Best Practices for Being Permanently Added to the RBL

• Previous message (by thread): cw.net congestion in Seattle?
• Next message (by thread): Best Practices for Being Permanently Added to the RBL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RBL Working Group                                              Ben Black
INTERNET DRAFT                                          Layer 8 Networks
Obsoletes: draft-ietf-rbl-selfdefense-00.txt       

                                                           November 1998
                                                        Expires May 1999


         Best Practices for Being Permanently Added to the RBL
                 <draft-ietf-rbl-permanent-00.txt>

Status of this memo

   This document is an Internet-Draft. Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups. Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   To view the entire list of current Internet-Drafts, please check the
   ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), or ftp.isi.edu (US West Coast).

Abstract

   The Realtime Blackhole List (RBL) service from the Mail Abuse
   Protection System (MAPS) is a completely free and voluntary system
   for creating intentional network outages to limit the propogation
   of unwanted, unsolicited, mass e-mail (SPAM).  Many purveyors of
   SPAM and SPAM-related services have had little trouble in getting
   themselves added to the MAPS RBL, but certain providers of web 
   hosting services whose customers engage in SPAMMING have expressed
   concern that at some point in the future they may be removed from 
   the MAPS RBL, exposing millions of innocent e-mail users to a
   barrage of SPAM.  This document offers a description of the best
   current practices for guaranteeing that your company stays on the
   MAPS RBL.


1. Terminology

   Throughout this document, the words that are used to define the
   significance of particular requirements are capitalized.  These words
   are:

      - "MUST"
         This word or the adjective "REQUIRED" means that the item is an
         absolute requirement of this specification.

      - "MUST NOT"
         This phrase means that the item is an absolute prohibition of
         this specification.

      - "SHOULD"
         This word or the adjective "RECOMMENDED" means that there may
         exist valid reasons in particular circumstances to ignore this
         item, but the full implications should be understood and the
         case carefully weighed before choosing a different course.

      - "SHOULD NOT"
         This phrase means that there may exist valid reasons in
         particular circumstances when the listed behavior is acceptable
         or even useful, but the full implications should be understood
         and the case carefully weighed before implementing any behavior
         described with this label.

      - "MAY"
         This word or the adjective "OPTIONAL" means that this item is
         truly optional. One vendor may choose to include the item
         because a particular marketplace requires it or because it
         enhances the product, for example; another vendor may omit the
         same item.


2. Best Practices

   Although there are many successful methods for achieving a lifetime
   membership in the RBL, the following have proven the simplest and most
   expedient.

2.1 Verbally Harassing the Maintainers of the RBL

   The maintainers of the MAPS RBL are all volunteers with an interest in
   making the Internet less of a haven for nefarious SPAM merchants.  
   This is a fundamental technique which SHOULD be attempted by ALL service
   providers wishing to burn all possible bridges.

2.2 Sending SPAM Demanding Removal from the RBL

   Nothing says "Blackhole me!" like sending an unwanted mass mailing to
   potential subscribers of the MAPS RBL service.  Service providers
   in the market for a new line of work unrelated to the Internet MUST
   SPAM as MANY other service providers as possible to maximize their
   chances at a coveted RBL Blackhole Lifetime Membership.

2.3 Threatening Lawsuits

   Even the most stalwart RBL maintainer may later have mercy later if
   only the suggestions in Sections 2.1 and 2.2 are followed.  To avoid
   this eventuality, service providers SHOULD threaten to sue not only
   the RBL maintainers, but also all RBL subscribers.

   When responding to queries regarding the upcoming legal action,
   providers MUST NOT resort to the use of logic and common sense.  Hard
   work definitely pays off in this area.

2.4 Proper CAPITALIZATION

   One of the keys to a successful SPAM demand or threat is proper
   capitalization.  Unlike normal English usage, providers MUST randomly
   capitalize ENTIRE words for no APPARENT REASON.  E-mail which
   follows this rule is certain to have a major impact on all readers.


3. Example of Advanced Techniques
 
   This outstanding example illustrates a complete mastery of all the
   tecniques listed above.  The sender of this message is obviously
   highly motivated in his quest to remain on the RBL until the end of
   time.

-- start --

From: "Alan R. Bechtold" <alanbechtold at sysop.com>                   
Subject: Using MAPS will get you SUED!!!                              
Date: Wed, 18 Nov 1998 11:48:11 -0800                                           

It has come to my attention that your company utilizes the MAPS 
BLACKHOLE list to block purported SPAMMERS from sending E-mail to your 
system. While the idea might sound good I am writing to inform you that 
you will be named in a Federal Lawsuit if you do not CEASE AND DESIST 
use of this list IMMEDIATELY.

Here is why:

My company, BBS PRESS SERVICE, INC., designs and hosts Web sites. That's 
all we do. We don't sell access to the Internet. We don't sell E-mail 
accounts. Besides some E-mail accounts for our employees to use when 
contacting our customers, and one E-mail account we use to send out a 
weekly newsletter to our customers, we don't generally handle any E-mail
at all.

I am anti-SPAM. I advise all of my 5,000+ clients against the use of 
SPAM. Still, two have used it to promote sites we host for them.

Naturally, this resulted in our receiving the usual barrage of E-mails 
DEMANDING that we remove the Web sites of the offending parties. Our 
attorneys have advised us that it is NOT in our best interest to do so. 
Removing the Web site of anyone for something they did OUTSIDE of our 
system, even if it was indeed PROMOTING a site hosted on our system, 
would in fact expose my company to possible lawsuit from the SPAMMER!

I understand many Web site design and hosting services stipulate in 
their contracts that they reserve the right to pull any site if evidence 
of SPAMMING is seen -- but my attorneys have also advised me that this 
is completely unenforceable in court and wouldn't stand up to a court 
challenge.

I don't know about you but I am totally opposed to being REQUIRED to 
take action against anyone for anything they've done outside of my 
control. Do we also want to become liable for pulling Web sites held by 
anyone who is convicted of a crime...any crime? Wouldn't this lead to 
the requirement of background checks, to make sure a Web site customer 
has never indeed beenconvicted of a crime?

The ramifications are tremendous.

Anyway -- I write to anyone complaining about SPAM from a client of mine 
(and they do track down the Web site host even if we didn't originate 
the SPAM) and inform them of my position.

One person apparently forwarded my reply to MAPS. Even though my reply 
states CLEARLY that I am OPPOSED to SPAM, the kind folks at MAPS decided 
to add my company's IP to the list anyway. The problem is -- they won't
TALK about resolving the problem. Their "volunteer" hung up on me when I
called, after first being outright surly and rude with me. I tried 
E-mailing Paul Vix to tell him to remove my company's IP from his list 
but -- guess what -- my E-mail got REJECTED by his system because he 
uses the list! I finally got a message through by going through another 
provider. Meanwhile Paul Vix has not returned my urgent calls and hasn't 
been available on the phone when I do call.

This is causing my company irreparable harm. MAPS' whole attitude and 
the way they create their so-called LIST is, because of my case alone, 
entirely questionable. And he has left me little choice but to file suit 
against Paul, MAPS and anyone associated with the LIST or using it in 
their products or on their services.

This is where you come in. I am writing to tell you right now -- cease 
and desist from using the MAPS BLACKHOLE list on your service 
IMMEDIATELY. I will be including anyone and everyone still using the 
MAPS list in my lawsuit against MAPS. Period.

You might also want to contact Paul Vixie and let him know the legal
jeopardy his methods have placed you in. By comparison, the SPAMMERS are
starting to look like the "good guys." I know they're not and you know 
they're not but MAPS must end here and now.

I would appreciate your comments and cooperation.

-- end --


4. Author Information



Ben Black
Layer 8 Networks
email: black at layer8.net

• Previous message (by thread): cw.net congestion in Seattle?
• Next message (by thread): Best Practices for Being Permanently Added to the RBL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]