> From: Joe Abley <[email protected]> > If you can describe BCP38 deployment in a non-trivial network such > that deployment is to the benefit of shareholders and non-deployment > is not, I'm all ears. Absent regulation and punitive fines for > non-compliance, I don't see it.
Civil lawsuits by victims of DNS reflection and other attacks that depend on failures to deploy BCP38 might help convince boards of directors. It might help to take up a collection to help pay the legal fees a victim sueing one of those non-trivial networks. I've the vague impression that kind of fund raising is illegal. I've learned to avoid using the word "fine" in a different but related context. I have long claimed that ESPs (bulk mailer for hire) could practically stop the large amounts of unsolicited bulk email that they send by fining their customers with dirty target lists. A $100 fine for each spam complaint verified by the ESP (maybe only after the 5th complaint and maybe capped at $5,000) would practically stop the ESP spam sent toward my personal mailbox and to my spam traps feeding DCC. A representative of a major ESP insisted in public that my claim is nonsense, because it is "illegal (sic)" for an ESP to fine its customers. Because ESPs are private enterprises, that might be literally true. It's also a lie because ESPs could say "cleanup fee" or "spam complaint processing fee" instead of "fine" without reducing the disincentive for purchased, harvested, "re-purposed," or other dirty mailboxes in target lists. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
