FC: SpamCop's Julian Haight replies to Politech, and other defenses

From: Declan McCullagh (declanat_private)
Date: Mon Nov 04 2002 - 21:11:16 PST

  • Next message: Declan McCullagh: "FC: John Gilmore's proposed principle for anti-spam action"

    The second time SpamCop incorrectly listed the Politech server, I wrote at 
    the time that: "I give the SpamCop folks high marks for responsiveness." 
    Not so now. I'm glad to offer Julian Haight the opportunity to reply to the 
    list, but his reply is needlessly antagonistic. Julian has declined to 
    whitelist the Politech server, saying he'll "perhaps" do it if he feels 
    like it. He suggests that I was "paraphrasing" parts of his July message to 
    me (about the second blacklisting) that I "want to remember," when in fact 
    I copied-and-pasted.
    These are not the actions of someone who wants to work with the Internet 
    community. I agree with Ray Everett-Church, who says Julian "seems to 
    relish" harming innocent people. I advise Politech readers not to use SpamCop.
    It seems that SpamCop's users weren't even told about SpamCop's new policy 
    of blacklisting not actual spammers -- but people at the same Internet 
    provider as a suspected spammer:
    In a column in September (http://news.com.com/2010-1074-957024.html), I 
    predicted what will happen as the market for SpamCop and its brethren 
    develops: "As spam increases and a reliable blacklist becomes something 
    that Internet providers will pay for, the discipline of the free market 
    means their quality is likely to improve."
    Part of the discipline of the free market, of course, is that less capable 
    firms will vanish as customers turn to more attractive products. I wouldn't 
    be surprised if that happens to SpamCop.
    Date: Mon, 4 Nov 2002 10:14:58 -0800 (PST)
    From: Julian Haight <julianat_private>
    Sender: <julianat_private>
    To: Declan McCullagh <declanat_private>
    cc: <politechat_private>, Argyle <serviceat_private>,
        "deputiesat_private" <deputiesat_private>
    Subject: Re: Politech incorrectly blocked by SpamCop -- for the third time
    In-Reply-To: <>
    Hash: SHA1
    On Mon, 4 Nov 2002, Declan McCullagh wrote:
     > First, SpamCop incorrectly listed the Politech server as a source of spam
     > on Feb. 11. Then SpamCop incorrectly listed the Politech server as a source
     > of spam for three or four days (if I recall properly) circa July 8. Now
     > SpamCop  lists Politech on its spammer-list because some other servers also
     > hosted at Rackspace.com are alleged spammers.
    Rackspace has been negligent in this case.  They had an open relay which
    they should have been aware of since at least 9/6/02.  That relay is still
    on their network, sending massive amounts of spam.  Since complaints from
    their spam-victims don't seem to have any effect, perhaps complaints from
    their paying users will!  If rackspace does not take action to stop this
    source of spam, it is quite possible that other, innocent rackspace
    customers will be affected again.
    That said, if you would like to send me your IP address again, I'll again
    investigate and perhaps give your server a temporary break.
     > I wrote to SpamCop's Julian Haight in July asking him if he could prevent
     > this from recurring. He wrote back: "I don't see what proactive action I
     > can take. There is nothing wrong with the system and it may well happen
     > again. Sorry."
    Perhaps you are paraphrasing the parts you want to remember.
     > SpamCop is a commercial service that compiles a list of alleged spammers
     > and charges $30 a year for individual email accounts and far more, I
     > imagine, for corporate filtering.
     > No spam has ever been sent from the Politech server. Nor was I notified
     > when it was placed on SpamCop's list again.
    Rackspace was certainly notified.  Many, many times.  I myself sent them a
    very stern warning on friday and have no response yet.  The open relay on
    their network ( is still wide open.  I would appreciate
    anything you can do to bring their attention to this glaring problem.
    There are several other sources of spam on this same rackspace network -
    IP (qty in past week): (1) (9) (4) (1) (88) (6)
    If you would like to get copies of all reports about your server, or even
    about the whole /24 network, you can.  Use the tool documented here:
    That will give you early warning about problems on that network, which
    will in turn let you know if there is a pending blacklisting by spamcop.
     > Don't get me wrong. SpamCop has the right to compile and publish
     > blacklists, even if they are not vetted for accuracy and are therefore
     > overbroad and certain to block legitimate mail. But we also have the right
     > to speak out against SpamCop's practices and criticize it where appropriate.
    I'm glad you feel that way.  Plenty of people threaten to sue me, and it
    only makes me question their credibility.  My system is mostly mechanical,
    and the rules which govern it are public.  I feel that as long as I'm
    truthful about what rules I'm using, I'm at least free from liability.
    It's up to the people using the list to block mail.  Each user or
    administrator gets to decide for themselves if my rules are a close enough
    approximation of their definition of 'spam', and if they want to reject
    mail on that criteria.
     > I invite SpamCop to defend this overbroad listing -- and say why anyone
     > should trust their service in the future, if my experience with SpamCop is
     > any indication. Personally, I use SpamAssassin and am very happy with it.
    Thank you, there are a few points I'd like to make.
    First is that this new "list the whole network" policy is new, and your
    feedback is certainly something I'll take into account when evaluating
    it's effectiveness.
    Second, this policy is not intended as a way of punishing the innocent
    neighbors of a spam source.  There are spammers who have been avoiding my
    filters by rotating through different IPs.  This whole-network rule helps
    stop that type of spam.  Although I argue above that rackspace is too
    slow, punishing them is also not the intent here - it's a secondary
    effect.  Some would say it's even a beneficial effect, and I would agree
    to a certain extent.  But if it were the only effect, I would not be
    doing it.  It is intended to make my filters better at filtering out spam,
    not coercing ISPs into action.
    Third, spamassasin, though different in some ways, is similar in one
    important way to spamcop and many other spam-fighting tools:  false
    positives.  Practically any attempt to filter spam will result in false
    positives.  Spamassassin is no different.  Perhaps it works better for you
    than spamcop.  Part of it's effectiveness is that it considers spamcop's
    list in making it's determination.  So depending on your configuration,
    you are actually using spamcop.  If it works for you, and you continue to
    use it, please give a donation ;)
    Finally, I don't think your experience with spamcop is typical.
    Primarily becuase you are a publisher.  Most users don't ever see it from
    that perspective.
    A few far-sighted comments on the state of email:
    Unfortunately, spam is killing email.  Anti-spam reaction is killing
    legitimate bulk email with the illegitimate.  I suggest that bulk emailers
    find another medium for their message.  I am actively encouraging the
    development of a new protocol to deliver opt-in bulk messages.  It should
    not 'push' the message to the user, rather it provides a system whereby
    the user's agent (mail software)  can 'pull' messages in a timely manner
    from the publisher.  To the user, this system would be much easier to use
    (opt-in/out).  To the publisher, the user would still be presented with
    the message in a familiar format (text or html).
    - -=Julian=-
    Version: GnuPG v1.0.7 (GNU/Linux)
    -----END PGP SIGNATURE-----
    Date: Mon, 4 Nov 2002 10:26:07 -0800 (PST)
    From: Julian Haight <julianat_private>
    Sender: <julianat_private>
    To: Declan McCullagh <declanat_private>
    cc: <politechat_private>, <serviceat_private>,
    Subject: Re: Politech incorrectly blocked by SpamCop -- for the third time
    Hash: SHA1
    I just called and spoke with Ron Simmons in Rackspace's security
    department.  He vowed to look into this problem and get it resolved ASAP.
    - -=Julian=-
    Version: GnuPG v1.0.7 (GNU/Linux)
    -----END PGP SIGNATURE-----
    Date: Mon, 4 Nov 2002 13:28:21 -0500 (EST)
    From: "Matthew G. Saroff" <msaroffat_private>
    Reply-To: "Matthew G. Saroff" <msaroffat_private>
    To: declanat_private
    Subject: SpamCop and Politech
    	It seems to me that the criteria used by SpamCop are exactly what
    they sell their customers:  that the volume of spam will be markedly
    reduced, and that it will be done so in a manner that will make it more
    difficult for spammers to find friendly havens.
    	While unfortunate for Politech, this is an example of an honest
    vendor serving the customers.
    Matthew Saroff
    From: "Downes, Stephen" <Stephen.Downesat_private>
    To: "'declanat_private'" <declanat_private>
    Subject: RE: Ray Everett-Church on systemic problems with SpamCop
    Date: Mon, 4 Nov 2002 20:36:12 -0500
    This one is a bit trickier:
    "Now SpamCop lists Politech on its spammer-list because some other servers
    hosted at Rackspace.com are alleged spammers."
    Assume for the sake of argument that your service provider, Rackspace.com,
    does indeed host spammers (if it doesn't, it's an erroneous listing and my
    comments do not apply).
    If Rackspace is delivering spam, then that could be construed as a good
    argument for refusing any traffic from Rackspace. This includes your
    The good being done by Rackspace - sending your newsletter - does not
    mitigate the bad being done by rackspace. By accepting email from Rackspace,
    even if it is benign, the service is showing tolerance to a spam host. It
    also opens the door to abuse by spam providers who, in an effort to appear
    innocuous (and much harder to block) mix innocent content among the spam.
    In such a case, I would argue that you, as an innocent party, are the victim
    of Rackspace's abuse of the net, and not SpamCop's attempt to counter that
    This is not to excuse any other errors SpamCop may have made in the past,
    and it is not to endorse them in any way. But on this particular point, I
    would side with SpamCop.
    My recommendation would be that you obtain a new service provider, and
    explain clearly to Rackspace that their policy of distributing spam is what
    has caused you to close your account.
    -- Stephen
    [Comments in this email almost certainly do not reflect the views of my
    employer. ;) ]
    Stephen Downes ~ Senior Researcher ~ National Research Council
    Moncton, New Brunswick, Canada
    Date: Mon, 04 Nov 2002 21:55:02 -0500
    To: Declan McCullagh <declanat_private>
    From: "Lawrence R. Ware" <larryat_private>
    Subject: Rackspace and SpamCop
    Hi Declan,
    I've been reading politech list via the web interface for a
    couple of years now.
    Saw your comments re Spamcop.
    You said:
     >Now SpamCop  lists Politech on its spammer-list because some
     >other servers also hosted at Rackspace.com are alleged spammers.
    My first thought was amazement that Rackspace actually had a
    legitimate customer. :-)
    I'm not trying to defend SpamCop because Julian should of white listed
    Politechbot after the first problem back in Feb.
    His system does have problems.
    But at the same time I would point out that if I had subscribed to
    the email version of your list, I'd never see it. Not because of
    SpamCop, but because just about all of Rackspace is in many blocking
    lists including several I use to filter mail.
    Rackspace is an un-repentant provider of spam support services and
    if you believe in the Boulder Pledge you will move your site instead
    of supporting people who believe pissing in the community well is fine as 
    long as they get a dollar for it.
    Once a lot of evidence is available that a hosting company like
    Rackspace doesn't care how many spammer web sites they host, blocking
    lists often start to increase the size of the blocks in order to
    put pressure on the provider. I use these lists and I support turning
    up the pressure on providers like Rackspace.
    A little googling would let you know just who you are doing business
    with and why most anti-spammers can't say the word "Rackspace" without 
    Lawrence Ware
    PS: Why do journalists always ask Ray Everett-Church what he thinks about
    spam related issues? The majority of working anti-spammers, (those
    running networks and fighting spam day in and day out) consider him
    and his organization CAUCE about as relevant to spam fighting as the
    Libertarian presidential candidate is to tomorrows election.
    Subject: Re: FC: Ray Everett-Church on systemic problems with SpamCop
    From: "B. Johannessen" <bobat_private>
    To: Declan McCullagh <declanat_private>
    In-Reply-To: <>
    References: <>
    Content-Type: text/plain; charset=UTF-8
    Date: 05 Nov 2002 00:33:02 +0000
    Message-Id: <1036456382.10255.24.camel@getafix>
    Mime-Version: 1.0
    Content-Transfer-Encoding: 8bit
    (you may include my email, should you decide to forward this)
    as there has been no reply from Julian or anyone else coming
    out in favor of SpamCop, and since I'm the one who brought
    this to everyones attention in the first place, I'd like to
    contribute a few words from the perspective of a satisfied
    SpamCop user.
    First of I would like to address a few of the comments made
    by Mr. Everett-Church
     > > "There is nothing wrong with the system and it may well
     > > happen again. Sorry."
     > If you find this statement nonsensical and outrageous, you
     > should.
    There is nothing nonsensical about the above statement. You
    are being told that the system is performing exactly like it
    was designed to do. You are free to disagree with the stated
    goals of the SpamCop system, but calling in nonsense just
    proves that you have not taken the time to learn how the system
     > Julian's system is designed to have a hair-trigger response
     > to any spam complaint from a SpamCop user -- no matter how
     > wrong the complaint is -- which translates through some
     > arbitrary algorithms into a blocklist entry.
    There is a fairly good explanation of what Mr. Everett-Church
    above describes as “arbitrary algorithms” on the following link
    This page is also liked to from the page referenced in my
    original message. Once again comments like the above leaves
    me with the impression that Mr. Everett-Church did not take
    the time to research the issue at hand.
    In closing I would like to include a few words about my
    personal experience as a SpamCop user.
    In the time that I've been using SpamCop (since March of this
    year) I would guesstimate that SpamCop has filtered about 5000
    messages as spam. Out of these, less the 50 has been legitimate
    email. In addition SpamCop neither rejects nor deletes the
    “suspected” messages, they are placed in the (IMAP) folder
    “Held Mail” for me to inspect.
    I think we can all agree that a perfect automated system for
    dealing with spam is an impossibility. For me, the quality of
    such a system is measured by the time I spend correcting it's
    mistakes. As for my use of SpamCop, this has turned out to be a
    few minutes per day. Your mileage may vary.
    	B. Johannessen
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q\clan

    This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 00:46:52 PST