I fully expect my ISP to turn me off if my site starts spewing abuse. However, until that happens, I expect my ISP to deliver any valid IP datagram destined for me, and, I expect to them to deliver any valid IP datagram I send out, at least to the next AS in the path to the destination. If they turn me off for spewing abuse, I expect them to immediately contact me and provide as much information as they have about the nature of the problem. I think expect that it is my responsibility to identify and correct the problem, notify my ISP, and wait a reasonable amount of time (possibly as much as 24-48 hours) for them to turn me back on. So far, this hasn't been a problem. Owen --On Saturday, June 12, 2004 9:54 PM -0400 John Curran <jcurran@istaff.org> wrote:
The real challenge here is that the "default" Internet service is wide-open Internet Protocol, w/o any safeties or controls. This made a lot of sense when the Internet was a few hundred sites, but is showing real scaling problems today (spam, major viruses, etc.)
One could imagine changing the paradigm (never easy) so that the normal Internet service was proxied for common applications and NAT'ed for everything else... This wouldn't eliminate all the problems, but would dramatically cut down the incident rate.
If a site wants wide-open access, just give it to them. If that turns out to cause operational problems (due to open mail proxies, spam origination, etc), then put 'em back behind the relays.
/John
-- If it wasn't crypto-signed, it probably didn't come from me.