On Sun, 31 Jan 1999, Bernie Cosell wrote:
> Date: Sun, 31 Jan 1999 09:56:22 -0500
> From: Bernie Cosell <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: spam drop-boxes
>
> I hesitate to re-open (or continue) this heated and ultimately fruitless
> thread, but the recent mention about 'drop boxes' has gotten me a bit
> worried that perhaps the vigilantes really are going too far.
>
> I've reviewed the AUPs for about a dozen places (including the four ISPs
> I do business with), and I cannot find ONE that would have anything to
> say about it being improper to run a "drop box" (even if a customer were
> really doing that). As far as I can tell *receiving* email has never
> been an unacceptable practice, and particular email received is *NOT* the
> ISP's business.
well, nyx.net's TOS/AUP specifically prohbits the use of our service as a
drop box. We did that because of the nature of the service we run (which
is free net access with a required validation form needed for full access)
The way I do it is if I get a complaint (or complaints as the case has
been), then I start investigating. I had a situation recently where a
user was advertising a commercial website, posting from another site, yet
using a nyx.net account name as his return address.
After visiting Dejanews, and referencing the account to the information I
have in the user database, I determined this was in violation of our TOS.
I suspended the account and awaited his reply to my suspension.
He was reinstated after agreeing to comply with our TOS.
When a complaint is received at nyx, I for one, immediately investigate
any publically available resources first. I have _never_ monitored any
user's email, nor do I have a desire to.
I'll go to our news server and Dejanews (as news is my forte here) and
find the posts in question, then ask my user for the facts. If the
violation looks blatent enough (like a DOS attack or blatent spamming), I
will not hesitate to pull the account until I an find out what is going
on. But again, I do not and will not read a user's email. I generally
don't need to read someone's email to find out if abuse is going on.
> What if the ISP goes back to the vigilantes and just says "the customer
> denies it or won't even talk to me about it (claiming that who they
> receive email from is none of my business), and from what I can tell
> (from my system logs, etc) is causing no trouble at all to anyone. My
> system is secure and no UCE is being sent from it". It *might*be* that
> the customer is really a drop box for some third-party sending out UCE,
> but there's no way for the ISP to tell.
There are ways to tell without reading a customer's email. I won't go
into them here, but they do exist.
To address the main question: How do I as an ISP deal with addresses
mentioned in UCE? I typically will contact the user and advise of the
complaint. If user doesn't respond, I will suspend the account until they
do respond. (Note: Suspension is different than actually pulling the
acct) This usually gets results.
I do believe in innocent until proven guilty. I feel, though, that if a
user won't respond to my request, I have a right as an admin to take
action based on the facts I _do_ have.
-------------------------------------------------------------------------------
Terry E. Knab
News Administrator
Nyx Public Access Unix
