I'm just catching up on this list after the holidays, and am writing
somewhat belatedly to disagree with this part of the message (the rest
of the message was excellent):
Date: Fri, 3 Jan 1997 23:45:13 -0800 (PST)
From: Michael Dillon <michael@memra.com>
...
Barry, I agree with everyon on this list that this is NOT the place to be
discussing the problem. Please take this to the proper forum.
I'm on this list, and _I_ believe this is an appropriate place to
discuss this operational problem! It is primarily a problem of
inter-provider cooperation, and secondarily a problem of inter-ISP spam
policy. Both topics are appropriate for inter-network operations, and
thus, this list!
Moreover, it was very important to me to learn about this Sprint policy
of allowing spamming. I'm in the middle of writing the RFP evaluation
criteria for a fairly large network buy. In addition to the paragraphs
on accepting routes into its own address space for multihoming (which
disqualified Sprint earlier), I'll add some language that:
- the service provider must have a written and enforcable policy
prohibiting any of its customers from sending traffic with IP Source
addresses that are not normally received by the customer (termed
"IP address spoofing").
- the service provider must have a written and enforcable policy
prohibiting any of its customers from sending traffic with mail
"From:" addresses that are not normally received by the customer, or
that belong to another user (termed "mail spoofing").
- the service provider must have a written and enforcable policy
prohibiting any of its customers from sending any traffic to
recipients that have not requested the traffic -- including (but not
limited to) the sending of off-topic or unsolicited mail messages to
mailing list exploders, subsets of mailing list registrants, news
groups, and posters to news groups (termed "mail spamming"). The
requirement for a response to any such unsolicited message to prevent
future messages is unacceptable.
- the service provider must have the capability of isolating any
external network addresses and connections within 10 minutes of
notification about operational problems of its other customers and
network connections -- including (but not limited to) broadcast
flooding, connection flooding, routing loops, address spoofing, mail
spoofing, and mail spamming.
- The service provider will guarantee reimbursement of costs for each
minute (or fraction thereof) beyond the specified 10 minutes.
I believe these will disqualify Sprint, too.
Any additional language or clarification would be helpful. Thanks.
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2