Those of you who operate ISPs that accept credit-card, dial-up
customers (and therefore have a problem with spammers abusing your
services) might find this item of interest.
Earthlink's Acceptable Use Policy has a $200 penalty for spamming
in it. I am told that with the advent of this policy, there was a
dramatic drop in abuse of their service.
2.3.1.3. Member specifically agrees that he/she/it will
not utilize the EarthLink Network service, EarthLink
Network's equipment or any EarthLink Network electronic
mail address in connection with the transmission of the
same or substantially similar unsolicited message to 50 or
more recipients or 15 or more newsgroups in a single day.
For each day upon which this provision is violated, Member
agrees to pay EarthLink Network $10.00 per day for an
unintentional violation of this provision, but where
warranted, such as in the case of an accidental transmission,
EarthLink Network may waive all or part of the applicable
charge. In cases of willful violations of this provision,
Member agrees to pay EarthLink Network $200.00 per day.
EarthLink Network at its sole discretion shall determine
whether such a violation was unintentional or willful.
Payment by member under this provision shall not prevent
EarthLink Network from seeking to obtain other legal remedies
against member, including other damages or an injunction.
So, set the agreement up right, find the spammers abusing your
service, and whack them with a fine, per the agreement. Recover
your cost, plus lost goodwill.
This will not eradicate spam. However, if everyone does this, the
effect should be to sharply curtail the penny-ante players who
abuse the relative anonymity of dial-up Internet access. We would
be left with the "big" spammers who have their own connections,
which should be easier to effectively deal with.
My bucks worth. The *real* issue is that spam steals bandwidth by using
more
than an "average" users worth of bandwidth. Postal systems the world
over
have a simple solution, one must buy a stamp first. I am not advocating
an
email "pay before you use policy", however if one were to look at the
number
of out-going messages that a "typical" email user generates on any given
day
it likely on the order of <100. Given this, if everyone's AUP stated
that unless
negotiated by said user and ISP previously, that all out-going email
exceeding
<some number> would be subject to a bulk mail charge of $X.X per message.
This still will not fix the dial-up hit and run artists that plague our
networks
today. The only way to truly solve the spam issue is through
re-architecting
the email systems that are in use today to use some of the features to
prevent
this abuse. I know this sounds like a global peace pitch, but if there
were
a standard by which all mailers would follow that contained the feature
sets
needed to eradicate spamming then and only then may it be possible to
stop
spending valuable time and money fighting this issue. Even the threat of
federal
penalty is not enough to stop spammers, just look how hard it is for the
postal
service to track and prosecute clever mail fraud houses.
I guess what I am saying is that we and the developers of email and
other systems
that use these networks need to work together to solve these issues at
the product
layer. Waiting for legislation may turn out to be very frustrating and
in the mean
time the theft continues. Black holing while effective carries with it
other distasteful
side-effects/concerns as we have witnessed. We can toss around all the
legalese
we want to and will continue to be ineffective at significantly reducing
the problem.
This is just like CB radio, "who is gonna catch me?!" is what spammers
are saying
and they are right. When you have thousands of people abusing the system
it is
really difficult to prosecute them, so the system turns into a pestilent
pile of garbage.
I submit that is an engineering problem, waiting for lawyers and senators
will bring
the system down.
My bucks worth. The *real* issue is that spam steals bandwidth by
using more than an "average" users worth of bandwidth. Postal systems
the world over have a simple solution, one must buy a stamp first. I
am not advocating an email "pay before you use policy", however if one
were to look at the number of out-going messages that a "typical"
email user generates on any given day it likely on the order of <100.
Given this, if everyone's AUP stated that unless negotiated by said
user and ISP previously, that all out-going email exceeding <some
> would be subject to a bulk mail charge of $X.X per message.
Lots of ISPs seem to have such limits stated in their AUPs already but
many don't seem to have a decent way of enforcing them. To that end I
recently added the first part of a control that does just exactly that
to smail. It'll be in the next beta release. Of course a belligerent
spammer could still open many more consecutive (and concurrent)
connections to the relay host to try to bypass such limits but such
attempts will hopefully be far more visible to operators watching out
for trouble, and more advanced solutions could be implemented with
relative ease as well.