At LINX44 I was tasked with bringing to LINX45 a revised version of the LINX document “Best Current Practise on the handling of Unsolicited Bulk Mail”, the Spam BCP. Based on the discussions within the Spam NCAP committee, and thanks to a lot of work from Richard Clayton (the Spam NCAP committee chair), that document is now available for review; there is also a diff.
The new version contains a number of minor textual corrections and updates, but also a good number of substantial changes. The key changes are:
- Under the proposed new BCP, ISPs must treat use of spam to promote secondary services as an abuse of that other service, even when they are not the ISP originating the spam.
- The proposed BCP now requires action to be taken against spam-supported web sites and other services. Where a web site owner has deliberately used spam to advertise his web site, and has used ISP A to send the spam and ISP B to host the web site, ISP A must take action against the spam and, independently, ISP B must take action against the web site.
- There is extensive discussion of the need to be sure that the web site owner has deliberately or negligently used or permitted spam to be used to promote the web site, so that this requirement does not permit spam advertising to become a new form of denial-of-service attack.
- Web site owners are placed under an obligation to do all they reasonably can to ensure that connected third-parties such as franchisees do not spamvertise the web site
- The ISP must inform the customer that an automated anti-spam filter is in effect
- The ISP must explain to the customer the nature of the filter
- The ISP must educate the customer about any potentially harmful side-effects
I would now like feedback on whether this document is ready to go forward, and any amends you would like to propose.
I have also had a proposal from NTL that the BCP should be amended to permit ISPs to withdraw their email@example.com address, and replace it with a web form. NTL believes that this increases the usefulness of spam reports they receive, and enables them to respond more efficiently and effectively. Comments on this proposal are also solicited.