|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: anti-spam vs network abuse
At 12:56 PM 2/28/2003, Paul Vixie wrote: Paul raises good questions about the level of response to incoming SMTP traffic. If contacted for transmission of SMTP, do you have the right to go probe the sending system for all possible vulnerabilities, or only ones that relate directly to email? Clearly there are concerns about email coming from open relays, and from open proxies. The degree of scanning could easily cross the line from warranted to abusive, and potentially illegal.> > For the past 15 months, NJABL has reactively tested systems that have > > connected to participating SMTP servers to see if those systems are open > > relays. ... > > > > We do not consider what NJABL does abuse, ... Jon, If "they" are indeed only testing systems who connect to them, it's not abuse, and I would not have complained. However, they scanned every address in every netblock I own, looking for SMTP servers. That was abuse, that was illegal in California, and I was shocked that you "allowed" "them" to behave that way. Hopefully my inference is correct and "they" are now scanning only the hosts which connect to participating SMTP servers. Scanning machines "in the neighborhood" sure seems far over the line. This is further complicated by the difficulty in determining the size of the "neighborhood" (read: netblock assigned to a customer). While we would all like to find some solution to the spam problem before email is rendered useless, measures which themselves threaten the network with denial of service attacks and other measures can be considered just as damaging.
|