[SC-Help] Disturbing allegation from Edward W. Felten
Edward Reid
spamcop-help@news.spamcop.net
Wed, 21 Aug 2002 3:12:36 -0400
On Tue, 20 Aug 2002 7:47:47 -0400, Larry Kilgallen wrote
> Actually, he cannot. The entity that receives the complaint can do so,
> but he was not the one who received the complaint. (Remember, he said
> they would not show him the complaint.)
Well, in one paragraph he said they wouldn't, but in another paragraph
he said they did ... I guess consistency is out at Princeton.
In response to several other postings, it's important to note that
Felten's ISP is hosting his web site at the same IP address as the mail
server that was listed for spam emission three weeks ago.
OK, and here's what I've submitted to comp.risks ... my acceptance rate
there is, I'd guess, between 10% and 20%, so the chance that it will
actually appear is low, especially since there's going to be a large
flood of responses. So I'm post it here to get my 15 seconds if I can't
have 15 minutes ...
========================
> I recently set up a web site at www.freedom-to-tinker.com. It's a weblog
> containing my commentary on various issues. Earlier this week, my ISP shut
> off the site, because the site had appeared on a list of "spammers"
> published by an outfit called SpamCop.
SpamCop does not list domains. SpamCop lists IP addresses. Mr Felten's
ISP was hosting his web site on the same IP address from which they
failed to block a well-documented spam run on July 31. The listing
should have cleared by August 10 -- that's a 3-day limit for complaints
to be filed, and the listing automatically expires after 7 days if
there are no further complaints, and the record shows no further
complaints.
> Apparently, this happened because one person, whose identity I was not
> allowed to learn, had sent SpamCop an accusation saying that he had received
> an unwanted e-mail message, which I was not allowed to see, that did not come
> from me but that did mention my web site.
SpamCop does not list domains. If indeed this was a complaint regarding
the domain (the web site), then the totality of the complaint was in Mr
Felten's ISP's hands. They are free to share it with him if they judge
this to be appropriate. Why they did not, I do not know. However, I
suggest that Mr Felten should take this up with his ISP, since they are
the ones withholding information from him.
The complaint sent to the ISP contained the entire body of the original
message. It did not contain the identity of the submitter. The reason
for this is well known: it's widely agreed that some spammers, on
receiving a "signed" complaint, add that address to a "known live" list
of email addresses, which is sold for a higher price because the
addresses are "verified". There are also spam houses which put
complainers on a "global block" list, thus attempting to hide the scope
of the spam problem from those willing to do something about it.
However, SpamCop does provide a method of communicating with the
submitter (reply to the report and click a link to indicate that you
are a real person rather than an autoresponder). Furthermore, if the
recipient of the complaint files a counter-complaint with SpamCop,
claiming a false report, the counter-complaint is taken seriously.
SpamCop DOES blacklist its own members for making false reports.
> On that "evidence" SpamCop
> declared me guilty of spamming and decreed that my site should be shut down.
SpamCop does no such thing. SpamCop NEVER "decrees" or even recommends
that a site be shut down (though certainly individuals often do so, but
not with SpamCop's backing). SpamCop forwards the message to the
appropriate party and gives them the responsibility of taking
appropriate action, whatever that may be. Spam fighters -- including
those active with SpamCop -- agree that education should be the first
avenue for correcting spam problems.
If Mr Felten's ISP shut down his web site based on a single complaint,
then either 1) they had some other reason and used this as the excuse,
or 2) they are incompetent. We'll give Mr Felten the benefit of the
doubt and assume he hadn't given his ISP any other reason. Anyone who
has been in the ISP business -- or any task with public contact -- for
more than about five minutes knows that random, unfounded complaints do
occur. Competent ISPs act to censure their clients only after receiving
sufficient well-founded complaints.
Thus Mr Felten has a gripe with his ISP. I can't guess why he is trying
to take it out on SpamCop instead.
> Never mind that I had never sent a single e-mail message from the site.
> Never mind that my site was not selling anything.
Neither is relevant. Most ISPs prohibit advertising by UBE any site
which they host; it matters not whether the site is commercial or
whether the UBE actually originated from the site. Cursory research
would have determined this.
If Mr Felten did not send UBE advertising his site, then these
statements are not relevant. They are, however, defenses often claimed
by spammers. Be careful of the company you keep.
> Naturally, I was not allowed to see the accusation, or to learn who had
> submitted it, or to rebut it,
Why is this natural? Does Mr Felten really hold his ISP in such low
regard that he finds their withholding this information from him to be
"natural"? And if he does, then why does he use their services when
there are many other choices available?
> or even to communicate with an actual human
> being at SpamCop.
There are multiple open, public forums at SpamCop, accessible by either
NNTP or via the web. One can post anonymously. The forums are read
regularly by several people who can (and do) adjust the SpamCop records
to correct errors. I have searched the forum archives and find no
evidence that Mr Felten has posted about this issue.
Therefore the issue isn't that Mr Felten wasn't allowed to communicate
with anyone at SpamCop. The issue is that he didn't try, yet chose to
complain publicly, and even to state publicly that he had been denied
the opportunity to communicate, when he demonstrably didn't try.
> You see, they're not interested in listening to
> complaints from spammers.
If you examine the SpamCop forum archives, you will find a great many
cases in which SpamCop members have patiently attempted to explain to
spammers -- real senders of UCE based on their own descriptions of
their activities, though they invariably claim that what THEY sent
wasn't spam -- just what the issues are. It's true that neither SpamCop
nor its members are interested in spammers' excuses, but the record
shows that we are ready, willing, and available to communicate, to
educate, and to correct real errors.
Besides, what's the relevance of this statement? Is Mr Felten saying he
had trouble getting through to SpamCop because he is a spammer? If he's
not a spammer, why did he make this statement?
> With help from my ISP, I eventually learned that the offending message was
> sent on a legitimate mailing list, and that the person who had complained
> was indeed subscribed to that list, and had erroneously reported the message
> as unsolicited.
This flatly contradicts Mr Felten's earlier statement that he was not
allowed to see the message. Perhaps Mr Felten is giving his ISP credit
for "helping" him when what they actually did was to discover the
message in their inbox and forward it to him? In any case, such public
accusations should not be riddled with internal contradictions.
> Ironically, the offending message was sent by someone who
> liked my site and wanted to recommend it to others. Everybody involved (me,
> my ISP, the person who filed the complaint, and the author of the message)
> agreed that the report was an error, and we all told this to SpamCop.
> Naturally, SpamCop failed to respond and continued to block the site.
Once again: SpamCop does not list "sites" (that is, domains). SpamCop
lists IP addresses. The IP address of Mr Felten's web site had recently
been used for a spam run and was listed because of that.
Furthermore, although the SpamCop list is called a "block list" because
of its structure and access method, the SpamCop web site clearly warns
that it can block legitimate email and SHOULD NOT be used to filter
critical email. SpamCop does not block anything. SpamCop cannot block
anything -- it doesn't have its thumbs in the pies necessary to do such
blocking.
The listing was removed when a week had passed since the last complaint
about the previous spam run. (To avoid excessive delays, SpamCop
requires complaints to be filed within three days of receipt, or else
SpamCop will take no notice.) Most ISPs, when caught misconfigured, say
"oops", fix the problem, and wait the week for the listing to expire.
It's generally not a big enough deal to panic over, though sometimes
enough to push a lazy ISP into acting.
Most ISPs are embarrassed to be caught allowing spam, even
accidentally. It sounds like Mr Felten's ISP was sufficiently
embarrassed to try to blame their problems on someone else.
> Why did my ISP shut me down? According to the ISP, SpamCop's policy is to
> put all of the ISP's accounts on the block list if the ISP does not shut
> down the accused party's site.
SpamCop does not list sites. SpamCop does not list accounts. SpamCop
lists IP addresses. Yes, I am repeating the explanation. The reason I
am repeating the explanation is that Mr Felten keeps repeating the same
erroneous claim.
AFAIK, no one filters HTTP connections using the SpamCop list. A few
administrators filter SMTP connections using the SpamCop list. The
responsible ones do not refuse the connections or drop the email; they
simply add a header tag to allow the end user to act if he/she so
desires.
So the extent of the problem is that email from Mr Felten's ISP might
be tagged by some receiving servers, and a few very aggressive servers
might reject it. This was based on the previous spam run and had
absolutely nothing to do with Mr Felten's web site.
Furthermore, if SpamCop receives no further complaints, then the only
additional action will be to expire the listing after seven days. It
makes no difference if the site stays up, nor if the server (mail or
web) is still running, nor if the email address remains valid. As long
as the complaints stop, SpamCop assumes that the problem is resolved.
We'd all rather see spam problems resolved by education rather than by
canceling accounts.
> Note the similarities to the worst type of Stalinist "justice" system:
> conviction is based on a single anonymous complaint; conviction is based not
> on anything the accused did but on favorable comments about him by the
> "wrong" people; the evidence is withheld from the accused; there is no
> procedure for challenging erroneous or malicious accusations; and others are
> punished based on mere proximity to the accused (leading to shunning of the
> accused, even if he is clearly innocent).
This rebuttal has been a very long posting. Anyone can post a long list
of unfounded accusations without spending any time researching the
facts, and can throw in some emotional words as Mr Felten has done. It
takes a lot more time to rebut. It doesn't even matter that the false
claims are simply contradicted by fact; it still requires the time of
other people to rebut them. It takes a lot of emotional energy to
continue rebutting the same false claims. This is a feature of open
discussion.
> Note also that the "evidence" against me consisted only of a single unsigned
> e-mail message which would have been trivial for anyone to forge. Thus
> SpamCop provides an easy denial of service attack against a web site.
Spamcopy does not list sites. SpamCop lists IP addresses. Listings are
based only on email source. This constitutes an email block only with
respect to those who use the SpamCop list counter to SpamCop's
published recommendations. Repeat, repeat ad nauseum, sigh.
> The only bright spot in this picture is that our real justice system allows
> lawsuits to be filed against guys like SpamCop for libel and/or defamation.
> My guess is that eventually somebody will do that and put SpamCop out of
> business.
My guess is that someone will file such a lawsuit and make some lawyers
rich while the judge laughs them out of court.
Edward Reid