On June 26, 2003 at 18:53 vjs(_at_)calcite(_dot_)rhyolite(_dot_)com (Vernon
Schryver) wrote:
From: Barry Shein <bzs(_at_)world(_dot_)std(_dot_)com>
...
If we can conclude that MILLIONS of PCs are PURPOSELY being infected
by viruses designed to turn them into spam delivery robots...then
there's nothing we can do?
Sure we can, for starters we can alert all interested parties that
this is underlying the spam problem and more importantly agree that
this is the real problem.
That's reasonable, but I doubt it will have much effect.
Look, it's taken weeks of my harping on the point to even begin to get
it taken seriously in this group of people who claim some expertise in
network engineering and related and spend time thinking about the
problem.
Not surprisingly (to me), there's this kind of denial and insistance
on thinking about spam only in terms of the spam on one's screen
rather than as a network wide security phenomena.
How far along that path do you think legislators who are architecting
anti-spam bills or various regulatory and enforcement agency managers
trying to decide how best to allocate some budget to spam-fighting
(e.g., FTC, FCC, etc) are on this?
What if, as I mostly claim, they all have it wrong from the get-go and
the nut of the problem really is the amplification and how it's
acheived and not the rather limited event of seeing a spam message in
your mailbox?
Legislators, from what I've seen, are treating this problem mostly as
if Kellog's or Publisher's Clearing House are getting a little frisky
with the send button and need to be reeled in a little with some rules
on fair play like opt-in and clearly identifying a msg.
But what might be closer to the truth is we have rather organized,
hardened, and cynical criminals causing the spam plague, many of whom
have already proven themselves beyond the reach of civil law and
probably any regulatory law that doesn't involve coming to them and
putting them in irons and locking them away for a long time.
So why bother with all this "put [ADV] in the Subject" and "you should
include a removal address which actually works" when what we're
dealing with here is something closer in nature to a blossoming
Medellin drug cartel?
And who might change this?
Someone screaming from the roof of the building?
Not likely.
Or a group such as this issuing a statement (whatever form it should
take) that we've looked into this as a group of network engineers and
have concluded the real problem is not what's been popularized up
until now but, rather, should be viewed as this: (It's the
Amplification, Stupid, in more words)?
That's why I think it's important that we try to look at the problem
with an eye towards really characterizing what the problem is rather
than just accepting blindly that the problem is that little billy or
sue just got a pornographic message how do we block that from
happening again?
If every phone in NYC suddenly rang at the same time (or as many as is
possible) and the voice on the line said "BUY BLAMMO COLA!" would you
say the problem was that you and 8 million others received an ad for
Blammo Cola you didn't want or that SOMEONE HAS MANAGED TO RING 8
MILLION PHONES SIMULTANEOUSLY and what sort of breach of the phone
system does that represent?
I like that way of stating the issue.
Ok, then I'll repeat it and leave it there for now.
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg