More on spamming..
Simon Leinen simon at limmat.switch.ch
Wed Oct 1 18:13:20 CEST 1997
>>>>> "Stephan" == Stephan Hermann <sh at nwu.de> writes: Stephan> We must stop those spammers with commercial ideas not with Stephan> technical solutions such as filtering out IPs with as-path Stephan> access lists. I agree that we should not get trapped by the technocratic view that we have to solve this problem with some kind of filtering mechanism, just because we can. In fact, I would go farther and point out that getting involved in such filtering is actually a dangerous path for us as ISPs to go down. Remember the debate about censoring stuff like bomb-building instructions or certain kinds of pornography? When some policitians suggested that ISPs should be held responsible for the content transmitted over their networks, ISPs rejected this idea with arguments like: We are just common carriers, we cannot play our customers' Big Brother, censorship is a bad thing etc. Now what's the difference between this and the UCE problem when ISP responsibility is concerned? I claim that there really isn't any. We're just more concerned about UCE because it is unsolicited and we receive so much of this SPAM ourselves. While it is understandable that we take every measure to solve this problem for ourselves, I don't think we should solve it FOR OUR CUSTOMERS. In fact all technical solutions result in some sort of censorship. We should not start censor mail (other than to ourselves as individuals of course) unless we're prepared to censor to other content we transport. Otherwise our political position will be very weak. Real solutions to the UCE problem will include laws(*). Personally I see this as a feature, not a bug, as long as those laws are reasonable. In the USA, there are currently three projects (see http://www.vtw.org/bigboard/index.shtml#junkemail or listen to http://www.hotwired.com/synapse/hotseat/97/39/stuff/antispam.ram). I think that there is a real chance that such laws will eventually bring UCE under control. What we can do is look at the proposals and help get similar projects on track in our respective countries. This is where I see a role for RIPE. On the other hand, the technical solutions proposed so far look quite dangerous to me, because they all try to solve the problem for end users in the mail transport infrastructure, rather than give users ways to solve it themselves. Such "end-to-end" mechanisms also exist and are worthwhile to study. One of my favourites are traceable one-time e-mail addresses which would be linked (cryptographically) to a specific context. You could use a different From-address for each mailing list you're on and for each USENET News thread you post to, and discard it when you're no longer interested in this context or when you want to reduce the UCE you receive. Of course this is my personal opinion and doesn't reflect the views of SWITCH or anyone else for that matter. -- Simon. *) Commercial pressure also seems to work to some extent: witness the recent problems of some spammers to find ISPs for their business.
[ lir-wg Archives ]