Put another way, it's not the spam which is a problem, it's what makes
it impossible to stop, short of abandoning fundamental assumptions
about the medium, which is the problem.
First off, thanks for your email message. Very wise and fitting words.
I believe the problems of spam, ad/spyware, worms, drone armies, etc.
can all fit under one category: abuse.
End users can't really use services and/or get abused, while the service
providers need to invest in bigger tubes, filtering, and/or man power
accordingly and relative to their business decisions.
As I said before, all these problems are indeed connected. I haven't
articulated it as well as you did (thanks!! I already forwarded your
message to another list! I really liked it if nobody got it so far..).
I believe it is time to declare this is an epidemic, and start acting
accordingly, as a community. Problem is, that although the Internet is a
community, it is built of three distinct and different yet equally
important parts:
1. The business oriented service provider, that sees no real reason to
lose users, lose bandwidth payments and/or invest money in the issue.
2. The numerous networks that people who never even heard about security
and/or abuse, run.
3. The end users who don't, and really shouldn't care about security -
the problem won't be solved here.
These three layers are directly connected in a descending manner. Each
could effect the rest, and usually in different levels of success.
If one service provider decided today that they want to be good netizens
and block users who abuse their connection - these users would switch
ISP's. If the big guns would decide, together, to drop customers
(smaller providers) who are abusers/harbor abusers, they then won't have
anywhere to run. You can take these examples on, recursively.
But how do you make the ENTIRE Internet work together? You can't.
Community based changes of this magnitude are difficult, fought against
and usually are in competition with many others. Possible yet not really
practical (note that in this particular case I don't include the big
providers under the definition of community).
Then, how do you make the BIG providers spend money when they don't get
anything in return, but rather lose money (despite most claims, I
honestly believe providers either don't care or benefit from spam,
nothing insidious or conspiratorial.. just my opinion).
Then, how would you get the end users to secure themselves?
It's an issue of numbers.. how many end users in the world? How many
networks? How many big providers?
As long as we allow this crap through our tubes, it will stay there. It
is that simple.
Gadi.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg