ietf
[Top] [All Lists]

Re: IAB policy on anti-spam mechanisms?

2003-02-27 18:38:27
It seems there's a need to balance interests among different groups of
users.   What is your proposed solution to prevent emission of
spam via dialup, if you propose to discourage the DUL?  (My
proposal imposes a positive duty of care of ISPs to prevent
emission of spam, so I am quite concerned about this.)

Your question assumes that the DUL is actually a meaningful anti-spam
mechanism. It is not. So I should turn it around and ask you to state
exactly why you believe otherwise.

That said, I can say that it's no big deal for an ISP to determine
which of its customers had a given IP address at a certain time, as
this information is generally logged anyway. So allowing direct SMTP
in no way makes it harder to trace a spam complaint back to a user
account.

Behavioral Studies 1 teaches that responsibility is ensured only
by accountability, and accountability entails traceability.  What
is your alternative to ensure traceability for abusive transmissions?

I have just stated it.

Could you explain this please?   The difficulty I foresee is that
ISPs are under legal obligations to prevent their property from being
abused to injure others.  (Unfortunately many ISPs don't fulfill
their obligation diligently as of now, but that is another story.)
If the ISP chooses system-wide blocking, how could it be disabled
on a per-user basis without facilitating spamming?

Certainly. Just about every ISP (except for those run as fronts by the
spammers themselves) has an acceptable use policy that prohibits
spamming along with activities that are actually illegal. Nearly every
ISP maintains an "abuse" address to which complaints can be sent. I
use these addresses myself on a regular basis, either directly or
through spamcop.

I see nothing wrong with holding users accountable after the fact for
spamming or illegal activities. My only problem is with pre-emptive
mechanisms that block perfectly legitimate applications and hurt
people who have never spammed or broken the rules.

It is as if George W had dropped a 10 megaton nuke on Baghdad, saying
that stopping Saddam was more important than avoiding "collateral
damage" to the civilian population. When you're so powerful that no
one is in a position to stop you, you can easily invent your own
justifications for anything you do.

Well in fact collateral damage is the ONLY THING that motivates
certain scum ISPs to reform, as has been repeatedly proven.  I can
give you the cites if you like.   So collateral damage may have to
be viewed as an interim necessity given the low ethical standards
of some of the leading firms in the industry.

I have no problem with blacklists that contain IP addresses of hosts
actually known to generate or relay spam, as long as the owners of
those hosts are given the opportunity to fix the problem and be
removed from the blacklist. These are relatively narrow, focused and
effective mechanisms. Again, my only problem is with mechanisms that
are claimed to fight spam but in reality do little but hurt many
perfectly legitimate users.

Phil