CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Are blacklists killing more than spam?

Participants at a government confab spar over whether lists that target ISPs used by spammers are legal--and whether they do more harm than good.

WASHINGTON--Spam has become such a vexing problem that, if current trends continue, e-mail could become a far less useful way to communicate.

But have some of the muscular responses to unsolicited bulk e-mail, such as blacklists that target Internet providers used by spammers, created problems of their own?

On Thursday, participants at a three-day spam summit convened by the Federal Trade Commission sparred over whether such blacklists are legal and whether they do more harm than good. Some speakers warned their use means that legitimate e-mail is often lost or silently discarded--becoming an accidental casualty in the war on spam.

Margie Arbon of the Mail Abuse Prevention System defended the practice of blacklisting, in which activists create and publish a list of Internet addresses that are linked with spammers. Internet service providers and individuals can subscribe to the list and use it to discard messages that originate from addresses on it.

"Blacklists are a decision by the owner of the equipment," Arbon said. "They are trying to defend their property...They are being inundated by this mail."

But the practice came under fire from J. Trevor Hughes, director of the Network Advertising Initiative's Email Service Provider Coalition, whose members include DoubleClick, credit agency Experian and companies that sell high volume e-mail marketing campaigns. Hughes contended that financial statements and other important e-mail have been lost because of accidental or intentional entries on blacklists. "Those are all messages that have suffered because of blacklistings and false positives," he said.

The FTC summit is the first serious evaluation of blacklists undertaken by the federal government, even though the technique has been the target of criticism for frequently blocking mail that is not spam. A particularly controversial "guilt-by-association" approach employed by some list operators places an entire ISP or hosting service on a blacklist merely because one of its users is a spammer.

In February, Microsoft's MSN accidentally blocked incoming messages from rival ISPs, including AOL Time Warner's RoadRunner broadband service and EarthLink. And, as first reported by CNET News.com last November, the FTC itself adopted blacklists that blocked some legitimate e-mail to agency staff.

Brian Huseman, a staff attorney in the FTC's division of marketing practices, said the agency was reviewing its approach. "We're in the process of examining those blacklists," he said.

While blacklists may not break the law, they could amount to irresponsible censorship, said Cindy Cohn, legal director for the Electronic Frontier Foundation. Cohn warned of "private entities and anonymous entities deciding which of your mail gets through and which doesn't get through." She added that hobbyists and nonprofit groups operating mailing lists have encountered an increasing number of problems.

"EFF has received complaints from noncommercial listserv owners that they have ongoing problems getting their solicited messages through," Cohn said, adding that EFF had begun to draft a list of "best practices" for blacklist operators to follow.

While blacklists can be effective in reducing spam, critics say they can be applied in a secretive and unaccountable way. In response to a question from the FTC, Spamhaus' Alan Murphy refused to say which ISPs were using the organization's blacklist and, citing current litigation, would not reveal what procedure is used to add addresses to it.

One panelist suggested that blacklists could run afoul of the law by interfering with business relationships. Another panelist, Michael Grow of the Arent Fox law firm, disagreed. "If you conduct a reasonable investigation and form an opinion that someone is the source of spam or a particular Internet Protocol address is being used (for spamming), there's a First Amendment right that attaches to that."