Why does this group have so much spam?

David 71david at libero.it
Wed Sep 2 15:53:15 EDT 2009 

Il 02 Sep 2009 00:17:05 GMT, Steven D'Aprano ha scritto:

> This can be done already, without the need for an email tax. ISPs could 
> easily detect spammers, if they cared to.
> 
> There are a few things that can already be done to cut the spam problem 
> to manageable size:
> 
> (1) Why aren't ISPs blocking port 25 for home users by default? My home 
>[...]

> (2) Why aren't ISPs cutting off detected spam bots? Owners of zombied PCs 
[...]
 
> (3) ISPs who won't cut off spam bots are either incompetent or have a 
> financial incentive to do business with spammers. Therefore, responsible 
> ISPs should cut them off. If this means the email universe divides into 
> two halves, the Wild West where 999 emails out of every 1000 are spam, 
> and Civilization where only one in a thousand is spam, I'm okay with that.

I don't know ISP's internal dynamics so I can't imagine what kind of
financial incentive they have with spammers, AFAIK ISPs must sustain costs
to augment their infrastructures to face this huge amount of traffic, costs
charged on the subscribers monthly bill. At first this conduct can appear
convenient but higer fares lead to reduced competitivity on the market.
There are opposing forces that I can not interpret, so can not give an
answer for that.

> 
> As for the argument that home users who send spam are the victim, that's 
> true up to a point, but not very far. Here's an analogy: suppose that 
> terrorists sneak into your house after picking the lock -- or in the case 
> of Windows users with no firewall or anti-malware, stroll through the 
> unlocked front door -- and spend the next six months camped in your spare 
> bedroom, using your home for their base of operations while they make 
> terrorist attacks. When the FBI kicks your doors down, don't you think 
> you would be arrested and would have to prove that you couldn't be 
> reasonably expected to know they were there? If millions of spam emails 
> are coming out of your PC, that's prima facie evidence that YOU are 
> spamming. You would need to prove that you're an innocent victim who 
> couldn't *reasonably* be expected to know that your machine was hijacked 
> -- you would need to prove that the spam bot was so sophisticated that it 
> infected your PC despite the firewall, that you didn't install it 
> yourself in order to get some stupid game, that no commonly available 
> anti-malware program detects it. Anything less than that is *at least* 
> negligence, and possibly willful negligence.

Mmh, sounds like a presumption of guilt. I wouldn't go so far on this way.
The metaphor of terrorists in the bedroom applies up to a point. While it's
evident that you can not be unaware of people living in your home, modern
malware is made to be silent to the infected computer, so it's a hidden
menace and not so evident.
You are depicting a situation where the owner is perfectly aware of whats
happening on his machine, but this is not always the case. I agree that
ignorance is not an excuse but I wouldn't use the harsh manners at first.

I think that the owner of the infected computer should be warned by his ISP,
who can easily monitor the amount of traffic, and being induced to take
countermisures. If that warning is an amount of maney to pay proportional to
mail generated, I'm confident that it would be 'inducing' enough.

After that the situation can develop only in three possible ways:

1) the owner takes appropriate countermisures proving his innocence (but he
must pay the mail-tax for the period of infection!)

2) the owner takes no countermisures and pays the tax: it's very likely he
is a spammer and we can start the assault with tanks

3) the owner takes no countermisures and doesn't pay the tax: well, It's up
to you to choose the action to take towards him.

[...]

> Yes, I'd like to see the criminals, the malware authors and the spammers 
> punished, but I'd be satisfied to see them put out of business. The weak 
> link is the zombie PCs -- fix the home users' PCs, or block them, take 
> them off the Internet, and spam becomes manageable again.

	
you got the crux of the matter.

regards
David

More information about the Python-list mailing list