Points on your Internet driver's license (was RE: Even you can
John Curran
jcurran at istaff.org
Sun Jun 13 17:14:57 UTC 2004
Paul,
Actually, credit agencies don't have a single standard for what
"bad" is; they are obligated to only keep factual data (as can
be best determined) in the files. When you cause a credit
report to be checked, one or more algorithms are used to
score your credit, but the algorithm used is up to the particular
inquirer and credit bureau.
It's not that hard to make this one work for spammers, but you
need some key pieces to all be in place:
1. Common definition for what information is kept
2. ISP's need customer contracts which allow reporting of
incidents and terminations to any/all such bureaus
3. ISP's need to figure out how to handle a "new" site
which has no listings. Spammers already figured out
that some ISPs do D&B credit checks, and have gotten
very good at appearing as a new "startup" a week later.
/John
At 4:50 PM +0000 6/13/04, Paul Vixie wrote:
>owen at delong.com (Owen DeLong) writes:
>
>> Perhaps what is needed is a reporting agency, similar to the credit
>> reporting agencies, where ISPs can register chronic problem-customers.
>> Eventually, your internet credit rating deteriorates to the point that no
>> ISP will offer you service.
>
>it is with some discomfort that i watch the last decade or so of ultimate
>final solutions to spam be rediscovered on a sleepy nanog weekend. the
>reason the above analogy fails to hold (and why that proposal isn't a
>solution) is that credit reporting agencies have an established standard
>for what "bad" is -- days overdue on payments. there is no similar standard
>for a tcp/ip endsystem, and there can be none. a week doesn't go by without
>some goober-with-firewall complaining that f-root is portscanning him. as112
>gets it every day at least two or three times. someone else here reports
>that his squid proxy is regularly reported by norton's tools because it sets
>unusual bits in the tcp header. and so on.
>--
>Paul Vixie
More information about the NANOG
mailing list