Re: [EXIM] RBL

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Evan Leibovitch
Date:  
À: John Bolding
CC: exim-users
Sujet: Re: [EXIM] RBL

On Sun, 23 Nov 1997, John Bolding wrote:

> >There is a good reason why the RBL maintainers have to be very careful
> >about their relationship with anti-competition laws that exist in the US
> >and elsewhere.
>
> Perhaps I missed something in the pages at maps.vix.com, but I did not
> see anything about "anti-competition laws".


Then you didn't look very hard. Check out
http://maps.vix.com/rbl/rationale.html#Legality
where the authors fully realize,

    "...we worry every day about the Sherman Antitrust Act."


    "Are our actions interpretable as conspiracy in restraint of trade? So
    far, no. We've been threatened with legal action on about a dozen
    occasions, and our legal advisors have said IT WILL DEPEND ON THE
    JUDGE YOU GET." (emphasis theirs)


> >I'm trying to consider the effect on blameless victims, such as the
> >non-spamming customers of spam-friendly sites. And let's not blind
> >ourselves out of righteous indignation, RBL *will* produce some innocent
> >casualties.
>
> Sure. And they can complain to their provider.


This is exactly the kind of attitude that *will* cause a backlash. Most
users will have no idea where in the chain the problem is occurring. Their
ISP may (and probably will) insist that the problem is at your end,
because you are artificially blocking mail that fully meets the SMTP spec.

> >I also believe that there is a grey area between spam and solicited
> >commercial email solicitations, with which binary solutions such as RBL
> >are incapable of coping. It is in these grey areas where the RBL people
> >are on their shakiest legal footings.


> Again with the "legal" aspect. Use of the RBL is __optional__.


Do you as an admin get the explicit consent of every user, every mailbox
owner on your system/network, before implementing RBL? If not, it's hardly
voluntary for them, is it?

There is an implicit trust between you the admin and those who use the
systems you run, that their systems will operate normally and in a manner
they expect. Implementing RBL is a significant change in your sites'
email acceptance policy; are all your users OK with this? Breaking a
trust -- even an implicit one -- is not taken kindly by all involved.

> Plus, I do not want ANY unsolicted email. Period.


It's not that clear cut and you know it. The line between "unsolicited"
email and that which you permit, directly and indirectly, is much finer
than you may (have us) believe. And it will get even finer as the net
matures and its users get more sophisticated.

Scenario: You subscribe to my magazine. At the bottom of the subscription
form is a box that you check if you do not want your name used on any
subsequent mailings that I, the publisher may want to send you or allow
others to do.

You do not check that box. As a result, I sell a mailing list to
CyberWidgets, which has a new product to introduce. The money I make
from the sale of the mailing list keeps the cost of the subscription low,
thus giving you the subscriber a direct and measurable monetary benefit.

CyberWidgets sends you an email announcement. You do not recognize them,
nor do you ever recall giving CyberWidgets your address. You (and others
like you) add CyberWidgets to the RBL list, since nobody had ever heard of
the company before, let alone asked for mail from them. As a result, no
system trusting the RBL will accept its mail, even if its users may be
interested in the announcement.

Is CyberWidgets a spammer? By the strict and narrow definition you gave,
absolutely. But is it so obvious to all?

CyberWidgets does not consider itself a spammer, since it only wanted the
email addresses of people subscribed to magazines in a specific
demographic, not just a shotgun approach. It obtained the list of
addresses from a good-faith source that did not just search the net for
targets. Yet the damage is done, their reputation is hurt, and they have
IMO justifiable cause to believe that you *did* give consent to their
mailing by not checking that box when you subscribed.

Does CyberWidgets have legal (let alone moral) recourse against those who
arbitrarily passed judgment on their actions, branding them spam and
restricting their ability to do business by announcing their product? You
may not think so, but I'm not so sure your argument of theft of service
would stand up to heavy scrutiny here -- especially if it can be
demonstrated that you benefitted monetarily from allowing a list
containing your address to be sold.

I also do not buy into the argument that because remove-lists from current
spammers do not work, that remove-lists never will work. As the society
settles down with the culture shift being caused by the Internet, social
norms will be established. Techniques such as RBL are a way to prod
society to move in a certain direction, and I believe they will succeed,
but they are only transitional tools.

> Speaking for the sites that I maintain, we will use the RBL until
> SPAM, like Junk Faxes, is a relic of the past.


Fair enough. Just make sure that all your email users are aware of your
actions, understand the implications, and have an ability to opt out. Also
be aware that as the culture evolves, not all apparently-unsolicited-email
will come from sleaze merchants, that some will have a legitimate interest
to reach you, and your self-righteousness in stopping them may be
interpreted by some as illegal restraint of trade.

Again, keep in mind that I still agree with the concept of the RBL and
will probably use it when the production release of exim includes it
(upon, of course, getting the consent of of all the systems' users). But
I will continue to maintain it is only a short-term stopgap with
significant drawbacks of its own.

------------------------------------------------------------------------------
Evan Leibovitch, Sound Software Ltd, located in beautiful Brampton, Ontario
Supporting PC-based Unix since 1985 / Caldera & SCO authorized / www.telly.org
----------------- HURD is to Linux as Plan 9 is to System V ------------------


--
*** Exim information can be found at http://www.exim.org/ ***