[SpamCop-List] Re: Legal Question

[Pete Stephenson]

In article <slrncpua5p.172.nobody at 127.0.0.1>,
 Steven Maesslein <nobody at nowhere.invalid> wrote:

> If we're talking about mail traffic, then I'd say that they were.

I've not gotten much spam from Comcast recently, which is surprising. 
Personally, I'd do what AOL did (to great success) -- redirect all 
outgoing port 25 data to an AOL mailserver.

This allows rate-limiting and virus-scanning on outbound mail without 
requiring people traveling away from their home connection to change 
their mail client settings. It's technically quite a simple thing. If 
AOL can do it (and their mail people are good -- actively communicating 
on SPAM-L and otherwise doing good stuff), anybody can.

Sure, it won't stop *all* problems, but it'll greatly reduce spam and 
viruses being sent direct-to-MX by zombied machines and give the ISP a 
paper trail to identify zombied machines and take appropriate action.

I don't bother with the redirecting, I just block all port 25 and 
require users to use my SMTP server which has rate-limiting, 
virus-scanning, etc. on it. It works out quite well for a provider of my 
size. A provider of Comcast's size would be better off redirecting, as 
it would cut down on support calls from goobers who can't reconfigure 
their SMTP server in their client.

> Comscat's clients enter into a legally binding contract between
> themselves and Comscat saying "thou shalt not spam". If they *do* spam,
> whether knowingly or not, then it's Comscat's responsibility to enforce
> the terms of the contract.

Comcast's rules at http://www.comcast.net/terms/subscriber.jsp, section 
10, sub-section f state, "Comcast's failure to insist upon or enforce 
strict performance of any provision of this Agreement shall not be 
construed as a waiver of any provision or right."

Thus, although it's against the rules to spam from their system, Comcast 
disclaims any responsibility for their users actions.

Their AUP at http://www.comcast.net/terms/use.jsp also states, "The 
failure of Comcast or its suppliers to enforce this AUP, for whatever 
reason, shall not be construed as a waiver of any right to do so at any 
time."

Any provider of appreciable size will have spammers on their network. 
Such is life. However, as long as the provider swiftly terminates based 
on complaints, that's fine. It's the "pink contracts" and unresponsive 
providers that we need to look out for. I'm not sure how well Comcast 
handles actual spammers using their cable lines, but it doesn't seem 
that they're too responsive about zombies on their networks, which are 
just as bad.

Through the judicious use of the CBL (via the Spamhaus XBL, which I 
strongly recommend for any administrators), I've cut down my 
virus-and-zombie spam load substantially. The SpamCop BL also helps 
catch them quickly as well. The njabl.org "dynablock" list seems to list 
all/nearly all of Comcast's dynamic IP addresses, as well as those from 
many other providers. Using it would presumably limit incoming mail from 
said dynamic addresses -- most residential users should be using their 
ISP's mailserver anyway.

I'd like to see Comcast do more to stop the spam and the zombies, but 
short of pressure applied by external networks (by means of widespread 
blocking) and internal customers (who can't send mail due to the 
blocks), there's not going to be much done.

-- 
Pete Stephenson
HeyPete.com