Lawsuit threat against RBL users

Thu Nov 19 15:26:26 UTC 1998

The problem with this is that someone, sooner or later, is going to 
take a run at people trying to set up what amounts to a set of contractual
requirements that exceed legal requirements - and then enforce them network
wide.

The collusive aspect of this is downright scary, especially when coupled
with threats of depeering, active denial of service attacks, etc.

I happen to be an "anti-spammer", but when you get to the point that you
start telling people what they have to put in their contracts as an industry,
such that if Person #1 commits an act on a *completely unrelated* system
they get their contract voided you're treading on very, very thin ice.

That looks an awful lot like an industry-wide blacklist, and those are
dangerously close to being per-se illegal.

There's nothing wrong with a single provider putting whatever provisions 
in their agreements they see fit - you're always free to shop for a new
provider.  However, when industry actions conspire to basically *force*
certain provisions to be included in *everyone's* contracts, and those
provisions go beyond "don't do illegal things", then IMHO you're exerting
force that needs to be very carefully thought out.

There IS a means to solve the problem otherwise - that is, for the industry
to make "throw away, instant registration" accounts disappear.  The problem 
with what is being done now is that the entire industry is being forced to
provide a "safe haven" for a PARTICULAR marketing tactic.

There are a lot of "questionable" things that this industry does, but IMHO
this one is near or at the top of the list of things I'd talk to my counsel
about....

--
-- 
Karl Denninger (karl at denninger.net) http://www.mcs.net/~karl
I ain't even *authorized* to speak for anyone other than myself, so give
up now on trying to associate my words with any particular organization.

On Thu, Nov 19, 1998 at 09:46:32AM -0500, Chris Mauritz wrote:
> That's a pretty shortsighted view, Sheryl.  I suspect you haven't been on
> the receiving end of some idtiot buying a leased line/virtual web presence
> from you and then spamming from an AOL/PSI/earhlink/yadda yadda account.  It
> isn't pleasant.  Folks aren't stupid.  They ignore the fact that the tool
> used to spam was a throwaway account and go right for the jugular (you).
> It's better to have a zero tolerance policy and not have to deal with the
> silliness in the first place.
> 
> Chris
> 
> Chris Mauritz
> Director, Systems Administration
> Rare Medium, Inc.
> chrism at raremedium.com
> 
> 
> -----Original Message-----
> From: Sheryl Chapin [mailto:schapin at ctel.net]
> Sent: Thursday, November 19, 1998 8:48 AM
> To: nanog at merit.edu
> Subject: Re: Lawsuit threat against RBL users
> 
> 
> >That's right. It stops the practice of using a sacrificial account, from
> >AOL or netcom, to spam for a web-site that is otherwise protected. Does it
> >make a difference that they didn't spam from their own ISP? That customer
> >is *still* a spammer whether they did it from your site or not. Maybe
> >you're of the "It's alright as long as they don't do it here" crowd? Well,
> >that's one of the things that the RBL was built for. The rest of us don't
> >have to put up with your negligence.
> 
> 
> I don't see it as "it's alright as long as they don't do it here".  I see
> it as "I have control over my network, but not over anyone elses".  I have
> an AUP that specifically states spamming is not allowed.  I have kicked off
> users who have spammed.  However, I do not have an AUP that says "If you
> ever spam anyone ever in the world on any network anywhere I will
> disconnect whatever service you have".   I don't control the entire
> internet, just my little piece of it. :-)
> 
> 
> Sheryl Chapin
> Senior Network Engineer
> CommTel Internet    207.377.3508
> Winthrop, Maine     schapin at ctel.net