> From: "Christian Huitema" <huitema@xxxxxxxxxxxxxxxxxxxxx> > > 1. block port 25 to external IP addresses for all of your customers > > except those with what draft-klensin-ip-service-terms-01.txt calls > > Full Internet Connectivity. > > ... and receive a flood of complaints because 10% of your users are > using a mail service provided by someone else than you. That's a significant problem, but so what? Stopping spam is not without costs. The spam problem exists only because service providers sell other than Full Internet Connectivity and cannot charge enough for the other flavors to squash abuse. The reason spam is a problem is that ISPs are unwilling or unable to pay the costs necessary to zap spamming customers. If spam were a certain path to termination with prejudice, there would be no significant spam. If ISPs would immediately and permanently terminate all spamming customers and refuse to exchange STMP/TCP/IP with other ISPs that fail to terminate spammers, there would be no spam problem and no need for blocking port 25 and so forth. If Microsoft would have been willing to pay the costs to ship secure software for the last 10 years, than the spam distribution mechanism currently favored by the worst spammers would not exist. > > 2. Do not sell Full Internet Connectivity to anyone running Microsoft > > software exposed to the Internet. > > Regardless of whether Microsoft's software can be secured (it can), As we all know, that is true in Microsoft marketing liturature and plausible theories but false in practice. As I said, practically all desktop Windows XP and NT installations have users running browsers and MUAs as "administrator." Contrary to the knowingly misleading statements from Microsoft appologists, that fact makes Windows a hopelessly insecure system. Then there are the versions of Windows not related to Windows NT that cannot be secured even in theory. > this > is a big no-op as a PC behind a "home firewall" is still at risk from > e-mail viruses and questionable web downloads. A PC running Microsoft software behind a "home firewall" for most meanings of that phrase including Microsoft's is not protected. It must not be exposed to the Internet. > > 3. The effects of #1 and #2 include forcing all mail from the usual > > suspects through your own mail systems so that you can do as the > > credit card companies do. Track SMTP envelope Mail_To values or > > other characteristics for each customer. When you see a change, > > contact the customer by voice to check. > > So the solution to Spam has to be a massive surrender of privacy! This statement is disingenous. No existing privacy is lost. It is just as false and dishonest to claim that the credit card companies reduce someone's privacy with their anti-fraud mechanisms. Exactly the same mail information is already present in ISP SMTP server logs. Privacy is not lost by people acting on your private information. It is lost when your private information is collected. Changing how computers manipulate your no-longer-private information does not reduce your privacy. Disclosing the fact that you do not have privacy does not reduce your privacy. If you want privacy, you must use cash instead of a credit card. You must also buy full internet connectivity, run your own SMTP client, and use at least SMTP-TLS, and of course, that's only a start toward mail privacy. > I am afraid that you are falling in the very trap that you often > denounce, present you personal definitive solution to Spam... My modest proposal would stop spam, but is not unique. As I wrote in words you did not quote, the spam problem results from service providers such as UUNet, Comcast, and Yahoo and software vendors such as your employer refusing to pay their shares of the costs to stop network abuse. Vernon Schryver vjs@xxxxxxxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf