Peter:
> The role for an ISP in fighting abuse is to detect and prevent it's customer from sending malware & spam out of it's network. Not filter incoming stuff, that would be censoring.
 
Suresh:
>> I wish it were that clear cut.  You also have a role to protect your customers against threats, and to ensure that their mailbox is at least usable rather than deluged with spam.
 
Richard:
>>> this is very unpopular with legitimate businesses who wish to be fully in control of their email sending destiny -- and ISPs generally do not wish to discourage the people who cause no trouble and pay their bills regularly and on time.
 
Sascha:
>>>> And requiring to submit publications to a third party for approval prior to sending them is *not* censorship?
 
Unbelievable!!! Impressive!!! Awesome!!!
 
Discussing rules or tools for legitimate companies it is underestimating the intelligence of ISP owners. You will only create unnecessary embarrassment. You look like a bunch of public servants, who, in the absence of what to do, devise regulations as if the taxpayers were children to whom we must say how they should behave.
 
I suggest you report spam to ISPs to find out what should be discussed in an anti-abuse group.
 
ISP owners do not need new control tools. They all already have what they need and everyone has AUPs, TOSs and contractual ASPs with appropriate penalties.
 
Since you apparently never reported spam and scam to providers, I'll tell you how it works.
 
1- It is necessary to discriminate in the text of the complaint the ISPs involved:
Sender, originating ISP, the host of URL domain, the host of final URL domain;
Include full header and paste message text by removing hyperlink.
The Sender ISP needs to know that his customer is practicing spam and the Host needs to know that your customer is sending scam or spam out of it's network.
 
Eventually and in specific cases:
Include links of scanners and images with the spammer's bad reputation;
Include legal problems, prosecutions and convictions in the Judiciary, if any.
 
By default the spammer will be alerted by your provider.
 
2- In case of recurrence, alert the provider. In legitimate companies this will suffice.
 
The problem is when the ISP refuses to prohibit or suspend its criminal client and the denunciations are repeated in vain. The teamabuses always inform what steps have been taken but only change the domain of the spammer. Legally what we have here is complicity, formation of gang for the practice of crime. This situation is very common and involves many providers.
Before someone says *Call the Feds!* it is good to remember that there are still geographic borders and sovereignties. Should I call Pope Francisco?
 
This WG needs to find solutions to attack those you call, bad guys and what I call, greedy sociopaths. If the statute does not allow such actions, look for possible associations that can do something. Now, implementing actions in a generic way as you are arguing is wrong and no one here is qualified to tell an ISP owner how he or she should act and which tool to use.
 
Marilson
Never so few done so much harm to so many.