rfc2635.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.


RFC 2635                       DON'T SPEW                      June 1999


   the probability of them being activated for non-spam is low enough.
   That way, although you may still have to pay to download it, you
   won't have to read it!

   Third, you may consider sending the mail back to the originator
   objecting to your being on the mailing-list; however, we recommend
   against this.  First, a lot of spammers disguise who they are and
   where their mail comes from by forging the mail headers.  Unless you
   are very experienced at reading headers discovering the true origin
   of the mail will probably prove difficult.  Although you can engage
   your local support staff to help you with this, they may have much
   higher priorities (such as setting up site-wide filters to prevent
   spam from entering the site).  Second, responding to this email will
   simply verify your address as valid and make your address more
   valuable for other (ab)uses (as was mentioned above in Section 3).
   Third, even if the two previous things do not happen, very probably
   your mail will be directed to the computer equivalent of a black hole
   (the bit-bucket).

   As of the writing of this document, there are several pieces of
   pending legislation in several jurisdictions about the sending of
   unsolicited mail and also about forging headers.  If forging of
   headers should become illegal, then responding to the sender is less
   risky and may be useful.

   Certainly we advocate communicating to the originator (as best as you
   can tell) to let them know you will NOT be buying any products from
   them as you object to the method they have chosen to conduct their
   business (aka spam).  Most responses through media other than
   electronic mail (mostly by those who take the time to phone included
   "800" (free to calling party in the U.S.) phone numbers) have proved
   somewhat effective.  You can also call the business the advertisement
   is for, ask to speak to someone in authority, and then tell them you
   will never buy their products or use their services because their
   advertising mechanism is spam.

   Next, you can carbon copy or forward the questionable mail messages
   or news postings to your postmaster.  You can do this by sending mail
   "To: Postmaster@your-site.example."  Your postmaster should be an
   expert at reading mail headers and will be able to tell if the
   originating address is forged.  He or she may be able to pinpoint the
   real culprit and help close down the site.  If your postmaster wants
   to know about unsolicited mail, be sure s/he gets a copy, including
   headers.  You will need to find out the local policy and comply.







Hambridge & Lunde            Informational                      [Page 7]

RFC 2635                       DON'T SPEW                      June 1999


                             *** IMPORTANT ***

   Wherever you send a complaint, be sure to include the full headers
   (most mail and news programs don't display the full headers by
   default).  For mail it is especially important to show the
   "Received:" headers.  For Usenet news, it is the "Path:" header.
   These normally show the route by which the mail or news was
   delivered.  Without them, it's impossible to even begin to tell where
   the message originated.  See the appendix for an example of a mail
   header.

   There is lively and ongoing debate about the validity of changing
   one's email address in a Web Browser in order to have Netnews posts
   and email look as if it is originating from some spot other than
   where it does originate.  The reasoning behind this is that web email
   address harvesters will not be getting a real address when it
   encounters these.  There is reason on both sides of this debate: If
   you change your address, you will not be as visible to the
   harvesters, but if you change your address, real people who need to
   contact you will be cut off as well.  Also, if you are using the
   Internet through an organization such as a company, the company may
   have policies about "forging" addresses - even your own!  Most people
   agree that the consequences of changing your email address on your
   browser or even in your mail headers is fairly dangerous and will
   nearly guarantee your mail goes into a black hole unless you are very
   sure you know what you are doing.

   Finally, DO NOT respond by sending back large volumes of unsolicited
   mail.  Two wrongs do not make a right; do not become your enemy; and
   take it easy on the network.  While the legal status of spam is
   uncertain, the legal status (at least in the U.S.) of a "mail bomb"
   (large numbers and/or sizes of messages to the site with the intent
   of disabling or injuring the site) is pretty clear: it is criminal.

   There is a web site called "www.abuse.net" which allows you to
   register, then send your message to the name of the "offending-
   domain@abuse.net," which will re-mail your message to the best
   reporting address for the offending domain.  The site contains good
   tips for reporting abuse netnews or email messages.  It also has some
   automated tools that you may download to help you filter your
   messages.  Also check CIAC bulletin I-005 at:

      http://ciac.llnl.gov/ciac/bulletins/i-005c.shtml

   or at:

      http://spam.abuse.net/spam/tools/mailblock.html.




Hambridge & Lunde            Informational                      [Page 8]

RFC 2635                       DON'T SPEW                      June 1999


   Check the Appendix for a detailed explanation of tools and
   methodology to use when trying to chase down a spammer.

4b. There's a Spam in My Group!

   Netnews is also subject to spamming.  Here several factors help to
   mitigate against the propagation of spam in news, although they don't
   entirely solve the problem.  Newsgroups and mailing lists may be
   moderated, which means that a moderator approves all mail/posts.  If
   this is the case, the moderator usually acts as a filter to remove
   unwanted and off-topic posts/mail.

   In Netnews there are programs which detect posts which have been sent
   to multiple groups or which detect multiple posts from the same
   source to one group.  These programs cancel the posts.  While these
   work and keep unsolicited posts down, they are not 100% effective and
   spam in newsgroups seems to be growing at an even faster rate than
   spam in mail or on mailing lists.  After all, it's much easier to
   post to a newsgroup for which there are thousands of readers than it
   is to find individual email addresses for all those folks.  Hence the
   development of the "cancelbots" (sometimes called "cancelmoose") for
   Netnews groups.  Cancelbots are triggered when one message is sent to
   a large number of newsgroups or when many small messages are sent
   (from one sender) to the same newsgroup.  In general these are tuned
   to the "Breidbart Index" [3] which is a somewhat fuzzy measure of the
   interactions of the number of posts and number of groups.  This is
   fuzzy purposefully, so that people will not post a number of messages
   just under the index and still "get away with it."  And as noted
   above, the cancel messages have reached such a volume now that a lot
   of News administrators are beginning to write filters rather than
   send cancels.  Still spam gets through, so what can a concerned
   netizen do?

   If there is a group moderator, make sure s/he knows that off-topic
   posts are slipping into the group.  If there is no moderator, you
   could take the same steps for dealing with news as are recommended
   for mail with all the same caveats.

   A reasonable printed reference one might obtain has been published by
   O'Reilly and Associates, _Stopping Spam_, by Alan Schwartz and Simson
   Garfinkel [4].  This book also has interesting histories of spammers
   such as Cantor and Siegel, and Jeff Slaton.  It gives fairly clear
   instructions for filtering mail and news.








Hambridge & Lunde            Informational                      [Page 9]

RFC 2635                       DON'T SPEW                      June 1999


5.  Help for Beleaguered Admins

   As a system administrator, news administrator, local Postmaster, or
   mailing-list administrator, your users will come to you for help in
   dealing with unwanted mail and posts.  First, find out what your
   institution's policy is regarding unwanted/unsolicited mail.  It is
   possible that it won't do anything for you, but it is also possible
   to use it to justify blocking a domain which is sending particularly
   offensive mail to your users.  If you don't have a clear policy, it
   would be really useful to create one.  If you are a mailing-list
   administrator, make sure your mailing-list charter forbids off-topic
   posts. If your internal-only newsgroups are getting spammed from the
   outside of your institution, you probably have bigger security
   problems than just spam.

   Make sure that your mail and news transports are configured to reject
   messages injected by parties outside your domain.  Recently
   misconfigured Netnews servers have become subject to hijacking by
   spammers.  SMTP source routing <@relay.host:user@dest.host> is
   becoming deprecated due to its overwhelming abuse by spammers.  You
   should configure your mail transport to reject relayed messages (when
   neither the sender nor the recipient are within your domain).  Check:

                         http://www.sendmail.org/

   under the "Anti-Spam" heading.

   If you run a firewall at your site, it can be configured in ways to
   discourage spam.  For example, if your firewall is a gateway host
   that itself contains an NNTP server, ensure that it is configured so
   it does not allow access from external sites except your news feeds.
   If your firewall acts as a proxy for an external news-server, ensure
   that it does not accept NNTP connections other than from your
   internal network.  Both these potential holes have recently been
   exploited by spammers.  Ensure that email messages generated within
   your domain have proper identity information in the headers, and that
   users cannot forge headers.  Be sure your headers have all the
   correct information as stipulated by RFC 822 [5] and RFC 1123 [6].

   If you are running a mailing-list, allowing postings only by
   subscribers means a spammer would actually have to join your list
   before sending spam messages, which is unlikely.  Make sure your
   charter forbids any off-topic posts.  There is another spam-related
   problem with mailing-lists which is that spammers like to retaliate
   on those who work against them by mass-subscribing their enemies to
   mailing-lists.  Your mailing-list software should require
   confirmation of the subscription, and only then should the address be
   subscribed.



Hambridge & Lunde            Informational                     [Page 10]

RFC 2635                       DON'T SPEW                      June 1999


   It is possible, if you are running a mail transfer agent that allows
   it, to block persistant offending sites from ever getting mail into
   your site.  However, careful consideration should be taken before
   taking that step.  For example, be careful not to block out sites for
   which you run MX records!  In the long run, it may be most useful to

   help your users learn enough about their mailers so that they can
   write rules to filter their own mail, or provide rules and kill files
   for them to use, if they so choose.

   There is information about how to configure sendmail available at
   "www.sendmail.org."  Help is also available at "spam.abuse.net."

   Another good strategy is to use Internet tools such as whois and
   traceroute to find which ISP is serving your problem site.  Notify
   the postmaster or abuse (abuse@offending-domain.example) address that
   they have an offender.  Be sure to pass on all header information in
   your messages to help them with tracking down the offender.  If they
   have a policy against using their service to post unsolicited mail
   they will need more than just your say-so that there is a problem.
   Also, the "originating" site may be a victim of the offender as well.
   It's not unknown for those sending this kind of mail to bounce their
   mail through dial-up accounts, or off unprotected mail servers at
   other sites.  Use caution and courtesy in your approach to those who
   look like the offender.

   News spammers use similar techniques for sending spam to the groups.
   They have been known to forge headers and bounce posts off "open"
   news machines and remailers to cover their tracks.  During the height
   of the infamous David Rhodes "Make Money Fast" posts, it was not
   unheard of for students to walk away from terminals which were logged
   in, and for sneaky folks to then use their accounts to forge posts,
   much to the later embarrassment of both the student and the
   institution.

   One way to lessen problems is to avoid using mail-to URLs on your web
   pages.  They allow email addresses to be easily harvested by those
   institutions grabbing email addresses off the web.  If you need to
   have an email address prevalent on a web page, consider using a cgi
   script to generate the mailto address.

   Participate in mailing lists and news groups which discuss
   unsolicited mail/posts and the problems associated with it.
   News.admin.net-abuse.misc is probably the most well-known of these.







Hambridge & Lunde            Informational                     [Page 11]

RFC 2635                       DON'T SPEW                      June 1999


6.  What's an ISP to Do

   As an Internet Service Provider, you first and foremost should decide
   what your stance against unsolicited mail and posts will be.  If you
   decide not to tolerate unsolicited mail, write a clear Acceptable Use
   Policy which states your position and delineates consequences for
   abuse.  If you state that you will not tolerate use of your resource
   for unsolicited mail/posts, and that the consequence will be loss of
   service, you should be able to cancel offending accounts relatively
   quickly (after verifying that the account really IS being mis-used).
   If you have downstreaming arrangements with other providers, you
   should make sure they are aware of any policy you set.  Likewise, you
   should be aware of your upstream providers' policies.

   Consider limiting access for dialup accounts so they cannot be used
   by those who spew.  Make sure your mail servers aren't open for mail
   to be bounced off them (except for legitimate users).  Make sure your
   mail transfer agents are the most up-to-date version (which pass
   security audits) of the software.

   Educate your users about how to react to spew and spewers.  Make sure
   instructions for writing rules for mailers are clear and available.
   Support their efforts to deal with unwanted mail at the local level -
   taking some of the burden from your system administrators.

   Make sure you have an address for abuse complaints.  If complainers
   can routinely send mail to "abuse@BigISP.example" and you have
   someone assigned to read that mail, workflow will be much smoother.
   Don't require people complaining about spam to use some unique local
   address for complaints.  Read and use 'postmaster' and 'abuse'.  We
   recommend adherence to RFC 2142, _Mailbox Names for Common Services,
   Roles and Functions._ [7].

   Finally, write your contracts and terms and conditions in such
   language that allows you to suspend service for offenders, and so
   that you can impose a charge on them for your costs in handling the
   complaints their abuse generates and/or terminating their account and
   cleaning up the mess they make.  Some large ISPs have found that they
   can fund much of their abuse prevention staff by imposing such
   charges.  Make sure all your customers sign the agreement before
   their accounts are activated.  There is a list of "good" Acceptable
   Use Policies and Terms of Service at:

                http://spam.abuse.net/goodsites/index.html.

   Legally, you may be able to stop spammers and spam relayers, but this
   is certainly dependent on the jurisdictions involved.  Potentially,
   the passing of spam via third party computers, especially if the



Hambridge & Lunde            Informational                     [Page 12]

RFC 2635                       DON'T SPEW                      June 1999