posted by dargon19888 (412 comments )
Reply Link Flag
Get a clue
The US court does not have jurisdiction. Plain and simple.
Or if I sue you in some court in Africa, are you going to travel to that court and defend yourself?
Posted by JoeF2 (1306 comments )
Link Flag
Publishing the list = blocking the spam
By publishing the list and advertising that this list will reduce spam and getting people to use the list is equal to blocking the spam. Spamhaus is in its essence responsible for peoples emails not getting through and should be responsible for there errors.
Posted by georgescott (48 comments )
Reply Link Flag
Uhm no...
Spamhaus is just one of the servers that offers RBLs.

As site admin, my mail server checks 4 or 5 of them as each e-mail comes in.

I'm catching most of the spam that hits my network, however some still gets through. (Bot-nets mostly).

The point is that the act of the RBL does not violate any laws.

As the administrator over my own site, I have the legal right to determine which traffic I allow to pass through and which to block.

If I choose not to use Spamhaus, then I don't use it. End of story.

This is why spammers hate RBLs. They are legal and they do reduce the amount of spam.

Now where's the FTC looking in on Lindhardt's business?
Posted by dargon19888 (412 comments )
Link Flag
Transcript
Has anyone actually read a transcript of the judgement? Cna c|net put a .pdf on line?
Posted by Omphalopsikite (2 comments )
Reply Link Flag
Transcript
Has anyone actually read a transcript of the judgement? Can c|net put a .pdf on line?
Posted by Omphalopsikite (2 comments )
Reply Link Flag
Spamhaus Internet terrorists.
Spamhaus Internet terrorists.

Becoming what you oppose
Editorial by Dave Hayes

Many folks have asked me why I stopped "contributing" to the everlasting debates in NANA (news.admin.net-abuse.*). I generally respond with something along the lines of "I don't wish to become that which I oppose". Indeed, recently I've "plonked" several entities (among them the terrorists known as "spamhaus" and "spews") simply because I no longer wish to beat my head against the stone wall of ignorance.

Terrorists? Yes that's right. One definition of "terrorism" is "attacking innocents in the name of your cause". Nowhere is this more ironic and extreme than in the deeds of my old nemesi, the anti-spammer zealotry collective, some of whom are now known as spamhaus and spews. The terrorism they practice is implemented in the form of "mail blacklists".

Blacklists are not a new notion. In the 1950's, the infamous McCarthy blacklists contained names of "possible communists", which ultimately led us to a more sterile culture.
The social costs of what came to be called McCarthyism have yet to be computed. By conferring its prestige on the red hunt, the state did more than bring misery to the lives of hundreds of thousands of Communists, former Communists, fellow travelers, and unlucky liberals. It weakened American culture and it weakened itself. ---Victor Navasky, Naming Names (New York: Viking Press, 1980)

Modern internet technology has created our own version(s) of social blacklists. Many anti-spam zealots have turned to this method for freeing their mailboxes from spam. Simply expressed, these organizations maintain databases which are supposed to contain the IP addresses of known spammers. They then provide these databases to various electronic mail servers, so that the servers can reject email based on what's in these databases.

The bottom line is, if the machine that sends your email is on this list, a number of mail servers will automatically reject all email from your server.

If (and only if) they restricted these blacklists to actual spammers, I doubt very seriously that I would have problem with this practice. If we could trust human beings to maintain a logical and calm viewpoint about life, I doubt that I would have a problem with these blacklists. Unfortunately we cannot trust these things in either case.

Fact: Spamhaus and spews have added innocent IP blocks to their blacklists.

The anti-spammer idealotry goes like this: "Anyone who gets service from a network friendly to spammers is supporting the spammers and therefore our enemy." (The friend of my enemy is my enemy too?)

So here's how this goes. Once a network provider is branded "a communist"...er excuse me..."a spammer", ALL of their IP ranges are blocked. Typically a network provider is providing services for smaller service providers, many of whom would never and have never engaged in spamming of any kind. No notice is really given on these blacklisting events, rather you find out when mail starts bouncing to some destination. Usually an end customer is the first to notice, and that customers is directed by the bounce to complain to...their own ISP!

In essence, the customer is tricked into presenting the terrorist anti-spam agenda to the ISP. The ISP turns around and finds out that their provider (or provider's provider) is what the anti-spam zealots want "silenced". Until that target complies with their arbitrary agenda (usually of the form "stop spamming", but this is not always true...see below), everyone else has to suffer with electronic mail blocks.

What's wrong with this? Everything.
* First and foremost, the most often heard reason anti-spammers are so rabid about anti-spam is "it makes electronic mail unusable for average people". If this is true, then how does blocking innocent email help this situation? In fact, blacklisting innocents contributes to the problem. The hypocrisy here is so thick I doubt even a knife can cut it. * The dishonor of the practice of blacklists is amazing. Many naive internet mail administrators add blacklists like spamhaus "because they work to reduce spam". Lots of these sites have no idea that they are being cut off from legitimate email because of these machinations. If their customers really knew that they were cutoff, I wonder how many would still buy service? Getting rid of spam is one thing, blocking that key business email that means $100K in sales is quite another. Lets take this one step further. Person A buys email service from ISP X who is using Spamhaus to block spam email. Person A's daughter, who's income is very low due to being a student in college, buys email service from ISP Y (because it's cheap) who uses IAP S as their connectivity. ISP Y buys network from IAP S because it's cheap. Due to real life constraints, the only contact Person A has with their daughter is email. IAP S suddenly gets put on the anti-spam master blacklist. The same day, Person A's daughter has a car accident. A roommate desperately tries to send email to Person A but it's blocked. Worse, it's blocked because these zealots have an idealogical cause which is set up to be more important than a person's life. This is the height of dishonor. * The practice is quite criminal by many definitions and with criminals on all sides: o Any ISP that is blocked is told to "comply with our demands or be blacklisted" (a.k.a. extortion). o Attacking innocents in the name of their cause (a.k.a. terrorism). o Since the control of the blacklist is out of the hands of the service provider who subscribes to it, by law you must clearly state "random people may be blocked to your email box by other people who are not under our control" before selling "email services". I've never seen this stated on any ISP ad. (a.k.a false advertising) o Blacklisting ISPs is a good way of knocking them out of business (a.k.a restraint of trade) o If spam ever goes away, these organizations will also. Thus they have a vested interest in keeping spam alive (a.k.a playing both sides of the street)

Do note that the anti-spammers claim these practices are not criminal and will "reduce economic support for the 'spam friendly' ISPs". This claim is quite erroneous:

Fact: Spammer companies have far more money than most innocents.

Yep, to the tune of millions of dollars per month. SPAM is big business. Do you think that the income of one little ISP with 1000 customers is going to make any difference against the large income of a spam company? No! All that does is clear more bandwidth for the spammers to use, should the little ISP cave in and switch to another provider.

While there's no proof (that I'm aware of), it's not so far fetched to open up questions of collusion between "the providers that are anti-spam" and the "anti-spam blacklists". Certain providers, to compete, may pay the blacklist groups lots of money to keep attacking innocents, which gets them more customers in the long run as ISPs fold because they cant afford the connectivity provided by the "anti-spam supporter" providers.

I've established some things here:
1. In my opinion, blacklists are bad. 2. The anti-spammers are resorting to clearly criminal activities to further their goals: extortion, restraint-of-trade, terrorism. 3. The effect the anti-spammers are trying to have by blocking innocents only works to destroy email connectivity, the cure is worse than the disease.

This brings me to my concluding point. The original complaint against spammers included accusations of being criminal. Most spammers are considered criminal. Yet look at the anti-spammers! In their undying eternal zeal to end spam, they have become just what they oppose! Criminals and email destroyers. Gee, isn't this what they call the spammers?

The aware person realizes that fighting something only makes it stronger. Indeed, when you see two people rabidly on one side or the other, it's very hard to distinguish the two. They almost appear to be the same person, willing to commit any atrocity for the sake of their ideology or economics. What more do I need to know?

So, in a roundabout way, that's why I don't participate. I've done my days of tilting at windmills. I've presented my pearls, but the swine didn't hear any of them. They've misrepresented my position countless times for their own agendas, failed to understand even the most basic of the concepts I've explained, and twisted what I've said to make me out to be something I am not. ("Spam supporter"...lol)

I have finally realized that it has less to do with the ability to understand, it's mostly that they are not willing to understand. So in that climate I should once again venture forth into that primal never-ending argumentia that is NANA?

No. I'm sorry. I have far better things to do.
Posted by truedomainprivacy. (3 comments )
Reply Link Flag
wow
There are no words to describe the insanity and stupidity of your post.

Spamhaus are run by humans, if they make a mistake it is easy to get off the list, unless you are an actual spammer.
Posted by qwerty75 (1164 comments )
Link Flag
Just wait a moment.
I read all of this, and that's just fine, believing that the innocents harmed(Mostly temporarily) by their brash and knee-jerk reactions to spam is more important than blocking the spam itself.

Spamhaus may be "non-profit" but they make a pretty bundle in other, more unsavory areas, anyhow, fighting something makes it strong.-

-No, I'm sorry, but just No, are you telling me that if we let Spam, the terror of the internet, have free reigh, undeterred, free to go where it pleases without anything stopping it, on the INTERNET of all places, that it would become weaker?

I hate to Break it to you, but the entire goal of spamming is to reach more people, and despite so many measures taken against corporations who spam, and so many of them not generating that "magic" revenue they thought they would, and thus crashing into dust, they continue. Do you have *any* idea what would happen if we allowed them to send all of the messages they wanted? Without anyone to keep us informed?

Chaos isn't the word I'm looking for, more like Misery, Spam becomes stronger, not because it's fought, but because greed is stronger than any barrier, any blocked IP, the idea that one can become rich from the annoyance and even misery of others, with very little of your own money spent, essentially an all-return financial opportunity, is what drives the spam corporations.
Posted by Revrant (39 comments )
Link Flag
wow?
Not as stupid as the nature of RBL lists are. Configure as many RBL filters as you can on your server and post your e-mail address here. I guarantee that you will receive 20-30 spam messages per day in about a week. Unlucky inocent customer whos ISP is not very confident and doesn't cooperate with spamhaus will have lots of problems sending e-mails and finaly will be forced to change an ISP.

This you see that RBL owners potentionaly can dictate their rules to ISPs and even control them.
Posted by Bogerm (6 comments )
Reply Link Flag
Voluntaraly?
No quite right. This "choice" costs me extra 500 quids per year...
Posted by Bogerm (6 comments )
Reply Link Flag
Trying to be cute, eh?
The plural of "quid" is not "quids"...
Posted by JoeF2 (1306 comments )
Link Flag
SPAM friendly ISPs
When you talking about SPAM friendly ISPs please don't forget that when I buy static IPs from ISP I actually own them. Why the hell ISP should be forced to fight spam? Not all of them want that. SPAM is not prohibited everywhere.
You know that BMW is the car most liked by young gungsters? According to your logic lets remove all BMW from our roads or force BMW dealers to check their clients for criminal history before they sell cars?
Posted by Bogerm (6 comments )
Reply Link Flag
No, you don't
You don't own the IP addresses. You just rent them.
Check your contract...
US IP addresses are owned by the companies that have them listed in the ARIN database.
Posted by JoeF2 (1306 comments )
Link Flag
This remindes me....
This reminds me of something that happened a few years ago between france and yahoo.com. IMHO, Spamhaus was correct in telling the spammer to "go pound sand". Now is that spammer going to sue the ISPs that use Spamhaus into accepting spam? He's going to have alot of lawsuits to file.
Posted by Maelstorm (130 comments )
Reply Link Flag
RE: This remindes me....
Fortunately big ISPs don't use spamhaus directly. Most of them use their own anti-spam solutions or something nice like spamassassin, which allow to make decision based not only on results from single RBL list, but on combination of different spam detection methods.
Posted by Bogerm (6 comments )
Link Flag
lawsuits
He'll probably get the Justice Department to do it for him since Spamhaus didn't show up to defend themselves, or even make a statement! The ISPs using Spamhaus are probably already being investigated for collusion to deny civil rights, or monoply practices. Nothing would surprise me when it comes to the JD and their attorneys.
Posted by dland51 (91 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.