[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] Spam, defined, and permissions

To: asrg at ietf.org
Subject: Re: [Asrg] Spam, defined, and permissions
From: Devdas Bhagat <devdas at dvb.homelinux.org>
Date: Tue, 28 Dec 2004 22:14:02 +0530
In-reply-to: <A206819EF47CBE4F84B5CB4A303CEB7A04895C@dul1wnexmb01.vcorp.ad.vrsn.com>; from hannigan@verisign.com on Tue, Dec 28, 2004 at 10:40:36AM -0500
List-archive: <http://www1.ietf.org/pipermail/asrg>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
Mail-followup-to: asrg at ietf.org
Notice-requested-upon-delivery-to: devdas@dvb.homelinux.org
References: <A206819EF47CBE4F84B5CB4A303CEB7A04895C@dul1wnexmb01.vcorp.ad.vrsn.com>
Reply-to: Devdas Bhagat <devdas at dvb.homelinux.org>
Sender: asrg-bounces at ietf.org
User-agent: Mutt/1.2.5.1i

On 28/12/04 10:40 -0500, Hannigan, Martin wrote:
<snip>
> > 
> > On 28/12/04 09:46 -0500, Hannigan, Martin wrote:
> > <snip>
> > > > And exactly how does the telco propose to enforce my 
> > usage of their
> > > > server? Post 25 blocks? I just use another port, or I VPN.
> > > 
> > > We could play this circle game all day. At some point you're
> > > going port 25. If you VPN to someone elses system, fine, but they
> > > end up paying for your traffic if you break their cap.
> > 
> > My point is that I control both ends of the VPN, and I have no caps at
> > either end.
> > 
> 
> So what?
> 
> We can play this game all day. Try to
> understand where I am coming from before you decide to continue
> to play this losing game and waste both of our efforts:
> 
> 1. The rest of the world is the target, the 99.99999% of 
>    people who simply use Windows and browsers for most of
>    what they need. Not the .00000001% who are unix genii, 
>    illuminati, or other highly sophisticated users of the network.
>    They have their place, but it's not dictating the market.

Let me put it this way:
What I can do, a spammer can. Given that a zombied box is under the
total control of the spammer, this is a reasonable assumption.

Now, how does the telco stop the spammer from sending direct to MX spam?
Also, how does the investment into design and development into a billing
system which needs to work for lots and lots of ISPs get justified?

The simplest solution of aggressively blocking port 25 outbound/inbound
for these "users" works just as well, and does not require any major
additional investment, except some ratelimiting scripts.

>    [ BTW: For the non MSEX users, Devdas has a cute "flag" that
>      notes "Friends protect friends from Microsoft" it shows up
>      like an advertising banner (spam) in my client - this is fine
>      for egocentric discussion, but it's not a realists view -M< ]

Oh, that has been a running punchline for quite some time. All those who
read my mail with MS Outlook will see that flag.
X-Message-Flag: <Your message goes here>
 
> 2. Spending time developing client side fixes outside of secure systems
>    is a waste of time. Market force already handles the secure systems 
>    aspect.
> 
> 3. Most of the solutions out there today, RBL, xBL, DNSBL, 
>    etc. are well intentioned but misplaced shows of strength and would've
>    been better served higher up in the network and more effective in 
>    the hands of business people i.e. understands how nsp's work, capex,
>    opex, operations, etc. Most do not. The frothy  (well intentioned) people
>    of the early years hurt us all and made it near impossible to make 
>    any progress any higher up in the network as a result.

I agree. The original RBL was a BGP based list. That idea would still
work. Kill your spammer fast or get intranetted.

> 4. The Internet is _still_ in it's infancy and it's made it past the
>    "interesting toy" stage to a fully ingrained commerce network.
> 
> 5. Anything that has the potential to impact a providers bottom
>    line _and_ improve service capability will get attention. Most
>    will fail. Some will be taken serious. One may even make it into
>    serious consideration. 
> 
> How much more do I need to explain to you, Devdas? Every scenario you
> brought up, and can bring up, is resolvable through billing, operational
> approach, or regulatory action. 

My understanding of your solution is that enforcing it will either be a
nightmare, or an end to the peer to peer model of the Internet (which
really removes the usefulness of the network) or both.

Devdas Bhagat

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] Spam, defined, and permissions
  - From: Barry Shein

References:
- RE: [Asrg] Spam, defined, and permissions
  - From: Hannigan, Martin

Prev by Date: RE: [Asrg] Spam, defined, and permissions
Next by Date: Re: [Asrg] Please critique my anti-spam system
Previous by thread: RE: [Asrg] Spam, defined, and permissions
Next by thread: Re: [Asrg] Spam, defined, and permissions
Index(es):
- Date
- Thread