Interesting People mailing list archives
Re: Why I don't want my data in "The Cloud"
From: David Farber <dave () farber net>
Date: Thu, 22 Jul 2010 13:20:25 -0400
Begin forwarded message: From: Rich Kulawiec <rsk () gsp org> Date: July 22, 2010 10:55:38 AM EDT To: Dave Farber <dave () farber net> Cc: "David P. Reed" <dpreed () reed com>, "Patrick W. Gilmore" <patrick () ianai net>, Paul Vixie <vixie () isc org> Subject: Re: [IP] Why I don't want my data in "The Cloud"
The idea was supposedly that if an MTA didn't take responsibility for spam passing through it, it would be *punished* by shutting it down.
This, and most of the rest of this rant against the hard-working volunteers who've done the heavy lifting to keep email working in an environment where in excess of 9X% [1] of all SMTP traffic is abuse, is well off-target. System and/or network administrators don't possess the ability to shut down others' outbound MTAs, whether or not they're problematic. If they *did* have said ability, then surely they would have done so and bypassed not only the tedious work of compiling the requisite data, maintaining the publicly-available resources in face of concerted and sustained attacks, and enduring the baseless accusations and occasional legal or violent threats spewed by spammers and their colleagues/supporters. But they don't. What system and/or network administrators *do* possess is the ability to grant or revoke access privileges to others. They're not required (except in special cases such as public government sites) to provide SMTP, or HTTP, or SSH, or FTP, or DNS, or any other services to the Internet at-large. They may furnish these, or revoke them, for any reason they wish -- or merely on a whim, although I trust it's obvious why such whims are rarely if ever indulged. Many people don't grasp this: they're so accustomed to the concept that every resource on the Internet is just a click away that it never occurs to them that absent a governmental obligation or a contractual agreement, they're NOT entitled to these: every single one is a courtesy, a privilege furnished to them by the generosity of those providing it. And those graciously providing these services are not required to continue extending their generosity in the face of abuse; they may restrict use of the resource or withdraw it entirely or take other steps to forestall that abuse. And if they choose to take any of these countermeasures, is anyone "punished"? No. Is anyone "damaged" -- another term often mistakenly applied -- when this happens? No. They were never entitled to these resources in the first place. Only the fatuously self-important have the audacity to assert some claim over the private resources of others. They are no more "punished" or "damaged" than if they're turned down for a date, or refused entrance to someone's home, or passed over for a giveaway. [2] It's not only a best practice to deny services to abusers, it's counterproductice (to say the least) to do anything else. Everyone with sufficient experience in the field knows that rewarding abusers by continuing to indulge them will not only result in more local abuse, but will empower and encourage them to engage in more global abuse. (We know this not only by direct observation over a period of decades, but we also know this because abusers have been noted discussing this very point in formerly-private conversations.) One of the parts of the unwritten social contract that allows the Internet to function is the rule that says that everyone is responsible for what their operation does to everyone else's operations. Not in a content sense, not in a political sense, but in an operational sense: every system adminstrator is personally responsible for any abuse that emanates from their hosts; every network administrator is personally responsible for any abuse sourced from their network. Responsible operations staffed by capable people make it a point to proactively address this and thus are rarely, if ever, the sources for major abuse incidents of long duration. On the hand, some irresponsible operations not only fail to address this, but actively support, encourage and endorse abuse -- since it's quite profitable -- and are thus chronic, pervasive sources of abuse. [3] There is no reason for the former to continue supporting, facilitating and underwriting the latter. It was never a good idea, and now both the risks and the costs have become so enormous that it's a terrible idea. The latter's clients/customers may find thus their privileges restricted or revoked: this is a good sign that they've made a poor choice of service provider, a choice which they're free to correct or not as they see fit. But 100% of their complaints about such matters should be addressed to their provider, because that's where 100% of the underlying problem is located. ---Rsk [1] Pick your "X". Some published studies cite an X of 0 or 5, but discussions among those of us who do a lot of work in the anti-spam field suggests that something like 8 or 9 is likely more accurate. Whatever the the number really is, it's clear that the ratio of SMTP abuse to legitimate traffic is already somewhere in the ballpark of 100:1 and still increasing. [2] Nor are they, as is sometimes incorrectly claimed, "censored". There is no requirement for the rest of the Internet to expend the money and other resources to furnish a free soapbox to anyone. And should a speaker (as they ought to) spend *their* money and resources to provide their own, there is no requirement that the rest of the Internet listen. Moreover, abuse != speech -- or as I like to put it, spam and other forms of abuse are not speech, just as a brick with an attached note thrown through a window is not publication. [3] See, for example, McColo -- unfortunately only one example out of many. Discussions on anti-spam, anti-phishing, and security mailing lists encompass many others on a routine basis. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4 Powered by Listbox: http://www.listbox.com
Current thread:
- Why I don't want my data in "The Cloud" Dave Farber (Jul 20)
- <Possible follow-ups>
- Why I don't want my data in "The Cloud" Dave Farber (Jul 20)
- Why I don't want my data in "The Cloud" Dave Farber (Jul 21)
- Re: Why I don't want my data in "The Cloud" David Farber (Jul 22)