You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Minutes of RIPE 35 Anti-spam WG

  • To: RIPE anti-spam < >
  • From: Rodney Tillotson < >
  • Date: Tue, 14 Mar 2000 12:19:46 +0000

Thanks to Gerry Berthauer for most of these notes.
Corrections or comments to the list or to Rodney Tillotson.


Minutes of RIPE 35 Anti-spam WG, Amsterdam, 23 February 2000


Chair: Rodney Tillotson, UKERNA
Scribe: Gerry Berthauer, RIPE NCC
35 people present.

1. The agenda was agreed with additions from the meeting.


2. Update.
2.1 Open relay products

The chair asked about products which do not default to anti-relay 
configuration -- ie their default configuration is wrong!

The following were mentioned:

Old Sendmail versions before 8.9.3
Microsoft Exchange before 5.5
Appleshare before 6.1/6.2
Lotus Notes/Domino (R4.5, R4.6 no fix, R5 is better)

We have to live with people using old Sendmail versions.
We can 'beat up' manufacturers to default to non-relay configuration.


2.2 Recent developments in spam
2.2.1 Is spam different from what it was 3 months ago?

+ A lot of spam coming from the far east (China, Hong Kong, Korea,
Singapore.  This region has been 'discovered' for open-relaying.
Most of the spam comes from the US though.

+ Robot scanning/harvesting for addresses on websites (and mailing
lists?)

+ Spam sent to postmaster@, abuse@, majordomo@ email addresses.
For instance offering to sell domain names to the highest bidder.

+ Clever spammers pick good subject lines and personalise email.

+ Political spam (Belgium, last election campaign). Traceable so most 
likely not intended to be spam, but what if this kind of election mail
reaches non-Belgian citizens?

+ Increase of 'dummy spam'. A new generation of spammers who use the
old tools of original early spam.

2.2.2 Beginning of virus-related spam (see filters, later).

2.2.3 Spammers hacking machines, installing port forwarders.

Not clear what we can do about this. There is a risk of ISPs being
blacklisted because of port forwarders installed on dialup clients.

Products to keep an eye on?
Wingate (with SMTP turned on and used in Windows 98).


3. Code of Conduct
3.1 AUPs, no discussion.

3.2 Adoption of the LINX BCP

The chair asked for a clear consensus. 80% of the meeting had read the
LINX BCP and agreed that it should be adopted as a RIPE document;
nobody objected.

The meeting agreed that:
+ a small number of UK references should be removed or made more
general;
+ the format could be adjusted as required for RIPE documents;
+ the chair would ask the RIPE 35 plenary to approve the document;
+ provided there was no objection, the chair would arrange for the
BCP to be added to the RIPE document store.
[note after the meeting; the BCP is now ripe-206, see
http://www.ripe.net/ripe/docs/ripe-206.html]

3.3 Opt-In and opt-OUT
3.4 Abuse of lists
No time for discussion, kept for next meeting.
The chair will circulate draft documentation about how to run a
mailing list properly.

3.5 Blacklists

The best-known blacklists are the MAPS services (RBL, DUL and RSS
-- see http://maps.vix.com/) -- and ORBS (http://www.orbs.org/).
In both cases the Web pages explain that using the lists may block
some wanted mail as well as a lot of spam.

The MAPS RBL is very well managed but there is some delay before it
records an address. ORBS responds very fast but actively probes for
relaying addresses, and some people think it makes mistakes.

ORBS appears also to list networks who do not cooperate with their
system. Half the meeting already use the RBL, and some also use ORBS.

The whole meeting agreed to recommend use of the MAPS RBL wherever
possible.

The meeting agreed that it is not at present possible to recommend
use of ORBS.

3.6 Filtering
3.6.1 Syntax checking

We briefly talked about the effect of rejecting mail transfers which
fails to comply with RFC protocol or syntax. Most spam will fail,
but a lot of legitimate list and other mail will be lost too.

3.6.2 Filtering services

There are products and services which claim to find viruses, spam and
other unwanted mail byt examining the contents of every message.

Approval from customers needed first; in some countries (Austria) it
is illegal unless individual customers have agreed to it or asked
for it.

3.6.3 Use of log files

Is it illegal to store log files and to use these log files to control 
spamming?

In the UK, log files can be stored and used to prevent damage to
services (Telecommunications Act). Log files can be stored for billing
purposes.


4. Assistance to CERTs
4.1 Reading mail headers
No time for discussion, kept for next meeting.


5. AOB -- none, all included somewhere else.


A DRAFT agenda for the next meeting follows in a separate message.





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>