[rescue] Spam (was: Perverse Question)

Sheldon T. Hall shel at cmhcsys.com
Sat Jun 7 11:45:48 CDT 2003 

Curtis H. Wilbar Jr. says ...

[a bunch of good, thoughtful stuff in opposition to my position about
spammers]

> Spammers should pay the price, companies that pay spammers to
> represent them
> should pay a price, ISPs that carry SPAM should not pay the price.

Unfortunately, identifying the spammers is very difficult, and, in any case,
most of the spam (at least that I get) is injected into the 'net abroad, out
of the reach of .us laws.

> The Spammers and ISPS and service providers that try to block them are in
> a constant battle... and I have to say, because the world is so full of
> poorly configured networks and servers, it is easy for the spammer to stay
> one step ahead of the ISPs, blacklists, etc.

I expect this would all be vastly simplified if the networks were held
civilly accountable for the stuff they transmitted.  They would just refuse
packets from networks likely to get them in trouble, forcing the downstream
network to clean up its act.  Recurse as neccessary.

> There are thousands upon thousdands of misconfigured proxies, even more
> misconfigured or weakly configured mail servers.

Right, and if you, as a network or ISP, refuse to accept traffic from the
networks they are on, you're OK.

[I said]
> >IMHO, the .us networks that carry that traffic are just "fences" for the
> >thieves abroad.
>
> And you should be able to prosecute the USPS for delivery junk mail to
> your mailbox....

If junk mail were illegal, I could, but the chances are that they would not
_knowingly_ deliver illegal mail.

> you should be able to prosecute the phone company
> for carrying the traffic of that junk spam to your fax machine ?  I think
> not.

Actually, I think I can force them, through the civil courts, to disconnect
the phone service of UCFax senders.  Certainly they would be quite ready to
do so if they were assigned, by law, part of the liability for their
subscriber's known illegal actions.

Remember, I'm talking about _knowingly_transmitting_ the stuff.  If you, as
an ISP, get complaints about spam from some IP address, you're on notice; if
you don't disconnect them, you're culpable.  If you, as a network operator,
get complaints about spam from one of your correspondant networks,  you're
on notice; if you continue to carry spam from them, you're culpable.

[CHW proposes]

> 1. find spammer

Tough, when the spam's relayed through an open proxy.  Tougher when the open
proxy is abroad.  The networks they are on don't even accept complaints,
much less acknowledge them, or act on them.  The only way to _force_ them to
do anything is to refuse to carry their packets, making their legitimate
customers put pressure on them to shape up.

> 2. legal system mandates that the spammer turn over the client responsible

Spammers are liars, cheats, and thieves.  Why would you expect them to keep
records or cooperate?  And you're talking about the .us legal system; what
about all those ads for "V1agraa" relayed through .kr, advertising sites
hosted in .cn?  Fuggedaboudit.

> 3. spammer and client are prosecuted

Fine, if you get past the obstacles above, but, lemme ask you something.
Which would you prefer: having your rapists prosecuted, or not getting raped
in the first place?

-Shel

More information about the rescue mailing list