Another necessary fix is for ISPs to keep record of which user had which IP address at any given time, and to keep contact details for all their users (this is desirable for secuirity and legal reasons too).
This is elementary; know who your customers are and what they are doing with your infrastructre.
If you keep all your servers time sync'd and keep full Radius accounting records, yes, you can translate an (IP address, time) pair into a username. Some ISPs can do this reliably. Many don't. Seconds may well matter. The next problem is to associate that user name with a person. Dead easy you may think. But the user may claim that someone else has been using their account. Thus you also need to log CLI (calling number identity), which in turn means your telecom provider has to present it. The ISP must also have a policy on what to do with withheld or unavailable CLI. So while this seems simple, actually it isn't. Very few ISPs actually do the whole of this (IMHO).
If you build these two things together with a term in peering agreements that classifies spam abuse in a similar manner to the way most agreements currently classify security problems (i.e. mutual terms for traceability and action), and one hopes that similar terms are already in place in transit agreements, then one should be better able to get spammers removed.
Almost all peering on the Internet today is 'soft'; in that it is 'just packets' that is moved. If we are to get tough on enforcing this we'll need lawyer-based peering aggreements.
Mmmm... About 30% of my US peers have paper based agreements. Most of them (probably all) have security based agreements, but ...
Remember the Internet of 1993 ? How fearful we all were about getting such 'firm' peering aggreements,
... wasn't most of the fear about a price being attached to them? (for exactly the reasons you state below). The academic networks have always had AUPs you are expected to abide by to some extent as peers. JANET in the UK being a good example.
because it would force us into a PTT-stand on almost all the models of pricing, transit etc. that the Internet Community loathed (does it still?).
Are we ready for the 'firm' peering aggreement ?
I think this is largely orthogonal. You can equally well implement the "if you don't track down spam, we'll cease this arrangement" in an email based, lawyer-free peering environment. And you make this point yourself below (*), My personal view is that firm peering agreements are inevitable. But this is another issue entirely. (*) - > The other way is to keep up the self-justice. Drop the peering
with the bozo generating the spam.
-- Alex Bligh GX Networks (formerly Xara Networks)