On Sun, 14 Mar 2004, Yakov Shafranovich wrote:
> This is a human problem, not a technical one - the ISPs are unwilling in
> many cases to handle abuse reports seriously, or are unwilling to invest
> in any kind of infrastructure to detect abuse.
This isn't true. Certainly, it is not representative of the industry. Over
the years, I've submitted many reports of abuse of our relays to many
other ISPs, and only in a few cases have run into admins (but rarer still
ISPs) who were unwilling to help. In those few cases, the admins turned
out to be radical antispammers, who thought it was OK to abuse open
relays. Of course, when escalated beyond those admins, the ISP's felt
differently.
The only people that have ever refused to cooperate are anti-spammers. I
have run into admins who simply weren't competent to track the abuse and
needed help, but that is a rarity.
Also, the blacklists (SpamCop is a particularly egregious abuse of this)
alter the emails in their reports or do not include logs. Altered email
quite obviously cannot be accepted. Quite obviously, no one is going to
terminate a customer without any evidence. But that is exactly what
radicals demand. But they are also frequently the abusers.
For example, We've tracked open relay abuse to radical anti-spammers, and
in at least one case, the abuser turned out to be in the abuse department
of Verio, and was fired after repeated abuse. He claimed our relays were
free for him to abuse. His legal department thought differently. Indeed,
open relays provide no benefits to real spammers.
We have also tracked who was searching for open relays, and again found
only radical anti-spammers. I performed experiments by listing
non-production servers with various lists, and then logging the
connections to that IP. Connection rates skyrocketeed. Then "closing" and
getting them delisted. Connection rates dropped off. Blocking the open
relay sites greatly reduced the amount of abuse. But it seems that
interest in open relays has also dropped off. Until last week, we hadn't
had any abuse in a long time. So likely last week's abuse was also a group
of radicals anti-spammers mailbombing.
Mostly, its just the radical anti-spammers that perform abuse, and refuse
to accept complaints about abuse. It is the radicals that are causing the
problems, and they need to be dealt with--but there is no technical means
to deal with them. They need to be dealt with legal means.
Here is Bill Manning telling me he won't accept an abuse complaint
regarding SORBS and ISC because he doesn't have a contract with us to do
so. Most other ISPs accept abuse complaints. We had previously shown Mr.
Manning a traceroute to SORBS which showed an address was allocated to ISC
by EP.NET, for which Bill Manning is the contact, and a bounced message to
abuse@xxxxxxxx Paul Vixie is President of ISC.ORG. (the hypocrisy of this
situation should be self-evident)
========================================
Date: Wed, 14 Jan 2004 12:21:08 -0800 (PST)
From: bill <bmanning@xxxxxxxxxxx>
To: Dean Anderson <dean@xxxxxxx>
Cc: bill <bmanning@xxxxxxxxxxx>
Subject: Re: Complaint regarding www.sorbs.net (204.152.186.189) (fwd)
> This was too cryptic to parse. Do you mean the mail does not bounce when
> you forwarded this to abuse@xxxxxxx?
I have no reason to act as your relay agent. We have no
agreement in place for me to act in this manner.
>
> Do you mean that you don't think the following activities (from XO's AUP)
> violate your AUP?
>
> * Is unlawful, threatening, abusive, harassing, libelous,
> defamatory, obscene, deceptive, fraudulent, invasive of another's
> privacy, tortious, indecent, pornographic or inaccurate
>
> * Victimizes, harasses, degrades, or intimidates an individual or
> group of individuals on the basis of religion, gender, sexual
> orientation, race, ethnicity, age, disability or any other reason
>
> Or something else?
>
> I would also draw your attention that Vixie, in the guise of MAPS has
> previously been found to conduct just such activity in Exactis V MAPS,
> and was forced to stop.
>
> If you have an AUP, could you forward it to me?
Our AUP applies to our customers and is available to them.
>
> Thanks,
>
> --Dean
========================================