Re: [mailop] Cloudflare not taking actions agains spamers?
Hi Frank > It is hard to justify: take down this content because I received a bad > email. I would not take the site down after receiving one complaint. But usually a ISP receives various complaints from various sources. And that is a strong hint, that the customer is indeed a spamer. -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016 at 10:19 PM, Dave Warren wrote: > There is a difference: CloudFlare serves content on behalf of the site > owner, my cache does not. > > What is your point here? > I guess I see it differently. CloudFlare is just a cache. They are a proxy service. They aren't the host of the content. As far as I understand it, they aren't generating the spam either. Then again, they already claim to go after: > Copyright infringement & DMCA violations > Trademark infringement > Child pornography > Phishing & malware > Violent threats ...so I guess it shouldn't be that big of a deal to go after spammy sites too. After that, perhaps we can get them to go after sites that still say "Best viewed with Internet Explorer". -A ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
> On Sep 6, 2016, at 5:14 PM, Franck Martin via mailop > wrote: > > IMHO > > It is hard to justify: take down this content because I received a bad email. > > You either ask the web content to be taken down because it is bad on its own > merit, or you ask the mail server admins to not send such bad emails. > > To link the bad emails to a website needs a bit more work to prove a > definitive relationship. It doesn’t matter, Cloudflare won’t terminate customers if the site is bad on its own merit. Cloudflare have some incredibly problematic policies. These policies have resulted in people being doxxed and their safety compromised such that they had to leave their homes. The spam supporting policies of Cloudflare pale in comparison to the criminal activity they support and the abusive activity they facilitate through their abuse handling processes. That being said, I do think that hosting companies have a responsibility to prevent abuse by their customers, and that does mean removing websites that are advertised by spam. laura -- Having an Email Crisis? 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
IMHO It is hard to justify: take down this content because I received a bad email. You either ask the web content to be taken down because it is bad on its own merit, or you ask the mail server admins to not send such bad emails. To link the bad emails to a website needs a bit more work to prove a definitive relationship. On Tue, Sep 6, 2016 at 12:04 AM, Bill Cole < mailop-20160...@billmail.scconsult.com> wrote: > On 6 Sep 2016, at 1:04, Aaron C. de Bruyn wrote: > > Anyways, I thought there was a court case back in mid-90s where Compuserve >> or Prodigy or something was ruled to not be responsible for content >> flowing >> through their networks as they are simply the conduit. >> > > Cubby v. CompuServe and Stratton Oakmont v. Prodigy are probably what you > half-recall. > They were nuanced enough (or if you prefer: contradictory enough) that > Congress felt compelled to pass a series of not-very-good laws like CDA, > COPA, COPPA, CIPA, DMCA, and CAN-SPAM to clarify. Yeah, not so much... > > Anyway, I'm no lawyer and so can't give legal advice (but – funny story – > I was very briefly sued for supposedly doing so) so take this for what it's > worth. Note that those 2 cases were civil defamation suits because under US > law it is really rather hard to publish anything in any medium that runs > afoul of criminal law to a degree that the government will act. So when > talking about legalities related to spam you're discussing mostly civil > fraud or libel, both of which demand a specific victim with real damages. > > In short: US case law and US statutory law are both essentially > irrelevant. It is not a question of whether CloudFlare is on sound legal > ground under US law, it's a question of whether they are wrong in their > actions. If you can't see the difference there, I can't help. > > Wouldn't that apply >> to something like CloudFlare? >> > > CloudFlare seems to be architected to assure that their services present > jurisdictional challenges, so that's a layered question, but let's > stipulate that CloudFlare is always entirely under US jurisdiction. > > The situation left by the two cited cases was a big fat headache. Prodigy > was liable, CompuServe not, and there was a rather subtle (or perverse, if > you prefer...) rationale for the difference. No higher court ever had a > chance to unify that subtlety or establish a clear rational standard. As a > result, later statutes almost all provided "safe harbor" provisions for > ISPs that didn't quite make them common carriers (which they didn't > actually want) but also gave them easy ways to avoid liability by acting in > "good faith." Eventual case law has essentially made those provisions > accessible to anyone providing any sort of service online. THOSE are the > legal details that really protect a hypothetical CloudFlare that is fully > under US jurisdiction. > > Note that this is also why mail system operators in the US can't be > legally held to any sort of performance standard for mitigating the flow of > spam through their systems as long as they don't overtly promote or protect > blatantly illegal spam. I expect all the mailops who claim "you can't avoid > sending out SOME spam" are glad for that protection. > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
Hi Dave > Truthfully, forwarding complaints is a bit of a messy business as this > could easily forward to the abuser themselves. But, this should at > least be an option when filing a complaint, as should actually > terminating the abusive customer. I do know the problem. But I don't think it's a big issue in the constellation we have here with cloudflare. They do provide proxy services. Hopefully the content is hosted at a sensitive hoster that does react to abuse complaints. Of course some spamers have own AS numbers or PA Ranges with their contact recorded. So if I would be working at cloudflare's abuse desk and I would keep getting complaints about a customer for a prolonged period of time. I would have a closer look in what the customer is doing and if it's clear that the customer does not react to spam complaints I would terminate that service. Working at an ISP I know the problem. We also get the occasional complaint about a customer sending 'newsletters'. In Switzerland the case is quite clear. If the customer sending that newsletter can provide a proof, that the recipient is an existing customer of his, or has actively subscribed to that newsletter, then the complainer is informed, that this was wrongfully reported as spam. Spamcopa as example is known to have disabled 'reporting' accounts of users who repeatedly reported emails not being spam. Sometimes we also get the complainer and our customer to talk to each other and find a solution for the issue in such cases. If the customer cannot provide such a proof, or plainly addmits having bought those email addresses on ebay or somewhere else, he is issued a warning. If he continues, we will terminate his service as stated in our policy. Of course there are botnet. We don't get tired informing our customers about infected machines and have to block customers regularly because they don't manage to clean up their machines on the first (or secondy) try. This all happens according the rules we have in our contracts with the customers. 'to protect other internet users from harm an spam' I think is the phrase we use. I hope most other ISP also use such clauses in their contracts. -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On 6 Sep 2016, at 1:04, Aaron C. de Bruyn wrote: Anyways, I thought there was a court case back in mid-90s where Compuserve or Prodigy or something was ruled to not be responsible for content flowing through their networks as they are simply the conduit. Cubby v. CompuServe and Stratton Oakmont v. Prodigy are probably what you half-recall. They were nuanced enough (or if you prefer: contradictory enough) that Congress felt compelled to pass a series of not-very-good laws like CDA, COPA, COPPA, CIPA, DMCA, and CAN-SPAM to clarify. Yeah, not so much... Anyway, I'm no lawyer and so can't give legal advice (but – funny story – I was very briefly sued for supposedly doing so) so take this for what it's worth. Note that those 2 cases were civil defamation suits because under US law it is really rather hard to publish anything in any medium that runs afoul of criminal law to a degree that the government will act. So when talking about legalities related to spam you're discussing mostly civil fraud or libel, both of which demand a specific victim with real damages. In short: US case law and US statutory law are both essentially irrelevant. It is not a question of whether CloudFlare is on sound legal ground under US law, it's a question of whether they are wrong in their actions. If you can't see the difference there, I can't help. Wouldn't that apply to something like CloudFlare? CloudFlare seems to be architected to assure that their services present jurisdictional challenges, so that's a layered question, but let's stipulate that CloudFlare is always entirely under US jurisdiction. The situation left by the two cited cases was a big fat headache. Prodigy was liable, CompuServe not, and there was a rather subtle (or perverse, if you prefer...) rationale for the difference. No higher court ever had a chance to unify that subtlety or establish a clear rational standard. As a result, later statutes almost all provided "safe harbor" provisions for ISPs that didn't quite make them common carriers (which they didn't actually want) but also gave them easy ways to avoid liability by acting in "good faith." Eventual case law has essentially made those provisions accessible to anyone providing any sort of service online. THOSE are the legal details that really protect a hypothetical CloudFlare that is fully under US jurisdiction. Note that this is also why mail system operators in the US can't be legally held to any sort of performance standard for mitigating the flow of spam through their systems as long as they don't overtly promote or protect blatantly illegal spam. I expect all the mailops who claim "you can't avoid sending out SOME spam" are glad for that protection. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016, at 23:41, Benoit Panizzon wrote: > At least they could forward all spam complaints they receive to the > hoster of the origin on the content. But in my observation, they don't > do that. Truthfully, forwarding complaints is a bit of a messy business as this could easily forward to the abuser themselves. But, this should at least be an option when filing a complaint, as should actually terminating the abusive customer. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
Hi I also think a big difference is: Your Browser's cache does not hide the origin of the content. Cloudflare does. To prevent DDOS Attacks to the source of the content, that is their business. Bug this also hides where spamers host their stuff and provides a safe haven to them. At least they could forward all spam complaints they receive to the hoster of the origin on the content. But in my observation, they don't do that. -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On 9/5/16 10:04 PM, Aaron C. de Bruyn wrote: You're the one who said "CloudFlare will serve your website's static pages from our cache...that falls into my definition of being a host, even if it's only short term". So will your browser. /nitpick Not unless his browser cache is accessible to third parties. Anyways, I thought there was a court case back in mid-90s where Compuserve or Prodigy or something was ruled to not be responsible for content flowing through their networks as they are simply the conduit. Wouldn't that apply to something like CloudFlare? I wouldn't think so. They're advertising the content to the Internet via an A or record in DNS. Not the same thing as a transit provider by any means. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016, at 22:04, Aaron C. de Bruyn wrote: > You're the one who said "CloudFlare will serve your website's static > pages from our cache...that falls into my definition of being a host, > even if it's only short term". So will your browser. /nitpick There is a difference: CloudFlare serves content on behalf of the site owner, my cache does not. What is your point here? ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On 6/09/2016, at 4:44 PM, Aaron C. de Bruyn wrote: > >> On Mon, Sep 5, 2016 at 8:52 PM, Dave Warren wrote: >> They >> can yell and scream all they want about not being a host, but they also >> advertise that "CloudFlare will serve your website's static pages from >> our cache" when your origin server isn't reachable, that falls into my >> definition of being a host, even if only a short term. > > Does that definition of 'being a host' extend to your Chrome, Firefox, and IE > cache as well? There's no host-client relationship in that situation. Quite different from Cloudflare which actively serves stuff to many clients. So they are a host on behalf of their customer. - James___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
You're the one who said "CloudFlare will serve your website's static pages from our cache...that falls into my definition of being a host, even if it's only short term". So will your browser. /nitpick Anyways, I thought there was a court case back in mid-90s where Compuserve or Prodigy or something was ruled to not be responsible for content flowing through their networks as they are simply the conduit. Wouldn't that apply to something like CloudFlare? -A On Mon, Sep 5, 2016 at 9:56 PM, Dave Warren wrote: > On Mon, Sep 5, 2016, at 21:44, Aaron C. de Bruyn wrote: > > On Mon, Sep 5, 2016 at 8:52 PM, Dave Warren wrote: > > They > can yell and scream all they want about not being a host, but they also > advertise that "CloudFlare will serve your website's static pages from > our cache" when your origin server isn't reachable, that falls into my > definition of being a host, even if only a short term. > > > Does that definition of 'being a host' extend to your Chrome, Firefox, and > IE cache as well? > > > If my Firefox cache is serving the content to third parties on behalf of > the owner of the site hosting the content, yes. Mine is not configured to > do so, and I can suspect any reasonable person would know that, so this > seems to be a particularly stupid question. > > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016, at 21:44, Aaron C. de Bruyn wrote: > On Mon, Sep 5, 2016 at 8:52 PM, Dave Warren > wrote: >> They >> can yell and scream all they want about not being a host, but >> they also >> advertise that "CloudFlare will serve your website's static >> pages from >> our cache" when your origin server isn't reachable, that falls >> into my >> definition of being a host, even if only a short term. > > Does that definition of 'being a host' extend to your Chrome, Firefox, > and IE cache as well? If my Firefox cache is serving the content to third parties on behalf of the owner of the site hosting the content, yes. Mine is not configured to do so, and I can suspect any reasonable person would know that, so this seems to be a particularly stupid question. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016 at 8:52 PM, Dave Warren wrote: > They > can yell and scream all they want about not being a host, but they also > advertise that "CloudFlare will serve your website's static pages from > our cache" when your origin server isn't reachable, that falls into my > definition of being a host, even if only a short term. > Does that definition of 'being a host' extend to your Chrome, Firefox, and IE cache as well? -A ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Cloudflare not taking actions agains spamers?
On Mon, Sep 5, 2016, at 06:17, Benoit Panizzon wrote: <...> > Unfortunately that redirector service is run by cloudflare. So the > complaints reach the cloudflare abuse desk. And their usual reply is: > > We accept the following kinds of reports: > > Copyright infringement & DMCA violations > Trademark infringement > Child pornography > Phishing & malware > Violent threats > > So as I understand, spam is not something they will take any kind of > actions against. > > Has Cloudflare turned to the 'dark' side? :-) > > What's your experience with spamvertized sites behind cloudflare? I've never even gotten them to terminate sites that fall into the above category, they give the "We're not a host, just a proxy" excuse. They can yell and scream all they want about not being a host, but they also advertise that "CloudFlare will serve your website's static pages from our cache" when your origin server isn't reachable, that falls into my definition of being a host, even if only a short term. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop