In general, a consensus definition of spam HAS evolved - and more to the point, a consensus on best practices for ISPs and marketers has evolved. Whether or not some of the spam ronald is concerned about is illegal - most of it tends to skate on the borderline between legal and illegal (and some of the gray areas keep getting plugged by regulatory action, court rulings etc - a substantial part of it is the sort that leaves the IP space such customers acquired polluted and unusable by other customers, after it is abandoned by the spammers after being blacklisted and nullrouted beyond any viable further use. The objective furio has for these numbers is not as much to name and shame as to highlight just where the problem exists, and provide actionable metrics that can be used to zero in on and address the problem. If you think Furio's math is bad, it might be a way forward to actually share usable metrics and discuss a statistical approach (possibly using as a platform a neutral third party like maawg - which the oecd and others have used for metrics data, and which represents a sizeable chunk of the isp / antispam research and product / legitimate email marketer community). I wish there was RIPE NCC representation at the recent Vienna MAAWG .. it'd have been good to discuss these and other ways forward. thanks srs On Tuesday, June 18, 2013, Brian Nisbet wrote:
Suresh Ramasubramanian wrote the following on 18/06/2013 15:22:
As a thought experiment, if Furio were to remove LIRs from Eastern Europe, in particular, Romania, from his list below, what would RIPE NCC's figures fall to?
Most of those /14s are swipped and then re-swipped to a succession of shell companies that appear to remain valid for the minimum possible duration - and are typically (as creating a shell company in romania requires valid ID) set up by the simple expedient of walking into a bar and paying a guy there a few euro to get him to use his ID to set up the shell company.
So even "a much larger number of customers in the RIPE region" is a figure that you would have to allow for substantial inflation in, when you consider these numbers.
There is no question in my mind that there is a massive problem in the RIPE NCC service region, just as there is elsewhere. I'm not convinced that there's any good in comparing them, rather we should admit that there is such a problem.
I remain to be convinced that we will ever reach an agreed definition of network abuse, but I do think there are types of activity that are generally agreed to be abusive. But even with these, do we want the NCC to say "Ah, you have operated a botnet to crack credit card numbers, we will now deregulate!" I do not believe we will ever reach consensus on such a policy.
I *do* believe that there should be more rigour involved in obtaining addresses, but there you also have a problem of national law. If a state says "this company is a legitimate company" does the NCC have any right to argue?
Ronald, I ask this sincerely, and I apologise if I missed it before, but what is your definition of 'network abuse'? I'm not asking this to call you out, I'm genuinely interested. I know why definitions are important, but I also know how hard they can be and given the limitations of what the NCC can do (and what I, as an operator, want it to do) I'm not sure how much use it will actually be to pursue such a thing.
Are there other ways of looking at this, of tackling it, that have more chance of success?
Brian
-- --srs (iPad)