From owner-nanog@merit.edu Wed Aug 9 22:00:58 2006 To: nanog@merit.edu Subject: Re: SORBS Contact From: Allan Poindexter <apoindex@aoc.nrao.edu> Date: Wed, 09 Aug 2006 20:59:36 -0600
Matthew> so would you consider as it is my network, that I should Matthew> not be allowed to impose these 'draconian' methods and Matthew> perhaps I shouldn't be allowed to censor traffic to and Matthew> from my networks?
If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic.
Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources "don't want" that cr*p, then I do 'have an obligation' to _not_ deliver that traffic. And _how_ I implement that, to the satisfaction of =my= customers, is NONE OF _YOUR_ BUSINSESS, since you are *not* one of my paying customers. I don't have to tell _you_ what I do; I don't have to listen to any of your 'complaints'; and I sure-as-hell don't have to defend, _to_you_, what I do.
At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things.
Do *you* _KNOW_ how hotmail came up with that determination that 'users got it wrong some small percentage of the time'? If you *don't*, you are exhibiting _at_least_ as much 'arrogance and presumption' as you accuse them of. I *KNOW*FOR*A*FACT*, that some people _do_, occasionally 'get it wrong'. I, _personally_, have done it. Be it an 'off-by-one' error in selecting and marking the message, to a long-delayed response to something _I_ sent, and that came in _without_ reference to what I sent, errors *DO* happen. Note: it can be _really_ easy to figure out if/when people mis-identify 'spam'. You ask them to classify a bunch of old messages, presented one at a time. You present the _same_ message *more*than*once*. If they mark it is 'good' three times, and 'spam' once. Then they *did* 'get it wrong' -- it's not certain _which_ way they 'got it wrong', but it *IS* absolutely certain that they did 'get it wrong' "at least once". I've seen some of the stuff AOL _users_ flag as 'spam' -- "content analysis" *alone* virtually guarantees that they were flagged in error. Things like college acceptance letters from Division I schools, bank overdraft notices, NDRs for mail they themselves *sent*, 'delivery receipts' and/or 'read receipts' that they had _requested_ on mail they sent out, etc., etc.
There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
If you want 'reliable' delivery, you _pay_ the recieving system (and the intermediaries) for that service. Your lack of patience with something other people _give_ you the free use of is, quite simply, an inexcusable display of arrogance and presumption.
Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources "don't want" that cr*p, then I do 'have an obligation' to _not_ deliver that traffic.
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it. Your argument is similar to a mall that claims they can shoot people who don't buy anything. After all, their only obligation is to those who pay them. But of course neither you nor they can do that. By setting up a network and connecting it to the Internet, you know that you will sometimes carry packets that are neither from nor to someone with whom you have a contract. Those are not your packets, and you have no contract with their owners, but you handle them in the ordinary course of your business, so you have a variety of tort obligations to them. The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything. I see the view you are expressing quite commonly among network operators and it is, IMO, dangerous. It is, of course, your network. But it handles other people's data. Of course, you can protect your own network. Just as FedEx can destroy a bomb if someone tries to ship it through them. But you cannot do whatever you want with "your packets" unless they really are your packets. I will defend your right to do anything reasonable. However, it is incorrect and dangerous to assert that because it's "your network" you can do anything you want. Even if it's your mall, you can't invite people into it and then shoot them just because you have no contract with them. DS
On Sun, Aug 13, 2006 at 09:11:58PM -0700, David Schwartz wrote:
Your argument is similar to a mall that claims they can shoot people who don't buy anything. After all, their only obligation is to those who pay them. But of course neither you nor they can do that. By setting up a network and connecting it to the Internet, you know that you will sometimes carry packets that are neither from nor to someone with whom you have a contract. Those are not your packets, and you have no contract with their owners, but you handle them in the ordinary course of your business, so you have a variety of tort obligations to them.
Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to.
The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything.
Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it.
Of course, you can protect your own network. Just as FedEx can destroy a bomb if someone tries to ship it through them. But you cannot do whatever you want with "your packets" unless they really are your packets.
The only thing you probably CAN'T do is take someone else's packets that were sent to you (either under contract or not) and sniff or alter them for the purpose of doing something Bad (tm) with the data (probably because said bad activity is already convered under some existing law, e.g. no extorting people, no impersonating others, etc). -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Sun, 13 Aug 2006 21:11:58 -0700 "David Schwartz" <davids@webmaster.com> wrote:
Obligation to _whom_? My only obligations are to those who _pay_ me for access to my systems/resources. If the people who *do* pay me for use of my systems/resources "don't want" that cr*p, then I do 'have an obligation' to _not_ deliver that traffic.
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it.
You do realize that when we talk about "sending" data we are using language in a very loose way, right? Data isn't actually sent. When I "send" a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine. Are you one of those people that makes an extra photcopy when you have to fax one to someone?
Your argument is similar to a mall that claims they can shoot people who
It is illegal to shoot people whether they enter your mall or not.
The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything.
IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
[combined responses]
You do realize that when we talk about "sending" data we are using language in a very loose way, right? Data isn't actually sent. When I "send" a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine.
The packet includes its origin, destination, next hop, and like information. If the copy were identical to the original in all respects, it would not be a copy. There must be some distinction between the two, and it is that distinction that makes the "copy" useful. (That's why you made it.)
Are you one of those people that makes an extra photcopy when you have to fax one to someone?
Why fax something to someone at all then? If the fax really is the same as the original, why bother faxing? Obviously, there is a difference between the two copies, and the value of the duplicate is in that difference. The fact that the information can change physical form doesn't mean it isn't a coherent object. For example, my car may exchange electrons with your sidewalk, but that doesn't make it any less my car. The value of the car is not in which particular electrons it has (which can change) but in their arrangement and utility (which does not). If I have some information that I want to get to a particular place, and I make a copy and dispatch it toward its destination, that copy with its destination information behaves just like my car does. It changes on the way, but it does not ever become any less my car (or the ultimate recipient's car) regardless of whose roads it travels over.
Your argument is similar to a mall that claims they can shoot people who
It is illegal to shoot people whether they enter your mall or not.
Precisely. Your obligation not to destroy someone else's data is a basic tort obligation that applies to how you must treat other people's property, even if it happens to be on "your network".
The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything.
IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them.
You could make a claim against me and I could counter claim against FedEx. But you could also claim against FedEx directly. They destroyed your property.
Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to.
Transit networks route many packets that are neither from nor to anyone they have a contract with. They pass the traffic from aggregators to aggregators. This is the same as a person who walks from store to store in a mall even though he has no contract with the stores, the stores have contracts with the mall.
Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it.
Packets are property. There is no value in returning them to sender but there is value in delivering them to the recipient. If the lack of return value is evidence against property, why is the presence of delivery value not evidence for? I don't deny that you can drop a packet on the floor if nobody paid you to carry it and you did nothing to solicit its presence on your network. That is not the same as the case where somebody paid you to carry the packet, but the person who paid you is not the owner of the packet but merely someone similarly contracted by the owner.
This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent.
You are quite correct *if* they are the agent for the intended recipient. In the general case, a transit carrier will not be an agent for the intended recipient and possibly not for the originator either.
Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data...
Exactly. I think the mail case is simpler though because it is quite rare for an email message to wind up in the hands of someone who has no contractual relationship with either the sender or the recipient. Exceptions would include things like relay rape where I think it's quite reasonable to argue that the purely abusive nature of the transaction (and the sender's specific selection of your relay) justify dropping it on the floor. Someone who chose to hand an email to you specifically even though you are neither the sender nor the recipient and hope that you would deliver it is not the same as someone who sent a packet to you because you are the route towards the recipient. I suppose another version of the FedEx hypothetical would be if FedEx advertised that they would carry packages to Denver without fee but then destroyed half of them. BGP advertisements and DNS MX records are solicitations for other people's property. I would also remind everyone that the interception or diversion of electronic communications is illegal in the United States, even if you do not look at the contents. (There are exceptions, of course, but the law definitely is not "it's your network, do whatever you want with the data on it".) DS
The thread was originally very benefitial (for me, as we use SORBS and provide some basic SMTP services), despite being somewhat off-topic for NANOG... but has now evolved into the Battle of Awful Analogies(tm). Discussions of this type always resort to the same analogy, for that matter: cars. It seems we've reached that point. Also, as I'm still fairly new here: why do so many NANOG threads go this route (pun intended)? Are some folks here unable to simply say what they mean? Just curious. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Last time I saw someone so strenously crying that 'thou must accept mail' and trying so hard to justify why we should accept it was a low life toss pot scum sucking spammer, ooops I mean direct marketer, ahh stuf fit, both the same thing ... not implying anything here but if the shoe fits.... On Tue, 2006-08-15 at 06:46, David Schwartz wrote:
[combined responses]
You do realize that when we talk about "sending" data we are using language in a very loose way, right? Data isn't actually sent. When I "send" a packet of data, I still retain that data. If you lose it you have only lost your copy of it, not mine.
The packet includes its origin, destination, next hop, and like information. If the copy were identical to the original in all respects, it would not be a copy. There must be some distinction between the two, and it is that distinction that makes the "copy" useful. (That's why you made it.)
Are you one of those people that makes an extra photcopy when you have to fax one to someone?
Why fax something to someone at all then? If the fax really is the same as the original, why bother faxing? Obviously, there is a difference between the two copies, and the value of the duplicate is in that difference.
The fact that the information can change physical form doesn't mean it isn't a coherent object. For example, my car may exchange electrons with your sidewalk, but that doesn't make it any less my car. The value of the car is not in which particular electrons it has (which can change) but in their arrangement and utility (which does not).
If I have some information that I want to get to a particular place, and I make a copy and dispatch it toward its destination, that copy with its destination information behaves just like my car does. It changes on the way, but it does not ever become any less my car (or the ultimate recipient's car) regardless of whose roads it travels over.
Your argument is similar to a mall that claims they can shoot people who
It is illegal to shoot people whether they enter your mall or not.
Precisely. Your obligation not to destroy someone else's data is a basic tort obligation that applies to how you must treat other people's property, even if it happens to be on "your network".
The same would be the case if I used FedEx to return something of yours to you. If they destroyed your property, you would have a claim against them even though you didn't pay them for anything.
IANAL but I am pretty sure that my claim would be against you, not FedEx. You would have to counter claim against FedEx because you made the contract with them.
You could make a claim against me and I could counter claim against FedEx. But you could also claim against FedEx directly. They destroyed your property.
Whatever you're smoking, you've really gotta share some with the rest of us. :P I guarantee you that there is not a single packet that I will route which is neither from nor to someone I have a contract with. If you want to give away free service to people without contracts that is your right, but I sure as hell don't have to.
Transit networks route many packets that are neither from nor to anyone they have a contract with. They pass the traffic from aggregators to aggregators. This is the same as a person who walks from store to store in a mall even though he has no contract with the stores, the stores have contracts with the mall.
Packets are not property, there is no intrinsic value in returning them to sender. Plus I guarantee you if you drop off a package with Fedex and don't pay for it (thus entering into a contract with them for services), they will eventually throw it in the trash rather than deliver it.
Packets are property. There is no value in returning them to sender but there is value in delivering them to the recipient. If the lack of return value is evidence against property, why is the presence of delivery value not evidence for?
I don't deny that you can drop a packet on the floor if nobody paid you to carry it and you did nothing to solicit its presence on your network. That is not the same as the case where somebody paid you to carry the packet, but the person who paid you is not the owner of the packet but merely someone similarly contracted by the owner.
This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent.
You are quite correct *if* they are the agent for the intended recipient. In the general case, a transit carrier will not be an agent for the intended recipient and possibly not for the originator either.
Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data...
Exactly. I think the mail case is simpler though because it is quite rare for an email message to wind up in the hands of someone who has no contractual relationship with either the sender or the recipient. Exceptions would include things like relay rape where I think it's quite reasonable to argue that the purely abusive nature of the transaction (and the sender's specific selection of your relay) justify dropping it on the floor.
Someone who chose to hand an email to you specifically even though you are neither the sender nor the recipient and hope that you would deliver it is not the same as someone who sent a packet to you because you are the route towards the recipient.
I suppose another version of the FedEx hypothetical would be if FedEx advertised that they would carry packages to Denver without fee but then destroyed half of them. BGP advertisements and DNS MX records are solicitations for other people's property.
I would also remind everyone that the interception or diversion of electronic communications is illegal in the United States, even if you do not look at the contents. (There are exceptions, of course, but the law definitely is not "it's your network, do whatever you want with the data on it".)
DS
David Schwartz wrote:
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it.
The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of "property" to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement. <triviata deletia> -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Laurence F. Sheldon, Jr. wrote:
David Schwartz wrote:
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it.
The nonsense is here! I am not a lawyer, but I am pretty sure that if you abandon property (stretching the definition of "property" to get you foolishness into view) that I did not ask for on my property, I am am pretty sure that not only can I abate the nuisance, I in doing so have a tort claim against you for the damage and the cost of abatement.
<triviata deletia>
Too bad I'm no longer bright enough to read my own .sig! Among other things, it says there from time to time: "Ex turpi causa non oritur actio" which I believe to be Lawyer Latin for "No cause of action may be founded upon an immoral or illegal act". (Thanks sixthformlaw.info for the quotation.) -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
On Sun, 13 Aug 2006 21:11:58 PDT, David Schwartz said:
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it.
Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data...
On Aug 14, 2006, at 12:00 PM, Valdis.Kletnieks@vt.edu wrote:
On Sun, 13 Aug 2006 21:11:58 PDT, David Schwartz said:
Nonsense. You have tort obligations as well as contractual obligations. Specifically, if you take custody of someone else's data, and you have no contract with that person, you have a tort obligation not to destroy it.
Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data...
This is ridiculous (not your argument, Valdis, but the whole thread in general). If my customers ask me to, or accept via subscribing to a service with a TOS that so permits, me accepting their mail and throwing it away silently, then that's between me and them, nobody else. This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard anything from, say, an ex-wife. My ex-wife has no claim, in this hypothetical, against MBE for tossing my package in the trash, because they're acting as my agent. Now, *I* might have a claim against MBE, if I never authorized them to do so and they didn't have a terms-of-service document which I'd agreed to (actively or passively) which said they could do it, but that's a claim between my agent and myself, not the sender. Cheers, D -- Derek J. Balling Manager of Systems Administration Vassar College 124 Raymond Ave Box 0406 - Computer Center 217 Poughkeepsie, NY 12604 W: (845) 437-7231 C: (845) 249-9731
On Tue, 2006-08-15 at 02:13, Derek J. Balling wrote:
Of course, that only applies if you're dumb enough to answer '250 OK' to the '.' after the DATA. You 5xx that puppy anywhere before that, and you haven't taken custody of that data...
This is ridiculous (not your argument, Valdis, but the whole thread in general).
Valdis's is correct, before the DATA is akin to "hello anybody home" and then "does jack live there" if I say yes he does, it does not mean you can come in just because jack lives there
This is no different from me authorizing Mail Boxes Etc to be my proxy for UPS packages, and them being allowed to simply discard
It is very different because you hold a physical package or something for someone you are paid by somebody to do it, unless you operate a charity -- Regards, Noel Butler System Administrator Internet Services L.C.P No. 251002 http://counter.li.org --------------------------------------------------------------- This Email and any attachments may contain legally privileged information and remains confidential. You may not reveal any of the contents to anyone without the authors express authority to do so. If you are not the intended recipient please notify the sender of this error and delete immediately. ---------------------------------------------------------------
On Sun, 2006-08-13 at 13:29, Robert Bonomi wrote:
If you want 'reliable' delivery, you _pay_ the recieving system (and the intermediaries) for that service. Your lack of patience with something other people _give_ you the free use of is, quite simply, an inexcusable display of arrogance and presumption.
here here! very well said entire post, I have left only this para tho, because my second comment, and thats my suggestion is they can pay for a co-located machine that they can go out and get a domain for and run their own mail server on and get as much spam and virus's they want :) that of course will never interfere with 99.999999999999 reptv % of customers *dont* want. -- Regards, Noel Butler System Administrator Internet Services L.C.P No. 251002 http://counter.li.org --------------------------------------------------------------- This Email and any attachments may contain legally privileged information and remains confidential. You may not reveal any of the contents to anyone without the authors express authority to do so. If you are not the intended recipient please notify the sender of this error and delete immediately. ---------------------------------------------------------------
participants (9)
-
D'Arcy J.M. Cain
-
David Schwartz
-
Derek J. Balling
-
Jeremy Chadwick
-
Laurence F. Sheldon, Jr.
-
Noel
-
Richard A Steenbergen
-
Robert Bonomi
-
Valdis.Kletnieks@vt.edu