Network Working Group S. Hambridge Request for Comments: 2635 INTEL FYI: 35 A. Lunde Category: Informational Northwestern University June 1999
Network Working Group S. Hambridge Request for Comments: 2635 INTEL FYI: 35 A. Lunde Category: Informational Northwestern University June 1999
DON'T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*)
不要为大量未经请求的邮件和帖子(垃圾邮件*)制定一套指导原则
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
This document explains why mass unsolicited electronic mail messages are harmful in the Internetworking community. It gives a set of guidelines for dealing with unsolicited mail for users, for system administrators, news administrators, and mailing list managers. It also makes suggestions Internet Service Providers might follow.
本文档解释了为什么大量未经请求的电子邮件在互联网社区中有害。它为用户、系统管理员、新闻管理员和邮件列表管理员提供了一套处理未经请求邮件的指导原则。它还提出了互联网服务提供商可能遵循的建议。
The Internet's origins in the Research and Education communities played an important role in the foundation and formation of Internet culture. This culture defined rules for network etiquette (netiquette) and communication based on the Internet's being relatively off-limits to commercial enterprise.
互联网在研究和教育社区中的起源对网络文化的建立和形成起着重要的作用。这种文化定义了网络礼仪(netiquette)和通信规则,其基础是互联网对商业企业的限制相对较低。
This all changed when U.S. Government was no longer the primary funding body for the U.S. Internet, when the Internet truly went global, and when all commercial enterprises were allowed to join what had been strictly research networks. Internet culture had become deeply embedded in the protocols the network used. Although the social context has changed, the technical limits of the Internet protocols still require a person to enforce certain limits on resource usage for the 'Net to function effectively. Strong authentication was not built into the News and Mail protocols. The only thing that is saving the Internet from congestion collapse is the voluntary inclusion of TCP backoff in almost all of the TCP/IP
当美国政府不再是美国互联网的主要资助机构,当互联网真正走向全球,当所有商业企业都被允许加入严格意义上的研究网络时,这一切都改变了。互联网文化已经深深地嵌入到网络使用的协议中。尽管社会环境发生了变化,但互联网协议的技术限制仍然要求人们对资源使用实施一定的限制,以使“网络”有效运行。新闻和邮件协议中没有内置强身份验证。唯一能使互联网免于拥塞崩溃的是在几乎所有的TCP/IP协议中自愿加入TCP退避
driver code on the Internet. There is no end-to-end cost accounting and/or cost recovery. Bandwidth is shared among all traffic without resource reservation (although this is changing).
互联网上的驱动程序代码。没有端到端成本核算和/或成本回收。带宽在所有流量之间共享,无需资源预留(尽管这正在改变)。
Unfortunately for all of us, the culture so carefully nurtured through the early years of the Internet was not fully transferred to all those new entities hooking into the bandwidth. Many of those entities believe they have found a paradise of thousands of potential customers each of whom is desperate to learn about stunning new business opportunities. Alternatively, some of the new netizens believe all people should at least hear about the one true religion or political party or process. And some of them know that almost no one wants to hear their message but just can't resist how inexpensive the net can be to use. While there may be thousands of folks desperate for any potential message, mass mailings or Netnews postings are not at all appropriate on the 'Net.
不幸的是,对于我们所有人来说,互联网早期精心培育的文化并没有完全转移到所有接入带宽的新实体。这些实体中的许多人相信,他们已经找到了成千上万潜在客户的天堂,每个人都渴望了解惊人的新商机。或者,一些新网民认为,所有人都应该至少听到一个真正的宗教、政党或进程。他们中的一些人知道,几乎没有人想听到他们的信息,但他们无法抗拒网络的使用成本。虽然可能有成千上万的人迫切需要任何潜在的信息,但在“网络”上群发邮件或网络新闻帖子是完全不合适的。
This document explains why mass unsolicited email and Netnews posting (aka spam) is bad, what to do if you get it, what webmasters, postmasters, and news admins can do about it, and how an Internet Service Provider might respond to it.
本文档解释了为什么大量未经请求的电子邮件和网络新闻发布(又称垃圾邮件)是不好的,如果你收到它该怎么办,网站管理员、邮局管理员和新闻管理员可以做什么,以及互联网服务提供商可能会如何应对。
The term "spam" as it is used to denote mass unsolicited mailings or netnews postings is derived from a Monty Python sketch set in a movie/tv studio cafeteria. During that sketch, the word "spam" takes over each item offered on the menu until the entire dialogue consists of nothing but "spam spam spam spam spam spam and spam." This so closely resembles what happens when mass unsolicited mail and posts take over mailing lists and netnews groups that the term has been pushed into common usage in the Internet community.
术语“垃圾邮件”用于表示大量未经请求的邮件或网络新闻帖子,它来源于电影/电视演播室自助餐厅中的蒙蒂Python草图。在这个草图中,“垃圾邮件”一词占据了菜单上的每一项,直到整个对话只包含“垃圾邮件和垃圾邮件”这与大量未经请求的邮件和帖子占据邮件列表和网络新闻组时发生的情况极为相似,以至于这个词在互联网社区中已被普遍使用。
When unsolicited mail is sent to a mailing list and/or news group it frequently generates more hate mail to the list or group or apparent sender by people who do not realize the true source of the message. If the mailing contains suggestions for removing your name from a mailing list, 10s to 100s of people will respond to the list with "remove" messages meant for the originator. So, the original message (spam) creates more unwanted mail (spam spam spam spam), which generates more unwanted mail (spam spam spam spam spam spam and spam). Similar occurrences are perpetrated in newsgroups, but this is held somewhat in check by "cancelbots" (programs which cancel postings) triggered by mass posting. Recently, cancelbots have grown less in favor with those administering News servers since the cancelbots are now generating the same amount of traffic as spam. Even News admins are beginning to use filters, demonstrating that spam spam spam spam spam spam and spam is a monumental problem.
当未经请求的邮件被发送到邮件列表和/或新闻组时,往往会产生更多的仇恨邮件给列表或组或明显的发件人,而这些人并不知道邮件的真正来源。如果邮件中包含将您的姓名从邮件列表中删除的建议,则10到100%的人会对该列表作出回复,并发送“删除”消息,该消息是针对发起者的。因此,原始邮件(垃圾邮件)会产生更多不需要的邮件(垃圾邮件),从而产生更多不需要的邮件(垃圾邮件和垃圾邮件)。在新闻组中也有类似的情况发生,但这在一定程度上受到了由大规模发布触发的“取消发布程序”(取消发布的程序)的控制。最近,由于CancelBot现在产生的流量与垃圾邮件的流量相同,因此CancelBot在管理新闻服务器的人中越来越不受欢迎。甚至新闻管理员也开始使用过滤器,证明垃圾邮件和垃圾邮件是一个巨大的问题。
In the world of paper mail we're all used to receiving unsolicited circulars, advertisements, and catalogs. Generally we don't object to this - we look at what we find of interest, and we discard/recycle the rest. Why should receiving unsolicited email be any different?
在纸质邮件的世界里,我们都习惯于接收未经请求的通知、广告和目录。一般来说,我们并不反对这一点——我们关注我们感兴趣的东西,然后丢弃/回收其余的。为什么接收未经请求的电子邮件会有所不同?
The answer is that the cost model is different. In the paper world, the cost of mailing is borne by the sender. The sender must pay for the privilege of creating the ad and the cost of mailing it to the recipient. An average paper commercial mailing in the U.S. ends up costing about $1.00 per addressee. In the world of electronic communications, the recipient bears the majority of the cost. Yes, the sender still has to compose the message and the sender has to pay for Internet connectivity. However, the recipient ALSO has to pay for Internet connectivity and possibly also connect time charges and for disk space. For electronic mailings the recipient is expected to help share the cost of the mailing. Bulk Internet mail from the U.S. ends up costing the sender only about 1/100th of a cent per address; or FOUR ORDERS of magnitude LESS than bulk paper mailings!
答案是成本模式不同。在纸面世界,邮寄费用由发件人承担。发送者必须支付创建广告的特权以及将广告邮寄给接收者的费用。在美国,一封普通的纸质商业邮件最终每个收件人的成本约为1.00美元。在电子通信领域,收件人承担了大部分成本。是的,发件人仍然必须撰写邮件,并且发件人必须为互联网连接付费。但是,收件人还必须支付互联网连接费用,可能还需要支付连接时间费用和磁盘空间费用。对于电子邮件,收件人应帮助分担邮寄费用。从美国发来的大量互联网邮件最终只花了发送者每个地址1/100美分的费用;或者比批量纸质邮件少四个数量级!
Of course, this cost model is very popular with those looking for cheap methods to get their message out. By the same token, it's very unpopular with people who have to pay for their messages just to find that their mailbox is full of junk mail. Neither do they appreciate being forced to spend time learning how to filter out unwanted messages. Consider this: if you had to pay for receiving paper mail would you pay for junk mail?
当然,这种成本模型非常受那些寻找廉价方法来传播信息的人的欢迎。出于同样的原因,这是非常不受欢迎的人谁不得不支付他们的邮件,只是发现他们的邮箱充满了垃圾邮件。他们也不喜欢被迫花时间学习如何过滤掉不需要的信息。想一想:如果你不得不为收到纸质邮件付费,你会支付垃圾邮件吗?
Another consideration is that the increase in volume of spam will have an impact on the viability of electronic mail as a communications medium. If, when you went to your postal mail box you found four crates of mail, would you be willing to search through the crates for the one or two pieces of mail which were not advertising? Spam has a tremendous potential to create this scenario in the electronic world.
另一个考虑因素是,垃圾邮件数量的增加将对电子邮件作为通信媒介的可行性产生影响。如果你去你的邮政信箱时发现了四箱邮件,你愿意在这些箱子里搜寻一到两件没有广告的邮件吗?垃圾邮件有巨大的潜力在电子世界中创造这种局面。
Frequently spammers indulge in unethical behavior such as using mail servers which allow mail to be relayed to send huge amounts of electronic solicitations. Or they forge their headers to make it look as if the mail originates from a different domain. These people don't care that they're intruding into a personal or business mailbox nor do they care that they are using other people's resources without compensating them.
垃圾邮件发送者经常沉溺于不道德的行为,比如使用邮件服务器,允许邮件被转发,以发送大量的电子邀约。或者他们伪造邮件头,使邮件看起来好像来自不同的域。这些人不在乎他们闯入了个人或商业邮箱,也不在乎他们使用他人的资源而不给予补偿。
The huge cost difference has other bad effects. Since even a very cheap paper mailing is going to cost tens of (U.S.) cents there is a real incentive to send only to those really likely to be interested.
巨大的成本差异还有其他不良影响。因为即使是一封非常便宜的纸质邮件也要花费几十美分,所以只有那些真正感兴趣的人才有真正的动机。
So paper bulk mailers frequently pay a premium to get high quality mailing lists, carefully prune out bad addresses and pay for services to update old addresses. Bulk email is so cheap that hardly anyone sending it bothers to do any of this. As a result, the chance that the receiver is actually interested in the mail is very, very, very low.
因此,纸质批量邮寄者通常会支付额外费用,以获得高质量的邮件列表,仔细删掉不好的地址,并支付更新旧地址的服务费用。批量电子邮件是如此便宜,几乎没有人发送它费心去做这些事情。因此,接收者真正对邮件感兴趣的可能性非常非常低。
As of the date of this document, it is a daily event on the Internet for a mail service to melt-down due to an overload of spam. Every few months this happens to a large/major/regional/ national/international service provider resulting in denial of or severe degradation of service to hundreds of thousands of users. Such service degradations usually prompt the providers to spend hundreds of thousands of dollars upgrading their mail service equipment just because of the volume of spam. Service providers pass those costs on to customers.
自本文件发布之日起,互联网上每天都会发生邮件服务因垃圾邮件过载而崩溃的事件。每隔几个月,这种情况就会发生在大型/大型/区域/国家/国际服务提供商身上,导致数十万用户的服务遭到拒绝或严重降级。这种服务质量下降通常会促使提供商花费数十万美元升级他们的邮件服务设备,仅仅是因为垃圾邮件的数量。服务提供商将这些成本转嫁给客户。
Doesn't the U.S. Constitution guarantee the ability to say whatever one likes? First, the U.S. Constitution is law only in the U.S., and the Internet is global. There are places your mail will reach where free speech is not a given. Second, the U.S. Constitution does NOT guarantee one the right to say whatever one likes. In general, the U.S. Constitution refers to political freedom of speech and not to commercial freedom of speech. Finally, and most importantly, the U.S. Constitution DOES NOT guarantee the right to seize the private property of others in order to broadcast your speech. The Internet consists of a vast number of privately owned networks in voluntary cooperation. There are laws which govern other areas of electronic communication, namely the "junk fax" laws. Although these have yet to be applied to electronic mail they are still an example of the "curbing" of "free speech." Free speech does not, in general, require other people to spend their money and resources to deliver or accept your message.
难道美国宪法不保证人们可以随心所欲地说话吗?首先,美国宪法只是美国的法律,互联网是全球性的。有些地方你的邮件会到达,而言论自由不是一个既定的目标。第二,美国宪法并不能保证人们有权随心所欲地说话。总的来说,美国宪法指的是政治言论自由,而不是商业言论自由。最后,也是最重要的一点,美国宪法并没有保障为播放你的演讲而没收他人私有财产的权利。互联网由大量自愿合作的私有网络组成。还有一些法律管辖电子通信的其他领域,即“垃圾传真”法。虽然这些还没有应用到电子邮件中,但它们仍然是“限制”言论自由的一个例子。一般来说,言论自由并不要求其他人花费他们的金钱和资源来传递或接受你的信息。
Most responsible Internet citizens have come to regard unsolicited mail/posts as "theft of service". Since the recipient must pay for the service and for the most part the mail/posts are advertisements of unsolicited "stuff" (products, services, information) those receiving it believe that the practice of making the recipient pay constitutes theft.
大多数负责任的互联网公民已经开始将未经请求的邮件/帖子视为“窃取服务”。由于收件人必须为服务付费,而且大部分邮件/帖子都是未经请求的“东西”(产品、服务、信息)的广告,因此,收到这些邮件的人认为让收件人付费的做法构成了盗窃。
The crux of sending large amounts of unsolicited mail and news is not a legal issue so much as an ethical one. If you are tempted to send unsolicited "information" ask yourself these questions: "Whose resources is this using?" "Did they consent in advance?" "What would happen if everybody (or a very large number of people) did this?" "How would you feel if 90% of the mail you received was advertisements for stuff you didn't want?" "How would you feel if 95%
发送大量未经请求的邮件和新闻与其说是一个法律问题,不如说是一个道德问题。如果你想发送未经请求的“信息”,问问自己这些问题:“这是谁的资源?”“他们事先同意了吗?”“如果每个人(或很多人)都这么做了会发生什么?”“如果你收到的邮件中90%是你不想要的东西的广告,你会有什么感觉?”“如果95%,你会有什么感觉
of the mail you received was advertisements for stuff you didn't want?" "How would you feel if 99% of the mail you received was advertisements for stuff you didn't want?"
“如果你收到的邮件中99%是你不想要的东西的广告,你会有什么感觉?”
Although numbers on the volume and rate of increase of spam are not easy to find, seat-of-the-pants estimates from the people on spam discussion mailing lists [1] indicate that unsolicited mail/posts seems to be following the same path of exponential growth as the Internet as a whole [2]. This is NOT encouraging, as this kind of increase puts a strain on servers, connections, routers, and the bandwidth of the Internet as a whole. On a per person basis, unsolicited mail is also on the increase, and individuals also have to bear the increasing cost of increasing numbers of unsolicited and unwanted mail. People interested in hard numbers may want to point their web browsers to http://www.techweb.com/se/directlink.cgi?INW19980504S0003 where Internet Week reports what spam costs.
虽然关于垃圾邮件数量和增长率的数字并不容易找到,但垃圾邮件讨论邮件列表中的人们的真实估计[1]表明,未经请求的邮件/帖子似乎与整个互联网的指数增长路径相同[2]。这并不令人鼓舞,因为这种增长给服务器、连接、路由器和整个互联网的带宽带来了压力。就人均而言,未经请求的邮件也在增加,个人还必须承担不断增加的未经请求和不需要的邮件数量的成本。对硬性数字感兴趣的人可能希望将他们的web浏览器指向http://www.techweb.com/se/directlink.cgi?INW19980504S0003 《互联网周刊》报道了垃圾邮件的成本。
Finally, sending large volumes of unsolicited email or posting voluminous numbers of Netnews postings is just plain rude. Consider the following analogy: Suppose you discovered a large party going on in a house on your block. Uninvited, you appear, then join each group in conversation, force your way in, SHOUT YOUR OPINION (with a megaphone) of whatever you happen to be thinking about at the time, drown out all other conversation, then scream "discrimination" when folks tell you you're being rude.
最后,发送大量未经请求的电子邮件或发布大量的Netnews帖子是非常粗鲁的。考虑下面的类比:假设你发现一个大型聚会在你街区的房子里进行。不请自来,你出现,然后加入每个小组的对话,强行进入,大声说出你的意见(用扩音器),不管你当时在想什么,淹没所有其他的对话,然后当别人告诉你你很粗鲁时尖叫“歧视”。
To continue the party analogy, suppose instead of forcing your way into each group you stood on the outskirts a while and listened to the conversation. Then you gradually began to add comments relevant to the discussion. Then you began to tell people your opinion of the issues they were discussing; they would probably be less inclined to look badly on your intrusion. Note that you are still intruding. And that it would still be considered rude to offer to sell products or services to the guests even if the products and services were relevant to the discussion. You are in the wrong venue and you need to find the right one.
为了继续进行派对类比,假设你站在郊外听对话,而不是强行进入每个小组。然后,您逐渐开始添加与讨论相关的评论。然后你开始告诉人们你对他们正在讨论的问题的看法;他们可能不会太在意你的闯入。请注意,您仍然在入侵。即使产品和服务与讨论相关,向客人出售产品或服务仍将被视为无礼。你在错误的地点,你需要找到正确的地点。
Lots of spammers act as if their behavior can be forgiven by beginning their messages with an apology, or by personalizing their messages with the recipient's real name, or by using a number of ingratiating techniques. But much like the techniques used by Uriah Heep in Dickens' _David Copperfield_, these usually have an effect opposite to the one intended. Poor excuses ("It's not illegal," "This will be the only message you receive," "This is an ad," "It's easy to REMOVE yourself from our list") are still excuses. Moreover, they are likely to make the recipient MORE aggravated rather than
许多垃圾邮件发送者表现得好像他们的行为可以被原谅,他们在邮件开头道歉,或者用收件人的真实姓名对邮件进行个性化处理,或者使用一些讨好手段。但就像狄更斯的《大卫·科波菲尔》中乌利亚·希普使用的技巧一样,这些技巧通常会产生与预期相反的效果。糟糕的借口(“这不违法”,“这将是你收到的唯一消息”,“这是一则广告”,“很容易从我们的名单中删除你自己”)仍然是借口。此外,它们可能会使接受者更为恼火,而不是愤怒
less aggravated.
没有那么严重。
In particular, there are two very severe problems with believing that a "remove" feature to stop future mail helps: (1) Careful tests have been done with sending remove requests for "virgin" email accounts (that have never been used anywhere else). In over 80% of the cases, this resulted in a deluge of unsolicited email, although usually from other sources than the one the remove was sent to. In other words, if you don't like unsolicited mail, you should think carefully before using a remove feature because the evidence is that it will result in more mail not less. (2) Even if it did work, it would not stop lots of new unsolicited email every day from new businesses that hadn't mailed before.
特别是,如果认为“删除”功能有助于阻止未来的邮件,则存在两个非常严重的问题:(1)已对发送“virgin”电子邮件帐户的删除请求进行了仔细的测试(在其他地方从未使用过)。在超过80%的案例中,这导致了大量未经请求的电子邮件,尽管通常来自于被删除邮件的其他来源。换句话说,如果你不喜欢未经请求的邮件,你应该在使用删除功能之前仔细考虑,因为有证据表明它会导致更多的邮件而不是更少的邮件。(2) 即使它真的起作用了,它也不会阻止每天都有大量新的未经请求的电子邮件从以前没有发送过邮件的新企业发送过来。
4a. ACK! I've Been Spammed - Now What?
4a。啊!我被发垃圾邮件了-现在怎么办?
It's unpleasant to receive mail which you do not want. It's even more unpleasant if you're paying for connect time to download it. And it's really unpleasant to receive mail on topics which you find offensive. Now that you're good and mad, what's an appropriate response?
收到你不想要的邮件很不愉快。如果你支付连接时间下载它,那就更令人不快了。收到关于你觉得冒犯性话题的邮件真的很不愉快。既然你既善良又疯狂,那么什么才是合适的回答呢?
First, you always have the option to delete it and get on with your life. This is the easiest and safest response. It does not guarantee you won't get more of the same in the future, but it does take care of the current problem. Also, if you do not read your mail on a regular basis it is possible that your complaint is much too late to do any good.
首先,你总是可以选择删除它,继续你的生活。这是最简单、最安全的回应。这并不能保证你将来不会得到更多同样的东西,但它确实解决了当前的问题。此外,如果你不定期阅读你的邮件,你的抱怨可能太晚了,没有任何好处。
Second, consider strategies that take advantage of screening technology. You might investigate technologies that allow you to filter unwanted mail before you see it. Some software allows you to scan subject lines and delete unwanted messages before you download them. Other programs can be configured to download portions of messages, check them to see if they are advertising (for example) and delete them before the whole message is downloaded.
其次,考虑利用筛选技术的策略。您可以研究允许您在看到不需要的邮件之前过滤邮件的技术。有些软件允许您在下载之前扫描主题行并删除不需要的消息。其他程序可以配置为下载部分消息,检查它们是否在广告中(例如),并在下载整个消息之前删除它们。
Also, your organization or your local Internet Service Provider may have the ability to block unwanted mail at their mail relay machines and thus spare you the hassle of dealing with it at all. It is worth inquiring about this possibility if you are the victim of frequent spam.
此外,您的组织或您当地的互联网服务提供商可能有能力在其邮件中继机器上阻止不需要的邮件,从而让您完全不必为处理这些邮件而烦恼。如果您是频繁垃圾邮件的受害者,那么值得探究这种可能性。
Your personal mailer software may allow you to write rules defining what you do and do not wish to read. If so, write a rule which sends mail from the originator of the unwanted mail to the trash. This will work if one sender or site repeatedly bothers you. You may also consider writing other rules based on other headers if you are sure
您的个人邮件程序软件可能允许您编写规则,定义您要阅读和不想阅读的内容。如果是这样,请编写一条规则,将不需要的邮件的发起者的邮件发送到垃圾箱。如果一个发送者或站点一再打扰你,这将起作用。如果您确信的话,您也可以考虑编写基于其他标题的其他规则。
the probability of them being activated for non-spam is low enough. That way, although you may still have to pay to download it, you won't have to read it!
它们被激活为非垃圾邮件的概率足够低。这样,虽然你可能仍然需要付费才能下载,但你不必阅读它!
Third, you may consider sending the mail back to the originator objecting to your being on the mailing-list; however, we recommend against this. First, a lot of spammers disguise who they are and where their mail comes from by forging the mail headers. Unless you are very experienced at reading headers discovering the true origin of the mail will probably prove difficult. Although you can engage your local support staff to help you with this, they may have much higher priorities (such as setting up site-wide filters to prevent spam from entering the site). Second, responding to this email will simply verify your address as valid and make your address more valuable for other (ab)uses (as was mentioned above in Section 3). Third, even if the two previous things do not happen, very probably your mail will be directed to the computer equivalent of a black hole (the bit-bucket).
第三,您可以考虑将邮件发送给发起人,反对邮件列表中的您;但是,我们建议不要这样做。首先,许多垃圾邮件发送者通过伪造邮件头来伪装他们是谁以及他们的邮件来自何处。除非你在阅读邮件头方面很有经验,否则发现邮件的真正来源可能会很困难。尽管您可以让本地支持人员来帮助您,但他们可能有更高的优先级(例如设置站点范围的过滤器以防止垃圾邮件进入站点)。第二,回复这封电子邮件只需验证您的地址是否有效,并使您的地址对其他(ab)用途更有价值(如上文第3节所述)。第三,即使前面两件事没有发生,你的邮件也很可能会被定向到相当于黑洞(比特桶)的计算机上。
As of the writing of this document, there are several pieces of pending legislation in several jurisdictions about the sending of unsolicited mail and also about forging headers. If forging of headers should become illegal, then responding to the sender is less risky and may be useful.
截至本文件撰写之时,在多个司法管辖区,有几项关于发送未经请求的邮件以及伪造邮件头的未决立法。如果伪造头应该是非法的,那么响应发送者的风险较小,并且可能有用。
Certainly we advocate communicating to the originator (as best as you can tell) to let them know you will NOT be buying any products from them as you object to the method they have chosen to conduct their business (aka spam). Most responses through media other than electronic mail (mostly by those who take the time to phone included "800" (free to calling party in the U.S.) phone numbers) have proved somewhat effective. You can also call the business the advertisement is for, ask to speak to someone in authority, and then tell them you will never buy their products or use their services because their advertising mechanism is spam.
当然,我们主张与发起者沟通(尽你所能),让他们知道你不会从他们那里购买任何产品,因为你反对他们选择的开展业务的方法(又称垃圾邮件)。大多数通过电子邮件以外的媒体做出的回应(大部分是那些花时间打电话的人,包括“800”(美国的免费电话号码)在某种程度上证明是有效的。你也可以打电话给广告所针对的企业,要求与权威人士交谈,然后告诉他们你永远不会购买他们的产品或使用他们的服务,因为他们的广告机制是垃圾邮件。
Next, you can carbon copy or forward the questionable mail messages or news postings to your postmaster. You can do this by sending mail "To: Postmaster@your-site.example." Your postmaster should be an expert at reading mail headers and will be able to tell if the originating address is forged. He or she may be able to pinpoint the real culprit and help close down the site. If your postmaster wants to know about unsolicited mail, be sure s/he gets a copy, including headers. You will need to find out the local policy and comply.
接下来,你可以复制或转发有问题的邮件或新闻帖子给你的邮政局长。您可以通过将“邮件”发送至:Postmaster@your-你的邮政局长应该是阅读邮件标题的专家,并且能够辨别原始地址是否伪造。他或她可能能够找出真正的罪犯,并帮助关闭该网站。如果您的邮政局长想了解未经请求的邮件,请确保他/她收到一份副本,包括邮件标题。您需要了解当地的政策并遵守。
*** IMPORTANT ***
*** IMPORTANT ***
Wherever you send a complaint, be sure to include the full headers (most mail and news programs don't display the full headers by default). For mail it is especially important to show the "Received:" headers. For Usenet news, it is the "Path:" header. These normally show the route by which the mail or news was delivered. Without them, it's impossible to even begin to tell where the message originated. See the appendix for an example of a mail header.
无论您在哪里发送投诉,请确保包含完整的标题(大多数邮件和新闻节目默认情况下不显示完整的标题)。对于邮件,显示“已接收:”标题尤为重要。对于Usenet新闻,它是“路径:”标题。它们通常显示邮件或新闻的发送路线。如果没有它们,就不可能知道信息的来源。有关邮件标题的示例,请参见附录。
There is lively and ongoing debate about the validity of changing one's email address in a Web Browser in order to have Netnews posts and email look as if it is originating from some spot other than where it does originate. The reasoning behind this is that web email address harvesters will not be getting a real address when it encounters these. There is reason on both sides of this debate: If you change your address, you will not be as visible to the harvesters, but if you change your address, real people who need to contact you will be cut off as well. Also, if you are using the Internet through an organization such as a company, the company may have policies about "forging" addresses - even your own! Most people agree that the consequences of changing your email address on your browser or even in your mail headers is fairly dangerous and will nearly guarantee your mail goes into a black hole unless you are very sure you know what you are doing.
关于在网络浏览器中更改电子邮件地址以使Netnews帖子和电子邮件看起来像是来自某个地方而不是来自某个地方的有效性,存在着激烈而持续的争论。这背后的原因是,web电子邮件地址收割机在遇到这些问题时将无法获得真实地址。这场争论的双方都有理由:如果你改变地址,收割机就看不到你,但是如果你改变地址,需要联系你的真实的人也会被切断。此外,如果您通过公司等组织使用互联网,公司可能会有“伪造”地址的政策——甚至是您自己的地址!大多数人都认为,在浏览器上甚至在邮件头上更改电子邮件地址的后果相当危险,除非你非常确定自己知道自己在做什么,否则几乎可以保证你的邮件会进入黑洞。
Finally, DO NOT respond by sending back large volumes of unsolicited mail. Two wrongs do not make a right; do not become your enemy; and take it easy on the network. While the legal status of spam is uncertain, the legal status (at least in the U.S.) of a "mail bomb" (large numbers and/or sizes of messages to the site with the intent of disabling or injuring the site) is pretty clear: it is criminal.
最后,不要回复大量未经请求的邮件。两错不等于一对;不要成为你的敌人;在网络上放松一下。虽然垃圾邮件的法律地位尚不确定,但“邮件炸弹”(大量和/或大小的邮件发送到网站,目的是禁用或损坏网站)的法律地位(至少在美国)非常明确:它是犯罪行为。
There is a web site called "www.abuse.net" which allows you to register, then send your message to the name of the "offending-domain@abuse.net," which will re-mail your message to the best reporting address for the offending domain. The site contains good tips for reporting abuse netnews or email messages. It also has some automated tools that you may download to help you filter your messages. Also check CIAC bulletin I-005 at:
有一个名为“www.crash.net”的网站,允许你注册,然后将你的信息发送到“冒犯者”的名字-domain@abuse.net,“这会将您的邮件重新发送到违规域的最佳报告地址。该网站包含报告网络新闻或电子邮件信息滥用的好技巧。它也有一些自动化的工具,你可以下载来帮助你过滤你的信息。也可查看CIAC公告I-005,网址为:
http://ciac.llnl.gov/ciac/bulletins/i-005c.shtml
http://ciac.llnl.gov/ciac/bulletins/i-005c.shtml
or at:
或浏览:
http://spam.abuse.net/spam/tools/mailblock.html.
http://spam.abuse.net/spam/tools/mailblock.html.
Check the Appendix for a detailed explanation of tools and methodology to use when trying to chase down a spammer.
查看附录,了解追查垃圾邮件发送者时使用的工具和方法的详细说明。
4b. There's a Spam in My Group!
4b。我的群里有垃圾邮件!
Netnews is also subject to spamming. Here several factors help to mitigate against the propagation of spam in news, although they don't entirely solve the problem. Newsgroups and mailing lists may be moderated, which means that a moderator approves all mail/posts. If this is the case, the moderator usually acts as a filter to remove unwanted and off-topic posts/mail.
网络新闻也受到垃圾邮件的影响。这里有几个因素有助于缓解新闻中垃圾邮件的传播,尽管它们并不能完全解决问题。可以对新闻组和邮件列表进行审核,这意味着审核人批准所有邮件/帖子。如果是这种情况,版主通常充当过滤器,以删除不需要的和离题的帖子/邮件。
In Netnews there are programs which detect posts which have been sent to multiple groups or which detect multiple posts from the same source to one group. These programs cancel the posts. While these work and keep unsolicited posts down, they are not 100% effective and spam in newsgroups seems to be growing at an even faster rate than spam in mail or on mailing lists. After all, it's much easier to post to a newsgroup for which there are thousands of readers than it is to find individual email addresses for all those folks. Hence the development of the "cancelbots" (sometimes called "cancelmoose") for Netnews groups. Cancelbots are triggered when one message is sent to a large number of newsgroups or when many small messages are sent (from one sender) to the same newsgroup. In general these are tuned to the "Breidbart Index" [3] which is a somewhat fuzzy measure of the interactions of the number of posts and number of groups. This is fuzzy purposefully, so that people will not post a number of messages just under the index and still "get away with it." And as noted above, the cancel messages have reached such a volume now that a lot of News administrators are beginning to write filters rather than send cancels. Still spam gets through, so what can a concerned netizen do?
在Netnews中,有一些程序可以检测发送到多个组的帖子,或者检测从同一来源发送到一个组的多篇帖子。这些程序会取消帖子。虽然这些方法有效地抑制了未经请求的帖子,但它们并不是100%有效,新闻组中的垃圾邮件似乎比邮件或邮件列表中的垃圾邮件增长得更快。毕竟,向拥有数千名读者的新闻组发帖要比为所有这些人找到单独的电子邮件地址容易得多。因此,为网络新闻组开发了“cancelbots”(有时称为“cancelmoose”)。当一条消息被发送到大量新闻组或许多小消息(从一个发件人)被发送到同一新闻组时,将触发CancelBot。一般来说,这些都是调整到“布雷巴特指数”[3],这是一个有点模糊的衡量职位数量和群体数量相互作用的指标。这是故意模糊的,因此人们不会在索引下发布大量消息,仍然“侥幸逃脱”。如上所述,取消消息的数量已经达到如此之大,以至于许多新闻管理员开始编写过滤器,而不是发送取消消息。垃圾信息仍然存在,那么一个关注的网民能做些什么呢?
If there is a group moderator, make sure s/he knows that off-topic posts are slipping into the group. If there is no moderator, you could take the same steps for dealing with news as are recommended for mail with all the same caveats.
如果有小组主持人,请确保他/她知道非主题帖子正在悄悄进入小组。如果没有版主,你可以采取与邮件相同的步骤来处理新闻,但要注意的事项是相同的。
A reasonable printed reference one might obtain has been published by O'Reilly and Associates, _Stopping Spam_, by Alan Schwartz and Simson Garfinkel [4]. This book also has interesting histories of spammers such as Cantor and Siegel, and Jeff Slaton. It gives fairly clear instructions for filtering mail and news.
一个可能获得的合理的印刷参考已经由O'Reilly和Associates出版,Alan Schwartz和Simson Garfinkel出版[4]。这本书也有有趣的历史垃圾邮件,如康托和西格尔,杰夫斯莱顿。它为过滤邮件和新闻提供了相当清晰的说明。
As a system administrator, news administrator, local Postmaster, or mailing-list administrator, your users will come to you for help in dealing with unwanted mail and posts. First, find out what your institution's policy is regarding unwanted/unsolicited mail. It is possible that it won't do anything for you, but it is also possible to use it to justify blocking a domain which is sending particularly offensive mail to your users. If you don't have a clear policy, it would be really useful to create one. If you are a mailing-list administrator, make sure your mailing-list charter forbids off-topic posts. If your internal-only newsgroups are getting spammed from the outside of your institution, you probably have bigger security problems than just spam.
作为系统管理员、新闻管理员、本地邮政管理员或邮件列表管理员,您的用户将在处理不需要的邮件和帖子时向您寻求帮助。首先,了解贵机构对不需要的/未经请求的邮件的政策。它可能不会为您做任何事情,但也可能用它来证明阻止一个向您的用户发送特别攻击性邮件的域是正当的。如果您没有明确的策略,那么创建一个策略将非常有用。如果您是邮件列表管理员,请确保您的邮件列表章程禁止发表离题文章。如果您的仅限内部的新闻组收到来自机构外部的垃圾邮件,您可能会遇到比垃圾邮件更大的安全问题。
Make sure that your mail and news transports are configured to reject messages injected by parties outside your domain. Recently misconfigured Netnews servers have become subject to hijacking by spammers. SMTP source routing <@relay.host:user@dest.host> is becoming deprecated due to its overwhelming abuse by spammers. You should configure your mail transport to reject relayed messages (when neither the sender nor the recipient are within your domain). Check:
确保您的邮件和新闻传输配置为拒绝域外各方注入的邮件。最近,配置错误的Netnews服务器已成为垃圾邮件发送者劫持的对象。SMTP源路由<@relay.host:user@dest.host>由于它被垃圾邮件发送者大量滥用,越来越不受欢迎。您应该将邮件传输配置为拒绝中继邮件(当发件人和收件人都不在您的域内时)。检查:
http://www.sendmail.org/
http://www.sendmail.org/
under the "Anti-Spam" heading.
在“反垃圾邮件”标题下。
If you run a firewall at your site, it can be configured in ways to discourage spam. For example, if your firewall is a gateway host that itself contains an NNTP server, ensure that it is configured so it does not allow access from external sites except your news feeds. If your firewall acts as a proxy for an external news-server, ensure that it does not accept NNTP connections other than from your internal network. Both these potential holes have recently been exploited by spammers. Ensure that email messages generated within your domain have proper identity information in the headers, and that users cannot forge headers. Be sure your headers have all the correct information as stipulated by RFC 822 [5] and RFC 1123 [6].
如果你在你的站点上运行防火墙,它可以配置为阻止垃圾邮件。例如,如果您的防火墙是一个本身包含NNTP服务器的网关主机,请确保对其进行了配置,使其不允许从除新闻源之外的外部站点进行访问。如果防火墙充当外部新闻服务器的代理,请确保它不接受来自内部网络以外的NNTP连接。这两个潜在漏洞最近都被垃圾邮件发送者利用。确保在域内生成的电子邮件的标题中包含正确的身份信息,并且用户不能伪造标题。确保标题包含RFC 822[5]和RFC 1123[6]规定的所有正确信息。
If you are running a mailing-list, allowing postings only by subscribers means a spammer would actually have to join your list before sending spam messages, which is unlikely. Make sure your charter forbids any off-topic posts. There is another spam-related problem with mailing-lists which is that spammers like to retaliate on those who work against them by mass-subscribing their enemies to mailing-lists. Your mailing-list software should require confirmation of the subscription, and only then should the address be subscribed.
如果您正在运行邮件列表,则仅允许订阅者发布邮件意味着垃圾邮件发送者实际上必须在发送垃圾邮件之前加入您的列表,这是不可能的。确保你的章程禁止任何离题文章。邮件列表还有另一个与垃圾邮件相关的问题,即垃圾邮件发送者喜欢通过向邮件列表中的敌人大量订阅来报复那些与他们作对的人。您的邮件列表软件应要求确认订阅,然后才应订阅地址。
It is possible, if you are running a mail transfer agent that allows it, to block persistant offending sites from ever getting mail into your site. However, careful consideration should be taken before taking that step. For example, be careful not to block out sites for which you run MX records! In the long run, it may be most useful to
如果您正在运行允许它的邮件传输代理,则有可能阻止持续存在的违规站点将邮件接收到您的站点。然而,在采取这一步骤之前,应仔细考虑。例如,小心不要屏蔽运行MX记录的站点!从长远来看,这可能是最有用的
help your users learn enough about their mailers so that they can write rules to filter their own mail, or provide rules and kill files for them to use, if they so choose.
帮助您的用户充分了解他们的邮件程序,以便他们可以编写规则来过滤自己的邮件,或者提供规则并删除文件供他们使用(如果他们愿意)。
There is information about how to configure sendmail available at "www.sendmail.org." Help is also available at "spam.abuse.net."
“www.sendmail.org”上提供了有关如何配置sendmail的信息。“spam.滥用.net”上也提供了帮助
Another good strategy is to use Internet tools such as whois and traceroute to find which ISP is serving your problem site. Notify the postmaster or abuse (abuse@offending-domain.example) address that they have an offender. Be sure to pass on all header information in your messages to help them with tracking down the offender. If they have a policy against using their service to post unsolicited mail they will need more than just your say-so that there is a problem. Also, the "originating" site may be a victim of the offender as well. It's not unknown for those sending this kind of mail to bounce their mail through dial-up accounts, or off unprotected mail servers at other sites. Use caution and courtesy in your approach to those who look like the offender.
另一个好的策略是使用诸如whois和traceroute之类的Internet工具来查找哪个ISP为您的问题站点提供服务。通知邮政局长或滥用(abuse@offending-域名。例如)他们有罪犯的地址。确保传递消息中的所有标题信息,以帮助他们追踪罪犯。如果他们有一项政策禁止使用他们的服务投递未经请求的邮件,那么他们需要的不仅仅是你的发言权,这样就有问题了。此外,“始发地”也可能是罪犯的受害者。对于那些发送此类邮件的人来说,通过拨号帐户或其他站点上未受保护的邮件服务器跳转邮件并非未知。在对待那些看起来像罪犯的人时要谨慎和礼貌。
News spammers use similar techniques for sending spam to the groups. They have been known to forge headers and bounce posts off "open" news machines and remailers to cover their tracks. During the height of the infamous David Rhodes "Make Money Fast" posts, it was not unheard of for students to walk away from terminals which were logged in, and for sneaky folks to then use their accounts to forge posts, much to the later embarrassment of both the student and the institution.
新闻垃圾邮件发送者使用类似的技术向群组发送垃圾邮件。众所周知,他们通过“开放式”新闻机器和重发器伪造标题和反弹帖子来掩盖自己的行踪。在臭名昭著的大卫·罗德斯(David Rhodes)“快速赚钱”帖子的鼎盛时期,学生离开登录的终端,偷偷摸摸的人利用自己的账户伪造帖子,这并非闻所未闻,这让学生和学校后来都很尴尬。
One way to lessen problems is to avoid using mail-to URLs on your web pages. They allow email addresses to be easily harvested by those institutions grabbing email addresses off the web. If you need to have an email address prevalent on a web page, consider using a cgi script to generate the mailto address.
减少问题的一种方法是避免在网页上使用邮件到URL。它们允许那些从网上获取电子邮件地址的机构轻松获取电子邮件地址。如果您需要在网页上拥有电子邮件地址,请考虑使用CGI脚本来生成Melto地址。
Participate in mailing lists and news groups which discuss unsolicited mail/posts and the problems associated with it. News.admin.net-abuse.misc is probably the most well-known of these.
参与讨论未经请求的邮件/帖子及其相关问题的邮件列表和新闻组。News.admin.net-rapple.misc可能是其中最有名的。
As an Internet Service Provider, you first and foremost should decide what your stance against unsolicited mail and posts will be. If you decide not to tolerate unsolicited mail, write a clear Acceptable Use Policy which states your position and delineates consequences for abuse. If you state that you will not tolerate use of your resource for unsolicited mail/posts, and that the consequence will be loss of service, you should be able to cancel offending accounts relatively quickly (after verifying that the account really IS being mis-used). If you have downstreaming arrangements with other providers, you should make sure they are aware of any policy you set. Likewise, you should be aware of your upstream providers' policies.
作为一个互联网服务提供商,你首先应该决定你对不请自来的邮件和帖子的立场。如果您决定不容忍未经请求的邮件,请写一份明确的可接受使用政策,说明您的立场并描述滥用的后果。如果您声明您不会容忍将您的资源用于未经请求的邮件/帖子,并且结果将导致服务丢失,您应该能够相对快速地取消违规帐户(在验证帐户确实被误用后)。如果您与其他提供商有顺流安排,则应确保他们了解您设置的任何策略。同样,您应该了解上游供应商的政策。
Consider limiting access for dialup accounts so they cannot be used by those who spew. Make sure your mail servers aren't open for mail to be bounced off them (except for legitimate users). Make sure your mail transfer agents are the most up-to-date version (which pass security audits) of the software.
考虑对拨号帐户进行限制访问,这样它们就不能被那些用户使用。确保您的邮件服务器未打开,邮件无法从服务器上弹回(合法用户除外)。确保您的邮件传输代理是软件的最新版本(通过安全审核)。
Educate your users about how to react to spew and spewers. Make sure instructions for writing rules for mailers are clear and available. Support their efforts to deal with unwanted mail at the local level - taking some of the burden from your system administrators.
教育用户如何应对喷溅和喷溅。确保为邮寄者编写规则的说明清晰可用。支持他们在本地级别处理不需要的邮件,从而减轻系统管理员的一些负担。
Make sure you have an address for abuse complaints. If complainers can routinely send mail to "abuse@BigISP.example" and you have someone assigned to read that mail, workflow will be much smoother. Don't require people complaining about spam to use some unique local address for complaints. Read and use 'postmaster' and 'abuse'. We recommend adherence to RFC 2142, _Mailbox Names for Common Services, Roles and Functions._ [7].
确保你有虐待投诉的地址。如果投诉人可以定期发送邮件至“abuse@BigISP.example“如果你有专人负责阅读邮件,工作流程将更加顺畅。不要要求投诉垃圾邮件的人使用一些独特的本地地址进行投诉。阅读并使用“邮政局长”和“滥用”。我们建议遵守RFC 2142,公共服务、角色和功能的邮箱名称。
Finally, write your contracts and terms and conditions in such language that allows you to suspend service for offenders, and so that you can impose a charge on them for your costs in handling the complaints their abuse generates and/or terminating their account and cleaning up the mess they make. Some large ISPs have found that they can fund much of their abuse prevention staff by imposing such charges. Make sure all your customers sign the agreement before their accounts are activated. There is a list of "good" Acceptable Use Policies and Terms of Service at:
最后,用这样的语言写下你的合同、条款和条件,允许你暂停为违法者服务,这样你就可以向他们收取处理他们被滥用而产生的投诉和/或终止他们的账户和清理他们造成的混乱的费用。一些大型ISP发现,通过收取此类费用,他们可以为大部分防止虐待工作人员提供资金。确保所有客户在激活其帐户之前签署协议。以下是“良好”可接受使用政策和服务条款列表:
http://spam.abuse.net/goodsites/index.html.
http://spam.abuse.net/goodsites/index.html.
Legally, you may be able to stop spammers and spam relayers, but this is certainly dependent on the jurisdictions involved. Potentially, the passing of spam via third party computers, especially if the
从法律上讲,您可以阻止垃圾邮件发送者和垃圾邮件转送者,但这当然取决于所涉及的司法管辖区。可能是通过第三方计算机传递垃圾邮件,尤其是
headers are forged, could be a criminal action depending on the laws of the particular jurisdiction(s) involved. If your site is being used as a spam relay, be sure to contact local and national criminal law enforcement agencies. Site operators may also want to consider bringing civil actions against the spammer for expropriation of property, in particular the computer time and network bandwidth. In addition, when a mailing list is involved, there is a potential intellectual property rights violation.
页眉是伪造的,根据所涉及的特定司法管辖区的法律可能是刑事诉讼。如果您的网站被用作垃圾邮件中继,请务必联系当地和国家刑事执法机构。网站运营商也可能会考虑采取民事行动对垃圾邮件发送者征收财产,特别是计算机时间和网络带宽。此外,当涉及邮件列表时,可能会侵犯知识产权。
There are a few law suits in the courts now which claim spammers interfered with and endangered network connectivity. At least one company is attempting to charge spammers for the use of its networks (www.kclink.com/spam/).
现在法庭上有几起诉讼声称垃圾邮件发送者干扰并危及网络连接。至少有一家公司试图对使用其网络的垃圾邮件发送者收费(www.kclink.com/spam/)。
Certain actions to stop spamming may cause problems to legitimate users of the net. There is a risk that filters to stop spamming will unintentionally stop legitimate mail too. Overloading postmasters with complaints about spamming may cause trouble to the wrong person, someone who is not responsible for and cannot do anything to avoid the spamming activity, or it may cause trouble out of proportion to the abuse you are complaining about. Be sure to exercise discretion and good judgment in all these cases. Check your local escalation procedure. The Site Security Handbook [2] can help define an escalation procedure if your site does not have one defined.
阻止垃圾邮件的某些行动可能会给网络的合法用户带来问题。阻止垃圾邮件的过滤器也有可能无意中阻止合法邮件。邮递员对垃圾邮件的投诉过多,可能会给错误的人带来麻烦,这些人不应对垃圾邮件活动负责,也无法避免垃圾邮件活动,或者可能会造成与您所抱怨的滥用行为不成比例的麻烦。在所有这些情况下,一定要运用谨慎和良好的判断力。检查您的本地升级程序。如果您的站点没有定义上报程序,那么站点安全手册[2]可以帮助定义上报程序。
Lower levels of network security interact with the ability to trace spam via logs or message headers. Measures to stop various sorts of DNS and IP spoofing can make this information more reliable. Spammers can and will exploit obvious security weaknesses, especially in NNTP servers. This can lead to denial of service, either from the sheer volume of posts, or as a result of action taken by upstream providers.
较低级别的网络安全与通过日志或消息头跟踪垃圾邮件的能力相互作用。阻止各种DNS和IP欺骗的措施可以使这些信息更加可靠。垃圾邮件发送者可以而且将利用明显的安全弱点,特别是在NNTP服务器中。这可能导致拒绝服务,无论是由于大量的帖子,还是由于上游提供商采取的行动。
Thanks for help from the IETF-RUN working group, and also to all the spew-fighters. Specific thanks are due to J.D. Falk, whose very helpful Anti-spam FAQ proved valuable. Thanks are also due to the vigilance of Scott Hazen Mueller and Paul Vixie, who run spam.abuse.net, the Anti-spam web site. Thanks also to Jacob Palme, Chip Rosenthal, Karl Auerbach for specific text: Jacob for the Security Considerations section, Chip for the configuration suggestions in section 5, Karl for the legal considerations. Andrew Gierth was very helpful with Netnews spam considerations. And thanks to Gary Malkin for proofing and formatting.
感谢IETF-RUN工作组的帮助,也感谢所有spew战斗机。特别感谢J.D.Falk,他非常有用的反垃圾邮件常见问题解答证明了其价值。还要感谢Scott Hazen Mueller和Paul Vixie的警觉,他们运营着反垃圾邮件网站spam.crack.net。还要感谢Jacob Palme、Chip Rosenthal、Karl Auerbach提供的具体文本:Jacob提供了安全注意事项部分,Chip提供了第5部分中的配置建议,Karl提供了法律注意事项。Andrew Gierth在考虑网络新闻垃圾邮件方面非常有帮助。感谢Gary Malkin的校对和格式化。
[1] See for example spam-l@peach.ease.lsoft.com
[1] 例如,请参见垃圾邮件-l@peach.ease.lsoft.com
[2] Fraser, B., "Site Security Handbook", FYI 8, RFC 2196, September 1997.
[2] Fraser,B.,《现场安全手册》,第8期,RFC 2196,1997年9月。
[3] "Current Spam thresholds and guidelines," Lewis, Chris and Tim Skirvin, http://www.killfile.org/~tskirvin/faqs/spam.html.
[3] “当前垃圾邮件阈值和准则”,Lewis、Chris和Tim Skirvin,http://www.killfile.org/~tskirvin/faqs/spam.html。
[4] Schwartz, Alan and Simson Garfinkel, "Stopping Spam," O'Reilly and Associates, 1998.
[4] Schwartz,Alan和Simson Garfinkel,“阻止垃圾邮件”,O'Reilly and Associates,1998年。
[5] Crocker, D., "Standard for the format of ARPA Internet text messages", STD 11, RFC 822, August 1982.
[5] Crocker,D.,“ARPA互联网文本信息格式标准”,STD 11,RFC 822,1982年8月。
[6] Braden, R., "Requirements for Internet hosts - application and support", STD 3, RFC 1123, October 1989.
[6] Braden,R.,“互联网主机的要求-应用和支持”,STD 3,RFC 1123,1989年10月。
[7] Crocker, D., "Mailbox Names for Common Services, Roles and Functions", RFC 2142, May 1997.
[7] Crocker,D.,“公共服务、角色和功能的邮箱名称”,RFC 2142,1997年5月。
* Spam is a name of a meat product made by Hormel. "spam" (no capitalization) is routinely used to describe unsolicited bulk email and netnews posts.
* Spam是Hormel生产的肉制品的名称。“垃圾邮件”(不大写)通常用于描述未经请求的大量电子邮件和网络新闻帖子。
In a large proportion of spams today, complaining to the postmaster of the site that is the apparent sender of a message will have little effect because either the headers are forged to disguise the source of the message, or the senders of the message run their own system/domain, or both.
在今天的大部分垃圾邮件中,向网站的邮局主管投诉邮件的明显发件人几乎没有效果,因为要么邮件头是伪造的,以掩盖邮件的来源,要么邮件的发件人运行自己的系统/域,要么两者兼而有之。
As a result, it may be necessary to look carefully at the headers of a message to see what parts are most reliable, and/or to complain to the second or third-level Internet providers who provide Internet service to a problem domain.
因此,可能需要仔细查看邮件的标题,以查看哪些部分最可靠,和/或向向向问题域提供Internet服务的二级或三级Internet提供商投诉。
In many cases, getting reports with full headers from various recipients of a spam can help locate the source. In extreme cases of header forgery, only examination of logs on multiple systems can trace the source of a message.
在许多情况下,从垃圾邮件的不同收件人处获取带有完整标题的报告有助于找到源。在头部伪造的极端情况下,只有检查多个系统上的日志才能跟踪消息的来源。
With only one message in hand, one has to make an educated guess as to the source. The following are only rough guidelines.
只有一条信息在手,一个人必须对信息来源做出有根据的猜测。以下只是粗略的指南。
In the case of mail messages, "Received:" headers added by systems under control of the destination organization are most likely to be reliable. You can't trust what the source domain calls itself, but you can usually use the source IP address since that is determined by the destination domain's server.
对于邮件消息,由目标组织控制的系统添加的“已接收:”标题最有可能是可靠的。您不能信任源域自己调用的内容,但您通常可以使用源IP地址,因为这是由目标域的服务器决定的。
In naive mail forgeries, the "Message-ID:" header may show the first SMTP server to handle the message and/or the "Received:" headers may all be accurate, but neither can be relied on. Be especially wary when the Received: headers have other headers intermixed. Normally, Received: headers are all together in a block, and when split up, one or the other blocks is probably forged.
在原始邮件伪造中,“Message ID:”标头可能显示第一个处理邮件的SMTP服务器和/或“Received:”标头可能都是准确的,但两者都不可靠。当接收到的消息头与其他消息头混杂在一起时,要特别小心。通常,Received:header都在一个块中,当分割时,一个或另一个块可能是伪造的。
In the case of news messages, some part of the Path: header may be a forgery; only reports from multiple sites can make this clear. In naive news forgeries, the "NNTP-Posting-Host:" header shows the actual source, but this can be forged too.
对于新闻消息,路径的某些部分:头可能是伪造的;只有来自多个站点的报告才能清楚地说明这一点。在原始新闻伪造中,“NNTP POST Host:”标题显示实际来源,但也可以伪造。
If a spam message advertises an Internet server like a WWW site, that server must be connected to the network to be usable. Therefore that address can be traced. It is appropriate to complain to the ISP hosting a web site advertised in a SPAM, even if the origin of the spam seems to be elsewhere. Be aware that the spam could be an attack on the advertised site; the perpetrator knows the site will be deluged with complaints and their reputation will be damaged. Any spam with an electronic address in it is suspect because most spammers know they're unwelcome and won't make themselves accessible.
如果垃圾邮件向互联网服务器(如WWW站点)发布广告,则该服务器必须连接到网络才能使用。因此,该地址可以被追踪。即使垃圾邮件的来源似乎在其他地方,也可以向发布垃圾邮件的网站的ISP投诉。请注意,垃圾邮件可能是对广告站点的攻击;犯罪者知道网站将充斥着投诉,他们的声誉将受到损害。任何带有电子地址的垃圾邮件都是可疑的,因为大多数垃圾邮件发送者知道他们不受欢迎,并且不会让他们自己被访问。
Here is an example mail header:
下面是一个示例邮件头:
---- From friendlymail@209.214.12.258.com Thu Feb 26 20:32:47 1998 Received: from clio.sc.intel.com by Ludwig.sc.intel.com (4.1/SMI-4.1) id AA05377; Thu, 26 Feb 98 20:32:46 PST Received: from 209.214.12.258.com (209.214.12.258.com [208.26.102.16]) by clio.sc.intel.com (8.8.6/8.8.5) with ESMTP id UAA29637 for <sallyh@intel.com>; Thu, 26 Feb 1998 20:33:30 -0800 (PST) Received: ok X-Sender: promo1@gotosportsbook.com X-Advertisement: <a href="http://www.opt-out.com"> Click here to be removed. Date: Thu, 26 Feb 1998 23:23:03 -0500 From: Sent By <promo1@gotosportsbook.com> Reply-To: Sent By <promo1@gotosportsbook.com> To: friend@bulkmailer Subject: Ad: FREE $50 in Sportsbook & Casino X-Mailer: AK-Mail 3.0b [eng] (unregistered) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: friendlymail@aqua.258.com Message-Id: <bulk.6508.19980226232535@aqua.258.com> Status: R ----
---- From friendlymail@209.214.12.258.com Thu Feb 26 20:32:47 1998 Received: from clio.sc.intel.com by Ludwig.sc.intel.com (4.1/SMI-4.1) id AA05377; Thu, 26 Feb 98 20:32:46 PST Received: from 209.214.12.258.com (209.214.12.258.com [208.26.102.16]) by clio.sc.intel.com (8.8.6/8.8.5) with ESMTP id UAA29637 for <sallyh@intel.com>; Thu, 26 Feb 1998 20:33:30 -0800 (PST) Received: ok X-Sender: promo1@gotosportsbook.com X-Advertisement: <a href="http://www.opt-out.com"> Click here to be removed. Date: Thu, 26 Feb 1998 23:23:03 -0500 From: Sent By <promo1@gotosportsbook.com> Reply-To: Sent By <promo1@gotosportsbook.com> To: friend@bulkmailer Subject: Ad: FREE $50 in Sportsbook & Casino X-Mailer: AK-Mail 3.0b [eng] (unregistered) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: friendlymail@aqua.258.com Message-Id: <bulk.6508.19980226232535@aqua.258.com> Status: R ----
Doing a traceroute on an IP address or DNS address will show what domains provide IP connectivity from you to that address.
在IP地址或DNS地址上执行跟踪路由将显示哪些域提供从您到该地址的IP连接。
Using whois and nslookup, one can try to determine who is administratively responsible for a domain.
使用whois和nslookup,可以尝试确定谁对域负有管理责任。
In simple cases, a user of a responsible site may be exploiting an account or a weakness in dial-up security; in those cases a complaint to a single site may be sufficient. However, it may be appropriate to complain to more than one domain, especially when it looks like the spammers run their own system.
在简单的情况下,责任站点的用户可能正在利用帐户或拨号安全的弱点;在这些情况下,向单个现场投诉就足够了。但是,向多个域投诉可能是合适的,特别是当垃圾邮件发送者运行自己的系统时。
If you look at the traceroute to an address, you will normally see a series of domains between you and that address, with one or more wide-area/national Internet Service Providers in the middle and "smaller" networks/domains on either end. It may be appropriate to complain to the domains nearer the source, up to and including the closest wide-area ISP. However, this is a judgement call.
如果你查看TraceRouTE到一个地址,你通常会看到你和那个地址之间的一系列域,中间有一个或多个广域/国家互联网服务提供商和两端的“更小”的网络/域名。可能适合向距离源较近的域(包括最近的广域ISP)投诉。然而,这是一种判断。
If an intermediate site appears to be a known, responsible domain, stopping your complaints at this point makes sense.
如果一个中间站点似乎是一个已知的、负责任的域,那么此时停止您的投诉是有意义的。
Authors' Information
作者信息
Sally Hambridge Intel Corp, SC11-321 2200 Mission College blvd Santa Clara, CA 95052
Sally Hambridge Intel Corp,SC11-321加利福尼亚州圣克拉拉市教会学院大道2200号,邮编95052
EMail: sallyh@ludwig.sc.intel.com
EMail: sallyh@ludwig.sc.intel.com
Albert Lunde Northwestern University Suite 1400 1603 Orrington Avenue Evanston, IL 60201
伊利诺伊州埃文斯顿奥林顿大道1603号阿尔伯特伦德西北大学1400室60201
EMail: Albert-Lunde@nwu.edu
EMail: Albert-Lunde@nwu.edu
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。