The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.
It's true of a lot of the guys running blacklists. And more generally, of a lot of people in the position of police. You tend to become a mirror of whatever bad guys you're fighting. Your tactics have to match theirs, and pretty soon your principles start to as well. I suspect this tendency is so universal that you have to make a conscious effort to avoid it.
We deal with spamhaus. They have false positives just like every other blacklist. I'd agree that most blacklist opers are pretty removed from the realities of hosting / running a site / large community.
Your registrar pulling your domain for this is ridiculous. I would switch ASAP to someone who cares more about their clients.
This, however, is just a symptom of a bigger issue: DNS is fundamentally broken. We need a scalable, open-source, free alternative solution for SSL and DNS that does not rely on any central authority. Namecoin seems cool and it'd be sweet if people started using that.
The other idea is to have a new "anti censorship" root zone, and mirror all COM/NET/ORG etc TLDs. We could pass around this info and in the event of mass censorship, people could migrate onto the new root servers.
We're putting way too much power in the hands of ICANN / Verisign / any random registrar or host with our current system.
> The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.
That's a very attacking statement to call people "bad guys". Not just "they're not doing a good job", but actually "bad people". Ouch.
Worse, I think it's totally wrong.
While I do agree with the problem of "power corrupts", I believe that Spamhaus have been highly successful at avoiding that.
I've dealt with and spoken with people at Spamhaus regularly, and they're smart people fighting the good fight. They know what they're doing, and take their responsibilities seriously. They don't blindly attack people or use threats or accuse them of misdeads. They gather evidence about bad behaviour and act on it.
The proof is in the pudding. 100's of RBLs have come and gone over the years, either run as temporary projects that the owner gave up on one day, or gone the "power corrupts" option and just ended up listing so many IPs they've generated too many false positives (e.g. SPEWS).
Spamhaus RBLs are still being run today, and being done so very successfully. Virtually every small/medium email server I know uses them in one form or another (blocking or scoring). They generally have very high block rates, and very low false positive rates.
From a time when Al Iverson was still keeping stats on the various RBLs out there, you can see the Spamhaus zen RBL on it's own generally caught 75% of spam with 0% false positives.
Certainly some listings are controversial (eg google docs), but it's always been for a good reason, and forced the provider of the service to come to terms with the fact their spam policies were lax or their service was being seriously abused by spammers. They were thus forced to take action, something they should have been doing anyway.
Without Spamhaus, the internet would be a way worse place, with way more spam/junk emails and websites.
Spamhaus is not as bad as some other blacklists have been, certainly. Nor do I think they started out as bad people, though you have to admit that running a blacklist might tend to attract a certain type of person. Nor do I think they're stupid, or that their lists are ineffective (at the times when they're not deliberately blacklisting innocent people). But like others who've gone into the blacklist business, they do seem to have lost their way morally. I wrote about an example here: http://paulgraham.com/spamhausblacklist.html
So you're still saying that maybe they didn't start that way, but right now they are bad people, who have lost their way morally.
I think that's an incredibly harsh accusation for people that are doing an awful lot of work collecting evidence and fighting real spammers on the internet (http://www.spamhaus.org/rokso/index.lasso), and again, I totally disagree with you.
> though you have to admit that running a blacklist might tend to attract a certain type of person
I think you could tar so many people in so many industries with broad brush stroke sterotypes like that, it seems an unhelpful generalisation to make.
From the article you link:
> As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam.
The SBL is an IP based RBL, nothing to do with domains, so the above statement is patently false. And if anyone was doing IP lookups of URI's in emails and using the SBL for that (which I've never even heard of), that's clearly a misuse of the SBL anyway, because that's not what the SBL is supposed to be used for.
The Spamhaus Block List ("SBL") Advisory is a database of IP addresses which do not meet Spamhaus's policy for acceptance of inbound email and therefore from which Spamhaus does not recommend the acceptance of electronic mail.
---
So it should only be used to block machines sending email, nothing about the content thereof.
There's RHSBLs (like SURBL and URIBL) that are related to dealing with URI's in emails, that's nothing to do with IP RBLs like SBL.
> Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming
What's that got to do with the SBL again? The SBL is purely about what IP addresses "from which Spamhaus does not recommend the acceptance of electronic mail", nothing about websites. So that whole accusation feels wrong. Mixing up email sending servers and websites, domains and IPs, and absolutely no evidence for it at all.
It was the SBL. I don't remember the details of how my emails were getting blocked. But they were obviously getting blocked, because if they hadn't been, I'd never have found out about the problem. At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means.
You seem naive about the nature of evil if you think that it somehow precludes doing constructive work. Bad people don't wake up every morning thinking "what evil shall I do today?" What distinguishes them is that they cross lines other people won't. But the situations that test them may come up fairly infrequently.
"At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means."
Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.
One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.
Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.
From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).
By having a system of checks and balances in place, that allows due process and impartial review. In the US we have the judicial process in place for this. As an interesting note, SOPA proposes doing away with much of this process in the name of "streamlining."
Yes. And that's what puts vigilantes in a morally dangerous position; by definition they're not answerable to anyone. Or at least not answerable to anything more specific than the law and public opinion.
Spamhaus may be "bad guys" but the DNS manager company is clearly the one at fault here, what they did is way worse in my book that a false spam positive from spamhaus or even their vigilantism.
I think this is the first time I've ever had to down vote pg.
Spamhaus are not the bad guys in any way, it seems like this was a false positive, Spamhaus didn't know who op was (that he was an ISP hosting other's content), and his host apparently suck a bag of dicks and he needs to switch asap.
Paul is right on this one. Maybe Spamhaus used to have good intentions but all of my recent dealings with them indicate that they're as unethical as the spammers they claim to fight. Their "shoot first ask questions later" methodology proves that they have no problem railroading anyone unfortunate enough to get caught in their crossfire.
Oh my, same old Paul. Just can't stop holding a grudge. Seems he forgot to mention the reasons why he still feels the need to badmouth Spamhaus (other than perhaps nothing better to do these years, lack of new ideas?).
Firstly, Paul's grand "A Plan for Spam" method of using Bayesian filters to stop all spam ("I think it's possible to stop spam, and that content-based filters are the way to do it."). Uh, so, how'd that work out? Spammers quickly figured out how to make a mockery of Bayes based solutions. And who is still out there filtering spam using IP addresses & domain names? Spamhaus.
Then, what really got his goat was back in 2005 (yes, long grudge holding, one wonders what he feels about the mail-carrier who lost a letter of his back in '78 ;-) when his vanity site, shared-IP-hosted at Viaweb which had become Yahoo! Stores was blocklisted at Spamhaus. Back then, Yahoo, and Yahoo Stores were a spammer-hosting cesspool and Paul's page was wallowing in the center of it. Rather than get to the bottom of it, Paul just got on a high-horse and ranted about the evils of Spamhaus. A good take on the rant can be read here: http://www.circleid.com/posts/we_hate_spam_except_of_course_...
So, multiple biases. How often people forget to mention those when they post attacks. Now one must ask, who is the "bad guy" and is "corrupt" here?
But the Spamhaus people should be happy with the irony in Paul's hypocrisy. How so? Well, his paulgraham.com's email is filtered by Spamhaus, as is his ycombinator.com's email. As are the emails of most of the social/blog sites he's on (posterous.com, etc.) One wonder how many of these still use "A Plan for Spam"? Okay, that was rhetorical.
Lastly, the pop-psychology in his posting attests that Paul's degrees are in philosophy, not psychology.
You could have pointed out said hypocrisy without the ad hominem attacks, in fact I wouldn't have felt compelled to down-vote you if you had. Instead your comment reads more like a petty tantrum based on some grudge you (apparently, continue to) hold against Paul.
Spammers quickly figured out how to make a mockery of Bayes based solutions. And who is still out there filtering spam using IP addresses & domain names? Spamhaus.
For what it's worth, the SpamBayes plugin for MS Outlook has reliably trapped at least 99.9% of spam for me for several years now, with essentially no false positives at all (where false positives are defined as legitimate mail that bypasses the Unsure folder by receiving a spam score greater than 90%.)
In practice, this is enough to keep my email account essentially spam-free despite the arrival of over 1,000 spam messages per day.
On the other hand, blacklists accomplish nothing beyond interfering with my own legitimate outgoing email, just because somebody else with a Comcast account happens to be infected by a spam-spewing trojan. Gee, thanks, guys.
As a result, I see blacklists the way some people see unions -- as defensive tools that may have been needed at one time, but that are now just unnecessary, parasitic middlemen.
I guess some people might see unions that way, maybe people who haven't observed the 30-year collapse of the middle class in the USA and other western economies. The experience of Germany is instructive though: http://www.addictinginfo.org/2011/08/07/unions-boost-economy...
It's true of a lot of the guys running blacklists. And more generally, of a lot of people in the position of police. You tend to become a mirror of whatever bad guys you're fighting. Your tactics have to match theirs, and pretty soon your principles start to as well. I suspect this tendency is so universal that you have to make a conscious effort to avoid it.