At 13:24 01.10.97 +0100, Alex Bligh wrote:
Seconds may well matter. The next problem is to associate that user name with a person. Dead easy you may think. But the user may claim that someone else has been using their account.
In most cases, we then tell the user to change his or her password, and that if anything like this happens again, we will still close his or her account. Also, with so many people using ISDN, we can see what numbers the customer has connected from. Some have tried that one; that somebody else used their account. So, when you ask them: "Is xxxxx your phone-number?" and they answer "yes", we can tell them that the connection was made from that phonenumber.
Thus you also need to log CLI (calling number identity), which in turn means your telecom provider has to present it. The ISP must also have a policy on what to do with withheld or unavailable CLI. So while this seems simple, actually it isn't. Very few ISPs actually do the whole of this (IMHO).
I think we focus on the wrong problem. Most of the spam we see, come from USA. There is not much spam originating in Europe. At least not compared with USA. So, if we could get rules that prevent our own users from spamming, before it becomes a problem, we would mainly have to deal with relayed spam. If larger parts of Europe can maintain a decent policy, and especially if the larger ISPs in Europe would have such a thing, the smaller would have to follow. That is, the large ISPs in Europe must deal with spam. If the larger ISPs, who can afford to lose one or two customers because they are not willing to house spammers, refuse to take in spammers as customers, and start blocking, or at least threaten to block, mail from ISPs that _do_ accept this, most ISPs will realize that they loose more customers by not being able to offer a satisfactory service. -- Med vennlig hilsen/Regards Ina Faye-Lund Telenor Nextel AS