|
Summary:
Without bandwidth, there is no internet.
Without bandwidth, therefore, there also can be no spam.
For every spammer, somewhere there is a
bandwidth supplier that is not managing their network security to stop
spam from originating from their network. The terms and conditions of
supply of service downstream, and the enforcement of those terms and
conditions, ultimately will either "permit" or stop spam.
"Moral Hazard" exists, in that Backbone
Providers and Bandwidth Wholesalers earn their revenues by selling
bandwidth - and spam utilizes considerable bandwidth. In recent years
we have witnessed several major backbone providers in known financial
strife become a magnet for spam activities.
This association has made it very clear that
resolution of the spam problems in the world today rests heavily upon
the ethical practices and practical policies backbone providers and
bandwidth wholesalers live by, and enforce downstream.
|
| Ref # |
Principle or Proposed Principle
|
| BPR001 |
Backbone Providers and other Bandwidth
Wholesalers should, as a condition of service to downstream "resellers"
(including for example, but not limited to, smaller ISPs) where the
downstream reseller agrees to maintain an adequately and competently
staffed abuse desk on a 24 hour, 365 day per year basis. The abuse desk
contact details should be readily and easily accessible on the website
of the "reseller", and also listed with the Network Abuse Clearinghouse
at http://abuse.net
|
| BPR002 |
Backbone Providers and other Bandwidth
Wholesalers should, as a condition of service to downstream
"resellers", require the downstream "reseller" to include in it's Terms
of Service a strong antispamming provision, covering prohibitions
against any involvement in spamming - including but not limited to:
- Sending unsolicited bulk/commercial email
- Receiving responses by any means (email,
http, or otherwise) from unsolicited bulk/commercial email sent via any
other provider.
|
| BPR003 |
Backbone Providers and other Bandwidth
Wholesalers should, as a condition of service to downstream
"resellers", require the downstream "reseller" to include in it's
Privacy Statement (which should be readily and easily accessible at the
website of the downstream "reseller") strong privacy provisions,
including clauses stating that:
- Personal information, including email
addresses, acquired by the "reseller" in the course of their business
will never be sold, rented, swapped or in any other way provided to
third parties (other than as an integral part of the sale of the
business as a going concern);
- That the "reseller" themselves will never
use personal information, including any email address, for any purpose
for which the "reseller" has not received clear, express, prior,
optional and voluntary consent of the person about whom the personal
information pertains - and that such consent may be easily revoked by
that person at any time.
|
| BPR004 |
Backbone Providers and other Bandwidth
Wholesalers should, as a condition of service to downstream "resellers"
require weekly reports to be lodged on the number of abuse reports
received, number of accounts implicated, action taken, the turnaround
time on action taken from the receipt of the first abuse report, and
whether all complainants have been notified of the outcome of the
action action. |
| BPR005 |
Backbone Providers and other Bandwidth Wholesalers should, as a
condition of service to downstream "resellers" require that all mail
servers operated by those downstream "resellers" (and other "resellers"
under them) be properly and securely configured to prevent unauthorised
relaying of email.
|
| BPR006 |
IP Numbers should, in the first instance,
resolve to identify the downstream reseller so that complainants can
trace and report abuse to the nearest and most direct provider of the
connectivity being used by the spammer/abuser. |
| BPR007 |
IP Numbers should resolve in such a way as
to provide meaningful information to the complainant who is tracing the
IP number of not only the immediate provider of the spammer/abuser, but
also the geographical location of the server. |
| BPR008 |
Backbone Providers and Bandwidth
Wholesalers should take all available measures to intercept and destroy
all inwards bound email which has arrived after having been relayed
through any unsecured/open server. |
| BPR009 |
Backbone Providers and Bandwidth
Wholesalers should take all available measures to intercept and destroy
all outbound emails which have been sent from downstream which the
sender is attempting to relay through any unsecured/open server. This
should be done without limiting the ability of a user from accessing a
secure server at a third party for which they have legitimate access
rights. |
| |
|
| |
|
| |
|
|
