|
Summary
Free Web Hosting services are very
attractive to spammers because of the anonymity they offer and the
speed and affordability of establishing and re-establishing multiple
accounts when one is terminated.
Accordingly, network security measures and
policies at Free Web Site Hosting services need particular vigilance to
prevent their attractiveness to spammers, and to prevent the loss of
reputation a lax attitude on this matter has created for a number of
existing and former free web hosting services.
|
| Ref # |
Principle or Proposed Principle
|
| FHS001 |
Free Website Hosting Services should
maintain an adequately and competently staffed abuse desk on a 24 hour,
365 day per year basis. The contact details for the abuse desk should
be readily and easily accessible on the website of the Free Web Email
Service, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| FHS002 |
Free Website Hosting Services should ensure
that their Terms of Service include a strong antispam clause, including
but not limited to prohibiting:
- "spamvertising" of the web site,
- being linked to from a "spamvertised"
website
- promoting spamming services or
distributing or encouraging spamming services or lists of email
addresses
- linking to "spamware" or sites promoting
"spamware"
with violation resulting in immediate account termination without
further warning, barring the offender from future use of the service,
and reporting of the violation and termination to the email and other
service providers known or believed to be used by the offender. |
| FHS003 |
Free Web Hosting Services, in their Privacy
Statements, should reserve the right to pass on all information
regarding breaches of their Terms of Service to any other service
provider known or believed to be used by the offender. |
| FHS004 |
Upon receipt of an evidence-based abuse
report, the abuse desk of the Free Web Hosting Service should
investigate the complaint and take action within two (2) hours. If the
complaint is valid, the account should be terminated immediately, the
offender barred from future use of the service, and the violation and
termination reported to the other service providers known or believed
to be used by the offender. If the complaint cannot be properly
investigated within two (2) hours, the account should be temporarily
suspended while the investigation continues. All complainants should be
sent a reply stating the outcome of the investigation and the action
taken. |
| FHS005 |
Where a Free Web Hosting Service offers
CGI-BIN or similar script hosting facilities, or access to Secure
Socket Layer pages, the Free Website Hosting Service should configure
the access to such services/facilities in a manner such that they may
only be accessed directly from within the domain of that Free Website
Hosting Service. Put another way, no script or SSL page should function
or be accessible if linked to from any other domain. |
| FHS006 |
Free Web Hosting Services should, in
relation to FHS005, ensure that, even where access to scripts or SSL
pages come from within their own domain, that the referring page within
that domain is not merely being used as an automatic redirection to the
script or SSL page in order to circumvent the restriction imposed by
FHS005. All scripts and SSL servers should be configured so as to bar
access, even within their own domain, from pages with redirect commands. |
| FHS007 |
Where abuse has been reported and verified,
Free Web Hosting Services should implement IP blocking to prevent
offenders from opening new accounts. |
| FHS008 |
Free Web Hosting Services should implement
technologies that allow only for manual human sign-up for accounts and
services, prohibiting and preventing robotic sign-ups. |
| FHS009 |
|
| FHS010 |
|
| FHS011 |
|
| FHS012 |
|
|
