Lawsuit threat against RBL users

• Previous message (by thread): Lawsuit threat against RBL users
• Next message (by thread): Lawsuit threat against RBL users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Karl Denninger <karl at Denninger.Net> writes:
>On Thu, Nov 19, 1998 at 12:51:05PM -0800, George Herbert wrote:
>> Karl Denninger <karl at Denninger.Net> writes:
>> >[...]
>> >The collusive aspect of this is downright scary, especially when coupled
>> >with threats of depeering, active denial of service attacks, etc.
>> 
>> Let's put two scenarios forwards.
>> [...]
>> In the first case, there is clearly a connection between the
>> spamming and the website that gets RBLed; it was directly advertised
>> by the spams.  That direct link is sufficient under current RBL rules
>> and meets my definition of terminatable customer.
>> In the second case, one of the sites meets the above definition, 
>> but the sites at U and V (which may be for completely unrelated
>> subsidiaries or groups within B) don't necessarily.  This might
>> begin to approach an illegal blacklist.
>> The question is, are any cases similar to scenario 2 actually happening?
>> As far as I know, no.  Companies that have many websites that are having
>> all their ISPs pressed to nuke them generally are spamming to advertise
>> most or all of them, not just one or a few.  
>
>Ok, let's put another scenario out there, one which IS somewhat likely:
>Company A has a web site hosted at ISP Z, and a bunch of throw-away dial-up
>accounts on ISPs P, Q, R and S.  They spam through P, Q, R and S, advertising
>the site hosted at ISP Z and giving a "freemail" (ie: hotmail, juno, etc) 
>reply EMAIL address.  All four of those dial providers cut *THE SPAMMER* 
>off.
>The spammed people also complain to ISP Z, and ISP Z tells the complainers 
>to stuff it, because (1) there is no PROOF that Company "A" actually did
>the spamming, and (2) no offensive data was emitted by ISP Zs machines.
>ISP Z gets RBLd, even though *ISP Z* was not a party to the spamming, 
>and ISP Z *never touched or emitted the spam*.  Worse, what gets RBLd
>is ISP Zs mail server, which (if Company A is web hosting there ONLY) 
>was not only uninvolved, but is irrelavent to the offense (since ISP Z
>only sold Company "A" web service).
>ISP Z has just had its business policies dictated by unrelated people and
>NOT because they committed (either directly or through a customer acting
>on their system) an offense - further, OTHER customers of ISP Z (who buy 
>mail service from them) have been harmed, even though (1) ISP Z wasn't 
>involved in the infraction, (2) Company "A" didn't do anything objectionable
>*ON* ISP Z, or THROUGH ISP Zs equipment, and (3) the sanction is not in any 
>way related to the offense (ISP Zs mail service is damaged, although their 
>mail server was not abused, and in fact Company A doesn't get their mail 
>through ISP Z).

While your scenario is a distinct possible problem with a RBL-like
list, I don't think it's possible under the existing RBL rules and
procedures that exist.

[Please keep in mind in the following that I am not an RBL volounteer,
so I may be getting details wrong... Dave and Paul are on nanog and
can correct anything I misstate, though, I assume]

RBL policy is that they won't block anything more general than
is warranted by particular spam complaints and the subsequent
actions in response to those complaints or to a pattern of complaints.  
For example, a bunch of complaints come in reporting that various
dialups spammed ads for www.biteme.com, a masochist oriented porn site,
which is hosted on an IP address which is part of wehost.net .
The proper procedure is that people complaining to RBL have to
have contacted wehost.net and not gotten appropriate responses.
RBL people will (always?) contact wehost.net for a final warning
and status check prior to the block, and will only block
the /32 corresponding to www.biteme.com's actual IP address.
Thus, no wehost.net customer other than biteme will be inconvenienced.

What begins to approach your scenario is the situation where
wehost.net has had a really significant number of customers
who did the same thing and refused to act appropriately about
any of them.  At that point, (that point being defined somewht
nebulously here, but bear with me), it changes from an innocent
ISP scenario to one where the ISP is acting as a knowledgeable
and culpable host to multiple spamming sites.  At that point,
the ISP may be acted against as a whole, under current RBL rules.
But not before.

So yes, under (as I understand them) existing RBL rules, it is possible
for purely innocent parties to get bitten (other non-spam related
customers of wehost.net) if the ISP fails to respond properly
for a significant length of time and number of incidents.
I feel that's fair; if the ISP becomes the problem, then they
should feel some heat.  As long as the criteria for the ISp
being RBled as a whole are sufficiently demanding so ISPs that
are merely slow or not-entirely-cooperative don't get unnecessarily
RBLed, that makes sense to me.


-george william herbert
gherbert at crl.com    I neither speak for nor work for CRL at this time.

• Previous message (by thread): Lawsuit threat against RBL users
• Next message (by thread): Lawsuit threat against RBL users
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]