« Haggard | Main | Stupid US Airlines... »

Are DNS-RBLs Illegal?

There was a discussion on the DJBDNS mailing list recently (very short, because of the characters involved) about email and DNS-based blacklists. The discussion is here.

The basics of it go like this: DNS-based blocklists (DNSBL’s or DNS-RBLs) are publicly available lists of “known-bad” IP addresses. How this generally works is somebody (SpamCop or MAPS, for example) will use some method (frequently known only to them) to determine whether or not a given IP address is a spammer or not, and will then publish that information. Other people (for example, Notre Dame) use that information to make decisions about whether or not to accept or reject mail from those IP addresses. There are a zillion of these lists, and many people use them as a short-cut (looking up the IP address in one of these lists is much easier than doing fancy content-analysis like we do on memoryhole.net), particularly when they’ve got a high volume of email.

The claim, that I don’t believe, is that these things are essentially illegal. The reason people say these black lists are illegal is because they do not discriminate between non-spam and spam, but merely everything from a given host. The justification is usually Exactis v. MAPS, where a spammer (Exactis) sued the MAPS blacklist for listing them, claiming that, among other things, MAPS was abusing monopoly power and violating America’s anti-monopoly laws. What happened was that Exactis got a preliminary injunction (i.e. MAPS had to take them out of the blacklist), and then MAPS settled out of court.

To get more information, I asked my brother, who is a lawyer (passed the bar exam, currently gets paid for his legal services, etc.) to take a look and tell me what he thought.

The first thing he points out is how to think about this preliminary injunction business. He says:

Just FYI, a temporary restraining order and a preliminary injunction are essentially the same, but with important differences. A TRO is completely ex parte, and the other side gets no say in the matter, and is only granted when the harm is so immediate that the time it takes to get the other side to appear in court will damage the person requesting the TRO, and you also have to list and certify the efforts you’ve taken to inform the other side and to try to secure their appearance in court. A TRO expires in ten days, if not sooner. A preliminary injunction lasts through the final decision of the court as to the merits of the case.

So why was the preliminary injunction granted in this case? Well, the standard that the Tenth Circuit Court uses to decide whether to grant a preliminary injunction is defined as follows:

In the Tenth Circuit, preliminary relief is warranted upon a showing (i) that Plaintiff faces irreparable harm, (ii) that the prospective harm to Plaintiff outweighs any damage Defendants might sustain without an injunction, (iii) that injunctive relief is not adverse to the public interest, and (iv) that the case presents serious, substantial, and difficult questions as to the merits, as to make the issues ripe for litigation and deserving of more deliberate investigation. Walmer v. U.S. Dept. of Defense, 52 F.3d 851, 854 (10th Cir. 1995).

In other words, a preliminary injunction:

is not a decision on the merits or even that the merits are to be considered. Rather, the standard is a balancing of the risks. In this case, the balancing was easy, given the low individual harm cause by spam, and the high alleged damage to Exactis. Thus, comparing negligible (if any) harm to MAPS (since their business is built more on reputation than individual screenings) and high potential harm to Exactis, the granting of the preliminary injunction was fairly routine.

Indeed, for an example of a nearly identical situation where the preliminary injuction was DENIED, look no further than Media3 v. MAPS.

That doesn’t mean that the denial (Media3) or the imposition (Exactis) is in any way a judgment on the merits of the case. You don’t even have to show that you have a “valid legal argument”, as Dean Anderson claims. Instead, you have to have a “non-frivolous” legal argument. However, according to my brother:

The standard for frivolity is so low that only a limited group of arguments qualify (the only one I know of being an argument against paying the income tax). Attorneys are supposed to advance any claim where they can make “a good faith argument for an extension, modification, or reversal of existing law”. (That comes from the American Bar Association’s Model Rules of Professional Conduct, Rule 3.1)

More importantly, for that very reason, the very idea of citing a temporary restraining order or preliminary injunction in other legal action is ludicrous. In most jurisdictions, the only things you can cite are “published” final decisions—that is, in the Exactis case, since it was settled out of court, there was no final decision (also, municipal court decisions are not citable, because they tend to be extremely specific to the facts of the case), thus it cannot be cited. You can cite an injunction later on in the same court proceeding, but not in a different court proceeding. So, not only can you NOT cite the Exactis injunction, but it’s, quite specifically, not even a judgment on the merits of the case.

My brother puts it slightly better:

There are two different things involved in a case: facts and law. An injunction is based on the ALLEGED facts (so they may not even be the “real” facts), and a weighing of the alleged harms. The injunction reserves the decision as to the LAW in the case for later, and is intended to preserve the status quo through trial until the law can be decided. So it’s pretty pointless to say to a court that a fact-based injunction issued in a different case has any bearing on the issues of law in a different case. There’s just no relevance there.

But, well, that’s a very thorough explanation of why the Exactis v. MAPS case is, essentially, irrelevant, we’re still left with the question of whether the MAPS-style blacklists are legal or not. Well, there’s still the question of why MAPS settled the case, but that’s kinda beside the point. It could be that they knew it wouldn’t be worth the lawyer fees, or just didn’t want to fight it out. It could be that they flipped a coin. Who knows? Only MAPS, and maybe their lawyer.

Indeed, antitrust cases are almost never decided against the company in question.

So what about the legality of spam blacklists? Well… there’s not a whole lot of definitive law on the matter. But, for example, check out MAPS v. BlackIce. Now, note that this decision is totally un-cite-able. It’s unpublished, and it’s the California court interpreting a Federal statute (considered a “non-controlling” decision), BUT, unlike the Exactis case, it is actually a decision. And what does it say? From page 6, section B:

Mail Abuse argues the Communications Decency Act provides a complete defense to this action… . Mail Abuse is asserting §230( c )(2) as a defense. Under §230( c ):

“(1) No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. (2) No provider or user of an interactive computer service shall be held liable on account of: (A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or (B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

Sounds pretty good for MAPS, eh? Next:

The next inquiry, then, is whether spam is “harassing” or “otherwise objectionable” material under §230( c )(2)(A). This is an undecided question of law. One federal court, in dicta, noted blockage of unsolicited bulk e-mail was “encouraged” by §230( c )(2). (America Online v. Greatdeals.net (S.D.W.Va 1999) 49 F.Supp.2d 851, 855, 864 (dismissing tortious interference with contractual relations and prospective economic advantage claims) (implying unsolicited bulk e-mail is “harassing” or “otherwise objectionable”).)

Whether spam is “harassing” or “otherwise objectionable” is likely an issue that will be resolved in the federal courts. But given the state of law before the court, the Greatdeals.net court’s conclusion that §230 encourages the blocking of unsolicited bulk e-mail seems correct.

Okay, but that’s been established already, right? I mean, we pretty much accept that blocking spam is legal; what about the collateral damage?

Black Ice contends its e-mails were solicited, and therefore not spam. It argues this factual dispute (i.e., whether its e-mails were solicited or unsolicited) cannot be resolved at the demurrer stage. Black Ice fails to read the entire section. Section 230( c )(2)(A) provides immunity for any good faith effort to block content. Any good faith but unintentional blockage of non-spam is therefore also afforded immunity.

(emphasis mine) Aha! This, I think, is a pretty convincing argument that DNS-RBLs are legal. They are (or can be) part of a good faith effort to block spam. The case goes on to go into the details of this particular block, and eventually rules that MAPS was not acting in good faith because of some details of what went on, but the general idea is still valid, and paves the way for black lists (provided that they act in “good faith”).


TrackBack URL for this entry:

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


This page contains a single entry from the blog posted on November 19, 2006 8:26 PM.

The previous post in this blog was Haggard.

The next post in this blog is Stupid US Airlines....

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34