RIPE 40

Archived This content has been archived and is no longer actively maintained.

Prague RIPE 40


Draft Minutes - Anti-Spam


RIPE Anti-spam working group, 2 Oct 2001 Prague



A. Administrative matters

1.scribe -- Eugenio Pierno, RIPE NCC
2.attendance -- 30 participants
3.agenda -- compressed
4.minutes -- circulated

B. Update: what is the world like?

MAPS changes
ORBS
Code Red, nimda, ...
WTC destruction 11 Sep 2001 -- opportunist bulk mail
Big commercial bulk mailers more open and public
operating opt-OUT
little opposition from recipients
APNIC visit -- no clear reaction from providers in the region.
List discussion


Explanations of terms MAPS, ORBS, etc. skipped since the audience was well informed.
A document about opt-IN is linked on the Linx web site,
Latest virus explosion adds confusion since most propagates via email.
After the tragedy of Semptember 11 the number of complains for spam dropped unexspectedly.
Big commercial bulk mailers are acting more openly, without fear.
They get large numbers of addresses and think what they do is legal.


The amount of spam is increasing over the last year.
The fact that there are less complains could mean people does not bother anymore
to report, they receive too much spam, and the spam is just deleted.
People are learning to live with spam.

During the visit at APNIC, Tillotson noticed a very low perception of spam
in that region, like if it is more of an U.S. problem, not a real problem
for them.

This could be explained with the high attention that is payed to crackers in
the very same region.

The chair also notes that in the APNIC region most bulk email companies use
pirated software.

C. Who is concerned about UBE?

Recipients
ISPs
Carriers
Privacy activists
Legislators
++ Child protection organizations
++ Marketers

Problem is, it is very difficult to define spam, and to say what we want
to achieve.
Simply put, spam is what we don't want in our mailboxes.

Question: Do we have a uniform legislation about spam?
Answer: Almost

In Hungary there is an agreement within ISPs: the customer that wants to complain about
spam has to do it with his own ISP, that knows how to act and what to do if it comes
from within Hungary.

Observation: It's a good idea, but it's a big communication problem how to get the
customer contact the ISP for spam.

D. Why do we care?

What do you want to achieve?
++ Keep customers happy
++ Privacy
++ Proper use of resources
++ The Internet working by consensus

Is this different from other security?


E. Ways we could (++ might) eliminate UBE

Lots of ways, technical or people-based
Parallel universe
Peering agreements
Facilitate accurate and effective reporting
contact details
++ whois data is incomplete
++ use of whois is not consistent (may need client and server changes)
++ some providers do not honour RFC 2142
encourage positive response to reports
++ one country advises reporting to your own ISP
IPv6
Encourage good practice
anti-relaying
opt-IN
RIPE-206
++ denounce pink contracts
++ arrange to provide AP language versions
++ share material from APNIC FAQs
RBLs
Port filtering
Message filtering
Cryptograhic authentication
New mail protocol
Educate users
++ ENUM
Are they worth what they cost?
Do they contribute to broader security?

Proposals on how we could eliminate spam:

- Change the SMTP protocol to do proper authentication.
This is a long term solution but probably the real one.

- Add a field to the corresponding entry in the RIPE database.
The RIPE database could be setup as an example for others, but this has to be
discussed in the Databse WG.


X. AOB

Y. What do we do next?

++ Talk with marketers
++ Talk with DB WG
++ Consolidate advice with APNIC, ARIN, NANOG (others?)

Z. Agenda for RIPE 41

To be agreed on the mailing list as soon as possible.