[snip]
Unlike British Commonwealth countries (Britain, Canada, Australia,
etc) the USA does *NOT* have an automatic "loser pays" clause for
lawsuits. The USA gave the world SLAPP. Would you care to provide
multi-million dollar funds in escrow to defend against such lawsuits and
pay off any stupid judgements awarded by juries?
The problem of "fat cat" lawsuits is because of there being "fat cats" to sue.
One more of the (numerous) advantages of my fine-grained permissions-based
recipient-established sender whitelist is that there are no global decisions
being made which create any "fat cat" targets for lawsuits. The decisions to
not accept E-mails from any given sender come by definition from the recipient,
and I think it's VERY clear that recipients have the ABSOLUTE right to read or
reject or simply ignore anything at all, for any reason that makes sense to
them. What's a spammer going to do, sue his targets because they choose to not
read his stuff he sends them? I think not! :-)
And it's not merely a case of money. I wouldn't be surprised if the
mobsters behind some of the spammers resorted to contract killings to
shut down impediments to their "bizniss". In a climate like this, I
understand why the principals behind SPEWS seek anonymity. Please
understand that we're dealing with a bunch of thugs, hooligans, and
criminals. If we get into a streetfight against them whilst restricting
ourselves to Marquis of Queensbury rules, we're guaranteed to lose.
Good point. And again, my proposal (I feel) provides a definitive solution to
this problem, too. Recipients of the spam/virus/worm simply drop it
immediately, quietly, automatically, and with near-universal certainty straight
into the trash. Nothing goes back to the spammer (nor anybody else, thus
preventing "joe jobs"). Blacklists have the problem of (again) "joe jobbing"
someone; my solution doesn't require (or allow!) that. Things that come in
that are unwanted (dangerous attachments, unwanted or dangerous HTML, message
too large from unknown sender, etc) simply go unceremoniously into the trash.
If EVERYONE had that, spammers (like virus/worm authors) would simply end up
having to find a new way of pursuing their "bizness" since E-mail simply
wouldn't work for them anymore.
OK, yeah, they'd probably move next to "malicious Web sites" as their primary
vector for phishing and such, but at least (1) that's not a "push" technology,
and (2) we'd have pretty well solved the E-mail problem. Then maybe we can
next
rendezvous on the IETF's new "anti-malicious-Website Research Group" (remember,
you heard it here first). ;-)
But at least WE would have pretty well accomplished OUR goal HERE. :-)
Anyhow, back to the point... when RECIPIENTS have an easy, simple, fast,
straightforward way to establish a fine-grained mesh filtering what they will
and will not accept, and from who (and when there is no way for a spammer to
INQUIRE to help them find out "open" victims) then spammers simply have no
practical way to "guess" who will receive their stuff.
Since almost nobody will (in practice) enable anybody to send them executable
stuff (or tightly sealed archives, equally dangerous) we've virtually
eliminated
the E-mail propagation vector by which spambot zombies (or other
spyware/malware/viruses) are established.
Since unknown senders who send HTML have (by default) their messages filtered
out, nearly every trick used by spammers and abusers to conceal the real
content
of their messages are suddenly denied to them.
The result is limited-size plain ASCII text E-mail messages, which can
generally
be pretty well dealt with via good antispam content filtering (SpamAssassin or
its followers).
If I sound passionate, it's because DNSbls help keep my email usable,
which gives me a personal stake in the success/failure of DNSbls.
It's only one of many approaches, although I agree it's a nice one. One of the
(many) things that my present mail filter does is to T-can any incoming E-mail
message which references domains that I've seen been hawked in previously
received E-mail messages (and presently I add those to my personal list
manually, so joe-jobbing isn't an issue). Presently I use the same HOSTS list
as Windows uses for its DNS, so that even non-obvious cross-domain references
from Web sites I might visit that point to those disreputable sites are
similarly automatically and permanently disabled.
If they go under, I'll either switch to whitelist-only, or possibly give up
on email altogether.
Whitelist-only can, I believe, work **extremely** well if it's based on a
finely
grained set of permissions established for each given sender, and with a
suitable default action that permits some (limited size, safe, HTML-free,
attachment-free, don't "look like" spam) messages to arrive from previously
unknown senders.
[snip]
The real problem is ISPs who use the one-size-fits-all approach, and
use the same DNSbl(s) for all their clients. Allow people to use which
ever DNSbls they want, and the bad DNSbls lose users, and fade away.
The problem with approaches like this is that the time constants that seem to
be
associated with such "free market" market corrections seem to be very, very
slow
when viewed on a human time scale. One might think that "market forces" would
eventually force disreputable/dishonest/biased news media off the market too,
but it doesn't seem to be happening (not in the USA, at least) and instead
we're
seeing more and more concentration of the press (tv/radio/newspaper) in the
hands of those folks more interested in their own profits and agenda than in
reporting the news. In the case of DNSbls we're likely to see increasing
concentration in the hands of companies who (like those who make those
offensive
"Web content filters" imposed on libraries and such, which claim to make the
Web
"protected" for kids and against kiddie porn and the like, but which upon
further inspection) seem to have much more troubling political/social agendas
as
well.
I think that the solution for this, again, is to have the list of who people
trust be largely managed by THEM, THEMSELF, and modifiable at will whenever
they
feel appropriate (both additions and removals).
DNSbls with good reputations would have lots of users.
That's like saying that "radio stations which report the news honestly and
without bias will have lots of listeners" but in fact, experience suggests that
it's rather more the case that those who reinforce existing biases and
prejudices get listeners and those who challenge their preconceptions aren't
trusted (and especially when "most" sources seem to pander to their
preconceptions). I don't like the idea of extending the "media monopoly" model
to the Internet... it's a big enough problem already!
This would also provide ISPs some protection against lawsuits by spammers,
because the ISP would not be responsible for an individual user's choice of
blocking criteria.
Good point, although I think that my proposal (a recipient-controlled
fine-grained permissions list, based on who sent the message) is ultimately a
better way of achieving the goal, and of dealing with the (very valid!) concern
you've expressed.
Gordon Peterson http://personal.terabites.com/
1977-2002 Twenty-fifth anniversary year of Local Area Networking!
Support free and fair US elections! http://stickers.defend-democracy.org
12/19/98: Partisan Republicans scornfully ignore the voters they "represent".
12/09/00: the date the Republican Party took down democracy in America.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg