An overview of cryptographic protocols to prevent spam

Perry E. Metzger perry at
Mon Sep 26 10:10:22 EDT 2005

John Gilmore <gnu at> writes:
> It was hard to get from paragraph to paragraph without finding
> approving mentions of blacklists.  I am a victim of many such
> blacklists.  May Amir never appear on one, or his unthinking
> acceptance of blacklisting might change.

I'm afraid that I use blacklists. My servers get about 30,000 spams
and virii directed at me (that is me, Perry Metzger, personally) every
night that are blocked by blacklists. I would be unable to write you
this email if I didn't use blacklists, because I'd have no working
email at all. (To be fair, the onslaught has diminished recently --
I'm now down to perhaps 20k a night. There is no functional

I've also been blacklisted myself, and I've had to deal with

I understand your position, but you should understand that for many of
us spam, virus spew, etc. is not merely an annoyance but has the
ability to literally make it impossible to use email. Using a
combination of blacklists and other mechanisms, I get the spam levels
down to the point where they are merely an annoyance, but without them
I'd be incapable of receiving email any longer.

An analogy I like to use here is that while your neighbor using a
flashlight in the night might be an "annoyance", and turning on
floodlights in the night might be a "substantial annoyance", bathing
your house in hundreds of megawatts of light day and night goes beyond
mere "annoyance" and eliminates your ability to enjoy the use of your

A few unwanted emails are a mere annoyance, but at the levels I've
reached, they go beyond annoyance. As much as I dislike blacklists
etc., I couldn't operate without them so I use them.

I wish I lived in a world where you couldn't just go out and lease the
use of 8000 zombie machines on the internet pre-broken into by
Ukrainian gangsters for your spamming pleasure, where people couldn't
send me phishing emails without being caught and punished for fraud,
etc. -- in short where folks who do things that even libertarians
dislike were punished. However, we don't live in an ideal world -- we
live in a world where a government monopoly runs law enforcement and
that law enforcement is nigh well worthless. I can't just buy the
other government's law enforcement since there is none, so I do what I
can on my own to make my machines livable.

In a better world maybe we won't need firewalls, policies where cable
modem users have port 25 blocked unless they ask for it to be
unblocked, spam blacklists, vast amounts of personnel time and money
spent at large organizations worrying about spam, security, etc., but
that better world isn't coming any time soon.

> His analysis made me think of clinical reviews of experiments done
> on human subjects in prison camps -- careful to focus on the facts
> while ignoring the obvious moral problems.
> Interspersed were discussions of various kinds of port blocking.  The
> Internet is too good for people who'd censor other peoples'
> communications, whether by port number (application) or by IP address
> (person).  It saddens me to see many of my friends among that lot.

John, I admire you for living a life without compromises. However, I
cannot afford such a life.

As it stands, I wouldn't blame the people who block ports. Most of
them, like me, are just trying to keep using the internet as best as
they can.

I would blame the criminals. I don't mean the people who merely send
out unsolicited email from machines they themselves own that doesn't
pretend to come from other people. I mean the people who
systematically break in to thousands of computers (surely you don't
believe breaking in to someone's computer to gain its use against the
will of the owner is okay) so they can send out their notes to a few
million people claiming to be their bank and directing them to yet
another machine they've broken in to where they collect the passwords
of the victims. I would also blame the law enforcement agencies who
essentially do nothing to these people.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list