[e-privacy] Blacklists vs. Spam

[Avv. Barbara Gualtieri]

Blacklists vs. Spam
  Blacklists, chi controlla il controllore


Le "Blacklists"  sono un fenomeno nato su Internet, spesso
su base volontaria, in risposta al diffondersi dei
messaggi e-mail non sollecitati (spam). I "blacklist
operator" offrono a siti, aziende e ISP, sulla base di
"liste nere" di soggetti ritenuti "smammer", un servizio
di interdizione dei messaggi in arrivo che in pratica non
vedremo mai nella nostra casella di posta elettronica.
Tutto bene finche' non si considera quella percentuale di
posta perfettamente legittima che per un errore o per una
politica anti-spam particolarmente restrittiva non
raggiungono mai la nostra scrivania. David McGuire, sul
sito washingtonpost.com, riferisce di alcuni di casi
esemplari, come quello di Mr.  Haselton , la cui
organizzazione e' finita nella lista nera di MAPS (Mail
Abuse Prevention System) semplicemente perche' il suo
internet provider "si era rifiutato di sospendere il
servizio a compagnie sospettate di fare affari con
spammer".
Casi del genere sono tutt'altro che infrequenti. Servizi
di blacklist come MAPS o Spamhouse.org sono utilizzati da
milioni di siti, che non potrebbero farne a meno senza
essere sommersi di offerte di smart drugs e di viagra. Ma
la soluzione appare poco sostenibile dal punto di vista
della liberta' di informazione, un diritto che, come
osserva  Patti Waldmeir in un apparso articolo su
Financial times del 19 maggio, e' ha reso possibile anche
l'odioso fenomeno dello spam.  Rispetto al quale, le
blacklist possono in molti casi rappresentare un rimedio
peggiore del male  stesso.
Per saperne di piu':

A Powerful Tool for Defeating Junk E-Mail Has Its Detractors

(da washingtonpost.com)
____________
A Powerful Tool for Defeating Junk E-Mail Has Its Detractors

David McGuire
washingtonpost.com Staff Writer
Wednesday, May 14, 2003; 7:10 AM


Bennett Haselton didn't realize at first that his e-mail wasn't being
delivered. While doing some routine maintenance, the First Amendment
activist noticed in September 2000 that not only were his outgoing e-mail
messages being blocked, but his Web site, Peacefire.org, was unreachable by
many Internet users.

Three years later, Haselton knows firsthand that the war against the wave of
unsolicited commercial e-mail -- spam -- that is paralyzing computer
networks worldwide is a messy one. It's a war waged not just by the
corporate giants who own the computer networks that make up the Internet's
backbone, but by little-known guerilla groups equally opposed to junk
e-mail. It's a war with lots of unintended consequences, as Haselton found
out when he learned that his e-mail problems were the result of his
organization being blacklisted.

Blacklists, also referred to as "block lists" or "blackhole lists," are
compilations of Internet addresses associated with known spammers. Many are
publicly available online, and system administrators often use the lists to
block all incoming e-mail from those addresses. Like black holes, they are
powerful and poorly understood -- and escaping their grasp can be
impossible. This has made them one of the most effective yet controversial
weapons in the crusade against unsolicited e-mail.

Haselton found out that his organization had been placed on the Mail Abuse
Prevention System (MAPS) list because of complaints that his Internet
service provider, Media3 Technologies, refused to cut off service to
companies suspected of doing business with spammers. MAPS blacklisted a
group of Media3's addresses, and ISPs using the MAPS list blocked e-mail
coming from those addresses -- including Haselton's.

Blacklist operators call this "collateral damage," admitting that it is an
unfortunate side effect. But for people like Haselton, who can go unaware
for weeks that their messages are dissolving into the ether, collateral
damage can seriously hinder someone's ability to communicate via the
Internet.

One problem that the unintended victims of blacklists frequently encounter
is that the people who compile them often keep a low profile. As a result,
it's hard for people whose service providers get blacklisted to appeal.
Sometimes, the only option for someone who gets blacklisted is to change
ISPs.

Even the most ardent spam opponents worry that the cure could be worse than
the disease.

"If you have a block list that stops 100 percent of spam and 75 percent of
legitimate mail, you've solved the spam problem, but you've created another
problem," said Ray Everett-Church, counsel for the Coalition Against
Unsolicited Commercial Email (CAUCE).

But harried system administrators, desperate to prevent spam from crippling
their networks, are more supportive of blacklists. They're the ones who hear
the complaints when their customers are buried in spam, and it's their
budgets that are tapped to foot the bill for the extra bandwidth and
computer space needed to house reams of unwanted e-mail.

The spam problem is so bad that every network administrator uses some sort
of blacklist to sort good e-mail from bad, according to Nate Shue, a senior
network engineer at Vienna, Va.-based software firm Industrial Medium LLC.

Shue said the lists are more useful than spam filters because they block
offending e-mails before they reach the network. Blacklists are a more
efficient option than e-mail filters, which can keep most offensive e-mail
out of recipients' inboxes, but only after those e-mails have entered a
company's network. By the time the filter does its job, the recipient has
already paid the price of handling the message.

"The fact that someone has to hit the delete key is not what I'm concerned
with. You've already suffered the damage at that point," Shue said.

Big e-mail hosts like America Online, Microsoft and Yahoo can afford to
develop their own blacklists, but smaller organizations typically rely on
lists published by groups like MAPS, Spamhaus and SpamCop.

Some administrators take those lists and install them directly at the
borders of their networks, while others, like Shue, use the lists in
conjunction with their own research to determine who gets blocked.