In message <[EMAIL PROTECTED]>,
"Bernie Cosell" <[EMAIL PROTECTED]> wrote:
>I hesitate to re-open (or continue) this heated and ultimately fruitless
>thread, but the recent mention about 'drop boxes' has gotten me a bit
>worried that perhaps the vigilantes really are going too far.
>
>I've reviewed the AUPs for about a dozen places (including the four ISPs
>I do business with), and I cannot find ONE that would have anything to
>say about it being improper to run a "drop box" (even if a customer were
>really doing that).
All of the more enlightened ISPs now have contract clauses that prohibit
their users from violating the AUPs of _other_ networks in any way while
they are customers. Thus, if you spam (illicitly, and in violation of the
local AUP) from X, then you _can_ in many cases have your account revoked
on Y.
>As far as I can tell *receiving* email has never
>been an unacceptable practice, and particular email received is *NOT* the
>ISP's business.
It is their business if they make it their business. Some do, and others
prefer to just look the other way.
>Perhaps the reply-address is fake, perhaps it isn't, but since the
>customer isn't violating ANY local (*or*global*!) use/behavior policies...
See above. How do _you_ know they aren't violating (in particular) the
AUP over at ISP `X'... where they sent the spam from?
In the vast majority of cases, the spammers _are_ violating the AUP on the
network that they actually do their spamming from.
>by happening to have their email address mentioned in some bit of UCE
>sent *by*someone*else*, and if the customer even bothers to reply to the
>ISP's improper (IMO!) inquiry about this, if they just say "I don't know
>what you're talking aboutg and I've never gotten any email about that...
>maybe someone is trying to set me up to be mail bombed".... what basis
>would the ISP have to interfere with the customer's business, whatever it
>might be, or to mess with their account?
Maybe, none, _if_ the customer actually did claim that he had been setup.
But this is just more irrelevant hypotheticals. The fact of the matter is
that in Mr. Pope's case, it appears that he neither cared nor asked if their
might be a shady/clever spammer operating right under his nose.
There is some significant fraction of the online world which would have like
him to at least _ask_ his customer what really happened. But he could not,
it seems, even be bothered to do that. Doing so would not have been of any
direct benefit to his own personal bottom line.
>What would the vigilantes
>recommend the ISP do if the customer pushes back and threatens to file
>suit or complain to the local-jurisdiction consumer protection folk?
Some have done that. Mostly actual spammers. They have all lost (in
court) in the end. There are _many_ examples. Ask AGIS. Ask Netcom.
Ask UUnet.
>[or to the feds if the customer thinks that the ISP has been improperly
>monitoring their incoming email]?
Red herring.
>Nick mentioned "investigate", but at least in the US there's precious
>little that an ISP can do in the way of investigation.
He can _call_ the customer and _ask_ what the hell is going on. But as I
say, some people can't (it seems) even be bothered to do that... *and* they
are to fscking arrogant to even answer their E-mail when people complain
about the activities of their customers.
Mr. Pope's case isn't about what is or is not legally allowed. It's about
arrogance and greed. The law was never at issue.
>... ISPs don't
>have the prerogative to intrude into the private business affairs of
>their customers...
Wrong. They do if their contracts with those customers say they do.
>... Seems that the ISP is caught between a rock
>[the vigilantes] and a hard place [the law].
Wrong again.
You obviously don't understand anything about contract law.
>What if the ISP goes back to the vigilantes and just says "the customer
>denies it or won't even talk to me about it (claiming that who they
>receive email from is none of my business), and from what I can tell
>(from my system logs, etc) is causing no trouble at all to anyone.
IF Mr. Pope had in fact communicated even just that much back to the MAPS
RBL team, then I seriously doubt that he would ever have been RBL'd. But
he decided to play it the arrogant ``screw you'' way when they tried to
contact him about this incident, and thus, he got whacked. Maybe next time
he'll remember that there _are_ other people on this net and in this world,
_and_ that the net only works so long as people _cooperate_ with one another.
Mr. Pope was uncooperative with other people, and lo and behold! He then
found some other people then being uncooperative with him.
Justice has been done.
But now he want's to whine about it. OK. Fine. Let him whine. But he
got exactly what he deserved... i.e. the same level of (non-)cooperation
from other people as he was giving them.
>My system is secure and no UCE is being sent from it". It *might*be* that
>the customer is really a drop box for some third-party sending out UCE,
>but there's no way for the ISP to tell.
No, but you can ask. Mr. Pope, it seems, didn't even ask. Nor did he care.
Subsequent to that, he was given a reason to care.
-- Ron Guilmette, Roseville, California ---------- E-Scrub Technologies, Inc.
-- Deadbolt(tm) Personal E-Mail Filter demo: http://www.e-scrub.com/deadbolt/
-- Wpoison (web harvester poisoning) - demo: http://www.e-scrub.com/wpoison/
"Ping can be used offensively, and it's shipped with every windows CD"
-- Steve Atkins
