FC: SpamCop's Julian Haight replies to Politech over criticism

[Declan McCullagh <declan () well com>]

Previous Politech message:
http://www.politechbot.com/p-04484.html

---

Date: Fri, 21 Feb 2003 11:35:18 -0800 (PST)
From: Julian Haight <julian () spamcop net>
To: Declan McCullagh <declan () well com>
Subject: Re: "Why the SpamCop blocking list is harmful and inaccurate"
In-Reply-To: <5.1.1.6.0.20030220220651.022157c8 () mail well com>
Message-ID: 
<Pine.LNX.4.33.0302211100560.12658-100000 () shadowfax julianhaight com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Declan.  Thanks for the chance to respond.  I hope this will provide
a counterpoint..

Jeremy never claims his users don't send spam.

However, his freemail service (and all freemail) is an attractive neusance
which spammers have only recently begun to exploit in force.  Many
spammers have started using automated tools to script webmail systems.
Not just for sending mail with an existing account, but to create
thousands of accounts and send spam through each of them until their
limits are reached.  Spammers also use many hundreds of IPs simultaneously
by exploiting open IP proxies.  So I doubt Jeremy is really as successful
as he claims at stopping the spam from his system.  I also think he vastly
under-estimates the amount of spam sent.  Just because he locks one
account, it does not mean that many other accounts are not flying under
his (and my) radar.

Hotmail and AOL as well as other free webmail providers are finally
dealing with the long-standing theoretical possibility that their systems
are no better than open relays.  This vulnerability in webmail has been
known since their inception, but dismissed due to the lack of exploits "in
the wild".  That has changed.  Webmail is vulnerable, and the expoit of
these vulnerabilities is no longer a matter of speculation.

Wednesday, fastmail.fm delivered 14 spam messages to spamtraps on my
system.  That is surely only a small fraction of the spam sent during that
"spam run".  These spamtraps are not known by spammers - I don't think
this spam run is the work of revenge-seekers.  Rather it is a successfull
effort by spammers to use Jeremy's system to send spam.  If his system did
not allow spam to be sent in sufficient quantity, why would the spammers
not move to greener pastures?  They are motivated by greed, not revenge.

Fastmail is worse than other freemail providers in one respect, and ths
may be part of the reason spammers favor it.  Most webmail providers list
the sender's true IP address in the headers of the mail, providing an
audit-trail.  Fastmail does not, thus concealing the source of the
message.  This behavior is actually *worse* than most open relays.  They
at least indicate the "injecting" ip address.

On the other hand, I admit that many of Jeremy's criticisms are valid.
Some are totally off the wall, and I don't have time to respond to every
point.  I am always endeavoring to fix things that are broken.  For
example, I changed my FAQ entry which used the word "thousands".

However, at least the current blocking of fastmail is justified.  If it
makes anyone fell better, several AOL and hotmail servers are also
blocked, and those sites are also scrambling to stop the spammers using
their systems as open relays.  It is a hopeless, or at least up-hill
battle, given the nature of free web-mail.

If I were in his shoes, I would look at the countermeasures taken by IRC
networks, which are often the first-responders to new routes of abuse.
For instance, users of his system should be subject to open-proxy testing
prior to sending mail.

I find it disturbing that Jeremy has decided to shovel dirt about SpamCop
rather than working with me and addressing the valid complaints of people
who receive spam from his system.  Sounds a lot like killing the
messenger who brings bad news.

- -=Julian=-

On Thu, 20 Feb 2003, Declan McCullagh wrote:

> I will give Julian the opportunity to reply. (Though he chose not to in
> December, when we discussed how SpamCop blocked two of its competitors.)
>
> Background on SpamCop:
> http://www.politechbot.com/cgi-bin/politech.cgi?name=spamcop
>
> -Declan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+Vn92kdq17G+XLoYRApZqAKCMBKFVEV9CtV2gDj1L6AEsqtR4jgCfVACl
rF7Gj3MfiJDNMUiBy4OyNXc=
=/ZqC
-----END PGP SIGNATURE-----




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------