One worrisome aspect of this approach is that it begins the
"slippery slope" towards "email == electronic version of postal mail".
This would eventually result in spamfilters being declared
illegal, just
like any other interference with postal mail.
I do not see the logic there. The closest analogy would be junk telephone
call rejection schemes. These are completely legal for common carriers to
offer to their customers (VeriSign has offered one in the past).
I think that if we got into a situation where we had spam sufficiently under
control that the sheer bulk was not a major problem we might eventually get
to the point where there was some rule that ISPs had to allow the recipient
to make all decisions as to whether email was accepted or rejected.
I think we are a long way from that point.
4) Legislative action is not a substitute for fixing the email
protocols. We need to consider how we can change the email protocols
to make enforcement of anti-spam laws more effective.
The root cause is even deeper. There are millions of
compromised, aka
"0wn3d", home machines out there, under the control of
organized crime,
being rented to anyone who'll pay for them. The current payers are
spammers. They could just as easily include Al Qaeda. Consider these
machines just like guns stolen by criminals, to allow them to commit
crimes without being traced. As long as home machines have proxies
and/or keyloggers, any authentication process can be subverted.
Securing these machines will cut off the majority of current spam.
I would like to open up a dialogue with ISPs generally on the sort of
measures that should be in place by default in home firewall systems
included in cable modems.
The point is that a real firewall is not just protection against fire
spreading to my house, it stops my house setting fire to others.
I see no legitimate reason for a home machine connected via broadband to
originate a million SYN packets per second directed at the same IP address
and port. I see no legitimate reason for a home machine to send more than
ten thousand emails per hour.
I am not just concerned about spam. When a DDoS hits the DNS roots it is
hitting my machines. OK a cable modem may be subject to compromise, you may
even want to allow the end user to configure certain options. But a
situation where the attacker has to compromise BOTH the computer and the
firewall is a massive improvement on where we are today.
As I wrote in another piece recently, in the house of the future we will
have twenty or more Internet capable devices in the house. I do not want to
spend sleepless nights worrying whether hackers have owned MrCoffee and are
using it to send spam.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg