open relays at Earthlink
Steven J. Sobol
sjsobol at nacs.net
Tue Aug 25 21:42:32 UTC 1998
On Sat, Aug 22, 1998 at 12:34:01AM +0100, Steve Davies wrote:
> ISPs sell customers a TCP/IP connection to the Internet. To me that means
> taking my IP datagrams and delivering them to where I address them. I
> don't see that filtering of outbound traffic is part of such a product,
> any more than hijacking my connects to port 80 somewhere and plumbing me
> into a "transparent" web cache is.
> Why shouldn't dialup users run MTAs that do "proper" delivery?
There is a company called TCPS that sends millions of spam messages in
direct violation of UUNet's own AUP.
They make exclusive use of resellers who lease UUNET dialups.
According to UUNet abuse czar John Bradshaw, no fewer than 82 -- *82* --
TCPS-held dialup accounts had been nuked by resellers; this number was
given sometime in early August, I think. They keep on getting new accounts
with other companies.
Now, do you want to ask me that question again... Thought not.
Not that I care, I'm putting filters into place on my mail server that block
mail from UUNet dialups and relays anyhow. But the answer to your question
is, "It would save them a lot of trouble and money as there would be far
fewer AUP violations to have to deal with."
Besides, what are you defining as "proper delivery"?
> On the other hand, I would fully support anyone's right to filter
> connections from my dialin user pool addresses if they felt that they
> needed to do that. I would, in my personal opinion, be happy to provide
> such a person with my IP pool address ranges, or info on the domain names
> we use for that (which are easy to deduce, anyway?).
Why is it my responsibility to filter users who are breaking your rules?
It's UUNet's responsibility to enforce its AUP. It's also UUNet's
responsibility to its shareholders to keep costs down and revenues high, and
I could argue that preventing dialups from being used to send mail will cut
a lot of the costs associated with cleaning up after spammers.
> (Of course, I'd rather persuade this person than my organization deals
> responsibly with spammers - but no doubt I'd be unable to persuade some)
Steve, don't even get me started on this. I've been spammed by UUNet
I think there are people within the company who want to do the right thing,
but I doubt the suits care.
> If enough people refused to take mail from my pool addresses then I guess
> my customers will be duly "encouraged" to use the provided relays. (Most
> do anyway, of course) If only a few refuse to take the mail then most
> deliveries still work fine directly; and those few feel happy that they
> are "protected".
> Doesn't this arrangement make sense?
Filtering is a good thing. But: UUNet getting up off their butts and finishing
what they started WRT net abuse is better.
UUNet leases dialups to ISP's. Why can't UUNet figure out a way to ensure that
customers of ISP X only use ISP X's mail and news servers?
It's NOT OUR RESPONSIBILITY TO POLICE UUNET. IT'S UUNET'S RESPONSIBILITY TO
> Steve Davies
> Operations, UUNET UK
> (Who is in the UUNET group but does not influence policy for UUNET US)
Steve Sobol, Cartel Member #1489 (tinc)
Quote of the year: "If Bill [Gates] were tan, buffed and weighed 240 pounds, I
bet people would dig IS." - Michael Cohn, COMPUTERWORLD Magazine, 8/3/98.
More information about the NANOG