Gosh, Spamhaus under threat (and Belgian mechalion)

Tally Ho! It's IT Blogwatch, in which those jolly decent Brits at Spamhaus have ticked off the U.S. legal system. Not to mention a homebrew, mechanical steampunk lion from Belgium...

Robert McMillan says U.S. justice is making like Queen Victoria:

[A] U.S. court is not amused [so] has threatened to shut down the Spamhaus Project Ltd., a volunteer-run antispam service, for ignoring a $11.7 million judgement against it. In a proposed court order (PDF format) dated Friday Judge Charles Kocoras of the U.S. District Court for the Northern District of Illinois calls on the organizations responsible for registering the Spamhaus.org Internet address to suspend the organization's Internet service. Both the Internet Corporation for Assigned Names and Numbers (ICANN) and Tucows Inc., the Spamhaus.org registrar, are named in the order.
...
Spamhaus, based in London, has said that it ignored the judgment because it cannot be enforced in the U.K. ... Whether or not ICANN would comply is unclear. The organization did not respond to requests for comment Monday.
...
If ICANN does shut Spamhaus down, it could be bad news for e-mail users. Spam now makes up about 90 percent of all e-mail and Spamhaus reckons that it helps block between 8 billion and 10 billion of these messages per day. Spamhaus's spammer blacklist is used by several technology vendors including Microsoft Corp.

Todd Cochrane tells it how it is:

Spamhaus is a volunteer group that is well respected but if this judge shuts them down it could spell big trouble for ISP’s worldwide that rely on them to curb the amount of Spam in your inbox. It’s really sad that apparent spammers have more rights to abuse people than those of us that are not abusing the Internet!

Björn Hallberg muses:

But will ICANN comply, seeing as it would fly in the face of the claim that ICANN is independent? Here is a good example of what can happen when the organization that manages the assignment of domain names and IP addresses is subject to US laws and a litigation happy culture ... Strange as it may seem, with Spamhaus being British and supposedly not subject to Illinois laws, one actually has to point that out in a formal argument. Which Spamhaus didn't. The question is if this is a one-off glitch or a potential venue for abuse, a test balloon if you will, for a flood of similar cases that will come up with convenient ways to rid the wired world of troublesome domains.

Gadi Evron thinks the unthinkable:

Imagine what would happen if Spamhaus was forced to present itself before courts all over the world, where they don’t even do business. They are a volunteer organization and spammers will stop at nothing to get at them.

After this court ruling, Spamhaus.org was under a DDoS attack, in my opinion for the purpose of preventing users from reaching the information it provided about the court ruling. This was done along-side a Joe Job, sending fake email appearing to come from Spamhaus’s CEO, Steve Linford. This email provided disinformation about the court ruling, claiming that anyone who uses the Spamhaus service can be facing legal action. This was false.

This ... is the one of the most dangerous things that could potentially happen to the Internet, and it needs to be squashed. Next, we would see the court going after Spamhaus mirrors, Registrars or RIRs.
...
It will be a precedent which will open a can of worms, and there will be no end to it. This court ruling needs to be attacked with all possible force, by ICANN, the community, the news and everyone else who cares ... [but I] have faith in the judges of the Illinois court, and believe they will make the right call.
...
Apparently, at this stage, it is only a proposed ruling. But I am no lawyer.

But Matthew Prince is a lawyer. In Illinois, no less:

Make no mistake: this is serious. To make that point, consider what is likely to come next. When Spamhaus continues to operate, the plaintiffs will implore the court to enter criminal contempt charges against the company and its principals.
...
That said, Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. While this is an evolving area of law, what Spamhaus does is, in my mind, most analogous to the London Times publishing a “Worst Dressed Celebrities” list.
...
Unfortunately ... Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today).
...
The judge ... seems pissed, and, frankly, reading the record I can understand why. As you all intuitively know, judges don’t like people ignoring their orders.
...
The good news is that the 7th Circuit is full of some of the smartest and most powerful judges in the country, so if there’s a way out of this mess Spamhaus could be in far worse places to find it. That said, appealing a default judgment is unusual and not a strong position to start from ... The primary option ... is asking the district court judge to set aside the default judgment. My guess ... is that he’d probably do that if Spamhaus asked, apologized, and plead that they got some bad legal advice and were rectifying the situation as quickly as possible. However ... [that] would require Spamhaus go against some of their core principles and eat some crow.

Anonymous Coward wonders about U.S. Internet control:

If U.S. judges think they have carte blanche to impose their laws on foreign entities using domain listing as a weapon then we absolutely MUST get DNS control the heck out of U.S. control ... if one person in a robe is going to single handedly eliminate the backbone of the international anti-spam war when the service is based in a foreign country, run by non-U.S. citizens and it's a voluntary subscription service then something drastic needs to be done.
...
It's just amazing that anyone can mock the Chinese for their 'great firewall' when the U.S. is prepared to yank a site from the ENTIRE WORLD, and think they can just because its domain name is published on a U.S. machine when that is mandated by an historical quirk.

Is it time we gave the United States their little .us domain to play with and left the rest to people who understand how serious this stuff really is?

The Blue Meanie offers this workaround:

So go ahead and pull their domain from the DNS hierarchy.

# cat >>
/etc/named.conf
zone "spamhaus.org" in {
    type forward;
    forwarders {216.168.28.44; 204.69.234.1; 204.74.101.1; 204.152.184.186; };
};

Buffer overflow:

Around the Net

• Silicon Valley Watcher: 60 Minutes talked with Dunn and Fiorina while Perkins went sailing on his very large boat
• Tim Bryce: Are I.T. Workers Blue Collar?
• Matt Asay: Oracle: We're still hungry (for M&A)
• 4sysops: How to install Windows Vista RC2 on VMware Workstation
• Michael Santo: 3/4 of US Adults Have Mobile Phones
• Search Engine Watch: Official Google Blog Gets Hacked After Message On Security
• Dana Blankenhorn: Most open source software is better
• Michael Hugos: Trading With the Enemy

Around Computerworld

• Jerri Ledford: Balancing the new and the not so new
• Robert L. Mitchell: How they learned to stop worrying and love Cobol
• Preston Gralla: It's time for the Feds to subsidize broadband
• Jeff Boles: VC happenings...
• Shark Tank: Want a Slurpee With That?
• Sound Off: Vista RC2: refined but not perfect
• Martin McKeay: Chinese hackers attacking the Commerce Department

And finally... Belgian homebrew mechanical steampunk lion

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.