📄 rfc2635.txt
字号:
RFC 2635 DON'T SPEW June 1999
the probability of them being activated for non-spam is low enough.
That way, although you may still have to pay to download it, you
won't have to read it!
Third, you may consider sending the mail back to the originator
objecting to your being on the mailing-list; however, we recommend
against this. First, a lot of spammers disguise who they are and
where their mail comes from by forging the mail headers. Unless you
are very experienced at reading headers discovering the true origin
of the mail will probably prove difficult. Although you can engage
your local support staff to help you with this, they may have much
higher priorities (such as setting up site-wide filters to prevent
spam from entering the site). Second, responding to this email will
simply verify your address as valid and make your address more
valuable for other (ab)uses (as was mentioned above in Section 3).
Third, even if the two previous things do not happen, very probably
your mail will be directed to the computer equivalent of a black hole
(the bit-bucket).
As of the writing of this document, there are several pieces of
pending legislation in several jurisdictions about the sending of
unsolicited mail and also about forging headers. If forging of
headers should become illegal, then responding to the sender is less
risky and may be useful.
Certainly we advocate communicating to the originator (as best as you
can tell) to let them know you will NOT be buying any products from
them as you object to the method they have chosen to conduct their
business (aka spam). Most responses through media other than
electronic mail (mostly by those who take the time to phone included
"800" (free to calling party in the U.S.) phone numbers) have proved
somewhat effective. You can also call the business the advertisement
is for, ask to speak to someone in authority, and then tell them you
will never buy their products or use their services because their
advertising mechanism is spam.
Next, you can carbon copy or forward the questionable mail messages
or news postings to your postmaster. You can do this by sending mail
"To: Postmaster@your-site.example." Your postmaster should be an
expert at reading mail headers and will be able to tell if the
originating address is forged. He or she may be able to pinpoint the
real culprit and help close down the site. If your postmaster wants
to know about unsolicited mail, be sure s/he gets a copy, including
headers. You will need to find out the local policy and comply.
Hambridge & Lunde Informational [Page 7]
RFC 2635 DON'T SPEW June 1999
*** IMPORTANT ***
Wherever you send a complaint, be sure to include the full headers
(most mail and news programs don't display the full headers by
default). For mail it is especially important to show the
"Received:" headers. For Usenet news, it is the "Path:" header.
These normally show the route by which the mail or news was
delivered. Without them, it's impossible to even begin to tell where
the message originated. See the appendix for an example of a mail
header.
There is lively and ongoing debate about the validity of changing
one's email address in a Web Browser in order to have Netnews posts
and email look as if it is originating from some spot other than
where it does originate. The reasoning behind this is that web email
address harvesters will not be getting a real address when it
encounters these. There is reason on both sides of this debate: If
you change your address, you will not be as visible to the
harvesters, but if you change your address, real people who need to
contact you will be cut off as well. Also, if you are using the
Internet through an organization such as a company, the company may
have policies about "forging" addresses - even your own! Most people
agree that the consequences of changing your email address on your
browser or even in your mail headers is fairly dangerous and will
nearly guarantee your mail goes into a black hole unless you are very
sure you know what you are doing.
Finally, DO NOT respond by sending back large volumes of unsolicited
mail. Two wrongs do not make a right; do not become your enemy; and
take it easy on the network. While the legal status of spam is
uncertain, the legal status (at least in the U.S.) of a "mail bomb"
(large numbers and/or sizes of messages to the site with the intent
of disabling or injuring the site) is pretty clear: it is criminal.
There is a web site called "www.abuse.net" which allows you to
register, then send your message to the name of the "offending-
domain@abuse.net," which will re-mail your message to the best
reporting address for the offending domain. The site contains good
tips for reporting abuse netnews or email messages. It also has some
automated tools that you may download to help you filter your
messages. Also check CIAC bulletin I-005 at:
http://ciac.llnl.gov/ciac/bulletins/i-005c.shtml
or at:
http://spam.abuse.net/spam/tools/mailblock.html.
Hambridge & Lunde Informational [Page 8]
RFC 2635 DON'T SPEW June 1999
Check the Appendix for a detailed explanation of tools and
methodology to use when trying to chase down a spammer.
4b. There's a Spam in My Group!
Netnews is also subject to spamming. Here several factors help to
mitigate against the propagation of spam in news, although they don't
entirely solve the problem. Newsgroups and mailing lists may be
moderated, which means that a moderator approves all mail/posts. If
this is the case, the moderator usually acts as a filter to remove
unwanted and off-topic posts/mail.
In Netnews there are programs which detect posts which have been sent
to multiple groups or which detect multiple posts from the same
source to one group. These programs cancel the posts. While these
work and keep unsolicited posts down, they are not 100% effective and
spam in newsgroups seems to be growing at an even faster rate than
spam in mail or on mailing lists. After all, it's much easier to
post to a newsgroup for which there are thousands of readers than it
is to find individual email addresses for all those folks. Hence the
development of the "cancelbots" (sometimes called "cancelmoose") for
Netnews groups. Cancelbots are triggered when one message is sent to
a large number of newsgroups or when many small messages are sent
(from one sender) to the same newsgroup. In general these are tuned
to the "Breidbart Index" [3] which is a somewhat fuzzy measure of the
interactions of the number of posts and number of groups. This is
fuzzy purposefully, so that people will not post a number of messages
just under the index and still "get away with it." And as noted
above, the cancel messages have reached such a volume now that a lot
of News administrators are beginning to write filters rather than
send cancels. Still spam gets through, so what can a concerned
netizen do?
If there is a group moderator, make sure s/he knows that off-topic
posts are slipping into the group. If there is no moderator, you
could take the same steps for dealing with news as are recommended
for mail with all the same caveats.
A reasonable printed reference one might obtain has been published by
O'Reilly and Associates, _Stopping Spam_, by Alan Schwartz and Simson
Garfinkel [4]. This book also has interesting histories of spammers
such as Cantor and Siegel, and Jeff Slaton. It gives fairly clear
instructions for filtering mail and news.
Hambridge & Lunde Informational [Page 9]
RFC 2635 DON'T SPEW June 1999
5. Help for Beleaguered Admins
As a system administrator, news administrator, local Postmaster, or
mailing-list administrator, your users will come to you for help in
dealing with unwanted mail and posts. First, find out what your
institution's policy is regarding unwanted/unsolicited mail. It is
possible that it won't do anything for you, but it is also possible
to use it to justify blocking a domain which is sending particularly
offensive mail to your users. If you don't have a clear policy, it
would be really useful to create one. If you are a mailing-list
administrator, make sure your mailing-list charter forbids off-topic
posts. If your internal-only newsgroups are getting spammed from the
outside of your institution, you probably have bigger security
problems than just spam.
Make sure that your mail and news transports are configured to reject
messages injected by parties outside your domain. Recently
misconfigured Netnews servers have become subject to hijacking by
spammers. SMTP source routing <@relay.host:user@dest.host> is
becoming deprecated due to its overwhelming abuse by spammers. You
should configure your mail transport to reject relayed messages (when
neither the sender nor the recipient are within your domain). Check:
http://www.sendmail.org/
under the "Anti-Spam" heading.
If you run a firewall at your site, it can be configured in ways to
discourage spam. For example, if your firewall is a gateway host
that itself contains an NNTP server, ensure that it is configured so
it does not allow access from external sites except your news feeds.
If your firewall acts as a proxy for an external news-server, ensure
that it does not accept NNTP connections other than from your
internal network. Both these potential holes have recently been
exploited by spammers. Ensure that email messages generated within
your domain have proper identity information in the headers, and that
users cannot forge headers. Be sure your headers have all the
correct information as stipulated by RFC 822 [5] and RFC 1123 [6].
If you are running a mailing-list, allowing postings only by
subscribers means a spammer would actually have to join your list
before sending spam messages, which is unlikely. Make sure your
charter forbids any off-topic posts. There is another spam-related
problem with mailing-lists which is that spammers like to retaliate
on those who work against them by mass-subscribing their enemies to
mailing-lists. Your mailing-list software should require
confirmation of the subscription, and only then should the address be
subscribed.
Hambridge & Lunde Informational [Page 10]
RFC 2635 DON'T SPEW June 1999
It is possible, if you are running a mail transfer agent that allows
it, to block persistant offending sites from ever getting mail into
your site. However, careful consideration should be taken before
taking that step. For example, be careful not to block out sites for
which you run MX records! In the long run, it may be most useful to
help your users learn enough about their mailers so that they can
write rules to filter their own mail, or provide rules and kill files
for them to use, if they so choose.
There is information about how to configure sendmail available at
"www.sendmail.org." Help is also available at "spam.abuse.net."
Another good strategy is to use Internet tools such as whois and
traceroute to find which ISP is serving your problem site. Notify
the postmaster or abuse (abuse@offending-domain.example) address that
they have an offender. Be sure to pass on all header information in
your messages to help them with tracking down the offender. If they
have a policy against using their service to post unsolicited mail
they will need more than just your say-so that there is a problem.
Also, the "originating" site may be a victim of the offender as well.
It's not unknown for those sending this kind of mail to bounce their
mail through dial-up accounts, or off unprotected mail servers at
other sites. Use caution and courtesy in your approach to those who
look like the offender.
News spammers use similar techniques for sending spam to the groups.
They have been known to forge headers and bounce posts off "open"
news machines and remailers to cover their tracks. During the height
of the infamous David Rhodes "Make Money Fast" posts, it was not
unheard of for students to walk away from terminals which were logged
in, and for sneaky folks to then use their accounts to forge posts,
much to the later embarrassment of both the student and the
institution.
One way to lessen problems is to avoid using mail-to URLs on your web
pages. They allow email addresses to be easily harvested by those
institutions grabbing email addresses off the web. If you need to
have an email address prevalent on a web page, consider using a cgi
script to generate the mailto address.
Participate in mailing lists and news groups which discuss
unsolicited mail/posts and the problems associated with it.
News.admin.net-abuse.misc is probably the most well-known of these.
Hambridge & Lunde Informational [Page 11]
RFC 2635 DON'T SPEW June 1999
6. What's an ISP to Do
As an Internet Service Provider, you first and foremost should decide
what your stance against unsolicited mail and posts will be. If you
decide not to tolerate unsolicited mail, write a clear Acceptable Use
Policy which states your position and delineates consequences for
abuse. If you state that you will not tolerate use of your resource
for unsolicited mail/posts, and that the consequence will be loss of
service, you should be able to cancel offending accounts relatively
quickly (after verifying that the account really IS being mis-used).
If you have downstreaming arrangements with other providers, you
should make sure they are aware of any policy you set. Likewise, you
should be aware of your upstream providers' policies.
Consider limiting access for dialup accounts so they cannot be used
by those who spew. Make sure your mail servers aren't open for mail
to be bounced off them (except for legitimate users). Make sure your
mail transfer agents are the most up-to-date version (which pass
security audits) of the software.
Educate your users about how to react to spew and spewers. Make sure
instructions for writing rules for mailers are clear and available.
Support their efforts to deal with unwanted mail at the local level -
taking some of the burden from your system administrators.
Make sure you have an address for abuse complaints. If complainers
can routinely send mail to "abuse@BigISP.example" and you have
someone assigned to read that mail, workflow will be much smoother.
Don't require people complaining about spam to use some unique local
address for complaints. Read and use 'postmaster' and 'abuse'. We
recommend adherence to RFC 2142, _Mailbox Names for Common Services,
Roles and Functions._ [7].
Finally, write your contracts and terms and conditions in such
language that allows you to suspend service for offenders, and so
that you can impose a charge on them for your costs in handling the
complaints their abuse generates and/or terminating their account and
cleaning up the mess they make. Some large ISPs have found that they
can fund much of their abuse prevention staff by imposing such
charges. Make sure all your customers sign the agreement before
their accounts are activated. There is a list of "good" Acceptable
Use Policies and Terms of Service at:
http://spam.abuse.net/goodsites/index.html.
Legally, you may be able to stop spammers and spam relayers, but this
is certainly dependent on the jurisdictions involved. Potentially,
the passing of spam via third party computers, especially if the
Hambridge & Lunde Informational [Page 12]
RFC 2635 DON'T SPEW June 1999
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -