Why not charge ISPs / Sites to be de-listed?

[EOC_Jason]

I would of thought this topic has been discussed before, but I tried doing several searches and came up empty, if there is a thread already please post a link to it.

Anyhow, my question to spamcop is this. Why don't you charge websites and/or ISPs (whatever is applicable for the submitted spam) to be de-listed (assuming they have corrected the situation). I'm not talking about a huge fee, it can be a very small amount per-reported spam. But it all adds up. And if they don't pay, they stay on the list.

I think this would lead ISPs & Webhosts to become more responsible and proactive in their anti-spam measures since they obviously don't want to keep paying tons of fees. Maybe it would even encourage them to track down their customer who was spamming and bill them / report them to the authorities.

This is just my two cents, I think it would give spamcop a viable source of income to keep going, keep the bad domains on the list, and hopefully make some people re-think their anti-spam measures so they are more proactive instead of simply deleting an account when spam is reported...

[Miss Betsy]

Part of the uniqueness and value of the spamcop blocklist is that it is entirely automatic (except for reporter errors). That's one reason that a fee is not charged. If a spammer slips by a white hat ISP, then the spam is stopped for other people by the blocklist until the white hat ISP gets the problem fixed. When the spam stops, they drop off the blocklist.

I have never seen it discussed either so I don't know if there is a spamcop philosophy. I suspect the main reason is that the concept is an automatic list.

However, there is a list that does charge (SORBS, I believe). The money is donated toward charity. However, that didn't stop two posters from thinking that it was exploitive (making money from other people's problems with spam) or extortion.

Spamcop is rooted in netiquette. Unlike other blocklists, it does not try to be punitive. It notifies ISP's that there is a problem and expects that they will fix it. Just as Miss Manners refuses to recognize those who are behaving badly, spamcop blocklist refuses to recognize those ISP's who are behaving badly on the internet. If they keep behaving badly, then they stay on the blocklist. If they shape up, they drop off the blocklist, no hard feelings.

IMHO

Miss Betsy

[Spambo]

[snip]

Anyhow, my question to spamcop is this. Why don't you charge websites and/or ISPs (whatever is applicable for the submitted spam) to be de-listed (assuming they have corrected the situation). I'm not talking about a huge fee, it can be a very small amount per-reported spam. But it all adds up. And if they don't pay, they stay on the list.

[snip]

Besides the word "extortion" coming to mind, ISPs can't predict how a customer will act in advance so they would probably refuse to pay for the sins of others. This would result in the SCBL becoming bloated with non-spamming IPs which would conflict with its goal to list IPs that are currently being reported as the source of spam.

[Ellen]

I would of thought this topic has been discussed before, but I tried doing several searches and came up empty, if there is a thread already please post a link to it.

Anyhow, my question to spamcop is this. Why don't you charge websites and/or ISPs (whatever is applicable for the submitted spam) to be de-listed (assuming they have corrected the situation). I'm not talking about a huge fee, it can be a very small amount per-reported spam. But it all adds up. And if they don't pay, they stay on the list.

I think this would lead ISPs & Webhosts to become more responsible and proactive in their anti-spam measures since they obviously don't want to keep paying tons of fees. Maybe it would even encourage them to track down their customer who was spamming and bill them / report them to the authorities.

This is just my two cents, I think it would give spamcop a viable source of income to keep going, keep the bad domains on the list, and hopefully make some people re-think their anti-spam measures so they are more proactive instead of simply deleting an account when spam is reported...

Why would we do that? The listing and delisting are automatic -- send spam get listed, fix the problem get delisted after 48 hours of no spam reports. It is in the best interests for the owner/user of the IP to fix the problem. As Miss Betsy points out ISPs/hosting companies - at least the legit ones -- can't predict when they will pick up a spammer and most of them actually do not want to be listed and do not want spammers on their network.

[agsteele]

Anyhow, my question to spamcop is this. Why don't you charge websites and/or ISPs (whatever is applicable for the submitted spam) to be de-listed (assuming they have corrected the situation).

I'd reckon this to be a bad idea. One of the SORBS lists works in this way and is a pain where some resolved issues remain listed because ISPs refuse to pay up.

Adopting a charging system would make SpamCop less effective as ISPs stop using the BL to check spams.

IMO :-)

Andrew

[kre]

Right. I'm pretty certain we'd drop SCBL real soon if the list has a chance to be polluted with entries in dispute because of a charge.

[EOC_Jason]

My point isn't to extort money from ISPs... It's more of a "motivator" for ISPs to take action against their users who violate their TOS/AUP.

Like you said, an ISP/netblock/IP (whatever) gets listed when X amount of spam is reported coming from that source... Then it gets de-listed once them spam subsides... Okay, so does that mean any action was taken against the spammer (account deactivation, being charged a fine, legal notice, etc), or are they just meerely waiting for their IP to be de-listed so they can send out spam once again?

Sure, spamcop sends out the email notices, but what happens on the ISPs side is beyond anyone's knowledge. All the system knows is that spam has stopped coming from a particular source, but it doesn't mean that anyone has learned their lesson. I would just like to see spammers take it where it hurts... in their pocketbook...

If an ISP had to pay a fee to be de-listed (based on the spam sent), they might then realize that they will have to monitor their user base more closely, and perhaps take REAL action against spammers for reimbursement and penalties.

I do like the idea with money being given to charity.

I know it may sound harsh to some, but until there is some monetary disincentive to sending out spam, I don't think anyone is going to take any forceful action to prevent it. Think of it also as a way to "weed out" the bad or incompetent ISPs / webhosts...

Like I said before, this is just my two cents... I don't know what I would do without spamcop!

[kre]

Jason, I am certain that doing this would devalue the SCBL so far as to be useless.

The primary value of SCBL is that it's fast, and has a clear definition as to what goes in and out.

Adding that charge thingie will add variable and unforseeable delays to delisting. During the time that delisting *would* occur and the charge would be due, that particular entry in the BL is essentially incorrect. You see, it would drastically reduce the value of the BL. False positives are the worst in all things concerning spam.

I am sure that we will not risk customer communication just because a BL we're using has some dispute with an intermediary ISP. So, if a charge would be added, it is most likely that we stop using SC at all.

The only people that would like your idea pretty much are the spammers. It will reduce the importance of SC because people stop using it, and turn the attention from the spammers to the ISP and financial issues.

I do like the idea with money being given to charity.

Go ahead, I like the idea too.

[Spambo]

[snip] False positives are the worst in all things concerning spam.

[snip]

Oooh. I strongly disagree. I'd rather have a thousand false positives than even one false negative.

[Jeff G.]

[snip] False positives are the worst in all things concerning spam.

[snip]

Oooh. I strongly disagree. I'd rather have a thousand false positives than even one false negative.

Are you writing about false positives from spam detection (oops, that wasn't spam) or false positives from whitelisting (oops, the spam slipped through)?

[kre]

[snip]

Are you writing about false positives from spam detection (oops, that wasn't spam) or false positives from whitelisting (oops, the spam slipped through)?

Since we've been talking about spam and blocking, I meant false positives from spam detection.

That is,

• regular email that you want to read getting blocked.
  
• someone who really never sent spam to get blocked.
  

I don't want these to happen, and most other people I know don't either.

[edit]

I found something to illustrate what I mean:

http://forum.spamcop.net/forums/index.php?...st=0entry3067

Over in the email forums. In that context, it was called "collateral damage".

[Spambo]

[snip] False positives are the worst in all things concerning spam.

[snip]

Oooh. I strongly disagree. I'd rather have a thousand false positives than even one false negative.

Are you writing about false positives from spam detection (oops, that wasn't spam) or false positives from whitelisting (oops, the spam slipped through)?

I meant I'd rather lose a thousand "legitimate" emails than see one piece of garbage sneak by the filters designed to prevent it from being delivered.

[StevenUnderwood]

I meant I'd rather lose a thousand "legitimate" emails than see one piece of garbage sneak by the filters designed to prevent it from being delivered.

I would have to agree with this as long as either the originating party receives a bounce message because the attempt was rejected, or the messages are held in a location that can be checked to override te block (lile the spamcop held folder).

[Miss Betsy]

Since we've been talking about spam and blocking, I meant false positives from spam detection.

That is,

    regular email that you want to read getting blocked.

    someone who really never sent spam to get blocked.

To get back to whether paying to be removed is a good idea, false positives of these kinds, would increase since if the perpetuator fixed the spam problem and didn't pay, all traffic from them would be false positives.

If there were a government blocklist who could inflict fines, then there would be extra pressure on the ISP's to pay the fine or their customers would consider them scofflaws (and maybe incompetent to be getting the fine in the first place). In that case, it would work the way the OP originally intended.

But although people apparently do pay SORBS, and all ISP's don't try to convince customers it is extortion (IME), nevertheless since it is a private entity, there will be the same self-righteous arguments against it as there are against bl's in general. At least a quarter of the people who get blocked threaten legal action as their first reaction. And, I am confident, their indignation would go up if they learned that there is nothing wrong, only that their ISP hadn't paid to get off the list. They wouldn't listen to any of the good things about blocking whereas now many of them calm down and do listen. Aside from the fact that part of the spamcop purpose is to notify ISP's so that they can do something about the spam, charging for removal from the spamcop list would make the scbl not used by ISP's because of the reaction of their customers.

OTOH, false positives are a problem with any spam filtering system. The good thing about blocklists is what Stephen said: There is notification.

The notification is not as reliable if the mail is "held" for inspection by the recipient (who hasn't lost a real email among all the spam?). But for rejection at the server, it is much more reliable. And, the sender has a way to "fix" it - a temporary way of using another email system and a permanent way of getting the spam stopped or of changing ISP's.

If end users understood this, they would much prefer a blocklist that rejected email they want and did not let spam through to any system that allowed spam to get to their inboxes (whether in a held mail folder or not).

IMHO, it is time that ISP's who allow spam to be accepted be labeled as incompetent and irresponsible. (and I would include viruses in that definition).

Miss Betsy

[kre]

-snip-

I meant I'd rather lose a thousand "legitimate" emails than see one piece of garbage sneak by the filters designed to prevent it from being delivered.

Woha! So we *did* understand each other. But we got entirely opposite opinions on this matter.

-snip-

OTOH, false positives are a problem with any spam filtering system. The good thing about blocklists is what Stephen said: There is notification.

-snip-

Well, yes. But there are situations where notification does not help, or is even conterproductive. I cannot afford to loose one email from a legit customer, no matter how incompetent her or his ISP.

I've yet to see a false positive in my held mail. Sure, there's several false negatives in the inbox, but that is unavoidable with the preferences I have.

-snip-

If end users understood this, they would much prefer a blocklist that rejected email they want and did not let spam through to any system that allowed spam to get to their inboxes (whether in a held mail folder or not).

-snip-

I, for one, strongly disagree here. Regular people who just want to communicate don't want to have to know and tackle with the details. Making innocent people's life difficult will just build dislike towards the blacklist and the isp. But it will not stop the spam.

-snip-

IMHO, it is time that ISP's who allow spam to be accepted be labeled as incompetent and irresponsible. (and I would include viruses in that definition).

-snip-

Agreed, on this I'm totally with you. And on a certain, limited level this is already happening. But unfortunately, ISPs are not chosen for their competence handling email. Software preferences, billing models, availability, and prices are more important usually.

What I don't get is how you would match viruses with blacklists?

[Miss Betsy]

I, for one, strongly disagree here. Regular people who just want to communicate don't want to have to know and tackle with the details. Making innocent people's life difficult will just build dislike towards the blacklist and the isp. But it will not stop the spam.

Well, I am a technically non-fluent end user and I would much rather that my correspondents *know* that their email didn't get to me than to have it disappear in some filtering system where I may or may not notice it.

My comparison is with offline package carriers. If someone sent me a package and the carrier insisted that I also accept several dirty, greasy packages crawling with bugs in order to get the package sent to me, I would refuse it and tell my correspondent - hey, your carrier is really not good! I would expect them to be horrified and to *do* something about it - send it by another carrier, yell at the carrier they had used, find another carrier to use on a regular basis.

The only way to stop spam is to stop it at the *sending* end. All *senders* need to be aware that it is their responsibility to choose a reliable email provider. If that was true, then ISP's would shape up in order to retain customers. Or there would be a "safe" internet and the "shady" internet.

It is all in the way that blocklists are presented. Someone in marketing could probably make the use of blocklists really attractive. Obviously techies don't know how to explain it.

Well, yes. But there are situations where notification does not help, or is even conterproductive. I cannot afford to loose one email from a legit customer, no matter how incompetent her or his ISP.

For many businesses this is true. But it is not for the average end user (especially if there is notification). How many jokes or Chicken Soup stories are essential to receive on time? Emails that are time sensitive are usually to people one can reach by telephone. And if people knew, they could open hotmail accounts to get it there while they are calling their ISP to complain. As more ordinary people are used to the fact that blocklists *do* stop spam, then it won't be such a problem for businesses. In fact, if incompetency is part of the picture, then a business who is competently blocking will look good to customers.

What I don't get is how you would match viruses with blacklists?

People have suggested that a spamcop-like bl be created for viruses. The main difference would be in the algorithym that delists since the sending of viruses is unintentional (after the first one by the viral writer). There might not even be a bl, but simply a way to notify ISP's. Or the bl would be for those who don't respond to notification.

But actually I was thinking of virus screening of the incoming email and dropping the viruses.

Miss Betsy

[EOC_Jason]

Exactly! My whole point is to "weed out" the incompetent and irresponsible ISPs / Webhosts...

I'm not talking about blacking listing an ISP who doesn't pay up $5... Rather there could be a threshold. You figure X cents per reported spam, if it stops before a certain amount of reports, then they get delisted with no charge. But say the reports just keep flooding in... and they accrue like a $100 "fee", then they stay listed until they pay. If reports keep coming in, then it keeps going up.

An ISP is not going to like having to pay these "fees" out of pocket, so obviously they are going to be motivated to do more than simply "drop" the users account that created all the spam. Hopefully they will be willing to take some sort of legal action against the user to collect the fees they had to pay in the first place. That in turn will hopefully deter the spammer to commiting future criminal acts (or hopefully they will get thrown in jail with a very long sentence).

If an ISP keeps having spam problems which they can't resolve, and they don't care enough to take action against the spammers, then IMO they don't deserve to be in business (or even have access to the internet!). Sure it sucks for their other legit clients, but they can always find an alternate and better provider. I know personally I wouldn't want to support a business that allows mass spam to be sent out constantly.

As for if it will raise more legal action against spamcop, doubtful. I myself get threatened with "we will take you to court" emails every month, but it's always someone just blowing a bunch of hot air out their rear with no legal precedence.

I too would rather have 1,000 legit emails rejected than to let one more spam email through. You can configure email servers to bounce them, so the sending user knows they didn't get through.

Email is going to change sooner or later, it's inevitable because of how insecure the current system is. But until someone takes steps forward like this (charging for spam), people are just going to sit around with thumbs up their you-know-what debating on how things should change, rather than actually making changes. It seems the only time people are motivated to do something is when it is costing them money.

Also, it's not like every ISP & company is forced to use spamcop, if they want to open the floodgates and let a ton of spam through, so be it.

I also think this methodology is better than companies that have created spam blocking software but want to charge hundreds (if not thousands) of dollars to use their product. There is no incentive there for spammers to quit because they will just keep coming up with new methods to send spam, and you on the other hand have to pay even more money for upgrades or add-ons to that companys software.

[Miss Betsy]

Re: Legal action

You might be interested in a post in the spamcop ng "University Blocks Legal spam"

I did not say that they would be able to sue, but that there might be more who would think of it if they saw the "fee" as extortion.

There is no incentive there for spammers to quit because they will just keep coming up with new methods to send spam, and you on the other hand have to pay even more money for upgrades or add-ons to that companys software.

I think your arguments are very reasonable and if you could convey them to end users (especially the part about ISP's who don't control spam are irresponsible and incompetent and that being blocked is a signal to the *sender* to insist on reliable service. But if you do that, then perhaps the general public will demand fines for ISP's who are irresponsible. You will never get a group of ISP's to do it.

And I agree a fine would be a great way to go about it. Only spamcop's purpose is more like a radar detector for ISP's than a deterrent for incorrigible spammers. It is not the blocklist to be setting a precedent for fines.

Miss Betsy

[EOC_Jason]

That's a very interesting read about UT, personally if I was the UT admin, I would of just silently filtered and blocked that other guys site.

One thing that I think could make spamcop a lot more powerful is to start matching spam domains based on registrant information and / or DNS servers. I've been tracing back every domain these past couple weeks that have slipped through my spam filters, and they seem to come from several groups of people, which there is a lot of overlapping if you trace back the email domain they used to register a domain, or using the same dns server, etc...

I actually started filtering out all email that has .info & .biz, I do not know anyone, or even care to talk to anyone that uses or sends me a link to those domains. It has cut down on incoming spam dramatically!

As for spamcop setting the precedent for fines... why not? Someone has to do it... Google started out as a project by two college students, and look where it is today.

I think end users can understand their ISP being blacklisted because every user is frustrated with spam and would like to see it stop.

I really miss the early days of the internet when just a few people had access to it. No spam, no email viruses, no porn sites, just people exchanging information.

[Miss Betsy]

Have you ever looked at SPEWS?

And There is a blocklist that is doing fines.

And Spamcop's primary purpose is to notify ISP's so that they can stop spam runs in action. The blocklist is to prevent spam from getting to people while the spammer is shut down.

There are different kinds of blocklists. Some ISP's will use Spamcop, but not Spews. yourbuddy approves of spamhaus, but not spamcop.

It's not that your ideas are not good ideas.

In fact, I have been saying this

I think end users can understand their ISP being blacklisted because every user is frustrated with spam and would like to see it stop.

for a very long time, but I get few people who believe it - especially when they see people threatening legal action because their email was blocked (at least once a week).

Miss Betsy