From owner-nanog@merit.edu Tue Mar 15 13:21:45 2005 From: Randy Bush <randy@psg.com> Date: Tue, 15 Mar 2005 11:21:35 -0800 To: nanog@merit.edu Subject: Re: sorbs.net
a few questions
o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli?
_Legally_, it is *not* extortion, unless the thing that is 'taken' (*with* the 'under duress' consent of the victim) goes, directly or indirectly, to the party making the 'threat'. Noting also, that the legal definition of extortion requires a the property, goods or services be given up in response to a "threat" to do something if that property, goods or services are *not* turned over to the threatener; Thus, a situation where somebody does *not* act unless something is recieved, cannot be, legally, extortion. SORBS has been running for "much longer" than a year. To the best of my knowledge, strictly within their published guidlines. As with any other 'voluntary use' blocklist, it's "clout" is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ "self regulation" at work.
o the ts&cs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly?
As I understand it -- and I'm -not- an expert on SORBS -- they list individual IP addresses on various lists, for various different kinds of problems. Far and away,the biggest being originating spam. Listings _do_ "age off", taking an unknown period of time after 'someone' makes a request for removal. The donation is purely voluntary, and when provided, the SORBS operator does 'expidate' handling of the removal request. For some strange reason he believe that those people are 'more serious' about ensuring that problems don't occur from their machines again. I have no opinion as to the validity of that reasoning.
On Tue, 15 Mar 2005 13:42:24 CST, Robert Bonomi said:
As with any other 'voluntary use' blocklist, it's "clout" is only as good as the number of people using it. If serious questions arose as to the 'integrity' of the list, or the list operator, the vast majority of the mail-server operators using it would *stop* doing so. And any lack of integrity would be a moot issue, since 'practically nobody' would still be using it. It is _textbook_perfect_ "self regulation" at work.
This is, of course, making the rather big assumption that the person who decided to use said blocklist: a) was fully cognizant of the list's goals and policies when they chose to use it. *and* b) is willing and able to track deviations on an ongoing basis. *and* c) whoever replaces them is also able to do so. If it was in fact "textbook perfect", we'd never hear about stuff breaking when a block list goes belly up with six month's warning, and people *still* being surprised when suddenly everything returns 127.0.0.2 and a lot of mail goes kaboing.
participants (2)
-
Robert Bonomi
-
Valdis.Kletnieks@vt.edu