- content to the Chair of the working group.
- format to webmaster _at_ ripe _dot_ net.
Thursday, 8 May 2008, 14:00 Palace Hotel, Berlin, Germany
Chair - Brian Nisbet
Scribe - Fergal Cunningham
A. Administrative Matters
Working Group Chair Brian Nisbet introduced himself, welcomed the attendees and introduced the session. Co-Chair Richard Cox was unable to attend the meeting but hopes to return for RIPE 57. The minutes from the RIPE 55 session were approved with no comments and there were no additions to the agenda.
B1. Developments in E-mail Abuse
The Chair commented on the upsurge in calendar spam and Google adwords phishing reported in Symantec's now-monthly report. There has also been an increase in US subpoena key logger vectors whereby people receive an e-mail saying they have been subpoenaed by a court and are asked to download a malicious file.
B2. Developments in Anti-Abuse
The Chair commented on a company called Brand Mail Solutions, which is a sender verification setup that gives trust to users by taking money from brands and liaising with e-mail providers. So people would get mails that would then be checked against a central database to prove to the user that it comes from a valid address. Spammers can also spend money to get on the database but it does help people by providing a level of authentication.
Hannes Tschofenig commented that he has seen some of this system and some people create identity federations or associations that vouch for this company so they have some reputation. You can join one of these associations and they give you reputation depending on how you behave. And obviously there is a fee as well so arbitrary users can't just show up and use them. He wondered how successful they have been.
Brian, speaking personally, said there have been a variety of reputation services and none of them have worked fantastically well, but it depends on what problem they're trying to solve. Problems arise when people using the reputation services are not as reputable as the receiver would like.
Fergal Suipeal (University College Dublin) asked if we wanted to train people that sometimes it is OK for them to put in their personal details and send them to someone they think is, for example, their national airline carrier? The Chair responded that people have been made paranoid by people telling them they can't trust what they receive in their Inbox. He noted that the content of the mails would not change with these verification systems and he feels that we should not deviate from what he believes is the best policy of advising people against doing business with people who ask you to send passwords or click on random links, regardless of verification software.
Fergal asked whether mail users in general were perhaps too paranoid. Brian, noting that this was a personal preference, felt that often people are paranoid in the wrong direction, i.e. some people are not willing to input details on secure sites but then readily provide their information where they shouldn't. Brian suggested that we can see if these verification systems work and then decide the correct level of trust to place in them. They may not necessarily be a bad idea.
Fergal commented that one of the problems is that technology is such that people can't trust or verify what they see. For instance, they see a padlock icon but do not know exactly what this means.
Roland Perry, speaking in a personal capacity, commented on a mail he received that resulted in the user clicking a number of links that redirected to unexpected areas on a number of websites. Roland also commented on an e-mail he received which purported to verify it was from his credit card company by supplying four digits of his credit card number, and this is something people should be warned about.
The Chair noted that there are lots of companies who do dumb marketing things and the Anti-Spam Working Group would like to educate these companies against mistreating their customers in this way. There is no real technical solution to this and the key to solving the problem is education.
B5. Recent List Discussion
This is almost all Part E of the current agenda. The Chair noted that there has also been some discussion on how RIPE can get in touch properly with ISPs in the region but no community policy relating to this has been created so far. He reminded attendees that the WG Chairs can't take mails and form a policy it's up to the people who send the mails to the list, as is right for a bottom-up policy formation system.
C. Technical Measures
C1. Sender Verification
James Monico (BSkyB) asked the forum if anyone had ideas on technical measures to prevent outbound Director MX spam and also to detect viruses that are sending traffic into the wider Internet. He commented that his company had eliminated the problem of inbound spam by outsourcing their mail platform to Google. Brian, speaking personally, responded that there was no reason why one can't run various mail filtering applications in an outbound way as well as inbound.
James asked if detecting spam leaving the network was something people in the group generally did. They receive about 100 requests a day to prevent customers sending spam so it is a significant problem. This is mainly compromised machines being used to send spam.
Michael Dillon (BT) suggested using an organisation called the Mail Anti-Abuse Working Group (MAAWG), which is doing a lot of investigation into this area. In BT they try to detect bots and shut them down before they do much damage. He was unsure of the exact technical details but they were documented so they should be findable with a web search. But MAAWG is specifically focused on dealing with e-mail operations on the Internet and the surrounding abuse issues.
The Chair commented that a quick search and look at abuse groups and the tools they use will reveal a lot to you. If you are a large outbound mail provider you can contact other large outbound mail providers to see what they use. Jos Boumans, speaking as an ex-employee of a large Dutch ISP that provided this service, said he was happy to talk after the session to explain technical details.
D1. Working Groups
The Chair noted that there are measures in place for the WG to work in an advisory capacity with the Data Protection Task Force and the Enhanced Cooperation Task Force, who are working in some similar areas. So far there have just been a few informal conversations.
D3. Other ISPs
D4. Bulk Mailers
E1. Proposed New Charter to Change Working Group from Anti-Spam to Anti-Abuse
The draft charter as it stands at RIPE 56 is available to download at:
The Chair explained that there was a discussion at RIPE 55 on whether Anti-Spam is too narrow an area for the group to focus on and that the WG has expanded in nature since it was formed. The Internet has moved on to issues outside of spam such as compromised machines and abuse of websites, and no other Working Group currently looks at this wider area. He noted that there was general consent and one voice of dissent at RIPE 55, and people have largely been in favour of expanding the scope of the WG on the mailing list.
The Chair then presented the charter on screen. He noted that no decision on accepting or rejecting would be reached today. The current version was posted 7 May 2008 and there were no responses up to the time of this meeting. The Co-Chairs think this is a sensible direction to go in. They are aware of concerns about losing focus or biting off more than the group can chew but they feel it is possible to widen the area to expand the scope whilst not forgetting the issue of spam.
Malcolm Hutty (LINX) commented that the redrafts were moving in the right direction but it is important to be careful about drawing the line when it comes to the term abuse. For example, his network thinks that Skype is abuse. There are many things people consider to be abuse and other things that are considered acceptable. He asked if the Chairs had a coherent theory on what constitutes network abuse.
The Chair agreed that people have different views. They will probably never reach a point where everybody is happy with the definition of what constitutes abuse. They will work harder on it if the WG or community wants that but there will probably never be complete agreement.
Malcolm asked if the Chairs were trying to come up with a best practices document that will advise people on how to prevent Skype running on their computers. The Chair said they were more concerned to deal with recognised malicious technologies.
Hannes Tschofenig commented that the focus should not be so much on terminology but on making best use of the expertise in the WG and establishing who the experts are in this area. The Chair responded that the Anti-Spam WG mailing list contains people with expertise but there are other experts out there and if scope widens he hopes that these other people will be drawn in. The ENUM WG is closest in theory to the AS WG but it has no intention to look at abuse of systems. So there is no other group where we can say 'we don't need to worry about it because they are'.
Hannes commented that some people have started work on SPIT prevention but it's difficult to find network operators who have encountered specific problems. Unless people have real-life experience it is hard for them to write guidelines on preventing abuse it is just a theoretical discussion. The Chair noted that this charter is still a draft. There is a document with a list of examples and if that doesn't go far enough it can be added to.
Hannes asked if the Chairs wanted to be proactive and look at possible future issues. The Chair responded that it was not looking at producing one catch-all statement. It was more about looking to produce the information they can produce and widening the scope so in the future they had the potential to look at arising problems instead of being tied to a single issue.
Peter Koch said that the draft charter is going in the right direction but he shares Malcolm's concerns. The decision to put things not to discuss on the charter is a good choice. He is unsure where the desire to expand the group comes from. This WG is an information exchange. If you develop documents you would need a