COX blocking own users outbound email

[Ben Scott]

On 9/3/06, Jeff Kinz <jkinz at kinz.org> wrote:
> Thanks for responding Ben. <Grin> I was expecting you to.

  Who, me?  ;-)

> Especially (IIRC) you work inside the ISP business you are bound to have
> specific technical insights about why these things can't be done.

  I've worked in and near the ISP business, as well as a BBS operator
in an earlier time, and I'm still a private network operator (more on
that later in this message).

>>   Isn't it supposed to be poor form to cross-post controversial subjects?
>
> No.  This is a long running thread that has been present in both of these
> email lists literally for years.

  Ah.  Fair enough, then.

> The problem here is that we have a business running part of the public
> infrastructure.  Sadly, human nature being what it is, this never works
> out for the best.

  "Public infrastructure" is defined how, exactly?  Serious question.
The longer I think about it, the trickier it becomes.  I certainly
think that the Internet should be considered *something* more that a
bunch of private networks, but how?  Just because it sees use by many?
 Well, so does Wal-Mart, but I wouldn't call it public infrastructure.

  Another point: History is certainly littered with examples about how
large businesses abused the public trust.  On the other hand, "never"
is a bit strong.  Not every such situation is a failure.  A good
example would be package and freight delivery.  Many argue the
commercial organizations do a much better job at package delivery than
the USPS.  We see two large organizations (FedEx and UPS), a mid-sized
org striving to catch them (DHL), and a multitude of independent
operators.  This industry remains a vibrant, healthy commercial
ecosystem -- an example of capitalism at its best.  Why is that, when
the telecom industry fails so miserably?

  My choice of industry is not an accident.  As you note in your own
post, telecom infrastructure bears a striking resemblance to our
highway system, except that the telcos own both the highways *and* the
vehicles which travel upon them.  Many have put forward the idea that
perhaps we should try and make the telecom industry more like the
highway system, where a government-granted monopoly manages the
roads/wires, and the free market competes in the space of
vehicles/service-on-the-wires.  The telecom term for this is
"structural separation"; you can Google for it.  My own opinion is
that this has a better chance of working than many other ideas I've
seen put forward.

  Of course, one need only look to Boston to know that
government-managed facilities don't always play out well, either.

> The business never chooses to run the infrastructure
> in the way that is in the best interests of the people it serves.
>
> In fact officers of a public company could possibly even be sued if they
> did so, since it would cost money and that could be in conflict with
> their fiduciary responsibility to their stockholders

  For that case, the usual answer is that the long-term interests of a
company are better served by giving customers what they want, rather
than taking advantage of them in the short-term.

> The supposed choice implied by "If you don't like it, go somewhere
> else." is non existent.

  That is a problem.  Any time you have that situation, you are going
to have problems.  Net Neutrality and email blocking are just a few
examples in a long list of problems associated with telecom
monopolies.  Even if we "solve" those problems with legislation, we
will only end up fighting different battles again tomorrow.  As I have
stated before, I feel we should go after the cause -- the unhealthy
telecom market -- not perpetually treat the symptoms.

  Of course, the question of what to do about the telecom market is
not an easy one to answer, either.

> Why do you think the cable/phone duopoly HATES Muni-Wi-Fi projects so
> much? :-)  They could lose their monopoly!

  Indeed.  And you expose the other side of the coin: Anyone who has
two computers hooked together is a network operator.  I'm at network
operator at home.  I provide Internet service to my apartment.  I'm a
network operator at work.  I provide Internet service to a whole bunch
of corporate workstations.  If you have ever plugged an Ethernet cable
into a router, then you, too, are an ISP.  Keep that in mind.

>>> (When they took the Jews  away I kept quiet because I wasn't a
Jew, when they
>>> took the teachers away I kept quiet because I wasn't a teacher...)
>>
>>   Can I invoke Godwin's Law here?  (It was trade unionists who came
>> after the Jews, BTW, not teachers.)
>
> OK, unionists..
>
> Removed from its context, doesn't respond to the point, and doesn't
> make any other point either? why put it in? (I mean if it was funny or
> something I could see it, but..)

  I was attempting to highlight your use of "reductio ad Hitlerum",
and also trying to make a subtle point on applicability of commentary
to a discussion.

  It appears I failed in my attempts.  I am sometimes guilty of being
far too abstruse.

> The point of the original context was that history has shown, many
> times, that if you let a small group of people get persecuted for unfair
> reasons, you are enabling the persecutors to do it to whomever they
> want for any reason and get away with it.

  I understand the message of Niemöller's poem very well, thank you.
My objection is your application of it to the situation at hand, which
is rather different.

> While not a cataclysm like WWII, recent events, SBC stating they will
> charge content providers like Google, yahoo, youtube; twice for carrying
> their bits over the internet; show that this is happening.

  Ho hum.  While I certainly do not defend the big telcos, the picture
you paint isn't quite accurate, either.  See previous discussions on
this list.

  Short version: Different operators have different demands, both in
terms of service and bandwidth.  It is not completely unreasonable to
expect them to pay different rates.  Concrete example: www.gnhlug.org
and www.google.com have radically different impacts on transit
bandwidth.

>>> The answer is the same as it was years ago.  When a user misbehaves and
>>> their connection provider doesn't take care of it, the other connection
>>> providers cut them off from the internet completely.
>>
>>   Interesting.  So when a single given ISP does not provide port 25
>> outbound, that's evil censorship, but if all ISPs block everything
>> from an entire ISP, that's the way things are supposed to work.  Huh?
>
> Stopping illegal behavior is "Censorship" ?  I'm talking about illegal behavior,
> and enforcing the restriction of that behavior.

  Enforcing an IDP kills all of an operator's downstreams, not just
the offender.  That is considered an "acceptable loss" by proponents.
Blocking port 25 outbound kills anyone who was operating their own MX,
not just the spambots.  That is considered an "acceptable loss" by
proponents.  Arguably, an IDP is the greater evil, as the bulk of port
25 outbound traffic from dynamic customers *is* spam, while
(presumably) the bulk of an operator's downstreams are not spammers.

  It should be pointed out that the IDP is alive and well -- just in a
form you don't recognize.  There are plenty of "zero tolerance"
blacklists which list entire netblocks at the first sign of spam.  Of
course, those who use such blacklists as sufficient justification for
blocking are nearly universally decried.  It turns out the death
penalty isn't too popular online, either.

> Not, as has already been done by some ISP's, restricting
> their customers access to websites whose politics are in opposition to
> the ISP's politics. (Rogers Cable, Canada IIRC)

  You've moved from blocking port 25 outbound to something else.  Stop
redefining the conversation in progress.

> Instead of having an eternal policy of "Harm all innocent users" which is
> the current ISP standard ...

  I find that statement downright offensive.  Many of my colleagues
would as well.  That's as much a reply as I will give it.

>>> In the "old days" a college's IT department had a budget, they spent it.
>>> done.
>>
>>   In the "old days", using the Internet for commercial purposes was
>> forbidden, and it was basically an ivory-tower research network.  When
>> one opens the doors to the world, one has to realize that the bad will
>> enter with the good.
>
> So a mixture of commercial and personal activities can't be well behaved
> or regulated?

  No.  The point was that the Internet of old bears almost no
resemblance to the open network of today.  Commercial use was simply
forbidden, which made regulation a hell of a lot easier.  It was
*hard* to get on the 'net in the "good" old days.  Maybe you don't
remember, or weren't there (I don't know you), but I'm not so young I
can't remember the "good" old days of paying hundreds of dollars a
month for a 9600 BPS dial-up connection.

  In practice, the "old Internet" was much more like a "good old boy
network" then the open network we have today.  Think "gated
community".

> Because of that, sometime down the road, they
> will lose the benefits of being part of a duopoly because eventually a
> true public network infrastructure will be built.

  Absolutely.  Given enough time, all problems become self-correcting.

>>   It's a tough situation to be in.  Vast amounts of spam originate
>> from all over the place.  Presently, in many cases, this spam
>> originates from compromised machines, which together are operated by
>> the vast majority of Internet users.  Do you suggest we IDP everybody?
>
> Nope - an effective solution to zombied systems is easy to implement
> and very very precise.
>
> My log files identify thousands of unique IP's attempting to attack my
> system thru various means. These attack vectors are easily identified.
> I have, at various times, reported these IP's and the times of their
> attacks back to their ISP's.  Nothing was done.

  Something was done.  They blocked port 25 outbound.

> If the ISP simply disabled those accounts ability to connect to anything
> but a web page saying "your system has been taken over for illegal use.
> Please get it fixed and then contact us by ..." they could
> easily shut down all the zombied systems until they had been cleaned.

  Are you willing to have the price you pay for your Internet
connection increase by an order of magnitude or more?

  Support is, by far, the most expensive part of being an ISP, and if
you cut people's connections in the manner you describe, all you'll
accomplish is unleashing a flood of support calls which makes Noah's
little rainstorm look like a tempest in teapot.  You're asking ISPs to
educate the entire world.  That will cost a lot of money.  Are you
willing to foot the bill?

>>> Further it would impact peering contracts and SLA agreements where
>>> applying the IDP would mean breaking committed, legal contract
>>> terms.
>>
>>   Bullshit.  Just about any agreement (SLA, TOS, AUP, etc.) already
>> has exceptions for activity which harms the operator's network.
>
> Oh, good. Well then, shut off the offending ISP's even if you have
> peering agreements with them.  I'm sure you won't get sued. :)

  Suddenly you're a pragmatist operating in the real world, where
things like customers and lawsuits matter.  Where did that come from?
;-)

-- Ben