Business History Books » Business Consulting » vigilantes wreck the internet
vigilantes wreck the internet
Question:
The normally recognized moderators of the moderated newsgroups involved did not approve the previous post. The post is best ignored, so please do not reply – the child involved is attempting to be disruptive. Thanks! James Logajan, misc.business.consulting & misc.business.marketing.moderated co-moderator
Response:
Blackhole lists offer dark prospects By Bret A Fausett New Architect August 2002 Most of the email I receive these days is spam, yet I’ve never purchased anything advertised in a piece of unsolicited commercial email. I’m not even sure that I’ve ever clicked on a link sent to me in a piece of unsolicited commercial email. I haven’t found any good method of blocking spam. Fortunately, I have a broadband connection, so things aren’t as bad as they could be. But whenever I travel and find myself connecting via modem, I’m constantly frustrated by the significant amount of time I have to spend downloading junk mail, which is sometimes billed at exorbitant hotel or foreign telephone rates. So you’d think that I’d be somewhat sympathetic to the efforts of groups that create blackhole lists. For those of you unfamiliar with a blackhole list, it’s a list that’s typically maintained by volunteer antispam advocates. It contains the IP addresses and domain names of certain mail servers allegedly used to send unsolicited email messages en masse. When an Internet service provider subscribes to one or more of the blackhole lists, any inbound email to its service originating from a mail server on the lists is automatically rejected. The subscriber to a blackhole list doesn’t filter based on the actual content of the email, just its place of origin, which makes this practice a fairly crude tool. It blocks all messages from specific locations regardless of content. Anyone who finds his or her mail server erroneously listed on a blackhole list can usually get off the list by establishing that he or she has remedied whatever server insecurity spammers exploited. At least that’s how it works in theory. I don’t run an insecure mail server, but mine recently found its way onto a blackhole list. I’ve tried to get off the list, but to no avail. I’ve become just another victim of vigilante justice on the Internet. The Wrong Guy One day back in March, I tried to send a friend of mine an email. It bounced. The mail server that rejected my message sent a polite note back explaining that the address of my mail server was now listed on its ISP’s blackhole list. Over the next two weeks, the circle of people to whom I could send email started to shrink. Soon, even my father’s email address was off-limits to me. The primary way to get on a blackhole list is to run an open relay. For various reasons having to do with access to networks and efforts to conceal their identities, senders of mass unsolicited email predominantly exploit such relays. An open relay accepts mail from anyone in the world and relays it to whomever is listed in the address. Most mail servers aren’t open relays. They accept mail only from subscribers to that network’s services, or from a set of persons specifically identified on the server. In spite of grass roots efforts to close the open relays, there are still more than a few of them out there. Not Guilty My mail server, however, was not an open relay. I have no idea who first submitted my name to a blackhole list operator in Denmark, but sometime in March of this year the operator added my mail server to its list. The first time the service was used to reject a piece of my mail, the rejection came accompanied by an explanation of why I was on the list and what I could do to be removed from it. The explanation was that I was running an open relay. How could I get off the list? That was simple, the message said. Close the open relay, and send a message to the operator’s server asking to be re-scanned. Of course, as I mentioned, my mail server was never an open relay in the first place. So in response to the rejection message I received, I asked the blackhole list service if it would kindly re-scan my mail server and make another determination as to whether it was an open relay. I was sure that there had been some mistake and that on a second try, it would realize the error in its initial judgment. Shortly after I submitted my request, I sat down to monitor my mail logs. This time I saw the service in Denmark address my mail server. I watched my mail server accept the message and then pass the piece of email back to the Danish mail server. The Danish server promptly sent a message saying that my server was still operating as an open relay. How had it gained access to my mail server? Simple. It had forged the headers on its email to convince my mail server that the email it sent was from a permitted user. You see, my mail servers were set up to pass mail only from a domain name of which I am the only user. It blocks everything else. That’s not an open relay. Unless you’re a user in my domain, you can’t use it. Blocked The group based in Denmark had pretended to be me, forged an email as though it had come from an address that only I am authorized to use, passed it through the mail server in my house, and then placed me on a list of people who should be blocked from sending mail. They circulated that list around the world. ISPs used by my friends and family here the United States subscribed to this list. Now, through no fault of my own?and in fact because of the trickery of Danish email activists?I was no longer able to send email to many people in my address book. It’s hard to describe how angry this made me. The Danish consortium had lied about their identity, and I was paying for it. The worst thing about being blacklisted, however, wasn’t that I could no longer send email, but that spammers began actively trying to use my mail server to send their spam. You see, blackhole lists work both ways. ISPs use it to block traffic, but as I’ve recently discovered, the spammers themselves use the lists as a kind of directory of servers to use for sending their mail. If you look at my mail server logs, you’ll see that every few seconds or so, someone, somewhere tries to access my mail server and use it to send mail. Each time, without fail, my mail server declines the request and refuses to relay the requested message. It isn’t an open relay. It’s just doing its job. But my machine is bombarded with requests from all over the world from spammers seeking to use its minimal capabilities to send their penis enlarging, breast enhancing, get-rich-quick messages. My Rights But, hey, I’m a lawyer, right? I’m supposed to be able to solve this kind of dilemma. And there are a few things I could do. For one, the Danish antispam organization falsified an email header to gain access to my mail server. Illegal access to a computer system is, if not a criminal violation, then a trespass on my private property. As I’ve discussed previously in this space, one of the novel legal theories now catching on for these kinds of unacceptable accesses to computer systems is a centuries-old tort called "trespass to chattels." At a minimum, I ought to be able to sue the Danish company for the damage it caused me from its illegal access. Granted, the damage caused by my inability to send an email is likely not terribly significant. You can always pick up the phone, print the message out, and fax it or mail it