Did you actually read that, and the sources it cites, before posting it? If you had you might have noticed that it's full of the worst kind of junk stats. Several of the sources cited, the ones that supposedly support your arguments here, don't even say what the piece you linked claims. They literally have completely different numbers. Not that it matters since there is no indication of methodology used and the exact figures are clearly impossible for anyone to measure accurately. Some of the other "sources" are just links to organisation home pages without identifying any specific research or analysis at all.
If 90% of all the messages in your inbox were spam how long would you continue to use it?
As someone old enough to remember the time when that was actually the case, obviously we managed. But this is distorting the argument again because you are implying a false dichotomy where the alternative to overly aggressive blacklisting policies such as you advocate is all of the spam reaching our inboxes. Clearly that is not realistic as less aggressive defences are still highly effective and have consistently been so for a long time.
No one can force anyone to do anything.
Really? Then where can I sign up for a mail service that will reliably deliver both my incoming and outgoing legitimate messages without undue monitoring or interference with my own business? I contend that possibly no such service currently exists.
Personally, I'd prefer to hold them to the same standards as everyone else, but the problem of the largest players throwing their weight around giving them unfair advantages exists in every industry and until someone comes up with a solution for it, we're all just stuck playing along.
Which is exactly why some of us are in favour of statutory regulation to compel anyone participating in such an important technological ecosystem to be a good citizen.
So your alternative to blacklists is just more blacklists that are run better?
I don't believe I have ever suggested anywhere in this discussion that using blacklists to block traffic from proven spam sources was unfair or inappropriate. My objection, which seems to be in line with the submitted article, is to big mail services that think spraying fire into a crowd of 250 indefinitely because there was once one bad person there is a reasonable response to the problem. There is huge collateral damage being caused and the defenders of this policy are trying to sweep it under the carpet and use highly debatable arguments of necessity to justify their damaging policies.
This is not the best system we have. That's the point being made here.
> As someone old enough to remember the time when that was actually the case, obviously we managed.
I'm also old enough to remember that and we managed by blocking huge amounts of IP space. Even massively popular services like AOL have blocked the IP space of entire ISPs or entire countries from being able to send them email. Eventually spam filtering improved, things like SMTP auth, DKIM etc caught on and wide range blocking could be scaled back somewhat, but I doubt it will ever go away entirely.
> Really? Then where can I sign up for a mail service that will reliably deliver both my incoming and outgoing legitimate messages without undue monitoring or interference with my own business?
Use your own servers and you can do whatever you want. Again, you can't force others to accept email from your mail servers, but you can choose to accept or reject whatever you want from others. No one can stop you from sending mail from one mail server you own to another mail server you own.
> Which is exactly why some of us are in favour of statutory regulation to compel anyone participating in such an important technological ecosystem to be a good citizen.
You can't really regulate the internet. If you could enforce regulations on a global network made up of discrete but interconnected networks we could just make spam, phishing, and hacking illegal on the internet, enforce that law/regulation and there would be zero need for blacklists. Because laws and regulations don't work on the internet we instead have to come up with blacklists, filtering technology, and other tricks to keep the internet even semi-functional.
> My objection, which seems to be in line with the submitted article, is to big mail services that think spraying fire into a crowd of 250 indefinitely because there was once one bad person there is a reasonable response to the problem
It's the only one that works. I've seen with my own eyes ISPs who didn't care enough to invest at all in abuse handling, but were forced to because of being blacklisted and in order to keep their customers they had to clean up their network, pay attention to abuse notices, participate in feedback loops, and slowly rebuild and maintain their reputation as responsible network operators.
If you limit blocks to individual IP addresses than spammers just cycle IP addresses. ISPs that ignore anything sent to their abuse@ address (if they even have one) never have any pressure to invest in preventing spam and can just keep accepting money from spammers and hackers and give them new IPs whenever they need to.
IPv6 makes the problem much much worse since a single spammer would get a huge amount of IPs to burn through before they have to bother their ISP about it. Blacklists themselves could become so massive and cumbersome that restricting larger and larger ranges may be the only option.
Can you imagine what would happen if we applied your argument to other important communications channels like postal mail or telephone calls? Sorry, someone in your old friend's city was using a robodialler so now none of the local phone service providers available to you will accept calls from anyone in that area code.
We absolutely can regulate the Internet on this kind of issue. We don't have to regulate everywhere in the world to make a big improvement, just businesses above a certain size that operate a commercial email service. If our governments can effectively lean on social networks enough that they add warnings to potentially misleading comments about science, they can lean on email services to do better with this problem. They only difference is that there is an obvious and unambiguous way the mail services could do a better job.
And again, just to be crystal clear, I am not arguing for giving real spammers a free pass. I am only arguing for credible, realistic measures to try to avoid the huge numbers of false positives we get from mail filtering today.
> Can you imagine what would happen if we applied your argument to other important communications channels like postal mail or telephone calls?
The only reason we don't is because unlike email, it's the sender who pays not the receiver. Telecoms do monitor and block outbound international calls if the connection times are excessive, if they occur at unusual hours, or if they going to certain "blacklisted" countries where phone fraud is common. They do it because hackers will break into a business's PBX and use it to place a bunch of international calls and the business suddenly gets a massive phone bill. They call their phone company about the changes, the phone company waves the changes (once) but that leaves the phone company on the hook for them. When false positives happen, the business has to call into the phone company and explain the calls were legit and they will be whitelisted and similar outbound calls will be allowed going forward.
I wouldn't oppose using regulation in the US against US based mail services if it meant forcing them to do a better job preventing spam from leaving their networks, but I'd be hesitant to support legislation forcing them to accept more spam. Maybe the largest ones could be pressured to invest more money in handling the influx of spam after they accept it, but I'm guessing there would be costs to consumers such as long delays in delivery, or "free" services like Gmail suddenly requiring payment or closing their services for good. At the ISP I work for now we stopped hosting our own mail servers and outsourced email services to a third party because spam filtering was too expensive and time consuming, and now we're looking at possibly no longer offering an email product at all and telling all of our customers to migrate to services like gmail and yahoo. Killing our email service today would eliminate a lot of problems in terms of help desk calls, phishing attacks, and spam problems. Make it too much harder for people to provide email service and there may only be giant providers left.
Other guy sounds like a giant dick-wad - we should not be wholesale blocking IP ranges without recourse to "unblock".
Whatever the other guy thinks about it being "necessary" or whatever, there is not commonly a way for a user to whitelist a service. And services providing email dont normally take that sort of signal into account, either.
Once you are operating a large system that is used by many people, you become a public utility - furthermore, at that scale we can generally find where you live and come lock you up. This kind of thing is 100% regulatable.
Either let users choose what mail they receive, or implement regulation forcing compliance. If that doesnt happen, and you snub my lawyer like the irresponsible mega corp you probably are, guess thats one more reason for me to polish off my shotgun and takeout the dickwads running the megadoom corp.
Did you actually read that, and the sources it cites, before posting it? If you had you might have noticed that it's full of the worst kind of junk stats. Several of the sources cited, the ones that supposedly support your arguments here, don't even say what the piece you linked claims. They literally have completely different numbers. Not that it matters since there is no indication of methodology used and the exact figures are clearly impossible for anyone to measure accurately. Some of the other "sources" are just links to organisation home pages without identifying any specific research or analysis at all.
If 90% of all the messages in your inbox were spam how long would you continue to use it?
As someone old enough to remember the time when that was actually the case, obviously we managed. But this is distorting the argument again because you are implying a false dichotomy where the alternative to overly aggressive blacklisting policies such as you advocate is all of the spam reaching our inboxes. Clearly that is not realistic as less aggressive defences are still highly effective and have consistently been so for a long time.
No one can force anyone to do anything.
Really? Then where can I sign up for a mail service that will reliably deliver both my incoming and outgoing legitimate messages without undue monitoring or interference with my own business? I contend that possibly no such service currently exists.
Personally, I'd prefer to hold them to the same standards as everyone else, but the problem of the largest players throwing their weight around giving them unfair advantages exists in every industry and until someone comes up with a solution for it, we're all just stuck playing along.
Which is exactly why some of us are in favour of statutory regulation to compel anyone participating in such an important technological ecosystem to be a good citizen.
So your alternative to blacklists is just more blacklists that are run better?
I don't believe I have ever suggested anywhere in this discussion that using blacklists to block traffic from proven spam sources was unfair or inappropriate. My objection, which seems to be in line with the submitted article, is to big mail services that think spraying fire into a crowd of 250 indefinitely because there was once one bad person there is a reasonable response to the problem. There is huge collateral damage being caused and the defenders of this policy are trying to sweep it under the carpet and use highly debatable arguments of necessity to justify their damaging policies.
This is not the best system we have. That's the point being made here.