potentially profitable spam countermeasures
Those of you who operate ISPs that accept credit-card, dial-up customers (and therefore have a problem with spammers abusing your services) might find this item of interest. Earthlink's Acceptable Use Policy has a $200 penalty for spamming in it. I am told that with the advent of this policy, there was a dramatic drop in abuse of their service. See http://www.earthlink.net/company/aupolicy.html for the details. The key section is 2.3.1.3. Member specifically agrees that he/she/it will not utilize the EarthLink Network service, EarthLink Network's equipment or any EarthLink Network electronic mail address in connection with the transmission of the same or substantially similar unsolicited message to 50 or more recipients or 15 or more newsgroups in a single day. For each day upon which this provision is violated, Member agrees to pay EarthLink Network $10.00 per day for an unintentional violation of this provision, but where warranted, such as in the case of an accidental transmission, EarthLink Network may waive all or part of the applicable charge. In cases of willful violations of this provision, Member agrees to pay EarthLink Network $200.00 per day. EarthLink Network at its sole discretion shall determine whether such a violation was unintentional or willful. Payment by member under this provision shall not prevent EarthLink Network from seeking to obtain other legal remedies against member, including other damages or an injunction. So, set the agreement up right, find the spammers abusing your service, and whack them with a fine, per the agreement. Recover your cost, plus lost goodwill. This will not eradicate spam. However, if everyone does this, the effect should be to sharply curtail the penny-ante players who abuse the relative anonymity of dial-up Internet access. We would be left with the "big" spammers who have their own connections, which should be easier to effectively deal with. FYI, Erik E. Fair fair@clock.org
My bucks worth. The *real* issue is that spam steals bandwidth by using more than an "average" users worth of bandwidth. Postal systems the world over have a simple solution, one must buy a stamp first. I am not advocating an email "pay before you use policy", however if one were to look at the number of out-going messages that a "typical" email user generates on any given day it likely on the order of <100. Given this, if everyone's AUP stated that unless negotiated by said user and ISP previously, that all out-going email exceeding <some number> would be subject to a bulk mail charge of $X.X per message. This still will not fix the dial-up hit and run artists that plague our networks today. The only way to truly solve the spam issue is through re-architecting the email systems that are in use today to use some of the features to prevent this abuse. I know this sounds like a global peace pitch, but if there were a standard by which all mailers would follow that contained the feature sets needed to eradicate spamming then and only then may it be possible to stop spending valuable time and money fighting this issue. Even the threat of federal penalty is not enough to stop spammers, just look how hard it is for the postal service to track and prosecute clever mail fraud houses. I guess what I am saying is that we and the developers of email and other systems that use these networks need to work together to solve these issues at the product layer. Waiting for legislation may turn out to be very frustrating and in the mean time the theft continues. Black holing while effective carries with it other distasteful side-effects/concerns as we have witnessed. We can toss around all the legalese we want to and will continue to be ineffective at significantly reducing the problem. This is just like CB radio, "who is gonna catch me?!" is what spammers are saying and they are right. When you have thousands of people abusing the system it is really difficult to prosecute them, so the system turns into a pestilent pile of garbage. I submit that is an engineering problem, waiting for lawyers and senators will bring the system down. -pete Erik E. Fair (Timekeeper) wrote:
Those of you who operate ISPs that accept credit-card, dial-up customers (and therefore have a problem with spammers abusing your services) might find this item of interest.
Earthlink's Acceptable Use Policy has a $200 penalty for spamming in it. I am told that with the advent of this policy, there was a dramatic drop in abuse of their service.
See http://www.earthlink.net/company/aupolicy.html for the details. The key section is
2.3.1.3. Member specifically agrees that he/she/it will not utilize the EarthLink Network service, EarthLink Network's equipment or any EarthLink Network electronic mail address in connection with the transmission of the same or substantially similar unsolicited message to 50 or more recipients or 15 or more newsgroups in a single day. For each day upon which this provision is violated, Member agrees to pay EarthLink Network $10.00 per day for an unintentional violation of this provision, but where warranted, such as in the case of an accidental transmission, EarthLink Network may waive all or part of the applicable charge. In cases of willful violations of this provision, Member agrees to pay EarthLink Network $200.00 per day. EarthLink Network at its sole discretion shall determine whether such a violation was unintentional or willful. Payment by member under this provision shall not prevent EarthLink Network from seeking to obtain other legal remedies against member, including other damages or an injunction.
So, set the agreement up right, find the spammers abusing your service, and whack them with a fine, per the agreement. Recover your cost, plus lost goodwill.
This will not eradicate spam. However, if everyone does this, the effect should be to sharply curtail the penny-ante players who abuse the relative anonymity of dial-up Internet access. We would be left with the "big" spammers who have their own connections, which should be easier to effectively deal with.
FYI,
Erik E. Fair fair@clock.org
[ On Fri, October 31, 1997 at 10:47:20 (-0500), Peter E. Giza wrote: ]
Subject: Re: potentially profitable spam countermeasures
My bucks worth. The *real* issue is that spam steals bandwidth by using more than an "average" users worth of bandwidth. Postal systems the world over have a simple solution, one must buy a stamp first. I am not advocating an email "pay before you use policy", however if one were to look at the number of out-going messages that a "typical" email user generates on any given day it likely on the order of <100. Given this, if everyone's AUP stated that unless negotiated by said user and ISP previously, that all out-going email exceeding <some number> would be subject to a bulk mail charge of $X.X per message.
Lots of ISPs seem to have such limits stated in their AUPs already but many don't seem to have a decent way of enforcing them. To that end I recently added the first part of a control that does just exactly that to smail. It'll be in the next beta release. Of course a belligerent spammer could still open many more consecutive (and concurrent) connections to the relay host to try to bypass such limits but such attempts will hopefully be far more visible to operators watching out for trouble, and more advanced solutions could be implemented with relative ease as well. -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (3)
-
Erik E. Fair
-
Peter E. Giza
-
woods@most.weird.com