Date: Tue, 24 Jul 2001 12:40:58 +0200 (MET DST)
From: Anders Andersson <andersa@DoCS.UU.SE>
To: alik@comintern.ru
Subject: Re[2]: http://www.desctopsticker.net
Message-ID: <Pine.GSO.4.21.0107241007210.20593-100000@radha.it.uu.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Content-Length: 8523

>certain point of mutual concession. For now, having studied such
>documents as bills and codes related to spam, adopted or being
>discussed (http://www.spamlaws.com/state/de.html,
>http://www.courts.wa.gov/opinions/opindisp.cfm?docid=694168MAJ), we

You don't say whether you considered those bills and codes useful
as a basis for creating your own policy, or you mention them
merely for a contrasting reference.  In my opinion, most laws and
proposed laws on the subject of junk e-mail are useless, and may
even have been proposed by the direct marketing companies for the
purpose of forestalling more radical proposals from the victims
of spam.  The only practical result I have seen from the U.S.
legislative process is a lot of spammers claiming to be in full
compliance with whatever proposed "anti-spam" bill they prefer.
As if that should make me any happier.

Laws only provide a "minimum requirement" anyway; operators are
expected to write and enforce their own policies in order to help
maintain the smooth operation of the Internet.  There will always
be annoying things you can do with a computer that isn't forbidden
in law, and such incidents will be reported to the ISP responsible
for the culprit's Internet access.  If the ISP doesn't currently
have a policy for dealing with that annoyance, they are expected
to implement one.  Whether their policy fulfils the minimum legal
requirements is irrelevant; good citizens don't defend an imaginary
right to annoy each other by pointing to the law.

>We believe that it's necessary, and that in particular, spam without
>a clear description of how to unsubscribe from it is that very harm
>for reputation we can't tolerate even if we merely host the site.

Note that you don't get to decide how harmful to your reputation
any particular kind of spamming will be; that's up to the victims.
In my opinion (as one of the victims), your appearant willingness
to host "careful" spammers (i.e. those who provide a working removal
procedure) is more damaging to your reputation than your occasional
but unintended hosting of a "hardcore" spammer.  I can excuse an
honest mistake on your part, but not a deliberate decision against
my best interest.

Telling spammers that you will turn a blind eye towards their theft
of my property as long as I don't complain about it is not in my
best interest, and now you even know it.

My opinion may very well be that of a small minority, and therefore
of less importance to you, but that doesn't really matter; those who
believe your policy is bad can simply collaborate and refuse to do
business with you.  MAPS is the result of such a collaboration.

Note that I'm currently not in a position to actually implement such
a boycott, but I'm merely trying to describe the options available
to any independent entity on the Internet.

>You see, there exist two polar 'radical parties': one one hand, "wild"
>spammers who spoof message headers, use false subject lines, ignore
>complaints, don't honour cease orders, etc. On the other hand, there
>are anti-spam activists who seem to be acting under the "kill them
>all!" mood, and often (in our opinion) overreact.

Overreaction happens all the time; earlier this year I received what
purported to be an invoice via e-mail, requesting that we pay a fee
for having sent unsolicited e-mail to the complainant.  I explained
to her that merely finding one of our domain names in the message
header did not constitute evidence of the message ever passing via
our network, and that the message header had in fact been forged by
the sender (which it had; I had seen numerous forged headers of the
same kind before).  She accepted my explanation and released us from
her financial claims.

However, the Internet isn't a two-party system, and those who engage
themselves in the spam wars cannot be easily placed on a linear scale.
I usually don't request any particular action from an ISP, such as
cancelling the account of the offender, but I do insist on being told
what has been done.  This is so that I can form an opinion on the ISP
in question, which in turn will help me distinguish ISP's from each
other.  Hence my appreciation of your responsiveness, even though I
don't like what you say.

What counts is the end result, not the means by which you achieve it.
If you can silence your spammers by casting a magical spell on them,
I'd be satisfied with that.  However, if I get spam from a particular
sender, report it to his ISP, get an automatic response telling me
that action will be taken, and three days later another piece of spam
from the same sender, you can guess what I think of that ISP.

So, rather than demand that you take any particular action, I'll ask
what you did and see if it makes any noticeable difference as far as
I'm concerned.  If it doesn't, I'll let you know, or I may decide I've
had enough and suggest to my peers that we block further e-mail from
your IP addresses.  I can't force you to cooperate, only convince you
that you want to cooperate. ;-)

>Usually, in a clash of the extremes, a mutual concession is the key.

On the contrary; unjustified demands should be flatly rejected, and
the decision should be left to those who can justify their positions.
Watch Seattle.  Watch Gothenburg.  Watch Genoa.  Mutual concessions?
Both extremists can't possibly justify themselves, and most likely
none of them can.  Merging their opinions would be like calculating
the average of fascism and maoism; the rest of us will not be happy
with the result.  You would do better to listen to the moderates.

>It is bad that people get a lot of junk mail. However, were it
>completely useless, spammers would not exist - in other words, there
>are users who do read UBE and sometimes take advantage of the offers,
>thus confirming e-mail as a valid advertising medium.

Usefulness does not equal legitimacy - people will listen to pirate
radio stations and buy from their advertisers as well, but that
doesn't mean the FCC (or your national equivalent) should tolerate
individuals occupying the frequency ranges others have paid to use.

>If anything, I personally would say that the only way to oppose spam
>(either in e-mail, paper mail, or anywhere) is to teach people not to
>read it.

It would be like teaching people not to listen to pirate radio.
If they don't understand themselves that doing so is bad for them
in the long run, telling them so isn't going to make a difference
as long as there are plenty of spammers telling them the opposite
view.  Therefore, it's hardly the most appropriate way to oppose
spam, much less the only way.

My mailbox is my property.  I decide what it's to be used for.
Anything else is theft.

>Actually, I have no idea as of how it appeared on SpamCop. Possibly
>they've got a forward of my correspondence with the complaining
>people, or our customer in question contacted them.

I've been at the receiving end of a SpamCop complaint myself once
(we had an obscure open relay that our perimeter defence didn't
catch).  I closed the relay and indicated to SpamCop that the issue
was resolved, using the URL they provided for the purpose.  I don't
remember whether they provided any alternative response options.
I can see problems with SpamCop functionality, but as long as it's
the only service of its kind, I will keep using it.  I'm afraid I
don't have the time to entertain 20 different abuse departments in
20 different ways, so I need a centralized service.

>Besides, we do require our customers to treat complaints as cease
>orders as well, so in a way it can be said that by establishing that
>we and our clients are cooperative, the issue is, at least partially,
>resolved.

Are you now saying that you forwarded my complaint to your customer
even though you found his actions to be within the limits of your AUP?
Because, I never wrote to your customer; I wrote to you, and I didn't
authorize you to forward my mail to your customer.  And, the issue is
in no way resolved by removing any address from his mailing list that
shouldn't have been on it in the first place.  Can your customer even
tell which spam run of his resulted in my complaint?

I have too many e-mail addresses to list them all.  However, if your
customer removes any e-mail address matching the wildcard expression
"*@*", I will consider the issue partially resolved.

--
Anders Andersson, Dept. of Computer Systems, Uppsala University
Paper Mail: Box 325, S-751 05 UPPSALA, Sweden
Phone: +46 18 4713170   EMail: andersa@DoCS.UU.SE