From: Yakov Shafranovich
If the IETF would officially define "slum tenement Internet service"
(with better words, of course), then truth in advertising laws, the
I am not sure if it's the IETF's role to define such definition.
There are plenty of RFCs that consist of little more than definitions
of terms. In a real sense, any standards track RFC is merely a list
of definitions of terms.
If the IETF has no business defining terms to name existing varieties
of Internet service, then it certainly has no business publishing BCPs
telling people how to provide Internet services, including how to run
blacklists.
But in
any case, the problem is that given the current situtation that ISPs do
not have sufficient incentive to deal with the problem at the end
points, is there anything that the IETF can really do aside from
providing some standards and publishing BCPs?
A definition of what they're doing and the truth in labeling laws could
give them some incentives. If ISPs offering slum Internet service
would admit that's what they're selling, they could preemptively block
port 25 and stop a large part of today's spam, worms, and viruses.
The majority of their customers would not notice any difference, except
fewer spam, worms, and viruses. Contrary to claims from some ISPs,
filtered Internet service is not technically difficult or expensive
to provide. In fact it is significantly cheaper, because it uses less
bandwidth and abuse desk labor. That is why many ISPs offer it instead
of real Internet service. (Some do try the cheaper and less honest
tactic of submitting their own IP addresses to so called "dynamic
blacklists" so that they don't need to hire help to configure their
routers to block outgoing TCP SYNs to port 25.)
Those users that did complain could be pointed at AUPs that often today
prohibit the use of "servers" and offered upgrades to accounts with
prices that allow ISPs to deal with the risk of abuse. That higher
price might still be $30/month but with a $3000 bond. Or perhaps
$300/month for the first 6 months and $30/month thereafter.
As someone said privately, the slumlord ISPs are not only skipping on
abuse desks. They also don't have valid SWIPEs, reverse DNS names,
NTP or NNTP servers, monitoring to meet the SLAs they almost claim to
offer and other services that come with real Internet service.
Given that most ISPs do not make that much profit, what anything change
in the long run about their ignorance of abuse reports?
The Internet is being separated into two parts. One part is of spam
filled slums that cannot send mail directly to the other part. That
is the common purpose of DNS blacklists and port 25 filters. Whether
you admit that fact and whether you say "slum tenements" and "real
Internet" or "spiritual heir to UUCP" and "transitive closure of direct
SMTP connectivity" doesn't change anything but the politics.
What is needed is for the IETF to try to prevent politicians, government
bureaucrats, and slumlord ISPs from colluding to regulate the whole
Internet down into the tenement slums. There are interests that would
love to see laws funnel all mail sent through Microsoft/AOL/Verisign
servers (probably using a form of PKI cert). Spooks, spies, and police
state officials would find those servers as convenient as monopolists
would find them profitable.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com