[ppml] Abstract of proposed Internet Draft for Best Current Practice (please comment)

Brian Bergin arin_ppml at comcept.net
Tue Feb 18 12:10:35 EST 2003 

At 11:47 18 02 03 Tuesday, you wrote:

>On Tue, 18 Feb 2003, Brian S. Bergin wrote:
>
> > >Your original post (possibly the first bullet point) suggested that ISPs
> > >*prevent* this type of abuse.  What solutions can you offer that will
> > >allow an ISP to prevent spam?
> >
> > If I might, while I'm new to this list, I deal with the junk daily.  The
> > problem is ISPs and individuals buying large blocks of IPs then reselling
> > them to others and then washing their hands of the mess.  I can point you
>
>The question isn't one of ISP policy, it's posed from a technical
>perspective.
>
>I can prevent outbound port 25 from all dialup/dsl/cable except to my
>servers.  I can be proactive when handling spam complaints.

That's quickly becoming a moot point.  There are plenty services both in 
and out of North America that allow people to send SMTP traffic on other 
than port 25 then they in turn send it out on port 25.  As more and more 
ISPs block port 25 more and more spammers figure out it's easy to get 
around.  Blocking 25 isn't the answer.  IMHO, the biggest thing is to clean 
up the open port 25 relays.  We were required by our backbone providers to 
show that our mail servers were secure.  Now blocking inbound port 25 from 
Asia and Eastern Europe does cut down on spam by 90%.  I know, we've tried 
it...

>But how do I *prevent* spam?
>
> > As for the vocal anti-spammers not agreeing on what constitutes UE, I
> > disagree.  UE is any mail sent unsolicited and without the addressee's
> > permission.  Furthermore, forged headers or relayed mail is abusive.  Go
> > look at the major backbone providers like C&W & uu.net.  Their AUPs are
> > quite clear.
>
>I find that, to many people, everything constitutes spam.  A single virus
>transmission or a typoed email address is justification to submit a report
>to any and every one that will listen.

No.  Most AUPs have something to the effect of "if it could reasonability 
be considered to result in complaints".  Every spammer knows what s/he is 
doing.  A cut-and-dry limit could be set.  x number of complaints generates 
a contact e-mail to the admin & tech contacts (if they're bounced as 
undeliverable the account is suspended).  x number of additional complaints 
generates a x-hour suspension of IPs.  x number more and the account is off 
for a month.  After that, one more set of complaints and it's off for good 
with no refund.

Also, a mis-typed e-mail address or virus is not spam by any AUP I've ever 
seen although continued unchecked viruses should result in the ISP 
suspending the account until it's corrected.  Most will do that if enough 
complaints come in.

> > To top it all off, many of these blocks, when SWIP'd, contain fraudulent
> > information.  ICANN will revoke a fraudulent or invalid domain 
> registration
> > why can't ARIN revoke a fraudulent IP SWIP and if the block owner is found
> > to also have fraudulent or invalid registration information they should
> > have their entire block revoked.  That's the way the rest of the world
> > works.  Do you think the FCC would allow someone to buy a block of
> > frequencies and give them false contact info?  The FCC would yank the
>
>This has nothing to do with spam.  This is a valid complaint regardless.

You're right; however, ARIN will NOT go after a block of IPs that has 
fraudulent info.  I have dozens of tickets with them stating they will not 
do anything other than list the fact that the info has been reported as 
inaccurate.  What good does that do.  If the state just issued me 
informational 'tickets' for violating the speed limit with no enforcement 
teeth do you think I'm ever going to slow down?  Until ARIN actually gets 
some backbone, and I'm not talking about bandwidth, people will continue to 
abuse the IP space by committing fraud to obtain and continue to use them.

Honestly I fail to see why there's so much concern about ARIN enforcing an 
AUP or no-fraud clauses.  If you don't spam and don't host spammers or if 
you actually enforce an AUP and remove spammers I can't see why anyone 
would be against this.  I would think legit ISPs would welcome the change 
at the top.  It would given them yet another tool to remove spammers from 
their network. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20030218/bde8876b/attachment.htm>

More information about the ARIN-PPML mailing list