On Thursday, 24 בJuly 2008 23:39, Oron Peled wrote:
While I do have a faint hope to see this thread die eventually, and I
avoided saying anything so far, I do want to make one or two contributions,
mostly factual, and some based on my own experience and beliefs,
so bear with me.
1. SPAM is here to stay, mostly due to human nature. For people who want to
sell something, this is an easy and cheap way to get more clients. This is
from the human psychology/sociology point of view
2. SPAM is here to stay, from a technical point of view, due to the fact that
SMTP (and the following RFCs that enhance it) were not designed to deal
with sender authenticity. In fact, I believe that up to this day, an RFC
compliant mail system is required to accept the following:
MAIL FROM:<>
3. ISPs should, in general, serve as a model of the phone system, that is,
their job, as long as the law doesn't say otherwise, is to pass the packet
of their user to wherever this packet may want to go. ISPs were not
chartered to be a census. Of course that laws extend this bit, but this is
in general what ISPs should do. Breaking this model in order to combat
SPAM will destroy something, that to me is at the core of what an ISP
should do on one hand, and it will NOT win the fight for the "spam
fighters", it'll be just another step in this escalation war. Remeber that
the budgets available for the people who want to SPAM and their interests
are far too great to not overcome this.
4. As long as there are people who want to sell something, and who desperately
need the clients, the race between the spammers and the "spam fighters"
will continue, and will escalate. SPAM will cease only when it becomes non
profitable to the SPAM originators. That is, the day when using SPAM to
advertise will no longer prove useful (aka wont generate enough income, or
more efficient ways of electronic advertising will arrise) that is the day
when SPAM will die.
5. ISPs should, despite what I portray in point 3., behave responsibly. That
requires a responsive and understanding crowd though, that is, the
customers. For example, the default dynamic IP account at an ISP should
include a preset services base. Adding more services (like opening port 25)
should be done per request (opt in), and might also be something you need
to pay for (as you increase the liability of the ISP itself). Think of it
as advanced user account. Of course you'll have to sign whatever document
required, etc.
6. Another point I thought about is that a customer who is repeatedly hacked,
(trojaned, etc) should be limited in access, and he should be offered a
protection pack from the ISP, which includes a basic training in Internet
dangers, and also A/V, antispyware, App firewall etc, and also that his
traffic should be proxied and cleaned on it's way out. Of course that his
"package" will be more expensive, due to him being a liability. Think of
insurance companies. When one becomes a liability (repeated cases), the
insurance company will either refuse to insure you anymore, or will charge
more for the same coverage, due to the customer being a liability.
Just to make sure, I believe that the Israeli customer (on the avg.) is far
from the point of caring whether his/her actions hurt others, and as such
is not ready for the above described ideas. In this case, what is needed
is an ISP who will be pioneer and take this road. Others will follow suit
eventually.
7. I do believe that some people on this list, while they have a theoretical
point of view on how things should operate, lack the understanding of
how things really turn out to be in the real world of ISP operations.
Forgetting that the ISPs first, and foremost interest is to make money
and make their shareholders happy is a fatal error, on the part of
theoreticians. That however doesn't mean that everything ISPs do is
acceptable, and sometimes very far from it. A balanced view however,
that understands both the theory, and the practice is needed to be able
to solve problems in the real ISP world.
I bid you all a nice weekend.
--Ariel
--
Ariel Biener
e-mail: [EMAIL PROTECTED]
PGP: http://www.tau.ac.il/~ariel/pgp.html
================================================================To unsubscribe,
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
