"Default" Internet Service

Tue Jun 15 01:40:59 UTC 2004

> Actually postal and freight services require you to label dangerous
> goods and may not accept some types of dangerous goods to start with.
> If they believe you've sent dangerous goods that has not been
> labeled as such they have the right to return the packege to sender
> or conduct their own investigation and delay the shipment.
>
Yes, you must label dangerous goods.  However, if I send a sealed
plastic bag of powdered sugar to somoene, the post office has no
reason to automatically assume that my package contains dangerous
goods.  In fact, arguably, if I have packed it correctly, they have
no legitimate means to know that it is a white powder.  So, unless
you can tell me some way that you believe that package (assuming it
is properly packaged, not leaking, doesn't have traces of white powder
on the outside, etc.) would be returned, I think we can both acknowledge
that this comes closer to what most worm traffic looks like.

> So in a sense if you send somebody an envelope and specify that it
> contains "dangerous white powder" and they actually accepted the
> shipment,  they should deliver it. But if they see that it contains this
> powder and  its labeled "love letter", then they should in fact open the
> envelope and  test it or return it to sender to get more clarification
> about what it is.
>
Right... See above.

> Now that's great in theory, obviously in practie this does not work and
> viruses do not get labeled as such. However my feeling is that most users
> don't at all object to ISP checking their received email for viruses,
> eventhough it maybe invasion of their private mailbox. Similarly I don't
> think its outside the scope of ISP on the origin side of email to do
> similar checks on behalf of the sender.
>
Well, users that don't object are welcome to ask their ISP and subscribe
to that service.  I don't want my ISP doing anything other than sending
the appropriate packets to port 25 on my mail server.  If the ISP is hosting
the users mailbox on their system, that's a different issue.  However,
if my ISP tries to block my mailserver from talking to other mailservers,
or, starts inspecting SMTP packets coming towards me for viruses, I am
indeed, going to be initiating legal proceedings against them under ECPA.

If an ISP is hosting a users mailbox, that is a separate value added service
from "internet" service.  I don't expect the ISP to tamper with email on
the internet service.  What they do in the mailbox service is a matter of
that contract.  It's not a service I want to subscribe to, so, I'm not as
worried about what it does or doesn't do.  The customer and ISP can agree
on that contract, and, as far as I'm concerned, it's outside the scope of
this discussion.  We are, after all, talking about internet service, not
mailbox hosting service.

>> >> Most residential ISPs get paid the same whether the customer spews
>> >> abuse or not.  Their costs go up some when they get abuse complaints
>> >> and when abuse starts using more bandwidth, so, for the most part,
>> >> most residential ISPs have no incentive to support abuse, but, not
>> >> enough incentive to pay to staff an abuse department sufficiently to
>> >> be truly responsive.  Further, most abuse departments don't get
>> >> enough support from management when the sales and marketing
>> >> departments come whining about how much revenue that abusing customer
>> >> produces each month.
>
> Its not like a big spamhaus that orders gigabit line, we're talking
> about individual dsl users most interested in cheapest kind of inet
> connection. There is not much revenue in that and cost of dealing with
> spam reports when their insecure system becomes zombie is much greater.

Right, and, there isn't enough revenue in it to cover protecting the user
from himself.  That's why most major dialup ISPs have a really lousy
abuse process.  Now, if they'd start billing their end-users to cover
the cost of a good abuse department, then things might change.  Making
non-abusive customers subsidize the abusive customers isn't the
solution.

Owen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040614/dea215a8/attachment.sig>