Re: The right to refuse, was: Re: Principles of Spam-abatement
2004-03-14 12:35:57
Vernon Schryver wrote:
From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
...
How many ISPs actually
willing to do that (although ComCast begun shutting down accounts of
hijacked machines)? What monetary incentive would the ISPs have to do
that? And even if the IETF publishes the BCP, there is no way to enforce it.
At $30/month, an ISP can't afford to do much watching for spikes. It
certainly can't hold the hands of users who couldn't be bothered to
install virus defenses or not open attachments. About all that a
"consumer grade" ISP can afford to do is preemptively block outgoing
port 25, 135, etc. for all customers. I've been complaining for years
that is slum tenement Internet service, but it seems to all that must
users are willing to pay for, in money and in acquiring and using
technical expertise (e.g. virus filters and not opening attechments).
I agree with you - most ISPs do not have enough profit to do anything
other than unilateral measures like port blocking. Another similar
unilateral measure that very few ISPs started doing is to shut off
accounts of customers with hijacked machines. One of my family members
has an account with AceDSL, a small DSL provider in NYC, and had his
account suspended because one of the computers in the house has been
infected with a worm (Comcast claims to have started doing that with
hijacked machines used for spam). Of course, this like port blocking is
a rather harsh measure which might not be profitable for an ISP for an
ISP to do in the long run.
If the IETF would officially define "slum tenement Internet service"
(with better words, of course), then truth in advertising laws, the
value of product differentiation to ISPs, and savvy users might make
port 25 filtering universal where it is needed and absent elsewhere.
That would stop lunacy like blacklisting any IP address whose reverse
DNS name contains the substring "dsl."
I am not sure if it's the IETF's role to define such definition. But in
any case, the problem is that given the current situtation that ISPs do
not have sufficient incentive to deal with the problem at the end
points, is there anything that the IETF can really do aside from
providing some standards and publishing BCPs?
I do not see how the IETF can do anything to force ISPs to handle abuse
complaints more seriously. This is why people tend to to block ISPs and
IP blocks unilaterally in order to force ISPs to take action (not to say
that I necessarily agree with it). The only two things that I see here
that can be done by the IETF is either to facilitate easier abuse
handling by ISPs via standard formats for abuse reports;
ISPs don't need to exchange abuse reports, but to deal with their own.
There's no value in standardizing the unidirectional stream of abuse
reports from the spam-hostile part of the Internet to the spam friendly
part that largely ignores reports of abuse.
Given that most ISPs do not make that much profit, what anything change
in the long run about their ignorance of abuse reports?
Yakov
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Dr. Jeffrey Race
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Iljitsch van Beijnum
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Vernon Schryver
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Dean Anderson
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Robert G. Brown
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Yakov Shafranovich
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Dean Anderson
- Re: The right to refuse, was: Re: Principles of Spam-abatement, Yakov Shafranovich
|
|
|