IP address reputation, BorderWare

Rick Chadderdon mailscanner at yeticomputers.com
Mon Mar 26 07:25:44 CEST 2007

Res wrote:
>> Hardly.  I've still seen nobody provide any evidence that any of this 
>> insane spam bandwidth directly affects the experience *any* of us 
>> have on the 'net.
> Really... more spam = higher data usage = more bandwith use = 
> provision more bandwith to avoid whinging customers = more cost

You apparently missed the disclaimer I put in there explaining that I 
was referring to the indirect effect on *me* from the use of *Kevin's* 
bandwidth.  It's easy enough to miss points I'm making the way I ramble, 
but still, it was in there.  Again, for clarity: received spam is 
obviously a problem for the receiver's bandwidth.  *Your* received spam 
is *not* obviously a problem for *my* bandwidth.  And as such, I have 
little reason to enjoy your increased use of my resources to deflect 
some of the use of yours.

>> important to any consumer.  If I'm getting what I pay for, and the 
>> price is one I'm willing to pay, as a consumer I *don't care* how 
>> much of the bandwidth I'm *not* getting is being used by spammers.  
>> In fact, to be fair,
> thats a rather irresponsible attitude.

Note that I said, "as a consumer".  Why do you think it's 
"irresponsible" for a consumer to fail to care about things that do not 
affect them in any perceivable way?  The dollar per bit bandwidth costs 
of most consumers has been dropping steadily over the last decade, and 
I'm pretty sure that's true worldwide.  If it's not true where you are, 
please feel free to correct me.  I also don't see it as irresponsible to 
not think that anyone else's problems justify them harassing me if I'm 
*not the one causing (or even contributing to) their problem.*  Keep in 
mind that I didn't say that spam wasn't a problem (it is), or that it 
didn't consume a lot of bandwidth (although as was implicitly pointed 
out by Hugo, the amount of bandwidth consumed by filesharing probably 
dwarfs the amount consumed by spam) or even that the receipt and 
processing of spam doesn't require *providers* like us to increase our 
bandwith expenses.  I was stating that the consumer - the end user - has 
no reason to care how much bandwidth spammers use if they don't 
experience the effects of that spam in a way that the end user can perceive.

How do you define "irresponsible"?

>>  At home, I was paying about five times what I currently pay for 10 
>> megabits - just to get dual-channel DSL. (128K)
> 10mb? try multi gigabit here.

You have multi-gigabit bandwidth at home?  Impressive, and...  well, I 
don't have a need for that much at home.  If I did, it would be because 
I worked far too much from there, I think.  Still, I'm not sure what 
relevance that has.  Enlighten me? 

My point was that bandwidth costs have been steadily dropping for nearly 
as long as I've been in the business - which is a long time indeed.  Not 
that large providers don't need a lot of it.  Nor that spam doesn't 
increase that amount.  I am curious though.  With multi-gig consumption, 
you must have some idea what percentage of your total bandwidth is 
consumed by mail, what percentage by filesharing, web surfing, etc.  
Care to share?  My mail flow consumes less than 10% of the total, even 
including spam, in case you want to compare.

>> I mentioned that I had some misgivings about greylisting.  The most 
>> important difference from a moral viewpoint is that greylisting only 
>> affects people who are directly connecting to me, deliberately.  SAV 
>> affects people who never tried to mail me.
> right... now I see... you want to do it to waste others but get all 
> hissy fitty when someone does a similar thing back, now I have no idea 
> if you use greylisting now, but you could tomorrow be ordered to use it.

As I said, the only bandwidth I waste is that of those who actually 
connect to *me*.  You can feel free to blacklist, greylist or ignore 
anyone you want.  If it's me on the blacklist, if I deem it important to 
communicate with you, I will work to comply with whatever needs you have 
to make it possible - perhaps while trying to convince you of why my way 
is better, but I'll work with you.  When you do a lookup on *my* server 
because *someone else* said they were me, you're not even trying to 
communicate with me - you're expending my resources with no benefit to 
me.  And you didn't ask.  As I've said several times in this thread, 
however, it's not a resource problem, it's a moral problem.  One about 
bad manners.

Case one:  You initiate the behavior, I respond by consuming your resources.
Case two:  A third party initiates the behavior.  You respond by 
consuming *my* resources. 

I see a big difference.  You, apparently, do not.  Hence we're unlikely 
to ever agree.

>> None of my routers are named "core".  :P
> when you have a couple dozen you tend to name them somthing that helps 
> you rtmember whats what :)

No doubt.  I only have three of any importance.  The rest are just for 
my own amusement.  :)

>> there is no tangible benefit to *anyone* other than the user of SAV, 
>> and he's
> Wrong, any carried out action to protect someones network by ensuring 
> the inbound mail is from someone legitimate is a benefit to the 
> receiver by helping reduce the chances of it being spam and hence 
> wasteing more of their resources.

Exactly what I said...  It is of benefit to you, the user of SAV, not to 
the person you're hammering with your lookups.  Unless you're being 
pedantic and not including a benefit to your users as a benefit to you.  
In which case I'll expand my statement to be:  "The use of SAV if only 
of benefit to those targeted by the spam being address verfied."  I see 
no material benefit to me from your use of SAV.  And even if I did, I 
would think it impolite that you did it without permission.  I did *not* 
send you that spam, and you have no non-selfish justfication for 
pestering me about it.

>> with the rest of us, working to eliminate spam from our users lives - 
>> instead of just telling them to "deal with it."
> You've just contradicted yourself :)
> you are in essence saying deal with it, by not wanting someone to run 
> a measure they think benefits them.

No, I'm saying "don't run your measures against me when I'm not the one 
spamming."  Don't try to force me to solve your problems when I'm not 
the one causing them.  If you and I do not have a relationship of some 
kind, it is not my responsibility (there's that word again) to even 
*try* to solve your problems, although I will usually offer my time 
freely *when asked*.  When you just go ahead and take my help without 
asking, I'm bound to be irritated.

Let's say that your neighborhood started a new crime watch program.  
Let's say that it *required* you to spend an hour per month contributing 
your time.  You weren't asked.  Several of your neighbors just started 
doing this thing, and due to the way it was implemented there is no way 
that you can avoid it's effects, or its drain on your time.  You don't 
*want* to do this thing.  Even though you can see that this plan does 
offer some benefit to the people who actually participate, you think 
that it's intrusive to both you and your other neighbors, and you're not 
willing to gain the benefits at the *moral* costs you perceive.  While 
it's possible for you to avoid the actual intrusive behavior itself, you 
can *not* avoid spending time dealing with the way it has been 
implemented.  The practical effects of moving out of the neighborhood 
are far too great to consider moving simply to avoid the hour of work 
each month.  The work required of you does not constitute a violation of 
your ideals.

Now...  Do you donate your time to this endeavor you disapprove of 
without a word of protest?  If you would, it goes against...  well, 
nearly all of the posts I've ever seen you make.  :)

To make it even simpler, because it is not the amount of resources I'm 
bitching about, but the moral choice itself, I'll offer a last 
exaggerated case:

A fellow walks up to you and offers you this deal:  "Neither you nor 
anyone else you care about or provide services to will ever receive a 
single piece of spam again if you go to this address and kill the 
innocent person there."  You believe (for whatever magical reason) that 
he can deliver on his end of the bargain.  Do you take the deal?  Hm.  
Your evil bunny status does make the answer less certain than I would 
like...  :)

One of us should have changed the subject of this thread to something 
regarding address verification a long time ago.  Or ended it.  :P


More information about the MailScanner mailing list