Are we looking for solutions, or just ranting? (was Re: Comcast and SORBS)

[invalid at pizzashack.org (Derek Martin)]

On Thu, Nov 25, 2004 at 06:19:40PM -0500, Bob George wrote:
> Derek Martin wrote:
> 
> > [...] As we have seen, this apparently doesn't solve the problem.
> 
> Then I'm confused as to what the problem IS. 

In broadly stated terms, the problems is that individuals are being
restricted from running their own Internet services (specifically
e-mail, but the argument applies to other services too, where for
example incoming HTTP ports are being blocked, etc.) without paying
exhorbitant fees (i.e. buying business-class service) for the
privilege to do so, through the actions of large corporations with the
finacial resources and market share to effect this.  These business
practices are unfair, and consumers should not tolerate it.
Businessess exist to provide PEOPLE with services.  But they have come
to think of the relationship in reverse; people exist to provide THEM
with a revenue stream.  We have allowed them to think this way by
being apathetic.  We should not tolerate this in our society.

> Rich's original post 
> referred to SORBS tagging of dynamic IPs. 

This is what started the thread, but it is only part of the problem.
Big companies like AOL block IP ranges seperately from SORBS.  It is
the same issue, even if it is not exactly what Rich posted originally.

> Even if your ISP allows outbound SMTP (Rich's does I believe), others 
> may well blacklist such ranges. Like it or not, that's how it is. Any 
> solution will have to contend with this reality at some level.

It doesn't have to be.  As consumers, we do have some power; but only
if enough consumers care, and complain.  Getting people to care is the
hard part.

> > [..] It shouldn't be. E-mail is becoming just as important a means
> > of communication as the telephone; the ISP should not have the right
> > to block the sender just because they don't like their net address
> > block, just as phone companies can't block incoming calls from their
> > competitors (or for any reason, AFAIK).
> 
> But of course an individual can refuse calls from whoever they like. 

Indeed, and individuals can and should be able to run their own spam
filters to dump e-mail from people they don't want to communicate.
In my opinion, the ISP should not be performing this role on behalf of
people.  Yes, it saves spam...  But some people WANT that spam as
testified to by the fact that it actually does generate a considerable
amount of revenue.  Ultimately the decision of who can deliver mail to
be should be left up to me.

This is one of many reasons I want to run my own mail server.  It
gives me that.  If I WANT to run with SORBS, I can.  If I don't, I
don't have to.  As it happens, I don't, because SORBS blocks mail from
legitimate people, some of whom I happen to want to communicate with.

Yes, relaying my outboud mail through my ISP still affords me this
option, but this is only part of the argument, and doing so doesn't
address different issues.
 
> > [...] If I am running my own server, I can opportunistically encrypt
> > the SMTP session (when the peer supports it) so that my ISP can not
> > see the contents of my communications.
> 
> Hit-or-miss at best, as you noted. So the ability to run an SMTP server 
> doesn't really guarantee anything at this level.

But I am not a clueless user; I can check to see whose mail servers
encrypt and don't, and I can make decisions with how to communicate
with people on that basis.

> That's a different issue than SORBS and general tagging of dynamic-IP 
> sourced messages as possible spam, agreed?

Yes, but I think it's still relevant.  I think Rich would agree.
[Rich?]

> > [...] Percentagewise, I'm sure that's true, but that doesn't mean it
> > should be impossible.
> 
> Again, many DO seem to be running their own servers from dynamic IP 
> addresses. The actual problem Rich cited is that others -- whether 
> fairly or not -- have deemed it a likely source of spam. Protestations 
> of unfairness are likely to fall on deaf ears. That doesn't mean that 
> there is nothing that can be done, but of course, it may cost or not be 
> particularly "convenient" to do so.

You're right.

One way that it could change is if there were enough of us who want to
run our own server, making noise.  There are many reasons why people
don't want to run their own mail server (lack of knowledge, time,
etc.), but ideally I think there are also many reasons why people
SHOULD want to run their own server:

 - It gives you more control.  You can, for example, choose to use
   SORBS, or not.  LIkewise with any other measure/feature which
   requires control over the server.  Another example is advanced
   filtering/sorting using something like procmail.

 - It is definitely more private, regardless of what the nay-sayers
   say.  Using your ISP's mail server gives them unrestricted access
   to all your communications, which they can do anything they want
   with, without your knowledge.  If you run your own server, 
   your ISP can still capture packets, but there's not a lot of
   incentive to do this.  It's harder, and requires more work.  Plus
   as I've said, if you and all your friends enable STARTTLS, your
   communications will be encrypted, and your ISP can't do much about
   that.  PGP is a more sure-fire way to deal with this problem, but
   it may not be available to all users (it may be to hard to use, or
   to learn, or it may be illegal, etc.).  This is not perfect
   privacy, but it's a lot better than giving your ISP unrestricted
   access to your communications.
   
 - It is usually faster.  Your own server isn't clogged up with
   messages for a bazillion other users.  If you're on a fast link,
   your mail comes right to you, and arrives immediately.

 - You are not dependent on your ISP's mail server.  If theirs goes
   down, you still get mail.  Of course, the down side is, if yours
   goes down, you're SOL until you fix it.  This can be mittigated by
   partnering with a buddy and running relays for eachother.

> If find it strange that the ability to send unprotected SMTP is seen as 
> any great protection of one's freedom, and that energy is expended 
> arguing that it is. 

I have given several reasons why it is.  I have also stated that
opportunistic emcryption can be used to protect your communications
effortlessly.  If you and the people you communicate with all have
their own servers set up this way, you don't need PGP, which is, quite
frankly, generally quite difficult to use.

> This thread seems to have become a rant-fest rather than any effort to 
> coordinate a solution to this, and related problems. If that's the 
> intent, fine. 

Here's my proposal:  Go to your ISP and demand that they allow you to
run your own mail server.  write e-mail and letters to all the
companies you know of which block e-mail based on netblocks.  There's
no need for them to do this; there are other methods they can use
which will not penalize legitimate users.  Finally, write to your
comngressman to demand that ISPs start acting more fairly.

I've spelled out the problem, and the reasons why it is a problem, as
clearly and completely as I can think how to.  I've provided a
potential long-term solution, which will almost certainly not cmoe to
pass, because people only worry about unfair business practices when
they feel directly affected by them, and most people just don't care
about running their own server.  The numbers just don't add up.  But I
hope you will not think that I'm just ranting; I really want to change
this, though I'm not hopeful.

I'm open to other suggestions, so long as the end result is that I can
use my PERSONAL mail server at reasonable, PERSONAL prices, an not be
arbitrarily blocked for no good reason.  But it seems like it will
require legislative changes.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20041126/4cdf25d0/attachment.sig>