anti-spam vs network abuse

• Previous message (by thread): anti-spam vs network abuse
• Next message (by thread): anti-spam vs network abuse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:56 PM 2/28/2003, Paul Vixie wrote:

> > > For the past 15 months, NJABL has reactively tested systems that have
> > > connected to participating SMTP servers to see if those systems are open
> > > relays. ...
> > >
> > > We do not consider what NJABL does abuse, ...
>
>Jon,
>
>If "they" are indeed only testing systems who connect to them, it's not
>abuse, and I would not have complained.  However, they scanned every
>address in every netblock I own, looking for SMTP servers.  That was
>abuse, that was illegal in California, and I was shocked that you "allowed"
>"them" to behave that way.  Hopefully my inference is correct and "they"
>are now scanning only the hosts which connect to participating SMTP servers.

Paul raises good questions about the level of response to incoming SMTP 
traffic. If contacted for transmission of SMTP, do you have the right to go 
probe the sending system for all possible vulnerabilities, or only ones 
that relate directly to email? Clearly there are concerns about email 
coming from open relays, and from open proxies. The degree of scanning 
could easily cross the line from warranted to abusive, and potentially illegal.

Scanning machines "in the neighborhood" sure seems far over the line. This 
is further complicated by the difficulty in determining the size of the 
"neighborhood" (read: netblock assigned to a customer).

While we would all like to find some solution to the spam problem before 
email is rendered useless, measures which themselves threaten the network 
with denial of service attacks and other measures can be considered just as 
damaging. 

• Previous message (by thread): anti-spam vs network abuse
• Next message (by thread): anti-spam vs network abuse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]