Net vigilantes overstep the mark
With the ever-growing use of electronic mail as a communications medium, the rise of unsolicited mail was inevitable. While many users dislike receiving “Spam” mail, there are not many solutions to the problem.
With the ever-growing use of electronic mail as a communications medium, the rise of unsolicited mail was inevitable.
While many users dislike receiving “Spam” mail, there are not many solutions to the problem.
There are online services available to assist service providers in blocking abusive mail, many of these are easily abused, and often are.
Those services are useful, but in the face of abuse, service providers find themselves facing a brick wall, with no established recourse.
One such service, the Mail Abuse Prevention System (MAPS) runs a number of services that assist ISPs and companies to detect and block Spam.
MAPS is often touted over other similar services because it requires confirmation that an offender is indeed the source of abusive mail before it will take action.
Recently however, the service came under fire for listing a US-based online marketing company without the usual checks-and-balances process.
The marketer, Yesmail.com, took action, successfully obtaining a temporary restraining order against MAPS, setting a precedent for online service providers to defend themselves when anti-Spam services get out of hand.
MAPS operates a number of services, which all work in essentially the same way - once confirmed as a source of unsolicited mail, a host is listed on one of the MAPS Domain Name Service (DNS) servers.
When receiving mail, a server can query the originator against the DNS server, and if it is listed, reject the mail out of hand.
Usually, before MAPS will list a host (often a mail server at an ISP or mail relaying agent), the company requires positive proof. When submitting an offender, the submitter must have attempted to notify the party of the abuse, and taken any reasonable steps to inform them that failure to comply will result in a MAPS black-listing.
MAPS does not actively block email or deny service to hosts, but is a passive list of acknowledged spammers. The current MAPS lists contain over 3000 offenders, and is used by 20 000 mail servers around the world.
Yesmail.com operates a number of marketing email lists, but claims every recipient is willing. The company claims it sends confirmation messages to every recipient listed, and uses double opt-in techniques for some of its lists.
A double opt-in requires the subscriber to reply in the affirmative to the original subscription message before being added to the list.
Moving from its position as a passive agent, MAPS demanded that Yesmail.com use the double opt-in process for all of its lists, or be listed as a spammer.
Yesmail.com protested that to do so would be unnecessarily disruptive to its users. After negotiations broke down over that issue, MAPS proceeded to list the marketer, which took legal action.
MAPS officials declined to comment, only acknowledging that the temporary restraining order was in effect and the Yesmail service was no longer listed.
The legal position on either side is far from clear. While MAPS clearly overstepped the mark in demanding Yesmail to change its services, is it really at fault?
MAPS only maintains a publicly-available list of hosts - it does not take direct action against them. There is no denial-of-service, no propaganda and no cracking of any sort.
It is the MAPS users who specifically configure their mail servers to make use of the MAPS list, just as they could make use of any such list. Whether Yesmail has a legally defensible position will be thrashed out in court next month.
Ironically, this parallels the Napster court case in many respects - Napster (a music-exchange network accused of copyright violations) also provides nothing more than the service, and argues that if anyone is at fault, it is a percentage of the users that abuse the system.
The outcome of the case will set an important precedent either way. If the restraining order is upheld, it will provide ISPs with an established recourse against anti-Spam services.
That is a double-edged sword in itself: many of those service providers are in fact guilty of operating Spam services or providing open mail relays and are exactly the entities MAPS is supposed to be listing.
On the other hand, if the restraining order is overturned, it will permit MAPS or similar services to start to play a far more active role than they have until now.
Again, a double-edged sword because this example shows that in taking an active role, MAPS may have gone too far, and cost it credibility.
Information about MAPS is available at www.mailabuse.org.