[Techtalk] Over-zealous spam filtering (by Raven's ISP?)

Maria Blackmore mariab at cats.meow.at
Sun Sep 22 23:21:32 EST 2002 

On Sat, 21 Sep 2002, Raven Brooke wrote:
> I'm sorry if the filtering on our mailservers has inconvenienced anyone on 
> the linuxchiq lists. For more detailed information about the situation, 
> please point your browser at:
> 
> http://banned-for-spamming.us/about-the-spam-policy.txt

Hmm.

I've read through this

To be honest, as an abuse contact at an ISP, I feel really quite annoyed
about this.

How the hell am I supposed to know that one of our customers is sending
spam unless you *tell*me* ?

Neither me nor our smarthosts are psychic.

> On Fri, 20 Sep 2002, James wrote:
> > permanent, unless you contact them by snail-mail (not online) to object!
> 
> it wouldn't be very practical to expect them to email after we had blocked 
> their domain,

What is wrong with email from postmaster@$domain, or to
postmaster@$yourdomain?

> and we certainly aren't going to provide known spammers with a webform
> or other additional means to continue targeting us.

Well, considering that the person that sent the spam is never going to see
the rude message, what does it matter?

> > (It's also pretty rude: "553 ##### YOU HAVE BEEN SHIT-LISTED **..." - 
> > hardly a helpful message to send other Net users!
> 
> I'm sorry if this offended you, but if you saw even a small percentage of 
> the "XXX These women will actually fsck animals! XXX" mails that caused us 
> to create the banned-for-spamming.us domain you might agree that this is a 
> very mild response.

Sorry, I do get those emails, and I still don't agree.

Two wrongs do not make a right.

This seems to me like a very angry response, lashing out without focus.

> > Among others, they have blocked ALL mail from: Chello, the largest cable
> > ISP in Holland; Rogers cable; CharterPipeline; *.co.jp;  Eudoramail.com;
> > GMX; the University of Waterloo, Canada; Wanadoo, France's broadband ISP -
> > with filters like that, does ANY mail get through?!
> 
> yup, all these offenders are guilty, guilty guilty of sending unsolicited 
> and sometimes highly offensive material to us and/or our friends, family 
> (including our teenage children) and the few others who share our 
> mailserver. They bring this stuff in our home once, we don't invite 'em 
> back.

Except they're not though, are they?

They're ISPs, they're being paid for a service, it's none of their
business what the content of the email is, they are being paid to send the
email to the destination.

You're shooting the messenger, and you're shooting the messenger in such a
way that word never gets back that the messenger was shot.

You're blaming completely the wrong organisation here.

The ISPs do NOT know that any one particular user has sent spam, you have
to TELL THEM.  This message contains no useful information and is in
itself abusive.

> Once again James, I apologise if you or anyone on the list was 
> inconvenienced. Thank you for being concerned :-)

My concern here is that this is going to become a more widely adopted
practice, especially with such an abusive bounce response.

This is thoroughly the wrong way to go about this.

ISPs need to be told when their users are sending spam, we don't magically
know.  Where I work we have statistics on email sent through the mail
servers ... but how do we know if the spike of 5000 emails from a single
user is someone sending spam, a customer with an open relay, or a
legitimate customer that is sending email out to a mailing list that their
customers are subscribed to?

This message is *NOT* helpful.

By all means, refuse messages from an ISP, but you have to do three
things.  You have to tell the ISP that you are doing this, you have to
tell them why you are doing this, and then you have to provide a means for
the ISP to tell you that they have eliminated the problem.

The thought occurs that a suitably petty response to this petty action is
for some large ISP to advertise your netblock(s) via BGP, and then null
route them.  The reason for this is that I am pretty certain that that
bounce message must violate at least a few acceptable use policies, and
also violates the Telecommunications Act 1984, here in England and Wales,
which states that it is an offence to send

	'by means of a public telecommunications system,
	a message or other matter that is grossly offensive
	or of an indecent, obscene or menacing character'.

The act itself is available online here:
http://www.communicationsbill.gov.uk/legislation/Telecommunications_Act_1984.doc
I can't seem to find a more friendly format, but google does a good job of
rendering it as HTML.

Just my .. hmm .. must be a good 4p by now :)

As always these are my own comments, and in no way related to my employer.

Maria

More information about the Techtalk mailing list