Home page logo
/

nanog logo nanog mailing list archives

RE: Questions about Internet Packet Losses
From: Barry Shein <bzs () world std com>
Date: Thu, 16 Jan 1997 12:59:26 -0500


From: Matthew Gering <MGering () Raima com>
The problem with making it a civil offense around trademark and
misrepresentation issues is that enforceability will vary greatly
depending on the jurisdiction, especially trademark, and therefore does
not scale well the the global Internet.

Let's not make the best the enemy of the good. Plenty of countries'
legal systems are willing to protect and enforce trademarks. That
there exists one or more countries where it can't be enforced is not a
scaling problem, which I interpret as a solution which works for the
small case but collapses in the large usually due to poor algorithms
or non-automation, just areas which will remain future projects
somewhat dependent upon whether or not their internet populace
cares. But for example the CD music industry certainly has problems
with rogue countries but that hardly nullifies the use of trademark
and other intellectual property protection elsewhere.

Usually the most damning idea is that these spammers will go off-shore
to countries which won't enforce, eg, trademark violations.

I don't think this would be a major problem in this case because:

a) I don't actually think spammers make enough money to be terribly
attractive to such countries or to operate off-shore (do these guys
even incorporate?), their motivation (read: $$$) to be pirates and
take the flak that will incur for the country probably isn't there

b) those countries can get their email blocked or treated more
suspiciously, it certainly reduces the size of the problem (hmm, 200
msgs from Lower Slobbovia today, maybe we better hand-check what
that's all about.) Individuals could certainly filter/sort all email
from suspect countries easily.

c) having formed an organization with funds for legal enforcement such
issues can be further explored when the problem arises.

d) ultimately the question is: to what extent will these spammers
really go, and go to war, to do what they do? Sending spam from the
pee-cee in the den is one thing, setting up foreign corporations etc
really raises the bar (or, in Caribbean countries, lowers the bar.)

If something eliminated 85% or more of the worst spam, but not 100%,
would that negate the value of the solution?

Secondly I disagree with is making this enforcing body a private,
membership-based organization -- it may be subject to abuse.

Anything can be subject to abuse but point taken, but this will be a
pretty hollow idea if there aren't funds to pursue violators.

What I think would work best, along the same lines and motivation, would
be council of sorts, perhaps with the EFF and IETF as the principle
members, that would draft a policy. That policy would be adopted by the
public exchange points as part of the legal contract for NSP's to
connect there, which would apply to the NSP, and everyone downstream of
them. It would therefore be incorporated into any connection contract
down the line.

I 100% agree that this would best be done within the auspices of
another group. Forming an entire group (eg, offices, staff etc to deal
with membership and money handling for example) would probably be
overkill.

By incorporating it into the connection contract, it falls under
contract law and is much more universal, and the abuser may be charged
with breach of contract, which is tied to their connectivity.

I don't see how hoping it'll be incorporated into connection contracts
by ISPs is more promising vis a vis int'l propagation. At least this
approach has the advantage that it goads others into complying without
forcing them, you want to send email to compliant sites, you
implement.

A few large ISPs complying with the header approach would be a
powerful inducement, how many sites would like to tell their users
they can no longer send email to (insert major ISP names here)? One
goads the other (you want to send us email -- as of 1/1/98 you'll have
to be compliant) rather than waiting for lawyers to draw up contracts
etc.

As for the particular fix for SMTP spamming, I would then suggest a
priority header.
[0 -- reserved] (emergency priority)
[1-3 -- private email]
[4 -- solicited distribution] (mailing lists, etc)
[5 -- unsolicited distribution] (spam)

SMTP server may do whatever it wishes with the header (ignore it,
implement a priority based queue, filtering ,etc), and the header is not
even required (but likely will be universally adopted to insure delivery
after a grace period), the only contractual obligation is that it cannot
be misrepresented.

Every site could treat the headers differently on receipt, that's
neither here nor there to this proposal, that's between the site and
its users/customers. The only thing they *have* to do is to include
honest headers when they send to other sites, if they don't want their
email thrown on the floor.

Obviously I suspect it'll devolve into a few possibilities a) ignore
the headers entirely upon receipt b) sort by header c) drop mail with
certain classes of headers or missing headers.

I don't quite get the whole dual port deal.

I was mostly listing out what I heard, the proposal needs some tuning,
but there's something attractive about immediately implementing a
"hygienic" mail port. More later...

-- 
        -Barry Shein

Software Tool & Die    | bzs () world std com          | http://www.std.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989
- - - - - - - - - - - - - - - - -


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault