RIPE 32

DRAFT MINUTES (VERSION 1.1)

Anti-Spam Working Group
RIPE 32
Chair: James Aldridge, EUnet
Scribe: Raza Rizvi, REDNET

New WG chair needed. No volunteers came forward but Rodney Tillotson of
UKERNA had previously volunteered to the chair by email.

Clive Feather (Demon) gave a summary of the proposal for a EU Directive on
ECommerce. This requires that the recipient of a message can indentify the
sender of the mesage at reciept time. Liability of ISPs in the transfer of
information has also been clarified.

George Mills of The European Coalition Against Unsolicited Commercial Email
(http://www.euro.cauce.org) presented on the proposal for a EU Directive on
ECommerce. This can be seen at
http://www.ispo.cec.be/Ecommerce/legal.htm#legal

In outline:

What is a commercial communication
Promotional offers must be identified
Regulated Professions
Electronic Contracts
Liabilities of Intermediaries
Mere Conduit
Caching
Hosting
No obligation to monitor except for a specific purpose for limited time
Once informed, must take immediate action
Codes of Conduct
Out of Court dispute settlement
Court Action
Cooperation between authorities
Electronic Media
Santions
Exclusions


If it goes past the proposal stage and is formally accepted, then it
will be added to the journal of directives within 20 days and then be
liable to enforcement by member states within 1 year.

Article 6 and 7 are most pertinent to ISPs.

Modification to the USENET Path list might be construed as a change of
message and make ISPs liable to collusion with the poster.

IRC/ICQ might count if they contain adverts.

WG Charter:

The chair believes that the group should have a technical element to
it's existence. There were no dissentions to the contrary.

General discussion:

EUnet use RBL for SMTP at router level. It was noted that ORBS was now
back in service.

With regard to the RIPE database holding information on dialup or NAT
blocks of address space it was stated that there were frequent
arguments on the spam-tools list about the status of static vs dynamic
dialup.

Dial customers either send their mail via a relay or directly (using
their own MX lookups). Apparently UUNET have said there is no reason
why any of their dial customers should be doing MX lookups from the
dynamic addresses they are given at connect time.

It was pointed out that a company could hid it's whole organisation
behind a single address using NAT and thereby might be at risk if that
address were SMTP blocked.

James Aldridge to speak to Database Working Group on further flags with
input from Clive Feather about the need for dynamic dial blocks, static
dial blocks, static dial blocks with NAT etc etc

James Aldridge suggested the collection of Terms & Conditions/AUPs from ISPs
to allow work on a code of conduct. No volunteers to chair this work. LINX
and IETF may be working on a similar document.

Centre for European Network Abuse Resolution:

Originally viewed as a last resort but majority thought in RIPE 31 that
it would end up being used as the first resort.

Final point: California has a 2 year jail penalty for the sending of SPAM
with a forgeed header - you have been warned...