Re: Bystander shot by a spam filter.

From: Duncan Patton a Campbell (campbell@neotext.ca)
Date: 12/28/02


Date: Sat, 28 Dec 2002 13:49:31 -0700
From: Duncan Patton a Campbell <campbell@neotext.ca>
To: Shawn Duffy <pakkit@codepiranha.org>


Seems to me that this is an invitation to government
regulation -- interfering with the mail is a criminal
offense for good reason.

Dhu

On 28 Dec 2002 15:46:10 -0500
Shawn Duffy <pakkit@codepiranha.org> wrote:

> The lists are usually kept on the websites of whatever particular
> organizations are doing it... they are quite a few...
> As far as suing them, I would venture to say no... If you dont want
> someone to be able to connect to your mail server that is certainly
> within your right to do... and if other people want to agree with you,
> well then, what can you do... although I am sure someone somewhere will
> probably sue over it and win...
>
> shawn
>
>
> On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote:
> > How do you find if you are on the list? And who has the list?
> >
> > Can they be sued?
> >
> > Thanks,
> >
> > Duncan (Dhu) Campbell
> >
> > On Sat, 28 Dec 2002 08:45:23 -0500
> > Harry Tabak <htabak@quadtelecom.com> wrote:
> >
> > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam
> > > filter, I've had to send this from another account]
> > >
> > > I am not sure which list is best for this issue, hence the cross
> > > posting. I believe spam and anti-spam measures are security issues --
> > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD
> > > ported package is contributing to an internet service availability
> > > problem that has me stumped. I believe that an unknowable quantity of
> > > other internet denizens are also affected.
> > >
> > > I'm a long time fan of FreeBSD -- I run it on my small mail server and
> > > I've recommended it for many applications. I even bought a CD once. I
> > > write this missive with great reluctance. I've worked with a lot of
> > > strange software over the years, But this is a new first -- Software
> > > that slanders! Software that publicly called me a spammer!!! And not to
> > > my face, but to business associate. And then took action.
> > >
> > > I recently discovered, and quite by accident, that a FreeBSD ported
> > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me
> > > to an unknown number of businesses and individuals on the internet. I'll
> > > probably never have to correspond with most of these people, but I'm a
> > > freelancer -- this may have already cost me a job. [Dear reader, don't
> > > be surprised if you or your clients are also blocked. I strongly suggest
> > > that you check it out.]
> > >
> > > Anti-spam products have a valuable place in the security arsenal. But,
> > > IMHO, this product is dangerous because it includes filters and rules
> > > that are overreaching, and inaccurate. Bad firewall rules and bad
> > > anti-spam rules may be OK for an individual site. However, spambnc's
> > > bad advice is being mass marketed through the good offices of FreeBSD,
> > > and it is putting potholes in the net for the rest of us. Until it is
> > > fixed, and proven harmless, FreeBSD should stop distributing this product.
> > >
> > > Basically, the default built-in policies for blocking mail aren't fully
> > > described, and there is no mechanism to universally correct the
> > > inevitable mistakes in a timely manner. Users (people who install this
> > > product) are mislead about the probably of filtering the wrong mail. I
> > > am sure that the software was developed with the very best intentions,
> > > but in its zeal to block lots and lots of spam, SB is hurting good people.
> > >
> > > The SB rule blocking my mail host has nothing to do with me. Even
> > > though, it can use dynamic anti-spam DNS services, SB hard codes its
> > > rules for filtering bad domains by name and by IP address. My nemisis is
> > > buried in a 1476 line file, sb-blockdomains.rc, which installs by
> > > default, and is not documented outside the code. Along with others, it
> > > blocks the entire 66.45.0.0/17 space because spammers might live there.
> > > This is sort of like a corporate mail room throwing away all NJ
> > > postmarked mail because of the bulk mail distribution centers in Secaucus.
> > >
> > > My mail host address gets a clean bill of health from every anti-spam
> > > site that I can find, such as SPEWS. I've checked at least 30 of them.
> > >
> > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block.
> > > The DSL provider's block is a sub-allocation from Inflow.com's
> > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a
> > > right to their opinions, they don't have a right to publicly tar me
> > > because of my neighbors.
> > >
> > > If I read sb-blockdomains # comments correctly, it is policy to not
> > > only block known spammers, but to ALSO block entire networks based on
> > > their handling of spam complaints. This is like as a business
> > > receptionist checking callerID and then ignoring incoming calls from
> > > Verizon subscribers because Verizon tolerates (and probably invented)
> > > telemarketing.
> > >
> > > I have written to both the Spambouncer contact address
> > > <ariel@spambouncer.org> and the FreeBSD maintainer, but without a
> > > response. Possibly they are on holiday, or spambouncer is eating my
> > > mail. Perhaps I'm just too impatient.
> > >
> > > I have also contacted my ISP's support. They don't know how to help
> > > me. They vouch for Inflow. They don't recommend it, but for a fee, my
> > > service could be switched to a different PVC, and I'd get an address
> > > from a different carrier. But of course, the new address could be
> > > black-listed on a whim.
> > >
> > > Regardless, I assume that these are reasonable people, and that they
> > > will oil the squeaky wheel as soon as it is convenient. But how will I
> > > ever know that EVERY copy of spambouncer has been fixed? What about
> > > other innocent ISP subscribers who are also black-listed?
> > >
> > > Harry Tabak
> > > QUAD TELECOM, INC.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> --
> email: pakkit at codepiranha dot org
> web: http://codepiranha.org/~pakkit
> pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A
> having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: Bystander shot by a spam filter.
    ... > my face, but to business associate. ... > bad advice is being mass marketed through the good offices of FreeBSD, ... > product) are mislead about the probably of filtering the wrong mail. ... or spambouncer is eating my ...
    (FreeBSD-Security)
  • Re: Non English Spam
    ... Subject: Non English Spam ... encoded in one of the above character sets, ... You know all too well that filtering based on "Received" header ... language specific lists - if their message is not simply ignored. ...
    (freebsd-questions)
  • ~~~~~~~~~~~~~~ FAX NUMBERS ~~~~~~~~~~~~~~
    ... re business fax numbers l ... business fax lookup numbers ... fax lookup numbers reverse ... fax numbers opt-in lists small businesses ...
    (sci.electronics.misc)
  • RE: PAWS security vulnerability
    ... FreeBSD security list" isn't grammatically correct. ... "I told you to post the patch and info to the appropriate FreeBSD security ... "...This point and others are often discussed on the mailing lists, ...
    (freebsd-questions)
  • Re: freebsd-questions Digest, Vol 246, Issue 44
    ... Is aio or vm broken for FreeBSD 7-STABLE? ... Re: error: field 'aio_sigevent' has incomplete type (Mel) ... change root pasword ... # idiot autoresponder on freebsd lists, ...
    (freebsd-questions)