Re: The right to refuse, was: Re: Principles of Spam-abatement

Dean Anderson wrote:
> On Sun, 14 Mar 2004, Yakov Shafranovich wrote:
>
>
> > This is a human problem, not a technical one - the ISPs are unwilling in 
> > many cases to handle abuse reports seriously, or are unwilling to invest 
> > in any kind of infrastructure to detect abuse. 
>
> This isn't true. Certainly, it is not representative of the industry. Over
> the years, I've submitted many reports of abuse of our relays to many
> other ISPs, and only in a few cases have run into admins (but rarer still
> ISPs) who were unwilling to help.  In those few cases, the admins turned
> out to be radical antispammers, who thought it was OK to abuse open
> relays.  Of course, when escalated beyond those admins, the ISP's felt
> differently.
First of all, I would like to clarify that I am refering to abuse 
reporting not just for open relays, but also for hijacked machines and 
spammers abusing AUPs of their connectivity provider.
Unfortunatly my experience with with abuse reporting has been different 
than yours. In most cases when I reported network abuse, very little 
action has been taken. In one memorable recent case, it took over three 
weeks and a threatening fax to the CEO's office to stop a hijacked 
machine on a DSL network of a US "baby bell" from speweing viruses to my 
email address. Additionally, the feedback I have been getting from some 
of the people who write and sell software for abuse desks at ISPs has 
been that most ISPs do not respond to individual abuse reports until the 
report count reaches some magic number irrevelant of the number of spams 
actually being reported.
In any case, it seems IMHO that there exists a percentage of ISPs that 
either ignore or mishandle abuse reports. On the other hand there exists 
a percentage of ISPs that respond to abuse reports in a timely fashion. 
We seem to be in disagreement as to what those percentages are, but it 
seems to me that we all agree that both types of ISPs are present on the 
Internet today.
Given that, should the IETF pursue development of standards to make 
abuse reporting easier to facilitate the work of those ISPs that 
actually do handle abuse reports properly? This is an example of 
something that we have been asking at the ASRG 
(http://asrg.sp.am/subgroups/abuse_reports.shtml). It is something 
within the scope of the IETF's charter, can possibly be useful for 
reducing spam by making it cheaper for some ISPs to handle abuse 
reports, and is not something that claims to solve the entire spam 
problem as a silver bullet. But clearly it is only a technical tool that 
facilitates the human solution to spam - handling abusers. The key 
question is whether the benefits provided by such standards justify the 
cost of implementing and developing them. This is of course something we 
can and probably should argue about.
This is one of the many examples of things that the IETF can do that do 
not solve the overall problem, but are very well within the IETF's 
charter to make standards and can help with some aspects of the spam 
problem. Of course, we can argue about how much impact it will make vs. 
the cost of the solution, but that's something we should be doing anyway 
as part of sketching out such solutions in order to evaluate them properly.
Yakov