ietf
[Top] [All Lists]

Re: Guidance for spam-control on IETF mailing lists

2002-03-18 13:40:03


The behavour that bulk emailers exhibit is substiantly different from
happened in this case.  I've outlined in detail what our people had
done -
if you look at the bulk mailers and their practices it is not difficult
to
determine many key differences.   In fact if you look at the various
forms
of legislation around the world, including in the US at the moment, they
take into consideration issues pertaining to the authenticity of the
messages (forged headers), theft of service (unauthorized use of third
party
systems) and similar issues.  Going by memory, some also take into
consideration the harassment factor, or how many times a single message
is
bombarded against an unsuspecting individual, however sadly, from what I
can
read, the current proposed US federal legislation into this does not go
this
far.

Amen to that - the US legislation makes SPAM the problem of the end-user or
recipient and that is just plain wrong. The legislation needs to be amended
or turned upside down so that the last person responsible for the spam is
the person it is sent to. Not the first.

In short the legislation is trying to go after the bulk mailers
without killing the Internet as a medium for electronic commerce.

I have a different view - The legislation currently in force gives them
(Bulk Mailers) a method of existing at least once for each identity they
coin and they can send out a major spamming and then just dry up and blow
away - I can see it now. Spam from Domain 102115.com today and tomorrow from
domain 102116.com and so on. Ad infinitum. There is no end - each one with a
new life period of from a day to a week or so.  That being what it takes to
get them caught.

The only thing at the Domain Level that  will stop these types of domain
based SPAM is to get into it at the InterNIC level and to:

    1)    Link the inter-registrar "domain systems" together tighter such
that rule sets can be propagated within a single 24 hours. Say once an hour,
which potentially limits any Spammers exisitence to potentially as little as
a single hour or so.

    2)    Create a set of mechanisms wherein the DNS services of a SPAMMING
operator can be suspended as part of this regular  rolling of services and
take to the level such that any such domain is to be shutdown immediately
pending receipt of good contact data from their owners.

    3)    Create a process whereby all domains registered to any set of
Domain Managers can be identified. This will help when domains that have to
real way to contact their owners are found and you need to find any others
they have registered.

These steps will make Spam much more livable -



  This is my understanding as well.  Perhaps than Vernon is suggesting
that such legislation does not go far enough, and is advocating a form
of censorship?


Under the current legislation the real issue is that the email facilities
are essentially provided "as is" by the Email service providers. Most ISP's
don't want to or are not capable of being responsible for making sure that
the email that their systems deliver or propagate onward is of a
non-intrusive nature or not.  The problem is that we as the subscribers to
this wind up footing the bill for it, both in actual data services and in
time. If we make SPAM the ISP's problem and create a formal set of email
routing/response rules,  I assure the problem will get addressed.

There are effective ways to do active filtration and for the US perhaps the
thing to do is to nationalize the boarders and declare what can and cant
cross them protocol and content wise. The Homeland Security Office could
likely do this unilaterally. This would give law enforcement a method of
reacting that is stronger than what they have now and will force the ISP's
to evolve smarter and more efficient email systems.

Todd Glassey