Peter Beckman beckman at
Thu May 29 13:46:15 CDT 2008

On Thu, 29 May 2008, Luke S Crawford wrote:

> Peter Beckman <beckman at> writes:
>>   If you are taking card-not-present credit card transactions over the
> ...snip "hard to charge fradulent customers" and also "verifying customer
> identity annoys the customer"... points-
> The goal here is to give abuse a negative expected return.  One way to do
> this is to charge (and collect)  a fee that is greater than what the
> spammer can earn between when they sign up and when you shut then down.
> There are two ways to do this -  1. raise (and collect) the abuse fee, or
> 2. lower the amount they can earn before you shut them down.

  All these charges do is line the coffers.  Sure, a few might be prevented
  from doing it in the first place, but the rest will continue, and everyone
  else here, including Barry, will continue to get hit by spam and DOS and

> I wanted to point out another option providers now have.  IDS technology
> has matured.  Snort is free and pretty standard.   Personally, I find
> monitoring incoming traffic to be... of limited utility.  However,
> I believe snort is an excellent tool for lowering the cost of running an
> abuse desk, if you run it on the outgoing traffic.     Snort is pretty good
> about alerting you to outgoing abuse before people complain.  Heck, if you
> trust it, you can have it automatically shut down the abusive customers.

  This is what I think we should ALL be doing -- monitoring our own network
  to make sure we aren't the source, via customers, of the spam or DOS
  attacks.  All outbound email from your own network should be scanned by
  some sort of best-practice system before delivery to prevent or limit spam
  from originating on your network.  IMO.

  But let's be realistic -- the reality is that not everyone does, due to
  financial or resource or management constraints, and that receiving spam
  and being hit by DOS attacks and being slashdotted is simply part of the
  cost of being on the 'net.

  Profiting MORE from those that proliferate these attacks may hurt you less
  in the bottom line, but it still hurts everyone else who is the target of
  the attacks enabled by high AUP abuse fees.

  I know I'd be just as ticked off about a spam attack from Amazon EC2,
  whether or not Amazon got paid extra to enable it.

Peter Beckman                                                  Internet Guy
beckman at                       

More information about the NANOG mailing list