Massmailers

nuclearcat

Hi2all

There is some customer, who sent massmail, 853 thousands of mails. I have receive one complaint from AOL, and not going to wait others, blocked him 25 port. You know current situation with SPAM, and i need your, guys(and girls) advice, what to do with him next. Just answer reasonably, that you think about that.
There is few choices:
1)I let him install his own mailserver, and i dont give a shit about complaints, let him send SPAM, his money is money, they dont smell.
2)Just explain him his mistake, and recommend to use some hosting, who let SPAM to go.
3)I will block him port 25, and thats it
4)Disconnect him from the internet completely.

Your opinions :-)
My personal opinion between 3 and 4, i am very agressive with spammers and i hate them too much.

Padre

i guess issue a warning. on the seoncd one, disconnect him as a viloation of agreements term
he is spamming -> he is guetting paid. or taking from that ....ask for more money :P (not what i would do tho :P)

samer

does VISP has a clear "zero tolerance for spam" policy?

mahdoum

Issue a warning and ban port 25 ie choice 3

nuclearcat

Samer wrotedoes VISP has a clear "zero tolerance for spam" policy?

There is no absolute chance that someone can spam. If i know that he spam for purprose, and he will tell him he paid for that, i will kick him out in few seconds and return money for his account from my pocket even.
Just i am thinking, what kind of punishment must be approved. It is not end-user, it is SOHO, but i will disconnect any customer, even biggest one, if he will say "i will spam for purprose".

mir

i guess issue a warning. on the seoncd one, disconnect him as a viloation of agreements term
he is spamming -> he is guetting paid. or taking from that ....ask for more money (not what i would do tho )

well i agree about the warning
but i don't agree about more money
if that guy is using the internet to re-distribute drugs and get new customers .. i don't think nuc would ask to share some of the money that comes out from it :P
there are other worse example i could have given

i think issue him a warning... explain a bit to him why he shouldn't do that (briefly.. ma ktir tit3azab.. cuz 90 % ma 7a yi2tni3 )
don't tell him about any ways..la install ur own mail server wala shi..

u can go another way around with him if he doesn't get convinced that spamming is bad and doesn't wanna stop
teach him a lesson
keep sendign spam to his messages to his emails.. about different subjects
when he feels the annoyance..maybe 7a yi2tini3 bil fekra

another issue is raised by this topic :
it is how much can my ISP decide for me .. if what i am doing is right or wrong
for example.. let us suppose that one of ur customers is using his account to :
- defacing website
- upload child pornography
- distributing malware
- cracking softwares and sharing illegal stuff
- selling drugs over the net

what would u do nuc in those situations ? !

nuclearcat

Most of the cases - i will not notice even, because i am not doing preventive traffic scan for such things. But if i will get abuse/complaint - i will take small investigation action. If i will have logs, or source can prove that his information is true(which is very difficult, except it is FBI/lebanese police/...) - i will block account. Also complaint to be taken seriously have to be signed by lebanese notary, if it is from company/person, not from government officials. Cause there is very high chance of fake complaints.

In cases 1,2,3,5 - i will take preventive action(blocking account or ports), if my short investigation will show it is true and case is serious. In case 2 additionally we will report local police department immediately, if i see it is true.
Case 1 - can be just stupid kid, it is bad to do something serious for him(if actions what he did, not so serious), just i will ask reseller, next time when this kid will go to pay for internet, to tell him, that it is bad, and he/his parents can face problems from police.

In case 4 = I will take investigation, and if complaint done in official way and it is proven there that complainer is copyright owner, i will ask customer to remove illegal content. If he will not do that in some acceptable terms - i will block his accounts.

One time RIAA-like company tried to ask us about information about one of customers. I found some fake records(wrong ip's, time when they are saying customer shared movies - his connection was off) in their complaint, and told them that i i will report to FBI, that they are trying to blackmail us(they wrote very ugly and scary email, that how it is dangerous for our company to not give information about this guy), they disappeared.

Another case, some customers get angry because we dont give them cheaper price/free internet, coz they are super-puper hackers, and we must be scared from them. I heard such talks from reseller, that some idiot want free internet, cause he c00lhax0r, and he will stop him, then we had very serious DDoS for almost 1 week. We can block it, but it can cause few minutes downtime per day, if IDS works not enough fast. Finally i postpone all my work, and spent few hours tracking idiot. Well... i go behind law, he got very painful lesson. It is not a joke, serious DDoS, next he will start robbing and killing people without understanding responsibility, how bad things he is doing.

mir

The good point in what you said is that you mentioned official complaints.. stuff signed from notary.. request from police !

I think anyone serious about doing illegal stuff, would at least have encryption on

I think scanning the traffic is like listening to all the ppls phone calls on ur network
Do you need papers or reasons to do a preventive scanning ?
i think the amount of data would be huge.. i am sure u ain't gonna read it all :P
i am just curious.. what kind of software is used to analyze the output

I think ISPs .. specially in the future will have more power and control .. it will be like power and Key companies in the country
and i think there are some privacy issues in here that can be discussed.. but i am not going off-topic
cuz that is completely another discussion !

rolf

nuclearcat wroteWell... i go behind law, he got very painful lesson.

hahaha what did you do? show up at his house with a group of people :D ?

teodorgeorgiev

Samer, we do not tolerate spam, neither we freely provide our customers with a "platform" for spamming and getting paid for this... Like some other ISP.

All of us knows which ISP tolerates and endorses spamming.

I am getting 5-10 mails per day from them.

nuclearcat

mir wroteThe good point in what you said is that you mentioned official complaints.. stuff signed from notary.. request from police !

I think anyone serious about doing illegal stuff, would at least have encryption on

I think scanning the traffic is like listening to all the ppls phone calls on ur network
Do you need papers or reasons to do a preventive scanning ?
i think the amount of data would be huge.. i am sure u ain't gonna read it all :P
i am just curious.. what kind of software is used to analyze the output

I think ISPs .. specially in the future will have more power and control .. it will be like power and Key companies in the country
and i think there are some privacy issues in here that can be discussed.. but i am not going off-topic
cuz that is completely another discussion !

mir - i will search for pattern specified by complainer. Let's say he will say customer share "XXyo_porno.jpg" or shell code patterns, there is tools to catch this.
So i will not see all customer traffic, but ISP have right to scan it for highly illegal content by software in case of complaint, which will not store his traffic, in case he didn't match suspicious patterns.
And for example, telephone compaines before was listening to phone call, if it is not dropped long time, to check - maybe customer forgot to close phone or it is his phone malfunction. My idea, that ISP can make pattern based software to catch illegal activity, like snort software, if for example in customer bandwidth appear too much phrases "(kid|child)\s*(sex|porno)", which will give him alert on such activity, and possible store traffic for this period. Also ISP have right to store always customer information like: HTTP access.logs (URL's), netflow/sflow data, and sure connect/disconnect time and traffic. Thats it, nothing more.

About encryption... well, even criminals doing mistakes. And if he run encryption, he will have some end-point host. This means complainer will call end-point host or he can ask me, that if customer connected to this end-point, but i wouldn't answer, if he dont run anything suspicious and i cannot catch "illegal" patterns. I will answer on such case ONLY to government officials and ONLY when i will have official paper.

But preventive scanning MUST happen, if there is complaint. If it is case of selling drugs, illegal pornography and etc - maybe it will save someone life or future. Each of us cannot judge someone on street and hang him, if just people talk - he is selling drugs. But if someone tell you, your neighbour abusing child, and you will not knock in his door, when abuser tell it happen, to see if it is like this? And you will not prevent him to do this again? Police is slow sometimes, and people must help one each other sometimes in such cases.

If it was fake complaint, this can be case for police too, maybe... not sure, i have to ask lawyers.

mir

Also ISP have right to store always customer information like: HTTP access.logs (URL's), netflow/sflow data, and sure connect/disconnect time and traffic. Thats it, nothing more.

Oh ! that is all .. that is a lot :O:
for how long VISP keeps those records
do u have terms of use or agreement when someone buys an account
can i have the link to read it ?

The thing is that on the internet it is much easier for ISP to invade ur privacy than with PhoneCompany cuz recognitions softwares for voice and taping and stuff.. will take lot of ressources. and so hard to do. but with the ISP.. much much easy

I don't have any personal problem.. but i am thinking of this as privacy and ethical stuff
and i am not only wondering about VISP
i doubt what other lebanese ISP might be doing ! or what they can do
i will post detailed questions later..maybe in another topic cuz i find that is very intresting

samer

Samer, we do not tolerate spam, neither we freely provide our customers with a "platform" for spamming and getting paid for this... Like some other ISP.

All of us knows which ISP tolerates and endorses spamming.

I am getting 5-10 mails per day from them.

Theo, i asked the question because from an ISP point of view, spamming could be seen as using port 25 too often (i.e., they can close their eyes on the issue. sadly enough) not something serious, so i wanted to check if you have an anti-spam policy.

On the other hand, the guy could be infected with malware... i recommend asking him what's going on!

teodorgeorgiev

Dude, we are clever enough to make a difference between a victim (an infected person), a company that operates with a large amount of mail (because that is their job) and a hostile professional spammer :cool:

nuclearcat

mir wrote
Also ISP have right to store always customer information like: HTTP access.logs (URL's), netflow/sflow data, and sure connect/disconnect time and traffic. Thats it, nothing more.
Oh ! that is all .. that is a lot :O:
for how long VISP keeps those records
do u have terms of use or agreement when someone buys an account
can i have the link to read it ?

The thing is that on the internet it is much easier for ISP to invade ur privacy than with PhoneCompany cuz recognitions softwares for voice and taping and stuff.. will take lot of ressources. and so hard to do. but with the ISP.. much much easy

I don't have any personal problem.. but i am thinking of this as privacy and ethical stuff
and i am not only wondering about VISP
i doubt what other lebanese ISP might be doing ! or what they can do
i will post detailed questions later..maybe in another topic cuz i find that is very intresting

Logs is kept according lebanese laws, how much - it is set my management. And all ISP's have to do that. Before i was not keeping them, but it is required now.
For me - better to not keep anything, because we had to invest a lot money, because logs eating a lot performance.

Padre

WoW, it's nice to see some ISP's are taking serious actions !!
it's good that my ISP seems dormant for now .... im too lousy to use encryption anyway these days.
about complaning on the other end .... when things get "serious" we make sure it's pretty hard to track :P once we even "blown up" couple of nodes to hide tracks ...but that was way long ago.
anyway, Nuc i would really like if you could enlighten me about the laws about all this stuff in lebanon. cause to my knowledge ...we just dont have any laws for that. it's just chaos.