I'm just catching up on this list after the holidays, and am writing somewhat belatedly to disagree with this part of the message (the rest of the message was excellent):
Date: Fri, 3 Jan 1997 23:45:13 -0800 (PST) From: Michael Dillon <michael@memra.com> ... Barry, I agree with everyon on this list that this is NOT the place to be discussing the problem. Please take this to the proper forum.
I'm on this list, and _I_ believe this is an appropriate place to discuss this operational problem! It is primarily a problem of inter-provider cooperation, and secondarily a problem of inter-ISP spam policy. Both topics are appropriate for inter-network operations, and thus, this list! Moreover, it was very important to me to learn about this Sprint policy of allowing spamming. I'm in the middle of writing the RFP evaluation criteria for a fairly large network buy. In addition to the paragraphs on accepting routes into its own address space for multihoming (which disqualified Sprint earlier), I'll add some language that: - the service provider must have a written and enforcable policy prohibiting any of its customers from sending traffic with IP Source addresses that are not normally received by the customer (termed "IP address spoofing"). - the service provider must have a written and enforcable policy prohibiting any of its customers from sending traffic with mail "From:" addresses that are not normally received by the customer, or that belong to another user (termed "mail spoofing"). - the service provider must have a written and enforcable policy prohibiting any of its customers from sending any traffic to recipients that have not requested the traffic -- including (but not limited to) the sending of off-topic or unsolicited mail messages to mailing list exploders, subsets of mailing list registrants, news groups, and posters to news groups (termed "mail spamming"). The requirement for a response to any such unsolicited message to prevent future messages is unacceptable. - the service provider must have the capability of isolating any external network addresses and connections within 10 minutes of notification about operational problems of its other customers and network connections -- including (but not limited to) broadcast flooding, connection flooding, routing loops, address spoofing, mail spoofing, and mail spamming. - The service provider will guarantee reimbursement of costs for each minute (or fraction thereof) beyond the specified 10 minutes. I believe these will disqualify Sprint, too. Any additional language or clarification would be helpful. Thanks. WSimpson@UMich.edu Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 BSimpson@MorningStar.com Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2