[WSIS CS-Plenary] Spam as an issue

Sat Jan 29 18:30:32 GMT 2005

Martin Olivera ha scritto:
> I find the bottom-up technique against spam proposed
> in this message from Michael, it is not only a good
> idea, but the only that is not restricting my freedom
> to receive spam if I want, and is based on trust
> (community trust) instead of central regulation -a bad
> solution approach who may lead us to policies of
> privacy violation and content filtering-.

I do not have a final idea on spam or on how to best combat it. However, I 
want to report a story that was told at the Geneva meeting in September, 
by a representative of the government of a small developing country, and 
that made me think a lot about the hidden risks in the bottom-up approach.

He told that, months ago, an unknown person from a developed country 
cracked the main mail servers of their national telecom ISP, which acts 
more or less in a monopoly regime, so that most Internet users of the 
country use it for their e-mail. After cracking it (or using some 
misconfiguration... not sure they could tell the difference), he used the 
servers to send spam.

As a result, the servers were inserted in all main anti-spam blacklists, 
and so... 90% of the country stopped being able to exchange emails with 
the rest of the world, as they were being marked as spam and thus filtered 
out or totally refused.

It took some time for these people to understand what was happening... and 
even when they knew it, they didn't know how to get their IPs out of the 
blacklists, and according to the tale some maintainers wouldn't even trust 
their word so to remove them from the blacklist. In the end, they were cut 
out of the Internet, for what regards email, for many days.

So, this person said, who gave the right to some unknown engineer on the 
other side of the world to ban an entire country from sending e-mails, 
without even warning them or giving them a chance to discuss the matter, 
for a fault that wasn't even theirs?

I am sure that a lot of this can be managed in terms of building awareness 
among network operators, including those in developing countries. Still, 
in some cases the bottom-up approach has the risk that the less skilled 
and informed users will not be able to understand it or to cope properly 
with it, and that there is no due procedure or warranty against errors or 
misjudgements by the individuals running the system (yes, if they make too 
many errors people will stop using their service, but if errors are just 
"a few"? and still, a few errors might have terrible consequences, as we 
are talking about effectively intercepting and stopping private 
correspondence).

So perhaps the bottom-up approach should be refined with, for example, 
better procedural warranties? Just an idea.
-- 
vb.               [Vittorio Bertola - v.bertola [a] bertola.eu.org]<------
http://bertola.eu.org/  <- Vecchio sito, nuovo toblòg...