spambag.org - Introduction

By the way of an introduction: I've been around long before the Internet became clogged with junk E-mail; before server administrators had to be on a constant lookout for script kiddies and other assorted troublemakers.

The existence of anti-social elements on the Internet shouldn't surprise anyone. It's a natural phenomenon. Anti-social elements exist in every sufficiently large society. It's a fact of life. That's how things work.

However, what's different about the Internet is that it is not a typical public society. It's a private society. Most of the Internet is privately owned. And the owners of private interconnected networks, that are known as the Internet, are expected to control anti-social elements in their portion of the Internet. What really upsets me are the networks that explicitly condone, sanction, or allow anti-social behavior from their customers, by allowing them to send unlimited amounts of junk E-mail, run hostile bots that launch dictionary attacks or web harvesting spiders, or any other activity that is generally frowned upon.

I think that in many cases this is mostly a result of inaction. Network administrators who spend time chasing internal sources of abuse also earn a salary like every one else, and are often viewed as an unnecessary expense, or burden, by upper management. Plus - to add insult to injury - their job is supposed to be shutting down paying customers. That doesn't look too well on the balance sheet, doesn't it? In due time, on many larger networks, the abuse desks end up being completely emasculated. They are left with virtually no resources or power to do anything.

My reaction to this excuse: it's not my problem. When I hear this - "I am understaffed, or I do not have the power to do anything" - I always fail to see why this has to be any of my concern. I believe that inaction by default is no different than inaction on purpose. I see no difference between explicitly turning a blind eye on network abuse, and implicitly allowing it. The end results are the same, so it should be treated the same way.

And that brings me to the flip side of the coin: networks who are deliberately sanctioning or condoning spamming, mailbombing, and other kinds of anti-social or hostile activities. There's lots of money in the business, you know. Think of it as the Internet's equivalent of La Cosa Nostra. It's the latest fad: networks who waive their normal Terms Of Service/Acceptable Usage Policies in exchange for a premium fee for providing Internet connectivity for purposes that would normally be prohibited by their TOS/AUP. AT&T, AT&T again, and PSI have been caught pink-handed in the past. There's every reason to believe that there's more of that where it came from.

Oh sure, once caught with a pink contract, they always come up with a nice-sounding excuse. But, that just never rings true for me.

So here I am. I run a bunch of hobby web sites, I make no profit on them. Many people find them useful. And what do I get in return? Irresponsible networks flashing a green light to a bunch of malcontents to spam my mailbox, attack my mail server, and run harvesting bots on my web site.

There are other better-known lists of rogue networks out there. In the past I've tried them all, but I wasn't able to find any one that works well for me. I eventually reached a conclusion that I cannot depend on an external list to block the junk streaming into my mailbox. That's why I decided to run my own list. Eventually, I reorganized the loose collection of scripts I was using for blocking mail and web access, and compiled them into an early version of spambag.org. Not only do I use my list to block abusive networks from sending me mail, but I also block those networks from accessing my web sites. The way I see it: if they ignore my need not to be subjected to their abuse, I am free to ignore their need to use my mail and web services. If a network repeatedly wastes my time and invades my privacy, they lose the privilege of free and unencumbered access to my web servers, that I run at my own expense.

Later, I received a couple of messages from other people asking how they can copy my private block list, for their own use. This prompted a major revision of spambag.org, documenting just that. I've been getting positive feedback from other people who operate other useful Internet resources. In the near future, I hope that networks will become less willing to offer service to the troublemakers if the majority of their customers will end up losing access to many useful web resources.