Re: [anti-spam-wg] [Fwd: FW: [technical] RIPE anti-abuse draft]

  • To: RIPE anti-spam WG anti-spam-wg@localhost
  • From: peter h peter@localhost
  • Date: Mon, 20 Nov 2006 22:07:18 +0100

On Monday 20 November 2006 21.32, Dave Crocker wrote:
> Folks,
> 
> Hi.
> 
> I forwarded a reference to the Last Called draft
> <http://www.ripe.net/ripe/draft-documents/bcp-abuse.html> to the technical 
> subcommittee of MAAWG <http://maawg.org>.
> 
> MAAWG membership has become relatively diverse, although still tending towards 
> larger operators and senders.  However the current diversity is enough to 
> produce differing opinions during lots of discussions...  Always a good test of 
> honest representation and debate.
> 
> It can only help to have drafts get circulated widely among interested parties, 
> so I took the Last Call request as an opportunity to solicit MAAWG folks. (In 
> fact, there is about to be a draft *from* MAAWG that will find its way to RIPE, 
>   and similar groups, for review prior to publication.)
> 
> Attached is a response from one of the active participants. For clarity, I 
> should note that his response is from the Cox team and not from MAAWG.  I should 
> further note that I am relaying it without comment on its content.
> 
> d/
> 
> -------- Original Message --------
> Subject: 	FW: [technical] RIPE anti-abuse draft
> Date: 	Mon, 20 Nov 2006 15:05:25 -0500
> From: 	<Bill.Oxley@localhost
> To: 	dcrocker@localhost
> 
> Dave,
> 
>   selected comments from our abuse department.
> Thanks,
> Bill Oxley
> Messaging Engineer
> Cox Communications
> 404-847-6397
> 
> _____________________________________________
> 
> In general the guide seems written on the assumption that the customers
> are commercial in nature and that they're sending email intentionally.
> Most of our complaints are residential customers and/or trojan infections.
> 
> Here are a couple of particular points that stand out:
> 
> - - The ISP MUST ensure that the alleged abuser is NOT informed of the
> identity of those who are reporting the abuse, except with their
> explicit permission.
> 
> That's an excellent principle, but it can't always work.  In particular,
> there are cases where a customer runs a legitimate mailing list, and the
> complainant simply forgets they've signed up.  They continually send
> spam complaints against the customer, and the only fix is to let the
> customer know who the complainant is so they can be removed from the
> list.  Every legitimate large-scale mailing list gets at least a few
> false positives like that.
> 
> - - If a second origination of UBE by the customer occurs within six
> months the ISP MUST terminate the customer's account and all services
> connected with it. The loss of the sender's connection to the Internet
> from a particular e-mail address is an important sanction in combating UBE.
> 
> Terminating a customer on a second spam complaint is somewhat
> unrealistic.  First contact may fail for a number of reasons.  For
> instance, many customers don't check their mailboxes, and they never see
> the first warning.  We find that a "three strikes" policy makes more
> sense: warn, temporary suspension, termination.  In practice, we
> actually suspend a customer multiple times before termination.  E.g. in
> the case of a trojan infection, we'll typically give the customer more
> than one chance to clean it up.  In extreme cases, we can take drastic
> measures such as requiring a harddrive format before reactivation, and
> that usually prevents us from having to terminate a customer completely.
> 
> 
> 
> Atlanta)
> 
> 

Terminating or at least disabling a user at first spam is totally realistic.
Any reasonable AUP may include this condition.

The lame ISP that allows continued spam from a detected source is what makes
spam possible ( at least a major part of the problem)

How else is the "proffesional spammer" that uses throw-away accounts stopped ?

( Yes blocking port 25 would be a heavenly gift if more ISP dared to do)



-- 
        Peter Håkanson   

        There's never money to do it right, but always money to do it
        again ... and again ... and again ... and again.
        ( Det är billigare att göra rätt. Det är dyrt att laga fel. )