This is a scam attempting to extort money from people. The blocklist has no way to actually remove IPs from the parent zones and I’m pretty sure they won’t even remove IPs from their own zones. In this case, the blocklist is clearly a scam, but there are other lists that are actually used by some mailservers that do charge for removal.

No legitimate blocklist will ever expect a listee to pay for delisting. Ever.

I feel very strongly about this. In fact, one of the major blocklists is run off a domain owned by Word to the Wise. Occasionally, I get contacted by folks looking for help with a listing on that list and I will not take them on as a client. I will provide general advice and make sure that they are correctly contacting the blocklist but nothing more.

This is, to my mind, the only ethical thing to do. I don’t even want a hint of impropriety surrounding either myself or the blocklist. Charging money for delisting only feeds the conspiracy theories.

Charging listees for removal (or listing listees so those charges can be a revenue source) is likely to lead to poor quality data and a blocklist that’s not terribly accurate nor effective. Furthermore, if a list operator is unethical or confrontational in their interactions with listees, they’re probably equally unprofessional in their interactions with potential list users. This results in few recipient domains actually using the list to block mail. Lists that charge are not widely used and being listed on them often does not affect email delivery in any appreciable manner.

Personally, I describe spam as unsolicited bulk email. If I didn’t ask for it and it looks like bulk mail then I consider it spam. In many cases the spammers have multiple email addresses of mine so I can demonstrate the mail was sent in bulk.

In my consulting and working with clients, though, I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term as much as humanly possible. An example of some of the few definitions of spam I’ve seen used over the years.

• unsolicited bulk email
• unsolicited commercial email
• mail I don’t want
• mail I don’t think my customers want
• mail that is identical/similar to mail that hit my spamtrap
• mail that was sent to a non-existent address at my domain
• mail that contains HTML
• unsolicited email
• mail that advertises Viagra or porn sites or similar
• mail that other people send

With my clients we talk about how the client’s mail is perceived by the various groups and why their mail might be blocked or filtered. For those cases, it’s useful to look at the definitions used by organizations doing the blocking.

Spamhaus and some other blocking lists use “unsolicited bulk email” as their definition. Many of the listings rely on mail to spamtraps. IPs sending mail to addresses not given to anyone, are sending unsolicited and presumably bulk mail. Thus that IP gets listed. They also have other lists that monitor snowshoe behaviour as well as listing domains. Spamhaus, and other blocklists believe that if a mailer is sending one piece of email to a user who did not request it, then they are likely mailing many other users who did not request any mail. This definition centers around permission, and any mail without permission is considered spam.

Many of the large ISPs use “mail our users complain about” as their definition. With this definition, they do not have to argue permission status with a sender. The data shows that their customers complain about mail from that sender or with that URL. The ISPs are going to block, or deliver to the bulk folder, email that their users do not want.

Filters and some blocking lists use “mail that has characteristics of mail we know is unsolicited bulk mail” as their definition. These characteristics can be things like an invalid HELO string, or lack of reverse DNS on the connecting IP address, or badly formatted HTML. Mail that looks like spam, in the technical sense, is often treated like spam.

Spam is a term that means different things to almost everyone. However, to answer your request, Trent: when I mention spam here on the blog without an accompanying explanation of the term, I’m talking about unsolicited bulk email.

This post is an updated version of  What really is spam, anyway?. I also talk about the definition of spam in Defining Spam

This case is exceedingly interesting and important because it destroys the arguments of anti-spam plaintiffs trying to manufacture technical violations of CAN-SPAM for their profit. Not only does the opinion send an unmistakable message to the lower courts to toss these plaintiffs out on their keister, but it sends the harsh message that these plaintiffs ought to rethink their legal hubris. As the court says, “As should be apparent here, ‘the law’ that Gordon purportedly enforces relates more to his subjective view of what the law ought to be, and differs substantially from the law itself.” Ouch. The court has apparently just invalidated the fantastic laws that some anti-spam plaintiffs dream up in their heads.

This case is also important because it puts state anti-spam laws even more clearly on the ropes. It has been an impressive but pathetic display of futility watching the states trip over themselves trying to show that they are tough on spam when their efforts are all irrelevant in light of the Fourth Circuit’s and now Ninth Circuit’s interpretations of CAN-SPAM. Fortunately (?), most of the states have moved on to being tough on cyberbullying instead of beating up on spammers.

Ken Magill also wrote about the case this week. What was interesting in that article is how Virtumundo attempted to work with Gordon to stop him from being thoroughly trounced in the appeal.

Virtumundo offered to stop trying to collect on the decision if Gordon would withdraw his appeal, but Gordon refused, according to Newman.

When Virtumundo’s collections lawyer showed up at Gordon’s house with a moving van and a sheriff, Virtumundo again offered to stop its pursuit of Gordon’s assets if he would drop his appeal, and he refused again, according to Newman.

Virtumundo’s collections agency then cleared out Gordon’s house, according to Newman.

He added that after seizing the contents of Gordon’s home, Virtumundo offered to return Gordon’s belongings if he would drop his appeal and again, Gordon refused.

I’ve talked with a number of anti-spammer litigants in the past, usually as they try to convince me to testify on their behalf. The problem is, the companies that they are suing really aren’t the problem. Sure, they have some sloppy address acquisition processes and they send mail that recipients didn’t ask for. However, those senders are rarely violating CAN SPAM as I understand the law. Even the companies when the companies are technically in violation of CAN SPAM it tends to be something minor and accidental.

The appeal’s court ruling in Gordon reinforces the findings in Mummagraphics, that statutory damages are not a given unless the plaintiff can demonstrate actual harm. What will be interesting to me is to see what happens when a large ISP goes after a company actually violating CAN SPAM. Is this case law sufficient to deny the ISP statutory damages, or are the courts drawing a line between the guy in the garage hosting mail for a few hundred customers and a larger business entity hosting millions of mailboxes.

This is another solid blow against anti-spammers suing spammers under state laws and CAN SPAM. The problem is that many of the cases are brought by people, and lawyers, who fail to understand that just because they don’t like something doesn’t make it illegal. Spammers do a lot of bad things, but the ones you can track enough to sue are generally not breaking the law. Sadly, cases like Gordon and Mummagraphics makes it harder for ISPs to sue spammers that are actively harming the ISP and the customers.

I do want to comment on one of the comment’s however. This comment makes the assertion that “double opt-in was a term designed by spammers to make confirmed opt-in look too troublesome and problematic to use.”  This is a bit of lore that is deeply, deeply established in the minds of many anti-spammers. There is a core group of activists that are completely convinced that anyone who ever uses the term double opt-in to refer to a confirmation practice is not only a spammer, but a lying scammer. They cannot imagine a world where someone might use this term while actually supporting the practice.

The problem with this belief is that it’s not true. Double opt-in was mostly used by PostmasterDirect (now part of ReturnPath) as a way to market their email addresses. PostmasterDirect actually patented a process for confirming addresses and used double opt-in as a way to distinguish themselves in the market place. It wasn’t that double opt-in was twice as hard as opt-in, it’s that their email address lists were twice as good as those other lists that you might be thinking of buying.

So, no, double opt-in is not spammer speak. It is, in fact, often the speech of a sender who is attempting to do the right thing. The fact that the sender does not know a made up history of a term does not turn them into a lying spammer. Asserting that it does says a lot more about the person making the assertion.

To better explain the vitriol, a little history of the two terms might help.

My personal recollection and experience is that the term “confirmed opt-in” was coined by posters in the newsgroup news.admin.net-abuse.email around 1997 or 1998. There was some discussion about marketers / spammers (a lot of the posters did not distinguish between the two) trying to use the term “double opt-in” instead of “confirmed opt-in.” Many posters believed (and many still do) that this was a deliberate attempt by marketers to make the process seem overly burdensome and unworkable.

During the 2003 FTC spam hearings, Rebecca Lieb shared formal definitions for 5 different subscription types including “Confirmed opt-in” and “double opt-in”. These definitions are still up on ClickZ.

Confirmed Opt-In
[...]confirmed opt-in lists confirm, by email, your subscription as soon as your name has been added to the list. They allow you to unsubscribe immediately by replying or clicking on a link within the email. [...]
Double Opt-In
A double opt-in list means not only must the user take an action to add himself to a list, but he then receives a confirmation of his subscription. He must reply to be added to the list. [...]

What we have here are two terms describing the same process and two different processes being described by the same term. Not only that, but the term describing two processes is also one of the terms terms used to describe the single process. I am confused just trying to describe the situation.

Adding drama to the confusion, there are some people who believe very strongly that marketers specifically published different definitions of confirmed opt-in to confuse discussions with anti-spammers. Whether or not this was a deliberate decision by marketers, the reality is that it has set the stage for years and years of confusion, obfuscation and controversy.

This is something I deal with on a regular basis. In order to make things clear with clients, ISPs and blocklists I cannot just use a term and be sure we all agree on what that term means. Instead, I have to define terms at the beginning of the conversation and make sure that everyone involved is using the same terminology.

So what happened on the URIBL list? Al answers that question at SpamResource.

Some random guy, nobody I know, he posted a request for help. He said, more or less: “Hey, blacklist XYZ has listed my double opt-in server. What should I do?”

Approximately 13 seconds after posting, he was verbally attacked in response. He was accused of being a spammer, and ridiculed, for daring to use such a term as “double opt-in.”

[...] a discussion forum made up of supposed thought leaders, people who actively work to stop spam, accused the guy of being a spammer. They didn’t accuse him of being a spammer because he sends spam — but instead, they called him a spammer because he used a term that they do not like.

There are anti-spam groups and people running blocklists who still treat the term “double opt-in” as a sort of reverse-shibboleth. People who use the term double opt-in, are not a member of the anti-spam community, and are unwelcome and shunned. Even those of us who have been around for many, many years are treated as outsiders and spammers if we accidentally use the wrong terminology in front of anti-spammers.

There is no solution I can see. The confusing terminology has been around long enough that there is no way to clarify things. Inventing new terminology is only going to increase confusion. Expecting either marketers or anti-spammers to abandon “their” terminology is patently ridiculous. The best those of us trying to deal with both groups can do is to be bilingual.