At 01:26 PM 6/28/2003 -0400, Alan DeKok wrote:
Madscientist <madscientist(_at_)microneil(_dot_)com> wrote:
> It is possible with technical means to drastically reduce the potential
for
> abuse without increasing costs (fiduciary or otherwise). The goal
should be
> to make spam (and other forms of abuse) impractical rather than simply
> unprofitable.
<sigh> Did I say anything about money or profit?
There is a cost to engaging in network traffic: time, CPU power, and
so on. There is a cost to transactions on the network. Packet
filters, etc., all increase the transaction cost of network
conversations.
Alan DeKok.
That was, perhaps, a poor choice of words on my part... discussions of
increasing the cost to spammers are often linked to the theory that making
it unprofitable would make it go away - you did not make that argument
directly, apologies. Also, when I said "fiduciary and otherwise" I meant to
explicitly include the costs you mention, as well as the costs to the users
and other stakeholders (answering challenges for example).
My point was that a subtle difference exists between a focus toward
increasing the cost of abuse and a focus toward preventing and disabling
abuse. Filters, tar-pitting, and similar methods are subtly different from
denying service to abuse sources in that the latter is a more absolute and
arguably more efficient reaction. If a source of abuse is detected and then
automatically denied access to the network until the abuse subsides then
far fewer resources are required at all points in the system.
A focus on raising the cost of abuse leads to deterrents whereas a focus on
thwarting abuse leads more directly toward elimination.
I recognize that the possibility for abuse exists in any open system,
however I think it is possible and should be our focus to structure the
system so that abuse is ineffective for any other purpose and as
practically impossible as can be achieved. The problem with spam is two
fold: (1) That the abuse is possible, and (2) that the abuse can be
leveraged to another goal: profit.
For example, it is possible to ping flood an unprotected system and disable
it, but there is little motivation to do such a thing.
While it is possible to broadly transmit unwanted content to undefended
systems (spam), the difference is that there is tremendous motivation to do
so. As a result we see a _lot_ more spam than ping floods (or similar abuses).
I consider both cases fundamentally as a technically preventable form of
abuse. It is possible to detect a ping flood and immediately mount a
defense by blocking (disconnecting) network access to the source. I belive
that similar mechanisms should be used for spam or other abuse sources, and
that our focus should be on the development of open protocols, standads,
and changes to existing protocols that give rise to that kind of response.
Sorry for any confusion.
_M
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg