Home page logo

nanog logo nanog mailing list archives

Re: anti-spam vs network abuse
From: Daniel Senie <dts () senie com>
Date: Fri, 28 Feb 2003 13:23:34 -0500

At 12:56 PM 2/28/2003, Paul Vixie wrote:

> > For the past 15 months, NJABL has reactively tested systems that have
> > connected to participating SMTP servers to see if those systems are open
> > relays. ...
> >
> > We do not consider what NJABL does abuse, ...


If "they" are indeed only testing systems who connect to them, it's not
abuse, and I would not have complained.  However, they scanned every
address in every netblock I own, looking for SMTP servers.  That was
abuse, that was illegal in California, and I was shocked that you "allowed"
"them" to behave that way.  Hopefully my inference is correct and "they"
are now scanning only the hosts which connect to participating SMTP servers.

Paul raises good questions about the level of response to incoming SMTP traffic. If contacted for transmission of SMTP, do you have the right to go probe the sending system for all possible vulnerabilities, or only ones that relate directly to email? Clearly there are concerns about email coming from open relays, and from open proxies. The degree of scanning could easily cross the line from warranted to abusive, and potentially illegal.

Scanning machines "in the neighborhood" sure seems far over the line. This is further complicated by the difficulty in determining the size of the "neighborhood" (read: netblock assigned to a customer).

While we would all like to find some solution to the spam problem before email is rendered useless, measures which themselves threaten the network with denial of service attacks and other measures can be considered just as damaging.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]