| < draft-ietf-run-spew-07.txt | draft-ietf-run-spew-08.txt > | |||
|---|---|---|---|---|
| IETF RUN Working Group Sally Hambridge/Intel | IETF RUN Working Group Sally Hambridge/Intel | |||
| draft-ietf-run-spew-07.txt Albert Lunde/Northwestern University | draft-ietf-run-spew-08.txt Albert Lunde/Northwestern University | |||
| November 1998 | April 1999 | |||
| DON'T SPEW | DON'T SPEW | |||
| A Set of Guidelines for Mass Unsolicited | A Set of Guidelines for Mass Unsolicited | |||
| Mailings and Postings (spam*) | Mailings and Postings (spam*) | |||
| Abstract | Abstract | |||
| This document explains why mass unsolicited electronic mail messages | This document explains why mass unsolicited electronic mail messages | |||
| are harmful in the Internetworking community. It gives a set of | are harmful in the Internetworking community. It gives a set of | |||
| guidelines for dealing with unsolicited mail for users, for system | guidelines for dealing with unsolicited mail for users, for system | |||
| administrators, news administrators, and mailing list managers. It | administrators, news administrators, and mailing list managers. It | |||
| also makes suggestions Internet Service Providers might follow. | also makes suggestions Internet Service Providers might follow. | |||
| Status of This Memo | Status of This Memo | |||
| This document is an Internet-Draft. Internet-Drafts are working | This document is an Internet-Draft and is in full conformance with | |||
| documents of the Internet Engineering Task Force (IETF), its areas, | all provisions of Section 10 of RFC2026. | |||
| and its working groups. Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. Comments on this draft should | Internet-Drafts are working documents of the Internet Engineering | |||
| be sent to ietf-run@mailbag.intel.com. | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | ||||
| Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet Drafts as reference | time. It is inappropriate to use Internet Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| To learn the current status of any Internet-Draft, please check the | The list of current Internet-Drafts can be accessed at | |||
| "1id-abstracts.txt" listing contained in the Internet Drafts Shadow | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), | ||||
| munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or | The list of Internet-Draft Shadow Directories can be accessed at | |||
| ftp.isi.edu (US West Coast). | http://www.ietf.org/shadow.html. | |||
| Comments on this draft should be sent to ietf-run@mailbag.intel.com. | ||||
| 1. Introduction | 1. Introduction | |||
| The Internet's origins in the Research and Education communities | The Internet's origins in the Research and Education communities | |||
| played an important role in the foundation and formation of Internet | played an important role in the foundation and formation of Internet | |||
| culture. This culture defined rules for network etiquette | culture. This culture defined rules for network etiquette | |||
| (netiquette) and communication based on the Internet's being | (netiquette) and communication based on the Internet's being | |||
| relatively off-limits to commercial enterprise. | relatively off-limits to commercial enterprise. | |||
| This all changed when U.S. Government was no longer the primary | This all changed when U.S. Government was no longer the primary | |||
| skipping to change at page 3, line 39 ¶ | skipping to change at page 3, line 43 ¶ | |||
| for Internet connectivity. However, the recipient ALSO has to pay | for Internet connectivity. However, the recipient ALSO has to pay | |||
| for Internet connectivity and possibly also connect time charges and | for Internet connectivity and possibly also connect time charges and | |||
| for disk space. For electronic mailings the recipient is expected to | for disk space. For electronic mailings the recipient is expected to | |||
| help share the cost of the mailing. Bulk Internet mail from the U.S. | help share the cost of the mailing. Bulk Internet mail from the U.S. | |||
| ends up costing the sender only about 1/100th of a cent per address; | ends up costing the sender only about 1/100th of a cent per address; | |||
| or FOUR ORDERS of magnitude LESS than bulk paper mailings! | or FOUR ORDERS of magnitude LESS than bulk paper mailings! | |||
| Of course, this cost model is very popular with those looking for | Of course, this cost model is very popular with those looking for | |||
| cheap methods to get their message out. By the same token, it's very | cheap methods to get their message out. By the same token, it's very | |||
| unpopular with people who have to pay for their messages just to find | unpopular with people who have to pay for their messages just to find | |||
| that their mailbox is full of junk mail. Consider this: if you had | that their mailbox is full of junk mail. Neither do they appreciate | |||
| to pay for receiving paper mail would you pay for junk mail? | being forced to spend time learning how to filter out unwanted | |||
| messages. Consider this: if you had to pay for receiving paper mail | ||||
| would you pay for junk mail? | ||||
| Another consideration is that the increase in volume of spam will | Another consideration is that the increase in volume of spam will | |||
| have an impact on the viability of electronic mail as a | have an impact on the viability of electronic mail as a | |||
| communications medium. If, when you went to your postal mail box you | communications medium. If, when you went to your postal mail box you | |||
| found four crates of mail, would you be willing to search through the | found four crates of mail, would you be willing to search through the | |||
| crates for the one or two pieces of mail which were not advertising? | crates for the one or two pieces of mail which were not advertising? | |||
| Spam has a tremendous potential to create this scenario in the | Spam has a tremendous potential to create this scenario in the | |||
| electronic world. | electronic world. | |||
| Frequently spammers indulge in unethical behavior such as using mail | Frequently spammers indulge in unethical behavior such as using mail | |||
| skipping to change at page 5, line 19 ¶ | skipping to change at page 5, line 24 ¶ | |||
| a legal issue so much as an ethical one. If you are tempted to send | a legal issue so much as an ethical one. If you are tempted to send | |||
| unsolicited "information" ask yourself these questions: "Whose | unsolicited "information" ask yourself these questions: "Whose | |||
| resources is this using?" "Did they consent in advance?" "What | resources is this using?" "Did they consent in advance?" "What | |||
| would happen if everybody (or a very large number of people) did | would happen if everybody (or a very large number of people) did | |||
| this?" "How would you feel if 90% of the mail you received was | this?" "How would you feel if 90% of the mail you received was | |||
| advertisements for stuff you didn't want?" "How would you feel if 95% | advertisements for stuff you didn't want?" "How would you feel if 95% | |||
| of the mail you received was advertisements for stuff you didn't | of the mail you received was advertisements for stuff you didn't | |||
| want?" "How would you feel if 99% of the mail you received was | want?" "How would you feel if 99% of the mail you received was | |||
| advertisements for stuff you didn't want?" | advertisements for stuff you didn't want?" | |||
| Although hard numbers on the volume and rate of increase of spam are | Although numbers on the volume and rate of increase of spam are not | |||
| not easy to find, seat-of-the-pants estimates from the people on spam | easy to find, seat-of-the-pants estimates from the people on spam | |||
| discussion mailing lists [1] indicate that unsolicited mail/posts | discussion mailing lists [1] indicate that unsolicited mail/posts | |||
| seems to be following the same path of exponential growth as the | seems to be following the same path of exponential growth as the | |||
| Internet as a whole [2]. This is NOT encouraging, as this kind of | Internet as a whole [2]. This is NOT encouraging, as this kind of | |||
| increase puts a strain on servers, connections, routers, and the | increase puts a strain on servers, connections, routers, and the | |||
| bandwidth of the Internet as a whole. On a per person basis, | bandwidth of the Internet as a whole. On a per person basis, | |||
| unsolicited mail is also on the increase, and individuals also have | unsolicited mail is also on the increase, and individuals also have | |||
| to bear the increasing cost of increasing numbers of unsolicited and | to bear the increasing cost of increasing numbers of unsolicited and | |||
| unwanted mail. People interested in hard numbers may want to point | unwanted mail. People interested in hard numbers may want to point | |||
| their web browsers to www.junkproof.com where the webmaster there | their web browsers to www.junkproof.com where the webmaster there | |||
| lists the number of spam messages he has filtered away from his | lists the number of spam messages he has filtered away from his | |||
| skipping to change at page 6, line 43 ¶ | skipping to change at page 6, line 48 ¶ | |||
| offensive. Now that you're good and mad, what's an appropriate | offensive. Now that you're good and mad, what's an appropriate | |||
| response? | response? | |||
| First, you always have the option to delete it and get on with your | First, you always have the option to delete it and get on with your | |||
| life. This is the easiest and safest response. It does not | life. This is the easiest and safest response. It does not | |||
| guarantee you won't get more of the same in the future, but it does | guarantee you won't get more of the same in the future, but it does | |||
| take care of the current problem. Also, if you do not read your mail | take care of the current problem. Also, if you do not read your mail | |||
| on a regular basis it is possible that your complaint is much too | on a regular basis it is possible that your complaint is much too | |||
| late to do any good. | late to do any good. | |||
| Second, you may consider sending the mail back to the originator | Second, consider strategies that take advantage of screening | |||
| technology. You might investigate technologies that allow you to | ||||
| filter unwanted mail before you see it. Some software allows you to | ||||
| scan subject lines and delete unwanted messages before you download | ||||
| them. Other programs can be configured to download portions of | ||||
| messages, check them to see if they are advertising (for example) and | ||||
| delete them before the whole message is downloaded. | ||||
| Also, your organization or your local Internet Service Provider may | ||||
| have the ability to block unwanted mail at their mail relay machines | ||||
| and thus spare you the hassle of dealing with it at all. It is worth | ||||
| inquiring about this possibility if you are the victim of frequent | ||||
| spam. | ||||
| Your personal mailer software may allow you to write rules defining | ||||
| what you do and do not wish to read. If so, write a rule which sends | ||||
| mail from the originator of the unwanted mail to the trash. This | ||||
| will work if one sender or site repeatedly bothers you. You may also | ||||
| consider writing other rules based on other headers if you are sure | ||||
| the probability of them being activated for non-spam is low enough. | ||||
| That way, although you may still have to pay to download it, you | ||||
| won't have to read it! | ||||
| Third, you may consider sending the mail back to the originator | ||||
| objecting to your being on the mailing-list; however, we recommend | objecting to your being on the mailing-list; however, we recommend | |||
| against this. First, a lot of spammers disguise who they are and | against this. First, a lot of spammers disguise who they are and | |||
| where their mail comes from by forging the mail headers. Unless you | where their mail comes from by forging the mail headers. Unless you | |||
| are very experienced at reading headers discovering the true origin | are very experienced at reading headers discovering the true origin | |||
| of the mail will probably prove difficult. Although you can engage | of the mail will probably prove difficult. Although you can engage | |||
| your local support staff to help you with this, they may have much | your local support staff to help you with this, they may have much | |||
| higher priorities (such as setting up site-wide filters to prevent | higher priorities (such as setting up site-wide filters to prevent | |||
| spam from entering the site). Second, responding to this email will | spam from entering the site). Second, responding to this email will | |||
| simply verify your address as valid and make your address more | simply verify your address as valid and make your address more | |||
| valuable for other (ab)uses (as was mentioned above in Section 3). | valuable for other (ab)uses (as was mentioned above in Section 3). | |||
| skipping to change at page 7, line 28 ¶ | skipping to change at page 8, line 9 ¶ | |||
| them as you object to the method they have chosen to conduct their | them as you object to the method they have chosen to conduct their | |||
| business (aka spam). Most responses through media other than | business (aka spam). Most responses through media other than | |||
| electronic mail (mostly by those who take the time to phone included | electronic mail (mostly by those who take the time to phone included | |||
| "800" (free to calling party in the U.S.) phone numbers) have proved | "800" (free to calling party in the U.S.) phone numbers) have proved | |||
| somewhat effective. You can also call the business the advertisement | somewhat effective. You can also call the business the advertisement | |||
| is for, ask to speak to someone in authority, and then tell them you | is for, ask to speak to someone in authority, and then tell them you | |||
| will never buy their products or use their services because their | will never buy their products or use their services because their | |||
| advertising mechanism is spam. | advertising mechanism is spam. | |||
| Next, you can carbon copy or forward the questionable mail messages | Next, you can carbon copy or forward the questionable mail messages | |||
| or news postings to the your postmaster. You can do this by sending | or news postings to your postmaster. You can do this by sending mail | |||
| mail "To: Postmaster@your-site.example." Your postmaster will be an | "To: Postmaster@your-site.example." Your postmaster should be an | |||
| expert at reading mail headers and will be able to tell if the | expert at reading mail headers and will be able to tell if the | |||
| originating address is forged. He or she may be able to pinpoint the | originating address is forged. He or she may be able to pinpoint the | |||
| real culprit and help close down the site. | real culprit and help close down the site. If your postmaster wants | |||
| to know about unsolicited mail, be sure s/he gets a copy, including | ||||
| headers. You will need to find out the local policy and comply. | ||||
| *** IMPORTANT *** | *** IMPORTANT *** | |||
| Wherever you send a complaint, be sure to include the full headers | Wherever you send a complaint, be sure to include the full headers | |||
| (most mail and news programs don't display the full headers by | (most mail and news programs don't display the full headers by | |||
| default). For mail it is especially important to show the | default). For mail it is especially important to show the | |||
| "Received:" headers. For Usenet news, it is the "Path:" header. | "Received:" headers. For Usenet news, it is the "Path:" header. | |||
| These normally show the route by which the mail or news was | These normally show the route by which the mail or news was | |||
| delivered. Without them, it's impossible to even begin to tell where | delivered. Without them, it's impossible to even begin to tell where | |||
| the message originated. See the appendix for an example of a mail | the message originated. See the appendix for an example of a mail | |||
| header. | header. | |||
| Your own organization or your local Internet Service Provider may | ||||
| have the ability to block unwanted mail at their mail relay machines. | ||||
| If your postmaster wants to know about unsolicited mail, be sure s/he | ||||
| gets a copy, including headers. You will need to find out the local | ||||
| policy and comply. | ||||
| If your personal mailer allows you to write rules, write a rule which | ||||
| sends mail from the originator of the unwanted mail to the trash. | ||||
| You may also consider writing other rules based on other headers if | ||||
| you are sure the probability of then being activated for non-spam is | ||||
| low enough. That way, although you still have to pay to download it, | ||||
| you won't have to read it! | ||||
| There is lively and ongoing debate about the validity of changing | There is lively and ongoing debate about the validity of changing | |||
| one's email address in a Web Browser in order to have Netnews posts | one's email address in a Web Browser in order to have Netnews posts | |||
| and email look as if it is originating from some spot other than | and email look as if it is originating from some spot other than | |||
| where it does originate. The reasoning behind this is that web email | where it does originate. The reasoning behind this is that web email | |||
| address harvesters will not be getting a real address when it | address harvesters will not be getting a real address when it | |||
| encounters these. There is reason on both sides of this debate: If | encounters these. There is reason on both sides of this debate: If | |||
| you change your address, you will not be as visible to the | you change your address, you will not be as visible to the | |||
| harvesters, but if you change your address, real people who need to | harvesters, but if you change your address, real people who need to | |||
| contact you will be cut off as well. Also, if you are using the | contact you will be cut off as well. Also, if you are using the | |||
| Internet through an organization such as a company, the company may | Internet through an organization such as a company, the company may | |||
| skipping to change at page 9, line 11 ¶ | skipping to change at page 9, line 26 ¶ | |||
| Check the Appendix for a detailed explanation of tools and | Check the Appendix for a detailed explanation of tools and | |||
| methodology to use when trying to chase down a spammer. | methodology to use when trying to chase down a spammer. | |||
| 4b. There's a Spam in My Group! | 4b. There's a Spam in My Group! | |||
| Netnews is also subject to spamming. Here several factors help to | Netnews is also subject to spamming. Here several factors help to | |||
| mitigate against the propagation of spam in news, although they don't | mitigate against the propagation of spam in news, although they don't | |||
| entirely solve the problem. Newsgroups and mailing lists may be | entirely solve the problem. Newsgroups and mailing lists may be | |||
| moderated, which means that a moderator approves all mail/posts. If | moderated, which means that a moderator approves all mail/posts. If | |||
| this is the case, the moderator usually acts as a filter to removed | this is the case, the moderator usually acts as a filter to remove | |||
| unwanted and off-topic posts/mail. | unwanted and off-topic posts/mail. | |||
| In Netnews there are programs which detect posts which have been sent | In Netnews there are programs which detect posts which have been sent | |||
| to multiple groups or which detect multiple posts from the same | to multiple groups or which detect multiple posts from the same | |||
| source to one group. These programs cancel the posts. While these | source to one group. These programs cancel the posts. While these | |||
| work and keep unsolicited posts down, they are not 100% effective and | work and keep unsolicited posts down, they are not 100% effective and | |||
| spam in newsgroups seems to be growing at an even faster rate than | spam in newsgroups seems to be growing at an even faster rate than | |||
| spam in mail or on mailing lists. After all, it's much easier to | spam in mail or on mailing lists. After all, it's much easier to | |||
| post to a newsgroup for which there are thousands of readers than it | post to a newsgroup for which there are thousands of readers than it | |||
| is to find individual email addresses for all those folks. Hence the | is to find individual email addresses for all those folks. Hence the | |||
| skipping to change at page 9, line 42 ¶ | skipping to change at page 10, line 9 ¶ | |||
| send cancels. Still spam gets through, so what can a concerned | send cancels. Still spam gets through, so what can a concerned | |||
| netizen do? | netizen do? | |||
| If there is a group moderator, make sure s/he knows that off-topic | If there is a group moderator, make sure s/he knows that off-topic | |||
| posts are slipping into the group. If there is no moderator, you | posts are slipping into the group. If there is no moderator, you | |||
| could take the same steps for dealing with news as are recommended | could take the same steps for dealing with news as are recommended | |||
| for mail with all the same caveats. | for mail with all the same caveats. | |||
| A reasonable printed reference one might obtain has been published by | A reasonable printed reference one might obtain has been published by | |||
| O'Reilly and Associates, _Stopping Spam_, by Alan Schwartz and Simson | O'Reilly and Associates, _Stopping Spam_, by Alan Schwartz and Simson | |||
| Garfinkel [4] . This book also has interesting histories of spammers | Garfinkel [4]. This book also has interesting histories of spammers | |||
| such as Cantor and Siegel, and Jeff Slaton. It gives fairly clear | such as Cantor and Siegel, and Jeff Slaton. It gives fairly clear | |||
| instructions for filtering mail and news. | instructions for filtering mail and news. | |||
| 5. Help for Beleaguered Admins | 5. Help for Beleaguered Admins | |||
| As a system administrator, news administrator, local Postmaster, or | As a system administrator, news administrator, local Postmaster, or | |||
| mailing-list administrator, your users will come to you for help in | mailing-list administrator, your users will come to you for help in | |||
| dealing with unwanted mail and posts. First, find out what your | dealing with unwanted mail and posts. First, find out what your | |||
| institution's policy is regarding unwanted/unsolicited mail. It is | institution's policy is regarding unwanted/unsolicited mail. It is | |||
| possible that it won't do anything for you, but it is also possible | possible that it won't do anything for you, but it is also possible | |||
| skipping to change at page 10, line 23 ¶ | skipping to change at page 10, line 38 ¶ | |||
| Make sure that your mail and news transports are configured to reject | Make sure that your mail and news transports are configured to reject | |||
| messages injected by parties outside your domain. Recently | messages injected by parties outside your domain. Recently | |||
| misconfigured Netnews servers have become subject to hijacking by | misconfigured Netnews servers have become subject to hijacking by | |||
| spammers. SMTP source routing <@relay.host:user@dest.host> is | spammers. SMTP source routing <@relay.host:user@dest.host> is | |||
| becoming deprecated due to its overwhelming abuse by spammers. You | becoming deprecated due to its overwhelming abuse by spammers. You | |||
| should configure your mail transport to reject relayed messages (when | should configure your mail transport to reject relayed messages (when | |||
| neither the sender nor the recipient are within your domain). Check: | neither the sender nor the recipient are within your domain). Check: | |||
| http://www.sendmail.org/ | http://www.sendmail.org/ | |||
| under the "Anti-Spam" heading. Your firewall should prohibit SMTP | under the "Anti-Spam" heading. | |||
| (mail) and NNTP (news) connections from clients within your domain to | ||||
| outside servers. If your firewall is a gateway host that itself | ||||
| contains an NNTP server ensure that it is configured so it does not | ||||
| allow access from external sites except your news feeds. If your | ||||
| firewall acts as a proxy for an external news-server ensure that it | ||||
| does not accept NNTP connections other than from your internal | ||||
| network. Both these potential holes have recently been exploited by | ||||
| spammers. Ensure that messages generated within your domain have | ||||
| proper identity information in the headers, and users cannot forge | ||||
| headers. Be sure your headers have all the correct information as | ||||
| stipulated by RFC 822 [5] and RFC 1123 [6]. | ||||
| If you are running a mailing-list, be sure to allow postings by | If you run a firewall at your site, it can be configured in ways to | |||
| subscribers only. Make sure your charter forbids any off-topic | discourage spam. For example, if your firewall is a gateway host | |||
| posts. There is another spam-related problem with mailing-lists | that itself contains an NNTP server, ensure that it is configured so | |||
| which is that spammers like to retaliate on those who work against | it does not allow access from external sites except your news feeds. | |||
| them by mass-subscribing their enemies to mailing-lists. Your | If your firewall acts as a proxy for an external news-server, ensure | |||
| mailing-list software should require confirmation of the | that it does not accept NNTP connections other than from your | |||
| subscription, and only then should the address be subscribed. | internal network. Both these potential holes have recently been | |||
| exploited by spammers. Ensure that email messages generated within | ||||
| your domain have proper identity information in the headers, and that | ||||
| users cannot forge headers. Be sure your headers have all the | ||||
| correct information as stipulated by RFC 822 [5] and RFC 1123 [6]. | ||||
| If you have the capability (are running a mail transfer agent which | If you are running a mailing-list, allowing postings only by | |||
| allows it) consider blocking persistant offending sites from ever | subscribers means a spammer would actually have to join your list | |||
| getting mail into your site. Be careful not to block out sites for | before sending spam messages, which is unlikely. Make sure your | |||
| which you run MX records! It is a well-known problem that offenders | charter forbids any off-topic posts. There is another spam-related | |||
| create domains more quickly than postmasters can block them. Also, | problem with mailing-lists which is that spammers like to retaliate | |||
| on those who work against them by mass-subscribing their enemies to | ||||
| mailing-lists. Your mailing-list software should require | ||||
| confirmation of the subscription, and only then should the address be | ||||
| subscribed. | ||||
| It is possible, if you are running a mail transfer agent that allows | ||||
| it, to block persistant offending sites from ever getting mail into | ||||
| your site. However, careful consideration should be taken before | ||||
| taking that step. For example, be careful not to block out sites for | ||||
| which you run MX records! In the long run, it may be most useful to | ||||
| help your users learn enough about their mailers so that they can | help your users learn enough about their mailers so that they can | |||
| write rules to filter their own mail, or provide rules and kill files | write rules to filter their own mail, or provide rules and kill files | |||
| for them to use. | for them to use, if they so choose. | |||
| There is information about how to "blackhole" netblocks at | There is information about how to configure sendmail available at | |||
| "maps.vix.com." There is information about how to configure sendmail | "www.sendmail.org." Help is also available at "spam.abuse.net." | |||
| available at "www.sendmail.org." Help on these problems is also | ||||
| available at "spam.abuse.net." | ||||
| Use well-known Internet tools, such as whois and traceroute to find | Another good strategy is to use Internet tools such as whois and | |||
| which ISP is serving your problem site. Notify the postmaster or | traceroute to find which ISP is serving your problem site. Notify | |||
| abuse (abuse@offending-domain.example) address that they have an | the postmaster or abuse (abuse@offending-domain.example) address that | |||
| offender. Be sure to pass on all header information in your messages | they have an offender. Be sure to pass on all header information in | |||
| to help them with tracking down the offender. If they have a policy | your messages to help them with tracking down the offender. If they | |||
| against using their service to post unsolicited mail they will need | have a policy against using their service to post unsolicited mail | |||
| more than just your say-so that there is a problem. Also, the | they will need more than just your say-so that there is a problem. | |||
| "originating" site may be a victim of the offender as well. It's not | Also, the "originating" site may be a victim of the offender as well. | |||
| unknown for those sending this kind of mail to bounce their mail | It's not unknown for those sending this kind of mail to bounce their | |||
| through dial-up accounts, or off unprotected mail servers at other | mail through dial-up accounts, or off unprotected mail servers at | |||
| sites. Use caution in your approach to those who look like the | other sites. Use caution and courtesy in your approach to those who | |||
| offender. | look like the offender. | |||
| News spammers use similar techniques for sending spam to the groups. | News spammers use similar techniques for sending spam to the groups. | |||
| They have been known to forge headers and bounce posts off "open" | They have been known to forge headers and bounce posts off "open" | |||
| news machines and remailers to cover their tracks. During the height | news machines and remailers to cover their tracks. During the height | |||
| of the infamous David Rhodes "Make Money Fast" posts, it was not | of the infamous David Rhodes "Make Money Fast" posts, it was not | |||
| unheard of for students to walk away from terminals which were logged | unheard of for students to walk away from terminals which were logged | |||
| in, and for sneaky folks to then use their accounts to forge posts. | in, and for sneaky folks to then use their accounts to forge posts, | |||
| Much to the later embarrassment of both the student and the | much to the later embarrassment of both the student and the | |||
| institution. | institution. | |||
| One way to lessen problems is to avoid using mail-to URLs, which | One way to lessen problems is to avoid using mail-to URLs on your web | |||
| allow email addresses to be easily harvested by those institutions | pages. They allow email addresses to be easily harvested by those | |||
| grabbing email addresses off the web. If you need to have an email | institutions grabbing email addresses off the web. If you need to | |||
| address prevalent on a web page, consider using a cgi script to | have an email address prevalent on a web page, consider using a cgi | |||
| generate the mailto address. | script to generate the mailto address. | |||
| Participate in mailing lists and news groups which discuss | Participate in mailing lists and news groups which discuss | |||
| unsolicited mail/posts and the problems associated with it. | unsolicited mail/posts and the problems associated with it. | |||
| News.admin.net-abuse.misc is probably the most well-known of these. | News.admin.net-abuse.misc is probably the most well-known of these. | |||
| 6. What's an ISP to Do | 6. What's an ISP to Do | |||
| As an ISP, you first and foremost should decide what your stance | As an Internet Service Provider, you first and foremost should decide | |||
| against unsolicited mail and posts should be. If you decide not to | what your stance against unsolicited mail and posts will be. If you | |||
| tolerate unsolicited mail, write a clear Acceptable Use Policy which | decide not to tolerate unsolicited mail, write a clear Acceptable Use | |||
| states your position and delineates consequences for abuse. If you | Policy which states your position and delineates consequences for | |||
| state that you will not tolerate use of your resource for unsolicited | abuse. If you state that you will not tolerate use of your resource | |||
| mail/posts, and that the consequence will be loss of service, you | for unsolicited mail/posts, and that the consequence will be loss of | |||
| should be able to cancel offending accounts relatively quickly (after | service, you should be able to cancel offending accounts relatively | |||
| verifying that the account really IS being mis-used). If you have | quickly (after verifying that the account really IS being mis-used). | |||
| downstreaming arrangements with other providers, you should make sure | If you have downstreaming arrangements with other providers, you | |||
| they are aware of any policy you set. Likewise, you should be aware | should make sure they are aware of any policy you set.. Likewise, you | |||
| of your upstream providers' policies. | should be aware of your upstream providers' policies. | |||
| Consider limiting access for dialup accounts so they cannot be used | Consider limiting access for dialup accounts so they cannot be used | |||
| by those who spew. Make sure your mail servers aren't open for mail | by those who spew. Make sure your mail servers aren't open for mail | |||
| to be bounced off them (except for legitimate users). Make sure your | to be bounced off them (except for legitimate users). Make sure your | |||
| mail transfer agents are the most up-to-date version (which pass | mail transfer agents are the most up-to-date version (which pass | |||
| security audits) of the software. | security audits) of the software. | |||
| Educate your users about how to react to spew and spewers. Make sure | Educate your users about how to react to spew and spewers. Make sure | |||
| instructions for writing rules for mailers are clear and available. | instructions for writing rules for mailers are clear and available. | |||
| Support their efforts to deal with unwanted mail at the local level - | Support their efforts to deal with unwanted mail at the local level - | |||
| taking some of the burden from your sys admins. | taking some of the burden from your system administrators. | |||
| Make sure you have an address for abuse complaints. If complainers | Make sure you have an address for abuse complaints. If complainers | |||
| can routinely send mail to "abuse@BigISP.example" and you have | can routinely send mail to "abuse@BigISP.example" and you have | |||
| someone assigned to read that mail, workflow will be much smoother. | someone assigned to read that mail, workflow will be much smoother. | |||
| Don't require people complaining about spam to use some unique local | Don't require people complaining about spam to use some unique local | |||
| address for complaints. Read and use 'postmaster' and 'abuse'. We | address for complaints. Read and use 'postmaster' and 'abuse'. We | |||
| recommend adherence to RFC 2142, _Mailbox Names for Common Services, | recommend adherence to RFC 2142, _Mailbox Names for Common Services, | |||
| Roles and Functions._ [7]. | Roles and Functions._ [7]. | |||
| Finally, write your contracts and terms and conditions in such | Finally, write your contracts and terms and conditions in such | |||
| skipping to change at page 12, line 46 ¶ | skipping to change at page 13, line 15 ¶ | |||
| http://spam.abuse.net/goodsites/index.html. | http://spam.abuse.net/goodsites/index.html. | |||
| Legally, you may be able to stop spammers and spam relayers, but this | Legally, you may be able to stop spammers and spam relayers, but this | |||
| is certainly dependent on the jurisdictions involved. Potentially, | is certainly dependent on the jurisdictions involved. Potentially, | |||
| the passing of spam via third party computers, especially if the | the passing of spam via third party computers, especially if the | |||
| headers are forged, could be a criminal action depending on the laws | headers are forged, could be a criminal action depending on the laws | |||
| of the particular jurisdiction(s) involved. If your site is being | of the particular jurisdiction(s) involved. If your site is being | |||
| used as a spam relay, be sure to contact local and national criminal | used as a spam relay, be sure to contact local and national criminal | |||
| law enforcement agencies. Site operators may also want to consider | law enforcement agencies. Site operators may also want to consider | |||
| the bringing of civil actions against the spammer for expropriation | bringing civil actions against the spammer for expropriation of | |||
| of property, in particular the computer time and network bandwidth. | property, in particular the computer time and network bandwidth. In | |||
| In addition, when a mailing list is involved, there is a potential | addition, when a mailing list is involved, there is a potential | |||
| intellectual property rights violation. | intellectual property rights violation. | |||
| There are a few law suits in the courts now which claim spammers | There are a few law suits in the courts now which claim spammers | |||
| interfered with and endangered network connectivity. At least one | interfered with and endangered network connectivity. At least one | |||
| company is attempting to charge spammers for the use of its networks | company is attempting to charge spammers for the use of its networks | |||
| (www.kclink.com/spam/). | (www.kclink.com/spam/). | |||
| 7. Security Considerations | 7. Security Considerations | |||
| Certain actions to stop spamming may cause problems to legitimate | Certain actions to stop spamming may cause problems to legitimate | |||
| skipping to change at page 13, line 37 ¶ | skipping to change at page 14, line 6 ¶ | |||
| in NNTP servers. This can lead to denial of service, either from the | in NNTP servers. This can lead to denial of service, either from the | |||
| sheer volume of posts, or as a result of action taken by upstream | sheer volume of posts, or as a result of action taken by upstream | |||
| providers. | providers. | |||
| 8. Acknowledgments | 8. Acknowledgments | |||
| Thanks for help from the IETF-RUN working group, and also to all the | Thanks for help from the IETF-RUN working group, and also to all the | |||
| spew-fighters. Specific thanks are due to J.D. Falk, whose very | spew-fighters. Specific thanks are due to J.D. Falk, whose very | |||
| helpful Anti-spam FAQ proved valuable. Thanks are also due to the | helpful Anti-spam FAQ proved valuable. Thanks are also due to the | |||
| vigilance of Scott Hazen Mueller and Paul Vixie, who run | vigilance of Scott Hazen Mueller and Paul Vixie, who run | |||
| spam.abuse.net/, the Anti-spam web site. Thanks also to Jacob Palme, | spam.abuse.net, the Anti-spam web site. Thanks also to Jacob Palme, | |||
| Chip Rosenthal, Karl Auerbach for specific text: Jacob for the | Chip Rosenthal, Karl Auerbach for specific text: Jacob for the | |||
| Security Considerations section, Chip for the configuration | Security Considerations section, Chip for the configuration | |||
| suggestions in section 5, Karl for the legal considerations. Andrew | suggestions in section 5, Karl for the legal considerations. Andrew | |||
| Gierth was very helpful with Netnews spam considerations. And thanks | Gierth was very helpful with Netnews spam considerations. And thanks | |||
| to Gary Malkin for proofing and formatting. | to Gary Malkin for proofing and formatting. | |||
| 9. References | 9. References | |||
| [1] See for example spam-l@peach.ease.lsoft.com | [1] See for example spam-l@peach.ease.lsoft.com | |||
| skipping to change at page 15, line 21 ¶ | skipping to change at page 16, line 21 ¶ | |||
| system/domain, or both. | system/domain, or both. | |||
| As a result, it may be necessary to look carefully at the headers of | As a result, it may be necessary to look carefully at the headers of | |||
| a message to see what parts are most reliable, and/or to complain to | a message to see what parts are most reliable, and/or to complain to | |||
| the second or third-level Internet providers who provide Internet | the second or third-level Internet providers who provide Internet | |||
| service to a problem domain. | service to a problem domain. | |||
| In many cases, getting reports with full headers from various | In many cases, getting reports with full headers from various | |||
| recipients of a spam can help locate the source. In extreme cases of | recipients of a spam can help locate the source. In extreme cases of | |||
| header forgery, only examination of logs on multiple systems can | header forgery, only examination of logs on multiple systems can | |||
| trace the source or a message. | trace the source of a message. | |||
| With only one message in hand, one has to make an educated guess as | With only one message in hand, one has to make an educated guess as | |||
| to the source. The following are only rough guidelines. | to the source. The following are only rough guidelines. | |||
| In the case of mail messages, "Received:" headers added by systems | In the case of mail messages, "Received:" headers added by systems | |||
| under control of the destination organization are most likely to be | under control of the destination organization are most likely to be | |||
| reliable. You can't trust what the source domain calls itself, but | reliable. You can't trust what the source domain calls itself, but | |||
| you can usually use the source IP address since that is determined by | you can usually use the source IP address since that is determined by | |||
| the destination domain's server. | the destination domain's server. | |||
| End of changes. 24 change blocks. | ||||
| 100 lines changed or deleted | 119 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||