On Mon, 26 May 2003, Peter Deutsch wrote:
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Mon, 26 May 2003 18:53:12 PDT, Peter Deutsch said:
The case we prosecuted turned out to be a small group of kids breaking
into compute hosts, but from what I was told I would think you should be
able to use the same provision against spam relayers, since the key
element was the unauthorized use of compute cycles, not what they did
with the cycles.
IANAL by any means, but I suspect that the owner of an open relay would have
a hard time demonstrating unauthorized use of cycles to relay mail *through
an open relay*. Now if the spammer actively *bypassed* a security feature
in order to relay the mail, that would be different, as it would indicate
that they knew it was unauthorized...
Exaxtly, so you don't leave it open. Then, the only folks who would be
using you as a relay would be a) folks you've authorized to do so.
There are customers who are not on our IP address space who are authorized
to use our relays. Thats why they are open. That's why all ISPs who
operate open relays have them. SMTP AUTH just doesn't solve the problem,
for a number of reasons.
By definition the folks who are doing so without your authorization,
would be breaking the law and we have an existance proof that this stuff
is quite traceable and quite prosecutable.
Yes. That is correct. It is prosecutable whenever Type 1 or Type 2 abusers
do this. But it is usually Type 3 abusers conducting the abuse, and Type 3
is difficult to identify without Law Enforcement powers.
As a bonus, the law they would be breaking isn't one that must, in the
U.S. context, stand up to arguments about it supressing free speech and
so on. And I have no trouble with this, since you have a right to say
what you want, but I have a right not to listen, nor am I responsible
for providing you with a soapbox and megaphone...