On Mon, 26 May 2003, Peter Deutsch wrote: > > > Valdis.Kletnieks@vt.edu wrote: > > > > On Mon, 26 May 2003 18:53:12 PDT, Peter Deutsch said: > > > > > The case we prosecuted turned out to be a small group of kids breaking > > > into compute hosts, but from what I was told I would think you should be > > > able to use the same provision against spam relayers, since the key > > > element was the unauthorized use of compute cycles, not what they did > > > with the cycles. > > > > IANAL by any means, but I suspect that the owner of an open relay would have > > a hard time demonstrating unauthorized use of cycles to relay mail *through > > an open relay*. Now if the spammer actively *bypassed* a security feature > > in order to relay the mail, that would be different, as it would indicate > > that they knew it was unauthorized... > > Exaxtly, so you don't leave it open. Then, the only folks who would be > using you as a relay would be a) folks you've authorized to do so. There are customers who are not on our IP address space who are authorized to use our relays. Thats why they are open. That's why all ISPs who operate open relays have them. SMTP AUTH just doesn't solve the problem, for a number of reasons. > By definition the folks who are doing so without your authorization, > would be breaking the law and we have an existance proof that this stuff > is quite traceable and quite prosecutable. Yes. That is correct. It is prosecutable whenever Type 1 or Type 2 abusers do this. But it is usually Type 3 abusers conducting the abuse, and Type 3 is difficult to identify without Law Enforcement powers. > As a bonus, the law they would be breaking isn't one that must, in the > U.S. context, stand up to arguments about it supressing free speech and > so on. And I have no trouble with this, since you have a right to say > what you want, but I have a right not to listen, nor am I responsible > for providing you with a soapbox and megaphone...