Acceptable Use Policy

This document (the AUP) forms part of the Terms and Conditions (T&C) you agree to when using the service. It defines what the service may and may not be used for.

The activities prohibited here are those that are generally considered to be abuse of the Internet. Since the Internet is a shared resource paid for jointly by everyone connected to it, users are responsible for ensuring that their behaviour does not have an overly negative impact on others.

More general guidelines on acceptable behaviour on the Internet are called Netiquette, see RFC1855 for more information.

This document is available at http://port995.com/policies/aup and was last updated on 2001-10-08. It may be revised without notice at any time and we advise you to check it regularly for changes.

1 Conduct

1.1 Unlawful Use

Port995.com's systems may not be used to violate applicable law. They may not be used to commit fraud, violate intellectual property rights, threaten, intimidate or harass others or host or transmit material which is obscene, offensive, defamatory or in breach of confidence. All customer data must conform to UK laws and inparticular but not exclusive to the Data Protection Act and the Obscene Publications Act in all their revisions and amendments.

1.2 Others Acceptable Use Policies

When using Port995.com to connect to other systems, our customers must respect any acceptable use policies, terms of service, terms and conditions or similar restrictions placed on their use by the owners of those systems.

Any violation of these will constitute a violation of this AUP and be treated accordingly.

2 Security

2.1 Unauthorized Access

Under no circumstances may Port995.com's systems be used to gain or elevate access to a system or attempt to gain or elevate access to a system without the permission of the system's owners.

2.2 Denial of Service (DoS)

A Denial of Service (DoS) attack is designed to disproportionately consume the resources of a system in order to reduce it's ability to serve it's function.

Under no circumstances may Port995.com's systems be used in DoS attacks.

2.3 Probes and Scans

2.3.1 Definitions

Probe

A probe is a connection made to a computer in order to determine if it has a security vulnerability (for example, testing a mail relay to see if it allows third party relay).

Port-Scan

Making multiple attempts to connect to a computer on different ports in order to determine what services it provides is a port-scan

Sweep

A sweep is a series of attempts to connect to multiple network addresses in order to determine whether they are in-use, providing a specific service or to map a network's topology.

Spoofing

Faking the details of a connection in order to make it appear to come from a different computer, organisation or individual without their permission is known as spoofing. Examples include faking the From or Reply-to addresses of an email, the SMTP sender in an SMTP connection or the source IP address of an IP packet.

2.3.2 Prohibition of Probes, Port-Scans, Sweeps and Spoofing

Probes, port-scans, sweeps and spoofing of systems without the express permission of the owners of those systems is prohibited.

From time to time, we may perform security audits of our systems and those of our customers, and we reserve the right to use probes, port-scans, sweeps and spoofing in these circumstances.

3 E-Mail

E-mail is a widely supported one-to-one electronic messaging system primarily defined by RFC821, RFC822 and RFC1123.

3.1 E-mail Spam

3.1.1 Definitions

Bulk (or Broadcast) Email

Bulk emailing is the sending of substantively similar emails to more than 50 email addresses.

Commercial Email

Any email which promotes a commercial venture, offers a service or solicits payments of any sort is a commercial email.

Unsolicited Email

1. If the recipient of the email contacted the sender more than one working day prior to it's receipt requesting that they not send it, the email is unsolicited.
2. If the recipient has explicitly requested the email (for example, by posting their email address on a web page and inviting contacts related to their business), the email is solicited. Posting an email address on a web page or participating in a discussion in a public forum does not, in itself, constitute such permission.
3. If the sender and recipient are personal acquaintances (for example the sender is an old friend who has just discovered the recipients email address), the email is solicited.
4. If the email is relevant to a pre-existing business relationship between the sender and recipient (for example, a company informing a customer about a change in the service they provide them), the email is solicited. This does not include, for instance, situations where one company passes the recipients email address (without their consent) on to another company who then contacts them.
5. If the email was sent to one of the email addresses reserved by RFC2142 (e.g. postmaster@, webmaster@ or abuse@) and is relevant to it's reserved use, the email is solicited.
6. Otherwise, the email is unsolicited.

Where there is a dispute over whether an email was solicited or not it is the responsibility of the sender to provide evidence that it was solicited (for example, a confirmation email for subscription to a mailing list). This evidence should include enough information to allow it to be correlated with records held by others (for example, a date and time and a source IP address or telephone number that the request came from).

Address Confirmation Step

An address confirmation step is any process used to verify the validity of the address that an email appears to have come from. Usually, this consists of sending a confirmation request email to the address containing simple instructions (such as "hit reply") which must be followed to confirm the authenticity of the original email. In order to be effective, the instructions must be such that only the person who receives the confirmation email can complete them (for example they could require knowledge of a unique number included only in the confirmation email). Modern mailing list managers implement address confirmation by default.

3.1.2 Prohibition of UBE and UCE

Under no circumstances may Port995.com's systems be used in the sending of Unsolicited Bulk Emails (UBE) or Unsolicited Commercial Emails (UCE).

The sending by our customers or others acting on their behalf of UBE or UCE promoting or advertising domain names, URIs or email addresses hosted by us is also prohibited.

See RFC2635 for more information on spam.

3.1.3 Bulk Emails

Senders of bulk emails have a particular responsibility to ensure that their emails are solicited.

Bulk emails may only be sent to email addresses which have been verified using an address confirmation step. The confirmation email used in this process must be concise and may not contain gratuitous promotional material.

3.2 Mail Bombing

Mail Bombing is sending more than 10 substantively similar emails to the same recipient in any 24 hour period.

Under no circumstances may Port995.com's systems be used in mail bombing.

4 Usenet

Usenet is a distributed hierarchy of publicly accessible forums primarily defined by RFC1036.

4.1 Usenet Spam

4.1.1 Definitions

Cross-Posting

Cross-posting is posting a single Usenet message which is marked as appearing in multiple newsgroups.

Multi-Posting

Multi-posting is repeatedly posting identical or substantively similar messages. Multi-posting is considered bad because each copy of a multi-posting must be separately distributed across Usenet, whereas a cross-posted message need only be transferred once (even though it appears in multiple newsgroups).

Briedbart Index

In order to quantify how bad a multi-posted or cross-posted message is, the Briedbart index is used.

If during any 45 day period, a series of substantively similar messages are posted, the first cross-posted to n1 groups, the second to n2 groups, the third to n3 groups, etc., The Briedbart index of that series of postings is calculated as the sum of the square roots of n1, n2, n3 etc.

Excessive Multi-Posting (EMP)

Any series of substantively similar postings with a Briedbart index greater than 20 constitute an Excessive Multi-Posting (EMP).

4.1.2 Prohibition of EMP

Under no circumstances may Port995.com's systems be used to Excessively Multi-Post.

The posting by our customers or others acting on their behalf of EMP promoting or advertising domain names, URIs or email addresses hosted by us is also prohibited.

4.2 Off-Topic Posts

4.2.1 Definitions

Charter

Many newsgroups have charters which place restrictions on what messages may be posted to them. Charters can be searched for at the Internet FAQ Consortium and the charters for all UK newsgroups can be found at The UK Usenet Committee.

Off-topic

Where a charter exists for a newsgroup, a message posted to it which violates that charter is off-topic.

4.2.2 Prohibition of Off-Topic Posts

Under no circumstances may Port995.com's systems be used to post off-topic messages.

The posting by our customers or others acting on their behalf of off-topic messages promoting or advertising domain names, URIs or email addresses hosted by us is also prohibited.

5 Accountability

Any use of a customer's account will be considered use by the account holder. In any incidents of abuse involving an account, the account holder will be held responsible. The security of a customer's systems and account details are the responsibility of the customer.

We recommend that our customers take steps to ensure that all use of their account is authorised. This includes restricting physical access to their computers and networks, logging their use and ensuring that their account details (especially passwords) are stored securely. Connecting a computer up to the Internet exposes it to millions of other computers, and we recommend that customers ensure that their computer is secured against abuse from the Internet.

6 Consequences

Port995.com explicitly reserves the right to suspend or terminate without notice or refund all remaining services to a customer where we have evidence that they have violated our T&C including this AUP.

Under normal circumstances, however, we will endeavour to contact that customer (either by telephone or email) before any action is taken. Where we believe that that the violation was accidental or will not be repeated, we may, at our discretion, choose to re-enable services. In these circumstances we may also place restrictions or further conditions on the customers use of our systems, require a formal undertaking from them regarding their future conduct or require payment to cover costs incurred by us in dealing with the abuse incident.

In circumstances where we believe an abuse is in progress, we may temporarily suspend services in the interests of preventing further abuse while we investigate. Typically, this would take the form of delaying emails on our mail server, halting reception on new emails, or suspending access to mail accounts or other services.

7 Complaints Procedure

Complaints should be sent to abuse@port995.com and include as much detail as possible. Relevant emails or Usenet postings (including all headers) and logs, together with references to charters, acceptable use policies and other supporting evidence should all be included when they are available.

During the investigation of the complaint, and except when required by law, we will endeavour to ensure that any information we pass on to our customer does not identify the complainant and that no information we release to the complainant identifies the customer.

Following an abuse incident, we may make relevant information (such as details of our response) available to interested parties. Again, except where required by law, this will not normally include personally identifying details.