> The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.
That's a very attacking statement to call people "bad guys". Not just "they're not doing a good job", but actually "bad people". Ouch.
Worse, I think it's totally wrong.
While I do agree with the problem of "power corrupts", I believe that Spamhaus have been highly successful at avoiding that.
I've dealt with and spoken with people at Spamhaus regularly, and they're smart people fighting the good fight. They know what they're doing, and take their responsibilities seriously. They don't blindly attack people or use threats or accuse them of misdeads. They gather evidence about bad behaviour and act on it.
The proof is in the pudding. 100's of RBLs have come and gone over the years, either run as temporary projects that the owner gave up on one day, or gone the "power corrupts" option and just ended up listing so many IPs they've generated too many false positives (e.g. SPEWS).
Spamhaus RBLs are still being run today, and being done so very successfully. Virtually every small/medium email server I know uses them in one form or another (blocking or scoring). They generally have very high block rates, and very low false positive rates.
From a time when Al Iverson was still keeping stats on the various RBLs out there, you can see the Spamhaus zen RBL on it's own generally caught 75% of spam with 0% false positives.
Certainly some listings are controversial (eg google docs), but it's always been for a good reason, and forced the provider of the service to come to terms with the fact their spam policies were lax or their service was being seriously abused by spammers. They were thus forced to take action, something they should have been doing anyway.
Without Spamhaus, the internet would be a way worse place, with way more spam/junk emails and websites.
Spamhaus is not as bad as some other blacklists have been, certainly. Nor do I think they started out as bad people, though you have to admit that running a blacklist might tend to attract a certain type of person. Nor do I think they're stupid, or that their lists are ineffective (at the times when they're not deliberately blacklisting innocent people). But like others who've gone into the blacklist business, they do seem to have lost their way morally. I wrote about an example here: http://paulgraham.com/spamhausblacklist.html
So you're still saying that maybe they didn't start that way, but right now they are bad people, who have lost their way morally.
I think that's an incredibly harsh accusation for people that are doing an awful lot of work collecting evidence and fighting real spammers on the internet (http://www.spamhaus.org/rokso/index.lasso), and again, I totally disagree with you.
> though you have to admit that running a blacklist might tend to attract a certain type of person
I think you could tar so many people in so many industries with broad brush stroke sterotypes like that, it seems an unhelpful generalisation to make.
From the article you link:
> As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam.
The SBL is an IP based RBL, nothing to do with domains, so the above statement is patently false. And if anyone was doing IP lookups of URI's in emails and using the SBL for that (which I've never even heard of), that's clearly a misuse of the SBL anyway, because that's not what the SBL is supposed to be used for.
The Spamhaus Block List ("SBL") Advisory is a database of IP addresses which do not meet Spamhaus's policy for acceptance of inbound email and therefore from which Spamhaus does not recommend the acceptance of electronic mail.
---
So it should only be used to block machines sending email, nothing about the content thereof.
There's RHSBLs (like SURBL and URIBL) that are related to dealing with URI's in emails, that's nothing to do with IP RBLs like SBL.
> Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming
What's that got to do with the SBL again? The SBL is purely about what IP addresses "from which Spamhaus does not recommend the acceptance of electronic mail", nothing about websites. So that whole accusation feels wrong. Mixing up email sending servers and websites, domains and IPs, and absolutely no evidence for it at all.
It was the SBL. I don't remember the details of how my emails were getting blocked. But they were obviously getting blocked, because if they hadn't been, I'd never have found out about the problem. At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means.
You seem naive about the nature of evil if you think that it somehow precludes doing constructive work. Bad people don't wake up every morning thinking "what evil shall I do today?" What distinguishes them is that they cross lines other people won't. But the situations that test them may come up fairly infrequently.
"At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means."
Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.
One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.
Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.
From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).
That's a very attacking statement to call people "bad guys". Not just "they're not doing a good job", but actually "bad people". Ouch.
Worse, I think it's totally wrong.
While I do agree with the problem of "power corrupts", I believe that Spamhaus have been highly successful at avoiding that.
I've dealt with and spoken with people at Spamhaus regularly, and they're smart people fighting the good fight. They know what they're doing, and take their responsibilities seriously. They don't blindly attack people or use threats or accuse them of misdeads. They gather evidence about bad behaviour and act on it.
The proof is in the pudding. 100's of RBLs have come and gone over the years, either run as temporary projects that the owner gave up on one day, or gone the "power corrupts" option and just ended up listing so many IPs they've generated too many false positives (e.g. SPEWS).
Spamhaus RBLs are still being run today, and being done so very successfully. Virtually every small/medium email server I know uses them in one form or another (blocking or scoring). They generally have very high block rates, and very low false positive rates.
From a time when Al Iverson was still keeping stats on the various RBLs out there, you can see the Spamhaus zen RBL on it's own generally caught 75% of spam with 0% false positives.
http://web.archive.org/web/20080703181952/http://stats.dnsbl...
Certainly some listings are controversial (eg google docs), but it's always been for a good reason, and forced the provider of the service to come to terms with the fact their spam policies were lax or their service was being seriously abused by spammers. They were thus forced to take action, something they should have been doing anyway.
Without Spamhaus, the internet would be a way worse place, with way more spam/junk emails and websites.