Re: [Asrg] Spam, defined, and permissions

On 28/12/04 10:40 -0500, Hannigan, Martin wrote:
<snip>
> > On 28/12/04 09:46 -0500, Hannigan, Martin wrote:
> > <snip>
> > > > And exactly how does the telco propose to enforce my 
> > usage of their
> > > > server? Post 25 blocks? I just use another port, or I VPN.
> > > We could play this circle game all day. At some point you're
> > > going port 25. If you VPN to someone elses system, fine, but they
> > > end up paying for your traffic if you break their cap.
> > My point is that I control both ends of the VPN, and I have no caps at
> > either end.
> So what?
>
> We can play this game all day. Try to
> understand where I am coming from before you decide to continue
> to play this losing game and waste both of our efforts:
>
> 1. The rest of the world is the target, the 99.99999% of 
>    people who simply use Windows and browsers for most of
>    what they need. Not the .00000001% who are unix genii, 
>    illuminati, or other highly sophisticated users of the network.
>    They have their place, but it's not dictating the market.
Let me put it this way:
What I can do, a spammer can. Given that a zombied box is under the
total control of the spammer, this is a reasonable assumption.

Now, how does the telco stop the spammer from sending direct to MX spam?
Also, how does the investment into design and development into a billing
system which needs to work for lots and lots of ISPs get justified?

The simplest solution of aggressively blocking port 25 outbound/inbound
for these "users" works just as well, and does not require any major
additional investment, except some ratelimiting scripts.

>    [ BTW: For the non MSEX users, Devdas has a cute "flag" that
>      notes "Friends protect friends from Microsoft" it shows up
>      like an advertising banner (spam) in my client - this is fine
>      for egocentric discussion, but it's not a realists view -M< ]
Oh, that has been a running punchline for quite some time. All those who
read my mail with MS Outlook will see that flag.
X-Message-Flag: <Your message goes here>
 
> 2. Spending time developing client side fixes outside of secure systems
>    is a waste of time. Market force already handles the secure systems 
>    aspect.
>
> 3. Most of the solutions out there today, RBL, xBL, DNSBL, 
>    etc. are well intentioned but misplaced shows of strength and would've
>    been better served higher up in the network and more effective in 
>    the hands of business people i.e. understands how nsp's work, capex,
>    opex, operations, etc. Most do not. The frothy  (well intentioned) people
>    of the early years hurt us all and made it near impossible to make 
>    any progress any higher up in the network as a result.
I agree. The original RBL was a BGP based list. That idea would still
work. Kill your spammer fast or get intranetted.

> 4. The Internet is _still_ in it's infancy and it's made it past the
>    "interesting toy" stage to a fully ingrained commerce network.
>
> 5. Anything that has the potential to impact a providers bottom
>    line _and_ improve service capability will get attention. Most
>    will fail. Some will be taken serious. One may even make it into
>    serious consideration. 
>
> How much more do I need to explain to you, Devdas? Every scenario you
> brought up, and can bring up, is resolvable through billing, operational
> approach, or regulatory action. 
My understanding of your solution is that enforcing it will either be a
nightmare, or an end to the peer to peer model of the Internet (which
really removes the usefulness of the network) or both.

Devdas Bhagat

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg