Re: AHBL threatens to blacklist .mail if ICANN grants it

[Andrew D Kirch <trelane@xxxxxxxxxxx>]

This post is going to be a bit lengthy.  It will be carbon copied to
ICANN, and will have several parts.  These parts will include a repeat
of the original statement, a clarification of the same, and a response to
the statement made by Steve Linford to the USENET newsgroup
news.admin.net-abuse.email.  I thank you for your time in reading through
this entire post, which for clarification is entirely my opinion.
For the purposes of ICANN's consideration of .mail, this post should
obsolete the posted made on Sat, 01 May 2004 23:53:01, found here:
http://forum.icann.org/lists/stld-rfp-mail/msg00070.html.

 First the original statement.
>> I see no positive benefit from this.  The exorbitant costs to register
>> a .mail domain is prohibitive to it's successful use.  Further it is
>> incredibly exclusionary on countries and entities which are not able to
>> afford such costs. .mail serves to do nothing besides establish a
>> further caste system on a peer to peer network.  I find this concept
>> frightening and most unfortunate. I myself run a major Internet
>> blacklist, and have one of the most anti-spam policies on the Internet.
>>  Our monthly cash flow measures roughly $400. I will not pay $2000
>> solely to send e-mail.  The concept of a $2000 domain is totally
>> unconscionable. Creating such a separate caste on the Internet where
>> "privileged" clean e-mail can travel is hugely damaging.  I humbly
>> request that ICANN NOT create a .mail TLD under the current terms with
>> consideration towards small companies, not-for-profits, third and
>> second world countries establishing Internet connectivity.  The price
>> is too high, the solution is already in place, "caller ID" and "TXT
>> records" are there for all domains, paying $2000 to require them is
>> pointless, and I'd consider going so far as calling a vote to blacklist
>> .mail in the AHBL in protest of this action.

Obviously it is clear at this point the need to clarify exactly what I
said.  I believe that .mail is a bad idea, and yes I do use the fact that
it will damage the Internet presence of citizens in countries with ISP's
that support spam. These countries also as a whole tend to be less developed.  
It should be noted in the Spamhaus .mail FAQ:

        "2) Who needs a .mail domain?
        Any place that wishes to send non-spam email unencumbered by
        blocking/filtering systems that will sometimes bounce or flag legitimate
        non-spam email due to any number of reasons. Country of origin, 
excessive
        HTML, "bad" keywords in subject or body, etc.

        If you currently have no problems sending email and having it accepted -
        which probably means you don't live in China, Korea, Brazil or Africa, 
or
        send large volumes of non-spam, but similar looking email, or send email
        for the "How to cook using SPAM" mailing-list - then save your money as
        you don't need a .mail domain."

In consideration that the cost is not set in stone lets say that
it will be 1/10th of $2000.  This means that citizens who are forced to
use spam-friendly ISP's, because of their citizenship (the above noted
countries) will be charged a $200 per year e-mail usage levy, of sorts,
with a 6 month waiting period simply to enjoy a freedom the rest of us
have, freely sending and receiving SMTP traffic, because obviously their
providers who host well known spammers, and who DONT have an anti-spam
policy won't be getting a .mail TLD for their legitimate traffic.

Now lets shift off of the underprivileged rant.  This .mail tld risks
breaking rule three.  I know 6 months from now I'll be reading "They're on
internap/chinanet/telefonica, but they're using .mail, so that's ok".  No
it quite simply is not.  Support of a spammy ISP is no better with a .mail
TLD than without, and implemented as such creates a "Get-out-of-jail-free"
scenario.  This would be less of a problem would public blacklists have
been contacted before the public inquiry period.  I took this to mean that
the AHBL's input and my private input into the development process of
.mail was unnecessary, therefore I provided my input publicly, in the
proper forum for such input.

Now onto the last point.  I have been accused of both "attacking a
blacklist maintainer in public" and "threatening to blacklist a
blacklist".  Let me assure you, I have done no such thing. Several that
have read my words carefully understood what I said and that no such
threat ever occurred.  To quote: "and I'd consider going so far as calling
a vote to blacklist .mail in the AHBL in protest of this action."  This
stands pretty well by itself as being entirely nonthreatening in nature,
however several points have been rightly made about this statement, which
I feel deserve to be addressed, and I will attempt to do so now.

There is no current policy whatsoever in the AHBL to allow such a block.
This is entirely true, policy can only be made or changed by a majority
vote, I myself do not have the power to make such a change without calling
a vote.  It did not however say that a vote would be called, merely that
it was something I would consider doing.  This would then require the
other admins of the AHBL to vote, and a majority vote would allow the
inclusion of .mail into the AHBL.

"but blacklisting non-spam entities simply because the blocklist owner
doesn't agree with something, is not a great plan." Yet again the AHBL is
not an anti-spam list, but an abusive hosts blocking list.  The sole
purpose being to create a list of hosts that we have found to be abusive
then releasing that list for public consumption.  Abusive is a bit open to
interpretation, and generally does refer to those who have abused SMTP
traffic.  We also syndicate lists of hosts used in DDOS attacks, and found
port and proxy scanning the public Internet.

Now on to stage three, a reply to Steve Linford's earlier comments.

> I was quite surprized today to see a message sent to ICANN by Summit
> Open Source Development Group, aka the AHBL blocklist, aka Andrew D
> Kirch,

Obviously from this I'd note that we are quite clear that that post is my
opinion, as above it's repeatedly re-iterated who I am, that is not in
question.  What however is questionable is a direct attempt to make the
AHBL inclusive to my comments.  I am not the AHBL, the stated notion of a
vote makes the fact that there are others here besides me extremely clear.
Any statement proceeded by "I see" or "I find" "I humbly request" "I would
consider" must be construed as a statement of my sole opinion.  To
interpret it in any other way would be a de facto mis-interpretation of
my words, and with the deliberate emphasis on who I am above, I think the
creation of such misinterpretation for the following content may be in
fact deliberate.

> which tries to stop ICANN granting the .mail TLD to Spamhaus, and which
> amazingly ends with a threat stating that the AHBL will "blacklist
> .mail" (whatever that means) if it's granted... how nice.

The second point regarding the "blacklisting of .mail" has already above
been addressed, for those who missed it, please read up.  Therefore I will
comment on the first subject, the attempt to stop ICANN from granting the
.mail TLD to Spamhaus.  This is another misconstruction.  Spamhaus is not
the controlling entity for the .mail TLD.  This is clearly stated in the
FAQ.  To say that Spamhaus is the controlling entity for the .mail TLD
clearly denotes that the stating party has not read the FAQ, or in this
case that the FAQ may be inaccurate.

So now to the damning part where the author makes a horrible admission.  I
did send that e-mail to ICANN with the intent of stopping .mail from being
passed.  For the above stated reasons and more I fundamentally disagree
with .mail.  The accusation was made that I'd attacked a blacklist
maintainer in public, and this is potentially valid and deserves a
response.

The anti-spam community was not to my knowledge publicly or privately
polled for comment on .mail, and based on the disagreement I've seen in
this thread that community does not unilaterally agree or disagree with
the implementation or notion of .mail.  

I think it should be emphasized that the implementation of .mail is
something that effects EVERYONE here, and I cannot understand why a public
RFC was not issued so that our input could be sought by Spamhaus, and the
Anti-Spam Community Registry.  Based upon the name of the registry itself,
and as a contributing member of the Anti-Spam Community I believe that the
entire community's input should have been sought.

The first I heard of .mail, and the first I was able to give input on it
was in the ICANN forum.  So why the ICANN forum?  It is the proper place
for commentary positive and negative with regard to newly proposed TLD's.

So the question I have to ask is must I absolutely agree, or shut up when
another blacklist maintainer says or does something I do not agree with. I
certainly hope this is not the case, nor would I entertain such a notion.
I would hope that people would come to me when they have a problem with
what I do in public or private, I have always endeavoured to take the
time to answer those who have done so completely and thoroughly.

> I appreciate that some aspects of .mail are not yet clear, despite the
> FAQs (which sadly the critics of .mail don't bother reading), and some,
> such as the real price, can't be announced until negotiations with the
> registry begin. But actually write to ICANN to oppose our application?
> And even include a threat of AHBL blacklisting .mail if it's granted? I
> appreciate AHBL hasn't been around very long and may be still learning
> the ropes, but blacklisting non-spam entities simply because the
> blocklist owner doesn't agree with something, is not a great plan.

I see nothing here besides a mis-characterization of my initial post, and
an attempt to shift the light on it in such a way as to misconstrue what
was said for those reading it.  On it's face the only thing the post
does is write to ICANN opposing the application for .mail.  As noted
above, the AHBL, and apparently many other ardent spamfighters were not
contacted regarding .mail prior to it going to ICANN.  Therefore my
response to .mail was properly written, properly directed, and expressed
in the proper forum.

In closing I would like to thank you for your time in reading this, I
realize it's been a heck of a long posting.  Nothing in this should be
considered in any way a slight of Spamhaus, or Steve Linford's work.  I
have worked directly with Mr. Linford in the past, and have a great deal
of respect for him.  I think that in general there is a lack of
communication here, and I for my part take full responsibility for that. 

Mr. Linford: if you feel in any way that my posting to ICANN was an attack
on yourself, on Spamhaus, or its work in fighting spam on the public
Internet, I am deeply sorry, that was never my intent.  I hope that 
after reading this the community will have a better understanding of my
position, and I am available publicly or privately for flames, requests
for clarification, private apologies (as necessary), and comment.  Please
note that all those as well as what is posted above are solely my opinion.

---
Andrew D Kirch  |       Abusive Hosts Blocking List      | www.ahbl.org
Security Admin  |  Summit Open Source Development Group  | www.sosdg.org
Key At http://www.2mbit.com/~trelane/trelane.key Key fingerprint = B4C2
8083 648B 37A2 4CCE  61D3 16D6 995D 026F 20CF