Greets again all,
I noticed something kind of interesting when I made my last post to
NANOG. I can understand people wanting to do spam checking, but IMHO
this is a bit excessive and inconsiderate.
I'm guessing njabl.org is doing this to everyone who posts to the list,
so I thought others might want to know about it in case they have not
noticed it in their own logs. BTW, if you are curious about the
"spammers_waste_oxygen" portion, that was grabbed off my SMTP banner.
Cheers,
C
Chris Brenton wrote:
Greets again all,
I noticed something kind of interesting when I made my last post to
NANOG. I can understand people wanting to do spam checking, but IMHO
this is a bit excessive and inconsiderate.I'm guessing njabl.org is doing this to everyone who posts to the list,
so I thought others might want to know about it in case they have not
noticed it in their own logs. BTW, if you are curious about the
"spammers_waste_oxygen" portion, that was grabbed off my SMTP banner.
Yep, and see below.
***********************************************
Dec 22 08:21:50 mailgate sendmail[492]: hBMDLnHS000492:
before-reporting-as-abuse-please-see-www.njabl.org [209.208.0.15] did
not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 22 08:21:50 mailgate sendmail[495]: hBMDLoHS000495:
ruleset=check_rcpt, arg1=<relaytest@rr.njabl.org>, relay=rt.njabl.org
[209.208.0.15], reject=550 5.7.1 <relaytest@rr.njabl.org>... Relaying
Um, welcome to the world of spam nazis. I hate spammers. I loathe and
despise them. I hate njabl even more. The last time I called their ISP to
complain, I was assured that I must have done something to deserve the
aggressive testing. Well, nope, I didn't, and I don't. They just did it
again, and by "it", I mean that they hit every machine in my little
netblock (I suppose the last post to nanog did it). If they were just
picking on the machine I posted from, it'd annoy me, but I'd get over it.
Why they feel the need to abuse machines that I've NEVER sent email from,
to anywhere, is beyond me.
Sure, I recognize that I'm in a block frequented by clueless wonders (i.e.
DSL), but it isn't dynamic, I've had it for a while now, and it's never
been implicated during the time I've had it. In addition, I think that a
post to nanog should not get such treatment. Isn't it bad enough that
posting to the Full Disclosure mailing list has added to my spam level by a
thousand percent? Sigh.
Um, welcome to the world of spam nazis.
I've seen returning MX queries and even source address validation, but
never anything this excessive up till now. IMHO its hard to tell if they
are looking for spam relays to reduce spam, or because they are looking
to generate some spam themselves. 
I hate spammers. I loathe and
despise them. I hate njabl even more.
Agreed. My spam is _my_ problem and fixing it should not include making
it everyone else's problem. Forget whether its legal, its pretty
inconsiderate as many environments flag this stuff as malicious so it
triggers alerts.
The last time I called their ISP to
complain, I was assured that I must have done something to deserve the
aggressive testing.
As a follow up, it also looks like they did a pretty aggressive port
scan of my system. Not sure how checking Telnet, X-Windows or RADIUS
will tell them if I'm a spammer, but what ever.
Well, nope, I didn't, and I don't. They just did it
again, and by "it", I mean that they hit every machine in my little
netblock
I've tweaked my perimeter to return host-unreachables to all packets
originating from their network (rate limited of course). If that stops
them from accepting me mail, oh well I'll survive.
Thanks for the confirmation,
C
This is not the only list where this is occurring. It has been happening on
the spamtools list, as well. We've now dropped them at the firewall. No
loss to us.
Robin Lynn Frank wrote:
This is not the only list where this is occurring. It has been happening on the spamtools list, as well. We've now dropped them at the firewall. No loss to us.
It's worth commenting:
Triggering relay testing can occur in a number of different ways.
Some simply scan all IPs.
Some scan particular ranges.
Some scan an IP when they receive email from it. RR and AOL do this amongst biggies.
Some scan an IP when they receive suspicious/spam email from a given IP. We've done this from time to time. MANY other sites do this.
Many consider scanning to be abusive in and of itself, however, there is a considerable amount of agreement that "scanning with email in hand", or, more stringently, "scanning with spam in hand" is perfectly justified, as in "sending me email gives implicit permission to check that you're secure", or, "sending me spam gives permission to check that you're secure" respectively.
[Some people say "if they've sent you spam, why test? Simply blacklist!". Which is silly, because you end up blacklisting everyone sooner or later. By testing and not listing on a negative result, you have less chance of blocking a legitimate site.]
As another dimension, some people prefer to do very aggressive scanning - they'll test every combination of "tricks" that has been known to bypass anti-relay. Others try to avoid "tricks" that are likely to cause grief to the testee (eg: avoiding double bounces).
Don't assume that the testers are specifically targeting mailing lists. Chances are that a NJABL person is on the lists, and is doing a "test if email or spam in hand".
[I don't know what NJABL's testing criteria are.]
In the scheme of things, such testing is relatively minor, even of the "obnoxious bounce to postmaster" variety. Tune your alarm system to ignore them. If you consider a dozen or two relay tests to be "extreme", I'd hate to think of what you'd think of _some_ other forms of vulnerability testing...
By blackholing the tester, you run a _significant_ risk of getting blacklisted, even if you don't relay or proxy. Some blacklists do that. [I don't think NJABL does, but others do.] Secondly, some of them use highly distributed testing. Like SORBS. You'll never get them all.
The spamming problem really has gotten so bad that many reputable organizations feel they have no choice do test. It's a sign of the times. It's best to not get bent out of shape over it and adjust your processes to suit.
NJABL is reasonably well regarded. It's best not to play games with it, otherwise, you may end up getting blocked by all of its users. We're not using NJABL, but it is one of the ones we'd consider if some of our current ones went down. Some medium to large sites _do_ use it.
And don't expect a "we want to be blocked so we can discourage the use of blacklists" attitude to work anymore. From us, at best you'd get a whitelist entry. The spamming problem really _is_ that bad.
> I hate spammers. I loathe and
> despise them. I hate njabl even more.Agreed. My spam is _my_ problem and fixing it should not include making
it everyone else's problem. Forget whether its legal, its pretty
inconsiderate as many environments flag this stuff as malicious so it
triggers alerts.
Hmm...actually, YOUR spam is MY problem. That's how this works.
I applaud njabl.
If you have open relays, proxies, or whatnot, I want to know about it, so
I can reject all mail from you. If we have a single entitity that does all
this scanning, we as individual entities do not need to scan ourselves.
Therefore, njabl is REDUCING the number of people scanning your netblocks
for proxies. If they didn't do it for me, I'd be doing it myself, along
with numerous other networks.
As a follow up, it also looks like they did a pretty aggressive port
scan of my system. Not sure how checking Telnet, X-Windows or RADIUS
will tell them if I'm a spammer, but what ever.
proxies, proxies, proxies. But like you say, "whatever". It's not like you
would have noticed if you didn't obsessively scan your logfiles or have an
IDS.
> Well, nope, I didn't, and I don't. They just did it
> again, and by "it", I mean that they hit every machine in my little
> netblockI've tweaked my perimeter to return host-unreachables to all packets
originating from their network (rate limited of course). If that stops
them from accepting me mail, oh well I'll survive.
In the old days, when Abovenet and ORBS (I think, could be wrong, been
awhile) got into it, and ORBS (or whoever) blacklisted Abovenet's IP space
because they were firewalled, that was simply petty and stupid.
NJABL will not list you for preventing them from scanning your servers.
Is Jon aggressive? Yes. Is he a dickhead? No.
Andy
> Agreed. My spam is _my_ problem and fixing it should not include making
> it everyone else's problem. Forget whether its legal, its pretty
> inconsiderate as many environments flag this stuff as malicious so it
> triggers alerts.Hmm...actually, YOUR spam is MY problem.
That's how this works.
Except its broken because the message in question was not spam. It was a
technical post to the NANOG mailing list that triggered the 100+ port
scan, as well as about 15 different variations attempting to relay
e-mail through my sever. Am I missing the Viagra ad that gets tacked to
the end of all NANOG posts?
I applaud njabl.
I guess I don't. I can *totally* understand wanting to control the
amount of spam that an environment receives. I obviously deal with this
problem as well. I guess in my mind however I feel like the cost/burden
of dealing with that spam should be my responsibility, and I should not
expect legitimate organizations that are not part of the problem to
incur a financial impact due to my efforts.
For example their scans and probes would easily trigger an alert in most
environments (they did in mine and I'm by no means high security). This
means that a security analyst now has to check out the traces and see if
its a real attack. Then a decision has to be made as to how to deal with
it, which may well require (depending on policy) multiple resources. So
I end up spending money so njabl can try and reduce the amount of spam
they receive. Oh joy, oh rapture.
Also, I don't see this as a totally effective solution. This works if
the spam comes through an open relay, but fails if it does not. That
means you need some other layer of checking to deal with the non-relay
spam. Something like Spamassassin for example. Of course Spamassassin
can also easily deal with the open relay spam as well, without requiring
an obtrusive check back system.
Finally, I used to blacklist known spammer's IP addresses as well, but
stopped after I crunched some numbers. When you blacklist the spammers
IP, they don't give up and remove your address, they just keep trying.
The bandwidth lost to the retries (on average) is greater than the
bandwidth used to transmit the actual spam. So blocking spam saves you
some temporary disk space, but increase network utilization.
If you have open relays, proxies, or whatnot, I want to know about it, so
I can reject all mail from you.
Again, except I don't. If I transmit spam, I should expect to be poked
and probed. When one receives an unprovoked probe/attack like this, the
target is going to assume the source is hostile. Its not till you spend
time looking into it (in other words, burn $$$ on resources) that you
figure out that someone actually considers this pattern to be "a
feature".
If we have a single entitity that does all
this scanning, we as individual entities do not need to scan ourselves.
This is going to sound really snippy, but who died and made then
god/goddess of the Internet? Where is the document trail empowering them
to be spam cops of the Internet with absolute authority to probe who
ever they see fit?
Also, it does not quite work out that they are the only ones doing it
(see earlier thread on AOL). They just seem to be more aggressive than
most.
Therefore, njabl is REDUCING the number of people scanning your netblocks
for proxies. If they didn't do it for me, I'd be doing it myself, along
with numerous other networks.
I guess we can "agree to disagree" here as I'm not a "ends justifies the
means" type of person. I want to reduce the amount of spam I receive as
well, and certainly would not mind making the spammer's lives a bit more
difficult. I don't want to do that however at the cost of
annoying/sucking money out of legitimate Internet users.
> As a follow up, it also looks like they did a pretty aggressive port
> scan of my system. Not sure how checking Telnet, X-Windows or RADIUS
> will tell them if I'm a spammer, but what ever.proxies, proxies, proxies.
Humm. This is something I have not run into before. Can you supply a URL
that explains how to relay mail though a Telnet or RADIUS server?
But like you say, "whatever". It's not like you
would have noticed if you didn't obsessively scan your logfiles or have an
IDS.
LOL! I see, this is my fault because I actually take steps to secure my
environment.
Thanks for the chuckle,
C
Speaking as and for SORBS (another hated and loved antispam bl)..
Chris Lewis wrote:
It's worth commenting:
Triggering relay testing can occur in a number of different ways.
Some simply scan all IPs.
I consider this abuse and don't do it.
Some scan particular ranges.
Same as above
Some scan an IP when they receive email from it. RR and AOL do this amongst biggies.
This is what SORBS started doing - now the volume is so high, and the number of ports to check (and ways to check them) are so large I cannot do it.
Some scan an IP when they receive suspicious/spam email from a given IP. We've done this from time to time. MANY other sites do this.
This is what SORBS does now. If we receive a mail to a SORBS feeder server with a spam assassin score of 5 or more, we automatically scan the host for proxies and relays.
Many consider scanning to be abusive in and of itself, however, there is a considerable amount of agreement that "scanning with email in hand", or, more stringently, "scanning with spam in hand" is perfectly justified, as in "sending me email gives implicit permission to check that you're secure", or, "sending me spam gives permission to check that you're secure" respectively.
[Some people say "if they've sent you spam, why test? Simply blacklist!". Which is silly, because you end up blacklisting everyone sooner or later. By testing and not listing on a negative result, you have less chance of blocking a legitimate site.]
SORBS scans after listing with 'spam in hand' for a number of reasons....
1/ Not everyone uses the spam DB for blocking (eg: I use it for weighting at the ISP I run - I use it for blocking on my home mail)
2/ People listed will demand delisting immediately regardless (they don't care - it's their "right to send email"), and if they have an open proxy/relay, telling them to fix that first is the best way of stopping future spam.
3/ Proxy and relay scanning takes on average 2 hours per host (purely because we don't want to crash it, or the testers for that matter). SORBS updates ever 20 minutes.
As another dimension, some people prefer to do very aggressive scanning - they'll test every combination of "tricks" that has been known to bypass anti-relay. Others try to avoid "tricks" that are likely to cause grief to the testee (eg: avoiding double bounces).
We do 19 relay tests, and we perform them twice 2 sets of to and from data. Some of our tests cause bounces - we do try to avoid upsetting people, but the 'from postmaster@domain' test is an important one, so we do use it. The test message does include a details description of what it is and who to contact if there is a problem though.
In the scheme of things, such testing is relatively minor, even of the "obnoxious bounce to postmaster" variety. Tune your alarm system to ignore them. If you consider a dozen or two relay tests to be "extreme", I'd hate to think of what you'd think of _some_ other forms of vulnerability testing...
wait till he triggers SORBS - it starts with a full port scan... :-/
By blackholing the tester, you run a _significant_ risk of getting blacklisted, even if you don't relay or proxy. Some blacklists do that. [I don't think NJABL does, but others do.] Secondly, some of them use highly distributed testing. Like SORBS. You'll never get them all.
That's right an if SORBS detects firewalling to avoid open-relay detection you get listed as a test blocker in the system, and should you get listed for spam, you will find it near on impossible to get out (even if it was one of your users) - just because you are considered to be someone 'hiding something'.
SORBS makes a point of being up front and port scanning uses no stealth features of nmap. It also doesn't do stealth testing.
The spamming problem really has gotten so bad that many reputable organizations feel they have no choice do test. It's a sign of the times. It's best to not get bent out of shape over it and adjust your processes to suit.
NJABL is reasonably well regarded. It's best not to play games with it, otherwise, you may end up getting blocked by all of its users. We're not using NJABL, but it is one of the ones we'd consider if some of our current ones went down. Some medium to large sites _do_ use it.
And don't expect a "we want to be blocked so we can discourage the use of blacklists" attitude to work anymore. From us, at best you'd get a whitelist entry. The spamming problem really _is_ that bad.
...and I'll be a very happy man the day I shut down SORBS because spam is no longer an issue. I might get a life then.
/ Mat
* cbrenton@chrisbrenton.org (Chris Brenton) [Mon 22 Dec 2003, 21:07 CET]:
[proxies]
Humm. This is something I have not run into before. Can you supply a URL
that explains how to relay mail though a Telnet or RADIUS server?
Older versions of WinGate used to run a listener service on port 23
that would take a hostname and a port as input and connect to that.
Real easy to abuse, and also to DoS itself - let it connect to
localhost:23 a bunch of times and eventually Windows would run out
of clean winsocks, thus solving the problem for a little while.
-- Niels.
> If we have a single entitity that does all
> this scanning, we as individual entities do not need to scan ourselves.This is going to sound really snippy, but who died and made then
god/goddess of the Internet? Where is the document trail empowering them
to be spam cops of the Internet with absolute authority to probe who
ever they see fit?
This is a can of worms with no answer. Who gives authority to IANA for
that matter?
We're dealing with protocols, not laws. If you don't like X persons
traffic, you have 100% authority to filter it. That's the sole authority
on the internet.
You'd be hard pressed to frame what NJABL does in terms of "abuse",
because of the intent, and because of the actual bit volume involved.
Since you can't call it abuse, NJABL's upstream has no reason to swing the
abuse hammer. (We all know it's hard enough to get many networks to swing
any sort of hammer at all, even for significantly more egregious
behavior.)
Since you can't convince their upstream to swing the abuse hammer, you
have two options:
1) Filter the traffic
2) Not filter the traffic
For the simple reason that there IS no central authority on the internet
who CAN decide what flys and what doesn't, grumbling on a mailing list is
about as far as one can go in response.
Humm. This is something I have not run into before. Can you supply a URL
that explains how to relay mail though a Telnet or RADIUS server?
No, but I can supply a URL that explains how to change the port that proxy
servers bind to. I don't think you actually need that, though.
You really think people who professionally hack servers and setup spam
relay proxies put them on the standard ports?
LOL! I see, this is my fault because I actually take steps to secure my
environment.
No, but it is your fault for overreacting to your IDS.
Security doesn't require an IDS. An IDS merely tells you who's checking
your doorknobs to see if they're locked. If you do a good enough job
keeping your doors locked, an IDS is little more than a touchy doorbell at
3 AM, being tripped by the wind.
Andy
Then you've never been on receiving end of their (and their ilk)
viligantine "justice" for no reason other than being in the same block of
addresses as some hacked windoze host (NOT on your network, mind you) and
using business-grade DSL.
I wish you have an opportunity to try that being YOUR problem, _then_
we'll hear your opinion on spam nazi.
Oh, and I usually get it fixed by forcing postmasters on receiving end to
stop using offending lists, sometimes by forging "spam" from them (yes,
Virginia, the one-way TCP hack works) - when it's for some reason
important to me to communicate with their customer, and the a*le running
the mailserver is immune to reason.
--vadim
> Hmm...actually, YOUR spam is MY problem. That's how this works.
>
> I applaud njabl.Then you've never been on receiving end of their (and their ilk)
viligantine "justice" for no reason other than being in the same block of
addresses as some hacked windoze host (NOT on your network, mind you) and
using business-grade DSL.
Oh, sure have. Spews has listed an entire /19 of ours before, merely
because of a multi-stage relay (customer had an open relay configured to
dump everything to our mailserver).
NJABL isn't Spews. To my knowledge, NJABL doesn't write off entire
subnets...thus the need for scanning so many IPs.
It's possible you were grouped in with dynamic IP DSL...but from the
njabl.org website: http://www.njabl.org/listing.html
"2. If an IP is listed because we think it's in a dial-up range, show us
that it not. If it really is a dial-up, it'll most likely remain in the
list, but we may add non-dial-up range IP's to the list thinking they are
dial-up range IP's. In these cases, we'll be happy to correct the error."
I wish you have an opportunity to try that being YOUR problem, _then_
we'll hear your opinion on spam nazi.
Having used NJABL for well over a year, the collateral damage is almost
nil.
I'm well aware of the issues involved. I still think proactive scanning is
better than reactive scanning. I'm also completely aware that others will
disagree with that sentiment. It's not really something that's worth our
time debating, we may as well debate abortion. You're either offended that
somebody is probing your systems or you aren't. No amount of conjecture is
going to change an opinion on this issue. But I felt somebody needed to
stick up for them, lest people think there is some sort of consensus.
Andy
> This is going to sound really snippy, but who died and made then
> god/goddess of the Internet? Where is the document trail empowering them
> to be spam cops of the Internet with absolute authority to probe who
> ever they see fit?This is a can of worms with no answer. Who gives authority to IANA for
that matter?
That was my point. I was responding to someone that was implying that
njabl was doing this for the benefit of everyone and thus had some
authority to do so. Obviously that's not the case.
> Humm. This is something I have not run into before. Can you supply a URL
> that explains how to relay mail though a Telnet or RADIUS server?No, but I can supply a URL that explains how to change the port that proxy
servers bind to. I don't think you actually need that, though.You really think people who professionally hack servers and setup spam
relay proxies put them on the standard ports?
Again, this was my point. Finding out if I have an exposed RADIUS server
is not really evidence that I'm running an open SMTP proxy. So where
does it stop? Scanning all 65K ports? Full OS fingerprinting to shun the
most compromised OS's? Maybe we insist on being provided with root
access to verify the box as being clean before we accept their e-mail?
This slope can get pretty scary.
> LOL! I see, this is my fault because I actually take steps to secure my
> environment.No, but it is your fault for overreacting to your IDS.
I honestly don't think I over reacted. My original post labeled the
traffic as simply "interesting" and I stated I was posting it in case
others were interested and had not noticed it in their logs. No call to
arms, flames, or rants for wide spread blacklisting, just an FYI in case
others found the info useful.
Security doesn't require an IDS. An IDS merely tells you who's checking
your doorknobs to see if they're locked. If you do a good enough job
keeping your doors locked, an IDS is little more than a touchy doorbell at
3 AM, being tripped by the wind.
An IDS is more like an empty box. One person may look at it and see a
simple storage device. Show it to a 5 year old however and it becomes a
boat, a plane, a car, a castle, etc. etc. etc. I mentioned in another
thread that I've caught plenty of 0-day stuff with my IDS. In other
words, stuff that had no known signatures or patches. Its also helped me
out in a fair amount of troubleshooting. Its all a matter of being
inventive and knowing what to look for. If you perceive your IDS to be
"little more than a touchy doorbell", I would highly recommend attending
SANS IDS training. It'll open your mind and show you a wealth of other
possibilities.
Regards,
Chris
Andy Dills writes on 12/22/2003 7:33 PM:
Oh, sure have. Spews has listed an entire /19 of ours before, merely
because of a multi-stage relay (customer had an open relay configured to
dump everything to our mailserver).
As far as I have seen, that is not the typical reason for a spews nom.
Spews seems to target a fairly similar crowd to what (say) the SBL targets, but uses a rather wider brush.
To forestall further discussion on this, I'd suggest reading Blacklists, Blocklists, DNSBL's, and survival: How to survive as a non-combatant in the Spam Wars. - especially http://www.scconsult.com/bill/dnsblhelp.html\#4\-20
srs
Chris - please see if you can find out if it *was* your message. A few weeks
ago, I posted a note to NANOG, and somebody on the list is infected with malware
that took the From/To/CC list and stuck them onto a spam for "enhancement
pills". In near real-time no less - the site that caught it had its "your note has
been quarantined" notice to me some 8 minutes after I hit 'send'. When they
fished it out of quarantine, it did indeed have my NANOG headers joe-job glued
onto the spam.
AMEN Mat !!!
These damned spammers sending out junk to foul up bayesian filtering is getting to be too much. Not to mention the latest tactic is to sneak IRCbots onto victim's PC's and voila!! Open Proxy.
As long as there is a piece of crap operating system like windblows out there that bots and worms can easily compromise, then netblock port scans and detections of proxies will be a necessary evil of the internet.
I for one, if one of my luser subscribers is discovered with a proxy or IRCbot running then I for one would like to know about it.
Folks, let's end this thread, maybe move it to a more appropriate list:
http://www.claws-and-paws.com/spam-l/spam-l.html -- spam-l list for
spam prevention and discussion
http://www.abuse.net/spamtools.html -- spam tools list for software
tools that detect spam
net.admin.net-abuse.email | net.admin.net-abuse.usenet -- usenet lists
Thanks.
i promised sue that i would stay out of spam-related discussions, but
as usual there's a thing which i can't let pass.
...
You'd be hard pressed to frame what NJABL does in terms of "abuse",
because of the intent, and because of the actual bit volume involved.
intent does not, and cannot, matter. when an isp hears a complain about
spam, and seeks explaination from their spamming customer, an answer of
the form "we have only the best of intentions", then the result still has
to be service disconnection.
volume cannot matter, either. a received datum either is or isn't abusive
regardless of how large it was or how often it was received by a specific
complainer. otherwise "this is a one-time mailing" is legitimate. i am
astonished at the lack of forethought being displayed here.
quoting from "Sendmail: Theory and Practice", 2nd Ed, Digital Press, 2002:
The standard for ``spamness'' which most embodies this prin-
ciple was found at ERS - Home Page | Trend Micro Service Central and
is reproduced here:STANDARD:
An electronic message is ``spam'' IF: (1) the recip-
ient's personal identity and context are irrelevant
because the message is equally applicable to many
other potential recipients; AND (2) the recipient
has not verifiably granted deliberate, explicit, and
still-revocable permission for it to be sent; AND
(3) the transmission and reception of the message
appears to the recipient to give a disproportionate
benefit to the sender.DISCUSSION:
(i) Trivial or mechanised personalization such as
``Dear Mr. Jones, we see that you are the holder of
the JONES.COM domain'' does not make the personal
identity of the recipient relevant in any way.(ii) Failing to click the ``do not send me marketing
literature by e-mail'' button in a web sign-up form
does not convey explicit permission. Only when the
default result is ``no followup e-mail'' AND the in-
box impact is clearly stated before any action which
changes this result, can permission of this kind be
conveyed.(iii) The appearance of disproportionate benefit to
the sender, and the relevancy of the recipient's
specific personal identity, are authoritatively de-
termined by the recipient, and is not subject to ar-
gument or reinterpretation by the sender.(iv) Non-personal e-mail always places a dispropor-
tionate cost burden on the recipient, and is consid-
ered to disproportionately benefit the sender unless
it was verifiably solicited or by the recipient's
willing exception.(v) A message need not be offensive or commercial in
order to fit the definition of ``spam.'' Content is
irrelevent except to the extent necessary to deter-
mine personal applicability, consent, and benefit.We've heard of arguments that such a standard places
too much power in the hands of recipients. In our view,
recipients are paying the majority of the cost of e-mail
transport, and thus ought to have the strongest voice in
what's sent (or not) to them. Besides which, such an argu-
ment presumes that there's a piece of mail that a sender
isn't certain was solicited. Our advice is: don't send it
then!.
(note, i coauthored both the book and the referenced website.)
Therefore, in accordance with your logic, if I have a "spam in hand", and
I probe your servers to determine if you're an open relay, I'm myself
spamming, and that is network abuse, and my ISP should disconnect me.
So intent doesn't matter, huh?
Andy
andy,
> > You'd be hard pressed to frame what NJABL does in terms of "abuse",
> > because of the intent, and because of the actual bit volume involved.
>
> intent does not, and cannot, matter. when an isp hears a complain about
> spam, and seeks explaination from their spamming customer, an answer of
> the form "we have only the best of intentions", then the result still
has
> to be service disconnection.
Therefore, in accordance with your logic, if I have a "spam in hand", and
I probe your servers to determine if you're an open relay, I'm myself
spamming, and that is network abuse, and my ISP should disconnect me.So intent doesn't matter, huh?
if i parsed paul's post correctly, that is exactly what he is saying. i
agree. his logic and the statement you consider ridiculous make perfect
sense to me.
i have *not* given anyone permission to scan my boxes by sending out mail.
trying to somehow justify around this is conjecture - a conjecture that, in
my mind, is equivalent to the argument that people have given permission to
be mailed (and spammed) by putting their address on a website.
njabl is welcome to scan me and i, in turn, am free to drop their traffic at
my edge. i do the same to a multitude of abusive sources every day.
paul