Re: More on spamming..
- Date: Wed, 01 Oct 1997 13:24:00 +0100
> > Another necessary fix is for ISPs to keep record of which
> > user had which IP address at any given time, and to keep contact
> > details for all their users (this is desirable for secuirity and
> > legal reasons too).
>
> This is elementary; know who your customers are and what they
> are doing with your infrastructre.
If you keep all your servers time sync'd and keep full Radius
accounting records, yes, you can translate an (IP address, time)
pair into a username. Some ISPs can do this reliably. Many don't.
Seconds may well matter. The next problem is to associate that
user name with a person. Dead easy you may think. But the
user may claim that someone else has been using their account.
Thus you also need to log CLI (calling number identity),
which in turn means your telecom provider has to present it.
The ISP must also have a policy on what to do with withheld
or unavailable CLI. So while this seems simple, actually it
isn't. Very few ISPs actually do the whole of this (IMHO).
> > If you build these two things together with
> > a term in peering agreements that classifies spam abuse in a similar
> > manner to the way most agreements currently classify security
> > problems (i.e. mutual terms for traceability and action), and
> > one hopes that similar terms are already in place in transit
> > agreements, then one should be better able to get spammers
> > removed.
>
> Almost all peering on the Internet today is 'soft'; in that
> it is 'just packets' that is moved. If we are to get tough on
> enforcing this we'll need lawyer-based peering aggreements.
Mmmm... About 30% of my US peers have paper based agreements.
Most of them (probably all) have security based agreements,
but ...
> Remember the Internet of 1993 ? How fearful we all were about
> getting such 'firm' peering aggreements,
... wasn't most of the fear about a price being attached to them?
(for exactly the reasons you state below). The academic networks
have always had AUPs you are expected to abide by to some extent
as peers. JANET in the UK being a good example.
> because it would
> force us into a PTT-stand on almost all the models of pricing,
> transit etc. that the Internet Community loathed (does it still?).
>
> Are we ready for the 'firm' peering aggreement ?
I think this is largely orthogonal. You can equally well implement
the "if you don't track down spam, we'll cease this arrangement"
in an email based, lawyer-free peering environment. And you
make this point yourself below (*),
My personal view is that firm peering agreements are inevitable.
But this is another issue entirely.
(*) - > The other way is to keep up the self-justice. Drop the peering
> with the bozo generating the spam.
--
Alex Bligh
GX Networks (formerly Xara Networks)
