For your convenience in reading: Subject lines are printed in RED and
Moderator replies when issued appear in BROWN.
Previous Issue (just one)
TD Extra News
For your convenience in reading: Subject lines are printed in RED and
Moderator replies when issued appear in BROWN.
Previous Issue (just one)
TD Extra News
TELECOM Digest Thu, 21 Apr 2005 18:45:00 EDT Volume 24 : Issue 177
Inside This Issue: Editor: Patrick A. Townson
Re: Getting Serious About the War on Spam (TELECOM Digest Editor)
Re: Getting Serious About the War on Spam (Lisa Hancock)
Telecom and VOIP (Voice over Internet Protocol) Digest for the
Internet. All contents here are copyrighted by Patrick Townson and
the individual writers/correspondents. Articles may be used in other
journals or newsgroups, provided the writer's name and the Digest are
included in the fair use quote. By using -any name or email address-
included herein for -any- reason other than responding to an article
herein, you agree to pay a hundred dollars to the recipients of the
email.
===========================
Addresses herein are not to be added to any mailing list, nor to be
sold or given away without explicit written consent. Chain letters,
viruses, porn, spam, and miscellaneous junk are definitely unwelcome.
We must fight spam for the same reason we fight crime: not because we
are naive enough to believe that we will ever stamp it out, but because
we do not want the kind of world that results when no one stands
against crime. Geoffrey Welsh
===========================
See the bottom of this issue for subscription and archive details
and the name of our lawyer; other stuff of interest.
----------------------------------------------------------------------
Date: Thu, 21 Apr 2005 16:12:47 EDT
From: TELECOM Digest Editor <ptownson@telecom-digest.org>
Subject: Re: Getting Serious About the War on Spam
A message here from Robert Bonomi was, IMO, so full of controversy and
error, I just felt I have to reply to it as a separate message. My
replies are interspersed below his as it goes along. Periodically,
his conversation with Lisa Hancock is included, and she responds on
her own in the message following this one.
Indents are Robert. 'Greater than' are usually Lisa Hancock. I am flush
at the left margin as you read along.
From: bonomi@host122.r-bonomi.com (Robert Bonomi)
Subject: Re: Getting Serious About the War on Spam
Date: Wed, 20 Apr 2005 10:15:10 -0000
Organization: Widgets, Inc.
In article <telecom24.172.9@telecom-digest.org>,
<hancock4@bbs.cpcn.com> wrote:
> Robert Bonomi wrote:
>> Nope. it's because it is, quite simply, *NOT* ICANN's job
to do so.
I don't see why not. ICANN has taken almost total control of the
registrars and the rules, i.e. ICANN can revoke your domain name
anytime they want in a dispute over copyright/patent infringement.
All the registrars have to do what ICANN wants. Yes, I would say
ICANN is a good candidate for helping to in general 'clean up' and
reform the net.
>> Of the various organizations (ICANN, IAB, IETF, etc.) that
>> are the 'authority' for specific functionalities of the
>> greater Internet, _none_ of them have any authority with
>> regard to the 'content' of packets.
They do if the 'content of packets' involves child porn, or invades
the copyright/patent authority of someone else. Why not when the
'content of the packets' includes spam, phish, scam or false IP
addresses?
> Well then, who IS responsible to do the job? If no such job
> exists, why isn't one created?
When you figure out what the Internet is, you'll understand
the answer to that question.
She knows, as I know and as you know the Internet _used to be an
anarchy_, or 'informally governed' to put it, but that can no longer
be the case.
The Internet is a _voluntary_ co-operative effort of *private*
network operators. *nobody* 'owns' it. *nobody* 'controls'
it. Everybody makes _their_own_rules_ for *THEIR*OWN*
network.
Indeed, but just as Independence has its own laws and Chicago,
Illinois has its own laws, and when you come here you obey our laws
and if I should ever again choose to go to Chicago I would follow your
laws, to get from Independence to Chicago we do not travel on a
'voluntary cooperative' of highways.
Why are you confusing what someone does with their own property versus
how they behave on common property?
Unfortunately, "their" rules do not apply to someone
who is _not_ on their network. When someone chooses to allow
people "_not_ on their network" to access resources "on their
network", they are 'extending trust' to those people to
voluntarily obey their _unenforceable_ rules. The *only*
'enforcement' option available is to deny those 'scofflaws'
access to the resources on their network.
Again, you are getting confused between the private property of a
network operator and the public property which belongs to all.
If you "don't like" the way YOUR NETWORK OPERATOR is extending
trust (or not revoking it) to those who abuse that trust,
either (a) find a different network operator, (b) bitch at
your existing operator to get them to change _their_
operation, or (c) disconnect yourself.
And if I do not like the way Chicago, Illinois operates, the politics
and the general decay I see everywhere west of Michigan Avenue and
Lake Shore Drive which the tour busses always overlook, I can move
away which is what I did. But to get from Chicago to Independence,
I had to travel on common property _and behave myself the entire trip_
by displaying my chauffer's license plate, asking him to stay within
the speed limit, and not drive through other people's yards on the way.
Yes, I suppose I could have gotten off the bus in St. Louis or
somewhere since the chauffer refused to follow my instructions.
>> And *nobody* on the 'net wants it any other way. (Well,
>> except for folks like the government of mainland China,
>> that is.)
I said before, this is _pure propoganda_ no more, no less, which had
its beginnings in the days when home computers and networks and such
were something special. We _all_ wanted that freedom at one time, the
freedom to do our own thing, but now that the Commons has turned into
a barnyard with cows and pigs shitting everywhere; no longer any
place we can go for respite, that simply is no longer true.
You persist in telling that _bald face lie_ about what people on the
'net want and do not want as if _you_ were the expert on the subject.
Lisa Hancock interjected: > I don't know about that.
Neither do I Lisa. Like yourself, I am getting just damn sick and
tired of having to step in shit everywhere I walk these days.
Try to find anybody who wants restrictions on what _they_ can
do/say/etc. On the Internet. Even among those who favor
restrictions on what "other people" can do/say/etc. on the
Internet.
No one is suggesting restrictions on what you say and do on your own
network. Again, a bald face lie! Only about what you and I and
everyone can say or do on the public network we call the Internet,
the collection of highways from Independence to Chicago.
If 'officialdom' can proscribe sending one kind of message, they can
proscribe sending _any_other_ kind of message.
Not so! We prohibit 'them' from doing so; that's what constitutions
and Bill of Rights are for.
Lisa says:> I see the net as a great POTENTIAL tool, but one that is fraught
> with risk and problems.
Yeah. So? If you're not prepared to deal with the risks,
"don't play in the street." applies.
The street is not something to play in to start with, except you can
play in the street in your town and I in mine. But Interstate 70 or
US Highway 66 is not a place to play. It is a way to get from one
point to another.
If the benefits for you don't outweigh the risks then
*UNPLUG*THE*COMPUTER*. Problem _solved_.
What a brilliant deduction, Robert! Many people have done just that,
or worse perhaps, they leave the computer 'idling in the driveway'
where other passersby have ugly thoughts about it. Why should _we_
have to stay at home just so you can have your joyride, like a bat
out of hell?
Lisa comments more:
> Between hackers, spammers, perverts, and thieves, I are extremely
> hesitant to do much of anything on the Internet. The newspapers
> have articles constantly about how people have been fleeced from
> Internet troubles -- either stolen identity, "phishing sites",
> or fraudulent sites. Don't count of the authorities to go
> after anyone unless it's a very major deal. (Let me know
> IF any of the principals in the Norvergence collapse are
> called to task -- under oath -- to account in detail for that.
> I am not holding my breath.) At present, there is no
> deterrent.
> I am savvy enough that I don't open email from any source
> I don't know, and I never click on attachments. That has
> protected me, but in doing so I have deleted many legitimate
> emails that I merely didn't recognize. Many other users have
> been badly burned -- whole companies shut down -- because of
> malicious sabotage sent through email.
> Are you telling me this is a good system -- where people have
> to go sorts of trouble to protect themselves and delete
> legitimate items?
That's what he is claiming, Lisa.
(Robert again) If you use "good quality" software, for reading mail --
as opposed to the cr*p that Microsoft as foisted off on the
world, most of those "problems" simply disappear.
That's right ... blame the mess on everyone except your good and
precious netizen friends. And the 'good quality software' you
espouse would cure nothing except that _you_ would not see the mess
that others see.
As for the 'getting fleeced' issue, there is *NOTHING*NEW*
about that.
"Ponzi schemes" have been around (by _that_ name) since the 1920s.
The 'Spanish prisoner' con goes back even further.
Yeah, you are right, they do go back that far. More within the range
of my memory were the (written on paper, handled via the postal
service) 'chain letters' people used to recieve and pass on. But, we
could appeal to the postmaster to get those stopped, and often times
did accomplish something.
Lisa: > When Pat T. brought up these problems, I noticed that almost
> all responses were for things _Pat_ should do. In other
> words, he has to make considerable effort to protect himself
> from malicious efforts from others.
> Why isn't more being done to stop the malicious work at the
> source?
HOW? The -bad guy- *owns* the "source". He has -zero- interest in
"stopping" his own activities.
All he owns is his own network. You live in Chicago area, where there
is zero interest in stopping the corruption and crime which make up a
big part of daily life there. I presume you may possibly own some
property there. All well and good. But if you decide to migrate here
to a small town in Kansas as I chose to do, you _will_, by God, obey
the rules when flying or bussing or driving to get here. I do not care
how many scams and spams you want to pull off in your town. You won't
be permitted to carry on that way when you get here, nor should you be
allowed to carry on that way on the bus ride here.
Shall we impose 'licensing' on every computer that gets
connected to the internet? Including a requirement that the
operating system and all applications be secure and
un-exploitable?
(Maybe that's not a bad idea -- it would get rid of *all*
those d*mn virus-infected (and potentially infected)
MS-Windows boxes.
Ah, so now the anarchist, the dude who claims to speak for 'everyone
on the net' agrees the idea of a license plate for your machine might
not be a bad idea.
But, how many readers of Telecom Digest or the newsgroup would
be left _that_ was done? )
I don't know and do not care. It is so typical, so common in these
discussions, to get _personal_ isn't it Robert? Why did you have to
name c.d.t. as your choice? Did you presume that I, in my own sense
of self-preservation would likely see and agree with your (let's face
it) bald faced propoganda to self-preserve the internet in the way
you want it to go? Hell, for all I know, the readership count might
go up if _everyone_ behaved themselves on the public roads. I could
run the newsgroup on robo-mod (without hoops to jump through to get
posted) and have messages out almost immediatly on their being written.
Lisa: > Why is it that most people just wring their hands and say
> "nothing can be done".
Because it is, quite simply, a _fact_. There will *always* be
'bad guys' out there. And, as long as they can control the
'sending' system, there is, bluntly, no way to force them to
play by the rules. Want to require certain kinds of headers
in e-mail? The bad guy sender can _forge_ those headers, just
as easily as the good guy can put the right info in them.
When _everybody_ is their own publisher/source ...
More of the same bald faced lies and propoganda the 'old crowd' around
here is so good at. The bad guys can do as they please, play in the
streets, rip off other folks, produce and distribute pictures of naked
little boys, etc. _As soon as they get on the highway (or non-highway
as Paul Vader is bold to say) then they become the business of the
rest of us.
Lisa: > If we can put a man on the moon using 1950 based computer
> technology, we can make the Internet safe.
Bullshit. Sorry, but its a fact, nonetheless.. We can't even
make the _streets_ safe, and we've been trying to do that for
what, 80+ year. something like 50,000+ people/year are killed
in auto accidents in the U.S. alone.
Because there are always people who throw up objections everywhere.
>> Not to mention that there is _nothing_ that ICANN can
>> actually _do_ that would affect matters. They can't revoke
>> the IP addresses MCI uses, those addresses were issued by
>> ICANN to ARIN.
Lisa: > So de-issue them.
"So sorry. *You* have been kicked off the Internet. Your
addresses are in an address-block assigned to ARIN that has
been reclaimed by ICANN, because some other user in that block
misbehaved."
Why do I think that that concept is doomed to failure in the real
world.
It is doomed to fail because the technology of addresses in an
'address block' is obsolete. I told you here before about the
instances of People's Gas in Chicago being forced to cut off a paying
customer because they were served by branch line on the gas feed and
gas company wanted to cut one non-payer and had to cut everyone else
behind him. I told you about WUTCO having the same problems with
deliquent customers of their clock service. One clock line into a
twenty story building, the delinquent guy would not let them in to
remove the instrument, they had to cut everyone with a 'load' on
the line that stopped all the pendulums, then remove the load after
everything was stopped and restart everyone else _except_ for the
deadbeat.
If an address block gets cut because of someone's misbehavior (or
should I call it his liberal or non-understanding of malicious'
behavior') then the supervisors (let's call then ICANN) apologizes
to the good persons who got cut and works with that person's ISP to
get their service restored _on a different address block_ ASAP.
And let that be a lesson to the technical people: ASAP when it is
technically possible, addresses resolved down the final couple of
digits. Don't skip your lunch hour or your days off to work on it,
but be mindful that as soon as possible everyone needs to have their
own fully resolved address. Get rid of the 'branch lines'. In the
good old days, it never occurred to gas company nor to WUTCO that
some of their customers would not only be deadbeats but bull-headed
ones at that; they thought *they* could skimp on plumbing pipes and
such by doing stuff as 'branch lines'. Not so these days.
Not to mention that, _by_charter_, ICANN and the RIRs,
e.g. ARIN, are _voluntary-participation_ *technical*
coordination agencies only. Nobody *has* to go to a RIR to
get IP addresses. As long as 'whomever' you buy connectivity
from will "route" packets to those addresses to you, it
doesn't matter _what_ the RIRs, etc. say. The only "good
news" is that the "rest of the internet' _does_, in general,
limit how _they_ will route traffic to the address-spaces that
ICANN and the RIRs _have_ "authorized".
>> They can't revoke the domain-name(s) MCI uses, those names
>> are part of properly-executed _contracts_ between MCI and
>> the domain registry operator.
> Why do the contracts allow malicious behavior? Why can't
> these contracts explicitly prohibit -- with penalties -- malicious
> behavior? Who writes these contracts?
Robert, you like to talk out of both sides of your mouth at
once. First you (and others of your ilk) are fond of telling us about
this great anarchy and how _no one_ on the net wants it any different,
and how we dasn't impose with rules and regulations on packets, etc.
Then, although you acknowledge 'license plates' might not be a bad
idea (mainly I think you said that in your never-ending quest to throw
mud all over Microsoft), you now talk about contract law and how the
contracts are written in stone, non-revokable, etc.
Because, for starters, there is no 'universal agreement' on what
constitutes "malicious behavior".
Oh? What can't you or anyone understand about identity pilfering,
spamming, virus writing, etc in the context of the internet?
There are multiple layers of contracts involved.
ICANN, or some other TLD "issuing authority", enters into contracts
with "approved registrars". Those registrars, subsequently, enter
into contracts with "registrants" of a domain name.
Ah, so the old system of anarchy, which we all enjoyed at one time
while we could afford that luxury is in fact starting to melt away.
The 'issuer-registrar' contract specifies certain "minimum
requirements" that the registrar-registrant contract must
contain. The 'issuer' is *not* a party to the
registrar-registrant contract, and, thus, _cannot_ act
directly against the registrant -- they have 'licensed' the
registrar to do certain things, and as a result of that
licensing the 'issuer' *is* _legally_bound_ to certain
performance, by the actions of the (licensed) registrar.
_This_ is the point at which new contracts need to be written. And
don't kid yourself on contracts being good forever and never
changeable and all that bulljive. Judges have been known to void out
one-sided contracts which were oppressive. Can you say 'Norvergence'
and 'finance company'? All those fools who had Norvergence equipment
and the bigger fools who insisted that by telling people to put a
freeze on their accounts payable, "I [ptownson] was going to cause
them to get sued." Nothing you can do but pay up and shut up, they
claimed.
And now you, Robert, insist there is nothing people can do for spam
except buy newer and better spam appliances, and hope to God that
as spam continues to increase computer CPU cycles will also grow in
their ability to keep up with it. What absolute nonsense does the
man speak!
Registrars *are* free to impose 'more restrictive' terms than
those 'minimum requirements' in *their* contract with the
registrant. There _are_ at least two 'significant' registrars
who *do* include terms in their registrar-registrant contract
that forbids using the registered domain-name for certain
kinds of "abusive" actions -- notably sending junk e-mail.
*AND*, they actually enforce those added terms, although the
quality of the enforcement is somewhat spotty at times.
There's a "real world" difficulty with this, however. When there is
"more than one" registrar (as _is_ the case, today) then anybody who
_does_ write more restrictive terms into their contract is at a
"competitive disadvantage" to those who have only the 'required
minimums' in _their_ contract.
No problem here -IF- new contracts are written which write in such
little things as no malicious behavior using some commonly understood
phrases as to what 'malicious' behavior is. Then the only people who
would not be able to understand what was expected _when you entered
upon the public way_ would be someone like yourself possibly and the
other die-hard anarchists, who if they understood anything at all
about anything would have realized long ago that a bunch of sheep,
cows and horses left in the commons are soon going to eat all the
grass and shit everywhere in its stead.
<rhetorical>
If you're a "bad guy", _which_ kind of a registrar are you going to
choose?
</rhetorical>
New, properly written contracts would not give the "bad guys' much
choice in where to go. You may choose the registrar who is the
cheapest, gives the best service, etc. But no registrar, per their
new contract with ICANN will be able to turn a blind eye to your
'malicious behavior'.
AND, obviously, the "quality" of the totality is only as high as the
standards of the _lowest_quality_ operator.
As to "who writes these contracts?", well, the registrar-registrant
contracts are written by the registrars. The 'issuing authority'
generally provides a "sample" registrar-registrant contract -- one
that satisfies the "minimum requirements' of the issuer-registrar
contract.
*MANY* registrars adopt that sample boilerplate *without* making any
changes/additions.
>> And the operator's contract (with ICANN, or the appropriate
>> 'national' authorizing authority) requires _them_ (the registry
>> operator) to publish *all* properly contracted domains.
Oh, bore me to death, would you please? Judges cancel out
unconscienable contracts all the time, again, see Norvergence as the
best, most recent example.
Lisa: > Again -- change the contracts!
The word for that is "impossible". The existing contracts are
*self-renewing* _at_the_same_terms_ (although in the case of
one TLD, with an escalating fee schedule), as long as both
parties fulfil their required acts. This is _expressly_
stated in the contracts.
Changing such a contract requires either: a material breach of
the *existing* contract by one party, allowing the other to exit it,
*or* the _agreement_ of both parties to the changes.
For someone who prides himself (actually deludes himself) on the
'anarchy of the net' you certainly seem to know a lot about contract
law. Well, listen up: judges have been known to blow all those things
out of the water when they review them and understand the context
under which they were asked to get involved.
Oh, but you may be right! ICANN (I am _not_ speaking generically in
this case, but about the real organization) DOES-NOT-WANT to change
the contracts so the small, individual webmasters, netters, etc have
any chance for survival short of your system for survival. They (ICANN)
like things the way they are:
Their motto should be, "If they won't accept our propoganda about the
operation of the net and just go away or otherwise behave themselves
by our standards, then we will through neglect and omission drive them
away."n
Are you really so naive as to think that the bad guys *will* "agree"
to a contract change -- which provides *no* benefit to _them_ -- and
that would allow the opposite party to harm them (the bad guy) at
will.
No, I am not that naive, and I doubt Lisa Hancock is either. But I
know one thing, which she may just be starting to learn: Just as
ICANN could if it chose turn the screws on the bad guys, they are
choosing not to do so, to use the bad guys as a tool on the rest of
the net, to get us out of here, or in total submission. **ICANN likes
things the way they are now**. After all, they are taking in money
on all those licenses we had to sign to get to drive our machines on
the public way; money they use (with additional help from MCI via
Vint Cerf) to go on elegant vacation/convention trips three or four
times per year to esoteric out of the way resorts. The Bad Guys never
like it when police are called to their location to answer your last
statement.
I take that back, 'naive' is inappropriate here. "What color is the
sky on _your_ planet?" is more accurate.
No, what would be more appropriate would be for you to excuse yourself
for a few minutes while you went privately to have a badly needed
bowel movement. Try and get that stuff out of your system.
>> Those are the *only* aspects of the Internet that fall
>> under ICANN's 'area of responsibility'.
Something's going wrong then with the way ICANN is set up, but they
don't think so. I really would not expect much more of Esther Dyson,
she is such a total goofus anyway. But Vint Cerf, that is the shocker.
That's why many of us refer to him as a traitor. _He_ is an old line
netter from the 1960's. He knows how things are here. I don't really
expect a has-been real estate agent from San Francisco to know better,
but Vint Cerf, I do.
Lisa: > Sounds like there's a lot that could be done.
If you ignore the realities of contract law, the difficulties of
cross-border enforcement, and some other basic facts of life,
and the fact that far too many old time netters like Robert are going
to muddy the water and make things as difficult as they can.
>> Because: (a) there is *NO*ONE* 'in authority'. The net runs by
>> anarchy.
Whoops, here we go again, which is it Robert, anarchy or a limited
amount of contract law which you have insisted in your discussions of
what the various involved parties can and cannot do ? You contradict
yourself left and right in your presentation.
Lisa: > Did it ever occur to anyone that this 'anarchy' is a very costly and
> inefficient policy? How much does malicious efforts and protections
> against that cost companies? How much traffic is flooding the
> system, requiring increased servers and lines to accomodate
> malicious traffic?
Hell yes, it's occurred to people. _Life_ is dangerous.
"Mortality rate: 100%" Nobody _requires_ you to use the
Internet. Yeah, it'd be "nice" if the various defenses were
not necessary. But, in the 'real world' they _are_. Just
like locks on your doors.
But when we lock our doors often enough and long enough then it
sometimes occurs to us to get rid of the elements in the community
which makes such extreme measures necessary, so we have prisons and
hand out nine-year sentences.
Using the Internet is a _voluntary_ thing, but you do have to
"take it as it is". If it's "too much trouble", then the
decision is simple -- *don't* use it. There _are_
people/businesses who have made that decision.
I don't fly any longer for that reason. What _used to be_ fun to do
has turned into a gigantic pain in my ass as they dump all my
possessions out on the floor, make me walk barefoot through an ex-ray
machine and in general treat me as an interuption to their fun rather
than the reason they have a job at all; then get impatient with me
on account of my partial paralysis as I struggle to pick up all my
stuff dumped out everywhere and stuff it back in my suitcase. And
that's supposed to be fun? Yeah, and so is the internet; just ask
Robert.
[Oh, and an aside: remember after 9-11 how they were saying private
security firms were no good, and they wanted all government employees
to do the 'screening'? Now the other day in the Monitor I read where
they are saying private security firms do a better job than government
employees. They can't make up their mind either, but I can tell you
for sure they are going to keep on milking 9-11 for all the politics
they can get out of it.]
>> c) last I knew, MCI had something like a _40%_ share of
>> he U.S. Internet market. It simply isn't practical for
>> any 'significant' player to write off that big a chunk of
>> the potential customer base.
Lisa: > MCI, being part of a bankrupt empire (resulting from IIRC corrupt
> accounting practices) has little sympathy from me. Perhaps it'd
> better for everyone to dump MCI altogether.
A fair number of those who can _afford_ to do so, *have* done
so. For many, it is simply =not= a viable option.
Like it or not, commercial business operations pay for most of the
cost of of operating the Internet. A commercial business does not
have the "luxury" of a blanket write-off of 40% of their potential
customers. If they attempt it, they *will* lose that business to
their competition who does not do it.
Even if many of those customers are the electronic equivilent of
deadbeats? A smart commercial business cuts off its cancerous spots
before the cancer overtakes them completely.
> [TELECOM Digest Editor's Note: Now Lisa, do you understand
> the politics of spam, and why it is such a problem? It
> amazes me that this net could be (like at present) 85-90
> percent spam garbage, most of which comes via one source --
> MCI --
Better check your facts. Comparatively little spam actually
_comes_from_ MCI address-space. MCI is actually fairly good
about stomping actual spam origination. What they _are_
excoriated for -- and *DESERVEDLY*SO* -- is continuing to
provide *other* services -- be it web-server, _incoming_ mail,
etc. -- to parties which are well-known for spamming. It's
"the abuse didn't come _through_ *our* network, so we don't
care" mind-set.
I have checked my facts! Spamhaus presents good facts. Maybe I should
insert here their web site with a list of the top offenders. And if
you want to play games by talking about spam originating in house
versus spam throughput from elsewhere, be my guest. Why isn't MCI
stomping on it all? Your attitude on this is amazing.
For what it's worth: I just ran some statistics from my logs
-- of the last 2137 unsuccessful delivery attempts, a whopping
_41_ were from anywhere in MCI address-space. (BTW, more than
2/3 of look to be from "zombie" PCs; also more than half had
forged AOL/YAHOO/HOTMAIL "from" addresses, making
detection/rejection, 'trivial').
I get 80% of that number of messages from *ONE* ISP in
Germany. I get almost 85% of that number of message that come
directly from Nigeria. I get more messages than that from
zombie PC's in Brazil. I get more messages than that from
mainland china -- mostly in English, so I presume they're
"U.S. based" spammers with off-shore servers. I get more than
that number of messages from "above.net" address-space. I get
nearly twice that number were from Verizon address-space. I
get about twice that MCI number from 'LEVEL3" address-space.
I get more than twice that many from Verio address-space I get
more than five times that number were from AT&T address-space.
I get more than _twelve_times_ that number were from a
_single_ spammer getting connectivity from xo.com (He sends
from his own server, always the the same machine, registered
in his own name, so it 's *really* easy to block the
"property.com" domain. One of these days, I am, however,
going to file a lawsuit against him, for repeated attempted
theft of services.)
Oh, you are going to file a lawsuit against a man who is using his
property to send messes over the non-highway to pester you, when you
instead could improve your 'sophistication' (and I use that word very
loosely) to built better defenses in your software instead, or as a
last ditch effort you could take your own advice to Lisa and myself
and others of us and just turn off your computer totally? My, aren't
we consistent in our advice to the unwashed masses ....
This isn't to say that blocking all of MCI is a bad idea if it
fits your political agenda, just _don't_ expect it to make any
significant near-term difference in the amount of spam in your
inbox.
Obviously _your political agenda_ does not allow for it, but then, a
real man is always able to adjust a mail server to do his bidding,
isn't he?
And no, I do not delude myself into thinking that blocking MCI is
going to matter one whit to them, and it will hurt me a little in
the short run. But I am trying to set an example here, and I hope
that others will follow my example.
[[.. munch ..]]
PAT replied to Lisa:
> The contracts you suggest changing (I agree!) only got into
> place as they are when netters rolled over when ICANN
> demanded it. A tragic mistake is that no one seized root
> long ago and forced the issue.
Some people have tried such things. There have been attempts at
setting up "alternative" root nameservers. with other (non-ICANN
recognized) top-level domains. Of course, for anybody to be able to
_reach_ one of those alternate domains, they have to use a nameserver
"resolver" that kicks the query 'upstairs' to that 'alternative root'
_instead_ of the standard one. This means that -- for the
'alternative domains' to be universally accessible, *everybody* has to
reconfigure their nameserver away from the default configuration.
For some strange reason, *every* such attempt over the last 10+ years
has fizzled into oblivion. One could say that "the masses" _have_
made their wishes known on the subject.
More than likely it means greed got in the way with some of the
cooperating big players; it was nothing or little to do with the
masses of netters speaking their mind. The masses don't really care
_who_ resolves their request for service, just that it gets done.
When I ask for a URL I don't ask "I wonder who is resolving me?",
do you?
In the event someone establishes an alternate root for people to use,
there will be some confusion at first, but I would say if the new
alternate root was unable to resolve something, then _it_, the
alternate root, would go and ask the other traditional root if it had
any idea what to do . If traditional root did not want to ask _our_
root for anything, then so be it; their loss, not ours. Short term
confusion, yes, but malicious behavior on the net, even it not
specifically encouraged by the 'other' guys we would not have.
And do you recall discussions here recently about Internet2, which
was a reaction by many in .edu to get some blessed peace and quiet
after years of this abuse? Internet2 was designed for just that
reason was it not?
PAT
------------------------------
From: hancock4@bbs.cpcn.com
Subject: Re: Getting Serious About the War on Spam
Date: 21 Apr 2005 12:08:15 -0700
Organization: http://groups.google.com
Robert Bonomi wrote:
> When you figure out what the Internet is, you'll understand the answer
> to that question.
> The Internet is a _voluntary_ co-operative effort of *private* network
> operators. *nobody* 'owns' it. *nobody* 'controls' it. Everybody
> makes _their_own_rules_ for *THEIR*OWN* network.
Not true. There IS an 'owner' and there ARE people who 'control' it.
The 'owner' assigns addresses and issues the communication rules.
These rules that control how the networks interface with other -- how
messages are addressed and delimited and so on. People don't simply
shoot off a stream of bytes into the air -- those bytes must be
formatted to a defined layout in order to get to their intended
recipient.
> If 'officialdom' can proscribe sending one kind of message, they can
> proscribe sending _any_other_ kind of message.
As mentioned in other posts, communication is ALREADY proscribed
in various ways.
> Yeah. So? If you're not prepared to deal with the risks, "don't play
> in the street." applies.
> If the benefits for you don't outweigh the risks then
> *UNPLUG*THE*COMPUTER*. Problem _solved_.
That's a condescending and inappropriate attitude.
If someone is harassing me by telephone, your attitude is that I
should disconnect my phone. However, public policy doesn't agree.
Rather, they go after the offender. There are both laws and
technology to protect the subscriber. The Internet is becomming a
public utility and as such should include protections other public
utilities have to protect end consumers.
>> If we can put a man on the moon using 1950 based computer technology,
>> we can make the Internet safe.
> Bullshit. Sorry, but its a fact, nonetheless.. We can't even make the
> _streets_ safe, and we've been trying to do that for what, 80+ year.
> something like 50,000+ people/year are killed in auto accidents in the
> U.S. alone.
The reality is that while streets are not 100% safe, there are
ongoing continuous improvements. Roads are much safer than years
ago, and the RATE of fatalities continues to radically decline.
As mentioned in other posts, the experience of business has resulted
in various laws to regulate business activity so people have a high
degree of confidence.
But in contrast, it seems that nothing is being done to improve
Internet integrity. The 'movers and shakers' seem as stubborn as the
car-makers were to install safety devices.
> Because, for starters, there is no 'universal agreement' on what
> constitutes "malicious behavior".
As others mentioned it's not that hard to come up with a consensus.
Or the govt should do it, as it has for other venues.
> There's a "real world" difficulty with this, however. When there is
> "more than one" registrar (as _is_ the case, today) then anybody who
> _does_ write more restrictive terms into their contract is at a
> "competitive disadvantage" to those who have only the 'required
> minimums' in _their_ contract.
Then we need laws passed by the govt to mandate this; just as
the govt mandates proper behavior in other forms of commerce
and communication. All autos sold in the US must contain
mandated safety and emission standards.
>> Again -- change the contracts!
> The word for that is "impossible". The existing contracts are
> *self-renewing* _at_the_same_terms_ (although in the case of one TLD,
> with an escalating fee schedule), as long as both parties fulfil their
> required acts. This is _expressly_ stated in the contracts.
Self-renewing contracts only renew automatically with the consent of
both parties. Further, govt law may override or enhance contract
provisions. (Contracts that call for racial discrimination, for
example, are not enforceable and obviously renewable contracts need an
exit clause.)
>> Sounds like there's a lot that could be done.
> If you ignore the realities of contract law, the difficulties of
> cross-border enforcement, and some other basic facts of life,
Seems to me the technocrats are ignoring the realities of how the rest
of the business and social fabric of the country operates. (See the
other post about Russia.)
> _Life_ is dangerous. "Mortality rate: 100%"
Strawman. Irrelevent.
> Nobody _requires_ you to use the Internet.
Nobody "requires" me to participate in a lot of things, like credit
cards, a phone, a govt-issued ID card, having a driver's license and
owning a registered car. However, not participating makes life
awfully tough. Many businesses and govt agencies make it effectively
difficult or impossible to do business with them except via the
Internet.
> Yeah, it'd be "nice" if the various defenses were not necessary. But,
> in the 'real world' they _are_. Just like locks on your doors.
Yes, we have locks on our doors. But we do not roll over and blandly
accept the problems that make us put locks on our doors -- we fight
back. Admittedly with various degrees of success and with
controversy, but we do fight back. In NYC, nobody thought they could
reduce crime and quality of life issues -- city life got really lousy
in the 1970s -- but they managed to successfully fight back and
improve things. You're simply shrugging your shoulders and saying
"nothing can be done, so go lock your doors".
Sorry, but that answer is not good enough.
A lot of arrogant business people faced public scorn because of
problems in their industries. They had a choice of cleaning it
up themselves, or having the govt step in and clean it up for
them. If Internet activists are worried about govt intervention
(as responses here seem to indicate), they better clean up the
problems on their own or it will be imposed upon them.
> Using the Internet is a _voluntary_ thing ...
No longer true, as many companies and govt agencies have made it the
primary information and communication source, and made more
traditional sources (ie telephone and walk-in) unavailable.
> What they [MCI] _are_ excoriated for --
> and *DESERVEDLY*SO* -- is continuing to provide *other* services -- be
> it web-server, _incoming_ mail, etc. -- to parties which are
> well-known for spamming. It's "the abuse didn't come _through_ *our*
> network, so we don't care" mind-set.
So, what is being done about this?
TELECOM Digest Editor noted:
> ... and as though it is impossible for ICANN (which is
> in fact the overall controller around here) to write new contracts
> since Robert does not understand what the term 'malicious' means in
> everyday language that everyone else with a lick of sense understands.
> And he insists that it is impossible for ICANN to build into new
> contracts such simple, humble concepts as 'no phishing, no spamming,
> no falsification of network addresses' because the contracts out there
> now are renewable in perpetuity, or until the savior comes again,
> whichever happens first.
Excellent points.
> So Lisa Hancock, I guess Robert has really explained quite well where
> we stand.
Sadly, the responders here seem to demonstrate much techno-arrogance.
This isn't anything new from the technocrats. I remember years ago
how the systems programmers who had great power would demand things be
done in a certain way only because they said so, not because the
system itself mandated it. Application programmers could be the same
way toward end-users. Remember the "do not fold/mutilate/spindle"
backlash protests of the 1960s when people purposely did just that out
of frustration with computers?
> All I know is, I should receive hazardous duty pay for dealing with
> all this shit day after day. PAT]
Other moderators feel the same way.
------------------------------
TELECOM Digest is an electronic journal devoted mostly but not
exclusively to telecommunications topics. It is circulated anywhere
there is email, in addition to various telecom forums on a variety of
networks such as Compuserve and America On Line, Yahoo Groups, and
other forums. It is also gatewayed to Usenet where it appears as the
moderated newsgroup 'comp.dcom.telecom'.
TELECOM Digest is a not-for-profit, mostly non-commercial educational
service offered to the Internet by Patrick Townson. All the contents
of the Digest are compilation-copyrighted. You may reprint articles in
some other media on an occasional basis, but please attribute my work
and that of the original author.
Contact information: Patrick Townson/TELECOM Digest
Post Office Box 50
Independence, KS 67301
Phone: 620-402-0134
Fax 1: 775-255-9970
Fax 2: 530-309-7234
Fax 3: 208-692-5145
Email: editor@telecom-digest.org
Subscribe: telecom-subscribe@telecom-digest.org
Unsubscribe:telecom-unsubscribe@telecom-digest.org
This Digest is the oldest continuing e-journal about telecomm-
unications on the Internet, having been founded in August, 1981 and
published continuously since then. Our archives are available for
your review/research. We believe we are the oldest e-zine/mailing list
on the internet in any category!
URL information: http://telecom-digest.org
Anonymous FTP: mirror.lcs.mit.edu/telecom-archives/archives/
(or use our mirror site: ftp.epix.net/pub/telecom-archives)
Email <==> FTP: telecom-archives@telecom-digest.org
Send a simple, one line note to that automated address for
a help file on how to use the automatic retrieval system
for archives files. You can get desired files in email.
*************************************************************************
* TELECOM Digest is partially funded by a grant from *
* Judith Oppenheimer, President of ICB Inc. and purveyor of accurate *
* 800 & Dot Com News, Intelligence, Analysis, and Consulting. *
* http://ICBTollFree.com, http://1800TheExpert.com *
* Views expressed herein should not be construed as representing *
* views of Judith Oppenheimer or ICB Inc. *
*************************************************************************
ICB Toll Free News. Contact information is not sold, rented or leased.
One click a day feeds a person a meal. Go to http://www.thehungersite.com
Copyright 2004 ICB, Inc. and TELECOM Digest. All rights reserved.
Our attorney is Bill Levant, of Blue Bell, PA.
************************
DIRECTORY ASSISTANCE JUST 65 CENTS ONE OR TWO INQUIRIES CHARGED TO
YOUR CREDIT CARD! REAL TIME, UP TO DATE! SPONSORED BY TELECOM DIGEST
AND EASY411.COM SIGN UP AT http://www.easy411.com/telecomdigest !
************************
Visit http://www.mstm.okstate.edu and take the next step in your
career with a Master of Science in Telecommunications Management
(MSTM) degree from Oklahoma State University (OSU). This 35
credit-hour interdisciplinary program is designed to give you the
skills necessary to manage telecommunications networks, including
data, video, and voice networks.
The MSTM degree draws on the expertise of the OSU's College
of Business Administration; the College of Arts and Sciences; and the
College of Engineering, Architecture and Technology. The program has
state-of-the-art lab facilities on the Stillwater and Tulsa campus
offering hands-on learning to enhance the program curriculum. Classes
are available in Stillwater, Tulsa, or through distance learning.
Please contact Jay Boyington for additional information at
405-744-9000, mstm-osu@okstate.edu, or visit the MSTM web site at
http://www.mstm.okstate.edu
************************
---------------------------------------------------------------
Finally, the Digest is funded by gifts from generous readers such as
yourself who provide funding in amounts deemed appropriate. Your help
is important and appreciated. A suggested donation of fifty dollars
per year per reader is considered appropriate. See our address above.
Please make at least a single donation to cover the cost of processing
your name to the mailing list.
All opinions expressed herein are deemed to be those of the
author. Any organizations listed are for identification purposes only
and messages should not be considered any official expression by the
organization.
End of TELECOM Digest V24 #177
******************************
| |