From owner-nanog@merit.edu Thu Feb 24 23:19:15 2005 Date: Thu, 24 Feb 2005 22:46:13 -0500 From: Rich Kulawiec <rsk@gsp.org> To: nanog@merit.org Subject: Re: AOL scomp
On Thu, Feb 24, 2005 at 02:53:14PM -0500, Mark Radabaugh wrote:
Now here I would disagree. These are specific requests by individuals to forward mail to from one of their own accounts to another one of their own accounts.
But a request to forward mail is not a request to facilitate abuse by forwarding spam.
I do not think AOL (or anyone) should consider mail forwarded at the customers request as indicating that our mail servers are sending spam.
Why not?
Because the recipient *expressly* requested that "all mail which would reach my inbox on your system be sent to me at AOL (or any other "somewhere else"). This means that every such message from the 'forwarding' system to the destination system is, BY DEFINITON, "solicited". The mailbox owner has expressly and explicictly requested those messages be sent to him at the receiving system. If that person then reports such messages -- that they have EXPRESSLY requested be sent to the receiving system -- as spam, to the operator of the receiving system, then that person is *indisputably* IN THE WRONG for doing so. The _person_ who issued the directive causing that message to end up in the recipient's inbox is the *recipient*himself*. If he reports the message as spam, then it can be logically held that *he* is the spammer. And his access on *both* systems (forwarding and receiving) should be terminated for AUP violation. Now, if the recipient wants to report it to the forwarding system -- so that they can block any further inbound attempts -- that's a whole nother story. Of course, this requires that the person involved be "smart enough" to read and understand the headers on the message. In actuality, *I* am not QUITE as draconian as suggested a couple of paragraphs previously. If I forward somebody's mail and get a complaint from the reciveing system about spam to that user, "originating" from my system, that user *permanently* loses any forwarding privileges/capabilities. No appeal, no _notice_ no 'second chance', no nothing -- forwarding just "stops working" for them. They _were_ told of this "down-side risk", with regard to such an error, *before* the forwarding was enabled. They get to live with the consequences.