Prague RIPE 40
Draft Minutes - Anti-Spam
RIPE Anti-spam working group, 2 Oct 2001 Prague
A. Administrative matters
1.scribe -- Eugenio Pierno, RIPE NCC
2.attendance -- 30 participants
3.agenda -- compressed
4.minutes -- circulated
B. Update: what is the world like?
Code Red, nimda, ...
WTC destruction 11 Sep 2001 -- opportunist bulk mail
Big commercial bulk mailers more open and public
little opposition from recipients
APNIC visit -- no clear reaction from providers in the region.
Explanations of terms MAPS, ORBS, etc. skipped since the audience was well informed.
A document about opt-IN is linked on the Linx web site,
Latest virus explosion adds confusion since most propagates via email.
After the tragedy of Semptember 11 the number of complains for spam dropped unexspectedly.
Big commercial bulk mailers are acting more openly, without fear.
They get large numbers of addresses and think what they do is legal.
The amount of spam is increasing over the last year.
The fact that there are less complains could mean people does not bother anymore
to report, they receive too much spam, and the spam is just deleted.
People are learning to live with spam.
During the visit at APNIC, Tillotson noticed a very low perception of spam
in that region, like if it is more of an U.S. problem, not a real problem
This could be explained with the high attention that is payed to crackers in
the very same region.
The chair also notes that in the APNIC region most bulk email companies use
C. Who is concerned about UBE?
++ Child protection organizations
Problem is, it is very difficult to define spam, and to say what we want
Simply put, spam is what we don't want in our mailboxes.
Question: Do we have a uniform legislation about spam?
In Hungary there is an agreement within ISPs: the customer that wants to complain about
spam has to do it with his own ISP, that knows how to act and what to do if it comes
from within Hungary.
Observation: It's a good idea, but it's a big communication problem how to get the
customer contact the ISP for spam.
D. Why do we care?
What do you want to achieve?
++ Keep customers happy
++ Proper use of resources
++ The Internet working by consensus
Is this different from other security?
E. Ways we could (++ might) eliminate UBE
Lots of ways, technical or people-based
Facilitate accurate and effective reporting
++ whois data is incomplete
++ use of whois is not consistent (may need client and server changes)
++ some providers do not honour RFC 2142
encourage positive response to reports
++ one country advises reporting to your own ISP
Encourage good practice
++ denounce pink contracts
++ arrange to provide AP language versions
++ share material from APNIC FAQs
New mail protocol
Are they worth what they cost?
Do they contribute to broader security?
Proposals on how we could eliminate spam:
- Change the SMTP protocol to do proper authentication.
This is a long term solution but probably the real one.
- Add a field to the corresponding entry in the RIPE database.
The RIPE database could be setup as an example for others, but this has to be
discussed in the Databse WG.
Y. What do we do next?
++ Talk with marketers
++ Talk with DB WG
++ Consolidate advice with APNIC, ARIN, NANOG (others?)
Z. Agenda for RIPE 41
To be agreed on the mailing list as soon as possible.