|
BestPrac.Org
Stop Spam : Best Practice in Email
Spam Prevention and Eradication
Principles of Best Practice -
Web Hosting Services:
Summary:
Web Hosting Services, along with ISPs, are the "front line" to prevent spam at source.
Spammers use Web Hosting Services for SMTP email server connectivity, and to host or promote spamvertised goods or services.
Web Hosts have a vital role to play in managing network security measures to prevent the operation or reward of spamming syndicates or individuals - and also in protecting their honest hosting clients from becoming spam recipients.
|
| Ref # |
Principle or Proposed Principle
|
| WHS001 |
Web Hosting Services should include in their Terms of Service / Acceptable Use Policy a strongly worded antispamming provision, covering prohibitions against any involvement in spamming - including but not limited to:
- Sending unsolicited bulk/commercial email
- Receiving responses by any means (email, http, or otherwise) from unsolicited bulk/commercial email sent via any other provider.
- being linked to from a "spamvertised" website
- promoting spamming services or distributing or encouraging spamming services or lists of email addresses
- linking to "spamware" or sites promoting "spamware"
with violation resulting in immediate account termination without further warning, barring the offender from future use of the service, reporting of the violation and termination to the email and other service providers known or believed to be used by the offender.and the imposition of a "cleanup" fee. (For the sake of example and recommendation only - $US1,000-00 .)
|
| WHS002 |
Web Hosting Services should maintain an adequately and competently staffed abuse desk on a 24 hour, 365 day per year basis. The contact details for the abuse desk should be readily and easily accessible on the website of the Web Hosting Service, and also listed with the Network Abuse Clearinghouse at http://abuse.net |
| WHS003 |
Upon receipt of an evidence-based abuse report, the abuse desk of the Web Hosting Services should investigate the complaint and take action within two (2) hours. If the complaint is valid, the account or service of the perpetrator should be terminated immediately, the offender barred from future use of the service, and the violation and termination reported to the other service providers known or believed to be used by the offender. If the complaint cannot be properly investigated within two (2) hours, the account or service to the alleged perpetrator should be temporarily suspended while the investigation continues. All complainants should be sent a reply stating the outcome of the investigation and the action taken. |
| WHS004 |
Web Hosting Services, in their Privacy Statements, should reserve the right to pass on all information regarding breaches of their Terms of Service to any other service provider known or believed to be used by the offender. |
| WHS005 |
Web Hosting Services should, as a part of their Terms of Service, require that any mailing list hosted on their service may be subscribed to only via a confirmed-opt-in (sometimes referred to as 'double-opt-in') or a paid subscription procedure. The Web Hosting Service may, at its discretion, grant exemption from this requirement in the case of the transfer of mailing lists from other services, providing that the Web Hosting Service has conducted appropriate checks to assure themselves that such lists, when compiled, were done so by either confirmed-opt-in (sometimes referred to as 'double-opt-in') or paid subscription bases, and that the list is in fact a legitimate same-use-and-same-ownship transfer. |
| WHS006 |
Web Hosting Services should place a cap on the volume of outgoing mail which may be sent from any one domain in any given time period. (For the sake of example and recommendation only - 1,000 in any 24 hour period, unless the client has explained to the satisfaction of the Web Hosting Service their need for a higher rate limit.) |
| WHS007 |
Where a Web Hosting Services markets its services through the use of "resellers" the Web Hosting Service must ensure that all "resellers" abide by this set of Principles of Best Practice, that the nature of the "reseller" relationship is traceable via the IP number ownership structure back to the original "supplier" Web Hosting Service, and that abuse reports regarding downstream clients are automatically routed to the upstream "supplier" Web Hosting Service. |
| WHS008 |
|
| WHS009 |
|
| WHS010 |
|
| WHS011 |
|
| WHS012 |
|
|
|
|