nanog mailing list archives
Re: large BCP38 compliance testing
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 3 Oct 2014 11:17:46 -0400
On Fri, Oct 03, 2014 at 08:54:32AM +1000, Mark Andrews wrote:
Or it will require legislation and I will assure that whatever is written not be liked. On the other hand everyone one in the country will be in the same boat.
I concur with you -- strongly. Legislation is not the answer, because (a) it only applies in limited jurisdictions and this is a global problem and (b) it will inevitably be written by those with the deepest pockets, see for example CAN-SPAM, crafted by and for spammers and their supporters. But legislation isn't necessary. Within limits (prescribed by contractual obligations) none of us are required to offer services to arbitrary parties. We *choose* to do so, by default, all day every day because that's why we have an Internet. But we're not *obligated* to do so: those services may be withheld in full or part at any time for any reason (or even without a reason). And this is where I quote the best thing I've ever read on this mailing list: If you give people the means to hurt you, and they do it, and you take no action except to continue giving them the means to hurt you, and they take no action except to keep hurting you, then one of the ways you can describe the situation is "it isn't scaling well". --- Paul Vixie Having observed, for example, the spam problem since its genesis, I can unequivocally state that the *only* thing that has ever addressed the problem (rather than merely addressing its symptoms) is SMTP blacklisting. Everything else has been ineffective, misdirected, wishful thinking. The same thing applies here: persistent, systemic sources of large-scale abuse via BCP-38 noncompliance are either: 1. Being operated by clueless, negligent, incompetent people or 2. Being operated by deliberately abusive people There are no other possibilities. (Note: "persistent, systemic". Transient, isolated problems happen to everyone and are not what I'm talking about here.) It's difficult to know which of those two are true via external observation, but it's not *necessary* to know: the appropriate remedial action remains the same in either case: stop giving them the means. ---rsk
Current thread:
- Re: large BCP38 compliance testing, (continued)
- Re: large BCP38 compliance testing Alain Hebert (Oct 06)
- Re: large BCP38 compliance testing Jay Ashworth (Oct 12)
- Re: large BCP38 compliance testing Valdis . Kletnieks (Oct 02)
- Re: large BCP38 compliance testing Roland Dobbins (Oct 02)
- Re: large BCP38 compliance testing Jimmy Hess (Oct 05)
- Re: large BCP38 compliance testing Octavio Alvarez (Oct 20)
- Re: large BCP38 compliance testing Brian Rak (Oct 02)
- Re: large BCP38 compliance testing Roland Dobbins (Oct 02)
- Re: large BCP38 compliance testing Rich Kulawiec (Oct 02)
- Re: large BCP38 compliance testing Mark Andrews (Oct 02)
- Re: large BCP38 compliance testing Rich Kulawiec (Oct 03)
- Re: large BCP38 compliance testing Mikael Abrahamsson (Oct 03)
- Re: large BCP38 compliance testing Alain Hebert (Oct 03)
- Re: large BCP38 compliance testing Matt Palmer (Oct 05)
- Re: large BCP38 compliance testing Andrei Robachevsky (Oct 03)