== On blocking access from large IP ranges

The Register recently republished a SecurityFocus article by Scott
Granneman, called
[[*On blocking Chinese IP addresses*|http://www.theregister.co.uk/2005/08/31/blocking_chinese_ip_addresses/]],
discussing the implications of blocking essentially all of China
from accessing a web host due to the number of spam attacks from
Chinese networks.

In the course of the article, Mr Granneman asks:
> Here's a good question. What needs to come first: the needs of the web
> servers my friends run, or the needs of a guy sitting in Shanghai that
> wants to view the content of that web site?

In my opinion the answer is clear: *the needs of your users come first*.
As for why, let me quote from the
[[SAGE Code of Ethics|http://www.sage.org/ethics.mm]]:

> * I will design and maintain each system in a manner to support
>   the purpose of the system to the organization.

What they said. My duty lies first to my own users, and only second
to anyone else.

An open Internet is a great thing, and it would be nice to have one. But
it is now less and less compatible with running systems that are useful
to their users. I hate firewalling off large chunks of the net from our
mailer, but I would hurt even more from our users fleeing email because
of spam. And so I firewall.

Sorry, unnamed person in Shanghai. And I know that undoubtedly sounds
cold to those who I am leaving out in the cold.