[Top] [All Lists]

RE: 3. Requirements - Anonymity (was Re: FW: [Asrg] 0. General)

2003-10-27 08:07:34

  Anonymity is unrelated to many of the anti-spam systems.  
As PHB pointed out, holding an ISP accountable for a message 
means that a user of that ISP can still be anonymous.

Can an ISP be held accountable for a message and still ensure privacy
and free-speech?  On a more technical level, should an ISP inspect every
outgoing message and ensure that it's not spam?  Is the anti-spam war
more easily fought at the source than at the sink?

Rather than just make this rhetorical, there are two types of ISPs:
A) Consumer access: Dial, DSL, Cable, Lease line
B) Content access: Hosting, DS3s...

Regarding consumer access, most ISPs place port 25 filters on their
access lines.  A sender can only send email to a subset of email relays.
This works moderately well.  Most spammers have many alternatives for
sending email (see item B) rather than via the ISPs mail server
specified within the port 25 access list.

Regarding content access, datacenters essentially do next to nothing to
restrict spammers.  In many cases, I receive UBE notices from ISP
providers where the spam originated from their own datacenter.
Considering that datacenters make money on Mbps...they are not concerned
with the excessive traffic generated by spammers.  Some datacenters are
essentially spam magnets.  In these cases various relay DBs attempt to
find these sources and block them...but the effort is futile.

I am still amazed that lawsuits go after the companies generating the
spam rather than the datacenters that turn a blind-eye towards them and
provide all the infrastructure to accommodate. 

Asrg mailing list