You’ve probably heard by now that AOL and Yahoo are preparing a system by which large-volume email senders can pay to get their mail sent on to subscribers. You probably haven’t heard that it’s not just pay-to-send so much as it’s pay-to-get-accredited. Senders pay a company called Goodmail to say “we won’t send spam,” Goodmail checks them out, and Yahoo and AOL use Goodmail to bypass their regular spam filters.
What’s funny is that this conundrum has been almost exactly like the controversy two years ago over Microsoft choosing Bonded Sender as an accreditation service/whitelist for Hotmail—knee jerking and all.
Back then I wrote the following article and never got around to posting it. Thanks to AOL, it’s finally topical again. Sadly, I haven’t had to change much to bring it up to date.
The Tradition of Flame Wars
The flame war has been part of the Internet for years. Get enough people together with strong, differing opinions and without the mediating effects of body language or tone of voice, and you get heated arguments. And some arguments never seem to end. Like bringing up politics or religion at a family gathering, be careful when you mention PC vs. Mac, Windows vs. Linux, Red Hat vs. SuSE, etc. I created a website for the express purpose of cooling down Opera/Firefox flamewars (not that it seems to have helped much).
Two topics that always seem to set off raving are Microsoft and spam. Bring up the question of just who’s responsible for spreading computer viruses, and you get people suggesting that Microsoft developers should be arrested.
Putting Senders in Bondage
Spam makes some people so angry that they can’t see the difference between legitimate, opt-in, you-asked-for-it-and-they-made-sure-it-was-really-you bulk mail and absolute sleaze. So you get sensationalist articles like IronPort Arms Both Sides In Spam War. The article mixed up SenderBase, a database of email senders, with IronPort’s mail server business… and somehow concluded that selling mail servers made them a spam supporter. Well, I guess we’d better shut down Microsoft over Exchange, Sendmail over, well, Sendmail, and take out Dell, HP, and anyone else who sells servers that could be used for spam.
IronPort and Microsoft were later targeted with more FUD in Microsoft Will Sell Whitelist Services For Hotmail, which transformed Microsoft’s agreement to use IronPort’s Bonded Sender whitelist as part of their spam filtering into “Microsoft will let you spam their customers if you pay them.”
Blessed are the cheesemakers, indeed!
Bonded Sender, like Goodmail, is a whitelist to cut down on false positives (like when your airline ticket confirmation looks too much like spam and ends up blocked or in your spam folder). Basically you post a bond with them, promise not to send spam, and they put your server on a whitelist. For every complaint they get, they deduct money from the bond, and eventually two things happen: you get taken off the list, and you lose the money.
Yet in both Slashdot and the SpamAssassin mailing lists people started saying they’d use this list as a blacklist—despite the fact that it had been working fine in SpamAssassin for over a year and a half. Don’t these people pay any attention to the software they’re using? I mean, this is a server program, not something your average desktop user double-clicks to install.
The same thing happened a few months earlier when spammers started forging the Habeas mark. At the time, you could license a haiku from Habeas and add it to your outgoing mail as an “I am not a spammer” mark. Their license required that you stick to responsible mailing practices, and if you didn’t… well, that means you’ve used it without permission, and that’s copyright and trademark infringement. The wheels of copyright law turn slowly, so they used an IP-based blacklist to identify known infringers. The spam landscape changed drastically in the fall of 2003, and now most spam comes from virus-infected home computers acting as relays. It doesn’t do much good to block one IP address anymore, because an hour later they’ll be using another one. Habeas has since phased out the haiku in favor of an IP-based whitelist similar to Bonded Sender.
Anyway, people started to see spam getting through because it was forging the Habeas headers, and assumed it was a start-up, a front for spammers, etc., despite the fact that, again, Habeas had been in SpamAssassin for over a year. Again, they started talking about using it as a sign of spam instead of just disabling it. Even when one of the SA developers pointed out that all his outgoing mail was marked, the “block it all” crowd wouldn’t budge.
What is it that makes some people lose any sense of rationality? In the case of Slashdot I don’t expect much, but the SpamAssassin users list is made up of people who are acting as sysadmins, at least on some level. You’d like to think they have some ability to use reason.
It turns out that on certain issues, people react emotionally before rational thought has a chance to take hold. Brain scans show that conscious reasoning literally doesn’t happen. The research was done on political opinions, but it explains why people don’t take the time to RTFA and make up their minds based on the facts. As we’ve often heard, the facts are irrelevant when your mind is already made up.