Holomaxx doubles down

Holomaxx has, as expected, filed a motion in opposition to the motion to dismiss filed by both Yahoo (opposition to Yahoo motion and Hotmail (opposition to Microsoft motion). To my mind they still don’t have much of an argument, but seem to believe that they can continue with this.
They are continuing to claim that Microsoft is scanning email before the email gets to Microsoft (or Yahoo) owned hardware.

Holomaxx has sufficiently alleged that Microsoft intercepted and scanned the contents of Holomaxx!s emails ” in transit without consent by using Bayesian techniques and a collaborative filtration system before the emails reached Microsoft’s servers […]

Best I can figure Holomaxx seems to have convinced their lawyers that “Bayesian techniques” are some sort of magic, psychic filters that can look at packets on a wire and see what’s in them. This is so far from the truth as to be ludicrous.

Bayesian classifiers work by correlating the use of tokens (typically words, or sometimes other things), with spam and non spam e-mails and then using Bayesian inference to calculate a probability that an email is or is not spam.

A Bayesian filter is software. It has to run on hardware somewhere. Someone owns that hardware. In this case, it’s Micosoft and Yahoo.
I can see that Holomaxx is trying to get across that the filtering happens before the ISPs accept the emails. But this doesn’t mean the filters aren’t running on hardware owned by Yahoo or Microsoft. It is possible to content filter email during the SMTP transaction, often referred to as “on the wire.” But, in reality, the filters are still running on hardware owned by the recipient’s ISP. The receiver is just looking at the mail before it makes a decision whether or not to accept responsibility for delivering the email to the final recipient.
A new argument in this motion is that the emails were all confidential and that Holomaxx had a reasonable expectation that the mails would not be overheard or recorded. I’m not sure the advertisements Holomaxx has used as examples (Free HBO from Dish Network!) are actually confidential.  As a layperson I find it hard to see how this argument will work.
Holomaxx also doubles down on their argument that the MAAWG abuse desk best practices document is an objective industry standard.

Yahoo makes much about the fact that the MAAWG Abuse Desk Common Practices paper was from an October 2006 meeting. This is a mischaracterization of the document. The document specifically states that it was assembled with feedback received in sessions from three MAAWG meetings beginning in October 2006. (See Request for Judicial Notice submitted by Yahoo in support of MTD, Ex. 1.) The document was published in October 2007. (Id.) Regardless if it is 3 1⁄2 years old, no other set of practices have been promulgated by MAAWG or any other group concerning the topic of filtered emails. Until that happens, the MAAWG Abuse Desk Common Practices paper serves as the only industry guidelines or standard on that topic.

Once again, the document in question is not a standards document. Holomaxx conveniently ignores what the actual document is about: Abuse desk common practices. In many ISPs, abuse desks do not deal with blocking issues at all. The committee chose to comment on this because some abuse desks handle both inbound and outbound abuse. We’ll see what the judge says, though. I think that Holomaxx is taking the document totally out of context in order to demand, somehow, that their mail shouldn’t be blocked.
There is a hearing on both cases July 15th. I’m considering going down to the courthouse to listen in on the arguments.
Previous blog posts on the Holomaxx case:

Gmail shows authentication data to the recipient
The weak link in security

Related Posts

Further amendment would be futile

Both Microsoft and Yahoo filed their motions to dismiss the Holomaxx first amended complaint (FAC). Each company filed the same set of documents.

Read More

MAAWG: Just keeps getting better

Last week was the 22nd meeting of the Messaging Anti-Abuse Working Group (MAAWG). While I am prohibited from talking about specifics because of the closed door nature of the group, I can say I came out of the conference exhausted (as usual) and energized (perhaps not as usual).
The folks at MAAWG work hard and play even harder.
I came away from the conference feeling more optimistic about email than I have in quite a while. Not just that email is vital and vibrant but also that the bad guys may not be winning. Multiple sessions focused on botnet and crime mitigation. I was extremely impressed with some of the presenters and with the cooperation they’re getting from various private and public entities.
Overall, this conference helped me to believe that we can at least fight “the bad guys” to a draw.
I’m also impressed with the work the Sender SIG is doing to educate and inform the groups who send bulk commercial messages. With luck, the stack of documents currently being worked on will be published not long after the next MAAWG conference and I can point out all the good parts.
There are a couple specifics I can mention. One is the new list format being published by Spamhaus and SURBL to block phishing domains at the recursive resolver. I blogged about that last Thursday. The other bit is sharing a set of security resources Steve mentioned during his session.
If your organization is fighting with any messaging type abuse (email, social, etc), this is a great place to talk with people who are fighting the same sorts of behaviour. I do encourage everyone to consider joining MAAWG. Not only do you have access to some of the best minds in email, but you have the opportunit to participate in an organization actively making email, and other types of messaging, better for everyone.
(If you can’t sell the idea of a MAAWG membership to your management or you’re not sure if it’s right for you, the MAAWG directors are sometimes open to allowing people whose companies are considering joining MAAWG to attend a conference as a guest. You can contact them through the MAAWG website, or drop me a note and I’ll make sure you talk with the right folks.)
Plus, if you join before October, you can meet up with us in Paris.

Read More

Holomaxx status

Just for completeness sake, Holomaxx did also file an  amended complaint against Microsoft. Same sloppy legal work, they left in all the stuff about Return Path even though Return Path has been dropped from the suit. They point to a MAAWG document as a objective industry standard when the MAAWG document was merely a record of a round table discussion, not actually a standards document. I didn’t read it as closely as I did the Yahoo complaint, as it’s just cut and paste with some (badly done) word replacement.
So what’s the status of both cases?
The Yahoo case is going to arbitration sometime in July. Yahoo also has until May 20 to respond to the 1st amended complaint.
The Microsoft case is not going to arbitration, but they also have a response deadline of May 20.
I’m not a legal expert, but I don’t think that what Holomaxx has written fixes the deficits that the judge pointed out in his dismissal. We’ll see what the Y! and MSFT responses say a month from today.

Read More