RE: [anti-spam-wg] Any suggestions about how to deal with non co-operative ISP's and RIR's ?
-
From: Jørgen Hovland jorgen@localhost
-
Date: Tue, 3 Apr 2007 21:45:24 +0200
Hi Ole,
I'll skip the discussion as you requested:) and just post my suggestion (one
of many I guess) to what you asked for:
Illegal spam[2]
If you do not have enough evidence, contact the police[4]. It is their job,
not yours. You are most likely not the only victim. But if you only received
a single/few spam mail don't even bother. Archive it. If you do have enough
evidence, contact the offender. If the offender refuses to cooperate,
contact the company the offender is purchasing the service from. You might
want to refer to what paragraph(s) the illegal act may be subject to. If
this provider refuse[1] to do anything about it, I suggest you stop here and
go to the police. Only the provider[3] know who their customers are, not sub
providers, the RIR or anyone else. If you report it to the police and they
actually start working on it, both the provider and the offender may be
fined.
Legal spam[2]
Never assume anyone will or should actually take any actions at all. As the
polite person you are, you would only like to report something you dislike.
It is usually the matter for the offender/provider to receive enough
complaints before they might do anything. Just send the complaint by email
and/or even make a call if you have the time - and hope for that everyone
else is doing it too.
Blacklisting the provider of the offender just because they are practising
what the government(s) is telling them to do is to me considered extremely
unprofessional and I would never do business with anyone doing that. I
wouldn't be surprised if a blacklist provider with that kind of policy some
day would be prosecuted because it is pretty darn close to three types of
extortion. You may however block the offender if you wish, but your
customers should be able to unblock it. If too many unblock it you should
probably not block them at all.
If you are unable to block the offender because the technology or solution
you are using does not support it, then I guess there is little you can do
about it.
[1] - to refuse something does not mean that you do not receive an answer.
If you do not receive an answer, resend or use another medium like a
telephone. AFAIK there is often no requirement to be reachable by email.
[2] - defined by national laws usually in the sender and the destination
country, supplemented by the ISPs AUP only if it is crystal clear (not one
of those "spamming is not permitted" + "spam is what we say it is").
Unsolicited electronic bulk messages (with restrictions) are permitted in
many nations.
[3] - some spammers might attempt to hide their identity by setting up a lot
of fake (sub)companies/(sub)providers
Cheers,
j
> -----Original Message-----
> From: anti-spam-wg-admin@localhost [
] On
> Behalf Of tp
> Sent: 3. april 2007 18:13
> To: oca@localhost anti-spam-wg@localhost
> Subject: Re: [anti-spam-wg] Any suggestions about how to deal with non co-
> operative ISP's and RIR's ?
>
> ----- Original Message -----
> From: oca@localhost
>
> Sent: Tuesday, April 03, 2007 10:06 AM
> Subject: Re: [anti-spam-wg] Any suggestions about how to deal with non
> co-operative ISP's and RIR's ?
>
>
> > Blocking the ISP, in one or another way, is ofcourse a way to deal with
> spam
> > from a given ISP ...
> >
> > But this is only a short-term ( selfish ) solution and dosn't solve the
> root
> > for my frustrations - namely that the ISP and the RIR dosn't seem
> willing to
> > cooperate...
> >
> > Besides this - technically - blocking isn't possible for me ... I'm
> sitting
> > behind a mail relay belonging to my ISP..
> >
> > Anyway - I appreciate that I'm not the only one feeling p... off by this
> > matter.
> >
> > I do believe that only if every responsible organisation on the net
> > cooperate on hacking, spam and other abuse issues - we will be able to
> do
> > anything about - otherwise ....
>
> I agree with you to some extent.
> - arguments about the precise definition of spam are specious
> - ISPs generally do not care since it does not cost them, in fact spam
> makes
> them money whereever they charge by volume (eg on dial-up lines charged by
> time)
> - RIPE has an interesting mission which is largely set by ISP and LIR
>
> So I suggest forgetting about reporting abuse to ISP or xIR unless and
> until our
> national or supra-national governments enact and enforce legislation. You
> could, on the other hand, report it to organisations who maintain
> Black/Block
> Lists of addresses/domains that emit spam whose output is in turn used in
> a way
> that could draw the attention of ISPs. Quite why these should be the good
> guys
> in this I have yet to comprehend but that is what they seem to be.
>
> Tom Petch
>
>
> >
> > Ole
> >
> > ----- Original Message -----
> > From: "peter h" peter@localhost
> >
> > Sent: Tuesday, April 03, 2007 7:37 AM
> > Subject: Re: [anti-spam-wg] Any suggestions about how to deal with non
> > co-operative ISP's and RIR's ?
> >
> >
> > On Monday 02 April 2007 08.50, oca@localhost wrote:
> > > Any suggestions about how to deal with non co-operative ISP's and
> RIR's ?
> > >
> > > When I receive a spam mail, I normally send a spam repport to the
> "abuse
> > > mail account" of the ISP being responsible for the IP address using
> the
> > > whois databases of the RIR's.
> > >
> > > Normally this works very fine ... or rather ... I'm often able to
> deliver
> > > the repport somewhere without any problems.
> > >
> > > But in some cases the given account dosn't exist or is hidden behind a
> > > spamfilter..
> > >
> > > In these cases I have tried to contact the RIR of the ISP but with
> very
> > > different outcome ...
> > >
> > > Some RIR's consider this as a problem they can deal with and some
> dosn't
> > > !!!
> > >
> > > Last week I received a third spam mail from an ip address belonging to
> > > charter.net...
> > >
> > > According to the whois of arin, and to the homepage of the ISP, I
> should
> > > repport abuse to abuse@localhost...
> > >
> > > This I have tried several times getting an "unable to deliver" repport
> > > every
> > > time ...
> > >
> > > Trying to raise this as an issue for ARIN gives this repply:
> > >
> > > > ARIN is an IP registry whose primary function is the registration
> and
> > > > distribution of IP number resources (IP addresses and Autonomous
> System
> > > > Numbers) in North America.
> > > >
> > > > IP number resource registration information can be found in the
> > > > public ARIN WHOIS database found at:
> > > >
> > > > http://www.arin.net/whois/
> > > >
> > > > Please understand that ARIN does not operate any of the networks
> > > > contained
> > > > in the WHOIS database nor is ARIN responsible for supplying and
> > > > maintaining the registration data in the WHOIS database. That
> > > > responsibility lies soley with the registrant of the data.
> > >
> > > How do we fight spam, and other kind of abuse, as long as some of the
> > > ISP's
> > > and the RIR's has this kind of attitudes ?
> > >
> > > Ole
> > >
> > >
> > The solution is - block them. Either subscribe on a blocklist that fills
> the
> > need or block the offending ISP's yourself. IP ranges is easily
> > available by "whois"
> >
> > The downside is that _if_ someone is within that ISP's net they are
> > not able to mail you, but a proper "bounce-message" ( "Use gmail or any
> > other
> > serious mailprovider" ) or punch a hole in you block when needed.
> >
> > The only real pressure that can be applied to unserious ISP is to
> > threat their income. Make their customers complain and eventually
> > abandom them.
> >
> > --
> > Peter Håkanson
> >
> > There's never money to do it right, but always money to do it
> > again ... and again ... and again ... and again.
> > ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
> >
> >