Jordi, Transparency and accountability are key for services that act like a combined privatised police, court and penal force. Unfortunately Spamhaus does not deliver in that department. While the service certainly has merit, they sometimes feels warranted to enforce policies that hurt legal and valid business models like unmanaged hosting and cloud services, vpn's or tor-exits just to name a few. Judge, Jury and Executioner are 3 distinct roles in western democraties, this is for a reason. As a lot of organisations use Spamhaus, this means they have a fudiciary obligation to have clearand targetted policies, a speedy and transparant complaints procedure and they need to provide some form of arbitrage, just to ensure personal issues and preferences are not a factor. To describe Spamhaus usage as "It is up to each individual or organization to use them or not." fundamentally mislabels their position in the abuse handling ecosystem. (it is a bit like arguing we have a working abuse@ mail address, but do not handle abuse at all) -- IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode On Wed, 08-07-2020 15h 08min, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:
In a couple of occasions (many years ago), some of the IPs under my responsibility, were listed at spamhaus. I contacted them and got delisted, no problem. Of course, after that I took measures so my IP addresses are never involved even by accident, in any "bad" activity: it is my duty.
My conclusion is that it offers a good service, which I can use or not, it is my decision.
I think services such as spamhaus are good, and I don't know if legally they need to be "registered". I could, as a natural person, so no need for registration if is not a business (no incomes), make this kind of service, for free, and for privacy reasons, and understanding that I may be damaging high-level criminal activities, seek my personal and family protection by not disclosing my real data.
I don't think there is nothing wrong about that, because I'm not "forcing" anyone to trust my service or use it, or anything similar. It is up to each individual or organization to use them or not.
If ISP a, b, and c, are abusing my network in any way, and I decide to create a public web page to list them, if I can keep the demonstration of that, there is no court that can tell me "you're doing something illegal". I'm just telling the world "those guys have abused my network, you can use it to filter them to avoid having the same trouble", and I can do that I an anonymous way.
That said, I think it is a bad excuse to say that there is no login to protect freedom of speech. You can do login but not provide that data to "bad" governments. Only if your own country LEA ask for it, because there was a criminal activity on that connection you will need to provide the data. This is the same for *any* other service. I can't agree that VPN's are a different thing.
Note that I'm not trying to say if this or that service is good or bad, but to say that rules are made for all.
Regards, Jordi @jordipalet