This week has brought us news of a battle, almost certainly unintentional, between two major antispam services. It seems that SORBS has put MessageLabs on a blacklist that is blocking outbound email from MessageLabs customers. Now, you might think that, since I'm Chief Scientist for a third email security company, Mimecast, I would just be sitting back and enjoying this development. But while I can't deny that there's a certain pleasure to be obtained from watching your competitors hit each over over the head with sticks, I think that both companies are being somwhat unfairly villified in the popular portrayal of this little spat. To explain why I would want to defend both MessaageLabs and SORBS while they're happily beating each other up, it's necessary to say a little about the structure and complexity of the Internet in general and antispam technology in particular. The enormous success of the Internet has come, almost entirely, from the development of clearly-specified protocols that are used by otherwise competitive parties. Mail flows between Lotus Notes, Microsoft Exchange, gmail, ane other tools because the implementors are all doing their best -- for the most part -- to comply with a set of vendor-neutral standards from the IETF, such as SMTP and MIME. Technologists from these competitive companies regularly get together -- online, in informal settings, and formally at the thrice-annual IETF meetings -- to hash out any ambiguities or differences of interpretation. This is absolutely essential to the functioning of the Internet, and one of the worst accusations you can make, in the Internet technical community, is that someone is trying to subvert the standards for proprietary purpose. This kind of "coopetition" is hard to do in any case, but it gets much harder in any security-related area, because you are fighting an active opponent. It's hard enough to get multiple vendors to converge on a single standard and its interpretation; things get really complicated when they have to cooperate at subverting a clever, active opponent such as a spammer. The bad guys are actively trying to find holes or ambiguities in the protocols, and to exploit them for anti-social ends. When the good guys work to thwart them, they don't generally have anything like a well-specified set of instructions for how to do so. Although they are working towards the same end, they are doing so with a relatively minimal basis for cooperation. Thus one vendor will say, "if soneone is doing X, Y, and Z, he must be a spammer" and treat him accordingly. But another vendor may say, "if I do A, B, and Z, I will thwart spammers." When this happens, even if both approaches are reasonable on their own, the first vendor's software is likely to begin treating the second vendor as a spammer. And while this nearly always begins as a simple difference of implementation or strategy, it is easy for the second vendor to suspect that the first vendor is targeting them directly. Both vendors are devoted to fighting spam, but all of a sudden they're spending their time arguing with each other instead. In other words, spam control is hard, and there's no rule book for doing it well. Like local police who rush in to arrest a crime ring that turns out to be FBI agents on a sting operation, the good guys can easily end up shooting at each other with the best of intentions. Of course, police work can be good or sloppy. Maybe the FBI didn't keep local police informed about the sting, or maybe the local police didn't tell the FBI what they were up to. The mere fact that they're shooting at each other doesn't begin to tell you who's at fault. I could easily believe that either SORBS, MessageLabs, both, or neither were at fault here, so I hate seeing a rush to judgement. With most of the mechanisms fully automated, this kind of blacklisting could probably happen to any of us. While I don't know who to blame in this case, I am pretty sure that MessageLabs doesn't deserve to have customers abandon it simply because of this incident, as a few have indicated they will do. Every anti-spam company has to walk the line between aggression in fighting spam and defense against its customers being inadvertently labelled spammers. (And note the word inadvertent: Mimecast, for example, vets and trains its potential customers to try to ensure that they aren't spammers, intentional or not.) My colleagues and I are happy to offer dozens of good reasons for users of MessageLabs, SORBS, or other email security services to switch to Mimecast. But this incident isn't one of them. MessageLabs was the victim of an unhappy accident, and while it may or may not share some blame with SORBS, such accidents can, in the end, happen to anyone. Perfection is an admirable goal, but an unreasonable expectation.