> From: Yakov Shafranovich > > If the IETF would officially define "slum tenement Internet service" > > (with better words, of course), then truth in advertising laws, the > I am not sure if it's the IETF's role to define such definition. There are plenty of RFCs that consist of little more than definitions of terms. In a real sense, any standards track RFC is merely a list of definitions of terms. If the IETF has no business defining terms to name existing varieties of Internet service, then it certainly has no business publishing BCPs telling people how to provide Internet services, including how to run blacklists. > But in > any case, the problem is that given the current situtation that ISPs do > not have sufficient incentive to deal with the problem at the end > points, is there anything that the IETF can really do aside from > providing some standards and publishing BCPs? A definition of what they're doing and the truth in labeling laws could give them some incentives. If ISPs offering slum Internet service would admit that's what they're selling, they could preemptively block port 25 and stop a large part of today's spam, worms, and viruses. The majority of their customers would not notice any difference, except fewer spam, worms, and viruses. Contrary to claims from some ISPs, filtered Internet service is not technically difficult or expensive to provide. In fact it is significantly cheaper, because it uses less bandwidth and abuse desk labor. That is why many ISPs offer it instead of real Internet service. (Some do try the cheaper and less honest tactic of submitting their own IP addresses to so called "dynamic blacklists" so that they don't need to hire help to configure their routers to block outgoing TCP SYNs to port 25.) Those users that did complain could be pointed at AUPs that often today prohibit the use of "servers" and offered upgrades to accounts with prices that allow ISPs to deal with the risk of abuse. That higher price might still be $30/month but with a $3000 bond. Or perhaps $300/month for the first 6 months and $30/month thereafter. As someone said privately, the slumlord ISPs are not only skipping on abuse desks. They also don't have valid SWIPEs, reverse DNS names, NTP or NNTP servers, monitoring to meet the SLAs they almost claim to offer and other services that come with real Internet service. > Given that most ISPs do not make that much profit, what anything change > in the long run about their ignorance of abuse reports? The Internet is being separated into two parts. One part is of spam filled slums that cannot send mail directly to the other part. That is the common purpose of DNS blacklists and port 25 filters. Whether you admit that fact and whether you say "slum tenements" and "real Internet" or "spiritual heir to UUCP" and "transitive closure of direct SMTP connectivity" doesn't change anything but the politics. What is needed is for the IETF to try to prevent politicians, government bureaucrats, and slumlord ISPs from colluding to regulate the whole Internet down into the tenement slums. There are interests that would love to see laws funnel all mail sent through Microsoft/AOL/Verisign servers (probably using a form of PKI cert). Spooks, spies, and police state officials would find those servers as convenient as monopolists would find them profitable. Vernon Schryver vjs@xxxxxxxxxxxx