NTL World no longer accepts abuse@ email. You have to go to a web form that requires javascript be enabled and enter all of the information for them. I guess that they got tired of processing the the abuse@ mail load and just bit bucketed it. From the email I got back from them: Please note that we no longer accept any network abuse reports at this address. Any reports must be submitted by using the following web form: http://www.ntlworld.com/netreport Any reports sent to this email address will not be read and will be automatically deleted. -- Will do networking for PowerMac G5 dual 2GHz. Outlook, the exploding Pinto on the information superhighway. - Sean Donelan Chris Boyd
On 4/10/2004 2:26 PM, Chris Boyd wrote:
NTL World no longer accepts abuse@ email. You have to go to a web form that requires javascript be enabled and enter all of the information for them.
option [1] do their job for them so they can run a cheaper net, versus option [2] blacklist so that we both run cheaper nets -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On Sat, 10 Apr 2004, Chris Boyd wrote:
Please note that we no longer accept any network abuse reports at this address. Any reports must be submitted by using the following web form: http://www.ntlworld.com/netreport
Any reports sent to this email address will not be read and will be automatically deleted.
I can guess their reasoning for this is they're tired of bogus complaints (from address on spam/virus was forged to look like it came from them) or complaints lacking the necessary detail to take any action...but the way they've implemented their forms is not going to win them any fans. You have to click through multiple layers of forms before you can actually put in any details. None of the reason options are SPAM. And on my first try, their site caused Mozilla to crash. Also, I doubt this was a decision made by the "network operators", but rather by the abuse department or more likely, whoever oversees it, perhaps figuring that by having the web form CGI neatly categorize all complaints, they can get by with less staff (or clue) handling abuse. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Chris Boyd [10/04/04 14:26 -0500]:
NTL World no longer accepts abuse@ email. You have to go to a web form that requires javascript be enabled and enter all of the information for them. I guess that they got tired of processing the the abuse@ mail load and just bit bucketed it.
NTL peers at Linx, right? I'm sure somebody's mentioned http://www.linx.net/noncore/bcp/ube-bcp.html to them? srs
On Sun, 11 Apr 2004, Suresh Ramasubramanian wrote:
NTL peers at Linx, right? I'm sure somebody's mentioned http://www.linx.net/noncore/bcp/ube-bcp.html to them?
Should anonymous use of the Internet be eliminated so all forms of abuse can be tracked and dealt with? Exception An exception to sections (2) and (3) arises in the case of a system run to deliberately hide the source of email - often called an "anon server". "Anon servers" are used to preserve anonymity where, for example, someone seeks help from a group supporting victims of abuse or wishes to express political views in a country that may punish dissent. ISPs or their customers MAY run anon servers where this is explicitly intended to be the function of the service being provided. They MUST NOT allow their standard service to provide anonymity by failing to comply with this BCP. However an anon server SHOULD NOT be capable of 'amplification' of email by expanding address lists and SHOULD have limiting mechanisms to ensure that the volume of email passing through the server cannot be unusually high without explicit system owner knowledge.
On Sat, 10 Apr 2004, Sean Donelan wrote:
Should anonymous use of the Internet be eliminated so all forms of abuse can be tracked and dealt with?
As long as there are tier1's who allow abuse as long as the checks dont bounce, this will have zero effect. exodus for example had a hands off policy, dont do a single thing until law enforcement arrives with a search warrant. looks like yahoo has adopted a similar policy. -Dan
--On Saturday, April 10, 2004 8:30 PM -0700 Dan Hollis <goemon@anime.net> wrote:
exodus for example had a hands off policy, dont do a single thing until law enforcement arrives with a search warrant.
While this might be a PITA for everybody, I don't see why everybody wants to chastise NSPs for this practice, especially NSPs that are/were telcos. Isn't this more or less the way telcos have dealt with abuse issues for decades? I used to work for a very small (~10k dialup customer) ISP, and at the time our abuse policy was "if somebody complains, and you can find *something* in the logs, then lock the account." Then I went to work for a so-called "Tier-1" and learned in short order that this policy does not scale, especially when abusive customers with DS3s are waving around fully loaded lawyers. -J -- Jeff Workman | jworkman@pimpworks.org | http://www.pimpworks.org
On Sat, 10 Apr 2004, Jeff Workman wrote:
--On Saturday, April 10, 2004 8:30 PM -0700 Dan Hollis <goemon@anime.net> wrote:
exodus for example had a hands off policy, dont do a single thing until law enforcement arrives with a search warrant.
While this might be a PITA for everybody, I don't see why everybody wants to chastise NSPs for this practice, especially NSPs that are/were telcos. Isn't this more or less the way telcos have dealt with abuse issues for decades?
I used to work for a very small (~10k dialup customer) ISP, and at the time our abuse policy was "if somebody complains, and you can find *something* in the logs, then lock the account." Then I went to work for a so-called "Tier-1" and learned in short order that this policy does not scale, especially when abusive customers with DS3s are waving around fully loaded lawyers.
The problem with your argument is very much an apples and oranges comparison. Having spend the first five years of my network career at a "ma and pa" that then got gobbled by Verio, and then the last five plus years at a startup Telco/ISP, I can tell you, you see very different issues. 1> Telcos don't have ISP style AUPs, basically unless it's illegal, you can do it on a phone without the carrier getting involved. 2> Telcos don't have the content variety that ISPs do. You can't (practically) bring down a Class 5 switch, the SS7 network, etc with the actions of one customer. 3> A single phoneset cannot be used to contact 50 million people in a matter of hours to sell them viagra or other stiffy pills. 4> A phoneset cannot be used to hijack or damage another phoneset on the PSTN. There's no such thing as a zombie telephone. PBXs might be hijackable, but not a home phone. 5> The other Telcos don't get pissed when you or your customers use/abuse their resources, they send bills. and the list goes on and one. While both the Telco and ISP are communications services, they are completely different beasts in the abuse department (as well as support, provisioning, billing, etc) If your well lawyered customers complains, wave the AUP at them, if your AUP doesn't allow you to disconnect customers who imperil your network and the Internet at large, rewrite it. Remember that getting cut off by your upstream is more painful than dealing with a PITA customer. Remember that the Internet started out as a community, and in our little neck of the woods (NSP network engineering/operations) it still is, and nobody likes a (BGP) neighbor who doesn't care about the others in his neighborhood. As an ISP/NSP/whatever acronym they think up next, your customers are your responsibility, and you, like a good bartender, need to be able to let your customers know when they're a nusance. -S -- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814
On Sat, 10 Apr 2004, Scott Call wrote:
While both the Telco and ISP are communications services, they are completely different beasts in the abuse department (as well as support, provisioning, billing, etc)
http://www.dailystar.com/dailystar/dailystar/17393.php Overseas scam artists have hijacked a telephone relay system for deaf people and turned phone operators in Tucson and nationwide into full-time facilitators of fraud. Operators at Tucson's Communication Service for the Deaf call center used to spend their shifts helping hearing- and speech-impaired Americans make calls. But since January their workdays are dominated by Internet calls from Nigeria and elsewhere. The callers try to use stolen credit-card numbers to make big purchases of merchandise from American companies. The operators often suspect fraud, but they can't just hang up. Federal rules require them to make the calls and keep the contents strictly confidential. [...] Spokesmen for Sprint, AT&T and Hamilton Telecommunications said the companies are aware of the fraudulent use of their services. But they said it's impossible to know what percentage of their Internet-relay calls are fraudulent, because the calls are confidential. They said they're working with the FCC to resolve the problem. "We're watching it, we're monitoring it, but privacy is key, and no records are kept," said Roberto Cruz, a spokesman for AT&T.
On Sun, 11 Apr 2004, Sean Donelan wrote:
On Sat, 10 Apr 2004, Scott Call wrote:
While both the Telco and ISP are communications services, they are completely different beasts in the abuse department (as well as support, provisioning, billing, etc)
http://www.dailystar.com/dailystar/dailystar/17393.php Overseas scam artists have hijacked a telephone relay system for deaf people and turned phone operators in Tucson and nationwide into full-time facilitators of fraud.
This is an interesting abuse of government mandated resources, but again the scale and rapidity of it are nothing compared to the scale and rapidity of spam/scam/zombie/virus stuff we have to deal with. My point was that my $20 GE telephone cannot be made into a liability for my telephone provider without my explicit participation, whereas a $20 a month dialup (or $50 a month DSL, etc) customer can be a liability for me just by being turned on. Can people abuse the phone system? yes, of course it can, but the criteria for response are much higher, and in general the nature of the network (low concurrent session limit, point to point, voice only) as it is exposed to most people limits the damage that can be casually incurred. -S -S
On Sat, 10 Apr 2004, Scott Call wrote:
My point was that my $20 GE telephone cannot be made into a liability for my telephone provider without my explicit participation, whereas a $20 a month dialup (or $50 a month DSL, etc) customer can be a liability for me just by being turned on.
Although Bell Labs avoided publishing papers about weakness in the telephone system, it doesn't mean they don't exist. The Communications Fraud Control Assocation has a decent publication on communications fraud. http://www.cfca.org/CCSP_dictionary_orderform.htm They cover numerous opportunities for mischief which can occur with your explicit, implicit, and even without your participation. In most cases it is the equipment connected to the line (i.e. CPE), not the line itself vulnerable to mischief. An answering machine with a default remote access code, a cordless telephone without "digital security", an insecure PBX, etc. The telephone network also offers other mischief opportunites such as call forwarding, voice mail, conference bridges, calling cards, third-party billing, collect calls and more.
Can people abuse the phone system? yes, of course it can, but the criteria for response are much higher, and in general the nature of the network (low concurrent session limit, point to point, voice only) as it is exposed to most people limits the damage that can be casually incurred.
There is a difference between crimes against the telephone system and crimes using telephones. The Department of Justice estimates Telemarketing fraud is a $40 Billion a year problem. But telemarketing fraud doesn't necessarily reflect a security vulnerability in the telephone system per se. Or at least not a security vulnerability that can be solved solely by the telephone system.
In message <Pine.GSO.4.58.0404111748140.19031@clifden.donelan.com>, Sean Donela n writes:
On Sat, 10 Apr 2004, Scott Call wrote:
My point was that my $20 GE telephone cannot be made into a liability for my telephone provider without my explicit participation, whereas a $20 a month dialup (or $50 a month DSL, etc) customer can be a liability for me just by being turned on.
Although Bell Labs avoided publishing papers about weakness in the telephone system, it doesn't mean they don't exist. The Communications Fraud Control Assocation has a decent publication on communications fraud.
http://www.cfca.org/CCSP_dictionary_orderform.htm
They cover numerous opportunities for mischief which can occur with your explicit, implicit, and even without your participation.
In most cases it is the equipment connected to the line (i.e. CPE), not the line itself vulnerable to mischief. An answering machine with a default remote access code, a cordless telephone without "digital security", an insecure PBX, etc. The telephone network also offers other mischief opportunites such as call forwarding, voice mail, conference bridges, calling cards, third-party billing, collect calls and more.
Can people abuse the phone system? yes, of course it can, but the criteria for response are much higher, and in general the nature of the network (low concurrent session limit, point to point, voice only) as it is exposed to most people limits the damage that can be casually incurred.
There is a difference between crimes against the telephone system and crimes using telephones. The Department of Justice estimates Telemarketing fraud is a $40 Billion a year problem. But telemarketing fraud doesn't necessarily reflect a security vulnerability in the telephone system per se. Or at least not a security vulnerability that can be solved solely by the telephone system.
As Sean knows very well, the world of telephony fraud is very big and very lucrative for the fraudsters. I don't work on that directly, but I've had plenty of contact with people who do. The big issue in the U.S. is international toll fraud -- calls to some countries are very expensive because of artificially high settlement charges imposed by the receiving countries' telcos (i.e., their PTTs). In fact, for some Third World countries such revenue is a substantial part of their hard currency income. Naturally, miscreants (to use robt's terminology) try to find ways to make such calls from the U.S. more cheaply. Sometimes, this involves hacking PBXs, other times, it involves subscription fraud, or a variety of other kinds of misbehavior. The responses are similar to those we use on the Internet -- traffic analysis (similar to looking at NetFlow), blacklisting calls to certain countries from, say, pay phones, etc. The networks are different, so the types of fraud are different -- but they occur, and they're very big business indeed. Note that U.S. telcos are obligated, by contract, law, and treaty, to pay real dollars to the receiving telcos, even if the call is fraudulent and the telcos can't collect. At this point, domestic U.S. toll fraud is much less interesting, because the real dollar outflow per minute for such calls is generally a couple of orders of magnitude less. And then there are 900 numbers -- but that's another story for another day. Grab me in the bar at NANOG some time... --Steve Bellovin, http://www.research.att.com/~smb
[4/12/2004 4:49 AM] Steven M. Bellovin :
Naturally, miscreants (to use robt's terminology) try to find ways to make such calls from the U.S. more cheaply. Sometimes, this involves hacking PBXs, other times, it involves subscription fraud, or a variety of other kinds of misbehavior. The responses are similar to those we use on the Internet -- traffic analysis (similar to looking at NetFlow), blacklisting calls to certain countries from, say, pay phones, etc.
There is another class of people who route calls out from the USA to India (or elsewhere) using VOIP, terminate the calls at an unauthorized (that is, not run by a licensed telco) exchange in india, and then route the calls out through the local pstn or mobile network. Quite a few of the "call $asian_country for cheap" phone cards you find at ethnic grocery stores seem to work on these lines. The local telco doesn't see a red cent of any settlement charges when this happens. Local telcos are, of course, all against this, and use any and every excuse to get these exchanges busted - a procedure that typically involves having the local police raid the exchange. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
In message <4079F583.3010200@outblaze.com>, Suresh Ramasubramanian writes:
[4/12/2004 4:49 AM] Steven M. Bellovin :
Naturally, miscreants (to use robt's terminology) try to find ways to make such calls from the U.S. more cheaply. Sometimes, this involves hacking PBXs, other times, it involves subscription fraud, or a variety of other kinds of misbehavior. The responses are similar to those we use on the Internet -- traffic analysis (similar to looking at NetFlow), blacklisting calls to certain countries from, say, pay phones, etc.
There is another class of people who route calls out from the USA to India (or elsewhere) using VOIP, terminate the calls at an unauthorized (that is, not run by a licensed telco) exchange in india, and then route the calls out through the local pstn or mobile network.
Quite a few of the "call $asian_country for cheap" phone cards you find at ethnic grocery stores seem to work on these lines.
The local telco doesn't see a red cent of any settlement charges when this happens. Local telcos are, of course, all against this, and use any and every excuse to get these exchanges busted - a procedure that typically involves having the local police raid the exchange.
Yes. Depending on the countries and telcos involved, this is either illegal or "irregular" network access. Other schemes involve call-back (with the Internet as the signaling channel -- I first heard of that being used in 1994, when most people outside our business had never heard of the Internet) or calling through a third country if the difference in rates makes that profitable. --Steve Bellovin, http://www.research.att.com/~smb
Thus spake "Suresh Ramasubramanian" <suresh@outblaze.com>
There is another class of people who route calls out from the USA to India (or elsewhere) using VOIP, terminate the calls at an unauthorized (that is, not run by a licensed telco) exchange in india, and then route the calls out through the local pstn or mobile network.
Quite a few of the "call $asian_country for cheap" phone cards you find at ethnic grocery stores seem to work on these lines.
The local telco doesn't see a red cent of any settlement charges when this happens. Local telcos are, of course, all against this, and use any and every excuse to get these exchanges busted - a procedure that typically involves having the local police raid the exchange.
One method that makes raids difficult is that the landing site for these calls is often a satellite dish (for the international side) combined with GSM phones (for the local side). Sure, you can cut off the GSM phones one-by-one, but new ones are cheap enough that it's like a game of whack-a-mole. S Stephen Sprunk "Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
On 12-apr-04, at 5:06, Stephen Sprunk wrote:
The local telco doesn't see a red cent of any settlement charges when this happens.
We all feel very sorry for them, I'm sure.
Local telcos are, of course, all against this, and use any and every excuse to get these exchanges busted - a procedure that typically involves having the local police raid the exchange.
One method that makes raids difficult is that the landing site for these calls is often a satellite dish (for the international side) combined with GSM phones (for the local side).
Wow, VoIP+sat+GSM, that must add up to close to 1500 ms delay! That can't be any fun.
[4/12/2004 1:33 PM] Iljitsch van Beijnum :
Wow, VoIP+sat+GSM, that must add up to close to 1500 ms delay! That can't be any fun.
Well, there was a nanog thread some days back about voip over sat. People do it all the time (alaskan mining camps for example). Voice quality is horrendous, there is some latency like you say. People still buy these cards a lot as they get over a hour of talk time for a few dollars instead of the 10..15 minutes that you'd get with a comparably priced phone card from (say) MCI. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
On Apr 12, 2004, at 4:03 AM, Iljitsch van Beijnum wrote:
On 12-apr-04, at 5:06, Stephen Sprunk wrote:
The local telco doesn't see a red cent of any settlement charges when this happens.
We all feel very sorry for them, I'm sure.
We will if they take it out on the local customers by raising the prices, or even worse, going belly up. Given the stability of some local telcos in 3rd world countries, this is not at all out of the question. -- TTFN, patrick
* iljitsch@muada.com (Iljitsch van Beijnum) [Mon 12 Apr 2004, 10:07 CEST]:
Wow, VoIP+sat+GSM, that must add up to close to 1500 ms delay! That can't be any fun.
No worse than regular phone service in India (my gsm was roaming on a local operator's net, international call to the Netherlands), for example. -- Niels. -- Today's subliminal thought is:
On Apr 11, 2004, at 6:55 PM, Sean Donelan wrote:
Can people abuse the phone system? yes, of course it can, but the criteria for response are much higher, and in general the nature of the network (low concurrent session limit, point to point, voice only) as it is exposed to most people limits the damage that can be casually incurred.
There is a difference between crimes against the telephone system and crimes using telephones. The Department of Justice estimates Telemarketing fraud is a $40 Billion a year problem. But telemarketing fraud doesn't necessarily reflect a security vulnerability in the telephone system per se. Or at least not a security vulnerability that can be solved solely by the telephone system.
I'm not certain why telemarketing fraud is that much different than a DDoS by zombies. The underlying network does not really have much to do with either other than supplying transport. And tightening security on the network layer wouldn't stop either from happening. Since the major threat to networks these days is zombies, and there is very little you can do to IP to stop this from happening, why people keep commenting that IP is insecure.... -- TTFN, patrick
Sean Donelan wrote:
On Sat, 10 Apr 2004, Scott Call wrote:
My point was that my $20 GE telephone cannot be made into a liability for my telephone provider without my explicit participation, whereas a $20 a month dialup (or $50 a month DSL, etc) customer can be a liability for me just by being turned on.
Although Bell Labs avoided publishing papers about weakness in the telephone system, it doesn't mean they don't exist. The Communications Fraud Control Assocation has a decent publication on communications fraud.
Seems like John Draper had the corner on that market for a very long time--1960's wasn't it when we had modify all the SF's? -- Requiescas in pace o email
... Then I went to work for a so-called "Tier-1" and learned in short order that this policy does not scale, especially when abusive customers with DS3s are waving around fully loaded lawyers.
... If your well lawyered customers complains, wave the AUP at them, if your AUP doesn't allow you to disconnect customers who imperil your network and the Internet at large, rewrite it.
on the one hand, i just want to say, this works. dave rand had written the original abovenet AUP and while many lawyersticks were brandished, nothing ever happened except that spammers had to seek their services elsewhere. (note: some said that e-bay in the early days was a spammer, but i disagreed.) (note: abovenet today is a different entity than the abovenet i'm describing.) on the other hand, i just want to say, many isp's are in business to make money not save the world, and if a stronger AUP would mean fewer customers, then the management team is going to have a very hard time justifying a stronger AUP to their shareholders. while at MAPS, i often encountered spammers whose explaination was, "this is the behaviour others exhibit and if we don't do it we'll be noncompetitive, but if you can get the others to stop, we'd love to stop also." my response was (predictably) "you have to do the right thing, right now, and it doesn't matter what other people do, MAPS will get around to them eventually." this ideological divide was much more complex than the usual "good vs. evil". since we're talking about laziness, let's look at two ways in which we (nanog "members" and others like us around the world) have been lazy, for decades, and have therefore helped to create the current miserable "abuse" situation. 1. there is no single and widely used abuse reporting format that can be automated at both the victim and responding sides. therefore ntlworld (and others) would have huge costs in trying to parse and understand abuse reports, and so they don't do it, and then they offer up javascript-based web pages to try to automate their end, which makes it impossible to automate the other (victim) end, and so doesn't scale no matter what. 2. there is no single, compelling, honest ethical standard like "the good housekeeping seal of approval" in our industry. instead we have Trust-E whose seal is used by abusers worldwide (their privacy standard still does not require verification of permission, even though everybody knows that SMTP isn't trustworthy) and other similar ventures, many of whom went out of existence with the dotcom crash, or which are similarly spineless. as individuals, we are not lazy. you want evidence? look at the dozens of incompatible attempts to solve #1 and #2 above. these were legitimate, heart felt attempts by qualified and dedicated individuals. but nothing "sticks", partly because disallowing outbound abuse only reduces revenue and only increases expense (while only reducing expense and only increasing revenue for competitors), and partly because nobody wants to adopt an existing standard since it's so much more fun to invent something new. given solutions to #1 and #2 above, well designed and well marketed, it could become possible to require compliance as part of RFP's and peering contracts, and management teams worldwide would be able to look their shareholders in the eye and say that compliance isn't noncompetitive because there are forces that will make the competition have to comply also. but while as individuals we might have lots of energy for this fight, as a community we are lazy, and we'd rather think about next generation router design than next generation abuse design. and yet it always seems to surprise us when the greedy undereducated middle managers, salespeople, and lawyers keep finding new ways to make the abuse problem worse. lazy, lazy, lazy. -- Paul Vixie
Paul Vixie wrote:
1. there is no single and widely used abuse reporting format that can be automated at both the victim and responding sides.
I haven't been paying attention lately, but wasn't there an internet-draft on that a few years back?
2. there is no single, compelling, honest ethical standard like "the good housekeeping seal of approval" in our industry.
A consumers' union for the Internet? Didn't ISP/C have some activities along this line, once upon a time? Heck, whatever happened to ISP/C? The website doesn't seem to exist! -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
1. there is no single and widely used abuse reporting format that can be automated at both the victim and responding sides.
I haven't been paying attention lately, but wasn't there an internet-draft on that a few years back?
several. see <http://www.ietf.org/html.charters/inch-charter.html>. INCH isn't specifically designed for abuse but it's supposed to have an extensible schema (or so i was told).
2. there is no single, compelling, honest ethical standard like "the good housekeeping seal of approval" in our industry.
A consumers' union for the Internet? Didn't ISP/C have some activities along this line, once upon a time?
a "consumer's union" lookalike won't do it. individual endusers rarely have choices about who they use for access -- they get it from a dwindling selection of local dsl providers, or from their cable company. since they aren't making buying decisions now, it wouldn't do any good to give them reasons to choose one access provider over another. where this matters is in the commercial sector, where there's an RFP process for IP transit, or a contract process for BGP peering. to that end, what's needed is something that these documents can refer to -- "member in good standing of $FOO" or "complies with RFC $BAR" are examples. ISP/C wouldn't have been a good example since the members of same who wanted to standardize ethics were seen by the rest as moralistic whackos. as i watch yahoo and others launch anti-spam crusades it pains me that if they would simply have declared universal support of verified permission, and set a date by which they would require it from their suppliers and BGP peers, this would have further criminalized spam just by comparison. but since these companies don't want the perceived costs of verifying permission, they're stuck trying to criminalize "spam" when there is no difference, in principle, between what "spammers" do and what "reputable companies" do. lazy-lazy-lazy. -- Paul Vixie
On 11 Apr 2004, Paul Vixie wrote:
on the other hand, i just want to say, many isp's are in business to make money not save the world, and if a stronger AUP would mean fewer customers, then the management team is going to have a very hard time justifying a stronger AUP to their shareholders.
Surely no coincidence then that their change in abuse policy occurs at a time when they are cutting customer support by 30%: http://www.theregister.co.uk/2004/04/07/ntl_jobs_cut/ Theres a followup discussing their poor CS queue times: http://www.theregister.co.uk/2004/04/08/ntl_jobs_union/ so it seems when the going gets tough, the staff perceived to be non-essential (indirect to the revenue stream) are going! No surprise I guess Steve
On Sat, Apr 10, 2004 at 11:45:20PM -0400, Jeff Workman wrote:
I used to work for a very small (~10k dialup customer) ISP, and at the time our abuse policy was "if somebody complains, and you can find *something* in the logs, then lock the account." Then I went to work for a so-called "Tier-1" and learned in short order that this policy does not scale, especially when abusive customers with DS3s are waving around fully loaded lawyers.
It does not scale, if you have people reading every single mail that comes in, with now pre-parsing, sorting, etc. It scales up to a point when you take steps to sort what is coming in, take active steps to block abusing leaving your network, and implement methods to detect it on your network before people complain. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet: irc.mindspring.com (Earthlink user access only)
sean@donelan.com (Sean Donelan) writes:
Should anonymous use of the Internet be eliminated so all forms of abuse can be tracked and dealt with?
of course not. however, anonymity should be brokered by trusted doubleblinds; nonbrokered/nontrusted anonymity without recourse by recipients is right out. -- Paul Vixie
Chris Boyd wrote:
NTL World no longer accepts abuse@ email. You have to go to a web form that requires javascript be enabled and enter all of the information for them. I guess that they got tired of processing the the abuse@ mail load and just bit bucketed it.
I'm late on this thread and I don't want to open a can of worms here, but... I can understand the reasoning behind what they are doing, but perhaps they are taking things in the wrong direction. Our abuse@ email address is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day with maybe 2-3 legit emails that we need to look at. Sure we could run anti-spam measures on the abuse@ address but that probably isn't the way to go since most complaints to abuse@ are forward spam messages which could be marked and then missed. I think making a reporting page that requires jscript and such is a little over the top, but I don't think a simple HTML standard web form is out of the question. We've not gone this route yet, but we may head that way since I think the actual legit concerns of our abuse@ address are getting lost in the fray. Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today. If there was a standard that worked for this, we would certainly follow it. As it is today, we have got to find something simple that works for the legit issues and something that doesn't burn up so many engineer/tech cycles. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 YOUR PC's broken and I'VE got a problem? -- The BOFH Slogan
Robert Blayzor wrote:
Chris Boyd wrote:
NTL World no longer accepts abuse@ email. You have to go to a web form that requires javascript be enabled and enter all of the information for them. I guess that they got tired of processing the the abuse@ mail load and just bit bucketed it.
I'm late on this thread and I don't want to open a can of worms here, but...
I can understand the reasoning behind what they are doing, but perhaps they are taking things in the wrong direction. Our abuse@ email address is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day with maybe 2-3 legit emails that we need to look at. Sure we could run anti-spam measures on the abuse@ address but that probably isn't the way to go since most complaints to abuse@ are forward spam messages which could be marked and then missed.
I think making a reporting page that requires jscript and such is a little over the top, but I don't think a simple HTML standard web form is out of the question. We've not gone this route yet, but we may head that way since I think the actual legit concerns of our abuse@ address are getting lost in the fray. Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today. If there was a standard that worked for this, we would certainly follow it. As it is today, we have got to find something simple that works for the legit issues and something that doesn't burn up so many engineer/tech cycles.
I have a couple of thoughts that I'll try to keep brief enough not to be banned for mentioning them... Not everybody can use an HTML browser to compose messages. As soon as it seems like a good idea to those I am not allowed to mention here, they will hammer on the forms just like they do the abuse@ addresses. OK, three.... How about all of the Service Providers decide to find a way to treat the problem (instead of the symptoms that annoy them) and stop the hammering on ALL accounts, including abuse@ accounts? -- Requiescas in pace o email
on Mon, Apr 12, 2004 at 12:31:59PM -0400, Robert Blayzor wrote:
I can understand the reasoning behind what they are doing, but perhaps they are taking things in the wrong direction. Our abuse@ email address is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day with maybe 2-3 legit emails that we need to look at. Sure we could run anti-spam measures on the abuse@ address but that probably isn't the way to go since most complaints to abuse@ are forward spam messages which could be marked and then missed.
So don't do content-based filtering.
[...] Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today.
Isn't it their job? -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today! http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/
Steven Champeon wrote:
[...] Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today.
Isn't it their job?
Yes and no. They're responsible for addressing the real problems, and those issues are sometimes missed or lost to the shear volume of bogus messages that surround them. It's also managements job to try to streamline things so that engineers are not wasting valuable amounts of time on things like mailboxes full of spam. If I can optimize that task and save a few man hours a week, I will. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 RAM DISK is not an installation procedure!
on Mon, Apr 12, 2004 at 01:01:28PM -0400, Robert Blayzor wrote:
Steven Champeon wrote:
[...] Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today.
Isn't it their job?
Yes and no. They're responsible for addressing the real problems, and those issues are sometimes missed or lost to the shear volume of bogus messages that surround them.
Sure, I understand, I'm in the same boat here, though on a smaller scale, but I don't see how disabling RFC-mandated role accounts will do anything but further erode confidence in ISPs' willingness to respond to complaints. To addess the same issue, I've tried various things over the past few months, such as rejecting all abuse/postmaster mail if the primary Content-Type is text/html, with a message saying that the sender should use plain text mail; rejecting postmaster to hosted domains asking the sender to use the postmaster address in the primary domain instead, etc. And I've only had *one* legitimate abuse report in seven years of hosting, and only a dozen or so legit postmaster complaints (it's the address I point people to in the event that their mail was improperly blocked). On the bright side, actually examining the bogus stuff hones skills in spam recognition, which should in theory at least make it easier on those who are doing the scanning.
It's also managements job to try to streamline things so that engineers are not wasting valuable amounts of time on things like mailboxes full of spam. If I can optimize that task and save a few man hours a week, I will.
Oh, and that's your right, certainly. But please don't switch to web based systems. I get spam via SMTP, I should be able to report it via SMTP. Asking me to switch to a Web browser is insane and will only serve to reduce the number of legitimate abuse reports, feeding the erroneous supposition that if spam goes unreported it isn't a problem. As of today, fully 60% of my incoming mail is spam; 30% are bounces from accept-then-bounce servers; and we're quickly approaching 99% spam for several of the domains we host mail for. The last thing we need is for ISPs to deal with their inbound problem by ignoring abuse reports or making it more difficult for victims to report spam or viruses originating from their networks. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com Buy "Cascading Style Sheets: Separating Content from Presentation, 2/e" today! http://www.amazon.com/exec/obidos/ASIN/159059231X/heskecominc-20/ref=nosim/
On 4/12/2004 11:31 AM, Robert Blayzor wrote:
address are getting lost in the fray. Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is
On the other hand, making me spend half an hour or more of my workday filling out forms for you just pushes the costs outside of your network and into mine. That's pretty rude, don't you think? Worse is that it's shortsighted. If everybody did this, then those reversed costs will get back to your own operation at some point. One day you'll find *yourself* spending several hours a day filling out abuse reports for other people's networks, whereas you used to be able to just forward them via email. Congratulations on raising everybody's costs, including your own.
today. If there was a standard that worked for this, we would certainly follow it.
Standardized scripts would also be abused. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
EAH> Date: Mon, 12 Apr 2004 12:20:01 -0500 EAH> From: Eric A. Hall EAH> > today. If there was a standard that worked for this, we would EAH> > certainly follow it. EAH> EAH> Standardized scripts would also be abused. #include "pki-and-trusted-peers-debate.h" Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
On Mon, 12 Apr 2004, Robert Blayzor wrote:
I can understand the reasoning behind what they are doing, but perhaps they are taking things in the wrong direction. Our abuse@ email address is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day with maybe 2-3 legit emails that we need to look at. Sure we could run
I'm not sure people actually understand the scope of what some ISPs have to deal with. Scaling to handle 6.8 million abuse complaints a day is hard. Despite calling them "lazy network operators" some of them work very hard in a thankless job. According to the Washington Post America Online says it has seen a dramatic decline in spam over the past month, due to improved filtering techniques and fear of litigation under a new U.S. law. In a one-month period ending March 20, customer complaints about spam nearly halved to 6.8 million per day, the Time Warner Inc. unit said. http://www.washingtonpost.com/wp-dyn/articles/A3300-2004Apr11.html
On Mon, 12 Apr 2004, Sean Donelan wrote:
On Mon, 12 Apr 2004, Robert Blayzor wrote:
I can understand the reasoning behind what they are doing, but perhaps they are taking things in the wrong direction. Our abuse@ email address is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day with maybe 2-3 legit emails that we need to look at. Sure we could run
I'm not sure people actually understand the scope of what some ISPs have to deal with. Scaling to handle 6.8 million abuse complaints a day is hard. Despite calling them "lazy network operators" some of them work very hard in a thankless job.
According to the Washington Post
America Online says it has seen a dramatic decline in spam over the past month, due to improved filtering techniques and fear of litigation under a new U.S. law. In a one-month period ending March 20, customer complaints about spam nearly halved to 6.8 million per day, the Time Warner Inc. unit said.
http://www.washingtonpost.com/wp-dyn/articles/A3300-2004Apr11.html
Presumably the 6.8m figure is how many users click the 'spam' button in the AOL mail client and not how many abuse complaints are sent in? I'd assume the former would be mostly automated and the latter ought to be looked at some how as it will include compromised host reports, spam sending etc Steve
On Mon, Apr 12, 2004 at 09:03:38PM +0100, Stephen J. Wilcox wrote:
According to the Washington Post
America Online says it has seen a dramatic decline in spam over the past month, due to improved filtering techniques and fear of litigation under a new U.S. law. In a one-month period ending March 20, customer complaints about spam nearly halved to 6.8 million per day, the Time Warner Inc. unit said.
http://www.washingtonpost.com/wp-dyn/articles/A3300-2004Apr11.html
Presumably the 6.8m figure is how many users click the 'spam' button in the AOL mail client and not how many abuse complaints are sent in?
Probably, yes. AOL isn't a huge source of abuse compared to most DSL/cable providers, so probably aren't seeing a huge number of incoming legitimate abuse complaints. Their users are a great source of complaints, via the "this is spam" button, though, many of which are legitimate and most of which are well targeted.
I'd assume the former would be mostly automated and the latter ought to be looked at some how as it will include compromised host reports, spam sending etc
High four figures / day is as high as we usually see at big broadband ISPs, though it can spike to five or ten times that occasionally. Cheers, Steve -- -- Abuse desk automation: http://word-to-the-wise.com/abacus/
Hi!
Presumably the 6.8m figure is how many users click the 'spam' button in the AOL mail client and not how many abuse complaints are sent in?
Probably, yes.
AOL isn't a huge source of abuse compared to most DSL/cable providers, so probably aren't seeing a huge number of incoming legitimate abuse complaints. Their users are a great source of complaints, via the "this is spam" button, though, many of which are legitimate and most of which are well targeted.
But AOL is target of a lot of virusses and spam runs, and i must say, they do a pretty good job with managing al of that. Compliments to Carl and his team. They bring _fast_ responses and replys on SPAL-L and do a lot of work to downsize the impact of new stuff.
High four figures / day is as high as we usually see at big broadband ISPs, though it can spike to five or ten times that occasionally.
Lets say, its not one of the smaller ones :) Bye, Raymond
On Mon, Apr 12, 2004 at 11:49:36PM +0200, Raymond Dijkxhoorn wrote:
Presumably the 6.8m figure is how many users click the 'spam' button in the AOL mail client and not how many abuse complaints are sent in?
Probably, yes.
AOL isn't a huge source of abuse compared to most DSL/cable providers, so probably aren't seeing a huge number of incoming legitimate abuse complaints. Their users are a great source of complaints, via the "this is spam" button, though, many of which are legitimate and most of which are well targeted.
But AOL is target of a lot of virusses and spam runs, and i must say, they do a pretty good job with managing al of that. Compliments to Carl and his team. They bring _fast_ responses and replys on SPAL-L and do a lot of work to downsize the impact of new stuff.
Absolutely. That's one of the reasons that they're not a large source of abuse, far smaller than you'd expect from the size of their customer base. Their team is competent, well-equipped and (compared with other places) well-funded. Another reason is that they're not really an ISP, in the traditional sense. They have far more visibility of and direct control over what their users do, and the software their users run, than almost any other ISP. That makes many things possible for them that would be extremely difficult for a typical PPP provider. Cheers, Steve -- -- Abuse desk automation: http://word-to-the-wise.com/abacus/
On Mon, 12 Apr 2004, Steve Atkins wrote:
But AOL is target of a lot of virusses and spam runs, and i must say, they do a pretty good job with managing al of that. Compliments to Carl and his
Another reason is that they're not really an ISP, in the traditional sense. They have far more visibility of and direct control over what their users do, and the software their users run, than almost any other ISP. That makes many things possible for them that would be extremely difficult for a typical PPP provider.
Perhaps this is the future of end user access? If this level of control can give good returns in the form of reduced overheads (and costs due to spam are only going to increase as I see it) then perhaps more operators will adopt AOL style software, or perhaps the OS will tend more in this direction for its user software and become more restrictive? Steve
On Tue, 13 Apr 2004 00:05:31 BST, "Stephen J. Wilcox" said:
software, or perhaps the OS will tend more in this direction for its user software and become more restrictive?
The truly odd part here is that there are already moves by the largest vendor to become more restrictive, mostly in response to the increase in popularity of alternatives seen as being simultaneously both more secure and less restrictive to the user.....
On Mon, 12 Apr 2004 15:53:20 -0400 (EDT) Sean Donelan <sean@donelan.com> wrote: | According to the Washington Post | | America Online says it has seen a dramatic decline in spam over | the past month, due to improved filtering techniques and fear of | litigation under a new U.S. law. In a one-month period ending | March 20, customer complaints about spam nearly halved to | 6.8 million per day, the Time Warner Inc. unit said. The team at AOL have put a SUBSTANTIAL effort into resolving problems over recent months - finding solutions to things that would have had most network admins despairing whether any solutions even existed. Nothing even close to that can be said of NTL. Unfortunately. -- Richard Cox
On Mon, 12 Apr 2004, Richard Cox wrote:
Nothing even close to that can be said of NTL. Unfortunately.
NTL put their head in the sand in the hopes their spam problem will go away. Unfortunately for NTL what will end up happening is NTL mail will go away, into global RBLs and thousands of private block lists. -Dan
NTL put their head in the sand in the hopes their spam problem will go away. Unfortunately for NTL what will end up happening is NTL mail will go away, into global RBLs and thousands of private block lists.
if ntl wants to just be in the access-line business and not in the internet business then they should FULLY EMBRACE that approach rather than resisting or hiding it. for example, block all outbound tcp on the standard ports for SMTP, windows/yahoo/aol messenger, and everything else spammers try to reach. lock customers out when they emit netbios packets. and send every one of them a printed copy of the www.vix.com/personalcolo web page. problem solved, costs reduced, revenue upheld, what the heck is stopping them? -- Paul Vixie
On Mon, 12 Apr 2004 20:05:22 -0000, Richard Cox <richard@mandarin.com> said:
The team at AOL have put a SUBSTANTIAL effort into resolving problems over recent months - finding solutions to things that would have had most network admins despairing whether any solutions even existed.
One has to wonder what impact it would have on AOL's bottom line if they were to release their solutions so we could all use them, thus cutting down their load as well.....
One has to wonder what impact it would have on AOL's bottom line if they were to release their solutions so we could all use them, thus cutting down their load as well.....
Maybe they could include the software set in the next version of WinAMP :_) DJ
On 4/12/2004 2:53 PM, Sean Donelan wrote:
I'm not sure people actually understand the scope of what some ISPs have to deal with.
Percentage of revenues are about the same aren't they? -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On 04/12/04, "Eric A. Hall" <ehall@ehsco.com> wrote:
On 4/12/2004 2:53 PM, Sean Donelan wrote:
I'm not sure people actually understand the scope of what some ISPs have to deal with.
Percentage of revenues are about the same aren't they?
I doubt it. The spammers go after big providers much harder than smaller folks, and certainly much harder than any primarily personal domain (with only one exception that I know of.) -- J.D. Falk "be crazy dumbsaint of the mind" <jdfalk@cybernothing.org> -- Jack Kerouac
there are three replies here. -------- rblayzor@inoc.net (Robert Blayzor) writes:
... Having our techs/engineers go through the abuse@ box every day to play hide and seek is a bit of an agonizing task that nobody really wants, especially at the volume it is today. If there was a standard that worked for this, we would certainly follow it.
the wonderful trouble about standards is that there are so many to choose from. spamcop has one. IETF's INCH may become another one. but until a good open source toolbox comes out for sending, receiving, filing, ticketing and measuring incident reports in some such format, it won't catch on.
As it is today, we have got to find something simple that works for the legit issues and something that doesn't burn up so many engineer/tech cycles.
i understand that position. but http just isn't a solution. before you deploy a forms-based approach, consider being more honest than that, and just bouncing all mail to abuse@ with a "we can't handle the internet" message. -------- ehall@ehsco.com ("Eric A. Hall") writes:
Standardized scripts would also be abused.
yes, of course they would. just like spamcop is the target of many joejobs, and the majority of IDS vendors still think SMTP headers are trustworthy. the "good open source toolbox" i postulated above would have to include a distributed membership model whereby network owners only accept complaints from entities they already know and trust, which would mean their own customers and their BGP peers. if you get abuse on THAT channel then you have recourse (disconnection, depeering, whatever). i've been writing since 1998 that a robust abuse reporting format and a complaints-follow-contracts submission path would cut abuse growth by 50%. but i guess in 1998 that didn't seem like an attractive enough goal. "can you hear me now?" -------- schampeo@hesketh.com (Steven Champeon) writes:
..., but I don't see how disabling RFC-mandated role accounts will do anything but further erode confidence in ISPs' willingness to respond to complaints.
two things. an rfc cannot mandate -- all internet standards are optional from the point of view of a network owner (or end user or implementor) -- and compliance is only necessary for locally selfish reasons (like being able to buy or sell services or products, for example.) and, isp's are already unwilling to respond to complaints, even those they could pick out of the dreck flowing into their abuse@ mailboxes, since doing this would only benefit their competitors. think about it -- you spend money on an abuse desk whose purpose is to shut down your customers; your competitor who spends less money on an abuse desk ends up with more revenue since that's where your spamming customer go when you shut 'em down.
As of today, fully 60% of my incoming mail is spam; 30% are bounces from accept-then-bounce servers; and we're quickly approaching 99% spam for several of the domains we host mail for.
60%? "luxury!"
The last thing we need is for ISPs to deal with their inbound problem by ignoring abuse reports or making it more difficult for victims to report spam or viruses originating from their networks.
that time is past. -- Paul Vixie
PV> Date: 13 Apr 2004 06:04:04 +0000 PV> From: Paul Vixie PV> schampeo@hes... (Steven Champeon) writes: PV> PV> SC> As of today, fully 60% of my incoming mail is spam; 30% PV> SC> are bounces from accept-then-bounce servers; and we're PV> SC> quickly approaching 99% spam for several of the domains PV> SC> we host mail for. PV> PV> 60%? "luxury!" Note 30% stupid bounces. I also suspect ~9% mailing lists. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
participants (27)
-
Avleen Vig -
Chris Boyd -
Dan Hollis -
Deepak Jain -
E.B. Dreger -
Eric A. Hall -
Iljitsch van Beijnum -
J.D. Falk -
Jeff Workman -
jlewis@lewis.org -
Laurence F. Sheldon, Jr. -
Niels Bakker -
Patrick W.Gilmore -
Paul Vixie -
Raymond Dijkxhoorn -
Richard Cox -
Robert Blayzor -
Scott Call -
Sean Donelan -
Stephen J. Wilcox -
Stephen Sprunk -
Steve Atkins -
Steven Champeon -
Steven M. Bellovin -
Suresh Ramasubramanian -
Valdis.Kletnieks@vt.edu -
William Allen Simpson