What will stop spam?
Paul Vixie hopes his Realtime Blackhole List will at least be a start
Paul Vixie wants everyone to know that he is angry. He says about half of today's Internet mail traffic is spam, and he wants it to stop. Perhaps best known as the technical director of the Internet Software Consortium (the people who maintain BIND, DHCP, and INN), Vixie also runs a program called the Mail Abuse Prevention System (MAPS), which features what he calls the Realtime Blackhole List, designed to stop all Internet traffic to and from networks Vixie deems "friendly" to spammers.
If you get on this list, says Vixie, about 18 percent of your Internet postings disappear because things like e-mail are no longer being routed by ISPs who subscribe to the Blackhole. Critics call this censorship, and spammers are threatening to sue.
We met with Vixie at his Redwood City, CA, offices recently to ask the question: What will stop spam? (3,300 words)
SunWorld: Who maintains the Realtime Blackhole List (RBL)?
Vixie: There are a couple of other volunteers that are associated with it, but I am the only one who has got any legal liability.
SunWorld: When did you start the RBL?
Vixie: In February of this year I announced it at a NANOG [North American Network Operators Group], which is a networking operations conference in San Francisco. And I had been maintaining my own list -- just networks that had spammed me -- and a number of people had come to me and said, `Well, since you're maintaining that list, it would save me a hell of a lot of trouble if I could just get the list from you and not have to go and maintain my own copy of probably the same list.'
SunWorld: Who was the first person to subscribe to the list?
Vixie: There are two lists of people: There is the list of people who are on it, and then there's the list of people who get it. So if you're on it, that means you're a spam source, and if you get it that means you're being protected, in some form, from being spammed.
The first person ever to ask for a subscription was Dave Rand at AboveNet [Communications Inc.].
SunWorld: How many subscribers do you now have?
Vixie: That's difficult to say exactly. We have 60 people taking the routing feed right now.
SunWorld: And does that include ISPs then?
Vixie: Oh yes. It includes a couple of multinational ISPs, like for example, EUnet in Europe. That's the European backbone network. The people in Europe are a lot more sensitive to the cost of connectivity than we are here. So, in Europe, the money lost by having to carry spam for other people is a huge, huge line item on their books. For the European backbone to just say "Anything Vixie says is bad is bad," is really a cost-saving move for them. They're trying to just keep spam from moving across the length that they have to pay so dearly for.
Inside the black hole
SunWorld: What are you actually doing with the RBL?
Vixie: Well there is a routing protocol called BGP, which is the Border Gateway Protocol, and in version four of BGP, they allowed for the possibility that two different folks who are exchanging routes don't actually live on the same LAN. Normally you would use BGP at, say, a MAE-West or some other exchange point where you have two carriers wanting to exchange routes. But it's possible to exchange routes with somebody that you don't even have connectivity to other than through other people. And that's called external BGP, I think, or even multi-hop. So the full glorious name of what I've been using is called EBGP4 Multi-hop.
The reason we call
it Blackhole is
because it's kind
of like what objects
would do if they got
too close to a black
hole. They would get
So I have a router; it isn't actually routing anything. It's not forwarding any packets, but it is sitting there, and it has a routing table. And so I add things to that routing table so that I set the next hop to "null," which means if any packets try to go to this destination, just drop them on the floor. Don't forward them, don't send them back, don't send any error messages, just get rid of them. And I use that router to advertise those routes into the rest of my internal network, so that if any one of my hosts ever tries to reach somebody who is in the Real Time Blackhole list they won't go out my transit link out to whomever I get my connectivity from. They go out my Blackhole router. The reason we call it Blackhole is because it's kind of like what objects would do if they got too close to a black hole. They would get sucked in.
SunWorld: It seems that anybody administering a network that connects to the Internet could use this. What would an administrator have to do to subscribe to the RBL?
Vixie: The reason I said it's a little bit difficult to say just how many people we have on the RBL is that there are now three different ways to get it. It started as the routing feed (the BGP multi-hop) but there were a fair number of people who really wanted to have it -- wanted to be able to use this list to protect themselves from spam -- who didn't have any control over their routers. Either they were getting their connectivity from someone who hadn't given them the router password, or they didn't know what a router was, or whatever it was...They wanted to benefit from this, but they just could not cope with the BGP.
So we thought for a long time about what else we could do, and finally somebody who wasn't even involved in the project heard us muttering about it and said, "You should use DNS [the Domain Name System]," which is the same protocol we use to carry an awful lot of other data around on the Internet. Everybody already speaks it, so there's a certain benefit to that. And it turned out that by adding four lines to the typical sendmail configuration file, you can make any mail relay do an RBL lookup at the time that mail is being received. And if it's being received from somebody who is on the RBL, you can reject it even before you carry a single byte of their trash.
The way DNS works, is that it doesn't really matter if you subscribe to this list or not. I mean you'd certainly have to configure your mailer to use it, but you don't have to tell me that you're using it.
Vixie checks his computer
Just off the top of my head I would say that in a four second span, 30 people just did Real Time Blackhole lists while we were talking: they just looked up that many addresses against my servers. And there are five different name servers for the DNS zone that contains this information, so I'm probably only getting one-fifth of the traffic.
SunWorld: What is the third way of subscribing?
Vixie: America Online doesn't subscribe, but I'll use them as an example of a huge mail relay -- they move millions of pieces of mail a day. If they tried to do an external DNS lookup into the RBL for every piece of mail they ever received, their mail servers would sink under the load, because the slot occupancy time of a given mail message would just skyrocket. So for some AOL-type subscribers who do hundreds of thousands of mail messages a day, they put a copy of our DNS into one of their name servers. And then we don't advertise that server because we don't want them to get external traffic; they just want to have a copy of this that's right there on the LAN or sometimes on the same server as their mail relay.
SunWorld: How would they update that copy?
Vixie: DNS has real-time change notification, which is in BIND (Berkeley Internet Name Domain software) version 8. Whenever I make a change, it sends a little discovery packet out to all the secondaries and that works just fine.
SunWorld: What are the new features you're planning to add to the RBL?
Vixie: It's not a feature, but I'm going to have to start charging for subscriptions. I've had to hire one person, and I've just hired a second person, and I've been paying for it out of my own pocket. So I'm going to start charging money for people who want to subscribe to it. Of course if you just want to use it as a free DNS service, and you're just going to change your mailer to use it, and you don't want to transfer the list onto your own host, then it will still be free. But if you want to actually subscribe to it in the full sense of the word, then I will charge you money.
SunWorld: When are you going to start that?
Vixie: Probably January 1, 1998.
SunWorld: Do you know how much you are going to charge?
Vixie: I need to figure out what I intend to provide, how much that provision is going to cost, how many customers we're going to have, and figure out an appropriate rating scheme. I think it's going to end up being $1,000 a year.
We're planning to give each person a login to our database server, so if you subscribe to the Blackhole list, and you want to know more about a given 'Net block -- you don't just want to know that it's on the list, you want to know what's been done about it: was it reported, how many spams have come from there, that kind of thing. And we're going to give a higher level of query capability to people who are paying us money than to people who aren't.
Punishing the "friends" of spam
SunWorld: How do you defend your policy of Blackholing Web services that host spammers' Web sites -- even if the spam itself isn't going through their service?
Vixie: This is the most controversial thing we do because it's censorship of something that isn't spam. It's me saying to some Web provider, because you are renting space to this person [a spammer] who is doing something completely legal, I am going to Blackhole your butt. They hate that. And they complain and they say, `We don't want to censor our customers. What they're doing isn't illegal. Why are you punishing us?'
And what I say is that there are plenty of Web farmers who have contracts with their customers that say, `If you spam from any portion of the 'Net and advertise our page, we will disconnect you.' And I want you to be one of those Web farmers. And they say `But we don't want to censor.' And I say `then you are friendly to spam, and I can't let you have access to my network.'
And they point out, `You're not going to get less spam because you did this to me.' And so we're kind of arguing across an ideological chasm.
SunWorld: Earthlink's Nick Christenson criticizes the Blackhole routing as being too error-prone and concentrating too much power into one person. He says that this form of "censorship" is OK for leaf sites, but for transit sites, like any ISP, it amounts to censorship of traffic.
Vixie: Now let's take those in order: error-prone, concentration of power, and censorship are the three issues I heard from that.
It is error-prone. There is no question that sometimes I blackhole the wrong person. Somebody, out of the blue, calls me up and says, `Paul, you son of a bitch, you put me on your list and I'm not a spammer.' I look and, sure enough, I've transposed two digits in some IP (Internet Protocol) address, and I've Blackholed the wrong person. And I apologize, and I take them off, and I do what I can. It doesn't happen that often, but it has happened, and it will probably happen again. I don't know a way around that. I double check things, and I'm hiring other people to come and do some of this work. But you have to trade off the worst effect of the worst error against what you get if you don't try. What I get if I don't try is hundreds of spams per day. So I'm not willing to not try.
Concentration of power into a single individual: It's very true that power has corrupted every individual in whom it has ever been concentrated in the history of mankind. I do not feel that I am necessarily above whatever elements of human nature give rise to that. I worry about it. Probably other people worry about it more than I do.
There are people whose judgement I trust -- folks that have been in the industry longer than I have or maybe just as long as I have, but have done different things -- where I've learned that when they argue with me, they're usually right. And I have run what I'm doing by these people, and I'll continue to do that whenever I want any change in the way that I approach it. And if I get back some horrified stare that says, `Paul you're going to be the next Hitler; you're going to take over the universe,' I'm pretty much expecting that I'm not going to tell them that their concerns aren't justified. I am as worried about this as I think is healthy, but I'm not willing, once again, to say, `Well, because concentrating power in the hands of one person has always been dangerous, we should not attempt what we're doing.'
In a dictionary
sense, what I do
But I don't care
what the spam is
about. I don't need
to look at the spam.
It turns out that if we had an industry council and said, `OK, we don't want to concentrate this power; we want you to meet regularly and review complaints and decide who is to be Blackholed.' It would almost certainly be less error-prone. It would have a lot of checks and balances; different people would have different opinions. The Department of Justice would come down your throat with machine guns blazing on the question of conspiracy and restraint of trade.
There is no conspiracy if only one person is doing it. And it turns out that it's myself and some employees -- legally my employees are acting on my behest; there's still no conspiracy -- as soon as I get one ISP acting on some kind of council, any other ISP can file a complaint with the Department of Justice and say, `These people are acting in some bad way that is causing me to lose business.'
SunWorld: So it's the advice of your lawyer, then, that's really kept you from forming such a council?
SunWorld: At last month's LISA '97 conference you said you'd welcome a lawsuit to air this issue in a public forum.
Vixie: Certain forms of lawsuits would be good. I don't want to be on the other end of the bench from the Department of Justice. I want to be in civil court not criminal court. And I want the person on the other end to not be a government agency.
SunWorld: Is a civil suit a likelihood at this point?
Vixie: At this point, I think that they are afraid to sue me because this is an extremely popular cause and giving me a forum on which I can wage public debate is not in the interests of the people that are losing money because of what I'm doing.
SunWorld: You have received cease and desist letters from some of these `people' already. Who did they come from?
Vixie: Walt Rines at Quantum Communications sent me such a letter. And I've heard from a few people that don't understand why they get Blackholed when their Web hosting customers are spammers, but they're not nearly as aware of the issues as Walt Rines.
SunWorld: What about the censorship?
Vixie: In a dictionary sense, what I do is censorship. However, in the sense of that word that is used by, let's say, the Electronic Frontier Foundation, or anybody else who argued about the recent CDA [Communications Decency Act] in Congress, censorship refers to looking at the content and deciding that that content is objectionable.
But I don't care what the spam is about. I don't need to look at the spam.
SunWorld: What will stop spam?
Vixie: Right now the protection measures are lagging. Spammers get to do pretty much what they want, and there's no coordinated response to them at all. But as we get more coordinated response to spam, and that's what the Real Time Blackhole list is, we will change the equilibrium to where the total amount of spam might get to be 20 percent of the current volume. That's certainly one target goal.
But if you want to stop spam, you have to make it illegal.
SunWorld: Why hasn't this happened already?
Vixie: There are two laws that matter being debated as we speak. One is good and one is bad. There is the Smith Bill; that is good. It more or less extends the junk fax law to cover e-mail. And there is the Torricelli Bill, and it's bad. That one is sponsored by the Direct Marketers Association of America, and supported by the spammers. That's the one that simply requires spam to be labeled, on the assumption that you're going to send it all the way down to the end user, and let them set up filters. So that after they have paid to receive this junk they can delete it. That's a very bad idea.
SunWorld: So is spam a theft of service?
SunWorld: Who is the theft being perpetrated on?
Vixie: If the users were not paying money for the account, then the ISP could not afford to buy the modems or the servers or transit. And if the ISPs were not buying transit, then the backbone providers would not be able to buy their transcontinental links and routers and the rest of it.
Without customers there is no Internet. Therefore, we assume that the customers are paying for the Internet. If you look at the cost of spam, it's certainly not being borne by the senders of that spam. They're paying a fixed flat rate, and everybody else is paying to make themselves available to that spam.
SunWorld: Is anybody actually making money off of spam?
Vixie: Nobody is making money off of spam. The revenue source that spammers want to tap into is advertisers. And advertising, if done well, is expensive. The sorts of products that advertise themselves with spam are hair restoration creams, pyramid schemes, sexual virility aids, all kinds of crap gets advertised with spam. And those kind of products don't exactly sell in hundreds of millions of units. You can't believe that there's some well-funded company out there who wants to sell you some device that's going to make you more attractive to the opposite sex, who is going to say, `Yes let's pour money into that spamming campaign.' No. They're making a deal with the spammers to say, `We will pay you X amount for any call we get as a result of spam.' And people that are getting spammed don't really want to call. If they're going to call, they're going to call and say, `You flaming, f***ing bastard! How dare you send me this crap!'
SunWorld: So why doesn't it die, if no one's making money?
Vixie: Because it's the Holy Grail. It means you get to steal service from everybody on the 'Net and make them pay for your advertising costs. And it's this shining ideal. The dark side of advertising has been looking for this ideal for a long time, and they're not going to go away until it's illegal.
If you have technical problems with this magazine, contact email@example.com