Re: [anti-spam-wg] [Fwd: FW: [technical] RIPE anti-abuse draft]
-
To: RIPE anti-spam WG anti-spam-wg@localhost
-
From: peter h peter@localhost
-
Date: Mon, 20 Nov 2006 22:07:18 +0100
On Monday 20 November 2006 21.32, Dave Crocker wrote:
> Folks,
>
> Hi.
>
> I forwarded a reference to the Last Called draft
> <http://www.ripe.net/ripe/draft-documents/bcp-abuse.html> to the technical
> subcommittee of MAAWG <http://maawg.org>.
>
> MAAWG membership has become relatively diverse, although still tending towards
> larger operators and senders. However the current diversity is enough to
> produce differing opinions during lots of discussions... Always a good test of
> honest representation and debate.
>
> It can only help to have drafts get circulated widely among interested parties,
> so I took the Last Call request as an opportunity to solicit MAAWG folks. (In
> fact, there is about to be a draft *from* MAAWG that will find its way to RIPE,
> and similar groups, for review prior to publication.)
>
> Attached is a response from one of the active participants. For clarity, I
> should note that his response is from the Cox team and not from MAAWG. I should
> further note that I am relaying it without comment on its content.
>
> d/
>
> -------- Original Message --------
> Subject: FW: [technical] RIPE anti-abuse draft
> Date: Mon, 20 Nov 2006 15:05:25 -0500
> From: <Bill.Oxley@localhost
> To: dcrocker@localhost
>
> Dave,
>
> selected comments from our abuse department.
> Thanks,
> Bill Oxley
> Messaging Engineer
> Cox Communications
> 404-847-6397
>
> _____________________________________________
>
> In general the guide seems written on the assumption that the customers
> are commercial in nature and that they're sending email intentionally.
> Most of our complaints are residential customers and/or trojan infections.
>
> Here are a couple of particular points that stand out:
>
> - - The ISP MUST ensure that the alleged abuser is NOT informed of the
> identity of those who are reporting the abuse, except with their
> explicit permission.
>
> That's an excellent principle, but it can't always work. In particular,
> there are cases where a customer runs a legitimate mailing list, and the
> complainant simply forgets they've signed up. They continually send
> spam complaints against the customer, and the only fix is to let the
> customer know who the complainant is so they can be removed from the
> list. Every legitimate large-scale mailing list gets at least a few
> false positives like that.
>
> - - If a second origination of UBE by the customer occurs within six
> months the ISP MUST terminate the customer's account and all services
> connected with it. The loss of the sender's connection to the Internet
> from a particular e-mail address is an important sanction in combating UBE.
>
> Terminating a customer on a second spam complaint is somewhat
> unrealistic. First contact may fail for a number of reasons. For
> instance, many customers don't check their mailboxes, and they never see
> the first warning. We find that a "three strikes" policy makes more
> sense: warn, temporary suspension, termination. In practice, we
> actually suspend a customer multiple times before termination. E.g. in
> the case of a trojan infection, we'll typically give the customer more
> than one chance to clean it up. In extreme cases, we can take drastic
> measures such as requiring a harddrive format before reactivation, and
> that usually prevents us from having to terminate a customer completely.
>
>
>
> Atlanta)
>
>
Terminating or at least disabling a user at first spam is totally realistic.
Any reasonable AUP may include this condition.
The lame ISP that allows continued spam from a detected source is what makes
spam possible ( at least a major part of the problem)
How else is the "proffesional spammer" that uses throw-away accounts stopped ?
( Yes blocking port 25 would be a heavenly gift if more ISP dared to do)
--
Peter Håkanson
There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )