| Swanks |
12-09-2003 07:49 PM |
Alright so some of you may be questioning the use of open relays and proxies..
Quote:
Is Using Proxies Or Relays Legal?
A lot of concern has been paid to whether or not proxy or relaying mailing is unlawful, under the provisions of the (U) Can Spam Act of 2003.
These are some sections of the law:
(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
(1) accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
So. here we go with the ?intent to deceive? clause again. It never said the using Relays or Proxies in or of itself, is a violation of Law. You must use them, in combination of OTHER things, in such a manner and with the ?intent to deceive?. So my use of a proxy or relay must be used to Materially misrepresent the origin of my mail. If that is true, then we look a bit further into the law. Look at the Law?s definition of materially. Clearly the use of a proxy or relay is NOT ILLEGAL. But if you use a proxy or relay, in combination with a bogus from, bogus HELO/EHLO, no remove mechanism?THEN your use of it is illegal. Why do I say that?.I added bold print.
(d) DEFINITIONS- In this section:
`(1) LOSS- The term `loss' has the meaning given that term in section 1030(e) of this title.
(2) MATERIALLY- For purposes of paragraphs (3) and (4) of subsection (a), header information or registration information is materially falsified if it is altered or concealed in a manner that would impair the ability of a recipient of the message, an Internet access service processing the message on behalf of a recipient, a person alleging a violation of this section, or a law enforcement agency to identify, locate, or respond to a person who initiated the electronic mail message or to investigate the alleged violation.
So the use of a proxy or relay appears to be fine as long as your froms are valid and you did not set them up with the intent to defraud. Setting up domains to protect my privacy is one thing and is legal. Setting them up to rip the world is not.. There is no law that says you must expose your personal data to the world. If it was, imagine all of the fortune 500 companies that incorporate in Delaware. Or Trusts? or Aliases..
Again, another section of the Law. Bold added by me:
(1) PROHIBITION OF FALSE OR MISLEADING TRANSMISSION INFORMATION- It is unlawful for any person to initiate the transmission, to a protected computer, of a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. For purposes of this paragraph--
(A) header information that is technically accurate but includes an originating electronic mail address, domain name, or Internet Protocol address the access to which for purposes of initiating the message was obtained by means of false or fraudulent pretenses or representations shall be considered materially misleading;
OK so I cannot use bogus froms, or get froms with the intent to defraud. And I cannot hack into a ?protected? computer and manipulate it.
(B) a `from' line (the line identifying or purporting to identify a person initiating the message) that accurately identifies any person who initiated the message shall not be considered materially false or materially misleading; and
(C) header information shall be considered materially misleading if it fails to identify accurately a protected computer used to initiate the message because the person initiating the message knowingly uses another protected computer to relay or retransmit the message for purposes of disguising its origin.
So if my froms are valid, remove link works, I use a valid physical address ? does not say onshore, offshore, Mailboxes,Etc. ? then I do not see this as a problem.
This law has AOL, the DMA, Microsoft and others written all over it. They use or will use third party mailers to send out their stuff on their behalf. They also use mail servers that do not report the original server. And I will tell you what?they Won?t stop. The difference is that they can tell you who they are and they insure that the removes and froms work and are valid. And I can prove that?hands down.
The safest method by far, as you already know, is direct mailing and setting up valid froms through a registrar that provides private registrations. A LOT of them are out there. As long as SOMEONE can be contacted if shit hits the fan, you?re fine. Nobody is getting into trouble for making a mistake or trying to do what?s right. This is STILL the LAND OF THE FREE and THE HOME OF THE BRAVE.
And By The Way, look at an anti-spammer post regarding the use of a proxy or relay. Judge for yourself:
From: [email protected] (Sunpoint)
Newsgroups: news.admin.net-abuse.email
Subject: Re: "Criminal" Open Proxy Hijacking ?????
Organization: http://groups.google.com/
Lines: 374
Message-ID: <[email protected] >
References: <[email protected] > <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Date: Wed, 10 Sep 2003 21:54:03 GMT
NNTP-Posting-Host: 209.190.4.3
X-Complaints-To: [email protected]
X-Trace: news 1063230843 209.190.4.3 (Wed, 10 Sep 2003 17:54:03 EDT)
NNTP-Posting-Date: Wed, 10 Sep 2003 17:54:03 EDT
Ron,
After speaking with an Attoney that specializes in Computer Crime for
the FBI in Seattle WA, let me tell you what he said. If someone sets
up a proxy,
HTTPS/SOCKS4/SOCKS4A/SOCKS 5, and they choose not to set any secutity
on that server, then that proxy by nature is OPEN there by giving
IMPLIED CONSENT!
Those 2 words right there are the whole problem with OPEN PROXY!
Refering to your point(s); if a person has not by passed any security
(User name and password) then there is implied consent if it is an
open proxy. If you have implied consent, then you are able to use that computer, until
such time as some type of security measure is implemented, and
bypassed. Once that measure has been implemented, and bypassed, it becomes CRIMINAL, and NOT until such time.
Please take special note that NOTHING is STOLEN until that time. No
security has been breached. If damages occur to that server during
which time that they allow traffic to pass through their machine, that is the sole
responsibility of the server administrator. The term "Interstate
Commerce" ONLY applies if that server is the server where commerce takes
place, NOT if it has traffic relayed through it.
This is an actual post in NANAE, not planted. If you have doubts, check it out further, or go the Direct Mailing route. A LOT of new stuff is coming right down the road a bit J.
What?s YOUR take on this?
|
|
