back to article Court junks $11m judgment against Spamhaus

An appeal court has quashed an $11m judgment against anti-spam organisation Spamhaus in favour of controversial email marketing outfit e360 Insight. The US Court of Appeals for the Seventh Circuit also lifted an injunction, imposed last September, that barred Spamhaus from listing either e360 Insight or its principal David …

COMMENTS

This topic is closed for new posts.
  1. Kevin Murray

    Unbelievable

    I can't believe this case is still ongoing. American company sues another company based outwith the court's jurisdiction, so any rulings made can't be enforced... can't e360 see that all they are doing is paying some lawyer's bills here with little possibility of getting any money back from Spamhaus?

    This really sums up the "sue someone til we get paid" mentality prevalent through so much of America these days. I hope their legal fees bankrupt them, then my Gmail junk folder will have a tiny little bit less crap than before.

  2. Anonymous Coward
    Anonymous Coward

    SpamHaus didn't block them...

    SpamHause are merely a provider of a list of hosts suspected of Spam - They don't do any blocking themselves. That's not to say they are always right though.

  3. Keith Doyle

    Perhaps, but...

    Blacklists need to be targeted for contributing to the unreliability of email. The latest thing now is "greylisting" which is a similarly broken solution to SPAM. SPAM sucks, yes, but blocking systems that misrecognize even ONE legit email as spam should not be tolerated, unless it's one that you yourself installed on your own email accounts. The big problem with these blacklist systems, is lazy ISPs think they can make their life easier by imposing these braindead spam filters on their mail users, and in fact they DO make their life easier by reducing the overall amount of email traffic. But what that does to the reliability of legitimate email is criminal, or should be.

    Another approach that e360 Insight could use is to sue their ISP for utilizing Spamhaus on their email accounts-- a far more effective tactic IMHO-- go after the Spamhaus customer base and hit them where it actually hurts. It might teach a few of those lazy ISPs to think twice before turning on filters that their customers can't choose to disable.

  4. Yeah right

    e360insight blocked

    That's typical of their logic and courts.

    Added www.e360insight.com* to my firewalls block list for being stupid.

  5. David

    Sworn statement

    What about Linhardt`s "sworn statement" that Spamhaus had business in the USA, therefore coming under the court`s jurisdiction. They have stated that they have no connections at all in that country, being a UK-based outfit. The man appears to have committed perjury. Is there no redress for that? I cannot believe that the USA justice system is so blinkered that it cannot see through this charlatan. Makes me boil!

  6. Morely Dotes

    @ Keith Doyle

    "blocking systems that misrecognize even ONE legit email as spam should not be tolerated, unless it's one that you yourself installed on your own email accounts."

    Vote with your feet, Keith. You aren't paying the bills for the bandwidth stolen by the spammers (and neither are the spammers). Your ISP is (usually) doing their best to avoid "false positives" while also avoiding "false negatives." And I venture to say you aren't running your own server, either, so you have *NEVER* installed a blocking system, and probably have no idea how they work.

    Blacklisting certainly works - my users, for example, expect no email from China, Japan, Thailand, Korea, UAE, Turkey, Israel, or numerous other nations which are hotbeds of malicious software, and the proximate sources of most of the spam aimed at us. Such nations are "block on sight" and our mail server becomes "invisible" to them.

    Greylisting is something you clearly don't understand, but suffice it to say that it's less likely to generate "false positives," and more likely to generate "false negatives" than blacklisting does, which is why it should be used *in conjunction with* rather than instead of blacklisting.

    e360's own ISP is not the issue; clearly you don't grasp that concept, either. It's the users of other ISPs who have cried out to their admins to "please stop the spam," and those admins have done their best to oblige.

    Spamhaus has a policy of listing IPs (and ISPs) *only* when there is a well-documented history of spam originating from them; Spamhaus also has the best track record of *any* IP list provider in avoiding "false positives" (e.g., if the mail is coming from a known spam-source IP, and it's rejected by my server because Spamhaus has listed that IP, it's not a false positive).

    I can recall two incidents over the past decade in which Spamhaus suffered a typo which caused a false positive incident. Both cases were cleared up within hours.

    My best advice to you, if you are unhappy with your ISP, is to change ISPs. For example, I will undertake to provide you with totally-unfiltered email, for only US$2000/month (that's my best estimate of the cost of operating the server, cost of bandwidth, and cost of storage).

    Or you could try to get a grasp on what the *real* problem is and quit whining about things of which you clearly have less than zero understanding.

    I have no affiliation with Spamhaus, other than having previously been a satisfied user of their lists, and once or twice being named as a co-defendant with them in a lawsuit by spammers trying the "improper joinder" approach (in other words, "let's sue a bunch of mostly-unrelated people and see if any of them will pay us to leave them alone").

  7. kain preacher

    ok

    OK lets get rid of all spam filtering at the ISP level lets get rid of any thing that scans e-mails for viruses at the ISP level. Lets all just let the end user take care of it

  8. This post has been deleted by its author

  9. Anonymous Coward
    Anonymous Coward

    They don't take no for an answer

    My experience is that blocking spam generated by a botnet is rather unwise to say the least.

    Blocking or putting a delay on *.ru, *.pl etc will result in 10,000 random hosts accross the world re-trying and eating up your SMTP server's capacity.

    I have found that it is best to let it in and quietly kill the spam with SpamAssassin. I got a 90% reduction in bandwidth doing this.

  10. Orv Silver badge

    @ Morely Dotes

    I'm with you on this one. There are certainly overly-aggressive blacklists out there. (Spamcop comes to mind.) Spamhaus, though, is one of the most reliable I've run across; it's one of the few I'll trust to use to outright reject mail on my own server, as opposed to merely tagging it.

    When ISPs are mistakenly rejecting legitimate mail, most of the time it seems to be the result of over-zealous and naive keyword blocking.

  11. Danger Mouse

    @ Keith Doyle

    Are you crazy?. I suggest you publish you're email address on 10 random forums then try to stop any resulting spam using a system that doesn't use blacklists. Good Luck.

  12. Graham Lockley

    Missed Point ?

    All the arguments seem to revolve around Spamhaus's abilities. 360 have a long track record of spam/spyware and yet there seems to be no condemnation of them, having had to spend time cleaning 360's crap from peoples PC's Im in no doubt about where my sympathies lie.

  13. Lawrence

    Black list all 'em foreigners!

    "Blacklisting certainly works - my users, for example, expect no email from China, Japan, Thailand, Korea, UAE, Turkey, Israel, or numerous other nations... "

    I take it your users never expect to receive emails from people of these countries, and that business users too don't work internationally?

  14. Phil Koenig

    @Morely Dotes, blacklists

    Morely is very high profile in the "anti spammer" community, consider the source. (check usenet news.admin.net-abuse.email)

    System administrators who block email from entire countries are living in a very small hermetically-sealed bubble. No legitimate ISP with a significant number of users can even dream of such nonsense.

    Getting back to the real world, most ISPs and system admins that rely solely or primarily on blacklists for spam mitigation do so because it is SIMPLE and CHEAP. There are many highly accurate anti-spam systems out there, but they typically charge annual or monthly fees to use them. You get what you pay for.

    That said, Spamhaus is indeed one of the most respectable of the "blacklist operators", and they make a point to target only the most well-known and egregious spammers, and focus on clearly documented spam sources.

    Clearly the legal environment in the USA is weighted more towards the commercial interests than most places, which is why there was never a truly effective "anti-spam" legislation passed here - large corporations saw to that by lobbying against the most effective proposals. I haven't studied the e360 case myself, but wouldn't be surprised if it wouldn't have gained any traction anywhere else than the USA.

  15. Anonymous Coward
    Anonymous Coward

    Blacklists

    I have to agree with Phil in that blacklists are a very blunt instrument to deal with spam; however I administrate 60,000 mailboxes and there aren't many better alternatives that are either cheap or enough or scale particularly well. However the vast majority of my users like spam being dealt with transparently; they don't want it tagging or filtering to particular folders in their mail client; they simply don't want to see it at all. So in this regard most high probability spam just gets silently dropped and most users tend to realise fairly quickly when legitimate mail is being lost so I can normally track that down. Currently we silently delete millions of items of spam mail every month and I think it makes a valuable contribution to our users not seeing ads for gambling, penis pills, links to malware, bank account fraud and stock scams. I don't know if blacklisting entire countries is even effective any more as the criminals behind these scams use hijacked PCs all over the world, it's much better to drop mail based on its spam rating rather than its country of origin.

  16. Anonymous Coward
    Anonymous Coward

    Could we solve this problem if somebody had the evidence ?

    Surely, for this case to succeed, E360 has to *allege* that it has never, ever, sent any spam.

    It is difficult for anybody to prove they haven't done something -- but it takes only one instance of evidence to prove that they have.

    Surely, therefore, somebody somewhere could come up with a spam email that E360 *has* sent, and deliver it to the court (with corroborating evidence from the recipient's ISP to prove they did not forge it themselves) as evidence that the trial should be dismissed?

    Elementary common sense says that a court shouldn't be trying a case based on the allegation that the sender is not a spammer, if there exists even a single piece of evidence to prove that the sender HAS spammed.

    Case solved, I think -- and hopefully, someone somewhere has kept the evidence to enable it.

  17. Duncan

    Ummm, forgive me but...

    Why is everyone assuming that they (e360) have a *right* to send e-mail to my server? Ignoring the ISP comments (if you don't like it then "walk" as others have said) no one has the right to send mail to my server unless I "agree".

    I've decided that I trust Spamhaus's opinion.

    I block mail based on that trust.

    On the note about country domain/IP filters and whitelisting/greylisting. We are about to implement this as from studying our logs most spam does originate from those (far east) countries *for us*. We don't deal internationally so we have nothing to lose. If there is a legitamate reason for mail from servers - say we did want mail from a customers chinese server - we will add an exclusion for it.

    I think us IT peeps have been calling it "Least Priviledges" for many years. Why do people jump up and down when applying it to e-mail?

    Sending mail to my users is our choice. Not e360's right. Period.

  18. John Dougald McCallum

    Re:-Could we solve this problem if somebody had the evidence ?

    http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/

    See this report .So El Reg what was the outcome☺

  19. Anonymous Coward
    Anonymous Coward

    Well spotted

    http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/

    If there's even one bit of evidence that e360 sent messages which "violated Federal anti-spam laws and California state laws" then e360 clearly HAS to be instructed to drop this claim ... and all its owners and senior officers should also be slung in jail for at LEAST a life sentence, to stop them from doing it again.

    It's high time that spamming was made a ZERO TOLERANCE offence and by setting themselves up as a stoolpigeon in this manner, if e360 has in fact been guilty of spamming then e360 has surely volunteered to be put in the stocks as a public demonstration to all.

  20. Anonymous Coward
    Anonymous Coward

    Re: Could we solve this problem if somebody had the evidence ?

    A picture is worth a thousand words.

    http://img216.imageshack.us/img216/4779/e360handbagsyh0.jpg

  21. Anonymous Coward
    Anonymous Coward

    I don't like blacklists, but....

    they are very resource friendly and stop the spam as its source. But there are 2 things causing me to avoid any blacklist

    First, it cannot distinguish if a single IP address is sending *both* spam and ham, eg. a shared web server having a single spammer (or just a broken php mailer script) and lots of legit users. All those emails will be lost. Exceptions (white lists)? After many lost emails and complaints. (=no way for a business customer).

    Second, no blacklist is accurate enough. If anybody has ever tried a Bayesian antispam solution, he knows what difference I'm talking about.

  22. Michael Poole

    @Morely Dotes, blacklists

    By MEP

    "Blacklisting certainly works - my users, for example, expect no email from China, Japan, Thailand, Korea, UAE, Turkey, Israel, or numerous other nations which are hotbeds of malicious software, and the proximate sources of most of the spam aimed at us. Such nations are "block on sight" and our mail server becomes "invisible" to them."

    Ah, so is that why I couldn't register for a UK forum for information about my Web browser (Oregano2 running under Risc OS), which wouldn't accept my e-mailed registration confirmation?

    I live in Japan, so of course I have a Japanese e-mail address (with NTT, the world's biggest phone company, and unquestionably legit.). I have plenty of UK contacts, so being blocked would be, to say the least of it, a right pain.

    This scattergun approach sounds like an attack of lazy-isp-itis.

This topic is closed for new posts.