On Fri, 2003-12-26 at 12:04, Jay Moore wrote: > Why do you feel that way? Are you aware that the spam problem has forced > many to block _all_ mail coming from dynamic IP addresses - regardless of > whether they've ever sent spam or not. Using your ISP's mail server > (assuming they are as responsible as they sound) will result in fewer > blocked messages for you.
Well, I sense that this will quickly degenerate into a pitched ideological battle, but I figured I would share the other side of the story. It used to be that everyone connected to the Internet was a "peer". All nodes has equal rights and each could run whatever services they pleased. With the advent of the mythical "IPv4 address shortage" and the invention of NAT, the idea of "peers" was changed from "each host can reach all others equally" to "each border can reach all other borders". Traffic was filtered through gateways, so there was no way for end-users to offer services without the permission of their gateway manager, and with special rules on their gateway. When the Internet was commercialized, ISPs started selling access for profit. Their main concern is giving as many people access to "basic" features for the lowest cost to themselves and the highest profit. ISPs don't have any concept of offering service to peers, they're offering service to *customers*. Customers are second-class citizens and don't really have any rights on the Internet, save for what their ISP grants them. Totally gone are the days when anyone can setup their own website and e-mail server and be in control of their own destiny. ISPs funnel everything centrally and many times won't allow you to run any services at all (doing so will result in termination of your service). Why don't people like this? What about massive invasion of privacy? All your mail is being forced through your ISPs server, where both they and the Feds can monitor it (on the server, where it's much easier than sniffing packets) for any reason, without notifying you. What if you simply believe you can provide better service in some areas than your ISP can (for instance, host your own caching nameserver because the nameservers at many ISPs are overloaded and respond slowly)? Above all, it interrupts your right to be a peer on the Internet and relegates you as a slave to your ISP. You can't express your ideas on a website that you control through your "basic" Internet connection, you have to pay more money to some other provider for that. Sure, you *could* buy rackspace at a colo and have a T-1 run to your house, but not all of us have the roughly $1,000 USD/month that you're looking at for an arrangement like that. Basically, the treshold of true peer-hood is so far out of the reach of ordinary netizens that it's practically unobtainable for private citizens. So while I agree that filtering for exploitable services coming from customers who *aren't using those services* is a good thing (this would indicate compromised boxes), it shouldn't be blanket applied to everyone. If I sign a waiver indicating that I'll be responsible for the equipment and services I run, I should be allowed to host whatever I want as long as it isn't illegal. Ninty-five percent of customers will never need that access, but for the five percent like me that run their own web, mail, etc it should still be an affordable option. By the way, there are other, more accurate ways to filter for spam than blocking all dynamically assigned IPs. It's very unfortunate that large providers would rather censor huge portions of the Internet community than invest some money in a real technical solution. It's even more unfortunate that such recklessness is encouraged. /derail off -- Brian Keefer, CISSP Senior Field Engineer, Professional Services CipherTrust Inc, www.CipherTrust.com
