Re: Motion for a new POST NSF AUP
From: "Theodore Ts'o" <tytso@MIT.EDU> I disagree, strongly. I think anti-spam messages, sent to the postmasters of the respective ISP's that provide service to the spammers, is perfectly acceptable. Otherwise, there is no cost to the ISP's for providing service to the spammers.
Good idea! I've only been sending to the perpetrator (which sometimes bounces).
As a matter of course, whenever I receive a spam, I will generally send a complaint to postmaster at the originating site, or perhaps to the ISP, if I can determine it. In fact, I'm thinking about automating this procedure, to decrease the amount of time that it takes for me to send the complaint.
I also have a template file which I use to save time. How do you automate finding the postmaster and ISP? I cannot seem to figure it out. In the case of the "Janet Dove" spam, the two different months included different headers: Received: (from news@localhost) by ixc.ixc.net (8.6.12/8.6.10) id SAA06849; Fri, 8 Sep 1995 18:27:50 -0400 From: janetdove@infosat.com (Janet Dove) Newsgroups: info.ietf.isoc,info.ietf.njm,info.ietf.smtp,info.inet.access,info.isode,info.jethro-tull,info.labmgr,info.mach,info.mh.workers,info.nets,info.nsf.grants,info.nsfnet.cert,info.nsfnet.status,info.nupop,info.nysersnmp,info.osf,info.pem-de Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles Date: Fri, 08 Sep 1995 18:28:18 -0500 Organization: Association of Overseas Students, Eastern Region Message-ID: <janetdove-0809951828180001@pm1-49.ixc.net> NNTP-Posting-Host: pm1-44.ixc.net Received: from [198.70.48.62] (pm1-62.ixc.net [198.70.48.62]) by cornell.edu (8.6.12/8.6.12) with SMTP id EAA02068; Wed, 11 Oct 1995 04:28:53 -0400 X-Sender: For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok (Unverified) Message-Id: <v0153050baca1267766ab@[205.230.67.34]> Date: Wed, 11 Oct 1995 05:03:27 -0500 To: For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok From: For.a.prompter.reply.please.fax@If.you.do.not.have.a.fax.smail.is.ok (You will get a quick reply via email within 1 business day of receipt of the info request form below.) Subject: *new* reply info: ===>> FREE 1 yr. Magazine Sub sent worldwide- 300+ Popular USA Titles As you can see, in the second they were better at hiding! But email to janetdove didn't bounce.... And the Received tells the IP address. As to authentication, the headers indicate "pm-", probably a PortMaster. I _know_ PortMasters have both PAP and CHAP authentication.
Other people have talked about enforcement; as near as I can tell, this is the only kind of enforcement on the Internet that will really work.
Yes, email reply is a good start. But, I would like to add another kind. And the ISP's had better listen up: The other kind is a lawsuit. It costs about $50 for an individual to file, and $$$ (thousands) for a company to defend. And for that same $50, I can sue _both_ the perpetrator, and an uncooperative ISP. If the ISP fails to authenticate, and/or fails to log and identify the perpetrator, they are clearly negligent!
P.S. Perhaps ISP's should consider writing into their customer's contracts some legal language saying that if the ISP receives too many complaints, that the customer is liable for the cost of processing the complaints caused by that customer --- the ISP can decide to waive the fee if the complaints are caused by some mail forgery or other legitimate misunderstanding.
We talked about this last year. If they haven't done it by now, they have only themselves to blame.... Bill.Simpson@um.cc.umich.edu Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2
On Mon, 16 Oct 1995, William Allen Simpson wrote:
From: "Theodore Ts'o" <tytso@MIT.EDU> I disagree, strongly. I think anti-spam messages, sent to the postmasters of the respective ISP's that provide service to the spammers, is perfectly acceptable. Otherwise, there is no cost to the ISP's for providing service to the spammers.
Good idea! I've only been sending to the perpetrator (which sometimes bounces).
Heres a better solution: Only send to the postmasters. I was involved (from the "bouncing site" perspective) with a spam in which the perpetrator would have been charged with felonies in at least two states. However, the internet community tipped the individual off by determining his email address and sending him email cc'd to the postmaster of the site. As a result, the perpetrator wasn't caught in the act, and a case could not be built. forrestc@imach.com
Date: Mon, 16 Oct 95 08:13:54 GMT From: "William Allen Simpson" <bsimpson@morningstar.com>
As a matter of course, whenever I receive a spam, I will generally send a complaint to postmaster at the originating site, or perhaps to the ISP, if I can determine it. In fact, I'm thinking about automating this procedure, to decrease the amount of time that it takes for me to send the complaint.
I also have a template file which I use to save time. How do you automate finding the postmaster and ISP? I cannot seem to figure it out. Well, I'd only seriously consider bothering the ISP if postmaster@perp.site hasn't responded, or if it's obvious that perp.site is a PPP-only site that's connected to an ISP (in which case root@perp.site is probably the same as perpetrator@perp.site). Figuring out the ISP isn't too hard; you can look at the nameservers for perp.site (especially if it's a PPP-only link, the ISP is probably providing nameservice), or you can use traceroute. The other thing to keep in mind is that in the case of the magazine spam, the e-mail contact address for requested responses was posted. So instead of needing to try to figure out the actual posting address from the forgery, you can also just simply send complaints to postaster@grfn.org (looks like the spammers were taking advantage of a freenet site, which also deserved to get flooded with complaints; they had several different accounts on that freenet site). In the case where the perpatrators of the spam leave a 1-800 number as the contact point, you can simply call them up and give them abuse for spamming the internet. Again, if enough people do this it will become economically unfeasible for spammers to continue. (There's an extremely hilarious story going around about someone who posted the 1-800 number alt.sex.* as a phone sex line; the poor company got flooded with lots of calls, which skyrocketed their 1-800 bill and embarassed the heck out of their (mostly female) receptionists. I don't recommend that people try this do, since posting the 1-800 number as a phoen sex number is obviously fraud. But it *is* extremely amusing to hear about it happening.) The hard part of trying to automate it is that there are a lot of hueristics. But it certainly would be possible to build tools that automated at least part of the detective work. - Ted
participants (3)
-
Forrest W. Christian
-
Theodore Ts'o
-
William Allen Simpson