[Asrg] Solving spam == Solving zombies/botnets

[Gerald Klaas]

On Mon, Dec 1, 2008 at 10:25 PM, Andrew D Kirch <trelane at trelane.net> wrote:

> Walter Dnes wrote:
> > What it boils down to is that to majorly reduce spam, we have to
> > majorly reduce botnets/zombies.
> >
>
> I concur, I'm just not sure that we're going to pull it off.  There's
> little to no liability for the provider.  I'd love to see someone start
> suing yahoo, or the web cafe, or the compromised server that phishing
> attacks come through.  Unless you hit their pocketbook they simply don't
> care.
>
>
>
Sue the ISP?  Why would it be any easier for an ISP to determine that
Granny's PC is
pwn3d than it is for the rest of us?  Why not sue Granny?  (a la MPAA)

I agree with the observations that pwn3d machines can do anything their
owners
can do, so who's responsible for abuse?  Is it the machine owner?  Is it the
ISP?  Why not
the OS provider?  Why not the MUA or MTA licensor?   They're all victims of
the
original perpetrator.  Why not pursue legislation that would make it easier
for all
of the victims to pursue the original perpetrator?  A couple days ago,
someone
talked about the mailbox sticker in Canada that "opts out" of unsolicited
flyers in
the mailbox.  Does it work?  Not at a technical level.  Certainly the guy
delivering
a Chinese menu can ignore the sticker.  But what's the punishment, and how
does
the recipient pursue damages?   I'd like to see a voluntary, distributed
"opt-out"
notice for e-mail boxes along with legislation defining damages for
violators, that
would allow victims of Granny's compromised machine to pursue the real perp.

IMHO: One benefit of an ePostage system is that Granny has a reason to
protect her
machine.  If someone breaks into Granny's machine and spends all of her
stamps,
she has an immediate loss.  No court involved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.irtf.org/pipermail/asrg/attachments/20081202/e5d5b71c/attachment.htm>