[Dshield] mail1.giac.net spamcop listed]

Chris Brenton cbrenton at chrisbrenton.org
Tue Dec 16 19:12:22 GMT 2003


On Tue, 2003-12-16 at 12:31, Kenneth Coney wrote:
> Total agreement (rant).  We need to put more of the responsibility on the 
> IPs.  No doubt this attitude is unpopular with the IPs. 

Its also not real popular with the people who do not run MS and thus do
not have any of the security issues that go along with that OS. Why
should I be restricted from sending echo-request packets to hosts out on
the Internet just because an exploit was created against one vendor
product and I don't even use it.

>  Still they sit 
> there and control the traffic that goes through their servers.  To me, they 
> are as responsible as a landlord allowing a tenant to run a crackhouse or a 
> house of ill repute. 

First off, most ISPs route traffic, they don't control it. There is a
_big_ difference. In order for your above model to be correct, ISPs
would have to be doing content level checking which just does not happen
due to the speeds that traffic is routed at. Most tier 1's are pushing a
Gigabit or higher through most of their backbones. Content level
checking at that speed is inaccurate at best, breaks real services that
might not be 100% RFC at worst.

Second, ISP are not really landlords as they do not own the data, the
content, or even the end points for that matter. They are more like the
highway services that built the road that runs past the crack house. 

> We also need to put some pressure on the 
> legislators who love raising taxes, but who offer little constructive 
> legislation in dealing with Spammers.  (VA excepted and their first 
> criminal case will be followed with interest by many.) 

Um, VA is not the first state to arrest a spammer, let alone convict
one. This is just the first under their new rules. Also, the Internet
expands a bit beyond the US borders so legislation does little good when
the source is Brazil, China, etc.

> Here's a question that could lead to control of Spam;
> Should a State license (with serious penalties for end users and IPs that 
> ignore the rule) be required for each machine that will send more than 150 
> emails per month?

Again, the Internet is not just in the US so this is going to do zip.
Not to mention you are effectively saying an e-mail tax is a good idea
(I doubt licensing would be free). 

> (Second and third licenses envisioned for users who send more than 500 per 
> month, or 1000 per day, etc.  Make them pay more for each 500 emails, cut 
> the Spam profit.)

You would also kill many a mailing list as you charge them more money
per subscriber. I'm not liking this idea. :(

HTH,
C





More information about the list mailing list