Racer X <[EMAIL PROTECTED]> writes:
>> Of course there is. Blocking port 25 for all their dialup lines is a
>> simple router configuration. Re-enabling it on a customer-by-customer
>> basis on dynamic dialups requires software to interact with the
>> terminal authentication server that they'd probably have to write
>> themselves.
> Wrong. It simply requires you to use Radius and network equipment that
> allows you to send back filters in your Radius authentication.
Good, I'm glad to hear that it's improved. (It certainly used to be the
case that this was hard.) So how many ISPs are going to be willing to do
this? The cost that I was talking about is not only programming effort
(thankfully apparently not an issue) but also administrative overhead.
(See below.)
>> Lots of people scream loudly at an overworked ISP about spam from their
>> dialups. ISP could (a) improve their tracking and reporting measures
>> and their abuse staff and cancel spammer accounts faster,
> What exactly did you have in mind to "improve tracking and reporting
> measures?" Tracking and reporting is not the problem. Tracking is
> trivial for anyone who keeps dialup logs; rest assured that people who
> get spammed will report it to you. The point is not to cancel spam
> accounts "faster;" the point is to keep the crap from going out in the
> first place.
No, I disagree, because any measure that you use to prevent the crap from
going out in the first place *will* result in loss of legitimate mail.
This is the inherent problem with spam filtering, and is something that
Dan's been rightfully pointing out on this list for a while. I *do* do
spam filtering, but solely because there's currently no better
alternative.
The only *real* solution is to provide sufficient economic or legal
disincentive (because that's the only thing people actually listen to) to
stop spamming in the first place. Cleanup charges, laws that allow people
to collect damages... that's what's going to make it go away. But in a
world where ISPs routinely give out free trial accounts and certain large
ISPs refuse as a matter of policy to even check credit card numbers to see
if they belong to people who were previously kicked off for spamming,
trying to do anything *real* about spam is almost a lost cause.
Filters and the like is an arms race. You develop better stuff, the
spammers develop better stuff to get around it. Doomed, at least without
putting everyone behind an interface that would make AOL look flexible.
>> (b) spend lots of time implementing a scheme where they can give their
>> good customers the same service as they had before,
> You've lost me here.
If you want to turn on port 25 for certain customers on a customer-by-
customer basis, you have to implement some sort of tracking for those
people, and a procedure for them to get approved, and....
>> or (c) just do something fast and quick that reduces service for
>> everyone in a way that 95% of their customers won't care about and that
>> will get the anti-spam folks off their backs.
> Over 99% of typical dialup customers have no need to use anything but
> the ISP's mail server. I'm basing this number on my 4 years of
> experience doing contract and full-time work for 5 ISP's in 3 major
> metropolitan areas. I'm willing to admit that the number might be lower
> for other areas or other ISP's but I think 99% is a safe bet.
Like I said.
> The 1% that do care can either be provided with the service they need or
> (usually) talked out of it by simply explaining the nature of the
> service they're looking for. Some people have concerns for privacy but
> fail to realize that merely avoiding our mail server wouldn't keep us
> from snooping anyway. Others run Linux or something with sendmail and
> just don't know how to set up their machine properly. It's worth an
> hour of my time to keep a customer happy and educate them on how to
> better run their system.
Like I said. And there are a few people who just want to be in control of
their own mail. I know I would. I know lots of other people feel the
same way. You may be a great, well-run, reliable outfit, but the fact
remains that computers fail and things go wrong, often at the *remote*
side, and unless you're running your own outgoing mail, finding out about
it is a crap shoot.
> The notion that ISP's implement these policies as a way to "screw" the
> customer is foolish.
That isn't what I said.
> These policies help the ISP become a better net citizen,
Yes, definitely true.
> provide a higher level of service to their customers
I'm sorry, but this is simply not true. Less is not more. You're
providing less service. There's no way to get around that. I'd be a lot
friendlier towards people who feel that the realities of spam are forcing
them into doing port blocking if they'd quit trying to misrepresent it as
a "feature."
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
