On Fri, May 09, 2003 at 11:35:36PM -0600, Anne & Lynn Wheeler wrote:
Currently ISPs typically "notice" when they get complaints. ISPs could do a much better job of actively noticing and limiting mail at ingress ... as opposed to waiting for somebody to complain and canceling the account.
So this would be the block port 25 except to ISP run mail hub approach? Firstly that only works for end-users; larger customers want their own mail delivery and no abitrary restrictions on what they can do with their pipe. Then what is the ISP going to notice? He shouldn't be actively monitoring his customers traffic. There are lots of tunneling protocols, authentication is weak, spam can identify other people as the sender (to some extent), host security is weak, hosts are vulnerable to viruses. Recently there was a virus with a payload of an open proxy, which it was suspected was distributed by spammers, or at least the spammers had discovered it and were using it. So I understand what you're describing, but it sounds lik a big messy nightmare, which is pretty much where we are now and rapidly getting worse.
My original post mentioned that the ISPs could then do their own effort of blacklisting (of other ISPs).
Let's try something concrete: say some spammer starts using AOL to send a batch to Eathlink. So Earthlink notices and blocks AOL. If you seriously think this is the outcome, then email reliability planet-wide has probably just dropped by 1% (or whatever fraction of internet email travels from AOL->earthlink). Repeat for all major ISPs who are being abused by spammers with disposable free AOL CDs, accounts bought with stolen credit cards, or just regular paid service. Messy right? So I think it is not realistic to assume ISPs can do this without massive reliaibility loss. Typically I'm presuming blackhole lists don't block large ISPs (modulo the BTinternet example I gave) because of the fall out. Basically any ISP of any size has an ongoing turn-around of some proportion of their users who are repeat hit and run-spammers. So a blackhole approach can stop a static IP leased to a spammer, used by the spammer only, but the same approach applied to the hit and run cheaper ISP account using type customers (dynamic IP) causes no end of reliability issues. Analogies about the wild west don't really help in thinking about solutions I think. I like the decentralised nature of the internet. I don't want to have to show government ID to obtain an internet drivers license to send email. When I buy a pipe onto the internet I don't want "no server" AUPs, nor a mish-bash of blocked ports. I understand the problem is hard to address, but let's not damage the useful decentralised open architecture of the internet trying! Adam