[LINK] Would making the internet "Sender pays" help?

Craig Sanders cas at taz.net.au
Thu Dec 6 10:04:28 AEDT 2012


On Thu, Dec 06, 2012 at 08:36:45AM +1100, Kim Holburn wrote:
> Would making the internet "Sender pays" help, you know, stop spam and
> stuff?

of course not. small-scale spammers often use stolen credit card numbers
to pay for internet access. large scale ones use botnets - someone else
pays the bandwidth and hosting bill.



other thoughts...

The internet is very different to a phone network.  For a start, it's
a peer to peer network.  With the phone network, it's easy to identify
who the 'sender' is - it's whoever initiated the call.  On the internet,
it's not so easy.

 - for *every* download, every time you receive data, there's around
10-15% of data going back in the reverse direction - incl. ACK packets,
resend requests, and other protocol overhead. various routers in the
network path from sender to receiver (and the reverse path from receiver
to sender) may also send small amounts of flow-control data (e.g. ICMP
Fragmentation Required packets)

 - if a user requests data from a remote server (e.g. browsing the web),
the server sends a large amount of data in response to a small request.
who is the sender here? the user who initiated the request, or the
server which sent the data?

 - how do you tell the difference between user-initated requests like
that and unsolicited transmissions - either legitimate like an incoming
VOIP call, or illegitimate like spam or a DoS attack?

so, if an internet server gets a DoS attack of gigabytes/sec not only
will their servers be under severe load, but under a "sender pays" rule
they'll pay for outbound bandwidth used (the 10-15% mentioned above),
and the owners of the thousands of botnet-compromised servers will end
up with bills for their outbound data.

or if a spammer sends a 1MB virus infected PDF file, the spam victim
also has to pay for the 100-150KB of outbound traffic associated with
receiving it.


These are just the first few reasons i can think of.

IMO since you can't control what people send you on the internet,
the fairest and only reasonable billing method is via size of the
connection, not volume charging. being billed for unsolicited garbage
adds financial injury to the insult.

similar reasoning is why the US has far stronger laws against phone-spam
to mobile phones than it does for phone-spam to landlines. the billing
model in the US is (or was) on many networks that the recipient pays for
some or all of the call.

ditto for why AU legislation banning fax spam came years before the
(relatively toothless) Do Not Call registry - because the recipient pays
for the paper the fax is printed on.


craig

-- 
craig sanders <cas at taz.net.au>



More information about the Link mailing list