October 2000

Online Vigilantism: The Good, the Bad, And The Ugly 

BY ROBERT VAHID HASHEMIAN

The other day I sat behind my computer, logged into my account on Hotmail and was blown away by the number of unsolicited e-mails I had received in one day. I have no doubt that many of you can empathize with my situation and many of you have probably opted to use one of the many available filtering software products to stop the spam. Now I can almost hear your voices of sympathy echoing the condemnation of the spammers, but please spare me. It only took me about 10 seconds to delete these unwanted messages. I simply scanned the sender names and the titles, marked them, and filed them under my most important folder: The trash folder.

As a matter of fact, I have become so adept at it that receiving spam is no longer a source of anger. I have far more important things in life to get angry about. So does that mean that I condone the spammers' actions? Absolutely not. In fact I believe that there should be appropriate punishment for their deeds. I also feel the same way about child pornographers, financial scammers, and unauthorized cookie depositors. But unfortunately the growing trend of these activities has given rise to another disturbing trend: Online vigilantism.

MAPS
The headlines have been clogged with story upon story about the Microsoft and Napster proceedings, but there is a lawsuit brewing in the shadows whose ramifications might prove just as far reaching. Brought about by Harris Interactive, Inc., the lawsuit alleges that Mail Abuse Prevention System (MAPS) has unjustly added Harris' e-mail servers to its blacklist of IP addresses, known as Real-time Blackhole List (RBL). E-mails originating from Harris' poll database, and bound for Microsoft and AOL users, are blocked by RBL. Harris' suit against Microsoft, AOL, and MAPS represents a groundbreaking manner of dealing with mass e-mail generation and distribution. It begs the question: Who is responsible for saying what mail is allowed and what mail isn't?

MAPS started its life as a non-profit organization back in 1997 with the intent to create a list of spam offenders and to offer the list to anyone who wished to use it to block spammers. MAPS has grown considerably since its inception and it now offers several lists, the most famous of which is RBL with over 3,000 IP addresses. Over the years many small and large companies have been added to list. Some have become permanent prisoners in RBL while others have been able to negotiate their way out by accepting the MAPS terms on e-mail policies, chief of which is the closed-loop double opt-in. Two high-profile companies who made it to the list but were eventually paroled are Ziff-Davis and ironically, AOL.

The problem with MAPS and the like is not their goals and objectives, but their execution which can easily lend itself to abuse. Over the years MAPS has become as feared in the online space as the Mob once was in the streets of Chicago. Extortion, kickbacks, and corruption may not be easily identified with MAPS today, but at the rate MAPS is garnering control and power, such activities may not be too far away.

In defense of MAPS, they also offer some positive services. Take, for instance, their open relay identification service through which they identify e-mail servers with open relays that might have fallen victim to spammers. In fact, a few months ago MAPS notified us of such a potential within our network. They were right. One of our Linux servers had inadvertently been left with an open relay allowing spammers to use it as a jump-off point to send e-mails.

BUT, WHAT IF...?
MAPS contends that their list is private property and that it is no one elses' business who they choose to include on this list. I would be inclined to agree with their reasoning except for one major issue. RBL usage has now reached a critical mass affecting millions of people. It can no longer be regarded as a private list, and therefore it cannot be allowed to continue its operation untethered. MAPS, however indirectly, is regulating spammers. The question, however, is who is regulating MAPS? Suppose a MAPS employee decides to add a TV station's site to the list just because she doesn't approve of their programming. Or what if a true spammers can get off the list by bribing someone at MAPS? Perhaps the worst issue is that one person gets to define and control spam for the rest of us. But what is spam? By some definitions, it is unsolicited e-mail sent from one party to another. What if I sent an e-mail to a cousin, inviting him to a family reunion? Does that mean that my cousin, who may secretly hate me, can ask for my e-mail server to be black-listed? What if I mistype someone's name and the e-mail is accidentally sent to another person? Or what if a person who verbally agreed to be contacted at a business meeting, forgets the agreement? Would we need a notarized agreement from every party before we can e-mail them?

The point is that once a service has gained critical mass, the potential for abuse can increase dramatically. A private list is private so long as it is kept within the boundary of family and friends. But once it breaks out into mainstream and turns into a business, it becomes a public list with potential to damage. And that is when it needs to be regulated and kept under scrutiny. Online vigilantism, while well meaning, could be just as bad as the problem it wants to solve.

What do you think of online vigilantism? E-mail your comments to rhashemian@tmcnet.com. You have my permission. 

Robert Vahid Hashemian provides us with a healthy dose of reality each month in his Reality Check column. Robert currently holds the position of Director for TMCnet.com -- your online resource for CTI, Internet telephony, and call center solutions. He can be reached at rhashemian@tmcnet.com.

[ Return To The October 2000 Table Of Contents ]