Paul Gracy wrote:
>
> I gotta tell ya, the law seems a bit overboard.
The real problem is being able to prove that a specific individual is
behind it. I've already talked to one judge about the law and he is
ready to throw the book at anyone brought to his court under the law
if it can be proved that they are the culprit.
> Also shows a complete lack
> of understanding of how the Internet works (concepts: shared resources,
> learn by doing,
Are you suggesting you have to break into systems to learn about
computing?
> open mail relays are by definition available for public use,
^^^
You mispelled "were". Open relays are no longer necessary for normal
delivery of e-mail. It would be nice if you could run an open relay
for the use of your own customers without having to worry about spammers
hijacking the relay to send junk mail.
> world readable directories and open source, anonymous ftp, etc.) Also,
> there is a concept (though now seen by some as too conservative - whiners)
> in Anglo - American jurisprudence that if there is no harm, then how could a
> crime have been committed?
What concept is this? Around here, they prosecute people all the time for
crimes in which there is no harm. In 1997, they arrested and charged a
student in Texas for using a university computer to develop a web page for
an outside company. I personally consider that a whole lot less menacing
than people trying to break into computers.
> Also, if your system is configured properly, it
> shouldn't cost thousands of dollars to investigate a break-in or break-in
> attempt, you should get it in your email inbox in the morning.
If it only takes $5 worth of time to make sure they didn't get in,
that's enough damages to move it from a Class B Misdemeanor to the
Class A Misdemeanor. Also, all they have to do is delete one file
and it is no longer a Class B Misdemeanor.
> Why should a
> computer user who played with your open relay (seen by some as a putting a
> swing in the front yard right next to the busy sidewalk without a fence or a
> sign) be punished because your incompetence meant that it took you $5000 to
> figure out what happened?
But if someone uses an open relay to send junk mail to thousands of people,
damages will nearly always occur. The damages include
1) any denial of service to the owners and legitimate users of the
machine
2) the value of time by the owners to deal with the resulting complaints,
threats, mail bombings, ... .
3) the value of the service itself
4) the costs incurred as a result of e-mail being blocked as a result
of the spam run
5) for an ISP, the potential loss of customers switching to other service
providers because their e-mail cannot be delivered to some sites.
Thus, using an open relay without proper authorization to send junk mail is
at least a Class A Misdemeanor, probably a State Jail Felony, and potentially
a Category Three (or higher) Felony. Hijacking relays is a criminal act and
I'd love to see the spammers who do that go to prison as a result.
To be perfectly honest, I'm not worried about someone using an open relay
to send e-mail to their Aunt Sadie. The big problem is determining whether
the relay was from a spammer, a relay test by the anti-relay contingent,
or a simple misconfiguration by an individual.
What would really be nice is if we could explicitly withdraw any and all
permission from spammers to access your SMTP server to send spam to accounts
on that machine. That would make the act of spamming anyone using that
server at least a Class A Misdemeanor since the spammer would receive a
benefit as a result of delivery of the spam. (Felony would be better so
we could extradite.)
Eric Johnson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
