At 12:52 PM -0500 2003/10/28, David Maxwell wrote:
Additionally, you highlight the fact that ISPs need tools to provide
better control over users use of resources. If Joe normally sends less
than 20 emails a day, and a spammer takes over his identity, shouldn't
200+ emails in one day be enough to shut him down?
Trojan a million machines, have them watch the outbound traffic
for a few days, then configure them to send an average of about 1x
that amount as spam. That should be a low enough value to by-pass
any such per-user rate limits.
Moreover, this puts us into a similar situation where the RIAA is
suing 12-year old girls and grandmothers, because we have
mis-identified their apparent unusual activity, or because they did
things (or their system did things) and they were not aware of the
consequences.
No, you can never 'trust' anyone, and you can never filter perfectly,
but if each 'identity theft' could only result in a handful of spam
reaching the network, versus the millions delivered today, then the
change would be significantly beneficial to the network as a whole.
At best, it would make it marginally more difficult to use open
proxies, but spammers would just trojan a larger number to arrive at
the same results. Or, they'd get smarter and pool their resources
and get into outsourcing arrangements. Or any or all of the above.
And that would only be at the ISPs where they implement such
per-user rate limiting controls, which would be expensive and
difficult to implement. You could do a whitelist for ISPs that do
implement such per-user rate limiting, but you'd have to make sure
that it's not implemented via the DNS (otherwise you get into all
sorts of nasty cache poisoning issues, such as have been previously
discussed).
This leaves the question of whether you want to have internet bandwidth
soaked up by spam, just so you can have more ham input for your filter
learning system?
Bandwidth-wise, spam has never shown up on any measures of
network concerns, and never will. A few browsings of porno websites
will generate far more traffic than you'd ever receive in a single
day.
The cost to ISPs has nothing to do with bandwidth utilization.
It has to do with transactional costs (handling X messages per
second/minute/hour/day), storage costs, CPU load caused by trying to
reduce spam, etc.... The cost to individuals does sometime have a
bandwidth cost, but again that rapidly disappears in the noise when
compared to web traffic, etc....
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg