TELECOM Digest OnLine - Sorted: Re: Getting Serious About the War on Spam

Re: Getting Serious About the War on Spam

Fred Goldstein (
Thu, 21 Apr 2005 22:36:16 -0400


I hate to discourage you, but as somebody who has been on the Internet
even longer than you (since the ARPAnet in 1978), and who has paid
some attention to the legalities (since telecom regulation is much of
my consulting practice), I have to say that Robert Bonomi is right and
both you and Lisa are wrong.

The Internet is anarchy. Still is. ICANN is a paper tiger. It got
its authority from Bernie Ebbers, and held on by inertia. Really.

The "Internet" is not a legal entity. There are multiple backbone
networks. Each is a private entity that carries what it feels like,
and charges what it can. "Peering" means that both sides agree that
they value each other's connections, and thus don't charge each other.
"Upstream" means that a provider sells service to a smaller one. It's
a wonderful example of free-market economics. No regulator could have
dreamed it up; no tariff could have described it. And it only works
*because* there is no one ISP with enough market power to make the

Before 1992, there was NSFnet, with federal funding and an Acceptable
Use Policy which kept it rather noncommercial. That was the main
backbone. There were also lots of private IP networks, many not
connected to each other or any backbone. They could still get
"public" address space from Jon Postel, who controlled the addressing.
There were some other inter-organizational IP networks. By then,
TCP/IP had largely fulfilled the original OSI mission (open system
interconnection) while completely bypassing the OSI standardization
processes. It took a different route to ubiquity -- free code.

Suffice to say that there was some effort made to derail a proposal
that would have given ANS CO+RE (a joint venture of MCI, IBM and the
University of Michigan's MERIT) a monopoly on commercialization. Once
NSFnet was privatized and the AUP thus ended, multiple backbones
popped up. The industry organized itself rather nicely between 1993
and 1995; the phrase "at Internet speed" was actually meaningful. But
again, NOBODY was in charge. Jon handed out addresses, and DNS names
went from being free to $100 to $70.

Jon died suddenly, and Melvin Dummar found a will in his name, giving
control of the name and address space to a Washington lawyer named
Sims, who created ICANN out of whole cloth, appointing a board. At
least that's as good an explanation as I can figure out for how ICANN
came about. The US Government gave ICANN backing, but there was no
real legal authority to it. Sometimes an assertion of authority is
good enough.

ICANN claimed to have authority over the name and number space.
Addressing (numbering) hasn't been all that controversial -- there are
regional registries that hand out IP blocks to ISPs. ICANN hasn't
tried anything dramatic there. In the name area, ICANN managed the
split between registrar (made competitive) and registry. They set
rules that registrars have to follow to get certified, and name a
single registry for each top level domain (TLD), like .net, .com. etc.
They haven't, however, pushed hard against the country-code registrars
that Jon had appointed. Mostly they've spent oodles of time and money
creating TLDs like .aero and .museum that are rarely used.

What can they do about spam? Frankly, nothing. They control TLDs.
That gives them some leverage against the registries and registrars,
who are supposed to follow some rules, but if a registrant pays his $8
or whatever and buys a domain from some registrar, then he can use it
for spam until the registrar pulls it. Since registering is
automated, there's no real threat against spammers. Even the
address-space threat is not helpful; spammers are often able to find
vacant number blocks and sneak them onto networks long enough to do
their damage. And the bulk of spam nowadays is sent via hijacked home
PCs running spambot malware, not spammer server farms the way Spamford
used to do it.

Indeed, the truth is that if the Internet community in general got mad
enough at ICANN, it could bypass them. ICANN's power comes from its
control over the DNS root servers. Big ISPs feed their DNS servers
from the ICANN-blessed roots. But if the ISP decided to use an
alternative root, or if an end user decided to use an alternative DNS
service (and they do exist), then it would still work. However, there
would be some risk of conflict, if two different root servers assigned
the same name to different addresses. That's the "nuclear option", to
use a currently-popular phrase. This didn't happen during ICANN's
controversial birthing phase because they got Bernie on board, when
his UUNET was the top ISP, its reputation was good, and Vint Cerf (the
Chauncey Gardiner of the Internet, famous for being there) was his
sexy spokesmodel. The other big ISPs fell in line too, with some
grumbling. But there's no law binding anyone to use ICANN-blessed
roots, just an understanding that it's better, for now, than letting
names clash.

And the harm from numbering clashes would be even worse, if that
started to happen. But the answer would not be for some "authority" to
clamp down, since there is none; it would be for ISPs to be selective
about whose BGP route advertisements they accept. A technical
solution, if unpleasant.

So can anybody do anything about spam? Well, maybe, but pointing the
finger at ICANN won't do any good. Spam exists, frankly, because at
the time the core protocols of the Internet was invented, it was a
private network, which you couldn't attach to without permission, and
such misbehavior was not tolerated. The appropriate response is
technological. Yes, laws help too; I have no problem with levying
massive civil penalties, criminal fines, jail time, and perhaps
lengthy visits to Guantanamo Bay on spammers and the people who hire
them (follow the money!). But that is unlikely to do a lot of good

I suggest that we need to rethink email, especially the "free" aspect
of it. I've had a proposal out there on my website for quite a while
( . It requires emails to be
either a) sent by someone you already know, for free (this would
include mailing lists like the Digest), or b) accompanied by a
"stampette", basically a one-time certificate, purchased from an
issuer that the recipient recognizes as trustworthy. This puts a
price in the fractional-penny range on "stranger emails", enough to
discourage spam but not normal use. While John Levine hates it (and I
respect his opinion), I still haven't seen any ideas I think are
better. Others might come along though. This is all done at the
mail-service-provider layer, either your ISP or on your own server.
It doesn't involve the highway owner (backbone ISP) or the sign
posting company (ICANN). Microsoft has even had useful contributions
to the anti-spam dialog. We have to focus the attention on methods
that can really work, not on scapegoats.

Fred Goldstein k1io fgoldstein "at"
ionary Consulting

[TELECOM Digest Editor's Note: In other words, John Postel gave away
something he did not really own, and attorney Sims went along with
the scam. I've heard about Sims and ICANN before; how he 'created'
it as sort of a figment of his imagination and handed over the name
and number space to them. I've also heard about Bernie Ebbers and
his connection to ICANN. Yes, Lisa, that's the Bernie Ebbers of MCI
infamy, the one who was recently convicted of accounting fraud and
the fellow who will soon be in jail for 85 years, unless the judge
chooses to show mercy to an old man. In the past, whenever ICANN
needed money for one of their vacation/conventions somewhere, Vint
Cerf would get the money for them out of MCI's largesse. Now days of
course, netters help pay for those vacation/convention flings through
the extortion ICANN uses on them through the registration 'fees'.

Fred, you mention ICANN is essentially a 'paper tiger' with no real
authority, but however they came to get their 'authority' from the
United States Commerce Department, in any event they have it now,
the 'authority', I mean. Do you agree with my assessment that ICANN
is happy with the mess things are in now? They wouldn't want to
change anything at all, would they? I mean, was the construction of
the contracts now used totally an accident? I don't think it was.
They could have said *something* about the ever present maliciousness
and malfeasance if they had _really wanted to_, am I right? But they
didn't want to, did they? Its better to get the small websites out of
the way, wouldn't they agree with that? Is ICANN still getting their
largesse out of MCI via Vint Cerf if you know? PAT]

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: John McHarry: "Re: Nextel Contract Expiration, How to Determine?"
Go to Previous message: Mark Crispin: "Re: Getting Serious About the War on Spam"
May be in reply to: Lisa Minter: "Getting Serious About the War on Spam"
Next in thread: Steve Sobol: "Re: Getting Serious About the War on Spam"
TELECOM Digest: Home Page