📄 rfc2635.txt
字号:
Network Working Group S. Hambridge
Request for Comments: 2635 INTEL
FYI: 35 A. Lunde
Category: Informational Northwestern University
June 1999
DON'T SPEW
A Set of Guidelines for Mass Unsolicited
Mailings and Postings (spam*)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document explains why mass unsolicited electronic mail messages
are harmful in the Internetworking community. It gives a set of
guidelines for dealing with unsolicited mail for users, for system
administrators, news administrators, and mailing list managers. It
also makes suggestions Internet Service Providers might follow.
1. Introduction
The Internet's origins in the Research and Education communities
played an important role in the foundation and formation of Internet
culture. This culture defined rules for network etiquette
(netiquette) and communication based on the Internet's being
relatively off-limits to commercial enterprise.
This all changed when U.S. Government was no longer the primary
funding body for the U.S. Internet, when the Internet truly went
global, and when all commercial enterprises were allowed to join what
had been strictly research networks. Internet culture had become
deeply embedded in the protocols the network used. Although the
social context has changed, the technical limits of the Internet
protocols still require a person to enforce certain limits on
resource usage for the 'Net to function effectively. Strong
authentication was not built into the News and Mail protocols. The
only thing that is saving the Internet from congestion collapse is
the voluntary inclusion of TCP backoff in almost all of the TCP/IP
Hambridge & Lunde Informational [Page 1]
RFC 2635 DON'T SPEW June 1999
driver code on the Internet. There is no end-to-end cost accounting
and/or cost recovery. Bandwidth is shared among all traffic without
resource reservation (although this is changing).
Unfortunately for all of us, the culture so carefully nurtured
through the early years of the Internet was not fully transferred to
all those new entities hooking into the bandwidth. Many of those
entities believe they have found a paradise of thousands of potential
customers each of whom is desperate to learn about stunning new
business opportunities. Alternatively, some of the new netizens
believe all people should at least hear about the one true religion
or political party or process. And some of them know that almost no
one wants to hear their message but just can't resist how inexpensive
the net can be to use. While there may be thousands of folks
desperate for any potential message, mass mailings or Netnews
postings are not at all appropriate on the 'Net.
This document explains why mass unsolicited email and Netnews posting
(aka spam) is bad, what to do if you get it, what webmasters,
postmasters, and news admins can do about it, and how an Internet
Service Provider might respond to it.
2. What is Spam*?
The term "spam" as it is used to denote mass unsolicited mailings or
netnews postings is derived from a Monty Python sketch set in a
movie/tv studio cafeteria. During that sketch, the word "spam" takes
over each item offered on the menu until the entire dialogue consists
of nothing but "spam spam spam spam spam spam and spam." This so
closely resembles what happens when mass unsolicited mail and posts
take over mailing lists and netnews groups that the term has been
pushed into common usage in the Internet community.
When unsolicited mail is sent to a mailing list and/or news group it
frequently generates more hate mail to the list or group or apparent
sender by people who do not realize the true source of the message.
If the mailing contains suggestions for removing your name from a
mailing list, 10s to 100s of people will respond to the list with
"remove" messages meant for the originator. So, the original message
(spam) creates more unwanted mail (spam spam spam spam), which
generates more unwanted mail (spam spam spam spam spam spam and
spam). Similar occurrences are perpetrated in newsgroups, but this
is held somewhat in check by "cancelbots" (programs which cancel
postings) triggered by mass posting. Recently, cancelbots have grown
less in favor with those administering News servers since the
cancelbots are now generating the same amount of traffic as spam.
Even News admins are beginning to use filters, demonstrating that
spam spam spam spam spam spam and spam is a monumental problem.
Hambridge & Lunde Informational [Page 2]
RFC 2635 DON'T SPEW June 1999
3. Why Mass Mailing is Bad
In the world of paper mail we're all used to receiving unsolicited
circulars, advertisements, and catalogs. Generally we don't object
to this - we look at what we find of interest, and we discard/recycle
the rest. Why should receiving unsolicited email be any different?
The answer is that the cost model is different. In the paper world,
the cost of mailing is borne by the sender. The sender must pay for
the privilege of creating the ad and the cost of mailing it to the
recipient. An average paper commercial mailing in the U.S. ends up
costing about $1.00 per addressee. In the world of electronic
communications, the recipient bears the majority of the cost. Yes,
the sender still has to compose the message and the sender has to pay
for Internet connectivity. However, the recipient ALSO has to pay
for Internet connectivity and possibly also connect time charges and
for disk space. For electronic mailings the recipient is expected to
help share the cost of the mailing. Bulk Internet mail from the U.S.
ends up costing the sender only about 1/100th of a cent per address;
or FOUR ORDERS of magnitude LESS than bulk paper mailings!
Of course, this cost model is very popular with those looking for
cheap methods to get their message out. By the same token, it's very
unpopular with people who have to pay for their messages just to find
that their mailbox is full of junk mail. Neither do they appreciate
being forced to spend time learning how to filter out unwanted
messages. Consider this: if you had to pay for receiving paper mail
would you pay for junk mail?
Another consideration is that the increase in volume of spam will
have an impact on the viability of electronic mail as a
communications medium. If, when you went to your postal mail box you
found four crates of mail, would you be willing to search through the
crates for the one or two pieces of mail which were not advertising?
Spam has a tremendous potential to create this scenario in the
electronic world.
Frequently spammers indulge in unethical behavior such as using mail
servers which allow mail to be relayed to send huge amounts of
electronic solicitations. Or they forge their headers to make it
look as if the mail originates from a different domain. These people
don't care that they're intruding into a personal or business mailbox
nor do they care that they are using other people's resources without
compensating them.
The huge cost difference has other bad effects. Since even a very
cheap paper mailing is going to cost tens of (U.S.) cents there is a
real incentive to send only to those really likely to be interested.
Hambridge & Lunde Informational [Page 3]
RFC 2635 DON'T SPEW June 1999
So paper bulk mailers frequently pay a premium to get high quality
mailing lists, carefully prune out bad addresses and pay for services
to update old addresses. Bulk email is so cheap that hardly anyone
sending it bothers to do any of this. As a result, the chance that
the receiver is actually interested in the mail is very, very, very
low.
As of the date of this document, it is a daily event on the Internet
for a mail service to melt-down due to an overload of spam. Every
few months this happens to a large/major/regional/
national/international service provider resulting in denial of or
severe degradation of service to hundreds of thousands of users.
Such service degradations usually prompt the providers to spend
hundreds of thousands of dollars upgrading their mail service
equipment just because of the volume of spam. Service providers pass
those costs on to customers.
Doesn't the U.S. Constitution guarantee the ability to say whatever
one likes? First, the U.S. Constitution is law only in the U.S., and
the Internet is global. There are places your mail will reach where
free speech is not a given. Second, the U.S. Constitution does NOT
guarantee one the right to say whatever one likes. In general, the
U.S. Constitution refers to political freedom of speech and not to
commercial freedom of speech. Finally, and most importantly, the U.S.
Constitution DOES NOT guarantee the right to seize the private
property of others in order to broadcast your speech. The Internet
consists of a vast number of privately owned networks in voluntary
cooperation. There are laws which govern other areas of electronic
communication, namely the "junk fax" laws. Although these have yet
to be applied to electronic mail they are still an example of the
"curbing" of "free speech." Free speech does not, in general,
require other people to spend their money and resources to deliver or
accept your message.
Most responsible Internet citizens have come to regard unsolicited
mail/posts as "theft of service". Since the recipient must pay for
the service and for the most part the mail/posts are advertisements
of unsolicited "stuff" (products, services, information) those
receiving it believe that the practice of making the recipient pay
constitutes theft.
The crux of sending large amounts of unsolicited mail and news is not
a legal issue so much as an ethical one. If you are tempted to send
unsolicited "information" ask yourself these questions: "Whose
resources is this using?" "Did they consent in advance?" "What
would happen if everybody (or a very large number of people) did
this?" "How would you feel if 90% of the mail you received was
advertisements for stuff you didn't want?" "How would you feel if 95%
Hambridge & Lunde Informational [Page 4]
RFC 2635 DON'T SPEW June 1999
of the mail you received was advertisements for stuff you didn't
want?" "How would you feel if 99% of the mail you received was
advertisements for stuff you didn't want?"
Although numbers on the volume and rate of increase of spam are not
easy to find, seat-of-the-pants estimates from the people on spam
discussion mailing lists [1] indicate that unsolicited mail/posts
seems to be following the same path of exponential growth as the
Internet as a whole [2]. This is NOT encouraging, as this kind of
increase puts a strain on servers, connections, routers, and the
bandwidth of the Internet as a whole. On a per person basis,
unsolicited mail is also on the increase, and individuals also have
to bear the increasing cost of increasing numbers of unsolicited and
unwanted mail. People interested in hard numbers may want to point
their web browsers to
http://www.techweb.com/se/directlink.cgi?INW19980504S0003 where
Internet Week reports what spam costs.
Finally, sending large volumes of unsolicited email or posting
voluminous numbers of Netnews postings is just plain rude. Consider
the following analogy: Suppose you discovered a large party going on
in a house on your block. Uninvited, you appear, then join each
group in conversation, force your way in, SHOUT YOUR OPINION (with a
megaphone) of whatever you happen to be thinking about at the time,
drown out all other conversation, then scream "discrimination" when
folks tell you you're being rude.
To continue the party analogy, suppose instead of forcing your way
into each group you stood on the outskirts a while and listened to
the conversation. Then you gradually began to add comments relevant
to the discussion. Then you began to tell people your opinion of the
issues they were discussing; they would probably be less inclined to
look badly on your intrusion. Note that you are still intruding.
And that it would still be considered rude to offer to sell products
or services to the guests even if the products and services were
relevant to the discussion. You are in the wrong venue and you need
to find the right one.
Lots of spammers act as if their behavior can be forgiven by
beginning their messages with an apology, or by personalizing their
messages with the recipient's real name, or by using a number of
ingratiating techniques. But much like the techniques used by Uriah
Heep in Dickens' _David Copperfield_, these usually have an effect
opposite to the one intended. Poor excuses ("It's not illegal,"
"This will be the only message you receive," "This is an ad," "It's
easy to REMOVE yourself from our list") are still excuses. Moreover,
they are likely to make the recipient MORE aggravated rather than
Hambridge & Lunde Informational [Page 5]
RFC 2635 DON'T SPEW June 1999
less aggravated.
In particular, there are two very severe problems with believing that
a "remove" feature to stop future mail helps: (1) Careful tests have
been done with sending remove requests for "virgin" email accounts
(that have never been used anywhere else). In over 80% of the cases,
this resulted in a deluge of unsolicited email, although usually from
other sources than the one the remove was sent to. In other words,
if you don't like unsolicited mail, you should think carefully before
using a remove feature because the evidence is that it will result in
more mail not less. (2) Even if it did work, it would not stop lots
of new unsolicited email every day from new businesses that hadn't
mailed before.
4a. ACK! I've Been Spammed - Now What?
It's unpleasant to receive mail which you do not want. It's even
more unpleasant if you're paying for connect time to download it.
And it's really unpleasant to receive mail on topics which you find
offensive. Now that you're good and mad, what's an appropriate
response?
First, you always have the option to delete it and get on with your
life. This is the easiest and safest response. It does not
guarantee you won't get more of the same in the future, but it does
take care of the current problem. Also, if you do not read your mail
on a regular basis it is possible that your complaint is much too
late to do any good.
Second, consider strategies that take advantage of screening
technology. You might investigate technologies that allow you to
filter unwanted mail before you see it. Some software allows you to
scan subject lines and delete unwanted messages before you download
them. Other programs can be configured to download portions of
messages, check them to see if they are advertising (for example) and
delete them before the whole message is downloaded.
Also, your organization or your local Internet Service Provider may
have the ability to block unwanted mail at their mail relay machines
and thus spare you the hassle of dealing with it at all. It is worth
inquiring about this possibility if you are the victim of frequent
spam.
Your personal mailer software may allow you to write rules defining
what you do and do not wish to read. If so, write a rule which sends
mail from the originator of the unwanted mail to the trash. This
will work if one sender or site repeatedly bothers you. You may also
consider writing other rules based on other headers if you are sure
Hambridge & Lunde Informational [Page 6]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -