📄 rfc2635.txt
字号:
headers are forged, could be a criminal action depending on the laws of the particular jurisdiction(s) involved. If your site is being used as a spam relay, be sure to contact local and national criminal law enforcement agencies. Site operators may also want to consider bringing civil actions against the spammer for expropriation of property, in particular the computer time and network bandwidth. In addition, when a mailing list is involved, there is a potential intellectual property rights violation. There are a few law suits in the courts now which claim spammers interfered with and endangered network connectivity. At least one company is attempting to charge spammers for the use of its networks (www.kclink.com/spam/).7. Security Considerations Certain actions to stop spamming may cause problems to legitimate users of the net. There is a risk that filters to stop spamming will unintentionally stop legitimate mail too. Overloading postmasters with complaints about spamming may cause trouble to the wrong person, someone who is not responsible for and cannot do anything to avoid the spamming activity, or it may cause trouble out of proportion to the abuse you are complaining about. Be sure to exercise discretion and good judgment in all these cases. Check your local escalation procedure. The Site Security Handbook [2] can help define an escalation procedure if your site does not have one defined. Lower levels of network security interact with the ability to trace spam via logs or message headers. Measures to stop various sorts of DNS and IP spoofing can make this information more reliable. Spammers can and will exploit obvious security weaknesses, especially in NNTP servers. This can lead to denial of service, either from the sheer volume of posts, or as a result of action taken by upstream providers.8. Acknowledgments Thanks for help from the IETF-RUN working group, and also to all the spew-fighters. Specific thanks are due to J.D. Falk, whose very helpful Anti-spam FAQ proved valuable. Thanks are also due to the vigilance of Scott Hazen Mueller and Paul Vixie, who run spam.abuse.net, the Anti-spam web site. Thanks also to Jacob Palme, Chip Rosenthal, Karl Auerbach for specific text: Jacob for the Security Considerations section, Chip for the configuration suggestions in section 5, Karl for the legal considerations. Andrew Gierth was very helpful with Netnews spam considerations. And thanks to Gary Malkin for proofing and formatting.Hambridge & Lunde Informational [Page 13]
RFC 2635 DON'T SPEW June 19999. References [1] See for example spam-l@peach.ease.lsoft.com [2] Fraser, B., "Site Security Handbook", FYI 8, RFC 2196, September 1997. [3] "Current Spam thresholds and guidelines," Lewis, Chris and Tim Skirvin, http://www.killfile.org/~tskirvin/faqs/spam.html. [4] Schwartz, Alan and Simson Garfinkel, "Stopping Spam," O'Reilly and Associates, 1998. [5] Crocker, D., "Standard for the format of ARPA Internet text messages", STD 11, RFC 822, August 1982. [6] Braden, R., "Requirements for Internet hosts - application and support", STD 3, RFC 1123, October 1989. [7] Crocker, D., "Mailbox Names for Common Services, Roles and Functions", RFC 2142, May 1997. * Spam is a name of a meat product made by Hormel. "spam" (no capitalization) is routinely used to describe unsolicited bulk email and netnews posts.Hambridge & Lunde Informational [Page 14]
RFC 2635 DON'T SPEW June 199910. Appendix - How to Track Down Spammers In a large proportion of spams today, complaining to the postmaster of the site that is the apparent sender of a message will have little effect because either the headers are forged to disguise the source of the message, or the senders of the message run their own system/domain, or both. As a result, it may be necessary to look carefully at the headers of a message to see what parts are most reliable, and/or to complain to the second or third-level Internet providers who provide Internet service to a problem domain. In many cases, getting reports with full headers from various recipients of a spam can help locate the source. In extreme cases of header forgery, only examination of logs on multiple systems can trace the source of a message. With only one message in hand, one has to make an educated guess as to the source. The following are only rough guidelines. In the case of mail messages, "Received:" headers added by systems under control of the destination organization are most likely to be reliable. You can't trust what the source domain calls itself, but you can usually use the source IP address since that is determined by the destination domain's server. In naive mail forgeries, the "Message-ID:" header may show the first SMTP server to handle the message and/or the "Received:" headers may all be accurate, but neither can be relied on. Be especially wary when the Received: headers have other headers intermixed. Normally, Received: headers are all together in a block, and when split up, one or the other blocks is probably forged. In the case of news messages, some part of the Path: header may be a forgery; only reports from multiple sites can make this clear. In naive news forgeries, the "NNTP-Posting-Host:" header shows the actual source, but this can be forged too. If a spam message advertises an Internet server like a WWW site, that server must be connected to the network to be usable. Therefore that address can be traced. It is appropriate to complain to the ISP hosting a web site advertised in a SPAM, even if the origin of the spam seems to be elsewhere. Be aware that the spam could be an attack on the advertised site; the perpetrator knows the site will be deluged with complaints and their reputation will be damaged. Any spam with an electronic address in it is suspect because most spammers know they're unwelcome and won't make themselves accessible.Hambridge & Lunde Informational [Page 15]
RFC 2635 DON'T SPEW June 1999 Here is an example mail header:----From friendlymail@209.214.12.258.com Thu Feb 26 20:32:47 1998Received: from clio.sc.intel.com by Ludwig.sc.intel.com (4.1/SMI-4.1) id AA05377; Thu, 26 Feb 98 20:32:46 PSTReceived: from 209.214.12.258.com (209.214.12.258.com [208.26.102.16]) by clio.sc.intel.com (8.8.6/8.8.5) with ESMTP id UAA29637 for <sallyh@intel.com>; Thu, 26 Feb 1998 20:33:30 -0800 (PST)Received: okX-Sender: promo1@gotosportsbook.comX-Advertisement: <a href="http://www.opt-out.com">Click here to be removed.Date: Thu, 26 Feb 1998 23:23:03 -0500From: Sent By <promo1@gotosportsbook.com>Reply-To: Sent By <promo1@gotosportsbook.com>To: friend@bulkmailerSubject: Ad: FREE $50 in Sportsbook & CasinoX-Mailer: AK-Mail 3.0b [eng] (unregistered)Mime-Version: 1.0Content-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitSender: friendlymail@aqua.258.comMessage-Id: <bulk.6508.19980226232535@aqua.258.com>Status: R---- Doing a traceroute on an IP address or DNS address will show what domains provide IP connectivity from you to that address. Using whois and nslookup, one can try to determine who is administratively responsible for a domain. In simple cases, a user of a responsible site may be exploiting an account or a weakness in dial-up security; in those cases a complaint to a single site may be sufficient. However, it may be appropriate to complain to more than one domain, especially when it looks like the spammers run their own system. If you look at the traceroute to an address, you will normally see a series of domains between you and that address, with one or more wide-area/national Internet Service Providers in the middle and "smaller" networks/domains on either end. It may be appropriate to complain to the domains nearer the source, up to and including the closest wide-area ISP. However, this is a judgement call. If an intermediate site appears to be a known, responsible domain, stopping your complaints at this point makes sense.Hambridge & Lunde Informational [Page 16]
RFC 2635 DON'T SPEW June 1999Authors' Information Sally Hambridge Intel Corp, SC11-321 2200 Mission College blvd Santa Clara, CA 95052 EMail: sallyh@ludwig.sc.intel.com Albert Lunde Northwestern University Suite 1400 1603 Orrington Avenue Evanston, IL 60201 EMail: Albert-Lunde@nwu.eduHambridge & Lunde Informational [Page 17]
RFC 2635 DON'T SPEW June 1999Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Hambridge & Lunde Informational [Page 18]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -