Policies

Introduction

Rockynet does not actively regulate or monitor the content of data transmitted through it. However, in order to meet its goals of providing reliable network services and be a responsible participant on the Internet, Rockynet needs to set policy and take actions to ensure network reliability. Therefore, Rockynet enforces the following policies regarding acceptable use of Rockynet network services. This policy should be read and interpreted in conjunction with Rockynet Service Agreement.

All users of Rockynet services, directly or indirectly, are required to engage in acceptable use only. Described here are the actions that constitute acceptable and unacceptable use. This policy lists a few examples to get started. Rather than exhaustively list specific actions that are unacceptable, this policy describes why an action might be considered acceptable or not. This should provide Rockynet customers with a good understanding of responsible network participation to apply to new situations. Enforcement is by termination of Rockynet services and/or imposition of fines and is described in more detail below. This policy ends with a section devoted to spam.

Policy

There are three sources of requirements that may determine whether a use is or is not acceptable. Requirements from these sources may affect the provision and reliability of Rockynet services. Any use that violates the requirements imposed from one of these sources is considered unacceptable use of Rockynet services. The three sources are:

   1. The Law.
   2. Contracts: legal contracts in which Rockynet has become a party, directly or indirectly.
   3. Technology: specifications and behavioral characteristics of network technologies.

Use is generally acceptable if it is lawful, within the bounds of applicable contracts, and is does not interfere with proper technical operation of the network. That includes personal and business transmissions for fun and/or profit. Examples of acceptable use are:

    * Individual (non-bulk) personal, commercial, and educational correspondence and communication;
    * Distribution of requested information to subscribers;
    * Information repositories accessible by web, FTP, Gopher, etc.;
    * Commerce transactions; and
    * Gathering information that is knowingly made available by its owner.

Expressly unacceptable and prohibited are uses that are likely illegal, violate Rockynet contracts, create technical problems or are related to or support such activities. This specifically includes but is not limited to:

 

  • Unauthorized use or attempted use of private computers or networks;
  • Probing for means of gaining unauthorized access to computers or networks;
  • Transmission of copyrighted material except as allowed by terms of the copyright;
  • Transmission of material in violations of US export control laws;
  • Forgery of any identification or obscuring of hostnames, usernames, IP addresses, or any message header information in any data;
  • Use which would be considered illegal if conducted by other means, e.g. pyramid schemes, chain letters, other fraud;
  • Harassing or threatening transmissions;
  • Unsolicited bulk advertising or marketing messages delivered by any means, e.g. participating in "spam" or "velveeta;"
  • Repetitive transmissions which interfere with or inhibit use of computers or networks by others, e.g. denial of service attacks;
  • Posting a message to more than 10 news groups, forums, e-mail mailing lists or other groups or lists; and
  • Posting a message to news groups or forums on a topic which is inconsistent with the charter, FAQ, or description of the news group or forum;

If you have any question as to the acceptability of any particular use, please contact Rockynet Technical Director for more information and guidance.

The Law

Illegal use indirectly affects reliability of Rockynet services. If Rockynet doesn't prohibit illegal use, Rockynet could be sanctioned and thus services would degrade or become unavailable entirely. Clearly any use that is in direct violation of any applicable law is considered unacceptable. The originator of a transmission is responsible for determining which laws and jurisdictions might apply to prevent unacceptable use. As a minimum, local, state, and federal laws apply at the origin of the transmission or activity. Some transmissions may be subject to the laws at the destination of the transmission or activity. Others may be subject to international laws and treaties. Unfortunately most laws lag far behind current technologies. Some activities on computers and networks defy definition or inclusion relative to existing laws. Many laws are in the process of being tested in their application to electronic activities. So while there may not yet be a law which unequivocally states a particular electronic activity as illegal, Rockynet may consider such activity unacceptable based on the probability that it is illegal. This sounds broad, but it is intended as a conservative interpretation of law for lack of tested legal precedence for network media. An electronic activity or transmission would be considered probably illegal if the same activity would be considered illegal if conducted through another means. For example, a verbal threat on someone's life is illegal in most jurisdictions usually if there is cause to believe it might be carried out. Such a threat transmitted electronically is considered probably illegal by Rockynet although there may not be express precedence to support it. As such, this would be considered unacceptable use. Another example is anything fraudulent including the forging of transmission origins. Note that some transmissions, that at first appearance are simple spam, may be illegal because of content. Any message that promotes a "chain letter" type get rich scheme is very much illegal. Such schemes are well documented to be fraudulent and are a violation of USC Title 18 Section 1001. If such messages use the US mail system in any way, like to send the money in response, they are also in violation of USC Title 18 Section 1341. Any message that uses a fictitious, false, or assumed title with a US mail address is also in violation of USC Title 18 Section 1342.

In addition, any activity related to illegal activity is unacceptable. For example, unauthorized use of someone's computers or networks is illegal and thus unacceptable. Also unacceptable is all activity related to that such as collecting user password files, probing for vulnerabilities, and running password guessing programs without the permission of the owner.

Contracts

Use that is unacceptable by contract, like the law, also indirectly affects reliability of Rockynet services. If Rockynet did not enforce the requirements imposed upon it by third parties, those third parties could take actions against Rockynet that could disrupt or limit Rockynet services. To provide network services, Rockynet purchases and/or exchanges network services from other parties and engages in contracts or agreements for use of those services. Some service providers impose restrictions on the use of those services. Currently all of Rockynet's Internet Bandwidth Providers impose restrictions on the use of their services beyond that which is illegal - each with slightly different language. These providers and their current Acceptable Use Policies can be obtained by Contacting Rockynet at 303 444 7052. Any actions taken by our customers that would violate the restrictions of Rockynet's providers will be considered unacceptable use.

Generally such contract restrictions address network etiquette or "netiquette." For example, unsolicited direct advertisement transmissions are questionably legal but are clearly against netiquette and expressly prohibited by Rockynet's MCI contracts as well as Rockynet Service Agreement. Another example of unacceptable use by contract is probing for means of gaining unauthorized use or "hacking." The WorldComm contract to which Rockynet is a party prohibits news postings to more than 10 groups or "off-topic" news posts in its spam policy.

There may be other contracts or agreements that may apply indirectly. Some networks to which Rockynet customers may be indirectly connected through Rockynet may have specific acceptable use policies. The originator of any transmission or electronic activity is responsible for determining the acceptable use policies that apply. An obsolete example is the old NSF Acceptable Use Policy that applied to any transmissions which traversed the NSF backbone. Currently, the VBNS is the only network of which Rockynet is aware that has additional acceptable use policies.

Technology

Violations of specifications and behavior characteristics of network technologies most directly affect the reliability of Rockynet services. For example, improper configuration of Rockynet customer routers or other network equipment can cause direct performance or reliability degradation in Rockynet services.

A customer's use of Rockynet services must comply with current specifications for the technologies involved. Most of the applicable specifications are documented in the Internet "Request For Comments" (RFC) documents. Not all specification transgressions have the potential to impact Rockynet service reliability. Only activities that impact, directly or indirectly, the reliability of Rockynet services are considered unacceptable. The determination of what is acceptable or not in this category is at the discretion of Rockynet Technical Review Committee or its chair. However, consider that some specification violations might be considered unacceptable for non-technical reasons. For example, a violation of email header specifications might be considered fraudulent and thus probably illegal and unacceptable.

Unnecessarily repetitive transmission of data would be considered unacceptable based on technology. Such transmissions create an unnecessary traffic burden on the network and can interfere with network reliability and performance. Advertisement of network control information for which one is not authoritative such as Domain Name Service information, routing information, USENET control messages, etc. also fall into this category.

Enforcement of Acceptable Use

Interpretation and enforcement of Rockynet policies is the responsibility of Rockynet Technical Director. The Technical Director may be reached via email at Technicaldirector@Rockynet.com. Rockynet's acceptable use policy is primarily enforced reactively, i.e. action will be taken when Rockynet is notified of an alleged violation. Rockynet does not engage in any proactive monitoring or filtering of transmission content. Rockynet does monitor the reliability and performance of Rockynet network. Any unacceptable use that directly affects Rockynet network may be discovered through this monitoring. Rockynet maintains the email alias abuse@Rockynet.com for submitting acceptable use complaints.

An unacceptable use investigation is initiated when a complaint is received or a network problem is discovered and caused by a suspected unacceptable use. Rockynet must first verify the validity of the complaint or event. Rockynet will examine the facts available and obtain additional information as necessary. Rockynet will then make a determination as to whether the event was indeed a violation of Rockynet acceptable use policy by a Rockynet customer or its downstream users. This determination is made at the discretion of the Technical Director relative to this policy. The affected Rockynet customer may appeal to Rockynet Technical Director this determination or the resulting actions of the Technical Director.

If a Rockynet representative determines a violation of Rockynet's acceptable use policy has occurred, Rockynet will:

   1. Notify by electronic mail the administrative contact of Rockynet customer in violation.
   2. Require resolution of the violation within two business days.

Resolution of an acceptable use violation requires Rockynet customer to take appropriate action to ensure that the activity has ceased and will not recur. If the violation is not resolved to the satisfaction of Rockynet within the specified period, Rockynet may take one or both of two options: (a) customer's service will be interrupted until the customer has demonstrated that the violation has been resolved; (b) a fee will be assessed to the customer. In the event that service is suspended due to an acceptable use violation, an additional fee may be assessed in order to restore service. If at any time a customer is uncooperative in providing information about the event to determine the validity of a complaint or in resolving the acceptable use violation, a fee may be assessed. Repeat offenders, at the discretion of the ED, may be assessed a larger fee and/or notified of final termination of Rockynet services, with no possibility of reactivation. To maintain acceptable levels of network operations, some violations may create network problems to such a degree as to require immediate interruption of services to a specific Rockynet customer. In such an event, the Technical Director or her delegate will make every reasonable effort to notify by telephone the technical contact of the affected Rockynet customer. If the technical contact is unreachable, reasonable effort will be taken to notify the administrative contact. Inability to reach either contact by telephone will not prevent interruption. However, if Rockynet customer is able to resolve the problem immediately over the telephone, interruption may be prevented. Rockynet customers should ensure their contact information is current in Rockynet customer database.

Spam

Spam is a particularly widespread and insidious problem and requires specific treatment here. Spam usually refers to the transmission of unsolicited electronic advertisements or marketing information either directly via e-mail, news groups, forums, or any other list or group. Currently, most network users pay for network bandwidth transmitted or received. So such unsolicited transmissions are in effect "postage due." This puts the recipients of unsolicited messages in the position of paying for transmissions they do not want. This is the core of the problem of unsolicited transmissions.

The legality of spam is not defined. Many believe spam is illegal based on USC Title 47, section 227 p (b)(1)(C). However, this law, written primarily for facsimile auto dialers, has never been tested for electronic mail or news bulletin boards. So its applicability to spam is questionable. In fact, this law is expressly and directly violated routinely by advertisers sending unsolicited advertisements via facsimile. So this law's enforcement is questionable even for the technology it explicitly addresses. At least sending facsimiles costs the money of long distance phone calls. For no additional money, advertisers can often send millions of electronic mail or news messages - the cost of which is borne by the recipients. The problem has clearly gotten out of hand. Illegal or not, spam is unwelcome and unacceptable.

Spam is unacceptable use of Rockynet services because it is prohibited by Rockynet's backbone provider contracts and it interferes with the productive use of the network by others. All activities associated with spam are unacceptable including but not limited to: originating, forwarding, relaying, forging, benefiting from, and collecting and storing non-subscription email address lists. However, in order to regulate spam, we must clearly define it. As much as some folks don't like advertising, and most spam is advertising, not all advertising is spam. Likewise, not all unsolicited messages are spam. In order to be classified as spam, a message must be both unsolicited and soliciting. Quantity is not a consideration because it is not provable for e-mail after the fact.

Unsolicited

A message is unsolicited if the recipient did not request it. So now we have to define "request." The definition of request is made in the context of a relationship. In an established relationship, requests may be implied by the nature of the relationship. In the absence of an established relationship, an explicit request for specific information is required prior to providing the information as a response. The key to a valid relationship or request that gives permission for a transmission is that it is entered into or given willingly and knowingly, i.e. legal in all probability without fraud, deception, coercion or duress. Any relationship or request that is obtained otherwise is invalid, null and void. Some examples of established relationships: friends, colleagues, vendor/customer, distributor/subscriber, etc. An established relationship is an implicit request only for information directly related to that relationship.

Soliciting

A message is soliciting if it urges, entices, or expects the recipient to take some action as a result of reading the message. This would include advertising, marketing, recruiting, and other such messages. Pure surveys are not considered soliciting since their purpose is information collection, not enticement of the recipient. However, a survey would be considered soliciting if it contains any soliciting data.

Clearly any one engaging in the responsible transmission of data which could be classified as soliciting should take caution to ensure that transmissions are made only in the context of a valid relationship or with a valid explicit request. The burden of proof is on the sender to show the transmission was indeed requested and therefore not unsolicited.

Some examples:

Subscription lists

Distributing information through subscriptions is fine as long as the messages can't be considered unsolicited soliciting. The act of subscribing to a mailing list establishes a distributor/subscriber relationship. However, only the information which the list is expressly described as providing is within the context of that relationship. If the messages are sufficiently different than the list description, one could claim the relationship was established fraudulently. For example, if a distribution list description offers cookie recipes, then messages that contain no recipes but only ads for cookie companies would be considered spam. Messages that contain recipes and ads would not be spam. The ad messages alone would be ok if the distribution description clearly offers both recipes and advertisements. Of course this presents a problem with un-moderated lists where anyone or any list participant can send a message to the entire list. It is the responsibility of the list maintainer to take actions to ensure that "off-topic" postings aren't soliciting.

Vendor lists

When a customer purchases something from a vendor, that customer is said to have established a relationship with that vendor. Future correspondence from that vendor is reasonably expected in the course of the relationship. As a result, mailings containing soliciting from a vendor to its existing established customer base can be reasonably expected and are not spam. However, such messages must be only regarding that vendor's products related to the product the customer has purchased. For example, if a customer purchases a modem from a vendor, then vendor messages to that customer about its new telecommunications related products are not spam. But vendor messages to its modem customers about life insurance products would be spam. Vendor messages to its customers about other vendor's products are always spam. General company announcements such as press releases to its existing customers are not spam. Vendors must remove customers from such promotional lists upon request.

Auto Responders

Automated e-mail or web response mechanisms normally send soliciting type information in direct response to an incoming request. These are perfectly legitimate as long as they behave properly. Auto responder messages can be considered spam if they respond more than once, store and use the e-mail address for later mailings, or respond to system e-mail such as from root, postmaster, or mailer-daemon. To be considered legitimate non-spam, an auto responder message should clearly indicate where and when the request was submitted and state that the message is in direct response to that request. Preferably, the auto response should include the entire request message to which it is responding. Auto responders should never respond to typical system e-mail addresses since messages from those addresses are usually system mail, not user requests, and could result in mail loops or otherwise unnecessary duplication of the message. Auto responders also should not collect and store e-mail addresses for later mailings. A request to an auto responder is a request for that information at that time. It is not a valid request for future mailings from that organization.

News Postings

Postings of articles that contain soliciting information are acceptable only in groups or forums where such messages are expressly allowed.

A Word About Content

Some might argue that this policy violates Rockynet customer agreement that prohibits Rockynet from discriminating with respect to transmission data contents. There are two reasons why this is not true:

  • 1. That clause in the customer agreement is in the context of ensuring fair and open communications among customers. This policy specifically exists to moderate complaints to ensure such fair and open communications.
  • 2. The content alone is not what makes a particular use unacceptable. The means by which that content is distributed determines whether or not such use is unacceptable. All content (unless it is illegal) is acceptable as long as that content is distributed in a fair and responsible manner. Unsolicited distributions are irresponsible and unacceptable. The line has to be drawn somewhere. If we were to prohibit all unsolicited transmissions, the Internet would be pretty useless.

Three parties are often involved for each spam message transmitted via e-mail, news, or other means.

  • * The actual originator of the transmission;
  • * The beneficiary: web site(s) or e-mail address(es) advertised in the transmission; and
  • * A patsy through whom the transmission is made to misdirect complaints away from the true originator.

The problem is that the beneficiary and patsy clearly contribute to the problem of spam, but may do so unknowingly or unwillingly. Only the actual originator of a spam transmission is in direct violation of acceptable use policy. Each Rockynet customer should have their own acceptable use policy that prohibits spam message transmissions and allows termination of services to spam participants. Although the beneficiary and the patsy may not be directly involved, knowing and willing participation in spam in any role constitutes unacceptable use as related activity.

Originators of spam know that only the originator is most likely to be sanctioned for unacceptable use. Spammers intentionally setup their web or e-mail site with one provider and "spam and run" on other providers - knowing their use is unacceptable and will result in service termination. So while the first few complaints received about a spam beneficiary (not the originator) may be dismissed giving one the benefit of doubt, repeated complaints may result in unacceptable use sanctions unless the beneficiary can show that the spam was done without permission. One should control how their site is advertised because it affects their reputation. Rockynet considers anyone who does not control their advertising to be a knowing and willing party to that advertising. Rockynet will notify Rockynet customers who are beneficiaries of spam for which complaints are received. Rockynet expects the notified customer to take appropriate action to ensure the use of spam to advertise that site ceases and does not recur. MCI directly prohibits spam beneficiaries in their network.

Spammers are becoming clever in obscuring the true origin of spam transmissions. Obscuring message origins is in itself unacceptable use. Communications on the Internet are two-way. False source information causes significant problems such as unreturnable bounces (which pile up in some patsy postmaster box). With spam, message offenders are more difficult to locate. There are three basic methods used. These methods are used together or separately. Commercial mass mailing software programs are available that use these methods automatically. Some common methods are:

  • 1. Forging mail headers including one or more "Received" lines using bogus or a valid patsy domain.
  • 2. Sending the message through a third party that becomes the patsy.
  • 3. Using a valid domain name as the origin, but using a patsy's IP addresses in the contents of that domain.

Everyone on the network must do their part to prevent contributing to spam by taking appropriate measures to ensure these methods are unsuccessful. Rockynet will notify Rockynet customers who are a party to spam for which a complaint is received. As with spam beneficiaries, the first few times one will be given the benefit of doubt. Subsequent complaints raise the question of knowing and willing participation in the spam. Such cases will be evaluated individually. Rockynet may sanction as unacceptable the participation in the obscuring the origin of spam by being used as a "patsy." In all cases, actual origination of any transmission that falsifies information about its origin is a direct violation of Rockynet acceptable use policy and will result in service termination.

What you can do about spam

The following precautions may prevent or reduce the possibility of a site being used unknowingly as a spam patsy:

  • * Ensure your SMTP server records the following information in message headers and/or logs:
    • 1. The IP address of the host from which the message is received (session peer);
    • 2. The hostname provided in the HELO greeting; and
    • 3. The hostname, if any, listed in DNS as the PTR of the IP address.
  • * Do not accept SMTP messages for non-local recipients, i.e. block relaying.
  • * Do not accept SMTP connections from well-known spam originating sites. If you use Sendmail, check out these suggestions. ISPs should consider implementing the following precautions to deal with users:
  • * Have an acceptable use clause in the user agreement and ensure each user signs the agreement;
  • * Have the power in the user agreement to terminate services for unacceptable use;
  • * Have the power in the user agreement to not renew the agreement without cause;
  • * Require and validate information from the user such as real name, postal address, and phone number;
  • * Require photo id or something that needed photo id (like printed bank checks with matching name) for new accounts to ensure customers are using legal names rather than aliases; and
  • * Request information on previous Internet Service Provider and do a "spam check" just like you might do a rental history verification to lease someone an apartment and know they were a good tenant.

See www.abuse.net for more information on fighting spam.

Liability

Each Rockynet customer shall be solely responsible for the content of any transmissions over the Internet by customer and any third party utilizing customer's facilities.

Revisions

This policy may only be amended by resolution of Rockynet Technical Director