Monday, October 31, 2005

While I am in disagreement mode with Brits...

I have to disagree with my buddy Richi's preference for governmental involvement in getting ISP's to work on the "bot" problem. We generally agree on technology issues and this case is no different. We agree about the technology solutions, I just disagree that the free market isn't capable of enforcing them.

His post, entitled "Governments should offer ISPs incentives to clean up zombies" is entirely correct on the technical assessment of the problem. What I disagree with is that the government needs to get involved.

The problem, stated well by Richi is:
Most spam is sent by zombies -- PCs infected with viruses, which allow spammers to remotely control them.

There are two things that come to mind when I read this statement.

1. If we could just convince the world to get off of the Microsoft operating system, and in this case Outlook as an application, the world would be a better place.
2. The ISP and corporate partners could eliminate this problem quite easily.

I have a significant personal bias on both, just for the sake of professional disclaimer.....

SPs are in a great position to slash the number of zombies operating today, so why the lack of action? Basically, ISPs have little incentive to identify zombies and help their users clean up their PCs. It requires an investment in time and technology for which there's little payback in their business model. Margins are razor-thin in a competitive, commodity marketplace. Few consumers will choose an ISP based on how good they are at cutting off infected PCs.

This is where we disagree. Most of my customers in the large ISP space and a remarkable number of the large corporate customers and government customers recognize that they have a roll to play in limiting the effect of "spam bots" as we call them and "zombies" as Richi does. There are a few small steps that all large mail carriers should be doing. Smaller carriers have an obligation to the Internet community to decide when they become targets and act accordingly.

What are those steps?

1. Publish a list of their IP address space and the IP addresses of their outbound mail servers.
2. Force customers/users to do authenticated send to their outbound routers.
3. Prohibit customers/users to send to the standard SMTP ports, with the exception of the published list of authenticated outbound servers defined in #1 and #2. My ISP does not need to prohibit me from sending via .Mac as it has a known IP list and requires authentication to send, as an example.
4. Prohibit inbound messages from IP addresses that are contained within #1 but are not coming from authorized outbound SMTP sender IPs as described therein.
5. Monitor the send rate of customers (authenticated) and shut down access to customers who exceed reasonable limits until they phone in and the ISP can verify that the sends are not "spam".
6. Blacklist IP carriers that do not follow the above steps and generate significant amounts of "spam".

Many of my customers (meaning large ISPs and large corporations) in the email space have enacted most or all of the above without government intervention because it is bad business to do otherwise. If you are blacklisted for being an open relay or a source of spam bots it has very real consequences to a public or private carrier. This is both the carrot and the stick. If you play nice we will respect and trade with you. If you do not, we will punish you into submission.

In my experience the large ISPs are some of the most proactive entities on the planet in trying to prevent you from being spammed.

BTW, I am still waiting to comment on this post of Richi's. For the wierdos out there who are into our inside baseball, I will comment after he publishes the second half. I agree with most of what is in the article and I don't want to expound on it and then find that my "extension" was part of his second half.


Post a Comment

<< Home