Unfortunately that raises the issue of what's generally termed in law a "business boycott" which is at least tortiable if not illegal. The grocer can't agree with your landlord not to sell you food until you catch up on the rent. They can agree to use this information to refuse you credit but even that's quite constrained by law even if often done anyhow. And that's a credit relationship so different. I went over this with my attorney when another ISP asked me to shut a customer's account down because they were spamming them from a third ISP's account. I asked to look at the emails (spam) in question and none originated at our site. The acct in question on my site didn't do anything problematic that I could find. My lawyer explained the above to me: You can't do that, business boycott. The other ISP (specifically a sysadmin) who'd asked me to shut the acct got so angry at this response, he took it all very personally and unprofessionally, that I had to bring in his own legal dept to explain this to him which he of course took as a further affront. It got ugly but you don't need the details. That's the problem with all this folksy armchair "law", it's often very bad advice and based on the assumption that the law must agree with one's emotional feelings. Good luck with that. On July 29, 2016 at 08:08 rsk@gsp.org (Rich Kulawiec) wrote:
On Thu, Jul 28, 2016 at 11:30:12PM +0000, Donn Lasher via NANOG wrote:
If we want to be accurate about it, Cloudflare doesn???t host the DDoS, they protect the website of seller of the product. We shouldn???t be de-peering Cloud Flare over sites they protect any more than we would de-peer GoDaddy over sites they host, some of which, no doubt, sell gray/black market/illegal items/services.
This strategy fails for two reasons.
First, nobody gets a pass. Anybody providing services to abusers needs to cut them off, whether it's a registrar, a web host, an email provider, a DNS provider, or anything else. Nobody gets to shrug it off with "Well, but..."
Second, nobody *can* get a pass, because the people behind these operations have long since learned to distribute their assets widely -- in an attempt to avoid exactly the actions in the first point. And you know what? It works. "We're just hosting their email", says X, and "We're just hosting their DNS", says Y, and "We're just hosting their web site", says Z, and none of them do anything, and nothing gets done.
The only way to make action against them effective is to do it broadly, do it swiftly, and do it permanently.
---rsk
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*