blackhole spam => mail unreliability (Re: A Trial Balloon to Ban Email?)

Fri May 9 22:55:20 PDT 2003

On Fri, May 09, 2003 at 11:35:36PM -0600, Anne & Lynn Wheeler wrote:
> Currently ISPs typically "notice" when they get complaints. ISPs
> could do a much better job of actively noticing and limiting mail at
> ingress ... as opposed to waiting for somebody to complain and
> canceling the account.

So this would be the block port 25 except to ISP run mail hub
approach?  Firstly that only works for end-users; larger customers
want their own mail delivery and no abitrary restrictions on what they
can do with their pipe.  Then what is the ISP going to notice?  He
shouldn't be actively monitoring his customers traffic.  There are
lots of tunneling protocols, authentication is weak, spam can identify
other people as the sender (to some extent), host security is weak,
hosts are vulnerable to viruses.  Recently there was a virus with a
payload of an open proxy, which it was suspected was distributed by
spammers, or at least the spammers had discovered it and were using
it.

So I understand what you're describing, but it sounds lik a big messy
nightmare, which is pretty much where we are now and rapidly getting
worse.

> My original post mentioned that the ISPs could then do their own
> effort of blacklisting (of other ISPs).

Let's try something concrete: say some spammer starts using AOL to
send a batch to Eathlink.  So Earthlink notices and blocks AOL.  If
you seriously think this is the outcome, then email reliability
planet-wide has probably just dropped by 1% (or whatever fraction of
internet email travels from AOL->earthlink).  Repeat for all major
ISPs who are being abused by spammers with disposable free AOL CDs,
accounts bought with stolen credit cards, or just regular paid
service.  Messy right?

So I think it is not realistic to assume ISPs can do this without
massive reliaibility loss.  Typically I'm presuming blackhole lists
don't block large ISPs (modulo the BTinternet example I gave) because
of the fall out.  Basically any ISP of any size has an ongoing
turn-around of some proportion of their users who are repeat hit and
run-spammers.  So a blackhole approach can stop a static IP leased to
a spammer, used by the spammer only, but the same approach applied to
the hit and run cheaper ISP account using type customers (dynamic IP)
causes no end of reliability issues.

Analogies about the wild west don't really help in thinking about
solutions I think.  I like the decentralised nature of the internet.
I don't want to have to show government ID to obtain an internet
drivers license to send email.  When I buy a pipe onto the internet I
don't want "no server" AUPs, nor a mish-bash of blocked ports.

I understand the problem is hard to address, but let's not damage the
useful decentralised open architecture of the internet trying!

Adam