S Woodside wrote, RE: spam > How about the cost of legitimate emails that get filtered and never > read. Not everyone scans the list to check for false positives. In a major example of false positives, we already have examples of one real cost of spam. AOL (as one example of many) has declared ranges of IP addresses marked 'residential' as invalid for running a particular application. In this case SMTP, but which app is next? There is a 'guilt by association' presumption here by the operations community, which when carried into other applications results in substantially limited value in the core IP protocol. With this type of policy, the operations community is dictating which applications can be run from specific ranges of IP addresses. This would be comparable to the phone companies dictating that modems couldn't be used from phone numbers that were allocated for voice use. Clearly the operations community is fighting back with the limited tool set they have, but they are setting a very dangerous precedent in the process. While the IETF can't dictate operational process, it must defend the open and free use of its core protocol. Part of that defense means finding architecturally viable alternatives to the evolving operational hacks. One approach would be to undeniably associate an IP address with a person, so existing legal recourse would be simplified. Privacy advocates would take issue with that approach, so another would be to encode the exact location of the source in the address, and use strict RPF to enforce it. Location coupled with time would provide the legal system with needed evidence, without compromising personal privacy. There are likely other options, and issues to discuss, but we should not just push this out as 'hard so it must be research'. The open utility of IP is at stake here. Tony