sean@donelan.com (Sean Donelan) writes:
excerpt: I. The Problem MoveOn.org is a politically progressive organization that engages in online activism. For the most part, its work consists of sending out action alerts to its members via email lists. Often, these alerts will ask subscribers to send letters to their representatives about time-sensitive issues, or provide details about upcoming political events. Although people on the MoveOn.org email lists have specifically requested to receive these alerts, many large ISPs regularly block them because they assume bulk email is spam. [...] i reject all mail from moveon.org here. not because i assume bulk e-mail is spam, but because i still personally receive all mail sent to any address at cix.net, and quite a few people who wish to subscribe from cox.net end up typing cix.net by mistake. ("i" and "o" are adjacent in QWERTYland.) i'm therefore in a position to prove that moveon.org does not verify the ownership or permission status of new e-mail addresses before sending political information. i tried complaining, but moveon.org's postmaster function appeared to be understaffed or overworked or both. further down in this otherwise excellent paper, we see: II. The Solution (Or At Least A Start): Principles and Best Practices [...] 2. All mailing-list email should be delivered to willing subscribers. As a corollary, no one should be subscribed to an email list without his or her knowledge and consent, as evidenced by positive action. ...to which i must add my strongest possible agreement. if moveon.org would just follow this principle or best practice, i would accept their e-mail here. even though i found this EFF paper to be well written and well researched in other ways, i wonder if the authors knew that moveon.org does not verify permission or ownership of new subscribers, and if they considered this as one of the possible reasons why a lot of e-mail admins reject, as i do, all mail that comes from moveon.org. if not, then the fundamental premise of this paper is flawed. if so, then they should have mentioned this factor. either way, i'm not as impressed as i could've been. -- Paul Vixie
on Mon, Nov 15, 2004 at 04:45:24AM +0000, Paul Vixie wrote:
sean@donelan.com (Sean Donelan) writes:
excerpt:
I. The Problem
MoveOn.org is a politically progressive organization that engages in online activism. For the most part, its work consists of sending out action alerts to its members via email lists. Often, these alerts will ask subscribers to send letters to their representatives about time-sensitive issues, or provide details about upcoming political events. Although people on the MoveOn.org email lists have specifically requested to receive these alerts, many large ISPs regularly block them because they assume bulk email is spam. [...]
i reject all mail from moveon.org here. not because i assume bulk e-mail is spam, but because i still personally receive all mail sent to any address at cix.net, and quite a few people who wish to subscribe from cox.net end up typing cix.net by mistake. ("i" and "o" are adjacent in QWERTYland.) i'm therefore in a position to prove that moveon.org does not verify the ownership or permission status of new e-mail addresses before sending political information. i tried complaining, but moveon.org's postmaster function appeared to be understaffed or overworked or both.
I couldn't agree more. We have several users here who signed up for the moveon.org mailings back when the group was a single-issue activism project (getting the US to "move on" and stop wasting its time trying to impeach Clinton). None of them expected to become permanent members of what soon became a shrill, extremely partisan, and spam-spewing group. To the best of my knowledge, no attempt to unsubscribe has been respected. That said, I've long since stopped listening (or contributing) to the EFF as I see their war on antispammers as counterproductive. John Gilmore runs a well-known open relay at toad.com, and for some reason thinks that free, anonymous speech is important enough to let spammers drown it out through sheer volume. I prefer having usable email, so I no longer support the EFF. -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
On 11/15/04, Steven Champeon <schampeo@hesketh.com> wrote:
That said, I've long since stopped listening (or contributing) to the EFF as I see their war on antispammers as counterproductive. John Gilmore runs a well-known open relay at toad.com, and for some reason thinks that free, anonymous speech is important enough to let spammers drown it out through sheer volume. I prefer having usable email, so I no longer support the EFF.
While I continue to be saddened by this, I have to agree. The EFF has done amazing, necessary work on so many issues, and I thank them for that -- but they've been blaming the wrong people regarding spam for many years. -- J.D. Falk okay, what's next? <jdfalk@cybernothing.org>
On Mon, 15 Nov 2004, Steven Champeon wrote:
John Gilmore runs a well-known open relay at toad.com, and for some reason thinks that free, anonymous speech is important enough to let spammers drown it out through sheer volume.
Someone famous said something about paying a high price for free speech, I think this perhaps would fall under that category. Mr Gilmore spends quite a bit of time tending to his mail server to ensure that spammers do not abuse it. Any spammer who spends time pumping mail through his server is going to realize quite quickly that its not worth their time. Its a very old slow machine on a T1 with other intentional slowdowns added to the MTA, and some amount of spam filtering. I would say it would have a hard time passing more than 1 message a minute. I would think that most spammers would give up and go abuse an open proxy somewhere, they're much more plentiful and less cluefully tended.
on Mon, Nov 15, 2004 at 01:06:09PM -0800, Tom (UnitedLayer) wrote:
On Mon, 15 Nov 2004, Steven Champeon wrote:
John Gilmore runs a well-known open relay at toad.com, and for some reason thinks that free, anonymous speech is important enough to let spammers drown it out through sheer volume.
Someone famous said something about paying a high price for free speech, I think this perhaps would fall under that category.
I know - I too, pay a high price to maintain my own mail servers.
Mr Gilmore spends quite a bit of time tending to his mail server to ensure that spammers do not abuse it.
Congrats. So do I.
Any spammer who spends time pumping mail through his server is going to realize quite quickly that its not worth their time. Its a very old slow machine on a T1 with other intentional slowdowns added to the MTA, and some amount of spam filtering. I would say it would have a hard time passing more than 1 message a minute.
Great. And this affects those of us with not-so-old, not-so-slow machines how? The bottom line is that Gilmore, and the EFF, have taken a very soft stance on spam, believing it to be less important than "free speech" or "anonymous speech". Oh, well. I believe that the EFF already has all the support it needs, and so I don't contribute to their efforts to make my life more difficult.
I would think that most spammers would give up and go abuse an open proxy somewhere, they're much more plentiful and less cluefully tended.
Oh, probably. Or one of the million-host proxy botnets. Or another open proxy. Or another open relay. Or a hacked webmail server, etc. etc. etc. The existence of other more preferable alternatives doesn't obviate the fact that the EFF has not been tough enough on spam. http://www.eff.org/Spam_cybersquatting_abuse/Spam/position_on_junk_email.php Wow. So, no antispam measure with any possibility of blocking legitimate mail should be adopted. In other words, we should just go back to 1993? http://eff.org/wp/?f=SpamCollateralDamage.html Wow. So, any collateral damage is unacceptable? Even when the source of the so-called "legitimate" mail is a spammer, pure and simple, with bad ideas about what constitutes mailing list management? Granted, they're "working with others" to "define" things that most of us have known about for years. Gee, thanks, guys. Why not spend some time using the best practices already written up? Hell, does the EFF even do subscription confirmations yet? Or do they assume that anyone capable of filling out a Web form is incapable of lying or mistyping their email address? RFC2505 is five years old and a BCP now. Its first admonition is to put an end to unauthorized relaying. Second is to provide trace information in Received: headers. Oops! Both essentially outlaw anonymous speech via email. In a nutshell, email requires accountability. The EFF apparently thinks that is too high a price to ask for email. -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
On Mon, 15 Nov 2004, Steven Champeon wrote:
And this affects those of us with not-so-old, not-so-slow machines how?
By the fact that there is no way in hell that he could relay a large amount of spam...
The bottom line is that Gilmore, and the EFF, have taken a very soft stance on spam, believing it to be less important than "free speech" or "anonymous speech".
By definition, the EFF's main concern is free speech and privacy.
http://eff.org/wp/?f=SpamCollateralDamage.html
Wow. So, any collateral damage is unacceptable?
To me, and people who rely on email for reliable communication, yes absolutely. Collateral damage is unacceptable, period. Its even worse when administered punitively (like SPEWS/etc) because its done with the intent of disrupting other people's lives. If you're going to fight something, and you feel its worthwhile, fight it on the high-road.
In a nutshell, email requires accountability. The EFF apparently thinks that is too high a price to ask for email.
I think you're missing the point. Anonymous communication saves lives, allows people to "blow the whistle", and in general it serves the greater good to have it exist. Email already has an "audit trail" built into it, and you can at least track it to some extent if you know what you're doing. Does email need a DNA signature for the sender? In my mind no, you can get that if you use PGP signatures and look how few people actually use that.
On Nov 15, 2004, at 5:47 PM, Tom (UnitedLayer) wrote:
In a nutshell, email requires accountability. The EFF apparently thinks that is too high a price to ask for email.
I think you're missing the point. Anonymous communication saves lives, allows people to "blow the whistle", and in general it serves the greater good to have it exist. Email already has an "audit trail" built into it, and you can at least track it to some extent if you know what you're doing. Does email need a DNA signature for the sender? In my mind no, you can get that if you use PGP signatures and look how few people actually use that.
I hate e-mail as much as the next guy, more probably, having spent real $$ and lots of time, hardware, effort, etc. in support of the cause. But even I have to say that 1 e-mail/minute is an OK price to let people send anonymous e-mail if it really will save lives. And this absolutely does. If you come up with a better solution, I'm all ears. -- TTFN, patrick
on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote:
On Mon, 15 Nov 2004, Steven Champeon wrote:
And this affects those of us with not-so-old, not-so-slow machines how?
By the fact that there is no way in hell that he could relay a large amount of spam...
You seem to be confusing the single instance with the widespread application of the policy. My problem is with the latter, which is what the EFF is pledged to defend in the face of widespread damage to the medium they hope to save thereby. Put simply, I'm fine with a few well-known anonymizing mail servers. I also reserve the right to reject mail from them. I am not fine with an organization pledged to defend the principle for /all mail servers and spam sources/ regardless of whether they are under the control of spammers (and with no mind paid to the fact that a great deal of spam is sent via compromised machines that are unlikely to be used by freedom fighters or whistleblowers, etc.) Come on - do you really think the Russian mafia is going to allow free use of their botnets so that Chechnian freedom fighters can post propaganda? I don't. Not even if they were paid for it.
The bottom line is that Gilmore, and the EFF, have taken a very soft stance on spam, believing it to be less important than "free speech" or "anonymous speech".
By definition, the EFF's main concern is free speech and privacy.
And I have supported them in the past for exactly their dedication to that concern. However, they now confuse government censorship on the one hand, with the abuses of a system by fraudsters and others (often in league with the very same countries whose censoring governments the EFF opposes) on the other. Alan Ralsky hosts his servers in China. Do you really think that the goal of protecting freedom is served by encouraging everyone not to reject mail from those servers? Given that China's rDNS is so hosed or nonexistent as to make local, automated judgements difficult to impossible, it's far easier for those of us who don't want Ralsky's junk to simply reject all mail from China. If China doesn't like it, they should reconsider hosting Ralsky. The same goes for any country or ISP hosting or enabling spammers. And yes, I know that's a broad brush, and may not be appropriate for everyone. That's my whole point - that by ceding the spam battle over a misguided idea of protecting free speech, the EFF is actually encouraging others to paint with similarly broad brushes in their own defense - and undermining their own intentions. I didn't make the decision to allow 419/AFFers to post through Tiscali's webmail servers - Tiscali did, and they continue to let the abuses occur. Bigpond has largely fixed their 419/AFF problem, by disallowing use of their webmail accounts to non-AU users (in the process, they also broke their Received: header trace information, but hey). Got a problem with their policy? I don't. I had a user here who got upwards of 100/day - nearly all 419/AFF spam. Much of that has disappeared, thanks to the implementation here of policies that others were incapable of making, in order to deal with /their/ abuse problem, not mine. Privacy is a great goal. In my mind, it has its price. If I want to vote to protect my privacy, I register. If I want to drive a car, I get a license and get insured, and can prove it in case I run into someone else. If you want to be on the Internet, I damn well better be able to contact you (or someone who has taken responsibility for your presence here) in the event that you run dictionary attacks against my mail server, or try to send a million spam messages through your broadband channel, or run a worthless and buggy OS without a firewall and thereby let yourself get owned by anyone and become a vector for abuse. Barring that, I'll just block you and anyone who looks like you, and call it a day, and selectively unblock or whitelist once you've met my policy criteria. Those who prattle on about rights forget about their corresponding responsibilities, and undermine their very case by appearing to lack any sense of the price we pay for the former through the latter.
http://eff.org/wp/?f=SpamCollateralDamage.html
Wow. So, any collateral damage is unacceptable?
To me, and people who rely on email for reliable communication, yes absolutely. Collateral damage is unacceptable, period.
Then it would behoove you to support efforts to make email accountable rather than decry such attempts as censorship. Lacking other solutions to the spam problem, everyone tries their own. Which is more important? That we can all get behind industry-wide proposals, or that we all uniquely splinter useful protocols due to our own necessities, dictated by the demands of real usage? I'd love to stop wasting time chasing the rats out of my mail server. Until then, I am doing what I can to analyze inbound spam and adjust my policies accordingly to keep it out. Rather than fight for the rights of the vast majority of the suffering masses just yearning to send email reliably, the EFF has chosen, de facto, to defend the rights of the spammers, who benefit enormously from the existence of unaccountable servers/proxies.
Its even worse when administered punitively (like SPEWS/etc) because its done with the intent of disrupting other people's lives.
Sure - in order to get their attention (or their ISP's attention) and presumably alert them to, and get them to fix, their abuse problems. I don't use SPEWS here (for various reasons) but I don't have any problem at all with someone else building a policy that includes the use of SPEWS.
If you're going to fight something, and you feel its worthwhile, fight it on the high-road.
That's what I'm doing. I am fighting the widespread lack of accountability of email senders by implementing policies that demand same; if I can't report abuse to a living person with some expectation of a change in the behavior of their customers, I don't accept mail from them. Sadly, this has meant that sometimes legitimate mail is rejected, with an informative message saying why. The EFF, on the other hand, wants email to remain an unaccountable medium for the sake of a miniscule amount of potential messages whose content could well be delivered in other ways.
In a nutshell, email requires accountability. The EFF apparently thinks that is too high a price to ask for email.
I think you're missing the point. Anonymous communication saves lives, allows people to "blow the whistle", and in general it serves the greater good to have it exist.
At what expense?
Email already has an "audit trail" built into it,
No, it does not. More accurately, the mail server /you control/ has a minor amount of tracing information that it can insert into a message; all else is untrustable - and the EFF wants to further undermine the remainder in the case of relayed mail (by defending the principle of anonymous relay transmissions). I already reject mail from servers whose webmail implementations do not include useful tracing information (just as I reject mail from those systems if the origin is a common source of Nigerian 419/AFF junk). Don't like it, and you're a user/supporter of said systems? Put pressure on the systems in question /to fix their servers/ so that the fraudsters are kept out, or so that they can be tracked and dealt with.
and you can at least track it to some extent if you know what you're doing.
No, sorry, that's false, too. You can /make an effort/ to rely on untrusted information, to posit a source beyond the last relay; that is all.
Does email need a DNA signature for the sender? In my mind no, you can get that if you use PGP signatures and look how few people actually use that.
You undermine your own case here. Let the anonymous senders create and post keys via public servers then encrypt their messages with those keys. Authentication is not the same as encryption or identification, nor do any of them necessarily compromise anonymity or demand unaccountability in sending mail. Anyway, the bottom line is that I no longer pay the EFF to fight on the side of my enemies. All else boils down to "my network, my rules" and "it'd be great if we all had the same rules and could talk to all the other networks". -- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
At a meeting a few weeks ago, a bunch of us made the claim that the NANOG list could in most cases be self-policing. In that spirit, it seems worth pointing out that this discussion of the Russian Mafia, Chechen freedom fighters, the EFF, and China, seems to be heading in a direction that would be a bit off-topic for the NANOG list. -Steve On Mon, 15 Nov 2004, Steven Champeon wrote:
on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote: On Mon, 15 Nov 2004, Steven Champeon wrote:
And this affects those of us with not-so-old, not-so-slow machines how?
By the fact that there is no way in hell that he could relay a large amount of spam...
You seem to be confusing the single instance with the widespread application of the policy. My problem is with the latter, which is what the EFF is pledged to defend in the face of widespread damage to the medium they hope to save thereby.
Put simply, I'm fine with a few well-known anonymizing mail servers. I also reserve the right to reject mail from them.
I am not fine with an organization pledged to defend the principle for /all mail servers and spam sources/ regardless of whether they are under the control of spammers (and with no mind paid to the fact that a great deal of spam is sent via compromised machines that are unlikely to be used by freedom fighters or whistleblowers, etc.)
Come on - do you really think the Russian mafia is going to allow free use of their botnets so that Chechnian freedom fighters can post propaganda? I don't. Not even if they were paid for it.
The bottom line is that Gilmore, and the EFF, have taken a very soft stance on spam, believing it to be less important than "free speech" or "anonymous speech".
By definition, the EFF's main concern is free speech and privacy.
And I have supported them in the past for exactly their dedication to that concern. However, they now confuse government censorship on the one hand, with the abuses of a system by fraudsters and others (often in league with the very same countries whose censoring governments the EFF opposes) on the other.
Alan Ralsky hosts his servers in China. Do you really think that the goal of protecting freedom is served by encouraging everyone not to reject mail from those servers? Given that China's rDNS is so hosed or nonexistent as to make local, automated judgements difficult to impossible, it's far easier for those of us who don't want Ralsky's junk to simply reject all mail from China. If China doesn't like it, they should reconsider hosting Ralsky. The same goes for any country or ISP hosting or enabling spammers. And yes, I know that's a broad brush, and may not be appropriate for everyone. That's my whole point - that by ceding the spam battle over a misguided idea of protecting free speech, the EFF is actually encouraging others to paint with similarly broad brushes in their own defense - and undermining their own intentions.
I didn't make the decision to allow 419/AFFers to post through Tiscali's webmail servers - Tiscali did, and they continue to let the abuses occur.
Bigpond has largely fixed their 419/AFF problem, by disallowing use of their webmail accounts to non-AU users (in the process, they also broke their Received: header trace information, but hey). Got a problem with their policy? I don't.
I had a user here who got upwards of 100/day - nearly all 419/AFF spam. Much of that has disappeared, thanks to the implementation here of policies that others were incapable of making, in order to deal with /their/ abuse problem, not mine.
Privacy is a great goal. In my mind, it has its price. If I want to vote to protect my privacy, I register. If I want to drive a car, I get a license and get insured, and can prove it in case I run into someone else. If you want to be on the Internet, I damn well better be able to contact you (or someone who has taken responsibility for your presence here) in the event that you run dictionary attacks against my mail server, or try to send a million spam messages through your broadband channel, or run a worthless and buggy OS without a firewall and thereby let yourself get owned by anyone and become a vector for abuse.
Barring that, I'll just block you and anyone who looks like you, and call it a day, and selectively unblock or whitelist once you've met my policy criteria.
Those who prattle on about rights forget about their corresponding responsibilities, and undermine their very case by appearing to lack any sense of the price we pay for the former through the latter.
http://eff.org/wp/?f=SpamCollateralDamage.html
Wow. So, any collateral damage is unacceptable?
To me, and people who rely on email for reliable communication, yes absolutely. Collateral damage is unacceptable, period.
Then it would behoove you to support efforts to make email accountable rather than decry such attempts as censorship. Lacking other solutions to the spam problem, everyone tries their own. Which is more important? That we can all get behind industry-wide proposals, or that we all uniquely splinter useful protocols due to our own necessities, dictated by the demands of real usage? I'd love to stop wasting time chasing the rats out of my mail server. Until then, I am doing what I can to analyze inbound spam and adjust my policies accordingly to keep it out.
Rather than fight for the rights of the vast majority of the suffering masses just yearning to send email reliably, the EFF has chosen, de facto, to defend the rights of the spammers, who benefit enormously from the existence of unaccountable servers/proxies.
Its even worse when administered punitively (like SPEWS/etc) because its done with the intent of disrupting other people's lives.
Sure - in order to get their attention (or their ISP's attention) and presumably alert them to, and get them to fix, their abuse problems. I don't use SPEWS here (for various reasons) but I don't have any problem at all with someone else building a policy that includes the use of SPEWS.
If you're going to fight something, and you feel its worthwhile, fight it on the high-road.
That's what I'm doing. I am fighting the widespread lack of accountability of email senders by implementing policies that demand same; if I can't report abuse to a living person with some expectation of a change in the behavior of their customers, I don't accept mail from them. Sadly, this has meant that sometimes legitimate mail is rejected, with an informative message saying why. The EFF, on the other hand, wants email to remain an unaccountable medium for the sake of a miniscule amount of potential messages whose content could well be delivered in other ways.
In a nutshell, email requires accountability. The EFF apparently thinks that is too high a price to ask for email.
I think you're missing the point. Anonymous communication saves lives, allows people to "blow the whistle", and in general it serves the greater good to have it exist.
At what expense?
Email already has an "audit trail" built into it,
No, it does not. More accurately, the mail server /you control/ has a minor amount of tracing information that it can insert into a message; all else is untrustable - and the EFF wants to further undermine the remainder in the case of relayed mail (by defending the principle of anonymous relay transmissions). I already reject mail from servers whose webmail implementations do not include useful tracing information (just as I reject mail from those systems if the origin is a common source of Nigerian 419/AFF junk). Don't like it, and you're a user/supporter of said systems? Put pressure on the systems in question /to fix their servers/ so that the fraudsters are kept out, or so that they can be tracked and dealt with.
and you can at least track it to some extent if you know what you're doing.
No, sorry, that's false, too. You can /make an effort/ to rely on untrusted information, to posit a source beyond the last relay; that is all.
Does email need a DNA signature for the sender? In my mind no, you can get that if you use PGP signatures and look how few people actually use that.
You undermine your own case here. Let the anonymous senders create and post keys via public servers then encrypt their messages with those keys. Authentication is not the same as encryption or identification, nor do any of them necessarily compromise anonymity or demand unaccountability in sending mail.
Anyway, the bottom line is that I no longer pay the EFF to fight on the side of my enemies. All else boils down to "my network, my rules" and "it'd be great if we all had the same rules and could talk to all the other networks".
-- join us! http://hesketh.com/about/careers/web_designer.html join us! hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!
-------------------------------------------------------------------------------- Steve Gibbard scg@gibbard.org +1 415 717-7842 (cell) http://www.gibbard.org/~scg +1 510 528-1035 (home)
On Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote:
To me, and people who rely on email for reliable communication, yes absolutely
Email (that is: SMTP or ESMTP) was never been designed for reliable communication. It's best-effort. No more. (*Should* there be a new Internet mail protocol which provides reliable communication? Maybe. Maybe not.) However, if you wish email, as presently designed and implemented, to be more reliable than it presently is, then you must make a total committment to stopping spam: anything else is just wishful thinking. To put it another way: if mail is less reliable in 2004 than in, say, 1994, (and I certainly think it is) then the number one reason why it is so, by a very wide margin, is spam (whether of the "traditional" variety or that generated by viruses/worms).
Collateral damage is unacceptable, period.
Oh, I most certainly agree -- but then again, since nobody is being "damaged" in any way (something the EFF clearly doesn't understand), this is not a problem. Note: all instance of "you" which follow are rhetorical and not intended to apply to any individual. If you call me, and I do not accept your call, have I "damaged" you? No. I have merely declined to extend you a privilege. If you send me a letter, and I choose not to accept delivery, have I "damaged" you? No. I have merely declined to extend you a privilege. If you send me an email message, and I choose to refuse it, have I "damaged" you? No. I have merely declined to extend you a privilege. "Global" connectivity (as in, access to OTHERS' PRIVATELY OWNED equipment) is a COURTESY and PRIVILEGE granted by the owners of that equipment. It is not a birthright. --- Bruce Gingery Make nice -- and you will enjoy my generosity, as I will continue to extend you these privileges. Don't make nice -- as in permit your network to be a persistent source of spam and other forms of abuse -- and you can expect at some point that I will stop doing so, as I am not required to tolerate your incompetence or active collaboration with abusers (which are indistinguishable from my chair). To put it another way: if it came from _your_ network on _your_ watch: it's _your_ spam/abuse. Not Ralsky's. Not Richter's. Not some pirate-software gang's. YOURS. Expect to be held accountable for it. That may be an unpleasant prospect. If so, then let me suggest that if we can see spam entering our networks, you can most certainly see it leaving yours. Fix it. It's not hard. All it requires are simple tools such as "root/enable passwords" and "wirecutters". ---Rsk
----- Original Message ----- From: "Rich Kulawiec" <rsk@gsp.org> To: <nanog@merit.edu> Sent: Tuesday, November 16, 2004 8:10 AM Subject: Re: EFF whitepaper --- snip ---
Collateral damage is unacceptable, period.
Oh, I most certainly agree -- but then again, since nobody is being "damaged" in any way (something the EFF clearly doesn't understand), this is not a problem.
Note: all instance of "you" which follow are rhetorical and not intended to apply to any individual.
If you call me, and I do not accept your call, have I "damaged" you? No. I have merely declined to extend you a privilege.
If you send me a letter, and I choose not to accept delivery, have I "damaged" you? No. I have merely declined to extend you a privilege.
if i were being sent a letter or a call and my post office/telephone company decided to reject them because they were overworked and needed to filter to reduce costs, i'd have a lot to say about that, as i'm sure would you. with that said, this is quite possibly off-topic to nanog. i'd second the request earlier in the thread to move it to somewhere more appropriate. paul --- paul galynin
Paul G wrote:
with that said, this is quite possibly off-topic to nanog. i'd second the request earlier in the thread to move it to somewhere more appropriate.
politechbot for instance .. lovely place to discuss this sort of thing. http://seclists.org/lists/politech/2004/Nov/0026.html -- suresh ramasubramanian suresh@outblaze.com gpg # EDEDEFB9 manager, security & antispam operations, outblaze limited
participants (10)
-
J.D. Falk
-
Patrick W Gilmore
-
Paul G
-
Paul Vixie
-
Rich Kulawiec
-
Sean Donelan
-
Steve Gibbard
-
Steven Champeon
-
Suresh Ramasubramanian
-
Tom (UnitedLayer)