What's going on?

Deepak Jain deepak at jain.com
Sun Apr 20 22:16:17 UTC 1997


Now let's just say the whole world adopted DIGEX's policy in full.

Playing Devil's advocate, what if....

To remove a site from the internet [competitor, bad guy, good guy, enemy, 
let your imagination run wild]... What is keeping someone from spamming 
half a dozen or so sites (just enough to get noticed) with the line 
"please visit site 'http://www.xyz.com' for more information."

To add spice to the pot, what if the message were deliberately worded to 
look like an ad for www.xyz.com, even if www.xyz.com had no connection 
with this ad? Since SPAM by its very nature is difficult to trace 
thoroughly and the information is not very useful to prevent future 
attacks, I think its important to mention/cover situations like this.

I am sure we have seen all kinds of crap, from people forging mail to
appear from a legitimate NSPs' support mailbox to (of course) the behavior
above. How would one incorporate this sort of behavior into a fair AUP?

-Deepak.

On Sun, 20 Apr 1997, Lydia Leong wrote:

> 
> On Apr 17, 10:47pm, MARK BORCHERS wrote:
> 
> > I don't know that I'd favor an abuse policy that encompasses
> > WWW sites, even if they are listed elsewhere in spam mailings,
> > but if there's a reasonable policy out there that contemplates
> > this type of situation, I'd love to know how it reads.
> 
> [ Speaking only for myself. ]
> 
> DIGEX's acceptable use policies prohibit customers spamming through
> DIGEX connections (whether individual dialup, leased line, or webserver
> hosting), _and_ they prohibit customers from advertising services
> hosted on DIGEX connections in a manner that violates DIGEX's
> no-spam policies or the AUP of another provider. We also explicitly
> prohibit customers from advertising in a manner that violates the
> Federal Trade Commision's Deception Policy Statement.
> 
> This prevents somebody from reaping the benefits of a spam, regardless
> of where it originated from. It also means that even if the other
> provider doesn't take a responsible attitude towards his customers,
> the Internet community still has a second line of defense. It means
> that unethical businessmen can't go get throwaway Juno/CompuServe/etc.
> accounts, spam from them with the full knowledge that the accounts
> are going to be immediately cancelled, and pay nothing for the
> privilege.
> 
> The policy is at http://www.access.digex.net/~policy/digex-aup.html
> for the curious.
> 
> I certainly don't advocate hacker attacks on AGIS, if indeed AGIS was
> actually the subject of a denial of service attack. But I do think
> that AGIS, as a backbone provider, needs to take a more responsible
> attitude. When I log into my mail servers in the morning and find that
> my mail queue is jammed with fifteen thousand CyberPromo ads and
> legitimate customer traffic is slowed or stalled, as far as I'm
> concerned, that's something just short of a denial of service attack
> originating from AGIS netblocks.
> 
> While it's clear that, right now, ISPs aren't really legally
> responsible for the behavior of their customers, from the standpoint
> of good business relations and the general cooperative attitude of
> the Internet, it seems irresponsible for a provider to fail to
> terminate customers who are obviously abusive.
> 
> I'm currently working on a sendmail hack that will deal with only
> accepting relays from certain netblocks, expressed in IP prefix
> notation (the current sendmail capability of specifying, say,
> 204.91.98, is inadequate for me, since we have customers to have less
> than /24s). Until then, CyberPromo is my daily headache. Those people
> ought to be sued off the earth for theft of service.
> 
> 
> +-------------+--------------------------------------+---------------------+
> | Lydia Leong | http://www.access.digex.net/~lwl/    | lydia at digex.net     |
> | DIGEX, Inc. | Business Internet Connectivity Group | Systems Engineering |
> | 800-99DIGEX | Senior Systems Engineer / Postmaster | policy at digex.net    |
> +-------------+--------------------------------------+---------------------+
> 





More information about the NANOG mailing list