Acceptable Use Policies of the ABUSES Forum

Introduction

The purpose of this document is to establish the terms and conditions of the "Acceptable Use Policyā€¯ which the clients of companies must comply with in regard to ISP. Acceptable Use Policy is understood to mean: Rules which establish how an information server or a network may be used in a given environment so that usage is legal, ethical and responsible.

This Acceptable Use Policy specifies the actions which users of a given ISP network are prohibited from performing, with each ISP reserving the right to modify said policy at any time. Compliance with said modifications becomes obligatory once the modified Acceptable Use Policy is published and therefore this policy must be easy to access so that clients may refer to it.

The ISP will make every effort to ensure that users/clients respect and comply with the Acceptable Use Policy and other basic rules which aim to preserve the assets, services and operation of the Internet Community, and expressly refrain from using the services for illicit and/or unethical purposes. The aim is to create a relationship of trust between the client/user and the ISP operator and to ensure the secure growth of the Internet Community through the compulsory use of modes of conduct which conform to generally accepted rules of coexistence.

Use of a service offered by the ISP entails acceptance of the conditions of use and clients are expected to use the Internet with respect, courtesy and responsibility, with consideration for the rights of other internet users.

The ISP reserves the right to determine what constitutes abuse of this policy and the client may be subject to punitive action determined by the ISP in accordance with an established protocol.

ISPs must include the principles of this Policy in their contractual relations with their clients and must put into practice any mechanisms required to guarantee that the aforementioned clients have knowledge of and comply with said principles.

Actions which are expressly prohibited for each type of abuse

  • SPAM
  • Breaches of Laws
  • Intrusion
  • Hacking or similar activities
  • Phishing

SPAM

The ISP must forbid its clients or users to use the email provided that affects in any way the following anti-spam use stipulations:

  • Spamming
  • Mailbombing

Falsifying the identity of the user or any other information related to sending emails, including, but not limited to, omission, deleting or falsification or falsifying the transmission of information including headers, email sender addresses or Internet protocol addresses, or participating in any activity or action, the purpose of which is to hide or mask the identity or contact information of the client, either voluntarily or unconsciously, with a commitment in the latter case to taking any measures required to ensure this does not occur. [(virus) (open proxy)].

If the client has a mail server they must ensure that it is configured correctly, to only accept the mail from their domain in order to prevent it from being exploited in order to send unwanted emails. Mail servers that allow anonymous connections are not permitted. Likewise, it is prohibited to connect to anonymous mail servers without the permission of the owner and if the client has a Proxy server for sharing the connection, the proxy server should not permit external connections as this would enable an external user to use said proxy for sending unwanted emails by pretending to be the client.[(Relay, anonymous proxy)]

For serious or urgent reasons in relation to conduct which is contrary to public order, accepted principles of morality, current legislation, the Internet's rules of courtesy, or which constitutes a breach of this policy and/or seriously affects, in any other way, the ISP or their clients, the ISP may take any action deemed appropriate to halt the consequences of this conduct. [(aggressive fast spreading viruses, fraud, etc.)]

Breaches of Laws It is prohibited to transmit, distribute or store any material which breaches any current laws. This includes, non-exhaustively, material protected by copyright, trademarks and/or trade secrets, or any other intellectual property rights used without due authorisation and any material which is obscene, defamatory, xenophobic, constitutes an illegal threat or breaches export control laws. [(LPI, Child Pornography etc...)]

Intrusion To illegally access, without authorisation or try to breach the security mechanisms of computers or networks belonging to a third party and any activity aimed at attacking a system to acquire information about said system, such as, scanning ports either wilfully or unknowingly. In the latter case the client agrees to take any measures required to ensure this does not occur. [(virus, vulnerabilities of S. O.)]

Hacking or similar activities All activities carried out for illegal purposes are prohibited. These may be unauthorised access, theft, blocking or harming information, overloading or damaging services, systems, networks and equipment, with or without hiding their identity, avoiding security measures if these are implemented, breaching the conditions of use of said measures, and any rights enshrined in law.

Likewise, the client undertakes not to distribute any information relating to the creation of malware via internet or to willingly participate in denial-of-service attacks. [(trojans, backdoors, spyware, zombies, DoS, DDoS, etc...)]

Phishing The client shall not knowingly store on their equipment any element that may constitute a scam or fraud. If the client unknowingly stores any such items he or she undertakes to immediately take any action required in order to block access to the fraudulent page and to delete it as quickly as possible. Likewise, the client must put in place any measures required to ensure that such an event does not happen again in the future. [(phishing)]

ISP Acceptable Use Policy It must include the following terms:

  • ISPs shall provide the means required to ensure that their clients are able to file complaints or claims in relation to any abuses committed.
  • Claims and complaints shall be responded to in the shortest time possible.
  • In order for the client to be certain that their complaint reaches the ISP they should receive an acknowledgement.
  • The client shall be provided with an identification for the complaint made.
  • All claims and complaints shall be processed.
  • The ISP responsible for the IP address from which the abuses occur shall be informed. Acceptable Use Policy between ISPs Recommendations to promote good relations between ISPs made by the ABUSES Forum.
  • The ISP shall provide a suitable channel for receiving complaints from other ISPs.
  • Every complaint shall be accompanied by evidence of the abuse committed.
  • Every complaint must state the date, time and time zone.
  • One complaint should be sent for each IP address or each abuse committed by said address.
It would also be useful to use a single format which is accepted and agreed upon by all ISPs for sending complaints to one other.