> From:   Kistler, Kris 
> Sent:   Monday, August 30, 2004 8:56 PM
> To:     Sheeman, Frank
> Cc:     Bertier, Don
> Subject:        AUP
>
> Just for the record, I still think that the old AUP (legacy red)
> protects business interests far better than the existing blue, or
> currently proposed draft that you sent. I'm willing to follow whatever
> direction you provide, but would not be doing my job if I didn't voice
> my concerns. Not only are we now listed as #2 or #1 "spam friendly"
> ISP, but now the Savvis corporate mailgate systems and the Apptix
> service they are trying to sell are both listed on numerous RBL sites
> and being actively blacklisted.
>
> I see more and more serious business concerns rapidly coming to the
> forefront.  While these RBL sites are not pleasant, they are very much
> a reality that we have to deal with. This reality becomes even more
> time critical now that we have ex-employees and others actively trying
> to pursue every avenue to destroy Savvis reputation. Reputation is
> crucial to future marketing and sales efforts. Without a good
> reputation as a secure and honorable provider, Savvis will soon start
> to lose it's ability to sell to upstanding corporations and business
> leaders, and instead fall to it's own vision of providing service to
> spammers and other "unwanted's".
>
> We are already having several legitimate customers suffering and
> complaining due to their IP space just being near the spammers space.
> This problem grows larger every week, and will continue to get worse.
>
> Arin is going to conduct an audit and is requesting that some of our
> unused IP space be returned. This will cause more problems as much of
> our space is now blacklisted, and unusable. The RBL's will not remove
> blacklisting until policy is changed and the spammers are completely
> removed from our network.  We should put the burden of changing
> company names, switching IP's, and using other subversive business
> methods back on the spammers themselves instead of acting on their
> behalf.
>
> We have already lost our reputation with the RBL providers, and if we
> do not act soon, may not be able to recover it with them or future
> potential customers without a huge amount of bad publicity.
>
> I realize there is some revenue at stake here, but I see this as a
> huge risk to the company as a whole that is not warranted from my
> point of view.
>
> We've been through this exercise before, and it was determined that
> the cost; from a direct monetary standpoint, from a support
> standpoint, and certainly from a corporate reputation viewpoint was
> not worth the cost of doing business with these types of customers.
>
> My best recommendation with the information I currently have is that
> we should immediately revert back to the old red AUP, announce it as
> part of the normal merger process, remove a few of the worst offenders
> to reclaim our reputation, and bite the bullet for the short-term
> revenue that it will cost us. The potential lost revenue from
> long-term legitimate customers and risk of losing future sales far
> outweighs any short-term cash that we may obtain.  
>
> Is there something I am missing here?
>
> Kris Kistler
> CISSP, GSEC, CCNA, MCSE
> Director, InfoSec and Abuse
> Savvis Communications
> 1 Savvis Parkway
> St. Louis, MO 63017
> 877.772.8847 (877.7.SAVVIS)
> 314-628-7596 desk
> 314-221-5969 cell
> SAVVIS, The Network That Powers Wall Street SM
>