And what will the FBI do when spammers leave the US...
In these cases, we normally turn them into international trade issues. If we all freely admit that this problem is beyond a technical solution, what are our alternatives? Even in the best of cases, sometimes we have no choices. In Agis's case, they recently took action and disconnected a known spammer site; they were taken to court and ordered to restore service. I am not sure how well my own Use Policy would hold up were we ever to be dragged into court. As the wild west days of the Internet wane and our Clint Eastwood heros, (e.g. the Honorable Paul Vixie) find themselves marginalized by savvy customers with court orders, we will find that migrating from gun slinging to organized law enforcement far cheaper and more effective in the long run. I am just as willing as the next 'responsible provider' to be responsible. However, if I cannot also have the authority that comes with it or at least can turn to someone who does, then we will end up in a free-for-all situation which, come to think of it, is what is happening now. No One on the Internet has the authority to turn Anyone off no matter what they do, nearly. Check my spamming report from last night, I see my top abuser yesterday was an MCI customer (see trace). Though I have sent lots of complaints to MCI, never have I ever gotten a human reply with followup. In fact, in my personal experience, I have never had any of the big backbone providers do much other than send me an automated reply, except for one; Agis. Perhaps it is because I am a customer that they listen to me whine, but it does seem than in all of the public discussions thus far, I have only seen one provider even willing to engage in a conversation on spamming. And yet who is the preferred whipping boy, since uunet, bellsouth, mci, et. al. are all bright enough to know when to duck an issue? hmmm. Cal Esse, my neighbor, asked, "are you letting people come and pick from your garden, honey?" "No, why do you ask?" "Well, the man on the top floor sent over his step daughter to pick some things and I was just thought you should know." Sure enough, my first crop of peaches were gone along with some other things. I installed a broken video camera on my house over looking the garden. I have not lost anything since. wickerpark 212) t netsgo.com traceroute to netsgo.com (210.115.123.108), 30 hops max, 40 byte packets 1 CHI-Cisco01.ThoughtPort.COM (199.171.236.1) 40 ms 10 ms 10 ms 2 CHI-DET-Cisco01.BB.ThoughtPort.COM (199.171.248.2) 30 ms 10 ms 10 ms 3 a0.1008.chicago4.agis.net (205.137.60.238) 30 ms 20 ms 20 ms 4 a0-0.1.chicago2.agis.net (205.254.173.250) 30 ms 20 ms 30 ms 5 aads.mci.net (198.32.130.12) 70 ms 4 ms 60 ms 6 aads.mci.net (198.32.130.12) 70 ms * 130 ms 7 * core1.Bloomington.mci.net (204.70.4.161) 190 ms 130 ms 8 core2-hssi-2.Sacramento.mci.net (204.70.1.138) 300 ms * 620 ms 9 border7-fddi-0.Sacramento.mci.net (204.70.164.51) 120 ms 110 ms 120 ms 10 yukong-ltd.Sacramento.mci.net (204.70.122.86) 250 ms 260 ms 280 ms 11 abs.netsgo.com (210.115.123.108) 260 ms 260 ms 270 ms Begin forwarded message: Date: Thu, 30 Oct 1997 00:24:46 -0500 (EST) From: Jon Lewis <jlewis@inorganic5.fdt.net> To: Cal_Thixton@TPA.Net cc: Phil Lawlor <phil@agis.net>, nanog@merit.edu Subject: Re: Spam Control Considered Harmful In-Reply-To: <199710300214.UAA12965@thoughtport.thoughtport.net> X-To-Stop-Spam-See: [An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/spam.html On Wed, 29 Oct 1997, Cal Thixton - President - ThoughtPort Authority of Chicago wrote:
I personally see no practical technical means of eliminating the practise of spamming and rather than spending time trying to dream up fancier and smarter sendmail's, we should seek to simply expand the current mail fraud laws to cover electronic mail. Then we can simply sic the FBI on these people armed with terabytes of logs and spam emails
And what will the FBI do when spammers leave the US and do their deed from other countries? Spammers won't be stopped by legislation or technology...the average internet user can't handle the amount of technology necessary to keep spam out of their mail. The average sysadmin isn't much better off. I had to disable my latest anti-spam sendmail rule today (denying incoming mail from sites with no or incorrect in-addr.arpa DNS) because a client is trying to do business with a site that has existed for a year an a half and never setup in-addr.arpa DNS. Spam can only be stopped by responsible providers not allowing their clients to abuse the net. Phil's attitude of "We provide internet connectivity. If you don't like spam, _you_ do something about it." has nearly destroyed AGIS. Who's going to be next? BTW...Cal...obtain a linefeed. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______[An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____ Begin forwarded message: Date: Thu, 30 Oct 1997 00:24:46 -0500 (EST) From: Jon Lewis <jlewis@inorganic5.fdt.net> To: Cal_Thixton@TPA.Net cc: Phil Lawlor <phil@agis.net>, nanog@merit.edu Subject: Re: Spam Control Considered Harmful In-Reply-To: <199710300214.UAA12965@thoughtport.thoughtport.net> X-To-Stop-Spam-See: [An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/spam.html On Wed, 29 Oct 1997, Cal Thixton - President - ThoughtPort Authority of Chicago wrote:
I personally see no practical technical means of eliminating the practise of spamming and rather than spending time trying to dream up fancier and smarter sendmail's, we should seek to simply expand the current mail fraud laws to cover electronic mail. Then we can simply sic the FBI on these people armed with terabytes of logs and spam emails
And what will the FBI do when spammers leave the US and do their deed from other countries? Spammers won't be stopped by legislation or technology...the average internet user can't handle the amount of technology necessary to keep spam out of their mail. The average sysadmin isn't much better off. I had to disable my latest anti-spam sendmail rule today (denying incoming mail from sites with no or incorrect in-addr.arpa DNS) because a client is trying to do business with a site that has existed for a year an a half and never setup in-addr.arpa DNS. Spam can only be stopped by responsible providers not allowing their clients to abuse the net. Phil's attitude of "We provide internet connectivity. If you don't like spam, _you_ do something about it." has nearly destroyed AGIS. Who's going to be next? BTW...Cal...obtain a linefeed. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______[An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____ Date: Thu, 30 Oct 1997 11:46:25 -0600 (CST) From: cthixton@thoughtport.net To: security@thoughtport.net Subject: Relay Block SPAM: thoughtport Who they are to: 44 webmaster netter.com.210.115.122.108 8 kstrieke bdcast.com.206.156.255.28 8 clifton ix.netcom.com.207.93.45.69 8 clifton ix.netcom.com.207.93.45.122 8 chadparsons prodigy.net.166.72.115.94 6 ygoldman hotmail.com.205.253.105.90 6 clifton ix.netcom.com.207.93.45.83 4 service etrade.com.208.254.139.3 4 service etrade.com.208.254.139.114 4 majordomo bapp.com.205.253.105.90 4 flashflood flashflood.com 2 tuneup qdeck.com.205.253.105.91 2 slawson iu.net.207.227.183.38 2 silisanise aol.com.207.53.21.153 2 siliconel aol.com.207.53.21.153 2 sileyboy aol.com.207.53.21.153 2 silentz aol.com.207.53.21.153 2 silenth2o aol.com.207.53.21.153 2 silaswight aol.com.207.53.21.153 2 silasmanue aol.com.207.53.21.153 2 silant aol.com.207.53.21.153 2 sil228 aol.com.207.53.21.153 2 rpatel bitconsulting.com.208.254.139.114 2 redsoxbry aol.com.207.53.20.108 2 redsox8674 aol.com.207.53.20.108 2 redsox21 aol.com.207.53.20.108 2 redsox2000 aol.com.207.53.20.108 2 redsox2 aol.com.207.53.20.108 2 redsox1975 aol.com.207.53.20.108 2 qtgal100 aol.com.207.53.20.135 2 qtfiddler aol.com.207.53.20.135 2 qtetsinger aol.com.207.53.20.135 2 qtesweet aol.com.207.53.20.135 2 qtess14u aol.com.207.53.20.135 2 qtenc aol.com.207.53.20.135 2 php46 aol.com.207.53.20.169 2 phoyt31329 aol.com.207.53.20.169 2 phoxy8 aol.com.207.53.20.169 2 phoxphyre aol.com.207.53.20.169 2 phoxman aol.com.207.53.20.169 2 phoxeast aol.com.207.53.20.169 2 phoenixwmn aol.com.207.53.20.169 2 nwc gun.com.192.41.5.95 2 mreisel sn.no.205.253.105.93 2 majordomo bap.com.205.253.105.90 2 kmiche01 thoughtport.com? 2 jal pilot.net.165.124.30.53[165.124.30.53] 2 info flyfrontier.com.153.36.240.239 2 ez connected.com.205.253.105.90 2 dj01 netter.com.208.208.223.19[208.208.223.19] 2 clifton ix.netcom.com.207.93.45.71 2 clifton ix.netcom.com.207.93.45.66 2 cheeto333 aol.com.208.197.20.27[208.197.20.27] 2 cheeto2323 aol.com.208.197.20.27[208.197.20.27] 2 cheeto178 aol.com.208.197.20.27[208.197.20.27] 2 chays911 aol.com.208.197.20.27[208.197.20.27] 2 cevans1977 aol.com.208.197.20.39[208.197.20.39] 2 cevans1948 aol.com.208.197.20.39[208.197.20.39] 2 cevans1464 aol.com.208.197.20.39[208.197.20.39] 2 cennypam aol.com.208.197.20.42[208.197.20.42] 2 cenntauri aol.com.208.197.20.42[208.197.20.42] 2 cennjcutie aol.com.208.197.20.42[208.197.20.42] 2 aparker infonorth.com.tom_cunningham 2 aallen3939 aol.com.207.53.20.103 2 aallen365 aol.com.207.53.20.103 2 aallen3106 aol.com.207.53.20.103 2 aallen2177 aol.com.207.53.20.103 2 aallen1980 aol.com.207.53.20.103 2 aallen1 aol.com.207.53.20.103 2 MACIAS NETTER.COM.199.35.191.5 2 Chris_Ivers/NC/FD/USA/Kelly kellyservices.com.165.124.30.53[165.124.30.53] 2 2004076 mcimail.com.153.35.127.59 2 2004075 mcimail.com.153.35.127.59 2 2004074 mcimail.com.153.35.127.59 2 2004073 mcimail.com.153.35.127.59 2 2004072 mcimail.com.153.35.127.59 2 2004071 mcimail.com.153.35.127.59 2 2004070 mcimail.com.153.35.127.59 2 2004069 mcimail.com.153.35.127.59 2 2004068 mcimail.com.153.35.127.59 2 2004067 mcimail.com.153.35.127.59 2 103467.2127 compuserve.com.206.133.160.189 1 No Relay Domains they are to: 44 netter.com.210.115.122.108 20 mcimail.com.153.35.127.59 18 aol.com.207.53.21.153 14 aol.com.207.53.20.169 12 aol.com.207.53.20.135 12 aol.com.207.53.20.108 12 aol.com.207.53.20.103 8 prodigy.net.166.72.115.94 8 ix.netcom.com.207.93.45.69 8 ix.netcom.com.207.93.45.122 8 bdcast.com.206.156.255.28 8 aol.com.208.197.20.27[208.197.20.27] 6 ix.netcom.com.207.93.45.83 6 hotmail.com.205.253.105.90 6 aol.com.208.197.20.42[208.197.20.42] 6 aol.com.208.197.20.39[208.197.20.39] 4 flashflood.com 4 etrade.com.208.254.139.3 4 etrade.com.208.254.139.114 4 bapp.com.205.253.105.90 2 thoughtport.com? 2 sn.no.205.253.105.93 2 qdeck.com.205.253.105.91 2 pilot.net.165.124.30.53[165.124.30.53] 2 netter.com.208.208.223.19[208.208.223.19] 2 kellyservices.com.165.124.30.53[165.124.30.53] 2 ix.netcom.com.207.93.45.71 2 ix.netcom.com.207.93.45.66 2 iu.net.207.227.183.38 2 infonorth.com.tom_cunningham 2 gun.com.192.41.5.95 2 flyfrontier.com.153.36.240.239 2 connected.com.205.253.105.90 2 compuserve.com.206.133.160.189 2 bitconsulting.com.208.254.139.114 2 bap.com.205.253.105.90 2 NETTER.COM.199.35.191.5 1 Relay Sites they are from: 45 netsgo.com 22 0.197.20.0 21 1Cust59.max6.cleveland.oh.ms.uu.net 18 d00408.msy.bellsouth.net 14 lachman-2.pr.mcs.net 14 d00168.msy.bellsouth.net 12 d00134.msy.bellsouth.net 12 d00107.msy.bellsouth.net 12 d00102.msy.bellsouth.net 10 day-fl2-58.ix.netcom.com 10 day-fl2-05.ix.netcom.com 9 slip166-72-115-94.mo.us.ibm.net 8 day-fl2-19.ix.netcom.com 8 ColumbiaMO-28.usi.com 7 1Cust114.tnt1.bloomington.il.da.uu.net 4 1Cust3.tnt1.bloomington.il.da.uu.net 4 0.124.30.0 3 greatideas-38.starnetinc.com 3 day-fl2-07.ix.netcom.com 2 transera.com 2 sdn-ts-011coauroP10.dialsprint.net 2 lachman-5.pr.mcs.net 2 lachman-3.pr.mcs.net 2 day-fl2-02.ix.netcom.com 2 bastion.mecklermedia.com 2 1Cust239.tnt14.dfw5.da.uu.net 2 0.208.223.0 Traces to sites that have no name trace these: 0.124.30.0 0.197.20.0 0.208.223.0 Looking Up 0.124.30.0 route: 0.0.0.0/1 descr: HALF-DEFAULT-ZERO descr: The Reasonable Default Network Project descr: This prefix is one of three which is designed descr: to accomplish several things. Firstly, ICM descr: will be offering a set of robust and hardened descr: default-oriented prefixes which will be made descr: reliably available to some of AS1800's peers and descr: things downstream from them. The routing announcements descr: will be supplemented with a box that sends back descr: appropriate ICMP messages; at some point we will descr: also make a view of the default-announcing box's descr: knowledge of global routing available to folks descr: who wish to accept the default announcement. descr: Secondly, this announcement is designed to assist descr: ANS in the transition away from advisories. We expect descr: that this will allow people to send in far fewer descr: advisory updates than is done currently, without descr: breaking reachability between ANS's customers and descr: the rest of the world. This is good for both ANS descr: and everyone else. descr: Thirdly, ICM will be running some experiements on descr: sheer amount of traffic that follows an ultimate descr: default, although this must be done without descr: examining that traffic for content without explicit descr: permission from the originator. We expect that this descr: will help identify and fix problems in the global descr: routing system. descr: questions, comments and flames to: smd@sprint.net, roll@stupi.se origin: AS1800 advisory: AS690 1:1800 2:1239 mnt-by: MAINT-AS1800 changed: selina@ans.net 951011 source: RADB Tracing to: 0.124.30.0 traceroute to 0.124.30.0 (0.124.30.0), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Looking Up 0.197.20.0 route: 0.0.0.0/1 descr: HALF-DEFAULT-ZERO descr: The Reasonable Default Network Project descr: This prefix is one of three which is designed descr: to accomplish several things. Firstly, ICM descr: will be offering a set of robust and hardened descr: default-oriented prefixes which will be made descr: reliably available to some of AS1800's peers and descr: things downstream from them. The routing announcements descr: will be supplemented with a box that sends back descr: appropriate ICMP messages; at some point we will descr: also make a view of the default-announcing box's descr: knowledge of global routing available to folks descr: who wish to accept the default announcement. descr: Secondly, this announcement is designed to assist descr: ANS in the transition away from advisories. We expect descr: that this will allow people to send in far fewer descr: advisory updates than is done currently, without descr: breaking reachability between ANS's customers and descr: the rest of the world. This is good for both ANS descr: and everyone else. descr: Thirdly, ICM will be running some experiements on descr: sheer amount of traffic that follows an ultimate descr: default, although this must be done without descr: examining that traffic for content without explicit descr: permission from the originator. We expect that this descr: will help identify and fix problems in the global descr: routing system. descr: questions, comments and flames to: smd@sprint.net, roll@stupi.se origin: AS1800 advisory: AS690 1:1800 2:1239 mnt-by: MAINT-AS1800 changed: selina@ans.net 951011 source: RADB Tracing to: 0.197.20.0 traceroute to 0.197.20.0 (0.197.20.0), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Looking Up 0.208.223.0 route: 0.0.0.0/1 descr: HALF-DEFAULT-ZERO descr: The Reasonable Default Network Project descr: This prefix is one of three which is designed descr: to accomplish several things. Firstly, ICM descr: will be offering a set of robust and hardened descr: default-oriented prefixes which will be made descr: reliably available to some of AS1800's peers and descr: things downstream from them. The routing announcements descr: will be supplemented with a box that sends back descr: appropriate ICMP messages; at some point we will descr: also make a view of the default-announcing box's descr: knowledge of global routing available to folks descr: who wish to accept the default announcement. descr: Secondly, this announcement is designed to assist descr: ANS in the transition away from advisories. We expect descr: that this will allow people to send in far fewer descr: advisory updates than is done currently, without descr: breaking reachability between ANS's customers and descr: the rest of the world. This is good for both ANS descr: and everyone else. descr: Thirdly, ICM will be running some experiements on descr: sheer amount of traffic that follows an ultimate descr: default, although this must be done without descr: examining that traffic for content without explicit descr: permission from the originator. We expect that this descr: will help identify and fix problems in the global descr: routing system. descr: questions, comments and flames to: smd@sprint.net, roll@stupi.se origin: AS1800 advisory: AS690 1:1800 2:1239 mnt-by: MAINT-AS1800 changed: selina@ans.net 951011 source: RADB Tracing to: 0.208.223.0 traceroute to 0.208.223.0 (0.208.223.0), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *