S Woodside wrote, RE: spam
How about the cost of legitimate emails that get filtered and never
read. Not everyone scans the list to check for false positives.
In a major example of false positives, we already have examples of one
real cost of spam. AOL (as one example of many) has declared ranges of
IP addresses marked 'residential' as invalid for running a particular
application. In this case SMTP, but which app is next? There is a 'guilt
by association' presumption here by the operations community, which when
carried into other applications results in substantially limited value
in the core IP protocol.
With this type of policy, the operations community is dictating which
applications can be run from specific ranges of IP addresses. This would
be comparable to the phone companies dictating that modems couldn't be
used from phone numbers that were allocated for voice use. Clearly the
operations community is fighting back with the limited tool set they
have, but they are setting a very dangerous precedent in the process.
While the IETF can't dictate operational process, it must defend the
open and free use of its core protocol. Part of that defense means
finding architecturally viable alternatives to the evolving operational
hacks. One approach would be to undeniably associate an IP address with
a person, so existing legal recourse would be simplified. Privacy
advocates would take issue with that approach, so another would be to
encode the exact location of the source in the address, and use strict
RPF to enforce it. Location coupled with time would provide the legal
system with needed evidence, without compromising personal privacy.
There are likely other options, and issues to discuss, but we should not
just push this out as 'hard so it must be research'. The open utility of
IP is at stake here.
Tony