- content to the Chair of the working group.
- format to webmaster _at_ ripe _dot_ net.
Chair Rodney Tillotson
Scribe Arife Vural, RIPE NCC
Thanks to our scribe.
Co-chair not able to be present.
About 30 participants.
Jabber presence and audio webcast set up.
As a priority item we considered updating RIPE-206, BCP for
ISPs on preventing UBE from their own networks.
Agreement that Rodney can start the Policy Development
Process with the draft document made available that is very
close to the current LINX one.
Register proposal, then circulate to list;
comment period 4 weeks.
Last call, a further 4 weeks.
It should then be possible to publish the update.
It is important to get this simple task done without further
We can take more time to improve on the advice after that;
there were some expressions of interest and a suggestion
that it might be best to produce two separate documents, but
no firm offers to do the real work needed.
B1 Developments in abuse
Social engineering continues to become more sophisticated:
Phishing is still effective and we remembered
Danny McPherson's comment in an EOF talk earlier about
"spear phishing" in which a machine in a merchant's network
is compromised and specific transaction data used to
increase the chance that a consumer will reveal card or
Header forgery in some abuse messages is good enough to make
the work of an abuse desk difficult.
Some abuse messages are made to look like mail system
bounces or notifications.
Rodney asked whether anybody had noticed an overall increase
or decrease in the amount of abuse mail in their network or
Roland Perry: less spam lately to his real e-mail accounts,
but an increase in traffic for invalid
B2 Developments in anti-abuse
No recent spectacular prosecutions.
The Nigel Roberts case in the UK was interesting because
although the amount of compensation involved was small,
there have been no similar cases in the UK where anti-spam
laws are considered relatively ineffective.
Internet Governance Forum
Jay Daley explained that the purpose of the IGF was to
prevent the ITU from taking control of the Internet.
Roland has a short slot in RIPE NCC Services WG. Spam is
certain to be on the agenda for the first meeting of the IGF.
The anti-abuse industry
Recent Press coverage about the partnership between Goodmail
and AOL has been mainly hostile. Jay pointed out that
Goodmail make a financial commitment to the quality of their
customers so have some credibility; but not everybody was
convinced that consumers or smaller ISPs would benefit as
much as these big players.
C Technical measures
Roland described difficulty he had seen with online
purchasing (of air tickets, in his case); that the
confirmation messages were too often full of HTML, which is
an easy target for any filtering engine and results in false
C2 Sender authentication
No updates on SPF or DKIM.
C3 Bounce suppression
Rodney described how bounces to forged originators are a
problem in his environment, and how it is important to
eliminate them as far as possible. Early rejection is best
(using call-ahead or database copies); where it's not
possible, operators might consider checking the incoming
message before sending each notification.
DB WG, confirm status of IRT objects, "abuse-mailbox:"
attributes and default whois output.
[This was raised at the DB WG. Documentation has not kept up
with changes implemented by RIPE NCC.]
Robert Seastrom: access to mail system logs very quickly
identifies bad users or systems inside the network as well
as some problems from outside.