Paul Vixie vixie at
Thu May 29 19:49:09 CDT 2008

nanog at (Ian Mason) writes:

> On 27 May 2008, at 16:33, Robert Bonomi wrote:
> > Amazon _might_ 'get a clue' if enough providers walled off the EC2
> > space, and they found difficulty selling cycles to people who couldn't
> > access the machines to set up their compute applications.
> This is a classic example of externalities in the economics of security.
> Currently, any damage caused by Amazon customers costs Amazon little or
> nothing. The costs are borne by the victims of that damage. On the other
> hand mitigating this damage would cause Amazon costs, in engineering and
> lost revenue. So in economic terms they have no incentive to 'do the
> right thing'.

i've heard this called "the chemical polluter business model".

> So to get Amazon to police their customers either requires regulation or
> an external economic pressure. Blocking AWS from folk's mail servers
> would apply some pressure, making areas of the net go dark to AWS would
> apply more pressure faster. A considerable amount of pressure could be
> placed by a big enough money damages lawsuit but that has a feedback
> delay of months to years.

to that end, i don't accept e-mail from any free e-mail provider, including
gmail, nor from most ISP mail servers.  all of them face this same
economics decision, and all of them end up spewing quite a bit of spam, and
there's no end in sight.  e-mail sourcing doesn't scale.  the highest
quality e-mail comes from the smallest communities.  EC2 will probably face
some boycotts.  i don't think these will change the endgame, whatever it is.
Paul Vixie

More information about the NANOG mailing list