[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Anti-spam laws do work, FYI. There's proof.

To: "ASRG list" <asrg at ietf.org>
Subject: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
From: "Brian Bruns" <bruns at 2mbit.com>
Date: Sun, 1 Aug 2004 17:40:28 -0400
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
References: <200407310016.i6V0GI423821@panix5.panix.com><025401c476a4$37019060$3201a8c0@rasta><200407310249.i6V2nQD20376@panix5.panix.com><410BF27A.2000900@queernet.org><20040801045834.GA4740@m450><410CA8FB.2040503@queernet.org><004e01c477f5$bc67d230$7ad11342@2mbit.com> <Pine.LNX.4.60.0408011231350.18006@cwhois1.completewhois.com>
Sender: asrg-bounces at ietf.org

On Sunday, August 01, 2004 3:54 PM [EST], William Leibzon wrote:

> Courts have disagreed with this opinion. They said that provider
should
> give prior warning to adding new restrictions to its service and
give
> to customer who does not agree an option to leave the service. But
they
> do not require every ISP to provide end-users filtered and
unfiltered
> services (though some ISPs may do so in order to keep customers who
would
> otherwise leave). In view of courts existance of other companies
providing
> same services is consistant with giving customer choice of what
service
> they want to buy and if it is to be filtered or unfiltered, etc.

As long as the provider is operating within the rights expressed in
their TOS/AUP that the end user agreed to when they signed up, the
provider is doing nothing wrong or illegal.

> I disagree. My standard view is that as a customer I have a right to
> demand how services I buy are provided and I have right to know full
> details of the services prior to buying it. I've ran my ISP business
> that way and listened to what my customers were expecting. If I
could not
> accomodate or thought it was not in their best interest, I would
tell
> them about and why.

When you buy services from someone, you should read the fine print in
everything, and not just blindly sign up.  If you signup, without
bothering to ask questions of the provider you plan to go with, that
is your own fault.  Last time I had to buy bandwidth/address space for
one of my locations, I spent hours on end going over every minute
detail of how they would handle things like port scanning reports,
etc.  Most if not all of the major providers have a sales desk to
answer questions you might have, and get you in contact with a tech if
necessary to answer questions they do not know.

If someone says 'spam protected e-mail', and you don't bother to ask
about their protection methods, and you lose legit mail, how is that
the providers' fault?

> This is emergency clause, not usually applied. If there is large
broadcast
> attack (lets say due to a virus) on certain port that is causing
problems
> for ISP equipment and have possibility to shut down entire service,
that
> port would be filtered even if used by some customers.

With spam, every day its a attack, and I know smaller providers that
must make tradeoffs at times in their level of service to keep their
systems going.  Sometimes you don't have a choice.  I have pretty
bulky systems providing my mail services, and even they can't handle
the load at times, even with tons of blocking in place.

This is why providers have been foced to shut down outbound port 25
within the past few years - because customers that couldn't be
bothered to actually learn how to use the computer and keep it updated
let their systems get comprimised and those machines then saturate the
provider's routers/peering points/etc.

In the case of e-mail, it is BEST EFFORT.  There never was, and never
will be any guarantee that e-mail will be as reliable as the phone
service or water service, for example.  Anyone that depends on e-mail
for mission critical business things needs to have arrangements setup
with whatever providers/businesses they communicate with to either
have dedicated tunnels, or whitelisting, or whatever to make it
possible to have reliable service.

For the critical stuff I do between me and my affiliates/partners, we
have dedicated VPN tunnels between the mail servers which allow them
to communicate securely and freely (with whitelisting, firewall bypass
rules, etc) without running the risk of losing mail due to blacklist
entries or malfunctioning spam filters.

You can thank the spammers for the fact e-mail can't be considered
reliable or mission crticial.

> Certainly. As end-service provider you have right to filter unwanted
traffic
> any way you see fit as long as your customers and users of your
service
> are aware of what you're doing.

Thats why they use the services I offer, and thats why they trust my
judgement.  They accept the fact that there may be false positives,
and they know they can contact me either via e-mail, phone, IM,
whatever to let me know of any concerns they have, and we'll see about
getting the problem fixed.  They also understand that they can not
depend on e-mail for stuff which may seriously harm their daily
business activities.

I know I'm in ranting mode, but I have very strong feelings about
people putting the blame on ISPs for lost e-mail.  If you want
complete and absolute control over your e-mail, here is what you do:

Setup your own mail server.

If e-mail means that much to your business, why are you entrusting
your entire company to the hands of someone else?

I run the AHBL.  I hear every day from people who tell me that I'm
hurting their business and how I am anti-business, etc, blah blah
blah.  I tell them exactly what I said above.  If your provider is
causing you to lose legit e-mail or not be able to contact other
people, why are you still with them?

-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The Abusive Hosts Blocking List
http://www.ahbl.org

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Roger B.A. Klorese

References:
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Seth Breidbart
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: David Wall
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Seth Breidbart
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Roger B.A. Klorese
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Walter Dnes
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Roger B.A. Klorese
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: Brian Bruns
- Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
  - From: William Leibzon

Prev by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by Date: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Previous by thread: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Next by thread: Re: [Asrg] Anti-spam laws do work, FYI. There's proof.
Index(es):
- Date
- Thread