Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

  • From: Steven Champeon
  • Date: Wed Jan 12 11:58:46 2005

on Wed, Jan 12, 2005 at 10:32:13AM -0600, Chris Adams wrote:
> 
> Once upon a time, Steven Champeon <schampeo@hesketh.com> said:
> > 7) all ISPs MUST act on ANY single abuse report (including being
> >    informed of infected customer machines, which MUST be removed from
> >    the Internet ASAP. No excuses)
> 
> One problem I have with this one is people do forge reports, and there
> is no way around that.  Also, as long as there are networks that don't
> enforce source address filtering, port probing complaints cannot be
> validated (I take them as valid unless proven otherwise, but we have had
> a few that appear after the fact to be forged and/or spoofed).  If you
> _always_ take someone off-line on a single complaint, you make it easy
> for someone to get someone else kicked off.

Think of it as two separate requirements, one dependent on the other.
1) I'm tired of hearing stories about ISPs who let Spammer X continue
because "there weren't enough complaints", and 2) once you've verified
that a reported infected host IS infected, take 'im offline ASAP.

Or, restate it as "no more abuse desk role account autoack ignorebots".

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.