How to
Sponsor ISPA		 Dedicated servers & web hosting - UKFast Internet Watch Foundation

BCP on Unsolicited Bulk Email (spam)

 

A Best Current Practice (BCP) document is a non-mandatory recommendation representing what ISPA believes is best practice at the time of writing.  Prescriptive language including words like 'should' and 'would' refer to members who are trying to comply with the BCP.  Mandatory requirements on ISPA members are set out in the ISPA Code of Practice.

 

 

1. Attribution of emails

 

Members should ensure that their email systems will not relay email for unauthorised third parties.

 

Members should ensure that all email generated within their own networks can be attributed to a particular customer or system, and should ensure that the immediate source of email which arrives from other networks can be determined.

 

 

2. Abuse management

 

Members should operate appropriate arrangements for the handling of reports of abuse by their customers. They should publish contact details for their abuse team on their website, and also ensure that IP allocation entries in regional registries such as RIPE contain appropriate abuse team email addresses.

 

Where abuse is proved, the ISP should take effective action to prevent the customer from continuing that abuse. The legal basis on which services are provided to customers should allow such action to be taken.

 

Members should treat use of Unsolicited Bulk Email (UBE) to promote secondary services as an abuse of the provision of that secondary service.

 

Members should not permit customers to distribute tools, or lists of email addresses, whose purpose is the sending of UBE.

 

 

3. Customer information

 

Members should disseminate information on the action taken in regard to customers who have sent UBE.

 

Members should educate their customers on the nature of UBE, and should ensure that their customers have been made aware that sending UBE will be treated as unacceptable behaviour.

 

Members should inform their customers about any automated anti-spam mechanisms in operation and should educate their customers about any potential harmful side-effects.  

 

Members should also provide advice to their consumers detailing how they can protect themselves.