open relays at Earthlink

Bill Becker bbecker at iconn.net
Mon Aug 31 12:12:45 UTC 1998


On Sat, 22 Aug 1998, Steve Davies wrote:

> ISPs sell customers a TCP/IP connection to the Internet.  To me that means
> taking my IP datagrams and delivering them to where I address them.  I
> don't see that filtering of outbound traffic is part of such a product,

Fair enough.

> On the other hand, I would fully support anyone's right to filter
> connections from my dialin user pool addresses if they felt that they
> needed to do that.  I would, in my personal opinion, be happy to provide
> such a person with my IP pool address ranges, or info on the domain names
> we use for that (which are easy to deduce, anyway?).

This is what we do here.  Our MTA returns "We dont' accept mail from 
dialup ports" to the senders.  As long as uunet maps their dialups into 
subdomains, it's no problem.

> (Of course, I'd rather persuade this person than my organization deals
> responsibly with spammers - but no doubt I'd be unable to persuade some)

This is the heart of the problem in the US.  The practice of renting
dialup to other providers is not a problem as long as the people who OWN
the equipment do not disclaim responsibility for it's use.  What is
happening in the US is that a spammer (typically) will get on some service
which uses UUnet equipment and start spamming on a Friday night.  You send
a complaint to UUnet and get a robotic response, but the spammer will
continue on until Monday at least, when UUnet's customer shuts him off. 

This is unacceptable.  UUnet's US abuse department has claimed that such 
spammers are not their customers, so they are not responsible for what 
the spammer does while using their equipment, and so UUnet is violating 
it's own AUP.  This leads to a bad, bad, place.  What if the abuser were 
a smurfer or a ping-flooder instead of a spammer?

Right now, UUnet in the US is the main source of spam on the internet, 
and this is due to UUnet's irresponsible policy.  US spammers have found 
that it is cost-effective to get an account from an access reseller which 
uses UUnet hardware, and spam for up to a week before action is taken 
against them.  You can send a million spams for the cost of one 
entry-level dialup account.  They do this repeatedly, as evidenced by a 
single spammer using an NYC uunet pop for at least two months now.

This has to be fixed to make spamming more expensive.  Shut off the 
spammer as soon as complaints come in, and then forward the whole mess -- 
Spams, complaints, logs -- To the reseller and let them sort it out AFTER 
the spammer's access is removed.

Bill <postmaster at iconn.net>





More information about the NANOG mailing list