[OT] Good Anti-Spam Boilerplate
Howdy, After some senseless Googling, I'm at a loss. I'm looking for a very comprehensive, up-to-date example of an AUP that covers spam. When I say "modern", I mean that I want it to include not just direct spamming, but abuse of remote open-relays, abuse of remote trojaned boxes, sending through a third party that circumvents the local AUP, etc. Some good definition of "requested email" would be great - ie: double opt-in, or single opt-in with some documentation that the user requested the mail on a web form or similar. Some language that covers penalties would also be helpful, such as equipment seizure for non-payment of penalties. Please reply privately and I'll summarize. I do not wish to get into any debates about what qualifies as spam on this list. Thanks, Charles -- Charles Sprickman spork@inch.com
On Fri, 8 Oct 2004, Charles Sprickman wrote:
After some senseless Googling, I'm at a loss. I'm looking for a very comprehensive, up-to-date example of an AUP that covers spam. When I say "modern", I mean that I want it to include not just direct spamming, but abuse of remote open-relays, abuse of remote trojaned boxes, sending through a third party that circumvents the local AUP, etc. Some good definition of "requested email" would be great - ie: double opt-in, or single opt-in with some documentation that the user requested the mail on a web form or similar.
Some language that covers penalties would also be helpful, such as equipment seizure for non-payment of penalties.
Please reply privately and I'll summarize. I do not wish to get into any debates about what qualifies as spam on this list.
Replying to myself here... Thanks to everyone. I'd missed the spamhaus "spam definition" which will be very helpful in wording a few things. And the prize for "best TOS" goes to Steve Sobol from "justthe.net". This one is great: http://justthe.net/legal/tos/ I especially like the pdf generator. :) Now I'll have to see what the lawyer thinks. Thanks again everyone, Charles
Thanks,
Charles
-- Charles Sprickman spork@inch.com
After some senseless Googling, I'm at a loss. I'm looking for a very comprehensive, up-to-date example of an AUP that covers spam.
You might want to ask this question at a place like http://www.groklaw.net/ First of all, it's a legal problem and the above blog is a place where lawyers hang out, but they seem to focus on the boundaries of technology and law which is where the SPAM AUP issue sits. There are probably other such blogs, lists, sites and so on where you can get ideas from people with knowledge of law. --Micael Dillon
On Mon, Oct 11, 2004 at 10:51:42AM +0100, Michael.Dillon@radianz.com wrote:
After some senseless Googling, I'm at a loss. I'm looking for a very comprehensive, up-to-date example of an AUP that covers spam.
You might want to ask this question at a place like http://www.groklaw.net/
First of all, it's a legal problem and the above blog is a place where lawyers hang out, but they seem to focus on the boundaries of technology and law which is where the SPAM AUP issue sits.
I'm not sure I'd agree. Having an AUP that is enforcable in the way in which you want to enforce it is very much an operational and policy issue. You should have a lawyer check it over, as with any contract, to ensure that you are defended legally should that ever be an issue, but it's primarily a tool for your abuse staff to use. Because of that, it's also unlikely that copying someone elses AUP wholesale is going to be terribly appropriate, unless their business model is fairly similar to yours (end-user vs web host vs bandwidth provider vs colo...). It's well worth looking at others for concepts and phrases to steal, but be very cautious of copying one that may not be appropriate for the issues your abuse desk needs to handle. You also need an internal, unpublished, policy document. It's pretty much impossible to create an AUP that is specific enough to forbid what you want forbidden and yet allow all legitimate use. The best AUPs state your "philosophy" on acceptable use and your policies in broad terms that don't try to be too specific and are overbroad in that they forbid too much. Then selective enforcement by the abuse staff allows you to implement the policy you actually need. That needs a fairly competent abuse staff, and to provide some consistency in handling issues they need their own policies and procedures. Writing the first version of those down up-front gives you a good framework to both make it clear what your intent is in drafting the AUP to existing abuse staff and to help in bringing someone new in to help with abuse work. Cheers, Steve
participants (3)
-
Charles Sprickman
-
Michael.Dillon@radianz.com
-
Steve Atkins