Great Circle Associates List-Managers
(February 2003)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: [Fwd: EFF Mailing List Query]
From: Rich Kulawiec <rsk @ gsp . org>
Date: Sun, 23 Feb 2003 17:54:13 -0500
To: list-managers @ greatcircle . com
In-reply-to: <5 . 2 . 0 . 9 . 2 . 20030223144457 . 00b7e008 @ pop . earthlink . net>
References: <3E590776 . 7050601 @ vo . cnchost . com> <3E583DD9 . 8030705 @ vo . cnchost . com> <20030223142626 . GA20724 @ gsp . org> <3E590776 . 7050601 @ vo . cnchost . com> <5 . 2 . 0 . 9 . 2 . 20030223144457 . 00b7e008 @ pop . earthlink . net>
User-agent: Mutt/1.4i

On Sun, Feb 23, 2003 at 02:51:23PM -0700, Bob Bish wrote:
>    I'm sorry, but I see this as contradictory.  Some might argue that spam 
> is "free speech". 

And if it *were* free speech, I would defend it, as I have defended other
free speech causes on the 'net for over twenty years.

But it's not.  It's not speech at all.  It's conduct.  (Just as you, Bob,
standing on the soapbox and telling everyone to Support The Purple Cows
is free speech -- but dropping 100,000 copies of the STPC brochure on
my front lawn is conduct.)

Below is something that I wrote a while back which makes that argument.
It was written in response to someone who raised the question of what
kind of speech spam was and thus what [US] constitutional ramifications
there might be for legislation pertaining to it.  I especially recommend
that you read Barry Shein's remarks from several years ago (URL included).

----Rsk


Posit: No such analysis is necessary: spam is NOT speech and therefore
all of the debate we could have over what kind of speech it is, what
protections it might or might not enjoy, etc. is irrelevant.

Spam is conduct: specifically, spam is conduct consisting of a
denial-of-service attack which may or may not be targeted at users,
systems, networks, mailing lists, or some combination of these,
sometimes in small but often in very large quantities.

One of the first people to clearly articulate this was Barry Shein (who
I've CC'd on this so that he might correct me if he feels I'm taking
his comments out-of-context or otherwise mis-reading their intent):

	Denial of Service Attacks disguised as Spam
	http://www.cctec.com/maillists/nanog/historical/9801/msg00014.html

What he said several years ago is even more true today, as examples
show up on a daily basis.

"Vanilla" spam (i.e. spam which does not have forged headers, does 
not hijack open relay or proxies, etc.) is similar to other forms
of abuse which take resources that are made available for use in
moderation and abuses them by excessive use.  In that sense, it's
closely related to abuses such as ping flood attacks, article
"floods" posted to Usenet; exhaustive downloads of large FTP archives;
and other activities.  It doesn't make illegitimate use of resources:
it makes excessive use of resources -- which it is a denial-of-service
attack and should be treated as such.

"Sophisticated" spam (i.e. spam which uses forged headers, asymmetric
routing, hijacked relays, hijacked proxies, and so on) compounds this
by making illegitimate/unauthorized use of resources that belong neither
to the sender nor the putative recipients.  The legitimate owners and 
users of those intermediate systems are secondary victims of this
attack, as they are also deprived of service, often to a large degree.

Three examples:

1. One of my mail servers endured a sustained attack from a spammer's
system last week.  That remote box, which I traced back to an IP address
in Japan, made more than 11,000 unsuccessful attempts to stuff unwanted
traffic into mine.  (It did this overnight; when I woke up in the morning,
I firewalled off the originating address.)

But I still have to pay for the bandwidth that was used: that system
is on a burstable circuit whose pricing structure is a flat fee plus a
surcharge for additional traffic.  And -- in case you're wondering --
there's not the slightest question that it was spam: the only user
account on that machine is mine, and it has never emitted a single
mail message, so it couldn't possibly have signed up for anything.
(The server exclusively handles mailing list traffic for a number of
volunteer/non-profit organizations.)

2. I blocked all traffic from the well-known spammers at azoogle.com
nearly a year ago.  My mail servers return the correct response codes to
every SMTP connection from them, indicating that access has been permanently
denied; the text message which accompanies it indicates why.  However,
they're still pounding away multiple times per day, every day, on every
mail server I have.  A small sample of abridged log entries from the
last 24 hours:

Jan 19 16:49:03 sendmail: arg1=transport23b.azoogle.com, arg2=66.197.140.226, reject=550 5.0.0
Jan 19 17:23:41 sendmail: arg1=transport23e.azoogle.com, arg2=66.197.140.229, reject=550 5.0.0
Jan 20 09:06:19 sendmail: arg1=transport12c.azoogle.com, arg2=66.197.140.72, reject=550 5.0.0

I have 12,814 more log entries just like that in my archives.

3. A few months ago, a spammer conducted a "dictionary" attack against
a domain that I host.  This means that they attempted delivery of their
messages to:

	abc @
 example .
 com
	abcd @
 example .
 com
	abcde @
 example .
 com
	[...]
	a .
 smith @
 example .
 com
	b .
 smith @
 example .
 com
	c .
 smith @
 example .
 com
	[...]
	asmith @
 example .
 com
	bsmith @
 example .
 com
	csmith @
 example .
 com
	[...]
	joe @
 example .
 com
	mary @
 example .
 com
	jim @
 example .
 com

for a very large number of probable usernames.  I let this one go --
because it was on a circuit with extra bandwidth and was directed against
a mail server that was otherwise idle, and because I was curious to see
how long it would go on.  When it was done, several million individual
delivery attempts had been made -- from a couple thousand different IP
addresses, meaning that the spammer(s) had also abused thousands of other
systems while abusing mine -- and probably others: I doubt my system was
the sole target.

[ end examples ]

This happens every day, all day.  Spam-monitoring/tracking forums like
the spam-l mailing list and Usenet newsgroup news.admin.net-abuse.email
have a constant stream of reports like this.   (And would have more if (a)
more admins were aware of them (b) more admins were aware of what's being
done to their systems/networks and (c) more admins could spare the time.)

My mail servers now reject more spam than they deliver mail.  This,
sadly, appears to be the trend.  I am compelled to spend my time and my
money attempting to stave off the abuse: I will probably need to pay
additional charges for more rack space in the next 1-3 months in order
to install a proxy SMTP host/firewall and, of course, I have to purchase
the machine, configure it, pay for the bandwidth it uses, etc.

And this is because -- unfortunately -- spam is NOT correctly treated as
a denial-of-service attack, with all the ramifications that this implies,
but is instead confused with the normal use of email for personal
correspondence, ordinary mailing list traffic, order confirmations,
and the thousand other legitimate uses of the SMTP protocol.

So while I find free speech debates interesting (a) because I took
a couple of Constitutional law courses and now occasionally make the
mistake of thinking I understand something and (b) because I value
free speech highly and once put my job on the line to defend it, I don't
think they're in the least bit relevant here: to go back to my
opening statement, spam is conduct, not speech.



Follow-Ups:
References:
Indexed By Date Previous: Re: [Fwd: EFF Mailing List Query]
From: Chuq Von Rospach <chuqui @ plaidworks . com>
Next: Re: [Fwd: EFF Mailing List Query]
From: David Shaw <dshaw @ jabberwocky . com>
Indexed By Thread Previous: Re: [Fwd: EFF Mailing List Query]
From: J C Lawrence <claw @ kanga . nu>
Next: Re: [Fwd: EFF Mailing List Query]
From: Chuq Von Rospach <chuqui @ plaidworks . com>

Google
 
Search Internet Search www.greatcircle.com