Blocking a Nation's IP Space

SComps writes "The Register has a good commentary about blocking Chinese IP space and some of the pros and cons surrounding that action. The question I post to Slashdot: "What is your opinion of this and what do you propose to help correct this?" Additionally, what sort of actions do other Slashdot users take to protect themselves from rogue IP space, be it national borders or even retail broadband/dialup providers such as wannadoo or comcast, roadrunner, etc?" The author of the article raises an interesting point, will this 'slippery slope' prove too difficult to walk?

My ban list is extensive but I'm a home user only.

[garcia (6573)]

What is your opinion of this and what do you propose to help correct this?

Correct what? The fact that other countries are full of hackers that constantly attack you and you have little recourse to stop it? I suggest blocking them. Duh.

Additionally, what sort of actions do other Slashdot users take to protect themselves from rogue IP space, be it national borders or even retail broadband/dialup providers such as wannadoo or comcast, roadrunner, etc?

I have an extensive ban list on my firewall including tons of /8 and /16's but mostly /24's. If someone cannot e-mail me it's because they are likely using a residential cable/DSL account and I suggest to them to either use AIM or a viable webmail service like GMail (hotmail and yahoo are banned).

I am an individual. I don't run a corporate network and I am not required to put up w/a bunch of shit from other people. Don't like it? Oh well, I'm unconcerned. This particular Ask Slashdot might be pertaining to something else but the blurb wasn't really clear.

If it were up to me, I would want entire countries in their own easy to block IP address space. Want to block .br? Here's the single block that does it. Want to block .kr, .cn, and .nz? Go for it. Right now it's entirely too difficult and it requires some real work to do what you need to do.

After moving off of Comcast for residential DSL through a respectable provider I find that I don't have worms constantly hitting my machine. I don't have as many attack attempts and I certainly am not blocking quite as much spam. I long for the day when I don't have to add another .0/24 to the firewall list.

Re:My ban list is extensive but I'm a home user on

[RM6f9 (825298)]

Cool! As an independent/home user myself, I can definitely empathize - another individual's rights to express themselves end at my eyes/ears - personally, I'm considering publishing a list of the IPs I block, and my reasons for doing so: as others weigh in (agreeing or dissenting), it could become the ultimate democracy...

Re:My ban list is extensive but I'm a home user on

[pclminion (145572)]

I'm considering publishing a list of the IPs I block, and my reasons for doing so: as others weigh in (agreeing or dissenting), it could become the ultimate democracy...

Yeah, the "ultimate democracy." Where despotic regimes harbor cyber miscreants who piss off the inhabitants of "civilized" countries, who block those despotic regimes, therefore denying the innocent inhabitants of those regimes the ability to communicate unfettered with the rest of the free world.

"Hey, there seem to be all these hackers in China. Let's block the entire nation of China from the rest of the Internet. That will really help the Chinese Internet censorship situation."

But I guess your own convenience is more important that giving those people a conduit to freedom.

As somebody else pointed out, an individual has every right to block or receive whatever traffic they wish. But if you're a network administrator at an ISP or government who thinks he's doing some good by closing off these segments of the Internet, you're nothing but low life scum who cares more about his temporary comfort that other people's lives.

Re:My ban list is extensive but I'm a home user on

[RM6f9 (825298)]

Alrighty, then, troll feeding time!

          230 years ago, this nation I live in was under a (different) "despotic regime" - some people decided to take some action, and it changed. The assistances they received happened after they started, not because they whined.
          As an individual internet user, I have not ever blocked an email from a political dissident due to its political content. As a website author, I have not blocked anyone from viewing my site.
          As a businessman, I respect and obey the laws governing my use of advertising online, by email (I fully comply with CAN-SPAM) and other means as applicable.
          The above said, anyone who cannot see fit to play by the same rules can go figure out a different game *elsewhere*, instead of trying to play some bait (political freedom of speech) and switch (illegal spam serving) game.
          There is no "divine right" nor requirement to maintain a web presence, to maintain completely open networks, to provide a podium upon which some poor abused oppressed individual can spout their issues to everyone else, no matter how "justified" they might be.... This whole intarweb thing borders so closely to being completely fictional it isn't funny - please *do* seek to force your beliefs concerning how things *should* be onto the current way things are - only time will tell how successful you were.
          Please *don't* consider the over-worked net administrators as enemies: The real enemies are those spam servers who bury any legitimate content coming out of dissenting China more effectively than any locally-applied blocks ever could.

Re:My ban list is extensive but I'm a home user on

[nacturation (646836)]

For email, you can use the countries.nerd.dk RBL. Just add the two-letter country code as a prefix. So if you wish to block China from sending email, the RBL server is cn.countries.nerd.dk.
 

Easy ban lists

[tyler_larson (558763)]

Want to know all the subnets a given country (in APNIC) uses? How about 3 lines of perl:

$ctry = shift || 'cn';
$_ = `GET http://www.apnic.net/apnic-bin/ipv4-by-country.pl? country=$ctry`;
print join "\n", /([0-9\.]+\/[0-9]+)/g;

My philosophy is that you should get to decide who you want to talk to. If you don't want to talk to anyone in China (or Australia, or whatever), then no one says you have to.

Re:My ban list is extensive but I'm a home user on

[slashdot.org (321932)]

This is all fine and dandy. Until _you_ end up being blocked from a whole bunch of stuff because of some asshole in the same IP space.

Blocking based on IP range and or country is pure and simple discrimination. A lot of people don't seem to grasp why discrimination is bad until they end up on the receiving end...

Having said that; if you want to block half the world, I believe that's your right. Just don't block it for me please, I'd like to make that decision myself.

Re:My ban list is extensive but I'm a home user on

[m50d (797211)]

Correct what? The fact that other countries are full of hackers that constantly attack you and you have little recourse to stop it? I suggest blocking them. Duh.

I'd suggest just keeping your services secure. Automated attacks are aimed at the lowest common denominator, even basic security steps will stop them. My smb server gets connect attempts at a rate of around 2 per second, and has done for the last six months or so. So far none have got in. I only take action if I'm getting hammered by a single IP, a

Re:My ban list is extensive but I'm a home user on

[Rooktoven (263454)]

Actually, there are a few pages that wil gelp you find blocks from rogue countries. But first on to the ethical questions--

I'm the admin for a company with around 70 employees, we maintain our own website, and mail systems. We had been getting pounded with spam and a lot of ssh attempts.

Before taking any action, we found that China (predominately) and Korea were the source of most of our break-in attempts and spam sources. Given that we do _some_ international business, but not there, that was an easy call. Other countries soon followed. Our criteria has been that if there is any chance that someone will travel to a particular country or if the country has useful information to be had via someone with email, we don't block. I know it sounds judgmental, but it has cut our spam/scams down by about 75%. I would prefer to block all cable access to mail, but that would potentially hurt our road warriors with SMTP-AUTH. The slippery slope comes in when you say "Screw anyone on Wannadoo or BTI or Time Warner, etc. running a mail server." I know I quit running a mail server at home just because my stuff was blocked. Our compromise is that spam sources are individually blocked (rather than by range) in places where we travel or may do business.

Further if you have a good firewall scheme you don't have to block web access. You can block the ports that give you trouble and still allow http access if you need the Chinese comsumer market to see your site. I have found that an invaluable tool to use in conjuntion with iptables is IPSet [netfilter.org].
It allows for very quick processing of ranges or hashes of individual addresses.

If you want info on blocking countries (sorry if I offend anyone) look here:

http://okean.com/asianspamblocks.html [okean.com]

and http://blackholes.us/ [blackholes.us] (when it's up...)

Personally, I find blocking unwanted guests akin to allowing only people on your chat list to talk to you...

Re:My ban list is extensive but I'm a home user on

[garcia (6573)]

Since we're generalizing here, you wouldn't by any chance be American, would you?

It's fairly apparent where I'm from. I didn't feel the need to state it -- if you'd like more info my post history and personal URL are there.

As far as America being full of hackers. This is true. They don't typically fuck with me from American IPs though. The main problems I see from America are morons running unpatched shit on residential connections.

Anyone else from America that is tryin to exploit me is generally coming

Re:some ideas for networking

[MightyMartian (840721)]

Can you point to a time when the net was safe for families and businesses. When it was still reasonably safe, I don't recall very many businesses and damn few families even being on it, and it's the sheer stupidity of families and businesses that has been part of the problem with net security.

Re:some ideas for networking

[General Wesc (59919)]

I can give you the world's "safest" Internet (and also the least useful): Block everything except 127.0.0.1.

That won't protect my children from pornography.

Re:My ban list is extensive but I'm a home user on

[Alex P Keaton in da (882660)]

The three people it might affect every year isn't a big deal. If anything, I did them, and everyone else, a favor.
Dude, seriously, what are you doing on slashdot? Didn't you know that hot babes from all over the world are trying to email us all day every day?
Honestly, for me, email is like the phone- the list of people that I want to have access to me isn't that long. Not because I am a hot commodity, but because I don't like being disturbed.
It is your computer- you can restrict access however you want.

Re:My ban list is extensive but I'm a home user on

[Ucklak (755284)]

That only works with BGP. Once your hunker down to the local level, taking out a single router can wipe out alot of customers.

Many a discussion have been had when your business-class internet goes out, all the suits quote the same "I thought the internet meant that it doesn't go out".
Sorry, if your firewall goes out, your office is out.
If your ISP's router feeding your office is out, you're out.
If your ISP's feed has a bad router, they're out and guess what, you're out too.

Re:My ban list is extensive but I'm a home user on

[NatasRevol (731260)]

Then you need to tell the suits the magical word.

Redundancy. To two different ISPs.

If they don't like the cost for it, ask them what the cost is to be without internet access for 2 days.

Purpose of blocking

[Anders Andersson (863)]

The point of refusing access from certain IP addresses is not to deny service to any particular individual (or nationality, in case of entire countries being affected), but to protect against likely abuse and encourage individuals to use some other IP address. As long as your boycott is aimed at their network infrastructure (for aiding abuse) rather than at the country itself (for political reasons), individual users routing their traffic via other networks is not a problem; it's what you want them to do. The idea is that the secondary network will sort out the abuse (by making sure they know who their customers are, or by other means). If they fail to do so, they will be blacklisted too.

Therefore I see no point in specifically blacklisting any single country, if not for political reasons. Entire countries are blacklisted because they conveniently map to large portions of IP address space. Some Chinese universities probably received their IP blocks before the commercial operators did, and may therefore have addresses in completely separate ranges. If the universities are a bit better at managing their networks, and the bulk of the abuse therefore comes from the commercial blocks, there is no reason both should be listed merely for being assigned to the same country.

Likewise, a single address block may contain several operators in different countries, causing them all to be blacklisted simply because telling them apart takes too much time. It's all about network abuse history, not about nationality. And, I wouldn't have to rely on everyone else blocking a single abused network either, unless they all were to forward that abuse to me.

I have however considered blocking mail servers indiscriminately "bouncing" virus messages having our domain forged onto them, when they have received those messages from IP addresses (often Chinese ones) already included in public blacklists. They could avoid such action on my part by simply using said blacklists themselves, but exactly how they solve their problem is up to them. If they simply avoid "notifying" innocent people every time they receive junk mail or other abuse, I will not bother them.

Officially insane.

[Dibblah (645750)]

They're a web hosting provider. And they're blocking entire netblocks from viewing *their customer's* content.

What's so insane about it?

[drgonzo59 (747139)]

What is so insane about it? It all depends on your target customer/audience base. If I sell scented candles and ship only to US, why would I want Chinese and Russians looking through my catalog. There is no way they can buy it but there is a high chance that they might hack my web site.

This is just an example, but the idea goes for other kinds of sites too...

Re:What's so insane about it?

[Eunuchswear (210685)]

If your website is hackable from China or Russia it's hackable from the US.

If your website is not hackable from the US it's not hackable from China or Russia.

So, why are you blocking China and Russia but not the US?

What big company....

[millahtime (710421)]

What big company is going to block China? That's where most of their workers are. Can't cut your communications lines to them.

Re:What big company....

[Zocalo (252965)]

Plenty of big companies, even those with most of their workers outsourced to China, could do this quite easily if they were so inclined. The trick would be to whitelist the IP addresses that they actually need to do business out of the tens of millions of IP addresses assigned to China, and then block the rest. If you wanted to be really slick, then you could even route traffic from the questionable IP blocks through a dedicated firewall to avoid bogging down the rest of your traffic with a huge list of f

Looking for open proxies

[SCHecklerX (229973)]

Maybe to get around the great firewall of china. Also, the company I work for is global. We have offices in china connected via IPSec. Not smart of us to block china telecom addresses...

No. No. No.

[Puls4r (724907)]

Simply blocking the IP doesn't fix the problem, and is on the same level as them blocking searches engines and sensoring US web sites. Bot engines etc etc, if you stop it one place it will simply spring up in another. Filtering ala google PRIOR to it hitting the consumer is the real key. That and corporate involvement - when it really begins to cost them money we'll see an improvement.

Ya...

[mr_tommy (619972)]

Does it not seem somewhat strange that we are more than happy to rally against measures by certain governments to restrict our internet liberties, yet there is no problem with us blocking whole nations access to western sites because of rogue elements in their borders?

This seems a rather murky route to go down, that ultimately, will be in no one's best interests.

Not at all

[Mustang Matt (133426)]

We want to censor ourselves, we don't want a government to censor us. If an individual or company decides to block traffic from a country more power to them. It's a choice they have the right to make. If the government wants to do it then that sucks because the people have lost that choice.

Re:Ya...

[RealAlaskan (576404)]

Does it not seem somewhat strange that we are more than happy to rally against measures by certain governments to restrict our internet liberties, yet there is no problem with us blocking whole nations access to western sites because of rogue elements in their borders?

Nope. Nothing strange about that.

For you or me to choose not to get email from Chinese addresses, or not to acknowledge packets from Chinese addresses, is to exercise our liberty. We have the right (among others) to ``freedom of association''. That means that we can choose who we associate with ... and who we don't.

This is radically different than a government trying to tell us that we cannot access certian websites (as the Chinese government has been doing with help from Cisco, MS and Google).

Let me try to re-phrase all that in simple terms: If we don't want to play with somebody, that's OK. If the bullies try to stop us from playing with someone, that's not OK.

OK?

I don't want to miss out on any opportunities!

[yorgasor (109984)]

I've got a friend that blocks email from Nigeria, but I'd never do that. You never know when someone really does need help moving millions of dollars out of the country and will gladly give me a cut of the proceeds. For that reason alone I'd never block them.

I am chinese

[lappy512 (853357)]

As a chinese American, I feel that these tensions between the USA and China are unnecessary, many things about China are sometimes overstated. For example, last summer I visited China, expecting to see many US sites blocked by the Great firewall, but instead do not see things like that. I did not encounter any websites that seemed to be blocked. Also, many Chinese can read English, so I also feel it's unfair to block Chinese users from some websites.

Re:I am chinese

[Ambush Commander (871525)]

As a Chinese American, I can say I was considerably annoyed when I found out my personal website was blocked by the firewall.

As a Wikipedian, I can tell you that http://zh.wikipedia.org/ [wikipedia.org] is a great case study of this censorship... it had a huge chilling effect on the project during that time. See http://en.wikipedia.org/wiki/Chinese_Wikipedia [wikipedia.org]

See also: http://en.wikipedia.org/wiki/Internet_censorship_i n_mainland_China [wikipedia.org]

Re:I am chinese

[fliplap (113705)]

Whats your IP?

what would cut down spam

[by Anonymous Coward]

would be if China blocked inbound USA connections seeing as 80% of the worlds spam originates from there [spamhaus.org], the numbers are no different for all the other scams either ie Phishing, Malware, Adware , Spyware [internetnews.com] etc etc

hmmm perhaps the rest-of-the-world should just cut off USA it would probably stop 80% of internet related crime overnight

Re:what would cut down spam

[Kelson (129150)]

Actually, that's 80% of North America's and Europe's spam. It doesn't provide any stats on how much of China's spam originates in the US.

It's also a list of the people creating the spam, not the location of the machines that are sending it.

And note that North America includes the US, so a lot of that spam is by Americans, for Americans. Just relayed through China, Korea and Brazil.

Re:what would cut down spam

[DNS-and-BIND (461968)]

The USA has compelling content online (if you speak English). China has very little information available in English, and can be blocked off with little loss. Unless your idea of compelling content is reading poorly-translated flash-enabled manufacturing company websites, or government-approved news sources.

There are scores of young men who sit around in internet cafes all day and do nothing but scan for vulnerabilities in badly-coded applications, mostly message boards. I know, I've seen them. Yes, it is most unusual for a Chinese fellow in an internet cafe to not be playing Counterstrike, but I assure you it does indeed happen. You can turn on the scanner and let it run in the background while you play Counterstrike, don't forget.

Sure - I block 'em

[ALecs (118703)]

I've got about 20 lines in my hosts.deny file - mostly /8 and /16 nets. This is on a server that hosts some services for showing off our products and it was seeing huge amounts of SSH dictionary attacks and web shell code, etc.

Basically - if we know we want a prospect in China, Korea, etc. to use our site, we'll open something for them - otherwise they should just go the heck away.

If enough people -j DROP China, etc., maybe somethign will get done about. (I know - wishful thinking).

Baby with the bathwater?

[Bananatree3 (872975)]

It would seem that blocking China's IP block might in some cases cause collateral damage when it comes to accessing certain sites. While it is true that blocking the entire China IP block would get rid of a LOT of spam that comes from Chinese bullet-proof ISPs, there is also a side effect. Ordinary people who try to connect to a network from inside China would also be blocked as well, and this cause a lot of collateral damage in terms of the average Chinese web browsing population.

It would though depend on the size and usage of the network you would be blocking Chineses traffic from. If you're a small buisness with absolutely no connection to China whatsoever, you might be ok blocking the entire IP block to protect your network from spammers. But, even an average size network might have some sort of Chinese connection, either from the outside in or vis versa. Lots of companies and people inside China that try to access that network would effected, not just the spammers.

Re:Baby with the bathwater?

[Kelson (129150)]

Exactly. We can't block China where I work (an ISP), because we have customers who are businesses, and there's a lot of economic activity between the US and China. We once had to make an exception for the SBL because someone was on a business trip to China and his only net access was via a spam-infested network that had gotten itself listed on Spamhaus.

I wouldn't consider blocking mail based on geography alone unless I could get input from everyone the policy would affect. You can do that as a home user,

treat your network like a sewer

[Indy1 (99447)]

and expect others to treat it like a sewer. Chinese (and other apnic networks) isps just dont give a damn how much abuse their users heap on the rest of the net. Between the spam, worms, and other crap they spew, they've gotten a hard earned spot in my firewall. Granted i am not a huge business or isp, but at the rate they're going, it wont be long before big isps and businesses DO firewall all of apnic as a pre-emptive measure.

Do it if you can...

[Vellmont (569020)]

"What is your opinion of this and what do you propose to help correct this?"

If you can get away with blocking out large IP spaces of an entire country, do it. If you can't, don't. I don't receive any legitimate mail from chinese IP addresses and never will. I don't block anything at the moment, but if it solved much of the scanning and spam I see I'd probbably consider it. Unless you have a global market, why not do it if it solves more problems than it creates?

I think when a US company starts targeting large ISPs in the US, or are an ISP yourself you're going to run into trouble though. I know an ISP that discards all mail coming from roadrunner addresses as spam. That's a terrible practice for the ISPs customers who aren't getting legitimate email.

Inappropriate & Heavy-Handed Response

[aldheorte (162967)]

Even if *you* block a range of IP addresses, someone operating a computer on one of those IP addresses could still connect with your server simply by going through a proxy not blocking them, but which you have not also blocked. Given that blocking a national range of IP addresses provides no real security from a marginally determined and capable attacker and that it promotes a balkanization of the Internet, decreasing the network affect and therefore overall utility of the network by blocking many potentially legitimate connections, this seems like a very inappropriate and heavy-handed technical response to unwanted requests from a particular country. It also saves no bandwidth since the filtering happens at the receiving server after the packets have travelled through the network.

From a political science and ideological perspective, industrialized and democratic companies benefit little form blocking the access of citizens of 'pariah' nations to non-classified information. Any opportunity to make available memes that offer alternatives to the totalitarian state line further create the opportunity for the expansion of democracy and free access and speech in those countries. Blocking national IP ranges in this manner would also decrease this opportunity.

Firewalled people

[m50d (797211)]

Firewalls of any sort are a menace. They're not part of the open internet. Every port of every publicly routable IP should either be open, because it's providing a service accessible from the open internet, or closed, in which case it should respond appropriately when it gets packets there and not just drop them. I don't actively block them, but I try to avoid enabling any options on my services that would help firewalled users.

Blunt force trauma

[groomed (202061)]

Blocking a /16 means blocking some ~65000 IP addresses. Blocking a /24 means blocking around 16 million IP addresses.

Over the past 6 months I've identified and recorded all SSH dictionary attacks on my machine. I've recorded exactly 211 IP addresses so far.

People who advocate blocking /16's and /24's should consider wrapping their CAT5 in tin foil.

Dynamic Block

[Roger W Moore (538166)]

Reading the original article (always a bad move) it talked about blocking dodgy looking web requests which, I'm guessing, took up a significant fraction of the server's resources. In such a case I'd go ahead and block. You might loose some potential valid users but that is a lot less than loosing everyone if your server clogs up.

However I'd suggest a dynamic blocking as the best means to do i.e. a machine generated list. Have a server outside the firewall examine incoming requests and block IP ranges where significant numbers of dubious requests are coming from. If the number of dubious requests falls below a certain rate then the IP range is unblocked.

This is a lot better than a permanent ban because you can't be accused of implementing a political agenda of your own and it rewards ISPs/Companies/Countries that eventually clean up their network space. Of course it does mean that you have to be able to define in terms a computer will understand what a "dodgy" request is.

For corporate emial I don't see the issue

[klubar (591384)]

At my company we block email based on country blacklists for countries that we don't do business with. It certainly cuts down on spam ... and has no false positives. If employees need to send/receive email from these countries for personal correspondence they can do it from home. It seems like a relatively no-brainer, not unlike having a receptionist screen calls or visitors.

If our firewall could easily block IP addresses, I'd do that too.

The easy way to do it...

[TheLittleJetson (669035)]

...just put a bunch of stuff on your website advocating a free and democratic China. They'll block it for you.

Hypocritical?

[Rie Beam (632299)]

So wait a minute - weren't we just getting all up-in-arms over the Chinese blocking their people from viewing unsolicited western sites? And now we should go ahead and block the entire country because of the rogue elements? I agree Chinese cr/hackers (take your pick) are a problem, but at the same time, so are any other skilled cr/hackers - just because this one has malicious intent doesn't mean we're doing any good by blocking such a large audience simply because of the possibility. Cracking will still occur, as with worms and trojans. Those who really want to will find alternate means of access (perhaps through countries a bit more generous than the United States). What is there to gain by this?

My Little Part. . .

[MikeDawg (721537)]

I like to think that I'm doing my little part by blocking all incoming connections from China, Taiwan, and some of Japan. I throw a big ass list of IPs to block into iptables (and give it time to parse all the IPs and such), and call it good. There are some good lists to block some of those Asian countries that do a reasonably good job: Some IP addresses [tsg.ne.jp].

But in all seriousness, the reason I do this, is because of the numerous attempts to brute force sshd, or to send email via my SMTP server, the vast majority of IP addresses come from China, Hong Kong, Taiwan, and Japan.

much simpler solution to blocking chinese IP

[timerider (14785)]

would be:

1. put some text about freedom of speech and/or human rights in china on your webserver
2. make sure google finds you

then the chinese government itself would see that chinese IP traffic can't reach you.

I wish...

[archaic0 (412379)]

I worked for an ISP for about 5 years... started doing tech support and moved up and on to the NOC and web design. While in the NOC were were fighting spam for our users pretty much non-stop with various black lists / filters. My job was basically to come in each day and clean out the garbage disposal as it were.

Until the glorious day we segragated our mail users. We set up a new beta mail server and split our users into two groups. Those needing international mail, and those not needing it. Over the course of 3 months, we informed users of the change and provided an easy opt-in one-click process to make sure they could send/recieve international mail.

After that grace period, we simply shut off international mail on our main server by blocking any IP space outside the US.

The load on our mail servers (4 dual CPU machines) went from averaging around 50% down to 5% and stayed there.

In our polling of our own customers, we found that 90% or more of them never had any intention or desire to send/recieve international mail. Our spam load went from several thousand spam messages a minute to less than a thousand per day.

The people that needed international mail were put on the new server and left open to all mail.

For the next few months, the staff at our office didn't have to buy lunch or snacks because that corny AOL commercial actually happened. We had customers in all the time taking us out to lunch and dropping off brownies, cupcakes, etc... our satifaction rate was never higher and I would venture to guess that we would not have been that loved had we sent everyone $50 cash.

Why isn't this a more popular choice? Is there really that much of a NEED in the general internet population for international mail? There wasn't at our company.

I think we could make international mail a feature add-on much like web hosts make CGI, PHP, or mySQL a feature add-on. Sure, to me those are just staples, but not everyone needs all that.

Sure, there's still in-country spam sources... but NOTHING like what comes from outside.

Re:I wish...

[patio11 (857072)]

How much do you trust your customers to adequately describe what their needs are? And how much do you trust that description to not change for the duration they are your customers?

Let me tell you my experience sending email from Japan:

1) I have been the silent party of a conference call between a professor at a major American university and the tech he was "#$%#&$ing out because said professor did not get the five-figure speaking fee we wanted to pay him because our repeated attempts to contact him went unanswered (the techs, to save themselves a little hassle, had blacklisted *.jp)

2) I have been asked "Why don't you ever write?" by a favorite auntie, who is exactly the lady at those tech support humor web sites make fun of. I do write, once a week like clockwork. Her ISP decided on her behalf that it needed to be /dev/null'ed.

3) I have a 99 year old great grandmother who, bless her heart, has started to use the computer. She is doing exceptionally well for 99, but if you ask her four days out of five she'll tell you "No, of course not, don't know anybody living abroad. I haven't been back to Ireland since I came over in 1916 and all my family there is dead". Then if you go on to prod her about her great grandsons she'll take your ears off bragging about those fine young men who went off and got educated and are now living in Korea or China or somesuch place where the folks are very friendly and they drink excellent tea although of course not the sort that they made in County Cork.

4) I get a copy of my local newspaper (for the neighborhood I grew up in) delivered to me once a month by my mother. A favorite teacher of mine from grade school just retired. One Google search later I had his school's office email address and sent them a letter of congratulation to forward on to him. I've gotten no response -- it probably got eaten. Asked yesterday whether he needed to speak to anyone abroad or not, this veteran of the Chicago Public Schools would have said "Nope, can't say that I do".

5) Three companies have lost my business because they can't handle having a customer abroad (seeming inability to handle emails played a part in all three cancellations, not entirely sure it was the only issue though). One (my bank) has gained it for life because they went the extra mile, including having a $10 an hour telephone operator having a three-day long spat with their IT department before I could get whitelisted. (Oddly, the IT department had clearly spent a lot of development resources on making their web forms, etc international-aware... and then /dev/null'ed all email from the customers using the special forms)

Re:What is my opinion?!

[taustin (171655)]

So you read every single spam? From beginning to end? If you don't, you are censoring those spammers! You, personally, are grinding those hard-working, ethikul bidnezmen under the bootheels of oppression!

Censorship is wrong. Blocking spam isn't censorship. That's your error.