invisibill.net

More on the Spamhaus legal saga…

There’s a Slashdot article regarding Spamhaus’ warning that the spamhaus.org domain might get suspended due to all the lawsuit stuff. It looks like a bit of inconsistency may be their biggest weak spot - rather than completely ignoring all these legal threats (as they have no jurisdiction over UK companies), they originally had the lawsuit moved up from a local court to a US federal court. That implies that the US does indeed have jurisdiction in the matter - why should you care about the details of a lawsuit that doesn’t apply to you?

Anyway, if you want to visit Spamhaus or are having problems with the SBL/XBL, use spamhaus.org.uk instead of spamhaus.org. You may be interested in Legal Threats and Lawsuit Answers and copies of spam sent by e360insight. This spam was sent to an address that has never belonged to any person. It was created by a typo when it was entered into the Internic database years ago during a domain registration. Thus, everything sent to it is 100% guaranteed spam. <sarcasm>Hmmmm, I wonder how they opted in to receive those valid, valuable marketing emails…</sarcasm>

PhishTank is a new service by the OpenDNS guys. It’s a public clearinghouse of phishing data. Users submit phishing sites/emails, and other users verify whether or not it’s actually a phish. The data is all available via API, which means people can make cool apps that access this growing wealth of data. A web browser could check URLs you visit, or Spamassassin or your mail client could check emails for phishing links. The FAQ has more info, but this looks to be a very good idea. PhishTank is also tied into the OpenDNS free DNS service, so it will help block phishing sites before OpenDNS users even see them, and in the future OpenDNS’ other sources of phishing data will feed into PhishTank as well.

There’s a new email going around stating that Steve Linford/Spamhaus recently lost an $11.7 million lawsuit and they are now starting a class action lawsuit against Spamhaus, Linford, users/supporters of Spamhaus, and ISPs who deny service based on Spamhaus.

The email neglects to mention a few details though. The lawsuit was filed in an Illinois court. Spamhaus is based in the UK and does not have any sort of presence in Illinois, which means the court has no jurisdiction over them. This page is the Spamhaus response to the filing of that lawsuit, pointing out this fact. The page also points out other flaws in the lawsuit, including the facts that Spamhaus doesn’t block anyone from sending any email (it allows Spamhaus users to block incoming emails) and that they failed to follow proper legal procedure in the lawsuit (serving the Temporary Restraining Order via email and falsely claiming that Spamhaus does business in Illinois). This page is an answer to the current claims.

The email points to the news.admin.net-abuse mailing list and recommends searching Google for “Spamhaus Terrorists” to find out the truth about this situation. n.a.n.a currently has a bunch of posts from people who were spammed with this crap about a Spamhaus Lawsuit. The Google search returns some opinions about the legitimacy of the Spamhaus blacklist, many with responses stating that Spamhaus is one of the most reliable anti-spam organizations around.

The fact of the matter is that I too was spammed with this junk. It was sent to my abuse-reporting address. I have never used this address for anything other than listing it as an abuse contact. It did not come to my main email address, which is advertised in everything I do. A number of email blacklists similar to Spamhaus have become what the editorials claim about Spamhaus: they block a bunch of innocent users (either because they’re incompetent and/or apathetic about doing it properly or in order to cause lots of collateral damage to force the provider to get rid of spammers) and use the blacklist to further their own vendettas (blocking anyone they don’t like or who they disagree with). I can’t say anything for certain, but I’ve personally found the same results that many others have: Spamhaus is one of the better ones out there.

The email also claims that the SBL that Spamhaus charges for can be found at http://cbl.abuseat.org/ for free. Again, that’s not exactly true. The XBL is a list of exploited machines which are sources of junk. The XBL includes the CBL list as well as NJABL data. The SBL is a separate list of spammer IP addresses. There is a combined SBL-XBL which can be queried all at once. So the CBL is part of a list run by Spamhaus which is similar to the SBL. As for being free, the SBL is free for general use. For huge ISPs making lots of requests against the list, they offer a Datafeed service which transfers a copy of the list to the ISP’s own server. That is a paid service.

Also, the bottom of the CBL FAQ actually states Spamhaus is one of the most respected anti-spam organizations in the world. They recommend that you use Spamhaus’ XBL rather than querying the CBL directly.

To sum all that up, this letter is a lie from a spammer, trying to cause problems for an anti-spammer in order to increase their own profits. If you’re interested, here are the definitions of spam by Spamhaus and by SpamCop.

AngstyBill is back.

The IE7 Myth

The IE compatibility team contacted this guy to say his site didn’t look right in IE7 because he was using IE6 CSS hacks to correct for bugs which are now fixed in IE7. That sounds like a fairly reasonable concept, unless you actually know how a CSS hack works.

CSS hacks are little bits of CSS that trigger bugs in certain browsers, which allow a website to specify different code for different browsers. Generally the idea is to make good standard code, then use a CSS hack to apply a fix to one specific browser which doesn’t follow the standards, and thus hoarks up your good standard code. The CSS specification actually specifies that invalid CSS should be ignored, so all other browsers simply ignore this extra kludge and use the good standard code.

The problem with what the IE team told this guy is that if they really did fix the problem in IE7, it should ignore the code like other good browsers do, and the hack will have no effect on the page layout. If the hack really is causing problems in IE7, then IE7 still has CSS support problems causing it to try to interpret the extra code. Short and sweet, either IE is still broken or this isn’t really a problem.

Never ascribe to malice that which can be adequately explained by incompetence. I think it’s very likely that these people are just dumb. However, being Microsoft, it’s hard not to think of the possible malicious intent. Their suggestion of removing the CSS hacks to fix IE7 will obviously break the page in previous versions of IE (or the site wouldn’t be using the hacks in the first place). If a whole bunch of sites stop working in IE6, many people will upgrade to IE7. That in itself is probably a good thing. However, IE7 is only for XP and up. I think there’s been enough Firefox publicity that a user would switch to an alternate browser first, but I’m sure there are people who will find a site that doesn’t work on their Win2k/IE6 box and instead pay for WinXP so they can upgrade to IE7. So is MS asking you to help them break a bunch of older PCs to force an upgrade, under the guise of updating your site to work with their new “standards-compliant” browser? It’s impossible to know for sure, but I wouldn’t put it past them.

+

Hellooooooo nurse!

http://www.myspace.com/invisibilldotnet
Well, I still have a little bit of fixing, but it’s much better than the pile you start with…

Mike Davidson is a god.

Nope.

I’ve set up a phpBB at http://www.invisibill.net/forum/ if you have any feedback or whatever. If it doesn’t really work as a comment to a post here or you want to contact me about something completely different, that’s a good place to put it.

This is in no way just another geek thing for me to play with. =)

yes i’m alone
then again i always was
as far back as i can tell
i think maybe it’s because
because you were never really real
to begin with
and i just made you up
to hurt myself
and it worked
yes it did
there is no you
there is only me