Back to Basics: Where does Spamhaus get off…
One of the more popular questions that come up deals with the use of DNSBLs[1] , especially Spamhaus’ lists, by ISPs[2] . The question usually goes something like this:
Who are the operators of that list and what gives them the right to regulate commerce? Are they run by a government or something?
A Brief History of DNSBLs
The year is 1997. Spam wasn’t as bad as it would ever get, but it was on the increase and people were beginning to take notice. I got my own start in email at around this time after I got home one day in mid-1997 to discover 3 emails from people I knew out of 70-something emails that had arrived that day. Today, I laugh at those stats. I get a LOT more spam than that. But, that’s what it took to push me over the edge.
Someone else who had decided that enough-was-enough was Paul Vixie. Paul was/is somewhat of a famous person in Internet circles. He was the writer of a version of Vixie cron and, more importantly, a maintainer of BIND, one of the principal pieces of software used to translate domain names into IP addresses.
Paul’s plan to deal with spam sources was to block all internet traffic to them. So, he created a list which would (when appropriately used) route all traffic into a “blackhole.” Thus was born the RBL[3] . People subscribed to the RBL because they trusted Paul and his judgment. A very short time after that, the list was moved from a shared list to a queryable format using the Domain Name System (for which BIND was then the primary piece of software).
Over time, other DNSBLs came into being. Some have lasted a long time but have little use. Others have come into relatively widespread use but lasted only a few months or years. Finally, some — like Spamhaus — have been in widespread use for a very long time.
What sets them apart?
In a word, “trust.” In 2016 there were 215.3 billion messages exchanged on the internet every day, according to The Radicati Group, with that number expected to rise to 225 billion in 2017. The largest providers, of course, bear the brunt of those statistics.
Their users, though, expect to get their messages from Mom, Grandma, Aunt Helen and Uncle Jim, and from at least a few marketers about sales that they care about. If they don’t get those messages, they’ll either complain or they’ll simply change providers. When you’re in the business of providing eyeballs to advertisers, neither of those is good.
But, that’s a double-edged sword when it comes to getting data from third parties. You want someone who is aggressive enough that they will help you get rid of the really bad stuff, yet be conservative enough to not toss out grandma’s forwarded messages about the great things that her favorite politician is doing. In a word, you want someone you can trust — trust to get it right, and quickly and quietly fix things when they get it wrong.
What gives them the right?
No one does. Everyone does.
The fact is, they are trusted by their users to provide a service. That service comes in the format of data which the user can use or ignore. If the maintainer of the list gets it wrong too much of the time, is too difficult to deal with, or charges too much for their service, then they’ll be ignored and vanish into the dustbin of history. If they get it right, then they’ll grow and prosper.
They act much like organizations like Vericheck do in helping retailers decide which customers to accept checks from. The retailer can pay for that information and use it to make a decision about who it wants to do business with. The ISP can use the information from the DNSBL to make a decision about who it wants to accept mail from.
Neither of them is a government agency, but both can set terms that stop a transaction from happening.
What about standards?
Competent DNSBLs will publish their standards. Those standards will make sense. But, not all standards will be the same. Spamhaus tends to rely very heavily upon spamtraps. Spamcop tends to give lots of weight to user complaints. The standards are different, but their objective — to protect the inboxes of users — is the same. Because their objective is not to enforce the law, people need to understand that statutes and regulations will play very little role in what DNSBLs do.
Footnotes
Bibliography
- (2017, Jan 11). In Wikipedia. Retrieved January 11, 2017 from https://en.wikipedia.org/w/index.php?title=Cron&oldid=759440834#Modern_versions.
- (2017, Jan 11). In Wikipedia. Retrieved January 11, 2017 from https://en.wikipedia.org/w/index.php?title=BIND&oldid=757586626#History.
- The Radicati Group (2016, Mar 2). Retrieved January 11, 2017 from http://www.radicati.com/wp/wp-content/uploads/2016/03/Email-Statistics-Report-2016-2020-Executive-Summary.pdf.
Archives
- November 2021
- July 2020
- June 2020
- March 2020
- February 2020
- January 2020
- November 2018
- February 2018
- January 2018
- December 2017
- January 2017
- August 2016
- June 2016
- April 2016
- March 2016
- February 2016
- July 2015
- June 2015
- March 2015
- February 2015
- November 2014
- June 2014
- April 2014
- February 2014
- December 2013
- November 2013
- September 2013
- May 2013
- June 2012
- April 2012
- September 2011
- August 2011
- March 2011
- January 2011
- November 2010
- July 2010
- May 2010
- April 2010
- March 2010
- February 2010
- December 2009
- November 2009
- October 2009
- July 2009
- June 2009
- May 2009
- March 2009
- January 2009
- October 2008
- September 2008
- April 2008