TO all this I have to say:
Who better to enforce a corrective action that the suppliers of the very addresses that allow the abusers to exist?
Company A abuses, get a slap on the wrist, and goes on, abuses again, another slap. They are big and don't care.
Now Company A, which is an ISP, will need more addresses sooner or later. Instead of a slap on the wrist, just freeze all future allocations and allotments. Of course, this will have to be defined as to when and how to freeze, and even what is the "freezing trigger". But a Strict policy will even the playing field. And this policy will effect all of the companies customers, making them toe the line. And for those that are so big, that they don't need more IP addresses: in their next renewal of any service (AS, IP lease etc) a new clause will add the possibility of increased charges for their current services.
In the US, a person convicted of a DUI can get off rather easily, pay a little money, maybe some jail time, and then do it again. And we have a high occurrence rate.
In a number of foreign countries the penalty is so high that there is a near zero occurrence rate.
And I am sure that the question after this is: how does this apply?
Compare that to the our state of affairs.
For those that don't see SPAM-L, here it is:
We have ZERO punitive or other responses to SPAM, security and abuse issues.
And we have RAMPANT amounts of each. I have seen at least 3 people named on that list for repetively being a nuisance to
the Internet users. They know there is not a "punishment" for them.
Here is a policy from an ISP I know:
Unsolicited Bulk E-mail ("Spam") cleanup: You will be charged $300.00 + $5.00 per message sent + $100.00 per complaint received by us.
What I propose is that everyone take a step back and forget the "perfect world" idea that we don't need enforcement or more regulations. Let's just start a committee of a few folks from each RIR, the IETF, IANA, and a few other organizations and fix this. Yeah I know a committee may weaken this whole concept, but if we don't put it to a committee many people will feel that they had no say and dig in to fight it.
I see this problem as a cancer, fight it now and we might have a winnable fight, wait 6 months, a year or IPv6 and just prepare for euthanasia.
Well as one other list member has put it: This is my 2 cents worth, for what it's worth.
From: GCottay [mailto:cottay at qconline.com]
Sent: Saturday, November 30, 2002 12:09 PM
To: ppml at arin.net
Subject: RE: [ppml] Question?
It seems to me Jeffrey poses an important question to which regional
registries might eventually be part of at least some partial answer, but
only a part.
Groups such as the Internet Engineering Task Force (IETF), Internet
Engineering Steering Group (IESG), Internet Architecture Board (IAB),
Internet Assigned Number Authority (IANA) and the Internet Research Task
Force (IRTF), and its Steering Group(IRSG) would all seem to have essential
roles. Along with other permutations and combinations of the alphabet.
As to actual policing, I would be prejudiced in favor of leaving that to the
police with due process in the court system based on laws passed by
legislators even though that has proven a right messy system.
This contribution from the nearly half-vast wisdom of George Cottay.
> >I don't believe the RR should get
> >involved in policing such things . . .
> So who should? If your answer is no one, then we get the law
> of the jungle, which describes the spammer's paradise we have
> Jeffrey Race