North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Schneier: ISPs should bear security burden
Steve Sobol wrote: > And I'd argue that Owen's attitude is appropriate for transit and > business-class connections - but if you're talking about a consumer ISP, > that's different. If the Big Four US cable companies followed AOL's lead, > we'd see a huge drop in malware incidents and zombies. You could solve 90% of the problems that you perceive are being caused by unrestricted cable modem users by using blocklists to ignore traffic from them. As somebody who picked a DSL provider specifically because it allows me to run any kind of server I want, I'm not highly in favor of blocking traffic from broadband users and killing the end-to-end principle that makes the Internet work, but if the noise-to-signal ratio is too high, it's easy to set up your mail servers to reject mail from cable modem users, or set your routers to null-route their packets, or even null-route-plus-strict-uRPF them if that's what makes your users happy. You'd see a huge drop in zombies because they'd become invisible to you, and while being surrounded by invisible zombies isn't all it's cracked up to be, it's a good start. It puts the choices in the hands of the recipients, and market-like processes will find a balance that's much more varied than imposing technical restrictions on senders (as opposed to don't-spam types of restrictions.) (And in spite of my self-righteous pontificating about not broadly blocking big chunks of people because it blocks the good along with the bad, my main email ISP allows users to pick blocklists by country, and you can bet that I'm blocking email from China, Korea, and Nigeria, and anybody there who wants to reach me can email my work address or use a Yahoo account. I'm not using the DSL/cable blocklists, though, but that mail gets spam-filtered.) -- ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.