As a carrier, I know that we should not and can not filter/censor/monitor any content on our "pipes". This includes unsolicited emails, pornography, whatever, but there comes a point where the amount time to respond these issues that I can not perform the job I am paid to do. [...]
You cannot make the determination based on content. Not because you are a carrier, but because all three major North American governments have laws protecting the privacy of other people's information -- your role as a carrier just means when other people send their information through your facility you do not "own" it, so it isn't "yours", so you can't peek at it. You *can* make this determination based on knowledge of the source. If you have reason to believe that someone out there is going to put your internal network to a use you do not agree with, you have every right to block their traffic at your perimeter. In other words the same legal protections that allow you to do GIGAswitch port filtering and prevent someone from using you as their default route, also gives you the route to install "black hole" routes in your network so that certain other networks become unreachable. You do not need any of the things a law enforcement agency would need -- you do not have to have the court's permission, you do not need probable cause, you do not have to show that your actions were not personally biased. (We will eventually see ISPs licensed in a way that makes this harder, but right now you are free to do whatever you want with an IP packet, even if you are a regulated common-carriage telephone company who sometimes deals with SMDS frames or ATM cells or whatever.) So it comes down to a business decision, not unlike peering. Will your customers complain more if you have a good path to network X, or will they complain more if you have a bad path to network X? In the case of peering as a business decision, it takes a pretty special value of "X" to get, say, Sprint's customers to complain en masse that they cannot reach that "X". In the case of spam, though, there are a lot of quite common values of "X" for which customers will complain more if you CAN reach it than if you CANNOT. My list of "X", as of this morning, is as follows: static { # spam 204.141.123 masklen 24 interface lo0 reject; 208.9.65 masklen 24 interface lo0 reject; 207.14.56 masklen 24 interface lo0 reject; 206.154.151 masklen 24 interface lo0 reject; 208.1.117 masklen 24 interface lo0 reject; 207.32.128 masklen 24 interface lo0 reject; 208.8.32 masklen 24 interface lo0 reject; 208.197.88 masklen 24 interface lo0 reject; # softcell A 208.206.49 masklen 24 interface lo0 reject; # softcell NS 208.206.54 masklen 24 interface lo0 reject; # softcell MX }; I am working on a free service offering whereby the above list is sent as a multihop BGP feed to anyone who is willing to indemnify me for any loss of business or lawsuits which could come about as a result of accepting the above feed. (Right now I'm finding that GateD 3.6A2 doesn't do multihop BGP, but as soon as I back out to 3.5 I think things will start working again.) Naturally the effect of a large number of people accepting my "blackhole feed" would be that spammers will have to ask their providers for a new IP address block every time they do a new spam. I expect that this will make them less welcome as customers. Note that accepting this eBGP feed from me in no way shortens an ISP's ability to sell IP connectivity to spammers who happen to be on the list. Your spammer customers will still have complete access to your internal network and will still have complete access to every part of the Internet who does not subscribe to my blackhole feed. On the other hands, spammers who are not your customers will not be able to interact with anyone who IS your customer. (Spammers who are your customers are probably pretty careful not to annoy nonspammers who are also your customers, since they know what they're doing is unfriendly and they don't want to get caught by someone who can pull out their plug.) I did not do my small part in building this industry only to have to use PGP to filter out all e-mail that doesn't come from a known, trusted source. I will do that as a last resort, and before I do I will fight the good fight to maintain the way of life I came to this medium for in the first place.