HumpBackB wrote us about the lawsuit that ISP Media3 has filed against MAPS and its Realtime Blackhole List. The RBL, despite blocking only 2% of spam, is widely seen as an effective tool against mail abuse. I'm going to risk life and limb, and say that it has become, instead, just another censorware tool. Here's why.
Media3 has had six of its ClassCs added to the RBL: one in June, and five in November. These 1500 IP numbers are now cut off entirely from the rest of the Internet for any Internet provider who subscribes to the RBL (more on this later).
But making these 1500 IP numbers vanish from the net -- which is exactly what happens for any provider who subscribes to the RBL -- does not stop any spam from getting through. They are not blocked because those servers are sending unsolicited email, or any kind of e-mail for that matter.
Media3's service agreement is more-or-less the same as all responsible, anti-spam providers:
"M3 does not permit the transmission of unsolicited e-mail... Subsequent violations will result in suspension and/or termination of the account without refund of service fees..."
And MAPS does not even allege that a single piece of spam has been sent from any of these 1500 IP numbers. As their press release says:
"Media3 refused to require their Web-hosting customers to stop advertising their Web sites by using unsolicited commercial email..."
Even this fact is in dispute. I spoke with Joe Hayes at Media3, and he told me that the company does not tolerate Web sites which promote themselves through spam.
You can check the RBL evidence file yourself. When a MAPS representative spoke with Joe back in June, he told him that he needed to, not tighten up his sendmail rules, but "terminate the Samco [Web] sites and rewrite his AUP to prohibit the hosting of spamware."
Spamware? Yes. Media3 does host Web sites which sell software that sends bulk e-mail and harvests e-mail addresses. Take a look at MarketingMasters.com. Their IP number is 188.8.131.52, which is in the Media3 ClassC which was blocked in June. You can look them up on the RBL at http://mail-abuse.org/cgi-bin/ lookup?184.108.40.206.
Again, the blocking of that IP number, their Web site, does not stop a single piece of spam from being sent or received. What it does do is punish the folks at MarketingMasters, whose Web site can't be seen by RBL subscribers.
The problem is that MAPS has put every 209.211.253.x IP number on their list. For example, if you look up 220.127.116.11, you'll see exactly the same message and same rationale.
And 18.104.22.168 is not a spam Web site. It's otherwise known as Peacefire.org, a group of young people who are advocates of free speech rights for teenagers, and -- irony alert -- longtime opponents of censorware.
In fact, if you visit their Web site you'll see many reports about how censorware blocks the good as well as the bad. Their latest, "Amnesty Intercepted," shows that sites like Amnesty International Israel and the American Kurdish Information Network are blacklisted as pornographic by overzealous censorware.
Kind of like Peacefire -- and over a thousand other sites -- are blacklisted by MAPS.
Let's be clear about what censorware does. It does not by itself block content. It "only" rates that content as unacceptable for viewing, and it is up to someone -- your parents? your teacher? your ISP? -- to apply its rules to prevent you from seeing that content.
I don't like spam any more than the next person. But I also don't like censorship, and I take a content-neutral view of these things. If someone delivers a product to be used by Alice to block Bob from seeing website because she doesn't like its content, that product is censorware.
And if that product capriciously, unfairly, and deliberately blocks innocent Web sites, then it's not very good censorware.
In this case, the "bad" Web site sells software which could be used to spam. Frankly, compared to Nazi propaganda or bomb-making instructions, it's pretty tame. But that's not important. Standing up for speech I agree with is easy, everybody does it. If you want freedom, you have to stand up for speech you disagree with.
At least with programs like CyberPatrol, SurfWatch, and Net Nanny, when overblocking mistakes are pointed out, they are corrected. But as MAPS admits in its press release and evidence files, the intent here is not to block the actual Web sites (after all, people who want to buy the software will find a way to buy it).
No, the intent is to get the ISP in question to play ball. The fact that a thousand innocent Web sites are censored is, as far as I can tell, irrelevant.
I don't see much difference between this and any other censorware. One difference is that few other censorware packages are actually free. Another is that fewer are so obviously wielding their power as a retaliatory weapon.
And, there's also the fact that the RBL is used by a backbone provider, AboveNet, whose CTO also happens to be a co-founder of MAPS. Peacefire had no idea that it was being censored until it heard from confused would-be readers. At least with traditional censorware, if your connection to a website is blocked, you have some idea of why. Peacefire's readers naturally had no idea whether their packets were traveling over AboveNet's network, and only knew that their connections were being rejected.
(I contacted Paul Vixie to ask about AboveNet and how it uses the RBL, but he refused comment, sending me to AboveNet PR, who didn't get back to me by deadline time.)
Vixie claimed in 1998 that "MAPS volunteers always contact the owner of a site before it's blacklisted." I'm guessing none of the 1,500 blocked Web sites were contacted.
But then, MAPS also advises Web providers:
"If you host Web sites, we suggest that you use one IP per domain so that if spam occurs for one Web site, we don't have to blackhole you or your other customers to block access to the spamming site."
That's exactly what Media3 does -- and exactly what MAPS did.
Oh, and one more difference. The RBL is more successful than any other censorware package. According to Upside, 20,000 companies that control 40% of all e-mail accounts (and, quite possibly, Web sites); that's up from what ZDNet said in 1998, 2000 ISPs that control 30% of Internet destinations.
I can't find much to argue with in Joe Hayes's summary:
"They [MAPS] are blocking very good educational sites, nonprofit organizations, in their attempts to get us to adopt their definitions in their entirety. They've made no bones about hurting people and while Media3 maintains a policy of not allowing unsolicited e-mails, we do not see completely eye-to-eye on MAPS's definitions because they become very encompassing and very broad. While they have a good tool, and I commend them for their efforts to contain e-mail abuse, they're a good thing gone bad and they have basically become the abuser."
And here's a heavily abridged list of the sites that cannot be accessed via AboveNet, or any of the other providers who use the RBL -- just a few of the sites on just one blacklisted ClassC:
- FulfilledLives.com, "the place for women and girls," about spirituality and relationships.
- DesktopHeaven.com, Windows themes, screensavers, wallpaper.
- TownOfCary.org, the official website for the town of Cary, North Carolina.
- StudioZito.com, yet another Web site-designer.
- Crossalizer.de, a music site which points out (in German) that it's a victim of an anti-spam initiative, and thus has moved to Crossalizer.com.
- StrikeMore.com, bowling tips and schedules.
- NewTechWellness.com: "The total balance of wholeness and wellness within the areas of Mind, Body, Family, Society, and Finances in our lives is our goal," OK, whatever.
-- both are authors of romance novels.
- CraftersCommunity.com. "If you are looking for a fun and easy recipe to do with the kids, try these deliciously simple Winter Cookie Pops."
Update, something like an hour later: If you're planning to e-mail me or post a comment saying I don't know what I'm talking about because the RBL only blocks mail traffic, please take a moment to read this 1997 interview. Excerpt:
SunWorld: How do you defend your policy of Blackholing Web services that host spammers' Web sites -- even if the spam itself isn't going through their service?
Vixie: This is the most controversial thing we do because it's censorship of something that isn't spam. It's me saying to some Web provider, because you are renting space to this person [a spammer] who is doing something completely legal, I am going to Blackhole your butt.
Also, Bennett Haselton of Peacefire reports, at 10:58 PM EST:
I just telnetted in to www.peacefire.org and was able to do "ping www.above.net" and "ping home.cnet.com" and "ping www.infoworld.com" despite the fact that that traceroute on all of these sites shows that they are hooked up via above.net.
Peacefire's IP address is still on the RBL, so it looks like AboveNet has, for the time being, temporarily stopped blocking their users from accessing sites on the RBL.
This means that either:
(1) AboveNet has realized the errors of their ways, and is trying to correct them.
(2) AboveNet is trying to cover up the fact that they ever censored their users' Internet access, and they are temporarily opening up the gateway so that people on AboveNet will be able to access Peacefire and will think it is all a hoax.