[robmueller]

So you're still saying that maybe they didn't start that way, but right now they are bad people, who have lost their way morally.

I think that's an incredibly harsh accusation for people that are doing an awful lot of work collecting evidence and fighting real spammers on the internet (http://www.spamhaus.org/rokso/index.lasso), and again, I totally disagree with you.

> though you have to admit that running a blacklist might tend to attract a certain type of person

I think you could tar so many people in so many industries with broad brush stroke sterotypes like that, it seems an unhelpful generalisation to make.

From the article you link:

> As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam.

The SBL is an IP based RBL, nothing to do with domains, so the above statement is patently false. And if anyone was doing IP lookups of URI's in emails and using the SBL for that (which I've never even heard of), that's clearly a misuse of the SBL anyway, because that's not what the SBL is supposed to be used for.

As the policy clearly says:

--- http://www.spamhaus.org/sbl/policy.html

The Spamhaus Block List ("SBL") Advisory is a database of IP addresses which do not meet Spamhaus's policy for acceptance of inbound email and therefore from which Spamhaus does not recommend the acceptance of electronic mail. ---

So it should only be used to block machines sending email, nothing about the content thereof.

There's RHSBLs (like SURBL and URIBL) that are related to dealing with URI's in emails, that's nothing to do with IP RBLs like SBL.

> Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming

What's that got to do with the SBL again? The SBL is purely about what IP addresses "from which Spamhaus does not recommend the acceptance of electronic mail", nothing about websites. So that whole accusation feels wrong. Mixing up email sending servers and websites, domains and IPs, and absolutely no evidence for it at all.

[pg]

It was the SBL. I don't remember the details of how my emails were getting blocked. But they were obviously getting blocked, because if they hadn't been, I'd never have found out about the problem. At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means.

You seem naive about the nature of evil if you think that it somehow precludes doing constructive work. Bad people don't wake up every morning thinking "what evil shall I do today?" What distinguishes them is that they cross lines other people won't. But the situations that test them may come up fairly infrequently.

[Isofarro]

"At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means."

Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.

One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.

Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.

From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).