<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Spam-RBL, anyone?

Rodney,

Could I ask for a minute or two on the agenda of the next meeting?

I think it will be useful for the meeting to note what best-practice
framework there is for use of whois data by incident-detection robots,
and where the gaps are. I hope that someone can credibly state which
are the documents, and where are the uncovered issues (if any).
I know I'm not in a position to do this. Indeed, I don't know yet if
I'm clear to travel. I don't actually need to be there for the meeting
to make and note a useful statement, after all.

I'm assuming that you, Rodney (or else some one you have ready access to)
can summarize the position in a minute or two.

If the framework is all in place, and I'm the only one unaware of it,
less than a minute should be enough to put me in my place. I suspect
a wider spread of ignorance, and that there may actually be a loose
end or two worth tying up.

Mouse,

On 7 Jan 2004, at 19:37, der Mouse wrote:

Um.  I must be msising something.  What, pray tell, do you think the
administrative conjtact address _is_ for, if not administrative issues?
Or do you not consider disciplining spammous users to be an
adminsitrative matter?
We find it effective to use a dedicated role mailbox for each of (a small
number of) categories of administrative issues. We take care to advertise
this in the whois records for our networks. From time to time, someone
chooses to ignore what we've advertised, and do something else. This is
offensive, counterproductive, and arguably illegal.

It's offensive, because it gives the message, "We don't care what you
advertise about how you deal with problems on your network; we'll act as
seems good to us in any case."

It's counterproductive because it introduces an extra unwanted and
unplanned-for step in the communication path, which can introduce arbitrary
delay according to the circumstances.

It may be illegal (at least in the EU), because it constitutes use of the
data to which the data subject has not given consent; a fortiori because
the intended use of the data has been advertised precisely in the record
which was abused.

When someone configures (or worse, hard-codes) a robot to do this, that
someone, in my opinion, is letting loose just another nuisance-mail generator.

Best regards,

Niall O'Reilly



<<< Chronological >>> Author    Subject <<< Threads >>>