Where did the Squid List go? And what about all the other subculture e-mail lists hosted on the Laughing Squid servers, such as the one for Burning Man barflies and the one for fans of exploitation movies? Scott Beale, owner of San Francisco Web-hosting company Laughing Squid and "primary tentacle" of underground event bulletin Squid List, started hearing those questions from users who weren't getting their daily doses of Squid. "At first I thought it was nothing - just a few e-mails that didn't get through," he said.
But as days went by, he realized that the only people who weren't receiving e-mail from Laughing Squid were Earthlink customers. According to Beale, his attempts to contact Earthlink to find out what was wrong were met only with an automatically generated e-mail; it explained that he was running an "open relay" for spammers on his mail server. He discovered that Earthlink had placed his mail server on a "blocklist," meaning that no one with an Earthlink account could receive any mail from Laughing Squid. Beale's business had been damaged - and his subscribers stranded - without any advance notice from Earthlink or suggestions for ways to fix the problem.
Beale had heard of spam blocklists and blackholes before. Independent antispam groups like Spamcop and Abuse.net (and the less-reputable SPEWS) are known for blocklisting first and asking questions later. E-mails from such diverse sources as the San Francisco Art Institute and digital wonk journalist Declan McCullagh have been blocked and unblocked with seeming capriciousness. But would Earthlink, a huge national ISP, really use the same tactics as SPEWS?
Earthlink spokesperson Carla Shaw said Beale's experience is "industry standard" treatment in cases where Earthlink's automated spam tests determine that somebody might be running an open relay. Unlike traditional spam, which is basically junk mail, open-relay spam is junk mail the spammer routes through an open-relay server to mask his or her address. "The problem is that many people don't know that they have an open relay," Shaw explained. This was the case with Beale, whose open relay was very hard to detect and apparently was the result of a bug in the setup of his server software - the danger was that spam-loving hackers might exploit the bug. But if a seasoned sysadmin like Beale doesn't know he's running an open relay, is it fair to blocklist him without informing him first?
Shaw said Earthlink's policy is to "protect the users" from spam, and therefore it must act fast when it finds an open relay. Beale said he didn't receive any e-mail from Earthlink about his situation until he made inquiries. And after Beale spent two weeks going back and forth with the ISP and fiddling with his server configurations, Earthlink suddenly decided to unblock Laughing Squid. He still isn't sure why, although Larry Fine, a representative from Earthlink's abuse department, said subsequent tests on Laughing Squid's mail server show that the open relay has been closed. Fine added that Earthlink rarely contacts the people who have been blocked because of the huge numbers of servers it blocks and unblocks every day. "There just isn't time to do it," he said.
This whole incident might be seen simply as an example of a customer-relations blooper, but it raises disturbing questions about the tenuous nature of free speech on the Internet. In an environment where Earthlink and other industry giants like AOL rule the ISP market, more and more people are getting their e-mail through companies whose blocking policies are vague at best and draconian at worst. There is no way for me, as an Earthlink customer (yep, my teeny ISP was sucked up by the big E), to opt out of its open-relay blocking. In most cases that's fine: I don't want to get open-relay spam. But what about the cases like Beale's, in which mail that I want is suddenly blocked and I have no recourse? I call that a free speech issue.
Even if you aren't its customer, Earthlink can effectively remove your site and mailing lists from widespread circulation on the Net without warning. Sure, I could switch ISPs. But Beale, whose Laughing Squid servers have nothing to do with Earthlink, doesn't have that option. His business will be hurt because of the (lack of) consumer choices his customers face when they buy e-mail service. Electronic Frontier Foundation attorney Cindy Cohn said this isn't a First Amendment issue, since Earthlink is a private company and is free to do what it wants. But, she added, "Obviously this is cold comfort in these kinds of cases, and increasingly worrisome when there are fewer and fewer ISPs to choose from and all of them have contractual provisions that allow them to cut you off for any reason or no reason at all."
And let's not forget another crucial issue: how was it, exactly, that Earthlink figured out Beale was running what it claimed was an open relay? By hacking into his servers (erm, I mean "auditing") and attempting to relay mail through them. This means that every time Earthlink gets a spam complaint, it's hacking the servers where the spam came from to see if those servers might be open relays. Earthlink and other large ISPs could be sneaking into your servers right now. Don't worry. They probably haven't blocklisted you yet. Of course, if they had, they wouldn't tell you about it.
Annalee Newitz (firstname.lastname@example.org) is a surly media nerd who personally knows several cool people who work at Earthlink (hi guys!). Her column also appears in Metro, Silicon Valley's weekly newspaper.