Spam Control Considered Harmful
Cal Thixton - President - ThoughtPort Authority of Chicago
cthixton at thoughtport.net
Thu Oct 30 19:43:53 UTC 1997
> And what will the FBI do when spammers leave the US...
In these cases, we normally turn them into international trade issues.
If we all freely admit that this problem is beyond a technical solution,
what are our alternatives? Even in the best of cases, sometimes we have no
choices. In Agis's case, they recently took action and disconnected a known
spammer site; they were taken to court and ordered to restore service. I
am not sure how well my own Use Policy would hold up were we ever to be
dragged into court.
As the wild west days of the Internet wane and our Clint Eastwood heros,
(e.g. the Honorable Paul Vixie) find themselves marginalized by savvy
customers with court orders, we will find that migrating from gun slinging
to organized law enforcement far cheaper and more effective in the long run.
I am just as willing as the next 'responsible provider' to be responsible.
However, if I cannot also have the authority that comes with it or at least can
turn to someone who does, then we will end up in a free-for-all situation which,
come to think of it, is what is happening now. No One on the Internet
has the authority to turn Anyone off no matter what they do, nearly.
Check my spamming report from last night, I see my top abuser yesterday was
an MCI customer (see trace). Though I have sent lots of complaints to MCI,
never have I ever gotten a human reply with followup. In fact, in my personal
experience, I have never had any of the big backbone providers do much other
than send me an automated reply, except for one; Agis. Perhaps it is because
I am a customer that they listen to me whine, but it does seem than in all of the
public discussions thus far, I have only seen one provider even willing to
engage in a conversation on spamming. And yet who is the preferred whipping
boy, since uunet, bellsouth, mci, et. al. are all bright enough to know when
to duck an issue? hmmm.
Cal
Esse, my neighbor, asked, "are you letting people come and
pick from your garden, honey?"
"No, why do you ask?"
"Well, the man on the top floor sent over his step daughter
to pick some things and I was just thought you should know."
Sure enough, my first crop of peaches were gone along with some
other things. I installed a broken video camera on my house over looking the
garden. I have not lost anything since.
wickerpark 212) t netsgo.com
traceroute to netsgo.com (210.115.123.108), 30 hops max, 40 byte packets
1 CHI-Cisco01.ThoughtPort.COM (199.171.236.1) 40 ms 10 ms 10 ms
2 CHI-DET-Cisco01.BB.ThoughtPort.COM (199.171.248.2) 30 ms 10 ms 10 ms
3 a0.1008.chicago4.agis.net (205.137.60.238) 30 ms 20 ms 20 ms
4 a0-0.1.chicago2.agis.net (205.254.173.250) 30 ms 20 ms 30 ms
5 aads.mci.net (198.32.130.12) 70 ms 4 ms 60 ms
6 aads.mci.net (198.32.130.12) 70 ms * 130 ms
7 * core1.Bloomington.mci.net (204.70.4.161) 190 ms 130 ms
8 core2-hssi-2.Sacramento.mci.net (204.70.1.138) 300 ms * 620 ms
9 border7-fddi-0.Sacramento.mci.net (204.70.164.51) 120 ms 110 ms 120 ms
10 yukong-ltd.Sacramento.mci.net (204.70.122.86) 250 ms 260 ms 280 ms
11 abs.netsgo.com (210.115.123.108) 260 ms 260 ms 270 ms
Begin forwarded message:
Date: Thu, 30 Oct 1997 00:24:46 -0500 (EST)
From: Jon Lewis <jlewis at inorganic5.fdt.net>
To: Cal_Thixton at TPA.Net
cc: Phil Lawlor <phil at agis.net>, nanog at merit.edu
Subject: Re: Spam Control Considered Harmful
In-Reply-To: <199710300214.UAA12965 at thoughtport.thoughtport.net>
X-To-Stop-Spam-See: [An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/spam.html
On Wed, 29 Oct 1997, Cal Thixton - President - ThoughtPort Authority of Chicago wrote:
> I personally see no practical technical means of eliminating the
> practise of spamming and rather than spending time trying to dream up
> fancier and smarter sendmail's, we should seek to simply expand the
> current mail fraud laws to cover electronic mail. Then we can simply
> sic the FBI on these people armed with terabytes of logs and spam emails
And what will the FBI do when spammers leave the US and do their deed from
other countries? Spammers won't be stopped by legislation or
technology...the average internet user can't handle the amount of
technology necessary to keep spam out of their mail. The average sysadmin
isn't much better off. I had to disable my latest anti-spam sendmail rule
today (denying incoming mail from sites with no or incorrect in-addr.arpa
DNS) because a client is trying to do business with a site that has
existed for a year an a half and never setup in-addr.arpa DNS.
Spam can only be stopped by responsible providers not allowing their
clients to abuse the net. Phil's attitude of "We provide internet
connectivity. If you don't like spam, _you_ do something about it." has
nearly destroyed AGIS. Who's going to be next?
BTW...Cal...obtain a linefeed.
------------------------------------------------------------------
Jon Lewis <jlewis at fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______[An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Begin forwarded message:
Date: Thu, 30 Oct 1997 00:24:46 -0500 (EST)
From: Jon Lewis <jlewis at inorganic5.fdt.net>
To: Cal_Thixton at TPA.Net
cc: Phil Lawlor <phil at agis.net>, nanog at merit.edu
Subject: Re: Spam Control Considered Harmful
In-Reply-To: <199710300214.UAA12965 at thoughtport.thoughtport.net>
X-To-Stop-Spam-See: [An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/spam.html
On Wed, 29 Oct 1997, Cal Thixton - President - ThoughtPort Authority of Chicago wrote:
> I personally see no practical technical means of eliminating the
> practise of spamming and rather than spending time trying to dream up
> fancier and smarter sendmail's, we should seek to simply expand the
> current mail fraud laws to cover electronic mail. Then we can simply
> sic the FBI on these people armed with terabytes of logs and spam emails
And what will the FBI do when spammers leave the US and do their deed from
other countries? Spammers won't be stopped by legislation or
technology...the average internet user can't handle the amount of
technology necessary to keep spam out of their mail. The average sysadmin
isn't much better off. I had to disable my latest anti-spam sendmail rule
today (denying incoming mail from sites with no or incorrect in-addr.arpa
DNS) because a client is trying to do business with a site that has
existed for a year an a half and never setup in-addr.arpa DNS.
Spam can only be stopped by responsible providers not allowing their
clients to abuse the net. Phil's attitude of "We provide internet
connectivity. If you don't like spam, _you_ do something about it." has
nearly destroyed AGIS. Who's going to be next?
BTW...Cal...obtain a linefeed.
------------------------------------------------------------------
Jon Lewis <jlewis at fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______[An attachment was originally included here]http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Date: Thu, 30 Oct 1997 11:46:25 -0600 (CST)
From: cthixton at thoughtport.net
To: security at thoughtport.net
Subject: Relay Block SPAM: thoughtport
Who they are to:
44 webmaster netter.com.210.115.122.108
8 kstrieke bdcast.com.206.156.255.28
8 clifton ix.netcom.com.207.93.45.69
8 clifton ix.netcom.com.207.93.45.122
8 chadparsons prodigy.net.166.72.115.94
6 ygoldman hotmail.com.205.253.105.90
6 clifton ix.netcom.com.207.93.45.83
4 service etrade.com.208.254.139.3
4 service etrade.com.208.254.139.114
4 majordomo bapp.com.205.253.105.90
4 flashflood flashflood.com
2 tuneup qdeck.com.205.253.105.91
2 slawson iu.net.207.227.183.38
2 silisanise aol.com.207.53.21.153
2 siliconel aol.com.207.53.21.153
2 sileyboy aol.com.207.53.21.153
2 silentz aol.com.207.53.21.153
2 silenth2o aol.com.207.53.21.153
2 silaswight aol.com.207.53.21.153
2 silasmanue aol.com.207.53.21.153
2 silant aol.com.207.53.21.153
2 sil228 aol.com.207.53.21.153
2 rpatel bitconsulting.com.208.254.139.114
2 redsoxbry aol.com.207.53.20.108
2 redsox8674 aol.com.207.53.20.108
2 redsox21 aol.com.207.53.20.108
2 redsox2000 aol.com.207.53.20.108
2 redsox2 aol.com.207.53.20.108
2 redsox1975 aol.com.207.53.20.108
2 qtgal100 aol.com.207.53.20.135
2 qtfiddler aol.com.207.53.20.135
2 qtetsinger aol.com.207.53.20.135
2 qtesweet aol.com.207.53.20.135
2 qtess14u aol.com.207.53.20.135
2 qtenc aol.com.207.53.20.135
2 php46 aol.com.207.53.20.169
2 phoyt31329 aol.com.207.53.20.169
2 phoxy8 aol.com.207.53.20.169
2 phoxphyre aol.com.207.53.20.169
2 phoxman aol.com.207.53.20.169
2 phoxeast aol.com.207.53.20.169
2 phoenixwmn aol.com.207.53.20.169
2 nwc gun.com.192.41.5.95
2 mreisel sn.no.205.253.105.93
2 majordomo bap.com.205.253.105.90
2 kmiche01 thoughtport.com?
2 jal pilot.net.165.124.30.53[165.124.30.53]
2 info flyfrontier.com.153.36.240.239
2 ez connected.com.205.253.105.90
2 dj01 netter.com.208.208.223.19[208.208.223.19]
2 clifton ix.netcom.com.207.93.45.71
2 clifton ix.netcom.com.207.93.45.66
2 cheeto333 aol.com.208.197.20.27[208.197.20.27]
2 cheeto2323 aol.com.208.197.20.27[208.197.20.27]
2 cheeto178 aol.com.208.197.20.27[208.197.20.27]
2 chays911 aol.com.208.197.20.27[208.197.20.27]
2 cevans1977 aol.com.208.197.20.39[208.197.20.39]
2 cevans1948 aol.com.208.197.20.39[208.197.20.39]
2 cevans1464 aol.com.208.197.20.39[208.197.20.39]
2 cennypam aol.com.208.197.20.42[208.197.20.42]
2 cenntauri aol.com.208.197.20.42[208.197.20.42]
2 cennjcutie aol.com.208.197.20.42[208.197.20.42]
2 aparker infonorth.com.tom_cunningham
2 aallen3939 aol.com.207.53.20.103
2 aallen365 aol.com.207.53.20.103
2 aallen3106 aol.com.207.53.20.103
2 aallen2177 aol.com.207.53.20.103
2 aallen1980 aol.com.207.53.20.103
2 aallen1 aol.com.207.53.20.103
2 MACIAS NETTER.COM.199.35.191.5
2 Chris_Ivers/NC/FD/USA/Kelly kellyservices.com.165.124.30.53[165.124.30.53]
2 2004076 mcimail.com.153.35.127.59
2 2004075 mcimail.com.153.35.127.59
2 2004074 mcimail.com.153.35.127.59
2 2004073 mcimail.com.153.35.127.59
2 2004072 mcimail.com.153.35.127.59
2 2004071 mcimail.com.153.35.127.59
2 2004070 mcimail.com.153.35.127.59
2 2004069 mcimail.com.153.35.127.59
2 2004068 mcimail.com.153.35.127.59
2 2004067 mcimail.com.153.35.127.59
2 103467.2127 compuserve.com.206.133.160.189
1 No Relay
Domains they are to:
44 netter.com.210.115.122.108
20 mcimail.com.153.35.127.59
18 aol.com.207.53.21.153
14 aol.com.207.53.20.169
12 aol.com.207.53.20.135
12 aol.com.207.53.20.108
12 aol.com.207.53.20.103
8 prodigy.net.166.72.115.94
8 ix.netcom.com.207.93.45.69
8 ix.netcom.com.207.93.45.122
8 bdcast.com.206.156.255.28
8 aol.com.208.197.20.27[208.197.20.27]
6 ix.netcom.com.207.93.45.83
6 hotmail.com.205.253.105.90
6 aol.com.208.197.20.42[208.197.20.42]
6 aol.com.208.197.20.39[208.197.20.39]
4 flashflood.com
4 etrade.com.208.254.139.3
4 etrade.com.208.254.139.114
4 bapp.com.205.253.105.90
2 thoughtport.com?
2 sn.no.205.253.105.93
2 qdeck.com.205.253.105.91
2 pilot.net.165.124.30.53[165.124.30.53]
2 netter.com.208.208.223.19[208.208.223.19]
2 kellyservices.com.165.124.30.53[165.124.30.53]
2 ix.netcom.com.207.93.45.71
2 ix.netcom.com.207.93.45.66
2 iu.net.207.227.183.38
2 infonorth.com.tom_cunningham
2 gun.com.192.41.5.95
2 flyfrontier.com.153.36.240.239
2 connected.com.205.253.105.90
2 compuserve.com.206.133.160.189
2 bitconsulting.com.208.254.139.114
2 bap.com.205.253.105.90
2 NETTER.COM.199.35.191.5
1 Relay
Sites they are from:
45 netsgo.com
22 0.197.20.0
21 1Cust59.max6.cleveland.oh.ms.uu.net
18 d00408.msy.bellsouth.net
14 lachman-2.pr.mcs.net
14 d00168.msy.bellsouth.net
12 d00134.msy.bellsouth.net
12 d00107.msy.bellsouth.net
12 d00102.msy.bellsouth.net
10 day-fl2-58.ix.netcom.com
10 day-fl2-05.ix.netcom.com
9 slip166-72-115-94.mo.us.ibm.net
8 day-fl2-19.ix.netcom.com
8 ColumbiaMO-28.usi.com
7 1Cust114.tnt1.bloomington.il.da.uu.net
4 1Cust3.tnt1.bloomington.il.da.uu.net
4 0.124.30.0
3 greatideas-38.starnetinc.com
3 day-fl2-07.ix.netcom.com
2 transera.com
2 sdn-ts-011coauroP10.dialsprint.net
2 lachman-5.pr.mcs.net
2 lachman-3.pr.mcs.net
2 day-fl2-02.ix.netcom.com
2 bastion.mecklermedia.com
2 1Cust239.tnt14.dfw5.da.uu.net
2 0.208.223.0
Traces to sites that have no name
trace these:
0.124.30.0
0.197.20.0
0.208.223.0
Looking Up 0.124.30.0
route: 0.0.0.0/1
descr: HALF-DEFAULT-ZERO
descr: The Reasonable Default Network Project
descr: This prefix is one of three which is designed
descr: to accomplish several things. Firstly, ICM
descr: will be offering a set of robust and hardened
descr: default-oriented prefixes which will be made
descr: reliably available to some of AS1800's peers and
descr: things downstream from them. The routing announcements
descr: will be supplemented with a box that sends back
descr: appropriate ICMP messages; at some point we will
descr: also make a view of the default-announcing box's
descr: knowledge of global routing available to folks
descr: who wish to accept the default announcement.
descr: Secondly, this announcement is designed to assist
descr: ANS in the transition away from advisories. We expect
descr: that this will allow people to send in far fewer
descr: advisory updates than is done currently, without
descr: breaking reachability between ANS's customers and
descr: the rest of the world. This is good for both ANS
descr: and everyone else.
descr: Thirdly, ICM will be running some experiements on
descr: sheer amount of traffic that follows an ultimate
descr: default, although this must be done without
descr: examining that traffic for content without explicit
descr: permission from the originator. We expect that this
descr: will help identify and fix problems in the global
descr: routing system.
descr: questions, comments and flames to: smd at sprint.net, roll at stupi.se
origin: AS1800
advisory: AS690 1:1800 2:1239
mnt-by: MAINT-AS1800
changed: selina at ans.net 951011
source: RADB
Tracing to: 0.124.30.0
traceroute to 0.124.30.0 (0.124.30.0), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Looking Up 0.197.20.0
route: 0.0.0.0/1
descr: HALF-DEFAULT-ZERO
descr: The Reasonable Default Network Project
descr: This prefix is one of three which is designed
descr: to accomplish several things. Firstly, ICM
descr: will be offering a set of robust and hardened
descr: default-oriented prefixes which will be made
descr: reliably available to some of AS1800's peers and
descr: things downstream from them. The routing announcements
descr: will be supplemented with a box that sends back
descr: appropriate ICMP messages; at some point we will
descr: also make a view of the default-announcing box's
descr: knowledge of global routing available to folks
descr: who wish to accept the default announcement.
descr: Secondly, this announcement is designed to assist
descr: ANS in the transition away from advisories. We expect
descr: that this will allow people to send in far fewer
descr: advisory updates than is done currently, without
descr: breaking reachability between ANS's customers and
descr: the rest of the world. This is good for both ANS
descr: and everyone else.
descr: Thirdly, ICM will be running some experiements on
descr: sheer amount of traffic that follows an ultimate
descr: default, although this must be done without
descr: examining that traffic for content without explicit
descr: permission from the originator. We expect that this
descr: will help identify and fix problems in the global
descr: routing system.
descr: questions, comments and flames to: smd at sprint.net, roll at stupi.se
origin: AS1800
advisory: AS690 1:1800 2:1239
mnt-by: MAINT-AS1800
changed: selina at ans.net 951011
source: RADB
Tracing to: 0.197.20.0
traceroute to 0.197.20.0 (0.197.20.0), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Looking Up 0.208.223.0
route: 0.0.0.0/1
descr: HALF-DEFAULT-ZERO
descr: The Reasonable Default Network Project
descr: This prefix is one of three which is designed
descr: to accomplish several things. Firstly, ICM
descr: will be offering a set of robust and hardened
descr: default-oriented prefixes which will be made
descr: reliably available to some of AS1800's peers and
descr: things downstream from them. The routing announcements
descr: will be supplemented with a box that sends back
descr: appropriate ICMP messages; at some point we will
descr: also make a view of the default-announcing box's
descr: knowledge of global routing available to folks
descr: who wish to accept the default announcement.
descr: Secondly, this announcement is designed to assist
descr: ANS in the transition away from advisories. We expect
descr: that this will allow people to send in far fewer
descr: advisory updates than is done currently, without
descr: breaking reachability between ANS's customers and
descr: the rest of the world. This is good for both ANS
descr: and everyone else.
descr: Thirdly, ICM will be running some experiements on
descr: sheer amount of traffic that follows an ultimate
descr: default, although this must be done without
descr: examining that traffic for content without explicit
descr: permission from the originator. We expect that this
descr: will help identify and fix problems in the global
descr: routing system.
descr: questions, comments and flames to: smd at sprint.net, roll at stupi.se
origin: AS1800
advisory: AS690 1:1800 2:1239
mnt-by: MAINT-AS1800
changed: selina at ans.net 951011
source: RADB
Tracing to: 0.208.223.0
traceroute to 0.208.223.0 (0.208.223.0), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 19991 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/19971030/a54981f8/attachment.bin>
More information about the NANOG
mailing list