At RIPE-41, I posed two questions, one concerning the technical issue of
whether the standard engineering 80-20 rule would be useful for closing
spam paths. This issue has been dealt with indirectly over the past
couple of WG meetings (which, unfortunately, I have not been able to
attend).
The second question was if - for the sake of argument - an amount of
money was made available to the anti-spam working group for the purposes
of combatting spam, how would the WG use it most effectively? The
purpose of this question was to examine whether it would be useful to
change the direction of the anti-spam wg from a information sharing
group with a close eye on the industry, to a more proactive direction,
potentially making public noise or one form or another, or sponsoring
research, or getting more involved in legislation, or whatever.
So I ask the question again: if money were available somehow or
another, could the WG use it effectively, and if so, how?
At the time the question was asked initially, the pressing issue was
open relays in Korea. These days, things are different - open SMTP
relays are much more under control, only to have been supplanted by many
other things: "pink" contracts, virally-propagated trojan relays and so
forth. But the underlying problem has got worse - much, much worse.
Not least among my concerns is the fact that we still have an 80-20
problem, or at least a 90-10 one: 90% of the spam we receive is believed
to originate from a small number of individuals in the US, and most of
these people are based in a small number of states. And as the main
perpetrators and "crime locations" have been identified by organisations
like Spamhaus, it would make sense to me to concentrate efforts (if it
is felt that this is a useful thing to do) on dealing with a relatively
small but potent target.
Now that opt-out spam has effectively been banned europe-wide, the US
Congress looks likely at the moment to legalise opt-out at some stage in
the future, which is a disasterous idea. This would just legitimise the
problem, rather than controlling it in any way.
Would there be any support for creating some form of political lobby
system to pressurise the US Congress and / or the Florida / other US
state legislature? Would it be possible (or wise!) to involve the EU in
some shape or form, as they have would significantly more clout than the
RIPE anti-spam WG (whose impact in the US will be delta away from zero,
let's face it).
I realise that this is a pretty substantial step aware from dealing with
spam at a technical level, but I suspect that it's an approach which
might well do some long-term good if it were taken. I'm not suggesting
that legislating against opt-out spam is going to cure the problem, or
that the RIPE anti-spam WG is the appropriate platform to launch this
sort of effort, but it will create serious legal problems for existing
spammers and much higher barriers to entry to potential new spammers.
Thoughts on this? Or how would you spend money to combat spam, if you
had some?