Policy creation and enforcement

When creating policy, it's important to define unwanted behavior as clearly as possible, so that it does not require complex value judgements to decide whether behavior violates policy.

Prohibiting behavior that you can't easily detect (or, due to other privacy considerations, you have said you won't look at) is bad policy. As much as possible, have good substantiating evidence when enforcing policy, to avoid questions and ambiguity.

Some users may try to get you to adjudicate personal conflicts that may (at least in their opinion) touch upon policy issues. It's usually a bad idea to become embroiled in such conflicts; refer users to appropriate facilities (such as mediators) for resolving such conflicts. Also, don't be tempted to abuse your role in policy enforcement if you should have personal conflicts with any of your users; realize when you have a conflict of interest and arrange for a neutral third party to deal with any valid policy issues involved.

There are some standard email addresses (see RFC 2142) for reporting abuses which you should have on your system if you support the associated services.

abuse@

For reporting abuses caused by your users or originating from your system.

postmaster@

Required to be an address that reaches a human reader who can deal with general email-related issues, such as inquiries about mail problems which may also include abuse issues.

webmaster@

For general inquiries about web services. Due to a widespread tendency to consider "the Web" and "the Internet" the same thing, you may get general inquiries about other services to this address as well.

Next ->