["Followup-To:" header set to news.admin.net-abuse.email.]
On 21 Dec 2006 00:34:14 GMT, Charles Sweeney <EMAIL REMOVED>
defied the laws of time and space to say:

>> Your ambition to get rich quick by operating an Internet Retail Store
>> in your home office but without paying for the education or third
> party
>> expertise to avoid being a spammer does not entitle you to
> consideration
>> from the victims of your spam. Failure to exercise due diligence is
>> not an affirmative defense.
>
> There is only ONE guilty party, and that is the spammer. I would
> imagine that spammers would be delighted that you are not giving them
> your full attention and are blaming others for their spam.

Typically if a person or business has enabled abuse or criminal activity
due to negligence, they are held liable in addition to the abuser or
criminal that has used their unsecure resources.

The people receiving the spam do not care who the guilty party is. They
only want the spam to stop. If blocking the insecure web server stops the
spam, that's what they'll be asking their ISP to do. I would imagine that
spammers would be delighted that these insecure web forms allow them to
spam more freely than ever before.

As long as spam has been around now, there really is no excuse for having
anything send e-mail without some sanity checks to prevent abuse. On
discovering that one's server has been used for spamming, the proper
response is not "Oh, I didn't realize it was insecure, so I should not be
blamed." The proper response is, "This issue will be corrected
immediately and I will make every effort to ensure it is not repeated."

-Bertha
--
Zoe: Too much foofaraw. If I'm going to wear a dress, I'd want something
with some slink.
Wash: You want a slinky dress? I can buy you a slinky dress. Captain,
can I have money for a slinky dress?
Jayne: I'll chip in.
Zoe: (to Jayne) I can hurt you.

In article <Xns98A0511B715mecharlessweeneycom@130.133.1.4>,
Charles Sweeney <EMAIL REMOVED> wrote:

>> Those who send unsolicited bulk email are spammers.
>> Whether the sender writes it or a third party who is also a spammer
>> originates it is irrelent.
>
>I see. If someone makes a nuisance phone call, the telephone company is
>also making a nuisance phone call. I'm getting it now. If someone
>sends objectionable material through the post, the mail company is
>equally guilty. New to the real world?

A phone company in the U.S. is immunized only having given up a
bunch of of rights and privileges and become a state sanction
monopoly of a common carrier.

The legal liabilities of cl***ic publishers seem relevant. Newspaper
publishers cannot escape peril by claiming to have only repeated
a false and defaming statement.

To get closer to cases, ISPs that don't deal with their script kiddies
are held accountable by other ISPs if not often by the courts.

ISPs have been held accountable for spam, albeit not often or strongly
enough. For example, while the NANAE Liturgy overstates the effect of
AGIS's spam in that outfit's demise, the effects were real and significant.
http://www.google.com/search?q=agis.net
http://www.google.com/search?q=agis.net+bankrupt

Then there was the UDP against UUNET. That involved netnews spam instead
of email spam, but the precendent is relevant. See
http://www.google.com/search?q=udp+uunet



> New to the real world?

I wasn't around for the Communications Act of 193, which I suspect
laid the foundations for telco immunity in the U.S., but judging
from his picture at http://charlessweeney.com/ I'm closer to being
that old than Charles Sweeney.


I can't help wondering about this first thing mentioned on his
http://charlessweeney.com/

Form To Email contact or feedback PHP script
FormToEmail.com - The world's easiest PHP form to email script.

Charles Sweeney's outrage at the notion of holding his customers
accountable for their operation of evil form-to-email scripts is
interesting. Could he share significant responsible for the harm done
with stupid, idiotic, incompetent form-to-email PHP scripts in recent
years? The authors of the easiest such scripts should not be allowed
near a keyboard (or voice recognition system) for rest of their lives.



>> When the spam is relayed, it is irrelevant
>> whether the relaying spammer is paid in money or the satisfaction that
>> comes from donating bandwidth, CPU cycles, etc. to the good of
>> Internet Commerce and the SuperHypeWay.
>
>So you believe in shooting messengers?

When they're spammers, of course I do! I would not kill them, but I
would shoot off their fingers, probably at the wrists.

>> Your ambition to get rich quick by operating an Internet Retail Store
>> in your home office but without paying for the education or third
>> party expertise to avoid being a spammer does not entitle you to
>> consideration from the victims of your spam. Failure to exercise due
>> diligence is not an affirmative defense.
>
>???????????????

Mr. Sweeney's bemuzement rings hollow. Even if the thing at
http://formtoemail.com/
is what it does not explicitly claim to be (as far as I can tell),
safe from relaying spam,
there can be no doubt that his involvement with that product has introduced
him to eough of them to recognize the breathless enthusiasm of those
who are About To Get Rich On The SuperHypeWay.


Vernon Schryver EMAIL REMOVED

In article <Xns98A05D6F8E7Bmecharlessweeneycom@130.133.1.4> ,
Charles Sweeney <EMAIL REMOVED> wrote:


>There is only ONE guilty party, and that is the spammer. I would
>imagine that spammers would be delighted that you are not giving them
>your full attention and are blaming others for their spam.

If you must pick only one guilty party for a spew of spam, then it is
the owner of the SMTP client that sends the spam to SMTP servers. There
are insurmountable technical reasons why even the existence of any other
party depends on believing the claims of that nearest responsible party.
Those technical reasons are part of why dealing with spam is not as
easy as it sounds.

Those reasons are fairely obvious. If you send me a paper envelope
containing an objectionable message, I can and should hold you responsible
even if your claim to have merely copied the message to a new format
and put it in a new envelope for forwarding is true. That analogy is
close to what happens with web form spam.

But of course anyone who competent to have written the world's easiest
PHP form to email script with having simultaneously built and distributed
some particularly evil spamware surely knows that. Charles Sweeney's
outrage at the notion of holding his customers accountable for their
operation of bad form-to-email scripts is intriguing. See the first
link on this page to see why
http://charlessweeney.com/


Vernon Schryver EMAIL REMOVED

Fleeing from the madness of the Rhyolite Software jungle
Vernon Schryver <EMAIL REMOVED> stumbled into
news:news.admin.net-abuse.email,alt.www.webmaster,alt.spam
and said:

> In article <Xns98A05D6F8E7Bmecharlessweeneycom@130.133.1.4> ,
> Charles Sweeney <EMAIL REMOVED> wrote:
>
>
>> There is only ONE guilty party, and that is the spammer. I would
>> imagine that spammers would be delighted that you are not giving them
>> your full attention and are blaming others for their spam.
>
> If you must pick only one guilty party for a spew of spam, then it is
> the owner of the SMTP client that sends the spam to SMTP servers. There
> are insurmountable technical reasons why even the existence of any other
> party depends on believing the claims of that nearest responsible party.
> Those technical reasons are part of why dealing with spam is not as
> easy as it sounds.

dealing with spam? that bit is trivial.

preventing spam is the tricky part. For my part I like to keep things
simple (I have not the resources to be an avenging angel) so the ip that
connects to servers in my control is the ip that gets blocked.

>
> But of course anyone who competent to have written the world's easiest
> PHP form to email script ...

Frankly, I thought the case was well made until the personal attacks came
in.

Oh well.

--
William T***o

http://williamt***o.com/words/what-is-usenet.asp

Carved in mystic runes upon the very living rock, the last words of E-
Mail Sent to this address will be added to the BlackLists of
alt.www.webmaster make plain:

> Charles Sweeney wrote:
>> Vernon Schryver wrote
>>> People operating open PHP relays, trojan proxies,
>>> or any other spamware are not innocent.
>>
>> Many are. (Looks like I might need that definition.)
>
> Incompetent, negligent?

If a mechanic does a crap job on your brakes, and they fail without
warning and you hit someone, are you negligent? No. Not everyone who
drives a car is a mechanic, and not everyone who uses the web is a geek.
In either case, you're trusting the expertise of someone who's supposed
to know.

--
Alan Little
Phorm PHP Form Processor
http://www.phorm.com/

Charles Sweeney wrote:

>
> There is only ONE guilty party, and that is the spammer. I would
> imagine that spammers would be delighted that you are not giving them
> your full attention and are blaming others for their spam.
>

No, there is NOT just one guilty party. The fact that an evil spammer is
exploiting security holes in badly programmed scripts does NOT excuse
the negligence of the server operator and the programmer of the crappy
script.

Here is an analogy:
If someone owns a gun collection, and they keep it somewhere without
locking it up, and one or all of the guns are stolen and used to commit
a crime, you can bet your butt that in most jurisdictions the local DA
would be quite interested in indicting the owner of said gun collection
with criminal negligence, or possibly even as an accomplice to whatever
crime was comitted using his guns...

And make no mistake - any host capable of relaying mail *IS* a loaded
gun. Failing to secure it *IS* criminal negligence. this doesn't excuse
the spammers who hijack it, of course, but ignoring the problem of
insecure mailer scripts is a crime in and of itself.

Charles Sweeney wrote:

>
> Correct but your analogy fails. The punch drinker knows there is some
> alcohol in the punch. The innocent form user does not know that the
> form can be used by spammers. "innocent" being the key word here. I
> don't have to define it, do I?


Ignorant != innocent.

Lets change the analogy and say the punch drinker somehow had no idea
there was anthing in the punch. (for sake of argument, say it was spiked
with something other than alcohol - something with no taste) Said driver
would STILL be guilty of driving under the influence.

>

Vernon Schryver wrote

> Form To Email contact or feedback PHP script
> FormToEmail.com - The world's easiest PHP form to email script.
>
> Charles Sweeney's outrage at the notion of holding his customers
> accountable for their operation of evil form-to-email scripts is
> interesting. Could he share significant responsible for the harm done
> with stupid, idiotic, incompetent form-to-email PHP scripts in recent
> years? The authors of the easiest such scripts should not be allowed
> near a keyboard (or voice recognition system) for rest of their lives.

Still on the Sherry, I see.

No, the script cannot be hijacked by spammers.

--
Charles Sweeney
http://CharlesSweeney.com

Add Homonym wrote

> Charles Sweeney wrote:
>
>>
>> Correct but your analogy fails. The punch drinker knows there is
some
>> alcohol in the punch. The innocent form user does not know that the
>> form can be used by spammers. "innocent" being the key word here. I
>> don't have to define it, do I?
>
>
> Ignorant != innocent.

Indeed, and innocent != ignorant.

> Lets change the analogy and say the punch drinker somehow had no idea
> there was anthing in the punch. (for sake of argument, say it was
spiked
> with something other than alcohol - something with no taste) Said
driver
> would STILL be guilty of driving under the influence.

Yes, but did he/she know it was punch of some sort?

--
Charles Sweeney
http://CharlesSweeney.com

Vernon Schryver wrote

> If you must pick only one guilty party for a spew of spam, then it is
> the owner of the SMTP client that sends the spam to SMTP servers.

No it's not, it's the spammer. The spammer who will be relaxing in the
knowledge that you don't hold him solely responsible for his spam.

> But of course anyone who competent to have written the world's easiest
> PHP form to email script with having simultaneously built and
> distributed some particularly evil spamware surely knows that.
> Charles Sweeney's outrage at the notion of holding his customers
> accountable for their operation of bad form-to-email scripts is
> intriguing. See the first link on this page to see why
> http://charlessweeney.com/

Oh dear, oh dear...it's libel now.

--
Charles Sweeney
http://CharlesSweeney.com