[WSIS CS-Plenary] Spam as an issue

avri at acm.org avri at acm.org
Sat Jan 29 19:10:32 GMT 2005 

Hi Vittorio,

This may point to a problem with the bottom up approach that governance 
can cure, but I am not sure how. I see it as possibly pointing to 
problems with configuration (the lack of egress filtering), security (a 
technical issue), or with having a single monopoly service provider (a 
national issue).  I also see it as a reason for better mailers (a 
technical solution) or better email standards - still not governance 
issues.

I see no reason why a transit provider or provider on the receiving end 
does not have the right to filter traffic they find unacceptable and I 
don't think that regulations barring someone from taking such defensive 
action is something to wish for.

While I can understand that it was an unfortunate experience, I don't 
see it as a cause for governance.  I go back to an indirect quote from 
some jurist of the past, hard situations make for bad law.  I expect 
that the small government service provider learned a lesson and closed 
the hole.  And I expect, or hope, that legitimate user email was cached 
in the mailers waiting for the transit to be allowed.

avri



On 29 jan 2005, at 13.30, Vittorio Bertola wrote:

> Martin Olivera ha scritto:
>> I find the bottom-up technique against spam proposed
>> in this message from Michael, it is not only a good
>> idea, but the only that is not restricting my freedom
>> to receive spam if I want, and is based on trust
>> (community trust) instead of central regulation -a bad
>> solution approach who may lead us to policies of
>> privacy violation and content filtering-.
>
> I do not have a final idea on spam or on how to best combat it. 
> However, I want to report a story that was told at the Geneva meeting 
> in September, by a representative of the government of a small 
> developing country, and that made me think a lot about the hidden 
> risks in the bottom-up approach.
>
> He told that, months ago, an unknown person from a developed country 
> cracked the main mail servers of their national telecom ISP, which 
> acts more or less in a monopoly regime, so that most Internet users of 
> the country use it for their e-mail. After cracking it (or using some 
> misconfiguration... not sure they could tell the difference), he used 
> the servers to send spam.
>
> As a result, the servers were inserted in all main anti-spam 
> blacklists, and so... 90% of the country stopped being able to 
> exchange emails with the rest of the world, as they were being marked 
> as spam and thus filtered out or totally refused.
>
> It took some time for these people to understand what was happening... 
> and even when they knew it, they didn't know how to get their IPs out 
> of the blacklists, and according to the tale some maintainers wouldn't 
> even trust their word so to remove them from the blacklist. In the 
> end, they were cut out of the Internet, for what regards email, for 
> many days.
>
> So, this person said, who gave the right to some unknown engineer on 
> the other side of the world to ban an entire country from sending 
> e-mails, without even warning them or giving them a chance to discuss 
> the matter, for a fault that wasn't even theirs?
>
> I am sure that a lot of this can be managed in terms of building 
> awareness among network operators, including those in developing 
> countries. Still, in some cases the bottom-up approach has the risk 
> that the less skilled and informed users will not be able to 
> understand it or to cope properly with it, and that there is no due 
> procedure or warranty against errors or misjudgements by the 
> individuals running the system (yes, if they make too many errors 
> people will stop using their service, but if errors are just "a few"? 
> and still, a few errors might have terrible consequences, as we are 
> talking about effectively intercepting and stopping private 
> correspondence).
>
> So perhaps the bottom-up approach should be refined with, for example, 
> better procedural warranties? Just an idea.
> -- 
> vb.               [Vittorio Bertola - v.bertola [a] 
> bertola.eu.org]<------
> http://bertola.eu.org/  <- Vecchio sito, nuovo toblòg...
> _______________________________________________
> Plenary mailing list
> Plenary at wsis-cs.org
> http://mailman.greennet.org.uk/mailman/listinfo/plenary
>

More information about the Plenary mailing list