The problem with this is that someone, sooner or later, is going to take a run at people trying to set up what amounts to a set of contractual requirements that exceed legal requirements - and then enforce them network wide. The collusive aspect of this is downright scary, especially when coupled with threats of depeering, active denial of service attacks, etc. I happen to be an "anti-spammer", but when you get to the point that you start telling people what they have to put in their contracts as an industry, such that if Person #1 commits an act on a *completely unrelated* system they get their contract voided you're treading on very, very thin ice. That looks an awful lot like an industry-wide blacklist, and those are dangerously close to being per-se illegal. There's nothing wrong with a single provider putting whatever provisions in their agreements they see fit - you're always free to shop for a new provider. However, when industry actions conspire to basically *force* certain provisions to be included in *everyone's* contracts, and those provisions go beyond "don't do illegal things", then IMHO you're exerting force that needs to be very carefully thought out. There IS a means to solve the problem otherwise - that is, for the industry to make "throw away, instant registration" accounts disappear. The problem with what is being done now is that the entire industry is being forced to provide a "safe haven" for a PARTICULAR marketing tactic. There are a lot of "questionable" things that this industry does, but IMHO this one is near or at the top of the list of things I'd talk to my counsel about.... -- -- Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl I ain't even *authorized* to speak for anyone other than myself, so give up now on trying to associate my words with any particular organization. On Thu, Nov 19, 1998 at 09:46:32AM -0500, Chris Mauritz wrote:
That's a pretty shortsighted view, Sheryl. I suspect you haven't been on the receiving end of some idtiot buying a leased line/virtual web presence from you and then spamming from an AOL/PSI/earhlink/yadda yadda account. It isn't pleasant. Folks aren't stupid. They ignore the fact that the tool used to spam was a throwaway account and go right for the jugular (you). It's better to have a zero tolerance policy and not have to deal with the silliness in the first place.
Chris
Chris Mauritz Director, Systems Administration Rare Medium, Inc. chrism@raremedium.com
-----Original Message----- From: Sheryl Chapin [mailto:schapin@ctel.net] Sent: Thursday, November 19, 1998 8:48 AM To: nanog@merit.edu Subject: Re: Lawsuit threat against RBL users
That's right. It stops the practice of using a sacrificial account, from AOL or netcom, to spam for a web-site that is otherwise protected. Does it make a difference that they didn't spam from their own ISP? That customer is *still* a spammer whether they did it from your site or not. Maybe you're of the "It's alright as long as they don't do it here" crowd? Well, that's one of the things that the RBL was built for. The rest of us don't have to put up with your negligence.
I don't see it as "it's alright as long as they don't do it here". I see it as "I have control over my network, but not over anyone elses". I have an AUP that specifically states spamming is not allowed. I have kicked off users who have spammed. However, I do not have an AUP that says "If you ever spam anyone ever in the world on any network anywhere I will disconnect whatever service you have". I don't control the entire internet, just my little piece of it. :-)
Sheryl Chapin Senior Network Engineer CommTel Internet 207.377.3508 Winthrop, Maine schapin@ctel.net