Policies affecting the Internet as a whole - Hitting where it hurts

You and your users should lay charges against AOL. They were in violation
of the ECPA which forbids them from deleting email like that the same way
the laws forbid a postal carrier from burning letters they don't want to
deliver.

And if anyone else is thinking of taking similar action to block email,
make sure you either filter port 25 in the router or you bounce back all
the email so that the sending party knows the mail is not going to be
delivered. Once you accept an email message you have a legal obligation to
deliver it to the addressee.

I agree that this is the letter, and the intent, of the ECPA. However, as
a matter of enforceable practice, none of the above matters. First off, most
actual spam does not have a meaningful return address -- indeed, making spam
unreturnable is considered a high art by those who engage in the practice.
Second and more telling, all we are required to do is make a "reasonable best
effort" at returning the mail. For the U. S. Postal Service, that means they
have to do with it what they do with every other letter of that postal class.
Same for e-mail. What we do with e-mail when disks crash is: drop it. What
we do when our network is congested is: delay it. What we do when we see a
large amount of junk in a mail queue that appears to be the result of some
automated process gone wild is (listen carefully) expunge it with no notice
to anybody.

The law will not hold you to a higher standard than "reasonable best effort".
For spam, that means a black hole. I happen to black hole in the router, so
that the mail never enters my system at all. But if I chose to receive the
mail -- which is sometimes necessary given that not all spam comes from known
addresses -- there is *nothing* the justice department would do about it,
since I would be making the "reasonable best effort" for the kind of traffic
that it is. The "postal class" for returned mail is "bulk".

Wow, a network discussion on NANOG that is actually north american in nature.

Basically, but not entirely; issues such as junk email, blocking networks
in routers, silently deleting/dropping email, and/or launching "attacks"
against other sites seem to always start in the U.S., then slowly migrate
across the Internet (which is, of course, global in nature). As you will
recall, this thread started because of someone in the ".ro" domain.

Something a lot of people forget, is that these issues are not as simple
as "contact your local law enforcement office" - the Internet knows no
boundaries, so it becomes quite common for problems to spread across
jurisdictions (which in the "real world", leads to slower response from
multiple law enforcement agencies due to required "due process" - after
all, who was killed, what millions were lost?).

For example, many people in Australia (".au") are hit with junk email from
the U.S. (mostly ".com", it seems); in cases where the subject of the
junk email relates to pornographic material for sale, the matter becomes
one of breaching the laws in Australia relating to censorship/labelling of
such material (and indeed, commercial advertising without the required
company identifying information). What can Australian law enforcement
agencies do? Not much. Do they really expect to achieve anything by
extraditing someone from the U.S. to face charges of breaching numerous
Commonwealth statutes? Not really.

This "reality" (nothing to gain from "small fry", so nothing done)
actually works in the Internet's favour, because it means law-makers and
law enforcement generally stays out of the way, leaving the Internet
"community" to deal with the matters themselves.

Problem?

Many people in the Internet "community" refuse to do anything (for
whatever reason), be they small-time ISPs, or large national/international
backbone providers. Sure, some people walk the walk and talk the talk -
some even actually follow-through .. but by-and-large, these problems are
growing, and with less and less co-operation within the "community", the
calls for law-makers and law enforcement agencies to get involved grows
louder and stronger.

Is that really what everyone wants? (Serious question.)

The Internet was once a *co-operative* network; whilst the Internet of
today is clearly more commercial in nature compared to its academic and
research origins, is it really all that much *less* co-operative?

Questions were raised about "blacklists" and "cartels", and all manner of
mechanisms whereby individuals and groups could be made to "toe the line"
of co-operation; it was also mentioned that allowing everyone to be their
own judge, jury and executioner can lead to seemingly unjust labelling of
sites as "rogue", without any attempt to verify this with the sites in
question.

I submit that the reason a lot of this is happening is frustration -
frustration that there is not enough co-operation to have stopped the
problems before they got this far (let alone any further).

I know that I've reached the stage whereby I don't care if I add a whole
domain to an email "blacklist" (don't receive any messages from said
domain) due to only a few miscreants - it's become far easier to do that,
than hit my head against the proverbial brick wall, trying to get ISPs in
the U.S. to do something (despite providing all evidence available).

Do you realise that these sorts of lists are now becoming akin to trophy
cabinets? "I have 200 entries in my list." "Oh yeah? Mine has over
500!" "Wow, gimme a copy!" This is *not* a good evolution of the
Internet, surely!

If groups insist on adopting a passive stance in the face all this
rubbish, then it's no wonder that "blacklists" and "cartels" develop,
taking matters into their own hands. If many people blocking traffic from
the same site help to wake that site up to its own lack of co-operation,
then maybe the end justifies the means? (Rhetorical.)

It was suggested that using the populist media can aid in raising
awareness in the "real world", to shake an ISP into action; with the
ever-increasing number of incidents, and their global nature, how many
people here have the time (or indeed, the money) to keep putting into this
sort of activity? I know I sure as hell don't.

Read that some site is not co-operating to deal with troublemakers at the
site? No messing about, straight into the email blacklist. It's not
always possible for an organisation to provider 100% protection, either
for its users or from its users, but at least *co-operating* to do
*something* is a sign of willingness - and that has to be good for
everyone.

Think about it - we have nothing to lose, and everything to gain by
solving the problem ourselves as members of the one global community.

Cheers..

David J. N. Begley
Network Analyst, UWS Nepean, Australia

[ Suspected "respectable" clearinghouse: http://www.vix.com/spam/ ]

[snip]

I submit that the reason a lot of this is happening is frustration -
frustration that there is not enough co-operation to have stopped the
problems before they got this far (let alone any further).

I know that I've reached the stage whereby I don't care if I add a whole
domain to an email "blacklist" (don't receive any messages from said
domain) due to only a few miscreants - it's become far easier to do that,
than hit my head against the proverbial brick wall, trying to get ISPs in
the U.S. to do something (despite providing all evidence available).

[snip]

Read that some site is not co-operating to deal with troublemakers at the
site? No messing about, straight into the email blacklist. It's not
always possible for an organisation to provider 100% protection, either
for its users or from its users, but at least *co-operating* to do
*something* is a sign of willingness - and that has to be good for
everyone..

Think about it - we have nothing to lose, and everything to gain by
solving the problem ourselves as members of the one global community.

Much to think about, for sure.

So how about a creating a "white"list?

How about creating some organization for which the pre-requisite of
membership would be adherence to a charter which outlined some standards
and policies for dealing with other ISPs when giving complaints and
standards for dealing with complaints received? The membership list could
be published and serve as a list of providers worth using, rather than
publishing a "bad" list (which, it has already been shown, is
problematic).

I'd be willing to put some time and effort into making something like this
work...

thoughts?

peace

jenni baier
jenni@grmi.org

The Internet was once a *co-operative* network; whilst the Internet of
today is clearly more commercial in nature compared to its academic and
research origins, is it really all that much *less* co-operative?
I know that I've reached the stage whereby I don't care if I add a whole
domain to an email "blacklist" (don't receive any messages from said
domain) due to only a few miscreants - it's become far easier to do that,
than hit my head against the proverbial brick wall, trying to get ISPs in
the U.S. to do something (despite providing all evidence available).

And it can continue to be a co-operative network. But, if you eliminate
domains and people based on heresay, or because it's easier, then you
yourself are stifling that co-operation. The sites in question
have no way to respond (they certainly can't send you email, and they
don't even know their on the list now).

Read that some site is not co-operating to deal with troublemakers at the
site? No messing about, straight into the email blacklist. It's not
always possible for an organisation to provider 100% protection, either
for its users or from its users, but at least *co-operating* to do
*something* is a sign of willingness - and that has to be good for
everyone.

I agree that this will wake up non-cooperative sites. I don't have any
problem "blacklisting" a site that has shown that they take no action
or even encourage such behavior. However, I'm very much against doing so
haphazardly, without notification or a chance to comply. This is what
happened to my domain, and we have always acted responsibly (in my
opinion) and promptly to rogue users. The problem is you can't really
stop the behavior beforehand, without impacting other users. All you
can do is publish the customer agreements, get people to agree to them,
and then make damn sure you enforce them, so as not to attract the type
of people that behave in this manner.

Think about it - we have nothing to lose, and everything to gain by
solving the problem ourselves as members of the one global community.

Sure you do. You have the very sense of cooperation that your trying
to re-instill in the Internet. I certainly have a far smaller opinion
of AOl now (not that it was too high to begin with). I'm certainly less
willing to cooperate with them if they have a problem in the future.
THEY are the ones that acted irresponsibly. By blacklisting without
notification, definition, or ways to come into compliance with a policy
you limit my, and others, ability to cooperate.

Cheers..

Ciao.

So how about a creating a "white"list?

[...snip...]

I'd be willing to put some time and effort into making something like this
work...

This is a much better approach. Reward those who operate responsibly and
in a sense of cooperation. I'd certainly be willing to help on a draft
of such a charter.

Have a look at http://www.ispc.org

This is still a young organization but some sort of program like you are
suggesting is on the to-do list there, awaiting only demand and
participation of others to make it happen.

Michael Dillon - Internet & ISP Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: michael@memra.com

And it can continue to be a co-operative network. But, if you eliminate
domains and people based on heresay, or because it's easier, then you
yourself are stifling that co-operation.

I'm not advocating the elimination of domains or people (could spammers be
terminated, though? Oh, never mind..) on "heresay", but on evidence; I'm
not saying that blockages are better, only saying that they're appearing
because of the lack of co-operation in the first place (after hitting
your head against a brick wall a few times, it becomes far less painful
just to block a site and be done with the issue).

Take "iq-internet.com" for example - not because they've been hammering
Barry's site specifically, but in general because they've caused a lot of
people a lot of grief and despite requests, complaints and demands,
neither they nor their network provider (SprintLink) have done anything to
"solve the issue". They've even broken Sprint's own AUP, which (you would
think) gives Sprint more "ammunition" to do something, but it seems not.

It was stated that people can't terminate accounts/contracts without "due
process" - true, very true, and even if for legal reasons you can't say
anything to the public, you can still indicate that "the wheels are
turning" between the lines of whatever you do say; for example, saying "I
am afraid we can say nothing more on the matter at the moment and ask that
you be patient" is far better than something closer to, "It's obviously
your fault and so we're not going to do diddly." See?

So in the end, people start to block "iq-internet.com" and try desparately
to ignore it (if possible). If things get so tight, entire netblocks
might end up being blocked from Sprint's address ranges, having more
far-reaching effects. Think it'll never happen? Why then are people
already considering this very same tactic against IBM/Advantis?

The sites in question have no way to respond (they certainly can't send
you email, and they don't even know their on the list now).

That's why providers should *co-operate* in the first place, so that
blocks (either with, or without notification) don't happen; they're only
appearing at the moment due to a break-down in that co-operation, not
because they're the best means of solving the problem. Increase the level
of co-operation and you decrease the need for "blacklists" and "blocks".

Think I'm too idealistic? Think about it commercially for a second; if
you upset so many people that they decide to block any connection from
your site, and you're an ISP, then that could harm your business as
customers discover they have to go to another ISP to get access to those
sites again.

It's idealistic, yes. It's also good business sense to co-operate.

The problem is you can't really stop the behavior beforehand, without
impacting other users. All you can do is publish the customer agreements,
get people to agree to them, and then make damn sure you enforce them...

Bingo - that last part is the most important: "make damn sure you enforce
them". Agree wholeheartedly.

Cheers..

dave