Hi folks. A few points about Sorbs (I've also started a web site www.iadl.org to track abuse of the internet for defamation purposes. The web site isn't finished, yet.) 1) Someone said Sorbs is just Matthew Sullivan. Well, _Sullivan_ said it isn't just him. Yeah, sure, that has credibilty... However, my own experience with Sorbs has revealed that it is also Alan Brown (formerly of ORBS) and Kai Schlicting. We all remember Alan from the ORBS shutdown, I hope. Alan was found by three courts in separate cases to be defaming people (two by using a blacklist). Well, Alan claimed our address space was hijacked and that the OSF didn't exist anymore. This was picked up verbatim by Sorbs. When I contacted Sullivan to tell him this was false, Schlichting send an "anonymous" message from abuse@conti.nu to The Open Group. (www.osf.org goes to www.theopengroup.org). After that, they dropped the part of OSF not existing anymore. [You all know the The Open Group (TOG): They do Motif, X Window System, DCE, CDE (used on sun, hp, compaq, ibm, etc). They own the Unix trademark, XPG4 suite, they do standards compliance testing, etc. They do lots of things.] The general counsel for TOG forwarded me the defamatory email from Schlicting demanding that TOG explain why we provide them services and why we are allowed to use 130.105/16 and other nonsense. Here's just a sample, indentation his: however ARIN regulations and their predecessor's (the Internic: operations funded by ARPANET) regulations make it quite clear that the resources allocated by these registries are for the public benefit, and are nothing short of a government grant for use of a public, shared resource. Government grants are not transferable without explicit and advance permission, and their beneficial details and use are open to the public for inspection, and likely covered by the FOIA. Yeah, right. The message was anonymous, from abuse@conti.nu, which I tracked back to Schlichting. After a complaint to their hosting provider, (at the time, XO), Sorbs was apparently booted from XO for its defamatory statements in violation of XO's AUP. Another Sullivan site that was threatening mailbombing was also booted. Interestingly, Sullivan tried to convince XO that Sorbs.net and dnsbl.sorbs.net were different and that he wasn't responsible for dnsbl.sorbs.net, and so XO shouldn't boot www.sorbs.net. XO didn't buy it, I guess. SORBS was then given hosting by ISC.ORG, which doesn't have an AUP (interesting by itself), and apparently doesn't mind being associated with court-proven liars and mailbombers. Also interestingly, the Sorbs web site contains (or used to contain) a lot of logos for vendors. At first glance, these seem to be endorsements or support. But if you read the text, it just says not to complain to these other companies about Sorbs. Sorbs did claim that Sun donated equipment. I contacted Sun in Australia, and they had no record of donating anything to Sorbs. The most I have been able to find out about Sullivan is that he is/was a student at the University of Queensland in Australia. In his email to me, he claimed that I should sue him because he has no assets. Well, indeed, we can sue him for defamation and expect the similar results as in the 3 similar ORBS lawsuits. Brown/ORBS tried to say his false claims were just opinion. As did MAPS in Exactis V. MAPS. Interestingly, in his messages to me, Sullivan claimed that the (US) First Amendment protects him. This has been refuted in US courts and is a frivolous claim even in the US, but certainly it doesn't protect Australians in Australia. The court, in addressing ORBS's false claims, noted they were basically a personal attack. But, indeed, I have not so far located any substantial assets other than Sorbs itself, which doesn't seem very substantial. I'm still looking. Australian law gives us 5 years from the last false claim to file suit. So we have (at least) until March 2010. If anyone has any more information about Sullivan or his personal assets, please let me know. I note that Brown lost his ISP to pay for damages in his ORBS court cases. This was followed by a strategy posted by Ron Guillmette for preventing assets from being put at risk by abusive blacklists. Sullivan seems to be following that strategy. When Sullivan says "sue me I have no assets", he's telling me that it is of little point to lay out $50K to sue someone who's economic substance amounts to being barely above homeless and who almost certainly can't pay the damages when they lose. Rich Kulawiec mused:
On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote:
unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp.
Then gripe at the people who chose to use it: it was *their* decision, and if it was a poor one, then they are the people who need to be held accountable for it.
I haven't found it to be too much of a headache, so far. After almost 2 years of listing by SORBS, its little more than annoying. I suppose that could change if someone really starts promoting SORBS and ignoring its history. When we come across someone using Sorbs (a couple times a month, though I had three in the last week--though they were all university student run servers), I just call them up and point them to information about Sorbs, and our listing. That's usually enough for them to quit using SORBS. A good link is http://www.pathname.com/~corpus/NET.age It shows that SORBS isn't blocking anything. To get into double digits, you have to use the SORBS DUL list, which is copied from elsewhere. Nearly all of the rest is under half a percent. But I usually compare the SORBS ZOMBIE(hijacked) list with more reputable hijacked lists: OVERALL% SPAM% HAM% S/O RANK SCORE NAME:0-1 OVERALL% SPAM% HAM% S/O RANK SCORE NAME:1-3 OVERALL% SPAM% HAM% S/O RANK SCORE NAME:3-6 0.089 0.1046 0.0054 0.951 0.42 0.82 RCVD_IN_SORBS_ZOMBIE:0-1 0.035 0.0365 0.0312 0.539 0.43 0.82 RCVD_IN_SORBS_ZOMBIE:1-3 0.094 0.1095 0.0000 1.000 0.46 0.82 RCVD_IN_SORBS_ZOMBIE:3-6 0.015 0.0179 0.0000 1.000 0.36 1.00 RCVD_IN_WHOIS_HIJACKED:0-1 0.007 0.0088 0.0000 1.000 0.43 1.00 RCVD_IN_WHOIS_HIJACKED:1-3 0.081 0.0946 0.0000 1.000 0.45 1.00 RCVD_IN_WHOIS_HIJACKED:3-6 I note that SORBS blocks _ham_ as hijacked, while more reputable lists block no ham as hijacked. Apparently it isn't just Av8 they are lying about. And in the very few cases where we've run into SORBS supporters, our lawyers have noted that such blacklisting is itself defamation, unlawful participation in a group boycott, tortious interference in a contract and other things. That takes care of that. But that's been pretty rare. Nearly all users of SORBS are of the misled variety. And even the supporters seem to have trouble with it. I noted recently that even ISC no longer uses SORBS for mail filtering.
Look, if I want to publish a blocklist of all domains with the string "er" in them and all IP addresses ending in .7, that would be a silly thing to do: but after all, it's just a list.
There are consequences, of course, to doing irresponsible things, and to misleading your subscribers, and to blocking email that your subscribers didn't authorized you to block. And even if legal consequences aren't pursued, there are still consequences to being a liar, and consequences to associating with liars and disreputable people. The first consequence is that people will point out one's associations/false statements/etc. These things indicate the character of a person. Sometimes there are requirements of good character necessary to, say, hold public offices, hold certain licenses, etc. For example, this is why former New York mayor Rudi Guiliani found it necessary to dissolve his business partnership with Bernie Kerik after Kerik was found associated with the Mafia. In other cases, its just embarrasing to be found associated with such people. But there are always consquences of some sort or other. No bad deed goes unpunished. Its just a matter of time. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote:
Look, if I want to publish a blocklist of all domains with the string "er" in them and all IP addresses ending in .7, that would be a silly thing to do: but after all, it's just a list.
There are consequences, of course, to doing irresponsible things, and to misleading your subscribers, and to blocking email that your subscribers didn't authorize you to block.
Well, you know, as much as a pain as everyone seems to think SORBS is, this approach to the thing has a certain baby/bathwater feel to me, Dean: it seems to make running a blacklist *at all* A Bad Thing... which, my perception is, is *not* the sense of the Net. As for "didn't authorize you to block", two thoughts come to mind: first, the person with the last clear chance in a mail blacklisting situation is the mail admin in question, is it not? If you're running blacklists, and you're concerned about what they block, I should think it would be up to you to back-check the judgement of the BL operator by doing end-to-end testing. And second, to the extent that you *are* using a given list, I suspect (and IANAL, of course), that you are -- constructively -- allowing them to act as your agent for the purpose of deciding which mail to block (absent caselaw to the contrary, which I'll admit I haven't researched), which gives you a lot less leeway to be mad at them. And of course, the only *real* liability you ought to have in the first place is to *your users*, and as long as you're disclosing to them that you use mail BL's, then that one's a bit arguable, as well. Cheers, -- jr 'IANAI,E' a -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
On Mon, 2005-03-28 at 09:55 -0500, Jay R. Ashworth wrote:
As for "didn't authorize you to block", two thoughts come to mind: first, the person with the last clear chance in a mail blacklisting situation is the mail admin in question, is it not?
Many administrators avoid complaints by placing within the message refusal, the name of the real-time black-hole list. In many ways, this is a better situation for the sender than filtering, which places messages into junk folders or silently drops messages. (Some filter programs even toss these DSNs because they appear to be spamvertisements.) In some cases, the administrator may return the wrong list. This is why most list providers offer a query form. Many abusers fake DSNs, just to get someone reading them, as DSN tend to avoid the junk folder. The real-time black-hole list operation takes the task of reviewing complaints, notifications, and response records to assist in resolving issues, to maintain acceptable use policies as part of the service. Some providers do not wish to enforce policies demanded by the community using the list, such as opt-in for bulk email and controlling access. This disregard of policy may cause collateral blocking affecting their other customers, and, although unfortunate, is often unavoidable. With growing reliance upon RBLs as a means to protect resources, in addition to establishing acceptable practices, few are confused as to how these lists work, and contracts further ensure these details are understood. Is there a cogent means to abate abuse that does not include some form of reputation or accreditation? Pattern recognition within filtering is a type of reputation based upon content, but alone, this does not scale and may create worse problems. There is no perfect system, but what system is better? -Doug
On Mon, 28 Mar 2005, Jay R. Ashworth wrote:
On Sun, Mar 27, 2005 at 05:57:13PM -0500, Dean Anderson wrote:
There are consequences, of course, to doing irresponsible things, and to misleading your subscribers, and to blocking email that your subscribers didn't authorize you to block.
Dean: it seems to make running a blacklist *at all* A Bad Thing... which, my perception is, is *not* the sense of the Net.
Not at all. Responsible blacklisting doesn't have to do irresponsible things. For example, most people agreed that MAPS had no business blocking Exactis; Exactis didn't meet the MAPS definition for blacklisting. SORBS clearly doesn't have to lie about Av8 Internet's address blocks: 130.105/16 and 198.3.136/21. etc. I'm definitely not saying that all blacklisting is bad: It isn't.
As for "didn't authorize you to block", two thoughts come to mind: first, the person with the last clear chance in a mail blacklisting situation is the mail admin in question, is it not? If you're running blacklists, and you're concerned about what they block, I should think it would be up to you to back-check the judgement of the BL operator by doing end-to-end testing.
I agree the mail admin is usually the last chance for assessing BL reputation before use. But nearly every call I make to an admin using SORBS results in a response of the sort: "Gee, I didn't know they were doing this sort of thing, give me a second...they're gone. let me know if you any more problems". Before that it was ORBS, etc--the list is long and ignomious. But most people "in the know" just know. Its the people "not in the know" who get misled.
And second, to the extent that you *are* using a given list, I suspect (and IANAL, of course), that you are -- constructively -- allowing them to act as your agent for the purpose of deciding which mail to block (absent caselaw to the contrary, which I'll admit I haven't researched), which gives you a lot less leeway to be mad at them.
I agree. But they said they were going to block _spam_. They don't usually say 'we're going to use the list to boycott non-spammers'. And they don't usually say they just block whoever we feel like. They usually don't say "we want you to help us on our non-spam vendetta quest". They usually say they are trying to block spam. They usually have some criteria for blocking, which they then violate.
And of course, the only *real* liability you ought to have in the first place is to *your users*, and as long as you're disclosing to them that you use mail BL's, then that one's a bit arguable, as well.
However, most ISPs don't disclose what BL they use until there is a problem. I've yet to find the BL listed in the product service description for email services. And I've never found an ISP that says "We're going to participate in boycotts for personal vendetta's, your email is a weapon for us." The BLs don't say that to the subscribers/ISP's; the ISPs don't say it to the users. Neither the ISPs nor the end users want that. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Dean Anderson wrote:
Hi folks. A few points about Sorbs (I've also started a web site www.iadl.org to track abuse of the internet for defamation purposes. The web site isn't finished, yet.)
1) Someone said Sorbs is just Matthew Sullivan.
Well, _Sullivan_ said it isn't just him. Yeah, sure, that has credibilty...
However, my own experience with Sorbs has revealed that it is also Alan Brown (formerly of ORBS) and Kai Schlicting. We all remember Alan from the ORBS shutdown, I hope. Alan was found by three courts in separate cases to be defaming people (two by using a blacklist).
Dean, this is so far off topic its not funny. I am not going to discuss this further on NANOG, should you wish to discuss it you are welcome to join dnsbl-users@sorbs.net and make your case there (as anyone interested is welcome to subscribe and take a look). My information is that you did not apply for the address space in question for AV8, and that you took the address space from your former employers when you left by virtue of being the admin and technical contact for the netspace. That information has come from multiple reputable sources. I have repeatedly asked you for proof that you are the rightful owner of the netspace, and am still waiting for that proof - I'll be happy to delist any Zombie/Hijacked listings as soon as the rightful owners have the netspace in their possession and where they think they are the rightful owners and the information suggests otherwise (your case), a small piece of evidence is required for the delisting (eg a copy of a letter from the OSF stating that they gave you the netspace as a leaving 'present') .... and some facts that you seem to be lacking: SORBS was created by me and I along with 18 other volunteers run it. Neither Alan nor Kia have anything to do with SORBS (neither past or present). My sites have not been, nor have ever been, booted from XO netspace (ns1.sorbs.net and http://www.isux.com/ ). I have never been a student of The University of Queensland. Regards, Matthew PS: If you reply in NANOG, don't expect a reply from me this is OFF TOPIC!
participants (4)
-
Dean Anderson
-
Douglas Otis
-
Jay R. Ashworth
-
Matthew Sullivan