On Sun, Oct 09, 2016 at 04:47:30PM -0400, bzs@TheWorld.com wrote:
But I well remember proposed spam mitigations back in 2000 being just as forcefully shot down because IT WOULD TAKE A DECADE TO IMPLEMENT THAT!!!
I remember that. I also remember the dire predictions that it would take a decade...which it wouldn't have. The problems we face today, including spam, DoS attacks, spoofing, IoT-sourced attacks, etc., have the same easy-to-implement fixes: it's just there exists no collective will to implement those fixes. Consider: everyone who is paying attention to their logs knows that AWS is a systemic/chronic source of spam, SSH brute-force attacks, etc. I don't think Amazon is actively hostile, I just think that they're incompetent, lazy, and cheap -- too incompetent, lazy, and cheap to even cover basics like having a fully-functional abuse@ address, which is something everyone learns in the first hour of the first day in Network Administration 101. This has gone on for *years*. But if everyone on this list simultaneously decided to stop accepting packets from AWS, I guarantee you that it would receive attention within hours. It might not be completely fixed by close-of-business that day, but it would not be the same operation doing the same things. And by the end of that day, we would all be better off - including Amazon, although they may not realize it or want to admit it. The same is true for many other kinds of attacks/abuses from many other sources. Either their hostile behavior is the result of deliberate intent (in which case of *course* they should be blocked) or it's the result of negligence (in which case their attention will be pointedly drawn to it). If you want someone to take action, stop letting it be your problem and make it THEIR problem. Or we can all continue to gripe about it for another decade and spend another $500M on equipment, software, services, and personnel as we try to solve other peoples' problems at our own expense. ---rsk