North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Points on your Internet driver's license (was RE: Even you can

  • From: John Curran
  • Date: Sun Jun 13 13:24:51 2004 
Paul,
 
   Actually, credit agencies don't have a single standard for what
   "bad" is; they are obligated to only keep factual data (as can
   be best determined) in the files.   When you cause a credit
   report to be checked, one or more algorithms are used to
   score your credit, but the algorithm used is up to the particular
   inquirer and credit bureau.

   It's not that hard to make this one work for spammers, but you
   need some key pieces to all be in place:
 
   1.  Common definition for what information is kept
   2.  ISP's need customer contracts which allow reporting of
        incidents and terminations to any/all such bureaus
   3.  ISP's need to figure out how to handle a "new" site
        which has no listings.   Spammers already figured out
        that some ISPs do D&B credit checks, and have gotten
        very good at appearing as a new "startup" a week later.
  
/John

At 4:50 PM +0000 6/13/04, Paul Vixie wrote:
>[email protected] (Owen DeLong) writes:
>
>> Perhaps what is needed is a reporting agency, similar to the credit
>> reporting agencies, where ISPs can register chronic problem-customers.
>> Eventually, your internet credit rating deteriorates to the point that no
>> ISP will offer you service.
>
>it is with some discomfort that i watch the last decade or so of ultimate
>final solutions to spam be rediscovered on a sleepy nanog weekend.  the
>reason the above analogy fails to hold (and why that proposal isn't a
>solution) is that credit reporting agencies have an established standard
>for what "bad" is -- days overdue on payments.  there is no similar standard
>for a tcp/ip endsystem, and there can be none.  a week doesn't go by without
>some goober-with-firewall complaining that f-root is portscanning him.  as112
>gets it every day at least two or three times.  someone else here reports
>that his squid proxy is regularly reported by norton's tools because it sets
>unusual bits in the tcp header.  and so on.
>--
>Paul Vixie