large BCP38 compliance testing

• Previous message (by thread): large BCP38 compliance testing
• Next message (by thread): large BCP38 compliance testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 03, 2014 at 08:54:32AM +1000, Mark Andrews wrote:
> Or it will require legislation and I will assure that whatever is
> written not be liked.  On the other hand everyone one in the country
> will be in the same boat.

I concur with you -- strongly.  Legislation is not the answer, because
(a) it only applies in limited jurisdictions and this is a global problem
and (b) it will inevitably be written by those with the deepest pockets,
see for example CAN-SPAM, crafted by and for spammers and their supporters.

But legislation isn't necessary.  Within limits (prescribed by contractual
obligations) none of us are required to offer services to arbitrary
parties.  We *choose* to do so, by default, all day every day because that's
why we have an Internet.  But we're not *obligated* to do so: those services
may be withheld in full or part at any time for any reason (or even
without a reason).

And this is where I quote the best thing I've ever read on this mailing list:

	If you give people the means to hurt you, and they do it, and
	you take no action except to continue giving them the means to
	hurt you, and they take no action except to keep hurting you,
	then one of the ways you can describe the situation is "it isn't
	scaling well".

	--- Paul Vixie

Having observed, for example, the spam problem since its genesis, I can
unequivocally state that the *only* thing that has ever addressed the
problem (rather than merely addressing its symptoms) is SMTP blacklisting.
Everything else has been ineffective, misdirected, wishful thinking.

The same thing applies here: persistent, systemic sources of large-scale
abuse via BCP-38 noncompliance are either:

	1. Being operated by clueless, negligent, incompetent people
or
	2. Being operated by deliberately abusive people

There are no other possibilities.  (Note: "persistent, systemic".
Transient, isolated problems happen to everyone and are not what I'm
talking about here.)

It's difficult to know which of those two are true via external
observation, but it's not *necessary* to know: the appropriate remedial
action remains the same in either case: stop giving them the means.

---rsk

• Previous message (by thread): large BCP38 compliance testing
• Next message (by thread): large BCP38 compliance testing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]