Yes, but who do you send the bill to? Especially in the case of a
spammer residing at a dynamically-assigned IP address? The upstream ISP
will investigate, and maybe turn off their account, and will send your
bill back with "ROTFL" stamped on on (Assuming they don't just throw it
out)
On Mon, 25 Sep 2000, Jason Robertson wrote:
>
> I have a simpler method of this, add to the SMTP Banner that unlawful use of
> the server will be prosecuted, and that uses for such things as spam will be
> billed.
>
> Second time hosts that spam our domain receive bills from me at $100/email
> (hrm thinking back I should change that to $100/second since I have it
> scripted and most spams take me about 5 minute to track down now)
> That includes parsing headers, checking for relays, whois on all hosts,
> checking for valid email addresses, and checking for websites. And then
> proceeding to write up the complaint. My only job after this is to verify the e-
> mail and to send it out.
>
> This has reduced some of our spam level because it does get costly for
> some spammers.
>
>
> On 25 Sep 2000, at 11:48, Paul Robinson wrote:
>
> > On Fri, 22 Sep 2000, Dave C. wrote:
> >
> > > I have put in reports to the appropriate ISP's, along with requests
> > > that they provide me with identification and contact information of the
> > > responsible idiot. I really want to call this schmuck and ask him if he
> > > can come up with any pittance of a reason I shouldn't sue him into the
> > > ground or file criminal trespass charges. I'm not very hopeful that
> > > they will do so, 'user privacy' and all.
> >
> > Well, in the UK at least there is this really handy law called the Data
> > Protection Act which means that would be just plain illegal. In fact, the fact
> > you want to phone him up is just plain stupid. If you plan to take it further
> > within the bounds of the law, you phoning him is not going to look good in
> > court. In fact, you'll probably do some time yourself for harrassing the guy. I
> > would strongly advise you to contact the police. In the UK, you want the
> > Computer Crime Unit at Scotland Yard.
> >
> > > While I can understand their position (I work for an ISP too), I'm
> > > curious why spammers deserve to have their identity protected? Couldn't
> >
> > Because everybody has the right to privacy. If I say I don't agree with you
> > posting to this mailing list, and I am the accounts manager for your upstream
> > provider, am I entitled to post your full name, home address, 24 hour contact
> > number and credit card details to this list?
> >
> > > ISP's include language in their TOS/AUP which said that users agreed
> > > that if they were caught in the act of gross network abuse, that their
> > > ID and contact info would be shared with their victims? Wouldnt this
> > > help cut way down on spam?
> >
> > No. It would increase it dramatically in the short term, and would keep it
> > level in the medium to long term. This would be because the victims would spam
> > the spammer back, the spammer would throw a few thousand mails into the ISP
> > admin's accounts as a complaint, the ISP admin would send copious amounts of
> > mail to the spammer's new ISP to get him to shut up, and Usenet would be flooded
> > with people arguing as to wtf was going on. In short, to be honest, it's a
> > pretty terrible idea. Technical solutions are better than political ones in this
> > context, and your solution is 100% political with no consideration towards the
> > technical or even legal aspects of such a solution.
> >
> > > I'm all in favor of the right to anonymity and privacy on the Internet
> > > - but I am not in favor of the right to anonymously abuse servers and
> > > networks.
> >
> > Once you say anonymity is OK in all areas but *one* people quickly increase that
> > to two areas, then four, then ten, and so on. I hate the cliche, but it's the
> > thin end of the wedge. People either have the right to anonymity, or they don't.
> > You can't have your cake and eat it.
> >
> > > (Eg, to take this case as an example, if you fail a HELO syntax check,
> > > say, 5 times, within a 5 minute period, I refuse connections from you
> > > for an hour)
> >
> > That would be rather difficult to do if you think about it, because you are then
> > having to create a sense of state over a period of time. In effect, you would
> > have to be aware of every host that said HELO in the previous five minutes, and
> > how many times. If you're a large ISP this performance hit is going to be too
> > big, and if you have more than a few thousand accounts locally then you can
> > expect that amount of traffic from sites like freeserve in the UK, AOL, Demon,
> > et al quite easily.
> >
> > --
> > Paul Robinson - Internet Services @ Akita - http://www.akita.co.uk
> > ------------------------------------------------------------------
> > Sales:- T: 01869 337088 F: 01869 337488 E: sales@???
> > Techs:- T: 0161 228 6388 F: 0161 228 6389 E: root@???
> > ------------------------------------------------------------------
> >
> >
> >
> >
>
>
>
> ---
> Jason Robertson
> Network Analyst
> jason@???
> http://www.astroadvice.com
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--
