From owner-nanog@merit.edu Tue Mar 15 13:21:45 2005 From: Randy Bush <randy@psg.com> Date: Tue, 15 Mar 2005 11:21:35 -0800 To: nanog@merit.edu Subject: Re: sorbs.net
a few questions
o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli?
_Legally_, it is *not* extortion, unless the thing that is 'taken' (*with* the 'under duress' consent of the victim) goes, directly or indirectly, to the party making the 'threat'. Noting also, that the legal definition of extortion requires a the property, goods or services be given up in response to a "threat" to do something if that property, goods or services are *not* turned over to the threatener; Thus, a situation where somebody does *not* act unless something is recieved, cannot be, legally, extortion. SORBS has been running for "much longer" than a year. To the best of my knowledge, strictly within their published guidlines. As with any other 'voluntary use' blocklist, it's "clout" is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ "self regulation" at work.
o the ts&cs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly?
As I understand it -- and I'm -not- an expert on SORBS -- they list individual IP addresses on various lists, for various different kinds of problems. Far and away,the biggest being originating spam. Listings _do_ "age off", taking an unknown period of time after 'someone' makes a request for removal. The donation is purely voluntary, and when provided, the SORBS operator does 'expidate' handling of the removal request. For some strange reason he believe that those people are 'more serious' about ensuring that problems don't occur from their machines again. I have no opinion as to the validity of that reasoning.