[RFCI-Discuss] Posit: abuse@aol.com

Andrew Rendle andrew at andrewr.co.uk
Mon Feb 27 15:26:23 EST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derek J. Balling wrote:
|
| On Feb 27, 2006, at 10:07 AM, Vincent Schonau wrote:
|
|> $VICTIM complains that the messages he's receiving constitute (part
|> of) a DDoS attack. If we accept it is, then as the volume of  message
|> redirected by $VICTIM's actions to AOL's abuse-address is  of the same
|> order of magnitude, is abusive, and AOL is entitled  (expected?) to
|> defend against it.
|
|
| Whoa whoa whoa, that logic doesn't hold up.
|
| If we accept that "trying to shoot an innocent person is murder",  then
| using your logic, he who fires back in self-defense is *also* a
| murderer, which is clearly not right.

Your analogy doesn't work - the person who returns fire in self-defence
is not a murderer because their action was necessary to protect
themself; in the original situation, it was not necessary for $VICTIM to
use a DoS quantity of mail to report a DoS attack - when the initial
report was ignored, and appropriate response would be to apply a
clue-bat, not to send 1500+ extremely similar messages to AOL's abuse desk.

| Also, it would predicate that  if
| somehow the victim could miraculously bounce those messages right  back
| at the shooter, that would also somehow make the victim into the  "bad
| guy".
|

Assuming it was possible, what would be the benefit of bouncing the
messages back to the sender?  (I mean, apart from the satisfaction off
giving them a taste of their own medicine.)  Two wrongs do not make a right.

|> I have sympathy for $VICTIMs predicament, and think his complaint  is
|> legitimate. I don't think the fact that AOL protected their
|> abuse-handling infrastructure against his or similar attacks makes
|> them rfc-ignorant (quite the opposite: the fact that they're taking
|> such measures underscores their understanding of the importance of  an
|> available and working abuse@ contact).
|
|
| I agree that they clearly think it's important, but isn't their
| rejecting of his -- perfectly legitimate and independent -- complaint
| messages simply rejecting an abuse complaint "because it looks like
spam"?
|

No, they are, I assume, rejecting the complaints because they look like
a DoS/mailbomb attempt.  The abuse.rfci listing policy allows for
complaints to be rejected on the basis of the sender's identity so long
as the criteria for accepting complaints are not excessively narrow, and
"you have just sent 1500 almost-identical complaints, we're going to
stop listening to you" is, IMHO, very targeted.

Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEA2BvIgbxbMfeCKkRAnk8AKDV2vxRLPoTUbX/FEbGl6p7G1cV0QCg48+q
jbU7jKV2wV4t6slul17eCkY=
=MjMJ
-----END PGP SIGNATURE-----

More information about the RFCI-Discuss mailing list