[anti-spam-wg] [Fwd: FW: [technical] RIPE anti-abuse draft]

  • To: RIPE anti-spam WG anti-spam-wg@localhost
  • From: Dave Crocker dhc@localhost
  • Date: Mon, 20 Nov 2006 12:32:52 -0800
  • Organization: Brandenburg InternetWorking
  • Reply-to: dcrocker@localhost

Folks,

Hi.

I forwarded a reference to the Last Called draft
<http://www.ripe.net/ripe/draft-documents/bcp-abuse.html> to the technical subcommittee of MAAWG <http://maawg.org>.

MAAWG membership has become relatively diverse, although still tending towards larger operators and senders. However the current diversity is enough to produce differing opinions during lots of discussions... Always a good test of honest representation and debate.

It can only help to have drafts get circulated widely among interested parties, so I took the Last Call request as an opportunity to solicit MAAWG folks. (In fact, there is about to be a draft *from* MAAWG that will find its way to RIPE, and similar groups, for review prior to publication.)

Attached is a response from one of the active participants. For clarity, I should note that his response is from the Cox team and not from MAAWG. I should further note that I am relaying it without comment on its content.

d/

-------- Original Message --------
Subject: 	FW: [technical] RIPE anti-abuse draft
Date: 	Mon, 20 Nov 2006 15:05:25 -0500
From: 	<Bill.Oxley@localhost
To: 	dcrocker@localhost

Dave,

 selected comments from our abuse department.
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications
404-847-6397

_____________________________________________

In general the guide seems written on the assumption that the customers
are commercial in nature and that they're sending email intentionally.
Most of our complaints are residential customers and/or trojan infections.

Here are a couple of particular points that stand out:

- - The ISP MUST ensure that the alleged abuser is NOT informed of the
identity of those who are reporting the abuse, except with their
explicit permission.

That's an excellent principle, but it can't always work.  In particular,
there are cases where a customer runs a legitimate mailing list, and the
complainant simply forgets they've signed up.  They continually send
spam complaints against the customer, and the only fix is to let the
customer know who the complainant is so they can be removed from the
list.  Every legitimate large-scale mailing list gets at least a few
false positives like that.

- - If a second origination of UBE by the customer occurs within six
months the ISP MUST terminate the customer's account and all services
connected with it. The loss of the sender's connection to the Internet
from a particular e-mail address is an important sanction in combating UBE.

Terminating a customer on a second spam complaint is somewhat
unrealistic.  First contact may fail for a number of reasons.  For
instance, many customers don't check their mailboxes, and they never see
the first warning.  We find that a "three strikes" policy makes more
sense: warn, temporary suspension, termination.  In practice, we
actually suspend a customer multiple times before termination.  E.g. in
the case of a trojan infection, we'll typically give the customer more
than one chance to clean it up.  In extreme cases, we can take drastic
measures such as requiring a harddrive format before reactivation, and
that usually prevents us from having to terminate a customer completely.



Atlanta)


--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net