Spammers love PacBell


Information Superhighway to Nowhere

March 11, 2002

"I propose that we rename blackhole to shithole, to eliminate potential NAACP lawsuits." (Joe Jared, 2001)

Hey Joe! The above quoted words of wisdom were extracted from the writings of one Joe Jared. "Joe who?" you may wonder. This joesomebody is one of the new breed of cyberjockeys that vie for supremacy over your electronic communications on the Information Superhighway.

After the legal defeat suffered by Alan Brown's ORBS (Open Relay Behavior-Modification System) in 2001 and its subsequent demise, after Paul Vixie's MAPS (Mail Abuse Prevention System) started charging for their "services", and especially after the loss of face MAPS suffered when the out-of-court settlement of the Exactis/Experian vs MAPS lawsuit was made public, the die-hard anti-spam movement began looking elsewhere for new, more radical leaders. Quite a few "me too" start-up blacklists creeped up, then some of the eager souls found out it costs money to stay in business and went under quickly. But Joe's little one-man enterprise managed to thrive, mainly by convincing a giant sponsor to use his services.

The invisible hand behind Joe's murky business is none other than his ISP Pac Bell, an SBC Communications subsidiary. Joe's connectivity for his osirusoft.com domain with ips in NETBLK-PBI-CUSTNET-6224, his website and the various flavors of blacklists he concocted, are provided by Pacific Bell Internet Services. Now if we were to use the same rationale as the spam militia, the mere hosting of a site which contains otherwise legal, but offensive material to some militant group (i.e., spamware in their case) is an offence punishable by immediate blackholing of their communications and continuous zealot harassment, not abating until the ISP boots the client. But we don't complain about that, and don't advocate the censorship of Joe's warez. What Joe does on his own server is his own business, as long as his actions don't adversely affect other unrelated parties.

Sometime in the Fall of 2001, pacbell.net started filtering their subscribers' electronic communications, using their client Jared's relays.osirusoft.com blacklists. Filtering was soon extended to swbell.net (another SBC subsidiary). By the same thinking illustrated above, this is equivalent to a rogue ISP actually using their client's spamware. This means Joe enjoys the official support and backing of telco giant SBC in fencing off your little corner of the Internet. In the words of Pac Bell spokeswoman Linda Bond Williams: "Pac Bell will continue to block e-mail from any server identified by Jared as insecure."

So trustworthy is this joesomebody, that Pac Bell managed to block their own clients when their own ip space was included in the osirusoft.com blacklists by Joe himself! How's that for security?

The SBC faq on "Junk e-mail or spam", common to pacbell.net and swbell.net, assures their customers that:

Our top priority, though, is that none of our customers' legitimate mail be bounced simply because some automated process we were running mistook it for spam.

Reading this, the uninformed SBC customer can now rest assured that none of his correspondence will get lost in the /dev/null bitbucket. You got their word on it. No mention anywhere of the public utility's Internet service using rogue cybervigilante blacklists for filtering electronic communications. Customers usually find out on their own about the practice of stealth blocking, when some important piece of e-mail fails to arrive, or from sporadic press articles.

There is likely more information on the label of a can of spam (the real one from Hormel), than you will ever get about the byzantine policy works of any of the SBC-owned Internet companies. Just try calling their Policy Department: it's a recording. No live human will ever call you back from the Borg blackhole (we tried repeatedly).

A little digging will reveal the ultimate motives behind SBC's patronage of Osirusoft. It turns out that Pac Bell has quite a history of harboring professional spammers. Details, links and concrete evidence are plentiful on THIS ad-hoc website. They are also quick to silence criticism regarding their Internet services. What better protection and PR can they get than hosting and using Joe Jared's blacklist clearinghouse? Let spam fighter Joe whitewash their tarnished image. Let private citizen Joe take the wrap for whatever damage their blocking may cause. Clever, eh?

Our Joe's got the right connections to the underground hacker "in" crowd that populates the shadier corners of the Internet. Novice or old-timer, you got to know the street rules - the motley cybergang stands ready to tear your business apart for the smallest or the most innocent of e-mail infractions. Their ultimate satisfaction comes from having some blacklisted e-mail server owner eat humble pie and beg for his connectivity back. If you think this is fantasy, just venture into the usenet newsgroup news.admin.net-abuse.email, and read a few articles. THIS article confirms that even the SBC policy manager is aware of the chaos.

Is this America or what? Most of the blacklists are foreign-based, and Joe acts as a US amplifier of sorts for all kinds of people with an agenda. Welcome to the New World Order. His relays.osirusoft.com site lists about two dozen different kinds of blacklists, where anyone can "nominate" anybody for oblivion. Joe has developed an automated tool for that (rbcheck), which he freely distributes to the world, so that more Joe hackers out there can incessantly probe any email server at will. Wonder if bin Laden nominated anyone? He may have... who knows? Maybe there's even a bin Laden or two behind some of those foreign "charities" that have your best interests at heart and influence Joe's allegiance. Did he check them out in person? Anything can be expected from a nerd that sheepishly blacklists his own provider's address space.

The idea itself is not new. Joe Jared merely dwelled on work by MAPS associate Chip Rosen (rlytest and blq), and Alan Brown's now defunct probing machine at ORBS. In fact it was this very kind of probing that sparked the MAPS vs ORBS Spam Wars. We also find out from rival MAPS that these tools can easily be abused by spammers, or someone with a score to settle, and that they had to terminate their open relay testing service. How long before Joe hears enough complaints about it? Here's a sendmail log extract showing a probe performed on our smtp server originating from relays.osirusoft.com:

Mar  4 08:49:54 sunny sendmail[12789]: NOQUEUE: ruleset=check_relay, arg1=relays.osirusoft.com, arg2=216.102.236.44,
relay=relays.osirusoft.com [216.102.236.44], reject=553 No access from your IP address.
Mar  4 08:49:55 sunny sendmail[12789]: NOQUEUE: Null connection from relays.osirusoft.com [216.102.236.44]

The real problem here is not Joe. Alan Brown's fallen ORBS history has demonstrated that there are enough fanatics elsewhere in the world willing to take their place and happily be your next censor. Joe is entitled by the US Constitution to publish his opinions, however whacky they may be, and so entitled are the most despicable spammers for that matter. The problem as we see it is with a large telco/ISP, having monopolistic powers in their area of coverage, blindly relying on vigilante third parties to filter electronic communications.

History taught us that services which attained public utility status were eventually regulated by the government. It was a necessity, and thus natural monopolies were born. In a regulated environment, the notion of having "Joe's Private Telephone Listening Service" secretly screening every phone call you get is inconceivable. How about "Joe's Post Office Censor Bureau" opening your every letter? That may still happen in some totalitarian countries, but is certainly not allowed here. Some ISPs that were recently caught monitoring their users' web surfing preferences had man, mouse and some members of Congress in uproar. So what's so different about e-mail? Why should we tolerate "Joe's E-mail Behavior Modification System"? Do you really want your provider having some guy in Irkutsk decide who can or can't receive their messages in LA? Have you even heard of Irkutsk before? Ask Joe about it...

For that matter, can your ISP legally play Big Brother with your e-mail? Federal legislation known as the Electronic Communications Privacy Act of 1996, as codified in 18 USC 2701(a)(2), forbids anyone to intentionally exceed an authorization to access stored electronic communications, thereby preventing authorized access of a user to a communication of or intended for that user. An exception is made for conduct authorized by the person or entity providing the electronic communication service and law enforcement agencies with a warrant. Should we understand this correctly, then Joe, and the mystery guy in Irkutsk, and a Briton somewhere on a houseboat, and some great Danes, and - well, you get the picture - were all anointed SBC authorized agents, or have proper law enforcement warrants, right? What a crew! At least the inquisitors in the Dark Ages were all Catholic...

We all hate spam and want to see it perish. But it is completely idiotic to give up our basic freedom to communicate at will in order to inconvenience a handful of die-hard abusers. Laws and their enforcement, not bars on the windows, stop most crimes from happening in the real world. From the looks of the UBE we receive here, most professional spammer rings have moved their virtual shop to somewhere in the Far East anyway. The collateral damage inflicted on innocent parties by vigilante blacklists, mostly cropped together by whomever wants to vent their anger or frustration, is simply too great.

What we advocate here is that every ISP, and especially the ILECs, should treat electronic communications like a common carrier. Any necessary and legally justifiable spam blocking should be done only in-house, under the direct control and responsibility of the ISP, and the use of third party blacklists by service providers should be outlawed. After 9/11, everyone and their dog probably understood the importance of e-mail communications in a national emergency, and how such an ill-conceived centralized system like Vixie's MAPS or Joe's blacklist clearinghouse may be vulnerable to attack by a malicious party. Do you really want to have to look for a joesomebody somewhere if something happens?

SBC and the other ILECs want Congress to completely deregulate their Internet subsidiaries. There is much opposition to the Tauzin-Dingell bill, and there are many reasons described by others why this is not such a good idea. Solid research in this white paper on How the Bells Stole America's Digital Future provides more reasons to doubt their sincerity. We venture to add another prediction: let Big Brother get away with intently killing off the competition, accept the censoring of your electronic communications by a public utility as the norm, and pretty soon you will be taking the Information Superhighway to nowhere. You won't like the spartan boot camp feel and the well marked pathways you can't stray from of your newly fenced in electronic island on the ILEC reservation.

Links


War is Peace
Freedom is Slavery
Ignorance is Strength




All material published on this site is for information purposes only, and should not be considered legal advice.
Copyright © 2002 NetSide Corporation - All rights reserved

STOP THE MAPS CONSPIRACY!

[ dotcomeon.com ]