Bennett Haselton didn't realize at first that his e-mail wasn't being delivered. While doing some routine maintenance, the First Amendment activist noticed in September 2000 that not only were his outgoing e-mail messages being blocked, but his Web site, Peacefire.org, was unreachable by many Internet users.
Three years later, Haselton knows firsthand that the war against the wave of unsolicited commercial e-mail -- spam -- that is paralyzing computer networks worldwide is a messy one. It's a war waged not just by the corporate giants who own the computer networks that make up the Internet's backbone, but by little-known guerilla groups equally opposed to junk e-mail. It's a war with lots of unintended consequences, as Haselton found out when he learned that his e-mail problems were the result of his organization being blacklisted.
Blacklists, also referred to as "block lists" or "blackhole lists," are compilations of Internet addresses associated with known spammers. Many are publicly available online, and system administrators often use the lists to block all incoming e-mail from those addresses. Like black holes, they are powerful and poorly understood -- and escaping their grasp can be impossible. This has made them one of the most effective yet controversial weapons in the crusade against unsolicited e-mail.
Haselton found out that his organization had been placed on the Mail Abuse Prevention System (MAPS) list because of complaints that his Internet service provider, Media3 Technologies, refused to cut off service to companies suspected of doing business with spammers. MAPS blacklisted a group of Media3's addresses, and ISPs using the MAPS list blocked e-mail coming from
those addresses -- including Haselton's.
Blacklist operators call this "collateral damage," admitting that it is an unfortunate side effect. But for people like Haselton, who can go unaware for weeks that their messages are dissolving into the ether, collateral damage can seriously hinder someone's ability to communicate via the Internet.
One problem that the unintended victims of blacklists frequently encounter is that the people who compile them often keep a low profile. As a result, it's hard for people whose service providers get blacklisted to appeal. Sometimes, the only option for someone who gets blacklisted is to change ISPs.
Even the most ardent spam opponents worry that the cure could be worse
than the disease.
"If you have a block list that stops 100 percent of spam and 75 percent of legitimate mail, you've solved the spam problem, but you've created another problem," said Ray Everett-Church, counsel for the Coalition Against Unsolicited Commercial Email (CAUCE).
But harried system administrators, desperate to prevent spam from crippling their networks, are more supportive of blacklists. They're the ones who hear the complaints when their customers are buried in spam, and it's their budgets that are tapped to foot the bill for the extra bandwidth and computer space needed to house reams of unwanted e-mail.
The spam problem is so bad that every network administrator uses some sort of blacklist to sort good e-mail from bad, according to Nate Shue, a senior network engineer at Vienna, Va.-based software firm Industrial Medium LLC.
Shue said the lists are more useful than spam filters because they block offending e-mails before they reach the network. Blacklists are a more efficient option than e-mail filters, which can keep most offensive e-mail out of recipients' inboxes, but only after those e-mails have entered a company's network. By the time the filter does its job, the recipient has already paid the price of handling the message.
"The fact that someone has to hit the delete key is not what I'm concerned with. You've already suffered the damage at that point," Shue said.
Big e-mail hosts like America Online, Microsoft and Yahoo can afford to develop their own blacklists, but smaller organizations typically rely on lists published by groups like MAPS, Spamhaus and SpamCop.
Some administrators take those lists and install them directly at the borders of their networks, while others, like Shue, use the lists in conjunction with their own research to determine who gets blocked.
MAPS published its first blacklist in 1998, and dozens of groups have released their own since then. Many are small-scale, volunteer-based operations that let system administrators use the lists for little or no charge.
One popular list created by SpamCop is compiled automatically based on complaints submitted by e-mail users. To get off the list, e-mailers must appeal to SpamCop founder Julian Haight. Haight acknowledged that the system isn't foolproof. He deletes improper listings, but it's
a time-consuming process for one person.
One list -- the Spam Prevention Early Warning System, or "SPEWS" -- has especially enraged e-mail marketers.
It is unknown who runs SPEWS, and the Web site -- spews.org -- offers few answers. The site's registration information at various Internet WHOIS databases is deliberately false, with the e-mail contact listed as not@available.org.
The SPEWS site recommends that people who think they've been falsely included on its blacklist direct their complaints to a newsgroup available through Google. The site also makes it clear that posting to the newsgroup won't help disgruntled bulk e-mailers get off the list. "Only the discontinuation of spam and/or spam support will," the site says.
SPEWS is a popular target of blacklist critics, whose greatest concern is the lack of accountability among list operators.
"If you're occasionally wrong and you're handling other peoples' mail, then you have to have very clear, very useful, very accessible tools for correction," Electronic Frontier Foundation (EFF) Legal Director Cindy Cohn said.
Cohn fears that blacklists could be used by individuals or political groups to
stifle opposing views, since many operators rely at least in part on customer complaints to compile their lists.
The left-leaning MoveOn.org has struggled to keep its addresses off blacklists, despite the fact that it only sends its bulk messages to people who have signed up to receive them, said President Wes Boyd. Boyd suspects that some of MoveOn's ideological opponents sign up for the MoveOn list, then complain to blacklisters that they're being spammed. The group has seen its messages bounced from some ISPs in what appears to be the result of blacklisting.
Everett-Church of CAUCE said that some blacklists indeed become "little more than tools for people's personal vendettas."
America Online maintains a 24-hour toll-free number for e-mailers to call if they feel they've been improperly blocked, but smaller list operators don't have those resources.
For all the controversy surrounding blacklists, nobody envisions them disappearing anytime soon. E-mailers and ISPs have lately begun suing specific block lists for defamation. The outcome of those cases could have an impact on how the lists are used, but few would argue that the lists are illegal.
The Federal Trade Commission, which has led government efforts to address spam, takes no position on blacklists, FTC staff attorney Brian Huseman said. In fact, the agency uses them to protect its own e-mail network.
It took Bennett Haselton more than a year to get off the MAPS list. In the meantime, the ISPs that were using the list to block Peacefire.org restored access and his own service provider allowed him to route outgoing e-mail through another machine.
The tech-savvy Haselton said another user in his position might not have been so lucky.
"The biggest problem I have, by far, with any of it, is that [administrators who use blacklists] hide the fact that any of it's going on so that their users won't know and
therefore won't complain," Haselton said.
Earlier this month, Haselton tried to send e-mail to a reporter at a Seattle television station only to have the message bounced back by the station's blacklist. Apparently Peacefire.org had landed on a different list of "known spammers," leaving Haselton to begin another climb out of the black hole.
