Now let's just say the whole world adopted DIGEX's policy in full. Playing Devil's advocate, what if.... To remove a site from the internet [competitor, bad guy, good guy, enemy, let your imagination run wild]... What is keeping someone from spamming half a dozen or so sites (just enough to get noticed) with the line "please visit site 'http://www.xyz.com' for more information." To add spice to the pot, what if the message were deliberately worded to look like an ad for www.xyz.com, even if www.xyz.com had no connection with this ad? Since SPAM by its very nature is difficult to trace thoroughly and the information is not very useful to prevent future attacks, I think its important to mention/cover situations like this. I am sure we have seen all kinds of crap, from people forging mail to appear from a legitimate NSPs' support mailbox to (of course) the behavior above. How would one incorporate this sort of behavior into a fair AUP? -Deepak. On Sun, 20 Apr 1997, Lydia Leong wrote:
On Apr 17, 10:47pm, MARK BORCHERS wrote:
I don't know that I'd favor an abuse policy that encompasses WWW sites, even if they are listed elsewhere in spam mailings, but if there's a reasonable policy out there that contemplates this type of situation, I'd love to know how it reads.
[ Speaking only for myself. ]
DIGEX's acceptable use policies prohibit customers spamming through DIGEX connections (whether individual dialup, leased line, or webserver hosting), _and_ they prohibit customers from advertising services hosted on DIGEX connections in a manner that violates DIGEX's no-spam policies or the AUP of another provider. We also explicitly prohibit customers from advertising in a manner that violates the Federal Trade Commision's Deception Policy Statement.
This prevents somebody from reaping the benefits of a spam, regardless of where it originated from. It also means that even if the other provider doesn't take a responsible attitude towards his customers, the Internet community still has a second line of defense. It means that unethical businessmen can't go get throwaway Juno/CompuServe/etc. accounts, spam from them with the full knowledge that the accounts are going to be immediately cancelled, and pay nothing for the privilege.
The policy is at http://www.access.digex.net/~policy/digex-aup.html for the curious.
I certainly don't advocate hacker attacks on AGIS, if indeed AGIS was actually the subject of a denial of service attack. But I do think that AGIS, as a backbone provider, needs to take a more responsible attitude. When I log into my mail servers in the morning and find that my mail queue is jammed with fifteen thousand CyberPromo ads and legitimate customer traffic is slowed or stalled, as far as I'm concerned, that's something just short of a denial of service attack originating from AGIS netblocks.
While it's clear that, right now, ISPs aren't really legally responsible for the behavior of their customers, from the standpoint of good business relations and the general cooperative attitude of the Internet, it seems irresponsible for a provider to fail to terminate customers who are obviously abusive.
I'm currently working on a sendmail hack that will deal with only accepting relays from certain netblocks, expressed in IP prefix notation (the current sendmail capability of specifying, say, 204.91.98, is inadequate for me, since we have customers to have less than /24s). Until then, CyberPromo is my daily headache. Those people ought to be sued off the earth for theft of service.
+-------------+--------------------------------------+---------------------+ | Lydia Leong | http://www.access.digex.net/~lwl/ | lydia@digex.net | | DIGEX, Inc. | Business Internet Connectivity Group | Systems Engineering | | 800-99DIGEX | Senior Systems Engineer / Postmaster | policy@digex.net | +-------------+--------------------------------------+---------------------+