I hesitate to re-open (or continue) this heated and ultimately fruitless
thread, but the recent mention about 'drop boxes' has gotten me a bit
worried that perhaps the vigilantes really are going too far.
I've reviewed the AUPs for about a dozen places (including the four ISPs
I do business with), and I cannot find ONE that would have anything to
say about it being improper to run a "drop box" (even if a customer were
really doing that). As far as I can tell *receiving* email has never
been an unacceptable practice, and particular email received is *NOT* the
ISP's business.
Perhaps the reply-address is fake, perhaps it isn't, but since the
customer isn't violating ANY local (*or*global*!) use/behavior policies,
by happening to have their email address mentioned in some bit of UCE
sent *by*someone*else*, and if the customer even bothers to reply to the
ISP's improper (IMO!) inquiry about this, if they just say "I don't know
what you're talking aboutg and I've never gotten any email about that...
maybe someone is trying to set me up to be mail bombed".... what basis
would the ISP have to interfere with the customer's business, whatever it
might be, or to mess with their account? What would the vigilantes
recommend the ISP do if the customer pushes back and threatens to file
suit or complain to the local-jurisdiction consumer protection folk? [or
to the feds if the customer thinks that the ISP has been improperly
monitoring their incoming email]?
Nick mentioned "investigate", but at least in the US there's precious
little that an ISP can do in the way of investigation. No AUP that I've
ever seen says anything about from whom a person can *receive* email, the
laws prevent just random monitoring of incoming email [and indeed, even
if it is in response to the spam, the customer might still just say that
they don't know what the ISP is talking about, yes, they get some of that
but they filter it to /dev/null so it doesn't affect them]. ISPs don't
have the prerogative to intrude into the private business affairs of
their customers, and *from*what*the*ISP*can*see*, the customer is a model
citizen. And so what's the ISP to do when the vigilantes threaten to
mess with their business? Seems that the ISP is caught between a rock
[the vigilantes] and a hard place [the law].
[note, I've tried to be careful here, looking at it from the point of
view of the ISP and the information the ISP is properly privy to. [quite
different when a customer SENDS UCE, and so the parties who received it
can [legally and properly] forward the "evidence" back to the ISP]
What if the ISP goes back to the vigilantes and just says "the customer
denies it or won't even talk to me about it (claiming that who they
receive email from is none of my business), and from what I can tell
(from my system logs, etc) is causing no trouble at all to anyone. My
system is secure and no UCE is being sent from it". It *might*be* that
the customer is really a drop box for some third-party sending out UCE,
but there's no way for the ISP to tell.
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
