Paul, Actually, credit agencies don't have a single standard for what "bad" is; they are obligated to only keep factual data (as can be best determined) in the files. When you cause a credit report to be checked, one or more algorithms are used to score your credit, but the algorithm used is up to the particular inquirer and credit bureau. It's not that hard to make this one work for spammers, but you need some key pieces to all be in place: 1. Common definition for what information is kept 2. ISP's need customer contracts which allow reporting of incidents and terminations to any/all such bureaus 3. ISP's need to figure out how to handle a "new" site which has no listings. Spammers already figured out that some ISPs do D&B credit checks, and have gotten very good at appearing as a new "startup" a week later. /John At 4:50 PM +0000 6/13/04, Paul Vixie wrote:
owen@delong.com (Owen DeLong) writes:
Perhaps what is needed is a reporting agency, similar to the credit reporting agencies, where ISPs can register chronic problem-customers. Eventually, your internet credit rating deteriorates to the point that no ISP will offer you service.
it is with some discomfort that i watch the last decade or so of ultimate final solutions to spam be rediscovered on a sleepy nanog weekend. the reason the above analogy fails to hold (and why that proposal isn't a solution) is that credit reporting agencies have an established standard for what "bad" is -- days overdue on payments. there is no similar standard for a tcp/ip endsystem, and there can be none. a week doesn't go by without some goober-with-firewall complaining that f-root is portscanning him. as112 gets it every day at least two or three times. someone else here reports that his squid proxy is regularly reported by norton's tools because it sets unusual bits in the tcp header. and so on. -- Paul Vixie