| Ref # |
Principle or Proposed Principle
|
| 3SH001 |
Third Party Script Hosting Services should maintain an adequately and competently staffed abuse desk on a 24 hour, 365 day per year basis. The contact details for the abuse desk should be readily and easily accessible on the website of the Third Party Script Hosting Service, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| 3SH002 |
Third Party Script Hosting Services should ensure that their Terms of Service include a strong antispam clause, including but not limited to prohibiting:
- Sending unsolicited bulk/commercial email
- Receiving replies from unsolicited bulk/commercial emails sent from any other service provider
- Using scripts on any website promoted in unsolicited bulk/commercial emails
- Using scripts in any HTML-format email sent unsolicited
- Or in any other way used directly or indirectly in connection with unsolicited communications, or aiding the promotion of spamming, spamming tools or services
with violation resulting in immediate account termination without further warning, barring the offender from future use of the service, and reporting of the violation and termination to the email and other service providers known or believed to be used by the offender.
|
| 3SH003 |
Third Party Script Hosting Services, in their Privacy Statements, should reserve the right to pass on all information regarding breaches of their Terms of Service to any other service provider known or believed to be used by the offender. |
| 3SH004 |
Upon receipt of an evidence-based abuse report, the abuse desk of the Third Party Script Hosting Service should investigate the complaint and take action within two (2) hours. If the complaint is valid, the account should be terminated immediately. If the complaint cannot be properly investigated within two (2) hours, the account should be temporarily suspended while the investigation continues. All complainants should be sent a reply stating the outcome of the investigation and the action taken. |
| 3SH005 |
Where an account termination per 3SH004 occurs, the Third Party Script Hosting Service should lodge abuse reports with the email and service providers of the offender, advising them of the offence, providing evidence thereof, and requesting the termination of all accounts and services associated with the offender. |
| 3SH006 |
Scripts provided by Third Party Script Hosting Services should never require the user to place their email address within the HTML of their web/email page in order for the script to work. |
| 3SH007 |
Third Party Script Hosting Services should verify the authenticity of all email addresses used by their customers within scripts. This may be done using a method akin to the confirmed-opt-in (sometimes referred to as 'double-opt-in') procedures of mailing lists prior to a script becoming functional. |
| 3SH008 |
Third Party Script Hosting Services should prevent the use of their accounts being used as "drop boxes" or for redirection to "drop boxes" for spam replies by placing a strict limit on the number of emails any one account may receive in any given time period. (For the sake of example and recommendation only - Maximum of 10 in any one hour period.)
Accounts breaching the set threshold should be automatically suspended pending investigation. Investigation should be completed within two (2) hours of the triggering of the automatic suspension. If the breach is innocent, the suspension should be removed. If evidence of "drop box" activity is clear, the account should be terminated and evidence of IP and other identifying data of any person trying to access the account recorded and abuse reports lodged to the offender's ISP.
|
| 3SH009 |
Where a Third Party Script Hosting Service provides scripts for interactive forums (including but not limited to chat rooms, message boards, classified advertisements, guest books, and similar), the Third Party Script Hosting Service should ensure that the privacy of the email addresses of all users is protected, by non-publication of such email addresses (except where the user has voluntarily added their email address in the body of their message/s). |
| 3SH010 |
|
| 3SH011 |
|
| 3SH012 |
|