RE: surge in spam email (fwd)
We have a zero-tolerance policy for spam, too, and do our best to stop it -before- we get complaints. If we receive a complaint, we do a quick (within minutes, not hours or days) investigation to verify the facts, then shut down the spammer. It's funny, though - the only reason -I- care about spam on a personal level is when it chokes a mail server, or someone starts spamming a listserv. I have a pretty good set of filtering rules on my relay and my client, and the little bit that gets through I just delete. When it's in my own inbox, it annoys me about as much as junk postal mail, or telephone solicitors - i.e., not at all. I toss the former in the trash, and tell the latter to toss -themselves- in the trash. Life's too short to waste on developing an ulcer because of morons, you know? I guess the traffic does add up to significant $$$ in transport for the larger transit providers, though. -----Original Message----- From: John Fraizer [mailto:nanog@EnterZone.Net] Sent: Wednesday, August 09, 2000 10:14 PM To: Brad Cc: David Charlap; nanog@merit.edu Subject: Re: surge in spam email (fwd) On Wed, 9 Aug 2000, Brad wrote:
On Wed, 9 Aug 2000, David Charlap wrote:
With a proper set of laws on the books, law enforcement could simply read the content of the spam to get a phone number, address or PO box, and prosecute whoever owns it. The fact that they abused a foreign server in the process shouldn't change anything.
The only problem with that is the simple fact that geting innocent people in trouble is more likely. For example: "Dumb Person A" sends a million SPAMs to anyone who will complain about it. In the message, they put a note telling the recipiant to send $5 to "Innocent Victim B"'s Home/PO BOX address. Then person B gets all kinds of complaints, and if the law read the email message, then they would pay the price too.
-Brad
This is precisely the problem with some providers current policy. Case in point: Someone SPAMvertized a website hosted by one of our customers. The SPAM was injected from a UUNet dialup port by one of THEIR customers. What was their response? They threatened to blackhole the /20 that contained the IP address of the website that was SPAMvertized. We try to make our BGP announcements responsibly but, actions like this will force us to announce specific /24's, especially when further investigation showed that the individual who SPAMvertized the site had no affiliation with it what-so-ever and had done so in attempt to get the site shut down. In the conference call with one of our upstreams and UUNet, I asked them if this was their firm policy -- no exceptions -- they blackholed ANY site that was SPAMvertized. I was told yes -- UNTIL I asked what they would do if someone SPAMvertized _THEIR_ site to 10,000,000 newsgroups as a test of their policy. For what it's worth, we, along with the customer in question have a ZERO TOLERANCE policy on SPAM. The site in question _was_ shut down during our investigation. Punishing someone without proof that they indeed have done something that is unacceptable is just opening ourselfs up for the newest, _EASIEST_ DoS attack ever. Now, a single 14.4 modem connect SPAM injector site can shut down a site sitting on OC192. Tons of bang for the buck to the DoS kiddies, Huh? Want to hurt the IPO of the latest .com to go public? Just SPAMvertize about it. --- John Fraizer EnterZone, Inc
[ On Wednesday, August 9, 2000 at 22:38:12 (-0700), rdobbins@netmore.net wrote: ]
Subject: RE: surge in spam email (fwd)
When it's in my own inbox, it annoys me about as much as junk postal mail, or telephone solicitors - i.e., not at all. I toss the former in the trash, and tell the latter to toss -themselves- in the trash. Life's too short to waste on developing an ulcer because of morons, you know?
I guess the traffic does add up to significant $$$ in transport for the larger transit providers, though.
Yes, but I think you're missing the more important point. Junk mail costs real $$$$ directly to the advertiser. If they want to waste their money advertising to me, then that's just fine by me. However spammers generally force everyone else to pay for their crap. A $5/month throw-away dial-up account can send millions of messages before it gets shut down. In fact the spammers who use open relays are almost always commiting a criminal theft of service, and sometimes a criminal fraud on top of it. The problem is that the damages are usually too low against any given claimant for the legal system to take any notice, and of course "everyone does it" (i.e. all the spammers are equally guilty and there are lots of them) so even when the spammer is in the same jurisdiction as the mailer he compromises, little can be done to achieve any justice. Even worse the damages are sometimes so low that even the claimants don't find them annoying enough to make it worth the effort of fixing their systems so that they're no longer vulnerable to such attacks. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (2)
-
rdobbins@netmore.net
-
woods@weird.com