Re: Lawsuit threat against RBL users

[George Herbert <gherbert () crl com>]

Karl Denninger <karl () Denninger Net> writes:
> On Thu, Nov 19, 1998 at 01:58:40PM -0800, George Herbert wrote:
> > RBL policy is that they won't block anything more general than
> > is warranted by particular spam complaints and the subsequent
> > actions in response to those complaints or to a pattern of complaints.  
> > For example, a bunch of complaints come in reporting that various
> > dialups spammed ads for www.biteme.com, a masochist oriented porn site,
> > which is hosted on an IP address which is part of wehost.net .
> > The proper procedure is that people complaining to RBL have to
> > have contacted wehost.net and not gotten appropriate responses.
> > RBL people will (always?) contact wehost.net for a final warning
> > and status check prior to the block, and will only block
> > the /32 corresponding to www.biteme.com's actual IP address.
> > Thus, no wehost.net customer other than biteme will be inconvenienced.
>
> That does nothing at all, since the only listener on www.biteme.com's
> address is a web server.

It punishes biteme.com for having spammed by blocking access to
their web server.  That's the point.  

> > So yes, under (as I understand them) existing RBL rules, it is possible
> > for purely innocent parties to get bitten (other non-spam related
> > customers of wehost.net) if the ISP fails to respond properly
> > for a significant length of time and number of incidents.
> > I feel that's fair; if the ISP becomes the problem, then they
> > should feel some heat.  As long as the criteria for the ISp
> > being RBled as a whole are sufficiently demanding so ISPs that
> > are merely slow or not-entirely-cooperative don't get unnecessarily
> > RBLed, that makes sense to me.
>
> That's not the scenario that was postulated and led to the latest threat.

Which exact "scenario" did you have in mind?  There have been a whole
bunch posted recently by a number of people.  Are you referring to
the NSI block threat, which falls under a similar scenario where
it's parts of one company rather than an ISP and its varied customers?
Last I saw, Paul stated that NSI's systems were in distinct IP blocks
from internic and internic wasn't being approached as a potential
blockage target.

I've seen a lot of "scenarios" fly around which bear little semblance
to reality and greatly misunderstand how the RBL is (as far as I can
tell from the outside) operating.  Those scenarios are only worth
considering as a theoretical exercise in how a RBL-like entity could
go bad and as examples of how RBL isn't publicizing some of its policies
enough so that people won't be confused about what they do.
RBL in the maps.vix.com sense simply don't do some of the things
that have been at one time or another accused of them,
to my knowledge.    Again, one can postulate a scenario about
a generic blacklist service unfairly affecting innocent parties,
but the actual RBL has what ppear to me to be adequate policies in place
to protect third parties.  People afraid of it really should 
at least listen enough to assuage fears based on policies it doesn't
really have.


-george william herbert
gherbert () crl com  I speak for myself only