[anti-abuse-wg] Antispam measures

* Chimel Chimel:

> 1) Does RIPE or other registrars impose antispam fighting measures
> or a code of conduct to the ISPs or telcos it allocates IP ranges
> to?

No, not that I know.

> For instance, do these registrar customers specifically sign an
> agreement never to post spam themselves. Do they also sign an
> agreement to terminate IP sub-allocation or contract with their own
> customers who are using their IP addresses to post spam?

No, surely not.  That would be poor service.  You don't want to lose
your IP resources just because your infrastructure has been
compromised. 8-(

> 2) If there is such measures, how does RIPE enforce them?

There is no enforcement.

> 3) What does RIPE intends to do about Ukrtelecom, who is alone
> responsible for hundreds of thousands of daily spam posts in
> discussion forums and BBSs?

Well ...

> According to the people in stopforumspam.com, every single post
> emanating from ukrtelecom is spam, there is not a single genuine
> user from that telco.

... so you should be lucky that it's so easy to filter that type of
spam.  If you shut down netblocks, the badness just spreads far and
wide and gets more difficult to track.

Of course, if the activity is indeed illegal, it should be stopped.
One problem we face is that a lot of questionable practices (DNS
poisoning, injecting pop-ups with ads, installing software on PCs
without informed consent) are also carried out by obviously legitimate
businesses, so it's often difficult to convince a prosecutor that it's
illegal.

On top of that, many legal scholars claim that in the EU, once you say
the magic word, "telco", you are no longer responsible for the traffic
you handle, much like anyone could seek asylum in Germany (until we
got rid of this constitutional guarantee in the 90s, which was rather
disappointing because nothing expresses your national wealth better
than an almost unconditional willingness to share it).  This blanket
liability exemption is the root of the problem, and it is pretty much
unique to the telco sector, at least in its generality.  It has to go.

> I'd like to see the whole list in order to ban it all from my forum,
> even if it means banning genuine users from Ukraine.

The relevant parts of the RIPE database is available from
ftp.ripe.net.  In the past, I've generated anti-abuse ACLs from mnt-by
handles, which was surprisingly effective.  Using BGP might help as
well.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99