Facing Legal Challenge, Blackhole List Closes

Fearing jail time, the owner of a popular “blackhole” project pulled the
plug Wednesday.

In an e-mail notice to members of his open relay blackhole zone (ORBZ)
discussion list, Ian Gulliver told his flock he was shutting down
immediately rather than turn over documents to the 10th Judicial District
Court in Michigan.

ORBZ is one of many blacklist organizations on the Internet today: a
controversial, though legal, method of blocking open relay servers that
route spam and unsolicited commercial e-mails (UCE). By publishing a list
of known IP addresses using open relays Internet service providers (ISPs)
are able to block e-mails from that domain to its customers.

“I was happy to try to weather any civil issues that may have come up, and
I was committed to seeing it through,” Gulliver said in his farewell
notice. “However, the threat of jail time is too much; I don’t believe in
this fight quite that much. I sincerely hope that someone with the goal of
carrying on the mission of ORBZ pops up in another country with a less
foreboding legal system.”

A copy of court records was unavailable at press time to see the
particulars of the injunction, which called for Gulliver to hand over all
documents related to ORBZ or shut down.

On the surface, it seems a victory for bulk e-mailing companies and
anti-anti-spam groups who are blocked by ISPs and other Internet providers
around the world, but the issues surrounding the situation paint a
different picture.

It seems one of Gulliver’s tests to validate whether a server is really an
open relay or not was causing Lotus Domino machines to crash. One of 10 or
so e-mail tests routinely conducted, the code in one was causing Domino
SMTP servers to enter an endless mail loop, consuming 100 percent of the
CPU and putting it out of commission.

Laura Atkins, newly installed president of the non-profit anti-spam outfit
SpamCon Foundation, said the code changes needed to correct the bug was
“trivial” but one Gulliver, for one reason or another, was unwilling to
correct.

“When you run a blacklist, you need to be responsible and you need to be
considerate of the other servers,” she said. “The overall impression I’m
getting is he knew the bug was there and he just decided he wasn’t going to
do anything. If his test happened to crash a Lotus server, then it wasn’t
his fault.”

But on the other side of the coin, many point the blame to Lotus developers
who have been slow to correct a vulnerability Gulliver himself reported to
Bugtraq back in August 2001.

Tim Jackson, a programmer posting to Slashdot.org on the ORBZ shutdown,
said the whole situation was depressing and all-too-familiar in a high-tech
world filled with its share of buggy equipment and products.

“Of course, if common sense prevailed, it would be the mail server vendor
in court for producing insecure mail server software, not a third party for
happening to send requests that unintentionally crash poorly-written
servers,” he posted to the site.

Regardless of who’s to blame, experts concur the mess will only drive a
wedge between a service seen by many as essential in slowing down the
increasing flow of spam and those companies who profit from UCEs.

Walter Yurkanin, a lawyer specializing in Internet law at Mahoney,
Silverman & Cross in Joliet, IL, said it’s too bad both parties were not
able to come to the table to work out the issues.

“Incidences such as this just create animosity that makes it harder for the
process to work the way it was intended. Blacklist owners have to assess
what their real motivations are, and if their motivation is not to assist
they need to take a look at what makes the process work.”

Latest Articles

Follow Us On Social Media

Explore More