What's going on?

[ Speaking only for myself. ]

DIGEX's acceptable use policies prohibit customers spamming through
DIGEX connections (whether individual dialup, leased line, or webserver
hosting), _and_ they prohibit customers from advertising services
hosted on DIGEX connections in a manner that violates DIGEX's
no-spam policies or the AUP of another provider. We also explicitly
prohibit customers from advertising in a manner that violates the
Federal Trade Commision's Deception Policy Statement.

This prevents somebody from reaping the benefits of a spam, regardless
of where it originated from. It also means that even if the other
provider doesn't take a responsible attitude towards his customers,
the Internet community still has a second line of defense. It means
that unethical businessmen can't go get throwaway Juno/CompuServe/etc.
accounts, spam from them with the full knowledge that the accounts
are going to be immediately cancelled, and pay nothing for the

The policy is at http://www.access.digex.net/~policy/digex-aup.html
for the curious.

I certainly don't advocate hacker attacks on AGIS, if indeed AGIS was
actually the subject of a denial of service attack. But I do think
that AGIS, as a backbone provider, needs to take a more responsible
attitude. When I log into my mail servers in the morning and find that
my mail queue is jammed with fifteen thousand CyberPromo ads and
legitimate customer traffic is slowed or stalled, as far as I'm
concerned, that's something just short of a denial of service attack
originating from AGIS netblocks.

While it's clear that, right now, ISPs aren't really legally
responsible for the behavior of their customers, from the standpoint
of good business relations and the general cooperative attitude of
the Internet, it seems irresponsible for a provider to fail to
terminate customers who are obviously abusive.

I'm currently working on a sendmail hack that will deal with only
accepting relays from certain netblocks, expressed in IP prefix
notation (the current sendmail capability of specifying, say,
204.91.98, is inadequate for me, since we have customers to have less
than /24s). Until then, CyberPromo is my daily headache. Those people
ought to be sued off the earth for theft of service.

Now let's just say the whole world adopted DIGEX's policy in full.

Playing Devil's advocate, what if....

To remove a site from the internet [competitor, bad guy, good guy, enemy,
let your imagination run wild]... What is keeping someone from spamming
half a dozen or so sites (just enough to get noticed) with the line
"please visit site 'http://www.xyz.com' for more information."

To add spice to the pot, what if the message were deliberately worded to
look like an ad for www.xyz.com, even if www.xyz.com had no connection
with this ad? Since SPAM by its very nature is difficult to trace
thoroughly and the information is not very useful to prevent future
attacks, I think its important to mention/cover situations like this.

I am sure we have seen all kinds of crap, from people forging mail to
appear from a legitimate NSPs' support mailbox to (of course) the behavior
above. How would one incorporate this sort of behavior into a fair AUP?