rfc2635.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                    S. Hambridge
Request for Comments: 2635                                      INTEL
FYI: 35                                                      A. Lunde
Category: Informational                       Northwestern University
                                                            June 1999


                               DON'T SPEW
                A Set of Guidelines for Mass Unsolicited
                     Mailings and Postings (spam*)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document explains why mass unsolicited electronic mail messages
   are harmful in the Internetworking community.  It gives a set of
   guidelines for dealing with unsolicited mail for users, for system
   administrators, news administrators, and mailing list managers.  It
   also makes suggestions Internet Service Providers might follow.

1.  Introduction

   The Internet's origins in the Research and Education communities
   played an important role in the foundation and formation of Internet
   culture.  This culture defined rules for network etiquette
   (netiquette) and communication based on the Internet's being
   relatively off-limits to commercial enterprise.

   This all changed when U.S. Government was no longer the primary
   funding body for the U.S. Internet, when the Internet truly went
   global, and when all commercial enterprises were allowed to join what
   had been strictly research networks.  Internet culture had become
   deeply embedded in the protocols the network used.  Although the
   social context has changed, the technical limits of the Internet
   protocols still require a person to enforce certain limits on
   resource usage for the 'Net to function effectively.  Strong
   authentication was not built into the News and Mail protocols.  The
   only thing that is saving the Internet from congestion collapse is
   the voluntary inclusion of TCP backoff in almost all of the TCP/IP



Hambridge & Lunde            Informational                      [Page 1]

RFC 2635                       DON'T SPEW                      June 1999


   driver code on the Internet.  There is no end-to-end cost accounting
   and/or cost recovery.  Bandwidth is shared among all traffic without
   resource reservation (although this is changing).

   Unfortunately for all of us, the culture so carefully nurtured
   through the early years of the Internet was not fully transferred to
   all those new entities hooking into the bandwidth.  Many of those
   entities believe they have found a paradise of thousands of potential
   customers each of whom is desperate to learn about stunning new
   business opportunities.  Alternatively, some of the new netizens
   believe all people should at least hear about the one true religion
   or political party or process.  And some of them know that almost no
   one wants to hear their message but just can't resist how inexpensive
   the net can be to use.  While there may be thousands of folks
   desperate for any potential message, mass mailings or Netnews
   postings are not at all appropriate on the 'Net.

   This document explains why mass unsolicited email and Netnews posting
   (aka spam) is bad, what to do if you get it, what webmasters,
   postmasters, and news admins can do about it, and how an Internet
   Service Provider might respond to it.

2.  What is Spam*?

   The term "spam" as it is used to denote mass unsolicited mailings or
   netnews postings is derived from a Monty Python sketch set in a
   movie/tv studio cafeteria.  During that sketch, the word "spam" takes
   over each item offered on the menu until the entire dialogue consists
   of nothing but "spam spam spam spam spam spam and spam."  This so
   closely resembles what happens when mass unsolicited mail and posts
   take over mailing lists and netnews groups that the term has been
   pushed into common usage in the Internet community.

   When unsolicited mail is sent to a mailing list and/or news group it
   frequently generates more hate mail to the list or group or apparent
   sender by people who do not realize the true source of the message.
   If the mailing contains suggestions for removing your name from a
   mailing list, 10s to 100s of people will respond to the list with
   "remove" messages meant for the originator.  So, the original message
   (spam) creates more unwanted mail (spam spam spam spam), which
   generates more unwanted mail (spam spam spam spam spam spam and
   spam).  Similar occurrences are perpetrated in newsgroups, but this
   is held somewhat in check by "cancelbots" (programs which cancel
   postings) triggered by mass posting.  Recently, cancelbots have grown
   less in favor with those administering News servers since the
   cancelbots are now generating the same amount of traffic as spam.
   Even News admins are beginning to use filters, demonstrating that
   spam spam spam spam spam spam and spam is a monumental problem.



Hambridge & Lunde            Informational                      [Page 2]

RFC 2635                       DON'T SPEW                      June 1999


3.  Why Mass Mailing is Bad

   In the world of paper mail we're all used to receiving unsolicited
   circulars, advertisements, and catalogs.  Generally we don't object
   to this - we look at what we find of interest, and we discard/recycle
   the rest.  Why should receiving unsolicited email be any different?

   The answer is that the cost model is different.  In the paper world,
   the cost of mailing is borne by the sender.  The sender must pay for
   the privilege of creating the ad and the cost of mailing it to the
   recipient.  An average paper commercial mailing in the U.S.  ends up
   costing about $1.00 per addressee.  In the world of electronic
   communications, the recipient bears the majority of the cost.  Yes,
   the sender still has to compose the message and the sender has to pay
   for Internet connectivity.  However, the recipient ALSO has to pay
   for Internet connectivity and possibly also connect time charges and
   for disk space. For electronic mailings the recipient is expected to
   help share the cost of the mailing.  Bulk Internet mail from the U.S.
   ends up costing the sender only about 1/100th of a cent per address;
   or FOUR ORDERS of magnitude LESS than bulk paper mailings!

   Of course, this cost model is very popular with those looking for
   cheap methods to get their message out.  By the same token, it's very
   unpopular with people who have to pay for their messages just to find
   that their mailbox is full of junk mail.  Neither do they appreciate
   being forced to spend time learning how to filter out unwanted
   messages.  Consider this: if you had to pay for receiving paper mail
   would you pay for junk mail?

   Another consideration is that the increase in volume of spam will
   have an impact on the viability of electronic mail as a
   communications medium.  If, when you went to your postal mail box you
   found four crates of mail, would you be willing to search through the
   crates for the one or two pieces of mail which were not advertising?
   Spam has a tremendous potential to create this scenario in the
   electronic world.

   Frequently spammers indulge in unethical behavior such as using mail
   servers which allow mail to be relayed to send huge amounts of
   electronic solicitations.  Or they forge their headers to make it
   look as if the mail originates from a different domain.  These people
   don't care that they're intruding into a personal or business mailbox
   nor do they care that they are using other people's resources without
   compensating them.

   The huge cost difference has other bad effects.  Since even a very
   cheap paper mailing is going to cost tens of (U.S.) cents there is a
   real incentive to send only to those really likely to be interested.



Hambridge & Lunde            Informational                      [Page 3]

RFC 2635                       DON'T SPEW                      June 1999


   So paper bulk mailers frequently pay a premium to get high quality
   mailing lists, carefully prune out bad addresses and pay for services
   to update old addresses.  Bulk email is so cheap that hardly anyone
   sending it bothers to do any of this.  As a result, the chance that
   the receiver is actually interested in the mail is very, very, very
   low.

   As of the date of this document, it is a daily event on the Internet
   for a mail service to melt-down due to an overload of spam.  Every
   few months this happens to a large/major/regional/
   national/international service provider resulting in denial of or
   severe degradation of service to hundreds of thousands of users.
   Such service degradations usually prompt the providers to spend
   hundreds of thousands of dollars upgrading their mail service
   equipment just because of the volume of spam.  Service providers pass
   those costs on to customers.

   Doesn't the U.S. Constitution guarantee the ability to say whatever
   one likes?  First, the U.S. Constitution is law only in the U.S., and
   the Internet is global.  There are places your mail will reach where
   free speech is not a given.  Second, the U.S. Constitution does NOT
   guarantee one the right to say whatever one likes.  In general, the
   U.S. Constitution refers to political freedom of speech and not to
   commercial freedom of speech. Finally, and most importantly, the U.S.
   Constitution DOES NOT guarantee the right to seize the private
   property of others in order to broadcast your speech.  The Internet
   consists of a vast number of privately owned networks in voluntary
   cooperation.  There are laws which govern other areas of electronic
   communication, namely the "junk fax" laws.  Although these have yet
   to be applied to electronic mail they are still an example of the
   "curbing" of "free speech."  Free speech does not, in general,
   require other people to spend their money and resources to deliver or
   accept your message.

   Most responsible Internet citizens have come to regard unsolicited
   mail/posts as "theft of service".  Since the recipient must pay for
   the service and for the most part the mail/posts are advertisements
   of unsolicited "stuff" (products, services, information) those
   receiving it believe that the practice of making the recipient pay
   constitutes theft.

   The crux of sending large amounts of unsolicited mail and news is not
   a legal issue so much as an ethical one.  If you are tempted to send
   unsolicited "information" ask yourself these questions: "Whose
   resources is this using?"  "Did they consent in advance?"  "What
   would happen if everybody (or a very large number of people) did
   this?" "How would you feel if 90% of the mail you received was
   advertisements for stuff you didn't want?" "How would you feel if 95%



Hambridge & Lunde            Informational                      [Page 4]

RFC 2635                       DON'T SPEW                      June 1999


   of the mail you received was advertisements for stuff you didn't
   want?"  "How would you feel if 99% of the mail you received was
   advertisements for stuff you didn't want?"

   Although numbers on the volume and rate of increase of spam are not
   easy to find, seat-of-the-pants estimates from the people on spam
   discussion mailing lists [1] indicate that unsolicited mail/posts
   seems to be following the same path of exponential growth as the
   Internet as a whole [2].  This is NOT encouraging, as this kind of
   increase puts a strain on servers, connections, routers, and the
   bandwidth of the Internet as a whole.  On a per person basis,
   unsolicited mail is also on the increase, and individuals also have
   to bear the increasing cost of increasing numbers of unsolicited and
   unwanted mail.  People interested in hard numbers may want to point
   their web browsers to
   http://www.techweb.com/se/directlink.cgi?INW19980504S0003 where
   Internet Week reports what spam costs.


   Finally, sending large volumes of unsolicited email or posting
   voluminous numbers of Netnews postings is just plain rude.  Consider
   the following analogy: Suppose you discovered a large party going on
   in a house on your block.  Uninvited, you appear, then join each
   group in conversation, force your way in, SHOUT YOUR OPINION (with a
   megaphone) of whatever you happen to be thinking about at the time,
   drown out all other conversation, then scream "discrimination" when
   folks tell you you're being rude.

   To continue the party analogy, suppose instead of forcing your way
   into each group you stood on the outskirts a while and listened to
   the conversation.  Then you gradually began to add comments relevant
   to the discussion.  Then you began to tell people your opinion of the
   issues they were discussing; they would probably be less inclined to
   look badly on your intrusion.  Note that you are still intruding.
   And that it would still be considered rude to offer to sell products
   or services to the guests even if the products and services were
   relevant to the discussion.  You are in the wrong venue and you need
   to find the right one.

   Lots of spammers act as if their behavior can be forgiven by
   beginning their messages with an apology, or by personalizing their
   messages with the recipient's real name, or by using a number of
   ingratiating techniques.  But much like the techniques used by Uriah
   Heep in Dickens' _David Copperfield_, these usually have an effect
   opposite to the one intended.  Poor excuses ("It's not illegal,"
   "This will be the only message you receive," "This is an ad," "It's
   easy to REMOVE yourself from our list") are still excuses.  Moreover,
   they are likely to make the recipient MORE aggravated rather than



Hambridge & Lunde            Informational                      [Page 5]

RFC 2635                       DON'T SPEW                      June 1999


   less aggravated.

   In particular, there are two very severe problems with believing that
   a "remove" feature to stop future mail helps: (1) Careful tests have
   been done with sending remove requests for "virgin" email accounts
   (that have never been used anywhere else).  In over 80% of the cases,
   this resulted in a deluge of unsolicited email, although usually from
   other sources than the one the remove was sent to.  In other words,
   if you don't like unsolicited mail, you should think carefully before
   using a remove feature because the evidence is that it will result in
   more mail not less.  (2) Even if it did work, it would not stop lots
   of new unsolicited email every day from new businesses that hadn't
   mailed before.

4a. ACK!  I've Been Spammed - Now What?

   It's unpleasant to receive mail which you do not want.  It's even
   more unpleasant if you're paying for connect time to download it.
   And it's really unpleasant to receive mail on topics which you find
   offensive.  Now that you're good and mad, what's an appropriate
   response?

   First, you always have the option to delete it and get on with your
   life.  This is the easiest and safest response.  It does not
   guarantee you won't get more of the same in the future, but it does
   take care of the current problem.  Also, if you do not read your mail
   on a regular basis it is possible that your complaint is much too
   late to do any good.

   Second, consider strategies that take advantage of screening
   technology.  You might investigate technologies that allow you to
   filter unwanted mail before you see it.  Some software allows you to
   scan subject lines and delete unwanted messages before you download
   them.  Other programs can be configured to download portions of
   messages, check them to see if they are advertising (for example) and
   delete them before the whole message is downloaded.

   Also, your organization or your local Internet Service Provider may
   have the ability to block unwanted mail at their mail relay machines
   and thus spare you the hassle of dealing with it at all.  It is worth
   inquiring about this possibility if you are the victim of frequent
   spam.

   Your personal mailer software may allow you to write rules defining
   what you do and do not wish to read.  If so, write a rule which sends
   mail from the originator of the unwanted mail to the trash.  This
   will work if one sender or site repeatedly bothers you.  You may also
   consider writing other rules based on other headers if you are sure



Hambridge & Lunde            Informational                      [Page 6]