Subject: Re: OT: orbz.org - help needed
To: None <netbsd-users@netbsd.org>
From: Shannon <shannon@widomaker.com>
List: netbsd-users
Date: 01/29/2002 16:47:26
On Mon, Jan 28, 2002 at 09:25:22PM -0500, Greg A. Woods wrote:
> [ On Monday, January 28, 2002 at 12:05:36 (-0500), Shannon wrote: ]
> > Subject: Re: OT: orbz.org - help needed
> >
> > The problem here is that it's possible to have open relays on your
> > domain, and you don't have control over that machine. Should you be
> > blacklisted in that case? I don't know if Orbz would blacklist in that
> > case, but some people have. A company I worked for was blacklisted
> > because a customer's machine had an open relay. As I recall, it was
> > difficult for us to reverse the situation, and lawyers were involved.
> 
> The company you worked at ran an open relay.  

No, we didn't run an open relay. A customer did. Why not block them and
not us?

A permanent customer caused a blacklist. For various legal reasons, we
could not control what they did, or at least not quickly. There is no
reason they could not have been blacklisted without affecting us.

> There are many ways the company you worked for could have avoided their
> mailer becoming an open relay.  

We didn't configure _our_ mailer to be an open relay.

> Which method would have been best for them to implement depends on
> many factors you don't discuss. Since you mention a legal dispute it
> would seem the company was naive in entering an agreement without
> fully understanding the consequences.

No, it was nothing like that. It came up because policing a site can
often make you responsible for all of them under the law. It's like
opening Pandora's Box because it's logistically impossible to monitor
everyone, so you don't generally want to become legally responsible for
them. Usually the issue is content, but it's much the same with regard
to customer equipment. You can try to write contracts to account for it,
but you cannot anticipate every possibility.

Of course, if the law made any sense at all, we would have been allowed
to take care of obvious problem sites without also becoming legally
reponsible for all of them. 

Limits like basic engineering, logistics, or even the laws of physics
mean very little in a court, and even when you win you lose if it goes
to court.

So, it was mainly a matter of not wanting to go there, so the lawyers,
as far as I know, made a presentation to offender outlining the damage
it was doing us and their own possible liability. Evidently it was
convincing, but then we were often kept in the dark about the legal
resolutions.  Usually we didn't want to know anyway.

I think working for an ISP is where I saw the most bizarre legal issues
and the most lawyers involved.


-- 
shannon@widomaker.com  _________________________________________________
______________________/ armchairrocketscientistgraffitiexenstentialist
 "And in billows of might swell the Saxons before her,-- Unite, oh
 unite!  Or the billows burst o'er her!" -- Downfall of the Gael