AOL now rejecting mail from Comcast residential IPs.
Jason Stephenson
jason at sigio.com
Mon Mar 31 12:09:12 EST 2003
Jeff Kinz wrote:
> On Mon, Mar 31, 2003 at 12:37:49AM -0600, Thomas Charron wrote:
>>Since when is forcing an SMTP server to accept your mail a punishment?
>
> It isn't. Whats happening here is that hundreds, possibly thousands
> of people who do NOT have open relays cannot use a standard internet
> protocol in the standard, approved fashion. Twenty years of internet
> policy are thrown away because AOL/comcast are lazy.
No. You can still send them mail. You just must use another method. They
aren't being lazy. (See my previous mail.)
>>What you are saying is basically that the use of an SMTP server is now a god
>>given right, along side freedom?
>
>
> No - but proper cooperative behavior - which includes freely exchanging
> email, is part of the basic nature of the internet and has been for over twenty
> years. It is a fundamental characteristic which makes the internet
> so valuable and useful. If it is abridged the entire Internet is damaged.
Yes, and the entire Internet is damaged by the flood of spam and
undeliverable email messages that are sent every day. Right now, there
is no way to police this other than rejecting IP ranges and installing
imperfect spam filters. I would argue the Internet is damaged more by
spam than by having a few IP blocks restricted on some mail servers.
> And this is not some vague, theoretical damage. Take a look at
> "at Home in the Universe" by Stuart Kauffman or "The collapse of chaos" by
> Cohen and Stewart. The specific emergent characteristics of the internet are
> completely dependent on the uncensored nature of the flow of information on
> the internet. An entity as large as AOL can actually damage that flow
> and in so doing will lessen the internet, eventually causing great harm.
Perhaps they would actually damage the Internet if they were a *real*
part of the Internet. As it stands now, they are a gated community in
one of the Internet's suburbs. They are not grand central starion or
I-95. The only people that will truly be harmed by AOL's decisions are
their customers. Their customers have choices. They can leave AOL, and
apparently many are. For some people, AOL is basically just training
wheels for the Interent. Other people like the services that AOL
provides and they choose to stay.
As for emergent behavior, what I learned in AI class was that emergent
behavior is the appearance of intelligence in a larger system composed
many agents each acting in their own self-interest or according to their
own programming. They are not programmed to cooperate in any particular
manner, though they may be allowed to interact in many diverse ways. By
imposing this rule upon AOL, "thou shalt accept mail from all IPS," you
are actually imposing an artificial restraint upon the system. You're
interfering with the emergent behavior of the 'net more than is AOL.
AOL, as even the small part of the 'net that they are, is participating
in the emergent behavior of the 'net. Their decision to block IP
addresses is just a part of that behavior.
>
> Further more - AOL's decision doesn't fix the spam problem. It just pushes
> it somewhere else. Lets really fix the problem. Lets implement an SMTP
> protocol that contains embedded PGP Authentication. No more casual anonymity.
>
> (Real anonymity has a purpose and will still need to be available through
> anonymous email gateways which are PGP authenticated)
Anonymity has a price. Identity has a price. You can't have it both
ways. I understand why you want PGP authentication on mail servers, it
makes sense. However, PGP would then have to be tightly integrated into
the 'net and most 'net applications, not just email. Most folks seem to
have problems with the relatively simple protocols that we have now.
Adding a layer of PGP at this point would simply complicate things
further. It also opens up the possible of real identity theft, becasue
it would build a false sense of security among Internet users. I believe
most people's keys would soon be compromised simply because they chose
lousy pass phrases. Even at U.K., where we gave everyone with a computer
a handout on passwords and many even got a lecture, most passwords on
the system were joes. Anything that relies on passwords and pass phrases
for security is inherently insecure.
Getting into real security is a huge topic, but I don't really think it
is possible on a computer network. One-hundred percent security (if you
can measure it at all) isn't possible any where at any time. On the
'net, I don't think you could security even approaching 5%. No, I don't
think IPV6 will help. I don't think you can architect a publicly
accessible network that would have any kind of security on the whole.
There maybe isolated pockets that are reletively secure, but the
majority of it will be like life, wild and free and open. [All right,
I'm drifting way off-topic.]
>>It's not the spammers here. It's the open relays that spammers USE. It's the
>>people who relay.
>
>
> So is comcast scanning for Open Relays and shutting them down/getting them
> fixed? No - they are implementing a policy that harms more innocent
> parties than guilty parties
Well, you signed their TOS, or at least agreed to it when you signed up
for service. If you didn't like it, you should have sought out an
alternative. One could argue that "no servers" means "no server
protocols." IOW, don't use your computer as if it were a server, even
though it isn't.
>
> Do we take away everyone's car because drunk drivers use them too?
Actually, I think we should take everyone's car because, in my
experience, most people are incapable of operating them safely. Also,
statistically speaking, automobiles are involved in the deaths of more
people in the U.S. (and likely in the world) than any other man-made
device, including firearms. Whether folks are driving drunk or not is
irrelevant. I do believe that the last time I checked, more people are
killed by unimpaired motorist than by those who are.
>>Again, you're not being put in jail. They're saying, "I don't want you
>>calling me". Tell me.. Anyone here have a caller ID block on unknown numbers?
>
>
> But I am not an unknown number - all my mail comes from kinz.org. I am
> available to be held accountable for my emails.
> (And I have been, believe me :-) )
>
> At the very least AOL should accept SMTP from registered domains. I can
> understand not accepting it from semi-anonymous dynamically assigned IP's.
Ah, yes, but see my previous message. You are probably in violation of
your ISP's TOS for registering a domain on their IP block. To most
people's thinking that constitutes running a server. It's the only
reason you'd want to do so.
>
>
>>I'M BEING REPRESSED! I'M BEING REPRESSED!
>
> (Come see the violence inherent in the sys-admin! :-)
> (http://www.userfriendly.org/cartoons/archives/99mar/uf000427.gif)
I prefer BOFH. It's closer to how we sysadmins actually feel.
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=BOFH&btnG=Google+Search
>
>
>
>>>Yes it works for companies, but then companies are entities that make
>>>conscious, well informed decisions to let people die because the
>>>cost of the lawsuits is calculated to cost less than changing a design
>>>defect that left the gas tank filler neck of the Ford Pinto just a
>>>wee bit too short. I don't think we want to follow that kind of lead
>>>as an example of principled behavior.
>
>
>>Oh my GOD man. They rejected your SMTP email. Shesh. Since the protocol has
>
>
> :-) I'm not comparing the magnitude of immorality in the Pinto decision to
> AOL decision to block residential IP's. I'm saying its the same KIND of
> thinking, "We don't care who gets hurt, we are maximizing profit".
Ah, yes, but AOL and its customers would be hurt if they didn't make the
decision that they made.
>>.... Since the protocol has
>>no built in method of authentication, this is the best they can do. You can
>>either eat spam, or do something like this. Period.
>
>
> Hmmm - I don't eat spam - I use Bogofilter.
>
> So lets change the protocol!
Well, there's not way to change it that would truly be effective, if you
ask me. What ever authentication method you use will be broken before
long. You will simply increase the stakes, and thereby make a more
attractive target for spammers. You'd also create a new class of
criminals who have broken whatever authentication scheme you've created.
There would be a black market for cracking tools, and most people can't
be trusted to operate their computer responsibly, so adding another
layer of responsibility on them will not help the situation, it will
only make it worse because now there's another potentially exploitable
layer, but now that layer is somewhat trusted, so the stakes are higher
and the prize is even more attractive, and the outcome of it being
broken more catastophic for the system and for the individuals in the
system.
I think of the war on drugs as a good example. The law enforcement
approach simply exacerbates the problem. Study the history of
Prohibition for what I'm talking about.
>>>The reason AOL is blocking
>>>those IP's is its easier than actually blocking the spammers.
>>>But its wrong. Its breaks the internet, a little bit and begins
>>>the whole kit and kaboodle sliding toward the day when all email
>>>and web services MUST go through an AOL/ISP approved node.
>>
>>They are blacklisting addresses of known open relays. They are refusing to
>>deliver pizza to an area where people are known to allow attack dogs to freely
>>roam the streets.
>
>
> Again - that doesn't fix the problem. It allows it to grow and get worse.
It might, but it is a good short term policy. Perhaps, if the people who
live in that neighborhood get so pissed at no being able to get their
delivery pizza, they'll do something to get the drug dealers out. (Don't
get me started on drugs and U.S. policy, 'cause I won't stop.) People
are responsible not just for themselves, but for the places where they
live. If you don't like your neighborhood, you can move or take positive
steps to change it. Nobody said that life would be easy.
>>>That must never happen but all the large ISP's would like it to.
>>>Does anyone think that AOl would never try to act like some of the other
>>>large monopolistic companies?
>>
>>Could very well be. But this is one move that, while being annoying as all
>>hell, is a viable attempt to securing something.
>
>
> It "secures" a huge block of innocent peoples internet nodes. Just to get
> relatively few poorly secured systems. How about we sue the hell out the
> people who have open relays and get it well publicized?
>
> "Gee - if I don't take care to make sure my system can't relay mail it could
> cost me thousands of dollars? I'd better do something!" I wonder if Norton
> has a $35 tool for this? (from the brain of a Wintel PC owner)"
This will never happen. People and organizations do things all the time
knowing that they could possibly be sued or could suffer catastrophic
losses. Witness all the people who use Microsoft software, particularly
Outlook. Witness all the companies that blatantly break the law, and get
away with it. People have the "it will never happen to me" attitude.
They always think they'll catch the other guy, or it will happen to
someone else and not to themselves.
>>You know.. The same reason why some here always include their PGP signature
>>to validate identiy?
>
>
> Or some don't because its not yet widely enough participated in to be
> worthwhile. It needs to become a mandatory part of the mail transport
> protocol.
No, this actually makes things worse. (See above and see my previous
message.) Perhaps, I should sit down and write a little think piece
expressing my thoughts on the matter.
More information about the gnhlug-discuss
mailing list