Datapro/Vox Spam Wrapup

Its been a long, long time... way too long... since I promised to report back on my complaint to the ISPA in which I accused Datapro/Vox Telecom of being spammers.

The first part of the ISPA's complaint-handling procedure is to have the parties try and resolve matters between them. Datapro's attempt to brush me off was a laugh:

• Part 1
• Pahttp://onemikro2nd.blogspot.com/2008/02/taking-on-spammers-dataprovox-telecom_21.htmlrt 2
• Pahttp://onemikro2nd.blogspot.com/2008/02/taking-on-spammers-dataprovox-telecom_21.htmlrt 3
• Part 4http://onemikro2nd.blogspot.com/2008/02/taking-on-spammers-dataprovox-telecom_21.html

So eventually, somewhere around March, the event wound its way to the ISPA's Complaints Committee who deliberated, and some weeks later, sent me a formal Ruling:

Datapro/Vox Telecom were found guilty of spamming, and fined R100 000 (about EUR10 000 at the time.)

Naturally Datapro appealed this decision, as was their right. Unfortunately the appeals process is quite a slow one, so it was only about 9 June that I was informed of the outcome of the appeals process:

On appeal it was found that Datapro/Vox Telecom were confirmed as being guilty of spamming (through address repurposing.) The fines were, however, reduced to R45 000, most of which has been suspended for 12 months, provided that Datapro/Vox do not spam again within that period of time. Effectively Datapro/Vox have had to pay a paltry R7 500 in fines. Their guilt remains undisputed.

This strikes me as the ISPA having no balls.

The Appeals Committee recomended that Datapro/Vox

...ensure that a working opt-out facility is provided on all marketing emails and to report back to the ISPA complaints administrator within 1 (one) calendar month of receipt of this report on remedial action taken by it. The Appeals Panel recommended (which recommendation is not binding) that such remedial action should also include cleaning its email marketing lists to avoid a repetition of this complaint. This could be achieved by way of a reminder email requesting recipients to confirm their desire to continue receiving such emails (opt in), which is preferable, or by requesting them to indicate their preference not to receive such communications (opt out), which is adequate and then abiding by the indicated preference.

To my knowledge none of this has happened. I have received neither an opt-in request, nor any opportunity to op-out.

The only communication I have had was on 3 June -- 8 days after the Appeal Ruling -- I received yet another marketing spam from Datapro/Vox... still no opt-out link, still no confirmed opt-in. I just have not had the time or energy to follow-up with another complaint of this violation of the suspension conditions imposed by the ISPA on Datapro/Vox.

Further, the ISPA's documentation carries a notice stating

PRIVATE AND CONFIDENTIAL:
All communication is confidential and may not be distributed.
See http://www.ispa.org.za/commsrules for more info.

so I am effectively barred from making the original PDFs available, despite (or perhaps because of) my having made it clear to the ISPA that it was my firm intention to publish the course of events and all documents.

I am also unable to find any notice, link or reference to this ruling on the ISPA website. Are they too afraid of the potential income-loss should one of their largest spammers members get pissed-off enough to depart the Association?

A pretty sorry indication of the general state of the local ISP industry, I'm afraid.

Power to the Purple

A week of power-supply problems. Not Eskom's fault, this time, but more localised failures.

First the power-supply for the network server had a fan stop turning. I could have taken the chance on the unit working without cooling, since it is relatively lightly loaded -- no graphics cards, only a single disk -- but, since I had a spare power-supply unit handy it was a task of mere minutes to swap the faulty unit out and get the server back into action. It is a fairly key piece of our little home network, being a web-cache, local domain-name server and cache, Subversion repository and file-share space, so we miss it badly when it is down.

Then the power supply on my desktop machine decided to follow suit. Also a fan failure. I hate those crappy little fans! There's absolutely nothing wrong with the basic electronics of the power supply itself, but the ball bearings in the fan have died. Pricing for a new power-supply runs from a little over R100 if I were in Cape Town with easy access to wholesalers, through R200 from a web-shop, all the way to R300 from the local PC shops! This is for the most basic 350W PSU -- none of that fancy gaming-machine stuff for me. (Though I will confess to being tempted by a unit costing around R800, simply because it is alleged to be completely quiet! I'm a self-confessed anti-noise-maniac.)

My guess is I'm going to spend an hour messing about with the soldering iron, installing new fans (I have a couple just lying about) in the "faulty" power-supplies.

At the same time, several warnings from my server-supplier in London telling the story of a week-long tail-of-woe about power-supply into the datacentre. Apparently a failover switch failed to work correctly during a power-outage last Sunday, causing the battery-based UPS to take the entire load for about 10 minutes before the batteries were totally drained. All servers in the DC went down hard. It has taken them until Thursday to isolate the problem and replace the parts (electrical and mechanical) that were at fault.

During the whole affair, all server owners have been kept fully informed via RSS feeds and emails at every step of the way, since there is a risk (however slight) that servers might go down if there is a power-grid outage again and the on-site staff -- now fully briefed on managing a manual switch from grid power to the backup generator -- should get taken-up at just the wrong moment.

This is exactly the sort of thing I expect from server providers and datacentre operators. Everybody understand that, despite the best-laid plans, sometimes shit happens. It is how they respond, and how transparent and communicative they are in responding to the crisis that truly matters.

This is in very sharp contrast to Verizon's datacentre in Durban, where my other client's servers are housed. About 10 days ago they had some electrical work going on in the DC, which in turn made some server-moves necessary. They did all this without warning their clients that there might be some risk to their operations. Needless to say, my client's servers went down without warning in the wee hours of Sunday morning. No heartbeat monitoring in place, so it was Monday before anybody knew that something was wrong. No peep from Verizon to their customers. Half-arsed, I call it.

There's a lesson in all this about Single Points of Failure. I've been warning for over 8 months that having all the servers housed in a single DC, or even in a single city, is a risk. Maybe now the business will take some action, but, given the general lack of respect or attention to the fact that, like it or not, they are a technology business, I have my doubts.