Spam Control Considered Harmful

Turnando Fuad fuad at
Thu Oct 30 16:36:03 UTC 1997

> [snip]
> > compared to (my experience of) the problem. We get spam, so do our customers,
> > but it's a couple of messages, each of ~500 bytes. Even on modems connections
> [snip]
> Because you happen to not be getting very much is no reason to believe
> that everyone is so lucky.  Anyone who has been around for any length of
> time, posts or has posted to newsgroups, is the contact for any number
> of domains/ASNs/netblocks, or even hosts any number of domains gets
> bucketfuls.   
> Often times, they work from old archives of Usenet as well. I've received
> garbage forwarded from old addresses I haven't used since '92 or '93.
> It is unrealistic to believe that one's expereince is sufficeintly
> representative to be able to generalize and define the scope of the
> whole problem.

I think another question to ask is how much are we willing to spend to
fight spam. Justin Newton(in the NANOG meeting) mentioned $400 million as
what *all* ISPs spent to deal spam. There's definitely the support and
administrative costs dealing with spam. But Paul Vixie's somewhat extreme
RBL(which I have communicated to Paul) and associated filters would not
eliminate those costs but shift it to higher level support due to
unreachable mail servers, routes, etc.  And with plethora of ISPs
implementing their own blend of enforcements, it will require more costly
high level engineering support to deal with the spam related support
issues. And filters aren't really equitable if one is willing to filter
out or punish some domains or networks permitting spam *but* will leave, and UUNet's networks alone. Filter implementations should
be equitable. And if Paul's RBL seeks to punish ISPs whose email/Web
address appears in the spam, then perhaps the RBL should also include the
network space for all the telcos and long distance companies whose 800
number appears in the spam. 

It will go a long ways for all ISPs to keep their SMTP servers to their
own networks along with certain DNS validations for incoming mail. And the
POP authenticated SMTP services will allow ISPs using UUNet's networks to
limit their customer's mail to going through their mail servers only.

I agree with an earlier post to spend more time pushing through with the
proposed legislation to fight spam. I think it's great we are having this
discussion on means to stop and/or control spam. I am only hoping our zeal
to stop spam and punish spammers will not create chaos and make the Net
less usable for the common folks whose use of the Internet is what is
making the Net thrive and keeping us all in business.


Turnando Fuad

More information about the NANOG mailing list