Of all people out there, I’m a quite vocal opponent of spamming – that is, unsolicited emails usually advertising some product or other. I know this problem won’t go away anytime soon. Indeed, almost every day I spend 30 minutes to an hour cleaning out literally thousands of spam messages from dozens of inboxes, so obviously I don’t consider this fun.

Recently a small non-profit association I’ve helped out in the past contacted me with an interesting problem – they were unable to send messages to Cogeco users. A bit of research revealed that their SMTP server was on an IP address blocked by SORBS, a DNS blacklist service that a number of ISPs apparently use when determining what messages may or may not be spam.

Further research revealed that this non-profit was using a shared server from a US-based hosting service. The IP address in question supported at least a few dozen different sites owened by different people – standard shared hosting fare. Okay, nothing unusual, so I started looking into getting the IP address removed, since the non-profit was not a spammer and this was hampering their ability to contact members of their association.

Imagine my surprise when I discover this delisting process:

” The effected IPs (the ones used to send the spam) will only be delisted when US$50 is donated to a SORBS nominated charity or good cause. The charities and good causes SORBS approves will not have any connection with any member of the SORBS administrators either past or present. ”

Now, this immediately disturbed me, so I did a google search for the definition of ‘extortion’ and came up with this. “Extortion is a criminal offense, which occurs when a person obtains money, behaviour, or other goods and/or services from another by wrongfully threatening or inflicting harm to his person, reputation, or property. Euphemistically, refraining from doing harm is sometimes called “protection”.”

Now, some people online have argued that it isn’t exactly extortion because SORBS isn’t actually blocking your emails; rather, it’s the particular ISPs that decide to use SORBS as a guideline for mail-blocking.

This, to me, is bullshit. If extortion does include the reputation element, then SORBS is definitely damaging your reputation by implying you are a spammer, and then requiring you to pay money in order to remove the spot on your reputation. The fact that SORBS doesn’t get the money is irrelevant. This is a bit like the mob not trashing your business so long as you support a political party they approve of, or some other thing. What if for whatever reason you disagree with the SORBS-handpicked charities?

In addition, this particular blacklist service is totally unfair to small organizations and individuals who can’t afford dedicated servers of their own. Most teenagers, and probably a lot of adults, run websites totally out of a sense of community, and if they’re unable to use some of the resources of their website such as the SMTP server because of some asshole spammer using shared space, it’s hardly their fault. The same applies to the masses of computer-illiterates who get backdoored and zombified for the purposes of spam – sure, they’re hard on the community at large, but the problem isn’t the computer user, it’s the spammer. $50 may not be a lot of money to a big corporation but for a minimum-wage working person, that’s a quarter of a week’s wages.

To sorta sum up, I think SORBS took a good idea and a motive of protecting the community, and ran WAY too far with it. I’m sure the charities listed by SORBS are quite happy, but I doubt anyone else is. By basically extorting money in exchange for reputation, SORBS is revealing itself to be the selfish bully of the anti-spam battle, hurting anyone who happens to get in the way in its zeal to be seen as a leader in anti-spam technology and DNSBLs. To those fighting the spam battle on the ISP and hosting ends, I say fuck SORBS and use something a little more fair to the small guys caught in the crossfire.