Suggestion for NANOG Meeting
One topic that really needs to be addressed is the responsibility of the carriers on Email Spamming by customers. Should the carrier disconnect a customer that continues to send unsolicited emails even after a individual or group asks to be taken off their distribution lists. As a carrier, we at ACSI have issued a statement that we cannot be responsible for customer traffic. I know that legally we cannot filter any customer traffic, but I am really getting sick of getting emails about customers that continue to send unsolicited emails. We as a community need to come up with a common carrier policy on how to handle such customers and how to deal with complaints. If anyone else is sick of this, please let me know so maybe we can have this brought up as a topic of discussion in San Fran. Eric _______________________________________________________ Eric D. Madison - Senior Network Engineer - ACSI - Advanced Data Services - ATM/IP Backbone Group 24 Hour NMC/NOC (800)291-7889 Email: noc@acsi.net
It might be an intersting topic for conversation - but ignoring complaints about (esp. *serious*) spammers hosted on your network will not make you very popular in the provider community. So I guess it *is* a topic for conversation... Avi
One topic that really needs to be addressed is the responsibility of the carriers on Email Spamming by customers. Should the carrier disconnect a customer that continues to send unsolicited emails even after a individual or group asks to be taken off their distribution lists.
As a carrier, we at ACSI have issued a statement that we cannot be responsible for customer traffic. I know that legally we cannot filter any customer traffic, but I am really getting sick of getting emails about customers that continue to send unsolicited emails. We as a community need to come up with a common carrier policy on how to handle such customers and how to deal with complaints.
If anyone else is sick of this, please let me know so maybe we can have this brought up as a topic of discussion in San Fran.
Eric
We are not ignoring the complaints. I have contacted the spammers and asked them to stop the unsolicited emails. Problem is that they are not always our direct customer, so they see us as no threat since we are not their direct upstream provider. I would just like to see what other large providers are doing about this problem so we can come to a common policy. Eric _______________________________________________________ Eric D. Madison - Senior Network Engineer - ACSI - Advanced Data Services - ATM/IP Backbone Group 24 Hour NMC/NOC (800)291-7889 Email: noc@acsi.net On Mon, 20 Jan 1997, Avi Freedman wrote:
It might be an intersting topic for conversation - but ignoring complaints about (esp. *serious*) spammers hosted on your network will not make you very popular in the provider community.
So I guess it *is* a topic for conversation...
Avi
One topic that really needs to be addressed is the responsibility of the carriers on Email Spamming by customers. Should the carrier disconnect a customer that continues to send unsolicited emails even after a individual or group asks to be taken off their distribution lists.
As a carrier, we at ACSI have issued a statement that we cannot be responsible for customer traffic. I know that legally we cannot filter any customer traffic, but I am really getting sick of getting emails about customers that continue to send unsolicited emails. We as a community need to come up with a common carrier policy on how to handle such customers and how to deal with complaints.
If anyone else is sick of this, please let me know so maybe we can have this brought up as a topic of discussion in San Fran.
Eric
We are not ignoring the complaints. I have contacted the spammers and asked them to stop the unsolicited emails. Problem is that they are not always our direct customer, so they see us as no threat since we are not their direct upstream provider. I would just like to see what other large providers are doing about this problem so we can come to a common policy.
Eric
As I said, a meeting about this would be good... If consensus builds perhaps a community document would then be in order... Avi
Ok, Let me put in my two cents worth on this can of worms I just opened. As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes". This includes unsolicited emails, pornography, whatever, but there comes a point where the amount time to respond these issues that I can not perform the job I am paid to do. I have a large network to maintain, I don't have time to worry about issues except ones that directly effect how I run my network. But since I am the contact listed for various networks, RA entries, etc, I always get brought into the middle of the battle. So, I am not asking for a meeting to form policy, I am asking for a meeting to know how other providers are dealing with this problem without just dropping the emails of angry recepients into the bit bucket, which is not an solution. Eric _______________________________________________________ Eric D. Madison - Senior Network Engineer - ACSI - Advanced Data Services - ATM/IP Backbone Group 24 Hour NMC/NOC (800)291-7889 Email: noc@acsi.net On Mon, 20 Jan 1997, Avi Freedman wrote:
We are not ignoring the complaints. I have contacted the spammers and asked them to stop the unsolicited emails. Problem is that they are not always our direct customer, so they see us as no threat since we are not their direct upstream provider. I would just like to see what other large providers are doing about this problem so we can come to a common policy.
Eric
As I said, a meeting about this would be good... If consensus builds perhaps a community document would then be in order...
Avi
Ok, Let me put in my two cents worth on this can of worms I just opened.
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes". This includes unsolicited emails, pornography, whatever, but there comes a point where the amount time to respond these issues that I can not perform the job I am paid to do. I have a large network to maintain, I don't have time to worry about issues except ones that directly effect how I run my network. But since I am the contact listed for various networks, RA entries, etc, I always get brought into the middle of the battle. So, I am not asking for a meeting to form policy, I am asking for a meeting to know how other providers are dealing with this problem without just dropping the emails of angry recepients into the bit bucket, which is not an solution.
Eric
Obviously policy is never going to be unanimous - and can't be formed at all until people start talking... Avi
Ok, Let me put in my two cents worth on this can of worms I just opened.
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes". This includes unsolicited emails,
This is false in that it's overly broad. All you cannot do is pro-actively edit for content, you can't act like a newspaper editor (eg.) and still lay claim to being a common carrier. But as an analogy, if someone made harassing phone calls to your home you could certainly call the telco and complain and they could act on that information once you complain. Your summary would seem to say that the telco couldn't do anything at that point which I think we all know isn't true, they can block further calls etc., even shut off service. There certainly are things you can't do and maintain a claim of common carriage. But there are also certainly things you can do. Note also you can do a lot if something is potentially interfering with the technical operation of your piece of the network. That was my argument with Sprint: That once the party sending thousands of mail msgs per day was informed that all their mail to us was being blocked and had a few days to react it was no longer a content issue, they simply had a software loop out of control, maliciously or negligently, eating up bandwidth, and it had become an operational matter. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes". This includes unsolicited emails, pornography, whatever, but there comes a point where the amount time to respond these issues that I can not perform the job I am paid to do. [...]
You cannot make the determination based on content. Not because you are a carrier, but because all three major North American governments have laws protecting the privacy of other people's information -- your role as a carrier just means when other people send their information through your facility you do not "own" it, so it isn't "yours", so you can't peek at it. You *can* make this determination based on knowledge of the source. If you have reason to believe that someone out there is going to put your internal network to a use you do not agree with, you have every right to block their traffic at your perimeter. In other words the same legal protections that allow you to do GIGAswitch port filtering and prevent someone from using you as their default route, also gives you the route to install "black hole" routes in your network so that certain other networks become unreachable. You do not need any of the things a law enforcement agency would need -- you do not have to have the court's permission, you do not need probable cause, you do not have to show that your actions were not personally biased. (We will eventually see ISPs licensed in a way that makes this harder, but right now you are free to do whatever you want with an IP packet, even if you are a regulated common-carriage telephone company who sometimes deals with SMDS frames or ATM cells or whatever.) So it comes down to a business decision, not unlike peering. Will your customers complain more if you have a good path to network X, or will they complain more if you have a bad path to network X? In the case of peering as a business decision, it takes a pretty special value of "X" to get, say, Sprint's customers to complain en masse that they cannot reach that "X". In the case of spam, though, there are a lot of quite common values of "X" for which customers will complain more if you CAN reach it than if you CANNOT. My list of "X", as of this morning, is as follows: static { # spam 204.141.123 masklen 24 interface lo0 reject; 208.9.65 masklen 24 interface lo0 reject; 207.14.56 masklen 24 interface lo0 reject; 206.154.151 masklen 24 interface lo0 reject; 208.1.117 masklen 24 interface lo0 reject; 207.32.128 masklen 24 interface lo0 reject; 208.8.32 masklen 24 interface lo0 reject; 208.197.88 masklen 24 interface lo0 reject; # softcell A 208.206.49 masklen 24 interface lo0 reject; # softcell NS 208.206.54 masklen 24 interface lo0 reject; # softcell MX }; I am working on a free service offering whereby the above list is sent as a multihop BGP feed to anyone who is willing to indemnify me for any loss of business or lawsuits which could come about as a result of accepting the above feed. (Right now I'm finding that GateD 3.6A2 doesn't do multihop BGP, but as soon as I back out to 3.5 I think things will start working again.) Naturally the effect of a large number of people accepting my "blackhole feed" would be that spammers will have to ask their providers for a new IP address block every time they do a new spam. I expect that this will make them less welcome as customers. Note that accepting this eBGP feed from me in no way shortens an ISP's ability to sell IP connectivity to spammers who happen to be on the list. Your spammer customers will still have complete access to your internal network and will still have complete access to every part of the Internet who does not subscribe to my blackhole feed. On the other hands, spammers who are not your customers will not be able to interact with anyone who IS your customer. (Spammers who are your customers are probably pretty careful not to annoy nonspammers who are also your customers, since they know what they're doing is unfriendly and they don't want to get caught by someone who can pull out their plug.) I did not do my small part in building this industry only to have to use PGP to filter out all e-mail that doesn't come from a known, trusted source. I will do that as a last resort, and before I do I will fight the good fight to maintain the way of life I came to this medium for in the first place.
On Mon, 20 Jan 1997, Eric D. Madison wrote:
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes".
So you would ignore one of your customers SYN attacking random victims on the net? Or one of your T3 customers ping bombing somebody with a T1? There already is precedent for deal with abuse. Mike. +------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 408 282 1540 | | Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+
On Mon, 20 Jan 1997, Mike Leber wrote:
On Mon, 20 Jan 1997, Eric D. Madison wrote:
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes".
So you would ignore one of your customers SYN attacking random victims on the net? Or one of your T3 customers ping bombing somebody with a T1?
That's not content. The term 'content' excludes time, place, and manner. Blocking a SYN attack is about regulating the manner in which people can exchange content, not the content they exchange. DS
At 1:28 PM -0500 1/20/97, David Schwartz wrote:
On Mon, 20 Jan 1997, Mike Leber wrote:
On Mon, 20 Jan 1997, Eric D. Madison wrote:
As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes".
So you would ignore one of your customers SYN attacking random victims on the net? Or one of your T3 customers ping bombing somebody with a T1?
That's not content. The term 'content' excludes time, place, and manner. Blocking a SYN attack is about regulating the manner in which people can exchange content, not the content they exchange.
DS
And I would suggest that the first level of dealing with spam is by its traffic characteristics and administrative characteristics. In other words, while I am incredibly annoyed as a recipient of spam, I am most concerned by the potential of spam to produce denial of service, through mail bombs (original or retaliatory), looping spam software, exhausting spool space, etc. These are not content issues. Howard
Avi Freedman supposedly said:
We are not ignoring the complaints. I have contacted the spammers and asked them to stop the unsolicited emails. Problem is that they are not always our direct customer, so they see us as no threat since we are not their direct upstream provider. I would just like to see what other large providers are doing about this problem so we can come to a common policy.
Eric
As I said, a meeting about this would be good... If consensus builds perhaps a community document would then be in order...
Avi
This topic is the main effort of the IETF WG RUN(Responsible Use of the Network) which is just getting started on it. If we had such a meeting at NANOG I will be sure to take notes and bring them up to the RUN group, since there goal is to create such a document. ---> Phil
On Mon, 20 Jan 1997, Eric D. Madison wrote:
Should the carrier disconnect a customer that continues to send unsolicited emails even after a individual or group asks to be taken off their distribution lists.
Using "ask to be taken off their list" as an indicator indicates a naive understanding of how serious spam servers (for lack of a better term) operate. The spam servers sell lists to hopeful scam artists or ignorant business people (suckers) for a few hundred dollars. They also frequently provide mass mailing software for use with a throw away dialup account from a major provider. The suckers usually won't do more than one mailing (or atleast under the same identity). The spam server also usually has a policy of not removing web pages that are indirectly promoted via email. The primary reason that a well written spam includes a way "to get off the list" are it gives recipients an action to take, thus reducing complaints. You can ask to be removed from the scam artist's lists all you want, but you will never be removed from the spam server's master list. For ISPs that don't have any kind of philosophical position against spam, the reason you want to deal with spammers is to avoid the gigantic amount of bad press they generate. It is very easy for them to hit return to mail (and anger) 1 million people. Mike. +------------------- H U R R I C A N E - E L E C T R I C -------------------+ | Mike Leber Direct Internet Connections Voice 408 282 1540 | | Hurricane Electric Web Hosting & Co-location Fax 408 971 3340 | | mleber@he.net http://www.he.net | +---------------------------------------------------------------------------+
participants (9)
-
Avi Freedman
-
Barry Shein
-
David Schwartz
-
Eric D. Madison
-
Eric D. Madison
-
Howard C. Berkowitz
-
Mike Leber
-
Paul A Vixie
-
Philip J. Nesser II