ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Spam, defined, and permissions

2004-12-28 17:19:31
from [Barry Shein] [Permanent Link] 

On December 28, 2004 at 16:58 laird(_at_)lbreyer(_dot_)com (Laird Breyer) wrote:

I believe my criticism is valid, but if I am looking at things too
simplistically, please enlighten me: The charging model is intended to 
push the problem from the ISPs to the end users. End users who don't
do their bit to fix the spam problem are priced out of the network.


I think it's trying to create a widespread economic motivation to fix
the problem.

No ISP would want to try to crowbar money out of people because a
virus ran up their bill (well, maybe some would, but no reasonable
ISP...)

But introducing economics does change the landscape.

Maybe, suddenly, MS wakes up and starts fixing their OS to not be so
virus-prone, particularly when a competitor is making inroads into
their market with a different OS which is much less virus-prone.
Because suddenly the public is getting anxious about these potential
or real charges as a result of being zombied over and over.

     Flash: On CNBC a short while ago someone from Forrester Research
     said that by the end of 2005 there should be more desktop Linux
     seats than Macintosh. So that'd make Linux #2 on the desktop.
     Not being vulnerable to viruses is a major feature of Linux.
     ``Do the math.''


But pricing doesn't tell the users just what they are supposed to do
under this scheme. There's the nebulous idea of "keep your PC zombie
free".


Which might mean demand better protection, such as from your OS
vendor.

A lot of the problem with spam at this point is cost-shifting, the
whole mess is a big hot potato.

    a) Can't charge the spammers, can't find them, even if you find
       them it's impossible to hold them accountable typically (aka
       "judgement-proof".)

    b) Can't charge the advertisees, can't find them or they claim
       plausible deniability.

       For example:

       Hey, why not charge Pfizer against all the money they make off
       viagra spam as they are the ``protected by law one and only''
       manufacturer, they're obviously benefitting, ok some is
       counterfeit and/or fraudulent but is all of it?

       There was an article a year or so ago in the technical trade
       press tracing the money trail of those mortgage re-fi spams
       back to referral fees (around $100 each) being paid by
       well-known mortgage brokers.

       More than a little of the magical remedies crap can be traced
       back to Herbalife, a real company that uses, ahem, "network
       marketing", and/or their ilk. In a nutshell, they sucker people
       into pre-buying a garage-full of their crap (to qualify as
       "distributors" etc) who then feel sorry for themselves and many
       are willing to even hire spammers to get try to get their life
       savings (sometimes as much as ONE THOUSAND DOLLARS!) back.

    c) Can't charge the ISPs (well, the ISPs get stuck with a lot of
       the bill), they claim common carriage or whatever. Or put
       better, WHO is going to charge the ISPs?

    d) Can't charge the infected zombies, they're poor hapless
       victims.

    e) Can't charge the end-users, it's just wrong to charge
       recipients of spam and no one wants to do anything *wrong*,
       right? Besides, some other ISP would just come along and turn
       that into a marketing slogan.

Round and round.

But lay it all out like that and it explains just where we are:

        Don't charge you!
        Don't charge me!
        Charge that fellow behind the tree!
                (to slightly bawlderize an old remark about taxation.)

Anyhow, the first step to solving a problem is admitting that you have
a problem.

And one problem here is not only the spam, but who is going to feel
the pain of either burdening it or getting rid of it.

It's not that different from a discussion about needing taxes to fix
the schoolhouse roof, who shall we tax? Can't tax the children, can't
tax just their parents cuz they didn't wear it out they're just
passing thru, can't charge property owners it throws old people out of
their homes, can't charge income taxes no enforcement authority, can't
take it out teachers' salaries they're too low already they'd all
quit, etc etc etc etc etc etc etc etc etc etc etc blah blah blah.


I made an analogy with global blacklists, which I think work on the
same principle.  ISPs harbouring spammers are censored out of the SMTP
network, but how they are supposed to keep their userlists spammer
free is nebulous.


By and large these were based on the now outdated assumption that most
ISPs from whom spam spewed were knowingly or negligently (and I mean
ignoring floods of complaints about one customer) selling facilities
to spammers who could easily be shut down.

The idea of blacklists arose in the pre-zombie days.

There are still ISPs which fit this description, malicious or
negligent beyond reason.

As an example, go google for articles about Savvis (owners of Cable &
Wireless) early in September 2004. I suspect we're about to see round
#2 of that.


Presumably, email is such a vital resource that end users who are
priced out of the mail network will do everything possible to return
to it, and that will somehow acts as a kind of breeding ground for a
true solution to the zombie problem. Perhaps that can truly happen, I
don't know.

I imagine that the same hackers who gave us P2P will find a way to
send email transparently, without necessarily using the existing email
network. Then we'll have two email networks, a free one and a metered one.


It'd be such a tiny proportion of the mail no one would care.

This is another example of "it wouldn't be absolutely perfect so
therefore it's fatally flawed" reasoning.

C'mon. 99% of the email would still be between people who have barely
made their Outlook function, not 3l33t h4x0rz.


You can only say "get another ISP" for so long and it becomes
a clear indicator of your level of understanding of the problem
itself, the mechanics, and the history. 


So long as ISPs don't collude, competitive pressures cannot be discounted. 


Well, not necessarily collusion.

If it became acceptable that a settlement system, e.g., occurred and
either you pay me for your customer's e-mail or I won't accept any of
your e-mail any more then you'd become disinclined at some point to
let your customer run you big bills (or even a lot of small ones where
"a lot" could be 100,000 $1 bills per month.)

That's not collusion, that's just business; pay or die.


-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] Spam, defined, and permissions, Hannigan, Martin
Next by Date:  Re: [Asrg] Call for contributors to develop `pay per fraudulant message` I-D, code, Barry Shein
Previous by Thread:  Re: [Asrg] Spam, defined, and permissions, Laird Breyer
Next by Thread:  Re: [Asrg] Spam, defined, and permissions, Laird Breyer
Indexes:  [Date] [Thread] [Top] [All Lists]