Jack, I don't disagree with a word that you said.
I also would like to see spam stopped. I just disagree with the method being used to attack the problem. If you wish to find and shut down the originator of the spam, great. But if you take the terrorist approach of shutting down every site on a server because of one bad egg, that's not so great. Yet it is what is done. I agree with what you say, but what you say does not justify shutting complete servers and harming those that did not commit the sin of spamming. ----- Original Message ----- From: "Jack Broughton" <[EMAIL PROTECTED]> To: "Kris Benson" <[EMAIL PROTECTED]> Cc: "opensrs discuss" <[EMAIL PROTECTED]> Sent: Wednesday, January 30, 2002 3:21 PM Subject: Re: Spamming > I decided to snip out all the previous text because I'm sure everyone's read the > previous postings to this and there'll be lots more to follow I'm sure. > > I really Richard from Powerhouse must be living in some sort of bubble. As an ISP > we have seen in very real terms the extreme costs of spam (which we really should > be referring to as UCE or Unsolicited Commercial Email out of respect for the good > folks at Hormel). > > There seems to be an assumption here that "spammers" use there own net connections > through mail servers they pay for to propagate their message. I suggest that in > the lion's share of instances this is not the case. If they were truly being > above board they'd list the desired response email address as the originating > email. 99.9% of them come from free mail hosts as their sender address with their > mail headers revealing something very different. They hunt the net relentlessly > for mail servers setup with open relays or anonymous FTP sites that have PHP > enabled on them. I'm not sure how some of the mail scripts were written but I defy > anyone at the mere mortal class to discern that the originating mail server wasn't > the one with the relay enabled. > > Regardless of that I have seen businesses even as large as hospitals have their > Internet connections (and sometimes LANs) shut right down because their mail > servers are pegged. Even when the problem is found and stopped there is days of > bounced email from all the invalid email addresses that have to be dealt with. In > some cases the Unix servers run out of swap space and die an ugly death and have > to be rebuilt. There there is the cost to the ISPs reputation because all of the > users (who are not in the know) blame the ISP for their pathetic Internet > performance while this is going on. I know of businesses that had people sitting > on their hands because the nature of their job was that they couldn't work if > their net connection is down. Often businesses only find these single points of > failure after it happens. > > Then there's the cost to the ISP when their clients accuse them of having problems > when it turns out the client's internal network is the source. Usually, because > the clients don't have the technical expertise we have to troubleshoot the issue > and then charge them for it afterwards when it turns out to be their problem. > This often creates some misdirected ill will. > > I just went and chose a spam email at random and looked at the header. It appears > to have orginated from a mailserver at Ed-Soft.com. Given what the content of the > email was about and the type of business Ed-Soft does I know that this was done > without their knowledge from a server they have running IIS 5. > > It appears that the only abuse of open relays is spammers which pretty much proves > that if they were of the feeling that UCE was a legitimate business practice they > would use their own resources to do it rather than leverage unprotected mail > servers. > > I'm a little disappointed that William X Waslh feels that the cost angle is the > least valid argument against UCE. I think that cost to ISPs to provision for > bandwidth it consumes, the NSPs that have to pass it through and the mail servers > and other hardware that have to deal with it is very real. We can look at the > volume of mail that we block to show what the cost savings would be by banning > spam. > > I get this feeling that there is an impression out there that if an ISP buys an > OC3 that is on average 65% utilized then pumping spam, viruses or other > undesirables through it that push it to 85% is essentially at no cost because that > bandwidth was unused but paid for. All ISPs have to work on a bandwidth used is > bandwidth paid for business model. They can't in good conscience go after new > clients if they know their capacity is all consumed. Just because a farmer owns > 100 acres of land and only farms 50 doesn't mean he'll let you farm the other 50 > for nothing. There's overhead like taxes etc. that still have to be paid > regardless of whether its farmed or not. Same is true of one's Internet > connection. > > I would consider the cause of pro-spammers as more credible if they spent their > own money to facilitate it. In that they generally want a no-cost path beaten to > their door (which incurs real costs to those they build a road across) I have no > sympathy for them at all. > > I certainly group Spammers in with those who distribute spy/adware, viruses and > denial of service attacks and feel they should be dealt with in the same ruthless > fashion. On a personal note having to read my daughter's email before she does > because it contains spam about everything from penis enlargement to free money > from Nigeria to time shares in Florida really makes my blood boil. > > I could say more but I think I've said enough. > > Jack Broughton > CanTech Solutions >
