NordVPN Promotion

Home / Blogs

We Hate Spam Except, Of Course, When It’s Inconvenient to Do So

Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT.

Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like “This is, strictly speaking, terrorism.” Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no.

The SBL is a list of spammers. They list and document sources of spam, they talk to networks and hosting companies to be sure they understand why they’re listed, and, most importantly, when the spam stops, the SBL unlists them. The SBL web site has extensive documentation on each listing.

In this case, the SBL listing in question is for a site called textileshop.com which has a long and well-documented history of spamming that has gotten them kicked off other ISPs. Spamhaus has told Yahoo that textileshop is a spammer, has documented it, and Yahoo’s done nothing about it, despite having a comprehensive anti-spam policy. So the SBL did what they usually do in such cases: they added the single IP address where textileshop’s web site lives to the SBL. It turns out (probably by coincidence), that it’s the same server that hosts Graham’s site sharing the same IP address and hence the same SBL listing.

What’s telling here is Graham’s reaction. Did he castigate Yahoo for failing to enforce their own policy so that he got SBL-ed due to their sloppiness? No, he blamed the SBL for inconveniencing him, even though that would have meant giving textileshop a free pass, in effect turning Graham into a human shield for any spammers sharing his server.

The biggest reason that we don’t make much progress against spam is that most people don’t think it’s worth the effort. ISPs knowingly sell service to spammers (MCI most egregiously, according to Spamhaus) because they’re not willing to forego the revenue. Tens of millions of PCs are worm-controlled zombies, because the users don’t deworm them because they think it’s too much trouble to fix (even when they know what’s going on which they often don’t), ISPs don’t quarantine them from the net because it’s too expensive to take the support calls, and Microsoft doesn’t provide either useful worm and virus removal tools or worm- and virus-resistant versions of their software for reasons we can only speculate about. On the non-technical front, effective anti-spam laws are repeatedly derailed because they might inconvenience direct marketers.

So who are we kidding? Do we really want spam to stop? I wish I knew.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Larry Seltzer  –  Jun 21, 2005 5:55 PM

I have been trying to investigate the data in this article and can’t get it all to add up. A post in an otherwise typically silly Slashdot thread duplicates my quandry. What happened, am I looking at this wrong or did they change his address already, or what?

In general I understand the basic point of collateral damage, I’ve been a victim in exactly the same way many years ago with a domain hosted by Interland.

John Levine  –  Jun 21, 2005 6:12 PM

See the comments on the original copy of this story at http://weblog.taugh.com/ and follow the link to Spamhaus in the story itself for more info on what Spamhaus blocked. Since textileshop has been hopping around, it’s the address of the Yahoo commerce server that textileshop uses to process its orders.

Larry Seltzer  –  Jun 21, 2005 8:24 PM

It sure is odd that a classic vanity site would be on a commerce server, but Steve Atkins’ post certainly seems to clear that up.

BTW, Yahoo! has been perhaps the top host for phishing sites for a while as well. The behavior I attribute in that column continues, although they do have a complaint page now.

Paul Graham  –  Jun 27, 2005 5:13 PM

The IP address spamhaus blacklisted because of textileshop is 66.163.161.45, which is what store.yahoo.com resolves to.  So while that is “a single IP address” it is shared by the cgi scripts of all the thousands of Y Store users.

John Levine  –  Jun 28, 2005 7:59 AM

Right. So why aren’t you pushing your buddies at Yahoo to get rid of high profile, well documented spammers? They need only enforce their AUP.

Paul Graham  –  Jun 29, 2005 3:16 PM

I point out an error that invalidates the central claim of your article (“So the SBL did what they usually do in such cases: they added the single IP address where textileshop’s web site lives to the SBL.”) and you reply by changing the subject.

It woud be more honest to append a clarification pointing out that you misunderstood the scale of Spamhaus’s action.  When you realize they deliberately blacklisted an IP address shared by thousands of sites, you can see that they really have started doing the kinds of things MAPS used to.

As for the new subject: I left Yahoo 6 years ago.  I don’t even know the names of the people in charge of this software now.

The Famous Brett Watson  –  Jun 30, 2005 7:45 PM

Paul, that’s not a change of subject—I think you’ve misunderstood. I believe John is suggesting you should push your buddies at Yahoo to ditch the spammer in your capacity as *current customer*, rather than *ex employee*. So why don’t you complain to Yahoo about their willingness to host this spammer, instead of ranting about Spamhaus? Why don’t you take your business elsewhere? Is it *because* you’re an ex-employee?

Spamhaus is blocking the smallest amount of address space they can block to target the spammer. If they did any less, then they’d effectively be telling the ISP world, “you can host as many spammers as you like, so long as you mix them with a sufficiently large number of innocent people.” Spamhaus aren’t going out of their way to create collateral damage; it’s a case of Yahoo using you and others as human shields. (Complicit human shields who cry “terrorism” when inconvenienced, no less.)

Paul Graham  –  Jun 30, 2005 9:02 PM

Spamhaus did not list the minimum number of IP addresses to target the spammer.  They listed the spammer’s IP address, and also another IP address shared by thousands of Yahoo Store users.

As for getting Yahoo to delete the spammer’s site, I have no more influence there than any other ISP customer who was collateral damage of an overly broad blacklisting.

Paul Graham  –  Jun 30, 2005 9:09 PM

Yahoo appears to have booted the spammer several days ago.  But since Spamhaus’s system doesn’t have the ability to notice that the spammer’s site has moved, the blacklist entry will presumably remain for days or months, now harming *only* innocent victims.

The Famous Brett Watson  –  Jul 1, 2005 3:59 AM

The only influence you need is the ability to take your business elsewhere. It’s the only way to educate an ISP that wilfully accepts pink money, and it also solves your blacklist problem. But I can see that you’d rather sit on this particular thorn and complain about it than move, and such is your prerogative.

John Levine  –  Jul 1, 2005 7:56 AM

Paul is correct that there is a minor error in my note. It should have said the IP “where Textileshop collects their orders” rather than “where Textileshop’s web site lives.”

Re their moving, since Paul would evidently rather complain than solve his problem, I sent a note on his behalf to Spamhaus pointing out that textileshop has moved on to monstercommerce.com.

ron  –  Feb 11, 2006 7:24 PM

Famous Brett.
You state “The only influence you need is the ability to take your business elsewhere. It’s the only way to educate an ISP that wilfully accepts pink money, and it also solves your blacklist problem.”

I would ask you, why should he have to go through all that trouble? It was not his issue to begin with.

When the real problem is erroneous shotgunning procedures practiced by an SBL that claims its intentions are good but in reality seems to be more interested in flexing it’s own muscle in a future bid to feather it’s own nest.

My guess is, that you’ll find that SBLs are doing far more damage to innocent people than spammers ever have. Sure they load up your mailbox, but the spam is easy to delete or block locally. But Spammers are not rejecting our legitimate email!

So looking into the future I say this, “here we sit, our mail being blacklisted, completely innocent of charges leveled by SBLs while our mailboxes fill up with spam that the SBL is not capable of blocking.  uuuhhh, maybe that should tell us something??  that the real intent of an SBL is to gain enough power to whitelist the spammers that pay their dues (to guess who) and blacklist everyone who doesn’t pay their tithes”.

Hope Not!

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

NordVPN Promotion