You shut the mal-administered systems of from the internet until they
are no lnger a threat to the internet, just as you quarantine ill
persons who are dangers to the community. Solving the spam and security
problems requires nothing more, and nothing less.
The identities of chronically mal-administered systems are well
know.
There are some practical implementation problems at the margin but
for (I am guessing) 95% of the cases, it is trivially easy.
Jeffrey Race
So we're left with the conclusion that the fact there's a problem at all
indicates that there's a massive failure at the ISP level. It's either failure
of will, or failure of clue - though I suspect the former.
What *real* incentive is there for an ISP to take action? I mean, we all
*know* that support is usually a money sink, and nobody wants to turn off a
paying customer and then have to spend the time talking them through fixing the
problem. So if you're finding that your T-3 is finally full, and it's all spam
and P2P file sharing, you have to ask which costs more, actually dealing with
the problem users (and possibly scaring them off to a competitor), or just
biting the bullet and getting an OC3.
Other than the fear of a forklift upgrade of infrastructure, the only other
thing that currently works to motivate most ISPs is public derision on NANOG,
blacklisting, and anything else that is the equivalent of a swat across the
nose with a rolled up newspaper and a stern "Bad Puppy. You pooped on the
carpet, no doggie treat for you".