|
BestPrac.Org
Stop Spam : Best Practice in Email
Spam Prevention and Eradication
Principles of Best Practice -
Free Web Hosting Services:
Summary
Free Web Hosting services are very attractive to spammers because of the anonymity they offer and the speed and affordability of establishing and re-establishing multiple accounts when one is terminated.
Accordingly, network security measures and policies at Free Web Site Hosting services need particular vigilance to prevent their attractiveness to spammers, and to prevent the loss of reputation a lax attitude on this matter has created for a number of existing and former free web hosting services.
|
| Ref # |
Principle or Proposed Principle
|
| FHS001 |
Free Website Hosting Services should maintain an adequately and competently staffed abuse desk on a 24 hour, 365 day per year basis. The contact details for the abuse desk should be readily and easily accessible on the website of the Free Web Email Service, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| FHS002 |
Free Website Hosting Services should ensure that their Terms of Service include a strong antispam clause, including but not limited to prohibiting:
- "spamvertising" of the web site,
- being linked to from a "spamvertised" website
- promoting spamming services or distributing or encouraging spamming services or lists of email addresses
- linking to "spamware" or sites promoting "spamware"
with violation resulting in immediate account termination without further warning, barring the offender from future use of the service, and reporting of the violation and termination to the email and other service providers known or believed to be used by the offender.
|
| FHS003 |
Free Web Hosting Services, in their Privacy Statements, should reserve the right to pass on all information regarding breaches of their Terms of Service to any other service provider known or believed to be used by the offender. |
| FHS004 |
Upon receipt of an evidence-based abuse report, the abuse desk of the Free Web Hosting Service should investigate the complaint and take action within two (2) hours. If the complaint is valid, the account should be terminated immediately, the offender barred from future use of the service, and the violation and termination reported to the other service providers known or believed to be used by the offender. If the complaint cannot be properly investigated within two (2) hours, the account should be temporarily suspended while the investigation continues. All complainants should be sent a reply stating the outcome of the investigation and the action taken. |
| FHS005 |
Where a Free Web Hosting Service offers CGI-BIN or similar script hosting facilities, or access to Secure Socket Layer pages, the Free Website Hosting Service should configure the access to such services/facilities in a manner such that they may only be accessed directly from within the domain of that Free Website Hosting Service. Put another way, no script or SSL page should function or be accessible if linked to from any other domain. |
| FHS006 |
Free Web Hosting Services should, in relation to FHS005, ensure that, even where access to scripts or SSL pages come from within their own domain, that the referring page within that domain is not merely being used as an automatic redirection to the script or SSL page in order to circumvent the restriction imposed by FHS005. All scripts and SSL servers should be configured so as to bar access, even within their own domain, from pages with redirect commands. |
| FHS007 |
Where abuse has been reported and verified, Free Web Hosting Services should implement IP blocking to prevent offenders from opening new accounts. |
| FHS008 |
Free Web Hosting Services should implement technologies that allow only for manual human sign-up for accounts and services, prohibiting and preventing robotic sign-ups. |
| FHS009 |
|
| FHS010 |
|
| FHS011 |
|
| FHS012 |
|
|
|
|