ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The right to refuse, was: Re: Principles of Spam-abatement

2004-03-14 09:45:00
from [Yakov Shafranovich] [Permanent Link] 
Vernon Schryver wrote:

From: "Dr. Jeffrey Race" <jrace(_at_)attglobal(_dot_)net>

...

The only solution is one which removes from connectivity those
who dump their trash on the commons. This is easy to do. 

That is true in theory.  In practice it has been difficult.  I'm not
referring to the lies and whines of spammers and address block hijackers.
There are big problems getting slumlords to evict tenents that throw
their garbage and slops out their tenement windows onto the commons.
UUnet is the classic case, with its years of claiming to be unable to
act because it is unable to know from which window of which tenement
any given stinking mess came (i.e. check RADIUS logs or count SYNs to
outside port 25 and decide which of its resellers resold bandwidth to
the spammer).  When respectable people unilaterally shun all residents
of a tenement with many spammers, we are greeted with demands for
government and IETF intervention to stop our vigilante terrorism and
redress our violation of the fundamental right to a free lunch.
This is a human problem, not a technical one - the ISPs are unwilling in many cases to handle abuse reports seriously, or are unwilling to invest in any kind of infrastructure to detect abuse. For example, one of the ideas floating around the ASRG has been a BCP for handling hijacked machines. A detection mechanism would be in place that counts outbound email from a given machine or subscriber, and if that usage spikes the mail would be queied and the subscriber notified. How many ISPs actually willing to do that (although ComCast begun shutting down accounts of hijacked machines)? What monetary incentive would the ISPs have to do that? And even if the IETF publishes the BCP, there is no way to enforce it.
I do not see how the IETF can do anything to force ISPs to handle abuse complaints more seriously. This is why people tend to to block ISPs and IP blocks unilaterally in order to force ISPs to take action (not to say that I necessarily agree with it). The only two things that I see here that can be done by the IETF is either to facilitate easier abuse handling by ISPs via standard formats for abuse reports; or provide some kind of standards for exchanging reputation data among receivers. Both still rely on the human decisions made by both ISPs and receivers on how this data is used. 

Yakov
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The right to refuse, was: Re: Principles of Spam-abatement, Vernon Schryver
Next by Date:  Re: DARPA get's it right this time, takes aim at IT sacred cows, Eliot Lear
Previous by Thread:  Re: The right to refuse, was: Re: Principles of Spam-abatement, Vernon Schryver
Next by Thread:  Re: The right to refuse, was: Re: Principles of Spam-abatement, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]