At 1:35 PM -0700 5/4/04, Hallam-Baker, Phillip wrote:
[...]
The point about 'collateral damage' is not that it serves any
strategic purpose, it does not, all it does is to feed the egos
of the people who engage in it. It fails in the spam context
for the same reason that it failled in the military context.
Collateral damage forces parties who are natural allies to treat
you as the enemy.
Unfortunately, there is some evidence to the contrary. Lurk in
news.admin.net-abuse.blocklisting for a bit and note the Verio and
ev1.net behavior (among others). It seems that some providers have
decided that the collateral damage (a bad term actually, as the
original refers to *unintentional* destruction) is more than they
will tolerate, and so they react as soon as there is any.
There is a utility in certain very narrowly tailored blacklists.
But they should never attempt to list any address for any other
reason than it is a source of spam.
Speaking from the point of view of actually working with some
heavily-spammed mail systems, I think that is wrong unless you
include a very loose definition of 'is a source of spam' that
encompasses 'is a member of a logical set of addresses far more
likely to sources of spam than to ever offer a single piece of
legitimate mail to unacquainted networks.' Generally speaking, I'm
thinking of the lists that have evolved from the original concept of
a dialup list, still generally referred to as 'dynamic address' lists
but that's a misleading name. The real unifying element is not
whether addresses move from user to user in those ranges, but that
the providers (RoadRunner, SBC, Cox, Telefonica, Wanadoo, UPC,
Comcast etc) are selling service at such a low price that they
attract customers incapable of securing their own machines while the
providers cannot afford to enforce security of any meaningful sort on
their own networks. In short: networks where there is no competent
authority. In some cases (e.g. the many ranges of SBC DSL space that
they they SWIP with 'PPPoX Pool' in the CustName field) it is rather
easy to identify likely sources of spam and other sorts of bad
behavior, and blacklisting such blocks before each individual address
has been abused is a very useful tactic with negative side effects
that most sites will never encounter.
Another example: AOL is rather open about the fact that they try to
prevent direct SMTP connections to the outside from their customer IP
space. At times that has been accomplished imperfectly. A blacklist
with all of that space would mostly have addresses that have never
sent any spam at all directly to the world at large, and would be
100% made up of addresses whose legitimate authority says they should
never be offering anyone mail of any sort.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg