Re: [anti-spam-wg] [Fwd: FW: [technical] RIPE anti-abuse draft]
To: RIPE anti-spam WG anti-spam-wg@localhost
From: peter h peter@localhost
Date: Mon, 20 Nov 2006 22:07:18 +0100
On Monday 20 November 2006 21.32, Dave Crocker wrote:
> I forwarded a reference to the Last Called draft
> <http://www.ripe.net/ripe/draft-documents/bcp-abuse.html> to the technical
> subcommittee of MAAWG <http://maawg.org>.
> MAAWG membership has become relatively diverse, although still tending towards
> larger operators and senders. However the current diversity is enough to
> produce differing opinions during lots of discussions... Always a good test of
> honest representation and debate.
> It can only help to have drafts get circulated widely among interested parties,
> so I took the Last Call request as an opportunity to solicit MAAWG folks. (In
> fact, there is about to be a draft *from* MAAWG that will find its way to RIPE,
> and similar groups, for review prior to publication.)
> Attached is a response from one of the active participants. For clarity, I
> should note that his response is from the Cox team and not from MAAWG. I should
> further note that I am relaying it without comment on its content.
> -------- Original Message --------
> Subject: FW: [technical] RIPE anti-abuse draft
> Date: Mon, 20 Nov 2006 15:05:25 -0500
> From: <Bill.Oxley@localhost
> To: dcrocker@localhost
> selected comments from our abuse department.
> Bill Oxley
> Messaging Engineer
> Cox Communications
> In general the guide seems written on the assumption that the customers
> are commercial in nature and that they're sending email intentionally.
> Most of our complaints are residential customers and/or trojan infections.
> Here are a couple of particular points that stand out:
> - - The ISP MUST ensure that the alleged abuser is NOT informed of the
> identity of those who are reporting the abuse, except with their
> explicit permission.
> That's an excellent principle, but it can't always work. In particular,
> there are cases where a customer runs a legitimate mailing list, and the
> complainant simply forgets they've signed up. They continually send
> spam complaints against the customer, and the only fix is to let the
> customer know who the complainant is so they can be removed from the
> list. Every legitimate large-scale mailing list gets at least a few
> false positives like that.
> - - If a second origination of UBE by the customer occurs within six
> months the ISP MUST terminate the customer's account and all services
> connected with it. The loss of the sender's connection to the Internet
> from a particular e-mail address is an important sanction in combating UBE.
> Terminating a customer on a second spam complaint is somewhat
> unrealistic. First contact may fail for a number of reasons. For
> instance, many customers don't check their mailboxes, and they never see
> the first warning. We find that a "three strikes" policy makes more
> sense: warn, temporary suspension, termination. In practice, we
> actually suspend a customer multiple times before termination. E.g. in
> the case of a trojan infection, we'll typically give the customer more
> than one chance to clean it up. In extreme cases, we can take drastic
> measures such as requiring a harddrive format before reactivation, and
> that usually prevents us from having to terminate a customer completely.
Terminating or at least disabling a user at first spam is totally realistic.
Any reasonable AUP may include this condition.
The lame ISP that allows continued spam from a detected source is what makes
spam possible ( at least a major part of the problem)
How else is the "proffesional spammer" that uses throw-away accounts stopped ?
( Yes blocking port 25 would be a heavenly gift if more ISP dared to do)
There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )