Except the targets are *everybody* including the access networks.
This really is "if you are not part of the solution, you are part
of the problem" and applies 100% to access networks.
And it doesn't require governments, it just requires CEO's with the
gumption to say we are not going to accept routes from you, via
transit or direct, until you publically state that you are implementing
BCP38 within your network and then follow through.
Many/most CEOs would not have an understanding of what a BCP is and
their first response likely would be to ask, "What's the business
What I've tried to explain to people is that not being used as a botnet will reduce their outbound traffic. It's not much, but it's something.
Government regulation is also not the answer. They can't all agree
on basic crap, much less on some esoteric (in their opinion) netgeekery
Just have the NSA paint it as a national security issue.
Then we aren't doing our educational job correctly.
In part, that's my fault, because I dropped the ball on
So let me pick the ball back up: would everyone who has asserted in this
thread that BCP38 is the New Hawtness from 20 years ago, please take 30
minutes out of your weekend, and go find a place 'pon that wiki that
you can usefully apply a Vulcan Nerve Pinch to make it more suitable for
us to wave in front of the faces of the people about whom Scott is
I have just rewritten the front page a bit, in recognition of the fact
that as it was, it did not really address that audience itself, but more
detail work on the interior about who should enable BCP38 filtering,
how they can do it, and why they don't -- and why those reasons are
spurious -- would be very helpful.