Re: Points on your Internet driver's license (was RE: Even you can

[Owen DeLong <owen () delong com>]

As I said earlier in private mail to John, I think this will only work if
the reporting is done on indivuduals, not companies.  For non-corporate
business entities, the president of the company should be used as a stand-in
for the company.  For corporate business entities, the CEO or chairman of 
the
board should be used.  I'm betting that spammers will rapidly run out of
people willing to forego future internet access in the name of continuing
their business fairly rapidly.

Owen


--On Sunday, June 13, 2004 1:14 PM -0400 John Curran <jcurran () istaff org> 
wrote:

> Paul,
>
>    Actually, credit agencies don't have a single standard for what
>    "bad" is; they are obligated to only keep factual data (as can
>    be best determined) in the files.   When you cause a credit
>    report to be checked, one or more algorithms are used to
>    score your credit, but the algorithm used is up to the particular
>    inquirer and credit bureau.
>
>    It's not that hard to make this one work for spammers, but you
>    need some key pieces to all be in place:
>
>    1.  Common definition for what information is kept
>    2.  ISP's need customer contracts which allow reporting of
>         incidents and terminations to any/all such bureaus
>    3.  ISP's need to figure out how to handle a "new" site
>         which has no listings.   Spammers already figured out
>         that some ISPs do D&B credit checks, and have gotten
>         very good at appearing as a new "startup" a week later.
>
> /John
>
> At 4:50 PM +0000 6/13/04, Paul Vixie wrote:
> > owen () delong com (Owen DeLong) writes:
> >
> > > Perhaps what is needed is a reporting agency, similar to the credit
> > > reporting agencies, where ISPs can register chronic problem-customers.
> > > Eventually, your internet credit rating deteriorates to the point that
> > > no ISP will offer you service.
> >
> > it is with some discomfort that i watch the last decade or so of ultimate
> > final solutions to spam be rediscovered on a sleepy nanog weekend.  the
> > reason the above analogy fails to hold (and why that proposal isn't a
> > solution) is that credit reporting agencies have an established standard
> > for what "bad" is -- days overdue on payments.  there is no similar
> > standard for a tcp/ip endsystem, and there can be none.  a week doesn't
> > go by without some goober-with-firewall complaining that f-root is
> > portscanning him.  as112 gets it every day at least two or three times.
> > someone else here reports that his squid proxy is regularly reported by
> > norton's tools because it sets unusual bits in the tcp header.  and so
> > on.
> > --
> > Paul Vixie



--
If it wasn't crypto-signed, it probably didn't come from me.

Attachment: _bin
Description: