Sleepycatz

Spam Sham

One of my titles at work is that of Sr. Postmaster. Among the duties which comes with that exalted title is that of reducing the amount of Unsolicited Commercial Email (SPAM) which enters our network. First let me say that I am a firm believer that commercial speech has
no where near the protections and priviledges accorded to political or other types of speech or expression. Therefore, I have very little tolerance for spam to
begin with. In the past few months the situation has become nearly intolerable, as we have seen the overall amount of spam increase several fold to a point where 80%+ of e-mail arriving at our gateways can be classified as spam. Perhaps some statistics will help clarify this, these begin as we started to filter spam and are taken from one of our primary gateways:

Now the federal government has stepped in to legalize spam. This week the President signed into law S.877, the CAN-SPAM Act of 2003. While this law has some good provisions, such as outlawing the use of illegitmate e-mail headers and open proxies, it does not outlaw unsolicited commercial e-mail; rather, it reiterates the general restrictions on all advertising (viz. truefulness, fraud, etc.), and requires that all UCE contain an “opt-out” facility. Yet, as any of us who fight spam on a daily basis know, these “opt-out” options are mainly used by spammers to gather legitimate e-mail address. One of the greatest problems with this law is the sense of empowerment it gives to the average user. The law itself is premised on the idea that most spam comes from legitimate companies operating within U.S. jurisdiction. By suggesting to average users that by clicking an “opt-out” URL within all their spam they will be removed from all future mailings is ridiculous. Most of the spam we see is is either sourced from countries outside the U.S., or from open proxies controlled by spammers ourside the U.S. By misleading average users, congress has created a law which will simply feed the spammers more legitimate addresses then they could have ever hoped for. For those spammers which the law does apply to, CAN-SPAM removes the ability of individual and corperate reciepients to seek civil penalties against spammers; instead, in most circumstances, only ISPs will be able to seek civil redress. Under the provisions of CAN-SPAM the famous case of Microsoft sueing spammers would be illegal. Furthermore, it is almost impossible to imagine the FTC enforcing this law on a regular basis — the resouces of the entire agency would have to be dedicated to simply tracing back email headers to their points of origin and filing subpoenas.

In essance, this law is yet another example of congess and the executive branch trying to control something they have no understanding of. The solution to the spam problem lies with the ISPs and not in federal — or even state — laws. Responsible ISPs have already begun filtering spam at the edges of their networks with some success, and have strengthened and enforced their Acceptable Use Policies to reflect strong anti-spam positions. Users not wanting to recieve spam would then move their accounts to these ISPs and away from spam friendly ones — the free marketplace in action. Yes, there is a great deal more to be done, and many theories have been floated such as global whitelists and trusted email certificates. Yet, by interfering the federal government may have set these current trends back by making the use of RBLs and spam filters illegal — as UCE is essentially legalized in CAN-SPAM it can, and will, be argued that ISPs which block it are violating fair trade and commerce laws. For most of its existence the Internet has been a self regulating body, and has functioned amazingly well, all things considered. By attempting to locally regulate a global network the goverment has simply made it easiser for spammers to function, and potentially more diffcult for mail operaters to stem the ever increasing tide of spam. In the end I believe that CAN-SPAM will simply lead to more spam for average users, and greater frustrations for everyone involved.

In keeping with the general open source attitude of this site, below are most of our regex (pcre) header filters and access filters for Postfix. They have been cobbled together from various sources and are updated regularly.

Header Checks\r\nAccess Table

Well, its been several months since I have had a chance to update this journal; hopefully, this absence is at an end. In the past few months things have been quite hectic at work: We have added a new OC-12 ring, and added and removed transit peers. As with all projects, nothing ever goes as smoothly as it should. Nonetheless, life goes on, and we can only hope for a better tomorrow. ..

Like many of you, I got up this morning, put on a pot of coffee, and heard the news that former bad guy and scapegoat Saddam Hussein had been captured by American forces outside of Tikrit. My first reaction was more then a little mixed: I am glad to see any butcher brought to justice; yet, I am quite aware that many will seize on this event as some great victory in the War on Terror, and a final justification of America’s belligerent actions in Iraq. After watching the morning pundits expertly pontificate on the subject this morning, I remain generally ambivalent on the event. My wife, however, expressed what I believe to be the definative statement regarding the capture. She has little interest in current events and a low tolerance for politics. When I told her that they had captured Saddam, she simply said: “Took them long enough” and went off to drink her coffee. . .

Among the various outrages which have been occuring in the past few months only a few rise to the level of the Diebold debacle. Diebold Corp. — a manufacturer of cash registers and POS equipment, and a major contributor to Geoge Bush’s campaign and the RNC — has been trying to rid the Internet of some of it’’s internal memos which suggest that its electronic voting software is neither secure nor accurate. A number of questions have been raised as to the reliability of the Diebold machines, and some have suggested that Diebold machine have been responsible for implausable victories of right wing candidates in some recent local elections: see www.blackboxvoting.com.
Diebold’s desire to protect their memos under the guise of copyright infringment indicates the depths of corporate depravity our electoral system has subcomb to. Within any Democratic system two elements must exist for that system to remain viable: 1) Free and open debate rearding issues of public interest, and 2) A trust in the accuracy of the voting system itself. By invoking the contemporary shield of copyrights and trademarks, Diebold has tried to subvert both of these bedrocks of Democracy. As voters we must have faith in our voting systems, and how those votes are cast and counted is an issue of high public interest. I have called for in the past, and do so again, laws requiring that source code for any public voting software be available for public review, and that all software and electronic ballots be encypted and verfied by polling officials upon election day deployment. Many would suggest that software vendors would not bid on such projects were they forced to disclose their proprietry code. To this argument, I suggest that government contracts have always been highly sought by all manufacturers and, up until recently, blueprint and specifications for most non-military projects were available for public review. I also suggest that an open source code provides greater review and more security then propriery systems — one need only look at the number of GPL security projects and their successes. By hiding the inner workings of these systems behind copyrights and trademarks, Diebold and others force us to question the authenticity of our Demorcatic in
stitutions, and thus devalue them.

BTW you may plow through the Diebold memos here, if you are so inclined.