Home page logo

nanog logo nanog mailing list archives

Re: Motion for a new POST NSF AUP
From: John Curran <jcurran () bbnplanet com>
Date: Sun, 15 Oct 1995 11:57:04 -0400

  Presume that we've all met, decided a policy, figured out who it takes
  to "officially" make it an Internet policy, and made it happen.  Simply
  amazing progress has occurred, and it's still morning on the Internet...

  Now, let's talk about the hard part:  enforcement.

  Since the sender of a bulk, unsolicited advertisement may not even be 
  affiliated with the beneficiary of such mail, how do you intend catch
  the culprit?   There is nothing in an email message that provides hard
  proof of identity, and there is nothing to stop me from sending all of
  my advertising as "Tim Bass".  Since any host connected to the Internet
  can forge email with very little trail, relying on the purported sender 
  of the message is clearly not possible for enforcement.

  Of course, one could always look towards the beneficiary of the message
  (i.e. the firm which gains the business as the result of this "misuse")
  but that's actually no better than relying on the sender.   It doesn't
  matter whether the enforcement method is loss of Internet service or
  large fines, it will be very difficult for anyone to actually safely 
  invoke such methods without incurring immense liability.  Since anyone
  can send a bulk, unsolicited advertisement with "The Silk Road Group" 
  as the beneficiary, you've now created the ultimate denial of service
  attack.  Don't like a firm?  Send out a massive forged advertisement for
  their latest product and watch them get disconnected from the net... :-)

  Despite postings to the contrary, this is an extremely difficult problem 
  to solve in the absence of authentication.  While the current ad-hoc methods
  of managing such bulk advertising are not perfect, they may be far better 
  than the quick fixes being proposed.



At 10:54 AM 10/15/95, Tim Bass wrote:
Ladies and Gentlemen......

A couple of interesting points have developed as a result of the latest
'spam event'.  The first one is debatable, but I would like to comment,
that my mailbox received 'one spam message' (which I deleted in a few
milliseconds) that generated hundereds of 'anti-spam messages'.  Causal
to the 'spam' I would like to refer to the anti-spam messages as
'son-of-spam' :-)  

Second, it is somewhat clear that as long as we have 'spam' we will have
a causal event 'son-of-spam' .  Neither 'spam' nor 'son-of-spam' are welcome
e-mail in most in-boxes, and I assume by the responses, many people find 
'son-of-spam' just as annoying as 'spam'.  Given that both sides of the
coin are correct (in their own perception space) as we have seen, 
I would like to put this on the table to the network:

Should we define an new 'postNSF AUP' that addresses what types of messages
are Acceptable Use of the Internet?  Should transit and end user providers
require customers to agree to 'the new "agreed upon someday" commercial AUP'?

Could we even agree on what a new AUP would look like?  Most everyone
agrees that spam and son-on-spam are a waste of precious bandwidth, time,
and energy; and unacceptable messages detract everyone from more important 
daily issues and ideas.  

I motion we create a working group to develop a draft POST NSF AUP.

We all agree we need to manage what type of messages are acceptable use of
the net..... Can we make POST NSF AUP a reality?

Any seconds to the motion?


| Tim Bass                           | #include<campfire.h>                | 
| Principal Network Systems Engineer |       for(beer=100;beer>1;beer++){  |
| The Silk Road Group, Ltd.          |           take_one_down();          |
|                                    |           pass_it_around();         |
| http://www.silkroad.com/           |       }                             |
|                                    |  back_to_work(); /*never reached */ | 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]