At 04:25 PM 2/10/2004, Paul Vixie wrote:
nanog@vo.cnchost.com (JC Dill) writes:
Just as Canter and Siegel's green card spam was a novel way to (ab)use SMTP for Canter and Siegel's profit, ten years later Verisign develops Sitefinder [1] - a novel way to (ab)use DNS requests for Verisign's profit. ...
while i won't fault your analogy on structural grounds, i challenge it on factual grounds. the c&s green card imbroglio came from nntp, not smtp.
Yes, the Green Card spam of 4/94 was on usenet, my bad. But in early 1994 *email* spam also became a problem. I've found various references that say email spam started becoming a problem in January 1994 (starting with the "Global Alert for All: Jesus is Coming" spam to usenet, followed by email spam), and in April 1994 (starting with C&S's Green Card spam to usenet, followed by email spam). I can't pin down an exact date or email for the first unsolicited bulk/commercial email spam spew of 1994 - I keep on finding cites to the "first spam" referring back to the DEC spam on ARPANET in 1978. <http://www.templetons.com/brad/spamterm.html> <http://www.templetons.com/brad/spamreact.html> In any event, UCE/UBE email spam was clearly a big problem by July 1994 when it was the topic of a Time Magazine article: "Battle for the Soul of the Internet", by Philip Elmer-Dewitt TIME Domestic, July 25, 1994 Volume 144, No. 4 It is 2004 now, and we have not accomplished a single thing to actually stop the exponentially increasing spew of spam.
I believe that there is no good "operational" way to solve either problem.
and yet, the place to discuss non-operational solutions is not nanog@. i suspect that you will find plenty of places to make your proposals, wherein many other people will also make their own proposals, with nobody reading anybody else's proposals. sort of like here, except politics not operations.
Are you REALLY saying that: A) When someone proposes something that will break the operation of the Internet as we know it; and B) There is no immediately apparent or obvious "operational" solution besides playing Whack-A-Mole with the abuser(s); C) We shouldn't discuss it here - to attempt to keep it from being implemented or to see if someone discovers a true "operational" solution? How can we consider the pros and cons of various (operational/social/legal) solutions to network operations problems if we can't discuss and consider *all* possible solutions? jc -- p.s. Please do not cc me on replies to the list. Please reply to the list only, or to me only (as you prefer) but not to both.