|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [Re: Fun new policy at AOL]
"Dr. Jeffrey Race" <[email protected]> wrote: > > > The proposal at <http://www.camblab.com/misc/univ_std.txt> provides that > mail from compromised sources shall be rejected. This forces the host > sysadmin to secure his system if he wants to communicate with the rest > of the internet. Presently the penalty for negligence is borne by the > victim, not the perpetrator. The unique aspect of the proposal is to > attach consequences to actions, a principle which is used everywhere in > society except the Internet. > > Jeffrey Race > > i'm still curious to know how this mail will be automagically rejected... is there a black list of compromised hosts (beyond the black lists that already exist) that i don't know about? if so, i would love to be able to use it i'm sorry dr race, but i still do not see much in your proposal (no matter how many times you submit it to the list) that i cannot already do, or that is not already being done (albeit not universally), but if you cannot compell someone to behave a certain way with current laws and best practices, a new law/best practice will not mean much. spammers will hijack/infect new computers, the blocklists will grow larger and larger, vendors will release insecure operating systems, etc, etc ,etc arbitrary black/white-lists are a mildly effective method of combatting spam now, but not everyone has one. not everyone has their own bayes-based filter on their servers. you can try to make the 'perpetrator' pay, but, as microsoft will tell you, not even big cash awards will help you. you still end up punishing the often ignorant end user, and they don't really learn how to do it better, even if they do manage to patch up a level or two. spam is big money - consumerism is big money - bad operating systems are big money - user stupidity is often more painful for the tech support rep than the [l]user my solution? education of the end user would be a good place to start. securing their 'favorite' o/s would be another. neither however, is a function of the service provider. we all spend a lot of time chasing down hackers and spammers already, then we get to do the rest of our 'normal' work. my $0.02 /joshua * and yes, i just put on my flame-retardant suit ;) **i wonder what the probabilities are regarding your emails - every one contains the same link...maybe when i get my new server setup and trained, i will find out "Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence." - Stephen Hawking -
|