Motion for a new POST NSF AUP

William Allen Simpson bsimpson at morningstar.com
Mon Oct 16 08:13:54 UTC 1995


> From: "Theodore Ts'o" <tytso at MIT.EDU>
> I disagree, strongly.  I think anti-spam messages, sent to the
> postmasters of the respective ISP's that provide service to the
> spammers, is perfectly acceptable.  Otherwise, there is no cost to the
> ISP's for providing service to the spammers.
>
Good idea!  I've only been sending to the perpetrator (which sometimes
bounces).


> As a matter of course, whenever I receive a spam, I will generally send
> a complaint to postmaster at the originating site, or perhaps to the
> ISP, if I can determine it.  In fact, I'm thinking about automating this
> procedure, to decrease the amount of time that it takes for me to send
> the complaint.

I also have a template file which I use to save time.

How do you automate finding the postmaster and ISP?  I cannot seem to
figure it out.

In the case of the "Janet Dove" spam, the two different months included
different headers:

        Received: (from news at localhost) by ixc.ixc.net (8.6.12/8.6.10) id SAA06849; Fri, 8 Sep 1995 18:27:50 -0400
        From: janetdove at infosat.com (Janet Dove)
        Newsgroups: info.ietf.isoc,info.ietf.njm,info.ietf.smtp,info.inet.access,info.isode,info.jethro-tull,info.labmgr,info.mach,info.mh.workers,info.nets,info.nsf.grants,info.nsfnet.cert,info.nsfnet.status,info.nupop,info.nysersnmp,info.osf,info.pem-de
        Subject: ===>> FREE 1 yr. Magazine Sub sent worldwide- 315+ Popular USA Titles
        Date: Fri, 08 Sep 1995 18:28:18 -0500
        Organization: Association of Overseas Students, Eastern Region
        Message-ID: <janetdove-0809951828180001 at pm1-49.ixc.net>
        NNTP-Posting-Host: pm1-44.ixc.net


        Received: from [198.70.48.62] (pm1-62.ixc.net [198.70.48.62]) by cornell.edu (8.6.12/8.6.12) with SMTP id EAA02068; Wed, 11 Oct 1995 04:28:53 -0400
        X-Sender: For.a.prompter.reply.please.fax at If.you.do.not.have.a.fax.smail.is.ok (Unverified)
        Message-Id: <[email protected][205.230.67.34]>
        Date: Wed, 11 Oct 1995 05:03:27 -0500
        To: For.a.prompter.reply.please.fax at If.you.do.not.have.a.fax.smail.is.ok
        From: For.a.prompter.reply.please.fax at If.you.do.not.have.a.fax.smail.is.ok (You will
         get a quick reply via email within 1 business day of receipt of the info
         request form below.)
        Subject: *new* reply info: ===>> FREE 1 yr. Magazine Sub sent worldwide- 300+ Popular USA
         Titles

As you can see, in the second they were better at hiding!  But email to
janetdove didn't bounce....  And the Received tells the IP address.

As to authentication, the headers indicate "pm-", probably a PortMaster.
I _know_ PortMasters have both PAP and CHAP authentication.


> Other people have talked about enforcement; as near as I can tell, this
> is the only kind of enforcement on the Internet that will really work.
>
Yes, email reply is a good start.  But, I would like to add another kind.
And the ISP's had better listen up:

The other kind is a lawsuit.  It costs about $50 for an individual to
file, and $$$ (thousands) for a company to defend.  And for that same
$50, I can sue _both_ the perpetrator, and an uncooperative ISP.

If the ISP fails to authenticate, and/or fails to log and identify the
perpetrator, they are clearly negligent!


> P.S.  Perhaps ISP's should consider writing into their customer's
> contracts some legal language saying that if the ISP receives too many
> complaints, that the customer is liable for the cost of processing the
> complaints caused by that customer --- the ISP can decide to waive the
> fee if the complaints are caused by some mail forgery or other
> legitimate misunderstanding.
>
We talked about this last year.  If they haven't done it by now, they
have only themselves to blame....

Bill.Simpson at um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2



More information about the NANOG mailing list