Draft minutes from RIPE 31
Anti-Spam Working Group
1. ADMIN STUFF
Chair: James Aldridge, EUnet
Scribe: Petra Zeidler, Xlink
2. GENERAL WG INPUT
2.1 Current problems,major incident reports, etc
"Reverse Spam" - Forged mail headers implicate innocent third party;
the innocent party gets all complaints, delivery reports, etc.
"Spam Relaying" - main problem in Germany as spam sending is
Problems with unresponsive spam originating provider.
2.2 Means of dealing with spam
SMTP port blocking for incoming/outgoing
Blocking known spammers (blacklists)
2.3 Roaming Customers
- setting e.g. local mail smarthost transferred in PPP negotiation
- tunnelling back to home ISP
- authenticated SMTP
- limited amount relaying (when connecting to home server from remote
2.4 Implications of blocking/restricting SMTP to force use of ISP's relay
Some people want to be able to send end-to-end
3. CODE OF CONDUCT FOR ISPs
- Ask customers not to spam
- responsive to spam reports
- coordination of open relay removal (taking advantage of
- have an abuse@ email address (reference RFCXXXXX standard email
- educate people to see where to look
- get complaints fast to block ongoing abuse
- abuse.net to make abuse reporting easy
- blacklist known spam users:
= wouldn't work with online registation ISPs
= may be illegal
- IP address use limits (assignment of IP addresses to customers has
additional limitations above existing Regional Registry rules)
- US: "good" spam (has correct "From" field)
- Belgium: "database entry" spam (not really a legally
- gathering addresses from public databases (RIPE, InterNIC,
etc). All databases copyright; proof of abuse leads to
- NSI CD-ROM seems to have been withdrawn
- White pages
- "tar pit" - abuse triggers delay in all SMTP actions
limiting rate at which spam can be transmitted.
- restrict number of recipients in a single SMTP
- Get "typical" spammer's profile so new ISPs can avoid taking
- get together a common set of terms and conditions -
different laws across Europe - how does this affect us?
- what existing laws relate to spam?
- what about non-EU countries?
- terminate contract if abuse
- bill for abuse cleanup
- have marketing people write "netiquette" document
- EU-wide, every ISP netiquette and maybe even have country
- put pressure on software vendors to not deliver SMTP servers
which are open to third-party relaying in default
- technical measures won't last for ever: legal standards are
- have an RFC say "thou shalt not relay 3rd party mail"
- "Good netkeeping" /"RIPE approved" sticker for software with
last resort will become first
duplication of efforts to be avoided
LINX is hosting a "spam conference" in London in October
Check maps.vix.com for relaying checker and hints to fix is open and a
lot of other useful information.