blackhole spam => mail unreliability (Re: A Trial Balloon to Ban Email?)

Anne & Lynn Wheeler lynn at garlic.com
Fri May 9 22:35:36 PDT 2003 

Currently ISPs typically "notice" when they get complaints. ISPs could do a 
much better job of actively noticing and limiting mail at ingress ... as 
opposed to waiting for somebody to complain and canceling the account. Many 
of the recent statements about ISPs can't limit email at ingress 
dynamically are similar to the comments about not being able to filter 
ingress packets if their origin address didn't match the ip address of the 
sender (as stated in the original posting) ... per the ingress packet 
filtering RFC referenced in the original post.

My original post mentioned that the ISPs could then do their own effort of 
blacklisting (of other ISPs). Currently spam blacklists can be somewhat 
like vigilantes .... with the argument analogy that since vigilantly 
justice can make mistakes then there shouldn't be any highway patrol, FBI, 
and/or secret service. ISPs would be expected to filter on ingress of email 
from their own customers .... and even if the 10 top ISPs blacklisted other 
ISPs that didn't do a reasonable job of ingress filtering ... it could 
start to put a big dent in the spamming business, possibly cutting it from 
40-80% of existing email down under 5-10%. It is sort of like stop signs 
and stop lights .... there are typically hundreds of more intersections 
than there are traffic enforcers .... however with sufficient leverage ... 
it can significantly improve the situation ... even if it can be proved 
that it can't, absolutely, 100% guarantee one hundred percent compliance.

I didn't make any statement about ISPs attempting to identify spammers when 
they register the account .... the original post was only with regard to 
ISPs doing active email ingress filtering. My ISP recognizes and bills me 
extra if I'm simultaneously connected multiple times ... there is a little 
latitude for modem hanging, my dropping the line ... but the modem not 
reporting it ... and my connecting on a different modem. It also does 
traffic load-leveling if I really try and hit it hard. If it can bill extra 
for simultaneous connects and traffic load leveling, it can do both packet 
ingress filtering and email ingress filtering.

past thread drawing the analogy that the information superhighway is 
something like the wild west .... w/o traffic rules, traffic signs, traffic 
lights, speed limits, and enforcement. start with a couple hundred people 
in town .... and went to millions ... and there still isn't even any rule 
about which side of the road people should be driving on.
http://www.garlic.com/~lynn/2001m.html#30 Internet like city w/o traffic 
rules, traffic signs, traffic lights and traffic enforcement

At 06:02 AM 5/10/2003 +0100, Adam Back wrote:
>On Fri, May 09, 2003 at 10:11:52AM -0600, Anne & Lynn Wheeler wrote:
> > So it is much easier for ISPs to have lists of other trusted &/or
> > untrusted ISPs that they will accept email from.
>
>Any internet user needs to be able to send mail to any other internet
>user.  Which means the default has to be open (blacklists rather than
>whitelists).  Then you have the blackhole lists like ORBs etc, which
>block domains used predominantly by spammers.  But the problem is
>spammers don't stay in one place, they buy service from ISPs and spam
>flat-out until the ISP notices and cancels the account.  Some ISPs are
>more grey -- they want to make money from spammers by providing them
>service, and some ISPs just don't notice or respond that quickly.  The
>ISP can't distinguish spammers from non-spammers when they receive
>customer orders.  The blackhole people are arbitrary vigilantes by and
>large, so the overall effect you might argue does reduce spam, but it
>also results in lost mail.
>
>My experience was I couldn't get mail from my brother who was using
>btinternet, one of the largest ISPs in the UK because some idiot
>blackholer blackholed their dynamic IPs.  Not doubt there were at some
>time some spammers using BTinternet as with just about any other ISP.
>Recently I couldn't receive mail from John Gilmore, and so it goes.
>
>So I don't see how this is a "solution", rather it is just a broken
>countermeasure with scatter gun fall-out of false positives for all
>the other people who find themselves sharing the same ISP as spammers
>long enough for the blackhole people to add them.
>
>Adam

--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

More information about the cypherpunks-legacy mailing list