[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Handling of Abuse Complaints
- Subject: Handling of Abuse Complaints
- From: bill at herrin.us (William Herrin)
- Date: Mon, 29 Aug 2016 14:17:53 -0400
- In-reply-to: <[email protected]>
- References: <CABD5cReam84fjnxeenr05BMj=N9GfsUUCLi98jZpjY0gEL1PwQ@mail.gmail.com> <CAP-guGVA725R7LJBuSHm8RVri8akh24eLAi29VLDo80n37W7=Q@mail.gmail.com> <a[email protected]> <[email protected]> <[email protected]>
On Mon, Aug 29, 2016 at 12:47 PM, Steve Atkins <steve at blighty.com> wrote:
> Unless your abuse / security desk is staffed by
> lawyers it's probably better to avoid words like
> "criminal" and "unlawfully" altogether
Not really an ambiguous situation IMHO, but whatever floats your boat.
Bear in mind, though, that if you reasonably suspect your company is
caught up in a specific violation of the law and you fail to validate
and/or end the violation, your inaction brings liability on the
company. Even though you're not a lawyer.
That's true from the highest executive to the lowest janitor.
> and stick to "in violation of our ToS".
This I would avoid. A ToS is a contract. Contracts are open to
negotiation. The law is not. If you don't want to say "unlawfully
attack," then stop at "attack."
On Mon, Aug 29, 2016 at 1:04 PM, Laszlo Hanyecz <laszlo at heliacal.net> wrote:
> I know this is against the popular religion here but how is this abuse on
> the part of your customer? Google, Level3 and many others also run open
> resolvers, because they're useful services. This is why we can't have nice
> things.
Google mitigates the attack vector with rate limiting through custom
software. I would venture a guess that Jason's customer is not that
sophisticated.
Regards,
Bill Herrin
--
William Herrin ................ herrin at dirtside.com bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>