[65099] in North American Network Operators' Group
Re: [Re: Fun new policy at AOL]
daemon@ATHENA.MIT.EDU (joshua sahala)
Tue Nov 11 20:48:32 2003
Date: Tue, 11 Nov 2003 20:47:42 -0500
From: joshua sahala <joshua.ej.smith@usa.net>
To: "Dr. Jeffrey Race" <jrace@attglobal.net>
Cc: "nanog list" <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
"Dr. Jeffrey Race" <jrace@attglobal.net> wrote:
> =
> =
> The proposal at <http://www.camblab.com/misc/univ_std.txt> provides tha=
t
> mail from compromised sources shall be rejected. This forces the host =
> sysadmin to secure his system if he wants to communicate with the rest =
> of the internet. Presently the penalty for negligence is borne by the=
> victim, not the perpetrator. The unique aspect of the proposal is to
> attach consequences to actions, a principle which is used everywhere in=
> society except the Internet.
> =
> Jeffrey Race
> =
> =
i'm still curious to know how this mail will be automagically rejected...=
is there a black list of compromised hosts (beyond the black lists that
already exist) that i don't know about? if so, i would love to be able
to use it
i'm sorry dr race, but i still do not see much in your proposal (no =
matter how many times you submit it to the list) that i cannot already
do, or that is not already being done (albeit not universally), but if =
you cannot compell someone to behave a certain way with current laws and
best practices, a new law/best practice will not mean much. spammers =
will hijack/infect new computers, the blocklists will grow larger and
larger, vendors will release insecure operating systems, etc, etc ,etc
arbitrary black/white-lists are a mildly effective method of combatting
spam now, but not everyone has one. not everyone has their own =
bayes-based filter on their servers. you can try to make the =
'perpetrator' pay, but, as microsoft will tell you, not even big cash awa=
rds
will help you. you still end up punishing the often ignorant end
user, and they don't really learn how to do it better, even if they do
manage to patch up a level or two.
spam is big money - consumerism is big money - bad operating systems are
big money - user stupidity is often more painful for the tech support rep=
than the [l]user
my solution? education of the end user would be a good place to start.
securing their 'favorite' o/s would be another. neither however, is a
function of the service provider. we all spend a lot of time chasing
down hackers and spammers already, then we get to do the rest of our =
'normal' work.
my $0.02
/joshua
* and yes, i just put on my flame-retardant suit ;)
**i wonder what the probabilities are regarding your emails - every one
contains the same link...maybe when i get my new server setup and =
trained, i will find out
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -
