Option 3. Invoice them for services. Send a demand letter for services rendered, and tell them to refrain from further relaying until payment terms are arranged. Send the letter certified return receipt to the corporate agent. If the services rendered exceed $5000, report the act to the FBI. To make an effective criminal complaint that can be prosecuted, you need to make efforts to collect the money. After the demand letter, engage a lawyer to sue them, or a collection agency to collect the money. Before ORBS and the antispammers started inciting attacks this summer, spammers did not find our service. Anyone that runs an active probe service on a leased line would be discovered, and shutdown. You aren't going to probe much of the internet on a dialin line. We know how to stop people on static IP addresses. Criminal relaying depends on a service like ORBS to collect and disseminate information on where to find a relay. This is why we ask all operators to block traffic to ORBS, which has recently changed addresses to 202.36.147.16. We had blocked 202.36.148/24. I just noticed they changed IP addresses to avoid filters. These are our new filters: access-list 104 deny ip 202.36.148.5 0.0.0.255 any access-list 104 deny ip 202.36.147.16 0.0.0.255 any Slippery. But these two /24's appears to be all that is swipped to them. I want to offer my heartfelt thanks to all operators who have blocked them so far. This holiday weekend has certainly been better. --Dean Around 10:42 AM 11/27/1999 -0600, rumor has it that Gene Black said:
That's why you engineer around the problem to insure that your legitimate business can continue when you shut down your relays. If you leave them open long enough, the spammers will eventually find you, and when they do, you're only going to have two options left:
1. Close the relays
or
2. Quit offering any type of SMTP services.
This is what prompted us to close our relays a few years back. The sheer amount of spam coming through was so massive as to effectively shut down our mail servers and eat a very significant portion of our bandwidth. Users won't tolerate outages like that - and shouldn't have to. The majority of it was coming in from remote places overseas as well - not the sort of thing that you can easily pursue legally if you can pursue it at all.
Just my two cents...
"Roeland M.J. Meyer" wrote:
You have just explained why you are a SysAdmin and not a business operator. The issue is not that closing them is difficult. The issue is that it will ALSO close down a legitimate business.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Robert Gash Sent: Monday, November 22, 1999 12:45 PM To: Dean Anderson Cc: nanog@merit.edu Subject: Re: ARIN whois
Dean, perhaps I am not fully understanding your logic behind not closing your relays. I have been a systems administrator for 4 years and I have not ever found an application where I needed to leave my SMTP relays open to the world. I do not doubt that you have legitimate business purposes in mind when opening your relay, but at some point you must decide that legal action will be too slow to fix anything and that it might be a good time to close your relays to aleviate other problems. Simply saying "I shouldn't need locks on my doors because everyone should be honest and never come into my house without my permission," dosen't cut it in this world, and I am quite sure that you have locks on every portal to your house, so why should your SMTP server be any different? Taking such a stance and refusing to close your relays is simply a foolish decision.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I am sorry but this thread would be best suited to news.admin.net-abuse.email. I hate that my first posting to this list is of this subject matter but your Spam on antispam is driving me insane here. ----- Original Message ----- From: Dean Anderson <dean@av8.com> To: Gene Black <gblack@3wave.com>; <rmeyer@mhsc.com> Cc: 'Robert Gash' <gashalot@gashalot.com>; <nanog@merit.edu> Sent: Saturday, November 27, 1999 4:05 PM Subject: Re: ARIN whois
Option 3. Invoice them for services. Send a demand letter for services
rendered, and tell them to refrain from further relaying until payment terms are arranged. Send the letter certified return receipt to the corporate agent. If the services rendered exceed $5000, report the act to the FBI. To make an effective criminal complaint that can be prosecuted, you need to make efforts to collect the money. After the demand letter, engage a lawyer to sue them, or a collection agency to collect the money.
Before ORBS and the antispammers started inciting attacks this summer,
spammers did not find our service. Anyone that runs an active probe service on a leased line would be discovered, and shutdown. You aren't going to probe much of the internet on a dialin line. We know how to stop people on static IP addresses.
Criminal relaying depends on a service like ORBS to collect and
disseminate information on where to find a relay.
This is why we ask all operators to block traffic to ORBS, which has
recently changed addresses to 202.36.147.16. We had blocked 202.36.148/24. I just noticed they changed IP addresses to avoid filters. These are our new filters:
access-list 104 deny ip 202.36.148.5 0.0.0.255 any access-list 104 deny ip 202.36.147.16 0.0.0.255 any
Slippery. But these two /24's appears to be all that is swipped to them.
I want to offer my heartfelt thanks to all operators who have blocked them
so far. This holiday weekend has certainly been better.
--Dean
Around 10:42 AM 11/27/1999 -0600, rumor has it that Gene Black said:
That's why you engineer around the problem to insure that your legitimate business can continue when you shut down your relays. If you leave them open long enough, the spammers will eventually find you, and when they do, you're only going to have two options left:
1. Close the relays
or
2. Quit offering any type of SMTP services.
This is what prompted us to close our relays a few years back. The sheer amount of spam coming through was so massive as to effectively shut down our mail servers and eat a very significant portion of our bandwidth. Users won't tolerate outages like that - and shouldn't have to. The majority of it was coming in from remote places overseas as well - not the sort of thing that you can easily pursue legally if you can pursue it at all.
Just my two cents...
"Roeland M.J. Meyer" wrote:
You have just explained why you are a SysAdmin and not a business
operator.
The issue is not that closing them is difficult. The issue is that it will ALSO close down a legitimate business.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Robert Gash Sent: Monday, November 22, 1999 12:45 PM To: Dean Anderson Cc: nanog@merit.edu Subject: Re: ARIN whois
Dean, perhaps I am not fully understanding your logic behind not closing your relays. I have been a systems administrator for 4 years and I have not ever found an application where I needed to leave my SMTP relays open to the world. I do not doubt that you have legitimate business purposes in mind when opening your relay, but at some point you must decide that legal action will be too slow to fix anything and that it might be a good time to close your relays to aleviate other problems. Simply saying "I shouldn't need locks on my doors because everyone should be honest and never come into my house without my permission," dosen't cut it in this world, and I am quite sure that you have locks on every portal to your house, so why should your SMTP server be any different? Taking such a stance and refusing to close your relays is simply a foolish decision.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plain Aviation, Inc dean@av8.com LAN/WAN/UNIX/NT/TCPIP http://www.av8.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
participants (2)
-
Bill Larson
-
Dean Anderson