Suomispam DNSBL is used to getting all kinds of legal threats from people who are opposed to spam blacklists. Today we got a major rant from the CEO of hoosat.fi, Toni Lukkaroinen. He was absolutely convinced that Suomispam is in charge of Hotmail spam filtering, and that we are criminally causing him to be unable to send an invoice to his customer. He was furious that we have signalled in our list that the very network he is placed in has very recently been actively used to send huge volumes of phishing emails.
Well, Suomispam is not providing DNSBL to Microsoft (trust me, we would notice if we had them as a customer) but Mr. Lukkaroinen was so convinced that we are criminals that there was no convincing him about the real state of affairs. So no, if you are having trouble getting your emails through to Gmail or Hotmail, we have absolutely nothing to do with it.
But I am sure there are a lot of people who are not sure how DNSBL's work so I'll give a short brief.
The way it works is DNSBL's like Suomispam or Spamhaus track a lot of spam and do analysis on the IP's, networks, operators and the spammers themselves. Then we publish data based on our research on what kind of reputation different networks or IP's have. Typically we provide that information on DNS so that third parties can query our servers easily. This is basically the technical spam version of restaurant reviews. In a way we publish our journalistic reviews on how good we think "certain restaurants" or neighborhoods are. We do not as such block anyone's emails.
The next step is that some operators or users have evaluated us and chosen to agree with our listing decisions, and to query us for reputation data for email senders they encounter. Some choose to reject emails from IP's or networks, or domains listed on blacklists. For example Spamhaus is quite often used in this way. Some do not outright refuse the emails but may run the emails through a statistic analyzer that estimates how likely the email is to be unwanted spam based on a lot of individual factors, which may include several blacklists.
As far as I know, all the phases are perfectly legal at least in all western democracies. It is lawful for intelligence companies to analyze spam and to publish analysis results (or restaurant reviews), and it is lawful for hosting providers using said DNSBL's to reject emails that may or may not be spam.
So, why does Suomispam have a policy to publish it every time someone threatens us with police or lawyers? Simply because we are a journalistic operation and aim to provide honest impartial reviews on what kind of spam reputation each network operator has, therefore we must be extra careful to maintain our impartiality and never ever cave in to threats. Even if we do not suspect this specific guy of being a spammer, merely someone who thinks spam filtering is illegal. Digital Ocean could easily clean up that network and ask us to delist once cleared. We would be happy to delist once the phishing problem is resolved. But threats will absolutely not work.
Suomispam does get people upset pretty often. Especially spammers really do not like it when we list their domains or IP’s. Every now and then they threaten to either sue us or file criminal complaints against us. Those are almost always empty threats. We know our legal basis pretty well so we do not feel particularly threatened by them. All those threats do is block the possibility of reëvaluation of the listing in the near timeframe.
However, finally someone actually did file a criminal complain due to Suomispam listing them. This “brave” spammer in question was toimistotarviketukku.fi (Owela Oy) whose chairman of the board Tero Ojala filed a criminal complaint with the police. He asked the police to investigate if Suomispam is guilty of interfering with electronic communications. Unfortunately he apparently did not know that the statute does not cover what reputation databases do. (It covers only unlawfully interfering with communications).
The admins of email servers are perfectly in their right to filter emails using blacklist information and Suomispam absolutely has the right to distribute reputation information to user organisations. It is basically the same legal principle of it being lawful for restaurant critics to tell everyone how certain restaurants serve terrible food. Even if it may be bad for business for the restaurants to get bad reviews.
Anyways, the good news is that the Finnish police do agree with our assessment. Suomispam was cleared and the investigation was cut short. It is a shame people feel the need to waste police time with bogus complaints, but at least we got sort of a precedent.
Threats from spammers: Heikki Holvikari / Victoria Oy / Onestop
Suomispam sometimes gets various threats from spammers whom we list. Usually they either threaten to sue us or to report us to someone.
In December Heikki Holvikari of onestop.fi and victoria.fi sent out a spam campaign advertising business gifts.
Subject: Wigrenin ja Kivikylän joulupaketit henkilökunnalle
[Christmas gifts from Wigren and Kivikylä for staff].
The spam mentioned it was sent to addresses from Victoria Oy’s marketing file. They describe they get addresses from their own customers, scraped from the Internet, and from other “public” sources. That makes their operation not only spam but also illegal in Finland because they do not have prior permission from people to spam them and addresses collected from the Internet are unreliable (as was in this case). In the EU you cannot do that.
The first email from Heikki Holvikari was kind of civil, but they did question our right to list them and tried to justify their spam:
Not sure who you are and what right you have to monitor companie´s internet activities but kindly ask you to abort our listing on our IP.
We are one of the most well known companies in promotional products business in Finland AND we send e-mailings continuously to our customers to inform about prices and availability of products. We have done this continuously to the same database for about 6 years and we have made sure we operate 100% according to the finnish law. Your listing greatly affects our communication with our customers.
After pointing out their description of their personal data file was not lawful, they tried to explain it as a mistake, as better than calling people on the phone and saying they do not sell to consumers and claiming to only use their own contacts (which is false given that we saw their emails and spamtraps do not wander around the Internet making purchases). Unsolicited bulk email is spam, not merely a “better way” to inconvenience people than phone calls.
Suomispam did not accept their justifications for why their spam should be accepted and eventually Heikki Holvikari sent this (English translation follows):
- Suomen lain mukaan saamme lähettää sähköistä suoramainontaa yrityksiin niille henkilöille, joiden vastuuna on ko. yrityksessä alaamme liittyvät hankinnat. ns. asemavaltuutus. Siihen ei Suomen lain mukaan tarvita vastaanottajan suostumusta erikseen. Viestissä on tarjottava mahdollisuus poistua postituslistalta, niinkuin meillä myös on.
- Emme harjoita suoramarkkinointia yksityishenkilöille syystä, että emme myy yksittäisiä tuotteita. Kaikki tuotteemme on tarkoitettu asiakasyritystemme sisäiseen tai ulkoiseen markkinointiin.
- Näyttää siltä, että et itse kovin hyvin tunne Suomen lakia:
- - Ensinnäkin, ylläpitämäsi lista on yhtä kuin rekisteri, jonka ylläpitoa koskee samat lait kuin muitakin rekistereitä. Mikäli tarkoituksesi on vedota lakeihin niin kannattaa pitää huolta, että itse noudattaa niitä. Olen toistuvasti pyytänyt Sinua poistamaan yrityksemme ylläpitämästäsi rekisteristä.
- - Suomispamin toiminta häiritsee sähköpostiemme läpimenoa, koska se pyrkii mustamaalaamaan yrityksemme ip-osoitteesta lähteviä viestejä.
"Mikäli henkilö puuttumalla postiliikenteessä taikka tele- tai radioviestinnässä käytettävän laitteen toimintaan, tai, lähettämällä ilkivaltaisessa tarkoituksessa radiolaitteella tai televerkossa häiritseviä viestejä tai muulla vastaavalla tavalla oikeudettomasti estää tai häiritsee postiliikennettä taikka tele- tai radioviestintää, katsotaan hänen syyllistyvän tietoliikenteen häirintään. Tietoliikenteen häirinnästä tuomitaan sakkoa tai vankeutta enintään kaksi vuotta. Teon yritys on rangaistava."
- Tutkintapyyntö poliisille tarkoittaa sitä, että poliisi tutkii onko rikos tapahtunut annettujen todenmukaisten tietojen pohjalta. Ei liene epäselvyyttä siitä, että pidät yksityishenkilönä yrityksemme ip-osoitetta rekisterissäsi ja välität siitä eteenpäin tietoa ns. mustalla listalla tarkoituksena estää sähköpostiemme läpimenoa?
- Olen pitänyt kirjeenvaihdossamme huolen siitä, että en suinkaan uhkaile. Tutkintapyyntö on vain toteamus seuraavista toimenpiteistämme, mikäli yritystämme haittaava laiton toiminta ei lopu. Olen tarjonnut mahdollisuutta sovintoon.
- Meille on sitä parempi, mitä suuremmin julkaiset kirjeenvaihtoamme. Kuten varmasti ymmärrät, se on vain yhä raskauttavampaa aineistoa mahdolliseen poliisin tutkintaan.
- Kuten mainitsin aikaisemmassa sähköpostissani, olin yhteydessä viestintäviraston-, tietosuojavaltuutetun- sekä poliisin lainopilliseen neuvontaan. En siis kovi köykäisin perustein esitä vaatimuksiani. Toimimme aina hyvien liiketapojen mukaan ja tarjoamme Sinulle mahdollisuuden peräytyä asiassa ilman sen suurempia vaatimuksia kuin poistaa tietomme ylläpitämästäsi rekisteristä.
Translation of significant parts of Mr. Holvikari’s letter into English by Suomispam:
According to the Finnish law we can send direct electronic advertising to those people on companies whose job is related to buying from us [Suomispam note: this was actually stripped from the bill before the parliament accepted it]. The Finnish law does not require recipients prior permission for that. The message also has to offer a chance to unsubscribe which we do.
We do not sell to private individuals because we do not sell individual products. Our products are for our customers internal and external marketing.
- It looks like you do not know the Finnish law very well.
- Firstly your list is a register and subject to the same regulation as other registers. If you wish to appeal to law, you should make sure to follow them yourself. I have repeatedly asked you to remove our company from the register you maintain.
- Suomispam interferes with our email deliverability by slandering the messages that leave our company’s IP address.
“Section 5 – Interference with communications (578/1995)
(1) A person who by tampering with the operation of a device used in postal, telecommunications
or radio traffic, by maliciously transmitting interfering messages
over radio or telecommunications channels or in another comparable manner unlawfully
prevents or interferes with postal, telecommunications or radio traffic,
shall be sentenced for interference with communications to a fine or to imprisonment
for at most two years.
(2) An attempt is punishable. (540/2007)”
- A request to investigate to the police means that the police will investigate if a crime has been committed based on given factual information. There is no question that you keep our company’s IP address in your register as a private person and pass it on to the so called blacklist in an attempt to block our emails?
- I have made sure in our correspondence not to make threats. The request for the police to investigate is merely a statement on what we will do should the illegal interference not stop. I have offered a possibility of reconciliation.
- It is better for us the more you publish our correspondence. As you surely understand, it will only incriminate more for a possible police investigation.
- As I mentioned earlier, I was in contact with the Finnish Communications Regulatory Authority, the Data Protection Ombudsman’s office and the police’s legal advice. So I do not make my demands lightly. We always act according to good business practices and we offer you a chance to back out in this matter and remove our data from your registry without further repercussions.
So, obviously they are wrong on the law, but apparently they will try to perform a sort of legal denial of service attack on Suomispam by trying to create a baseless police investigation on Suomispam. We would not be surprised if he were to attempt to sue us to stretch our already small resources as well.
For the record, the IP address we listed is 77.240.22.116 and we have also listed the domains victoria.fi and onestop.fi.
Mr. Holvikari has stated that he wishes for everyone to know about this as it in his mind incriminates Suomispam. He has admitted to sending B2B spam and wants to do it in the future. So, please do spread the news.
Also tips of lawyers interested in helping out would be gladly accepted at [email protected].
