7th Circuit Court Opinion on e360 v Spamhaus

Hot off the press, courtesy of the excellent legal document site SpamSuite.com. Mickey Chandler breaks it down:
  • The default judgment stays (e360: 1, Spamhaus 0)
  • The money judgment is overturned (e360: 1, Spamhaus: 11,715,000)
  • The injunction is overturned (e360: 1, Spamhaus: 11,715,001)

Important bits:
Page 12: "We perceive no error in the district court’s conclusion that Spamhaus intentionally elected to abandon its available defenses when it withdrew those defenses from consideration by the court and indicated that it was prepared to accept a default. Spamhaus’ then-counsel confirmed that it wished to “participate in the defense no further” and “do absolutely nothing.” See R.56-1 at 3, 5. It was not erroneous to treat this kind of voluntary abandonment of defenses, raised but not pursued, as a waiver."

Pgs 18-19: "Mr. Linhardt’s affidavit is a conclusory statement of the lost value of his business, based largely on his calculations of lost future profits. It provides a list of businesses involved in “actual and pending contracts” and a total calculation of his calculation of loss, but says nothing about the status of his relationship with those businesses before e360 was listed on the ROKSO. That is, the affidavit claims profit loss in absolute numbers, but provides no information whatsoever to support a finding that such future profits were certain prior to Spamhaus’ act. Particularly given the difficulties that Illinois courts have acknowledged in proving non-speculative amounts of lost future profits, [citations omitted], this affidavit alone cannot provide the requisite “reasonable certainty” for a damages award without the necessity of a hearing. We therefore vacate the damages award and remand to the district court for a more extensive inquiry into the damages to which e360 is entitled."

Pg. 24: "According to the complaint, however, Spamhaus lists entities on the ROKSO for violating ISP terms of use, not “United States law.” The complaint does not allege that Spamhaus defamed e360 by claiming that e360 operated in violation of law. The facts supporting the default judgment, therefore, show only that e360 improperly was listed as a “spammer” by Spamhaus, applying Spamhaus’ own criteria. There is no basis in the judgment for an injunction that modifies Spamhaus’ generally applicable criteria for determining what entities qualify as spammers."

Now things will go back to the district court for redetermination of damages to be paid under the default.

Click on through to the SpamSuite.com page on this topic for more info and excellent analysis from Mr. Chandler.

SPEWS Memorial Day?

I see a very strange thing today (August 30th). APEWS, an "anonymous" anti-spam blacklist (whose listing policies are very broad and of questionable accuracy) has taken down their home page. When you go to www.apews.org, what you find today is a memorial message.

The message pays tribute to the administrator supposedly behind the previous SPEWS blacklist. It's true that SPEWS website and blacklist data stopped being updated approximately a year ago. However, here's no indication beyond this message that somebody actually passed away, or that a single person that somebody knew was actually previously maintaining the SPEWS data.

Here's a copy of the message found on the APEWS website, in case it's changed back by the time you look for yourself:

Today our website and our mailservers are not available, because it is 30. August - SPEWS MEMORY DAY

Our beloved SPEWS operator got hit by a truck and died 30. August 2006. One of his dreams was to make the world a spam free place. As long as spam exists we therefore recommend all of you to shutdown all mailservers at every 30. August for 24 hours.

Be creative to make today a black day for all spammers and spam supporters and a day without mail and spam.

It is just one day in the year so it will not hurt you nor your company, but it will set a wideley visible sign if enough people do so.

Our blacklists are online, but we will not display reasons for listings nor do any removals by today. We will be back by tomorrow. APEWS - Anonymous Postmasters Early Warning System.

An open letter to DNSStuff

Over on DNSBL.com, you'll find my open letter to DNSStuff, where I take them to task for providing incorrect and out-of-date information in their blacklist lookup tool results, even after being warned (and not just by me). Click here to read more.

An open letter to DNSStuff

Dear DNSStuff,

You call your site “the center of the DNS universe” and position yourselves as experts on DNS, but it's time for me to question the DNSBL data and advice you hand out.

On multiple occasions, you've portrayed blacklisting issues as significant by returning blacklist results for certain DNSBLs, even though those lists don't drive any significant blocking issues (or don't block any spam) because they're dead or severely broken.

I've been around the block long enough to know that not every blacklist hit means there's an issue you need to worry about. Some lists have been dead for many months, and others list half the earth. In both of those instances, they're not really blacklists any more as much as historical artifacts waiting to be shut down and carted away.

If DNSStuff is going to continue to provide a widely used blacklist lookup tool, it's time to refine that tool so that it's actively maintained, and change the process so that DNSBL experts are actually involved in its upkeep. I'm not angling for a job here; I've already got one. But clearly, this section of your website needs more direct and active oversight, including involvement from people with significant DNSBL expertise.

Why? Well, let's start with a recap of how that whole APEWS restriction/ transition was handled by DNSStuff.

I contacted Kristina O'Connell, DNSStuff's VP of Marketing, on August 18, 2007. In that email I explained to her how because DNSStuff is incorrectly telling the whole entire world that it is listed on APEWS. UCEProtect had revoked its hosting of the APEWS zones five days previous and subsequently decided to replace the zone with a wildcard entry, to nudge sites to stop using the zone. As this is how DNSStuff was checking APEWS, it was returning data that was scaring email administrators unnecessarily.

She forwarded that email to Kevin Hutchins from DNSStuff support, who responded to me two days later, on August 20, 2007. Kevin explained that DNSStuff is already aware of the issue, and that they had to ask UCEProtect to put in a special text entry to “buy [DNSStuff] some time” to update their DNSBL tool and that they hoped to fix the problem sometime that week. He also went on at length about their responsibility to not judge a list and how they should continue to show all public DNSBLs, to provide a full picture of the space.

All fine and good – except that's not only what they're doing. They're also showing broken lists (APEWS) and dead lists (SPEWS). Leaving them in place produces a myriad of false positives, especially in the case of the UCEProtect APEWS zone.

Kevin also indicated that I was definitely not the only person to raise this issue to them recently.

This has been resolved – finally. I don't know exactly when, but they do seem to be querying APEWS directly now. It was only broken for days.

But wait – maybe it's not all fine and good. APEWS has blacklisted the IP address of DNSStuff's web server. Why? Does DNSStuff send spam? Or is APEWS an overly aggressive, broken list that shouldn't be relied upon?

And then there is SPEWS. Just the other day, I ran across this thread on the DNSStuff Discussion Boards, a paying DNSStuff user points out how the SPEWS blacklist has been dead for more than a year. He's right: It's dead and gone. The website still sits there, and who knows, maybe it could come back someday. But for now, it's frozen and not usable. The SPEWS data files are empty.

Kevin's answer in this thread is that they'll consider adding another asterisk of “not to be used.” As opposed to “doesn't exist,” or removing it because it no longer exists. In my opinion, that's not good enough. It doesn't stop the poor souls, who are not DNS experts, from thinking they have an issue, from running around asking for help, trying to solve an issue that doesn't actually exist.

As a long-time participant in various usenet newsgroups relating to spam fighting, I'm one of a multitude of first hand observers who've watched as system administrators come to these newsgroups begging for assistance. Why? Not because they saw a piece of mail being blocked; not because they've got a reject message in hand linking them to a specific DNSBL, but because they put their IP address into a webform on DNSStuff.com and were informed that they were blacklisted, because DNSStuff told them that they were.

For DNSStuff to continue to show SPEWS in lookup results is laughable. It's the exact opposite of expertise. Please, fix it. Please, bring actual DNSBL experts in to help you build a better tool.

I know you read my site – as you've reached out to me, looking for my help in the past. So I know you'll see this letter. I hope you'll heed this wakeup call.

Regards,
Al Iverson
SpamResource.com and DNSBL.com

Blowback sucks

I hate blowback. Or call it backscatter, or outscatter, if you prefer. Either way, it's no fun.

If your mail server sends it, you're contributing to a growing problem.

I don't know what's worse:
  1. All the blocked messages from the poorly designed Barracuda anti-spam filtering devices out there in the wild. (Accept-then-reject spam filtering is so 1998.)

  2. All the random "Confirm your YahooGroups signup request" emails. (Allowing email signup requests to be originated via email is so 1998.)

  3. All the rest of it I get (bounces from spams forging my domains, etc.).
Actually, I do know which is worse. Consider that list ranked in order of my personal annoyance.

MAPS Blacklisted? It's True!

If this isn't proof that it can happen to anyone, I don't know what is: Apparently MAPS has a compromised computer, found to be sending spam, and that IP address is now blacklisted.

A recent post to the SPAM-L discussion list tipped me off. Someone there noted hits in their maillog from August 15th, suggesting that 168.61.10.155 connected to their mail server, forged an unrelated domain in the envelope sender, and tried to send a message with a subject of “Movie-quality e-card.” Reliable sources suggest that this is an indication of a “Storm” infected desktop.

Secure Computing's TrustedSource Research Portal indicates that traffic from this IP address was first seen back in March. According to that site, the current reputation of this IP address is “Malicious.”

The EmailStuff DNSBL lookup indicates that this IP address is listed on the following blacklists as of August 19th, 2007: CBL, Spamhaus XBL, and SORBS web.

The IP address 168.61.10.155 maps to the FQDN (fully qualified domain name) SJC-Office-DHCP-155.Mail-Abuse.ORG, suggesting that this is a DHCP-assigned IP address in a San Jose office of MAPS (the Mail Abuse Protection System).

Way back about a hundred years ago (okay, about seven years ago), I worked for MAPS. Back then, they were the most feared anti-spam blacklist around. Find yourself on the wrong end of the listing, and 40% of your mail would likely be rejected, because so many internet mail servers around the world utilized the MAPS blacklists.

Since then, many things have changed. The MAPS lists went from free to for-pay usage. MAPS itself went through layoffs and multiple asset transfers. Nowadays, the MAPS data seems to be components of commercial products available from Trend Micro.

Division of Permission

Chad White breaks it down for Email Insider.

Question: When is it okay to start emailing people info about company Y, after they signed up for emails from company X?
Answer: It's not.

It doesn't matter that they both have the same parent company, or that it's perfectly legal. It dilutes your list. You lose relevancy and focus. And you create deliverability issues.

Chad highlights good and bad practices -- how to do it properly, and examples of companies you may not want to emulate if you're looking for email success.

On the APEWS Blacklist

Lots of talk about the "anonymous" APEWS blacklist lately. Over on DNSBL Resource, I summarize everything I've seen on the topic, and include some info regarding its effectiveness as an anti-spam filter against my own spamtrap and hamtrap.

Additionally, I've added a page with tips on what to do if you find yourself blacklisted by APEWS.

The Virtumundo/Jim Gordon Affair

Internet email and security guru John Levine sums it up a lot better than I ever could, so I'll simply point you in his general direction.

Update: John Levine pulled his post down, replacing it with this text: "This post has been withdrawn due to objections from Virtumundo's lawyers."

He links to a copy of the judge's order, which can be found here.

Also, SpamSuite.com has more information on the topic, which can be found here. In addition to commentary, SpamSuite highlights the following excerpts from the order:
"the Court begins by expressing serious doubts about the accuracy with which Defendants’ attorneys recorded and billed both costs and fees in this litigation."
"Furthermore, the prospect that ... well over 1,000 hours—was spent on the Linke Log is absurd."
"Having seen the results of this project, the Court finds that spending the equivalent of over thirteen 40-hour weeks on this process is far more than was reasonable."
"Moreover, the inaccurate documentation presented with the instant motion reinforces the Court’s separate conclusion that the hours requested exceed the reasonable time spent on this case. Given that in making the instant motion Defendants have inexplicably inflated the total hours for which they request compensation by almost 27% beyond what was even recorded in their own billing records, the Court finds it entirely appropriate to cut their requested senior attorney hours by at least that much to account for other inflation that likely occurred in daily billing and overcharges to their clients, which may or may not have been partially balanced out by bill cuts and discounts."
"it appears to the Court that Defendants have deliberately doubled the requested compensation"
"It is unclear how Defendants arrived at the total of $26,338.01 requested in their motion. Moreover, as discussed, the individual expense requests that total $28,839.36 here also are inexplicably inflated when compared with the actual billing records submitted to the Court."