Abstract of proposed Internet Draft for Best Current Practice (please comment)

Whether it is implemented is not my business. I am the doctor
diagnosing the illness and prescribing the scientifically validated
cure, and warning the patient of the quack remedies on the market.
My job is done now (almost, I just have to reformat and submit as
I-D, maybe a few more hours).

The problem is you're not defining a cure. You're defining rules for
a quarantine. Quarantines work when you have a single, reliable,
authoritative entity enforcing them...but when you allow people to decide
if they want to respect the quarantine or not, it doesn't work.

Unless there is some mechanism to enforce the respect of the quarantine
you propose, beyond the supposed benefits of the quarantine, your proposal
will not work. See, the benefits will never be universally accepted...most
people would prefer a best-effort filtering solution that empowers the
end-user to ultimately decide what they want to reject.

Does that shift the cost to the receiving end? Yes. Is that better than
preventing your customers from reaching large portions of the net? Most
emphatically yes.

If you look at it another way, why would an almost-tier 1 pay for transit?
All it does is make them pay a price to be able to reach certain parts of
the net. If losing money is such a motivator for stopping network abuse,
your proposal would inherently link "the price of filtering" with "the
price of being able to reach all of the net". Therefore, if people are
willing to pay for transit, under the logic of your proposal, they should
be willing to pay for filtering.

Until people are perfect, filtering out the bullshit they spew will always
be a technical band-aid for a social problem. The key is to push the
decision making to the end-user, not to a central authority.

By way of background, I wrote a very famous book (War Comes to Long
An) on a matter of transcendent national importance, in 1972. It
also (by inference) prescribed some medicine. It got a lot of
criticism at the time, but it is now the canonical analysis of that
problem, used in universities and military/diplomatic training
institutions worldwide. It took several years for this to happen.
I know, from talks with friends in the White House, that MANY
people are alive today who would be dead had I not spent three
years of my life writing that book.

Unfortunately, writing a well-respected book about a peasant revolt in
South Vietnam doesn't bring any free credibility to this arena.

If nothing else, you should realize the inherent flaws in attempting to
enforce rules (perceived to be unjust) on people who do not wish it.

I have spent three years developing this draft BCP. It is a cure,
in fact the ONLY cure, for the spam menace. It will work. Whether
people want to take the cure is up to you and your colleagues. I am
just a drive-by spamming victim who got sick of the pointless debate
and decided to analyse the problem based on what I know of technology
and of human behavior (having studied both professionally; I am
trained as a social scientist from a well-known institution in
Cambridge Massachusetts but have spent most of my recent adult life in
technology; I was in the Army signal corps before that). This is
just a charitable effort on my part. I am not selling anything.

I also studied at a well-known institution in Cambridge, although I was
more interested in beers, bongs, and bitches (no disrespect intended to
women, that was just the saying...people will do anything for an
alliteration).

Anyway, I respect the effort and the intent. What I'm trying to convey is
that the total and willfull ignorance toward practicality is your fatal
flaw.

My apologies for the personal discussion which I would not
ordinarily go into, but it is germane here so you all can understand
I have no vested interest in pushing software or hardware. This
effort is completely unrelated to my life work except in the sense
that I am a spam victim.

No, we're painfully aware that you're an academic. That's actually the
problem. If you were a hardware or software vendor, you might be proposing
a solution that people can purchase and implement. You're proposing a
radical paradigmatic shift of the way the internet works.

The last paradigmatic shift that was actually implemented, that I can
think of, was CIDR. And CIDR was _desperately_ needed, and universally
accepted as THE solution.

There are lots of well-run networks that don't accept inbound spam
and don't enable outgoing spam. Their customers are happy and they
are making money.

Correct. And those networks don't use your methods.

>Remember, it's a fine line. The network operators don't advocate
>abuse;

Some do and gain lots of revenue from it. See the sad truth at

  <www.camblab.com/nugget/spam_03.pdf>

Surely, as an acadmeic, you realize the fault in citing your own papers
(that haven't been rigorously investigated and upheld by the community) to
prop up your own arguments?

And unfortunately, there are serious flaws in the paper, far beyond the
scope of what I'd care to get into.

By far, most of what you attribute to malice would be more likely
attributed to incompetence, to steal a quote from the brillliant .sig of
somebody somewhere on one of these lists.

>the business end of cash-desperate networks are the driving
>force in this industry, not us.

You have elegantly stated the Environmental Polluter business model:
internalize the revenue streams from the customers, and externalize
the losses imposed by spam-enabling actions and negligence.

GE used to work on that business model. They are no longer dumping
effluents into the ground in Pittsfield Mass. This could happen
to the Internet! (with your help--go for it!)

Except, nobody's health is affected by this...and the revenue impact is
minimal also. Otherwise, that would have been the motivation to fix the
problem long ago. Your propose to make the revenue impact much greater
(through collateral damage), and I'm here to tell you that what you
propose is the technical equivalent of cutting off one's nose to spite
one's face.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills 301-682-9972
Xecunet, LLC www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access