(top posting makes it hard to follow the conversation, but...) On Fri, Nov 6, 2009 at 10:52 AM, Jonathan Brashear <Jonathan.Brashear@hq.speakeasy.net> wrote:
Correct me if I'm wrong, but isn't there an RFC(2142 if memory serves) that states filtering certain email addresses(like abuse@, noc@, support@) isn't allowed? I understand your point, but it seems sending it to /dev/null only opens another set of problems for you down the road.
There are some 'nice to have' ideas that postmaster/abuse/root/webmaster ought to go somewhere and be seen. If the business decides that any tom/dick/harry/mary can 'inform' them of something such as this you can bet your aliases file that abuse@ will get turned down somewhere. I don't support that activity, but I also don't support this incarnation of the anti-X regulation either. -Chris
Network Engineer, JNCIS-M
214-981-1954 (office) 214-642-4075 (cell) jbrashear@hq.speakeasy.net http://www.speakeasy.net -----Original Message----- From: Christopher Morrow [mailto:morrowc.lists@gmail.com] Sent: Friday, November 06, 2009 9:47 AM To: Valdis.Kletnieks@vt.edu Cc: nanog@nanog.org Subject: Re: Congress may require ISPs to block fraud sites H.R.3817
On Thu, Nov 5, 2009 at 5:56 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Thu, 05 Nov 2009 16:40:09 CST, Bryan King said:
Did I miss a thread on this? Has anyone looked at this yet?
`(2) INTERNET SERVICE PROVIDERS- Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider--
"routes" sounds the most dangerous part there. Does this mean that if we have a BGP peering session with somebody, we need to filter it?
Fortunately, there's the conditions:
`(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
`(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and
upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.
So the big players that just provide bandwidth to the smaller players are mostly off the hook - AS701 has no reason to be aware that some website in Tortuga is in violation (which raises an intresting point - what if the site *is* offshore?)
mail to: abuse@uu.net Subject: Fraud through your network
Hi! someone in tortuga on ip address 1.2.3.4 which I accessed through your network is fraudulently claiming to be the state-bank-of-elbonia. Just though you should know! Also, I think that HR3817 expects you'll now stop this from happening!
-concerned-internet-user
oops, now they have actual knowledge... I suppose this is a good reason though to:
vi /etc/aliases -> abuse: /dev/null
so, is this bill helping? or hurting? :(
And the immediate usptreams will fail to obtain knowledge or awareness of their customer's actions, the same way they always have.
Move along, nothing to see.. ;)
to my mind this is the exact same set of problems that the PA state anti-CP law brought forth...
-chris