AOL now rejecting mail from Comcast residential IPs.

[Jason Stephenson]

Jeff Kinz wrote:
> The emails are getting tooo long - I'm condensing from here on in. 
> 
> On Mon, Mar 31, 2003 at 12:09:12PM -0500, Jason Stephenson wrote:
> 
>>No. You can still send them mail. You just must use another method. 
> 
> 
> If I am not spamming why can't I use the methods explicity approved by the
> IETF?  Why must I change my method because one or two ISP's refuse to
> behave in the proper cooperative fashion that has been the standard of the
> internet since its inception?

You can. You just can't send mail that way to AOL. AOL has made a choice 
that they have every right to make. Now, you just have to live with it.

> You are correct, the spam does more damage than blocking IP blocks.
> but blocking IP blocks does nothing to change that and it 
> 
> 'Harms the innocent to punish the guilty".  I don't believe in allowing this.

Harming the innocent to punish the guilty happens all the time. This is 
why I am against law enforcement regimes applied to spam. There are too 
many innocent people in our prisons, we don't need more.

Look, I still fail to see how you are harmed by AOL's decision. You can 
send mail to AOL's customers. You can still send mail to the majority of 
email servers on the Internet. Is your life in danger? Does it 
jeopardize your health or welfare?

> 
> On Mon, Mar 31, 2003 at 12:09:12PM -0500, Jason Stephenson wrote:
> Condensed" AOl is not part of the internet , they are a gated community"
> 
> AOL's community IS part of the internet but this action is restricting the
> spontaneous flow of communication to the endpoints of that part of the
> network.
> 
> Restricting that flow will prevent emergent characteristics from 
> coming into being.   What AOL is doing is retrictive.  In order
> for the network to be valuable the communications must be as uninhibited
> as possible.
> 
> Your claim in the next paragraph that "requiring AOl to accept mail from all
> IPs" is restrictive is so wrong it boggles me.
> 
> How can unconstrained connectivity be restrictive?   Is black white and white
> black? Did I wake up in Alice in Wonderland this morning?

You may have, this is a LUG mailing list after all. :-)

> 
> 
>>As for emergent behavior, what I learned in AI class was that emergent 
>>behavior is the appearance of intelligence in a larger system composed 
>>many agents each acting in their own self-interest or according to their 
>>own programming. They are not programmed to cooperate in any particular 
>>manner, though they may be allowed to interact in many diverse ways. By 
>>imposing this rule upon AOL, "thou shalt accept mail from all IPS," you 
>>are actually imposing an artificial restraint upon the system. You're 
>>interfering with the emergent behavior of the 'net more than is AOL. 
> 
> 
> 
> 
>>AOL, as even the small part of the 'net that they are, is participating 
>>in the emergent behavior of the 'net. Their decision to block IP 
>>addresses is just a part of that behavior.
> 
> No - their behavior is killing a small portion of the net and making it less
> valuable and less emergent.

I think your whole argument on "emergent" behavior is specious at best. 
I'm merely throwing it back in your face. When talking about emergent 
behavior, you're talking about a system with agents each acting 
independently. These agents perform actions which lead to other actions 
and reactions in other agents. The idea is that without any intervention 
from outside, these actions self-organize into behavior that appears to 
be intelligent. It really has no place in this discussion, but if you're 
going to insist then I'll argue it with you.

I'm looking at the Internet as the whole of the system, all of the 
users, ISPs, software, protocols. Each one is an agent acting within the 
system. One of those agents, AOL, has made a decision which affects 
another agent, Jeff Kinz. Now, Jeff Kinz appears to want an outside 
agent to stop AOL from behaving that way. This intervention would wreck 
the dynamic of the Internet as I see it running. AOL as an agent is free 
to behave as it pleases. Scientifically, there is no "harming" of 
emergent behavior. Agents operate as agents operate. Their behavior is 
either viable or it isn't.

Don't get too carried away with some of the theoretical stuff you read 
in books. We don't live in a theoretical construct, but in the real 
world. "Emergent behavior" is just one term used to describe phenomena 
that scientists believe they have observed in nature and in some digital 
an mechanical systems. Nothing more, nothing less. While it has become 
some scientists' pet project and they think it explains everything or 
that it is absolutely wonderful, just remember that as a scientific 
notion it is neither good nor evil. There is no limiting of emergent 
behavior. It emerges from the ineraction of various agents. People get 
in trouble when they try to apply this stuff to real life, and then make 
value judgments one way or the other, assuming that some things are 
going to harm emergent behavior and other things will promote it. 
Emergent behavior happens regardless of what you do or don't do to 
promote it or hinder it. In fact, trying to promote it or to hinder it 
implies a misunderstanding of the underlying concepts involved.

>>Anonymity has a price. Identity has a price. You can't have it both 
>>ways. I understand why you want PGP authentication on mail servers, it 
>>makes sense. However, PGP would then have to be tightly integrated into 
>>the 'net and most 'net applications, not just email. 
> 
> No - just email.  Why would other apps need it? 

Because businesses and gov't will demand it. If you could authenticate 
SMTP, then why not authenticate HTTP, FTP or any other protocol? Now, we 
can know who's looking at child porn, we know who to charge for the 
streaming video of Dr. Strangelove, we know who's looking at porn, who's 
reading the Al Qaeda site, and who's reading the Mormon web site. This 
would be so useful and so profitable to gov't and business why stop at 
just email? Why not just build it into IPv8 and make it a requirement 
for everyone? Yes, IPv6 is starting in this direction slightly, but it's 
a long way from that.

> 
> 
> 
>>Most folks seem to 
>>have problems with the relatively simple protocols that we have now. 
> 
> 
> Most of the internet seems to work "well enough". as soon as there is 
> an artistic license source implementation of a properly working 
> authentication system that ability could be fairly quickly added
> to the internet. Probably even faster than IPV6 :-)

True, but now, you're requiring people to learn PKI, if that's the way 
you want to go. That's a bit more complicated that typing a credit card 
number into a web form. People will not want to learn PKI and remember 
outlandish pass phrase just to send email.

>>Well, you signed their TOS, or at least agreed to it when you signed up 
>>for service. 
> 
> Yes I did.  And I am in compliance with my TOS.  But AOL is still
> causing harm to me and others

AOL is not causing you harm, and it has nothing to do with your TOS. 
They are under no obligation to accept mail from anyone, not even you. 
You can send them mail through another method, I suggest you use it. If 
you're writing a Perl script, use Net::SMTP to connect to your mail 
providers server instead of calling sendmail to send it from localhost. 
It's very easy to do.

>>One could argue that "no servers" means "no server 
>>protocols." IOW, don't use your computer as if it were a server, even 
>>though it isn't.
> 
> 
> I'm not - A protocol does not a server make.  

True. I misspoke when I typed that. What I was thinking when I typed 
that was not expressed very well. After thinking about it, I didn't mean 
what I thought I was going to say.

Anyway, I just realized that a lot of online gamers are probably 
violating their TOS, since some of that software acts as a server, too.

>>>Do we take away everyone's car because drunk drivers use them too?
>>
>>Actually, I think we should take everyone's car because, in my 
>>experience, most people are incapable of operating them safely. Also, 
> 
> Statistically, almost all people do operate them safely almost all
> of the time.  Consider that.

True. The car thing is off the mark, anyway.

>>>>Again, you're not being put in jail.  They're saying, "I don't want you 
>>>>calling me".  Tell me..  Anyone here have a caller ID block on unknown numbers?
>>>
>>>
>>>But I am not an unknown number - all my mail comes from kinz.org.  I am
>>>available to be held accountable for my emails. 
>>>(And I have been, believe me :-)  )

Actually, you might be an unknown number if your ISP says your in a 
dynamic pool, even if it isn't implemented that way. I just thought of 
this now.

>>>
>>>At the very least AOL should accept SMTP from registered domains.  I can
>>>understand not accepting it from semi-anonymous dynamically assigned IP's.
>>
>>Ah, yes, but see my previous message. You are probably in violation of 
>>your ISP's TOS for registering a domain on their IP block. To most 
>>people's thinking that constitutes running a server. It's the only 
>>reason you'd want to do so.
> 
> 
> Actually I want to maintain and control my own email identity.  Now it will
> never have to change.  And again - I am not in violation of MY TOS.

Yes, but it isn't *your* IP number. It was assigned to your ISP. If they 
don't want you to register a domain name to it, they could terminate 
your agreement if you do. Even if your TOS doesn't explicitly state 
this, they would likely pull the old no servers thing and use the domain 
name registration as evidence that you're running servers. That's my 
point here.

Unless your ISP says its OK, I'd be careful about this. This is the main 
reason I went with the ISP I did and chose DSL over cable. The two ISPs 
that I've had for DSL, both here and in KY, basically said, you're 
paying for the line, you do what you want, and they said it in writing.

> 
> 
>>Ah, yes, but AOL and its customers would be hurt if they didn't make the 
>>decision that they made.
> 
> hmmmm - I'm going to undamage myself by causing harm to innocent parties
> instead of going after just the people who harmed me.
> 
> Nope. This fails the simplest morality check.

But how are you or innocent parties being harmed? Quantify the damage 
and we'll talk. I'm sure AOL can very easily put a price on what spam 
costs them. Can you put a price on what it costs you to use another 
server to send mail to AOL? I know there are other ways to measure this 
than money, but money is all a court is going to care about.

> 
> 
>>>>.... Since the protocol has 
>>>>no built in method of authentication, this is the best they can do.  You can 
>>>>either eat spam, or do something like this.  Period.
>>>
>>>
>>>Hmmm - I don't eat spam - I use Bogofilter.
>>>
>>>So lets change the protocol!  
>>
>>Well, there's not way to change it that would truly be effective, if you 
>>ask me. 
> 
> I disagree, I think it can and will be done.
> 
> By simply rasing the cost of entry to sending an email using something like
> camram (http://camram.org)  or a public encrypted sig system you destroy 
> the economics that make spamming a profitable activity, without raising so
> much that it stops legitimate users from sending email.
> 
> Yes it does increase the cost of email, but no matter what method is used
> stopping spam will have a cost to it.

Certainly. Everything has a cost. I think part of the problem we're 
having in this discussion is that we're looking at the world from two 
very different points of view. You seem to see the world as black and 
white, good and evil, harmful and not harmful. You seem to see these 
things as absolute, as was implied by your Alice in Wonderland remark 
above. In other words, what is bad for one person is bad for all and 
what is good for one is good for all. I don't see the world this way at 
all. Of course, there is good and bad, but what is good for one isn't 
always good for all. Any action that you take is going to harm somebody 
somewhere. Everything has both good and evil in it. There is nothing 
that is absolutely good or anything that is absolutely bad.

With your proposed changes, you will harm innocents along with the 
spammers. It's a compromise. Everything is a compromise. You just don't 
happen to like the current compromise because it seems to affect you 
more than it affects others. I see your proposed compromise as doing 
more harm than the present one, because it will affect far more people 
than just yourself or the handful of people who want to make direct SMTP 
connections to AOL from their blacklisted IP. This is a matter of 
perception.


>>What ever authentication method you use will be broken before 
>>long. You will simply increase the stakes, 
> 
> It doesn't have to be perfect, it just has to make it a little bit harder.
> Once the economics are changed spamming stops by itself.

Yes, this is true. Right now, almost the entire cost of spam is born by 
the recipient. To a lesser extent, this true of legitimate email, too.

I was interrupted while writing this email. I started it over an hour 
ago. Anyway, I'm bowing out now. It's clear we disagree. Which is fine.

> 
> 
>>attractive target for spammers. You'd also create a new class of 
>>criminals who have broken whatever authentication scheme you've created. 
>>There would be a black market for cracking tools, and most people can't 
>>be trusted to operate their computer responsibly, so adding another 
>>layer of responsibility on them will not help the situation, it will 
>>only make it worse because now there's another potentially exploitable 
>>layer, but now that layer is somewhat trusted, so the stakes are higher 
>>and the prize is even more attractive, and the outcome of it being 
>>broken more catastophic for the system and for the individuals in the 
>>system.
>>
> 
> 
>>I think of the war on drugs as a good example. The law enforcement 
>>approach simply exacerbates the problem. Study the history of 
>>Prohibition for what I'm talking about.
> 
> I think we agree about this.
> The war on drugs is failing for simple economic reasons.  Selling drugs pays
> so well that the financial reward overcomes all the negative incentives.
> To win the drug war remove the financial incentives.  Put our government
> in charge of selling the drugs, make sure they are available cheaply.
> Don't allow any pro-drug advertising. Use all the profits (if any) to
> pay for campaigns against drug use.  Per Capita consumption rates of 
> alcohol and tobacco are dropping in the US because of similar techniques.
> 
>