- content to the Chair of the working group.
- format to webmaster _at_ ripe _dot_ net.
10 May 2007
Chair - Rodney Tillotson
Scribe - Chris Buckridge
A. Administrative Matters
- Select a scribe; thanks to Chris Buckridge, RIPE NCC
- Distribute participants list
- Finalise agenda; as available online
- Approve minutes from RIPE 53
- Appointment of new working group chair
The Chair announced that he would be stepping down from the position, and if the WG is to continue to exist it will require a new Chair (and possibly Co-chair). The Chair noted that it would also be a good time to re-evaluate the purpose of the WG; and these two questions were the priority items for this meeting.
The Chair placed this WG in the context of other anti-spam activity.
Roland Perry of the RIPE NCC commented that the IGF and MAAWG focus largely on legitimate marketers (preventing spam from identifiable, conscientious companies, not all the other spam). Too many discussions about spam get bogged down in the distinction between legitimate marketers and the other 99% who are not legitimate. The Chair mentioned that there are two classes of big players; those with many destination e-mail addresses, and those who have many messages to send, which are not necessarily unreasonable; and these often get lumped in with spam. Perhaps it needs a different name.
The Chair identified several possibilities for the WG, one of which was to adjust its scope. Roland Perry of the RIPE NCC noted that there are now areas (in London, specifically) where Bluetooth-enabled mobile phones will receive unsolicited marketing messages. Under EU legal guidelines, this is regarded as e-mail. He suggested that perhaps the WG focus should shift to unsolicited messaging of all kinds.
The Chair listed several serious questions on a wider scale affecting the choices for the WG. For example, is spam a solved problem? Has e-mail had its day?
There was no consensus that the spam problem is already solved. While there may be solutions that are sufficient for some people, this is a temporary state, and there will be new generations of spam, whether it be Bluetooth, or circumventing the current filters.
One person commented that the age of e-mail and electronic messaging is nowhere near past. Another, that the age of e-mail will be over if we do not solve the problems, that we are at the top of a slippery slope, and that the trade-off between usefulness and annoyance is shifting against e-mail. He also noted though, that it remains very useful; and went on to identify a way forward for the WG as a force for the mitigation of resource abuse. Just as other WGs deal with parts of what RIPE is, perhaps this should be a WG to deal with the abuse of the resources handled by RIPE. This is a step away from any narrow definition of spam, and could include IP, naming, bandwidth and all the other resources with which RIPE is associated. It is important as other bodies, such as IANA, ICANN, look to organisations like RIPE for some sort of lead on issues like this.
There is already an Anti-Spoofing TF, and it was suggested that that the objectives of the two groups may now be close enough to warrant merging them. The Chair noted that there is obviously some overlap with the Anti-Spoofing TF, though they have a relatively specific, concrete goal, and after achieving this, the TF will close down.
Each of us has our own favourite anti-spam methods, and this WG is a means of building consensus. The RIPE community has already identified consensus in some areas of best practice, and a lack of consensus on other areas; this in itself is a potentially useful function of the WG. Even if there was no desire to remain active, it might be worth maintaining an identity for the WG in abeyance.
The Chair put it to the group whether it was the moment for a radical change and there was no support for such an option or for closing the group.
The Chair asked about changing the scope of the group, and there were a number of comments.
This is an opportunity for broadening the focus to look at messaging abuse and other forms of abuse that were not thought of when the group was set up. It could also look more at training and advice areas, broaden those and possibly talk to the NCC about activities at regional meetings with new LIRs, so that from early on they get the anti-abuse message and some feeling for the community consensus on how to act. Looking at all abuse on the network would be too unfocused though; it is important to focus only on a subset of the resources.
The phrase "the proper way to act" nicely encapsulates what RIPE and its associates are doing. This commenter was not convinced that there is an overlap between the WG, dealing with the origination,and the TF dealing with the destination.
90% of all e-mail is now spam. Do you just protect the inbox, or can we say we have ten times more e-mail bandwidth than we need? The Chair questioned whether bandwidth for e-mail alone is a scarce resource, but agreed that the volume of spam and abuse continues to push up the cost of servers and support. End users have learned to some extent to live with spam and the problems caused by it including waste of their own human resource, though it is unclear that the human resource is within the purview of the WG.
The Chair explained that there were known to be two people already interested in taking over the duties of Chair of the WG, and asked for any other volunteers. There was a comment that it was good to have two people acting as co-chairs, as this would mean that there was a back-up in case one of them couldn't attend a RIPE Meeting; but no further offers.
Nigel Titley of the RIPE NCC Board noted that the WG Chairs collectively would almost certainly accept the nominations of the WG itself. He also noted that the process gone through was sufficient, and that the internal affairs of the WG were essentially up to themselves.
With the consent of the WG the retiring Chair nominated Brian Nisbet as Chair and Richard Cox as Co-chair.
- B1. Developments in E-mail Abuse
There was a comment that the key to phishing is a socially engineered approach to the individual; if people go to a Web page of their own volition it is not "abuse" (though it is fraud).
The Chair noted that this is a fairly mechanical assessment of phishing, and that if we can find a way to prevent bulk e-mailing, the "bad guys" will find a new way to attract them to the dishonest pages. If we make it impossible to operate a phishing web page, they will find a new way to conduct fraudulent activities; and so on. Network abuse is a live example of "asymmetric conflict". There was a comment noting a new spam message being propagated using "Microsoft" as a key part. The Chair noted that while Microsoft is always a handy target for jokes, they had actually taken some useful steps in this area, occasionally stemming from discussions with members of this WG.
The Chair further noted that they are major players in a good position to take steps against spammers, whether it be legally chasing down spammers, or making changes to their own software in areas that are identified as facilitating spam; both of which they have done at various times.
- B2. Developments in Anti-Abuse
- B3. Legislation
- B4. Products
- B5. Recent List Discussion
No substantive comments.
Richard noted that Spamhaus going public is a way of ensuring that they are accessible and approachable. He also noted that Hormel Foods, owners of the "SPAM" trade mark, had worked with Spamhaus and agreed that the presence of the same four characters need not be an objection to the registration of "Spamhaus" as a different trade mark. That registration will have the important side-effect of providing legal protection for Spamhaus domain names, and the cooperation with Hormel is welcomed.
C. Technical Measures
- C1. Filtering
- C2. Sender Authentication
- C3. Bounce Suppression
No substantive comments.
- D1. Database Working Group, IRT object
- D2. Marketers
- D3. Other ISPs
- D4. Bulk Mailers
- D5. Anti-spam industry
- D6. RIRs
- D7. IETF
No substantive comments.
- E1. Update to LINX BCP and RIPE-206
RIPE NCC are expected to publish the update as a RIPE Document very soon. Roland Perry of the RIPE NCC noted that perhaps the banking industry needs more advice, particularly ways to better distinguish between legitimate bank e-mail (if indeed these are necessary) and phishing mails.
- There was a comment commending the Chair on his performance as Chair of the WG.
Y. Future Tasks
- Y1. Working Group Direction
Discussed earlier as a priority item
Z. Agenda for RIPE 55
- Plenary Presentations
Likely to be similar to other recent meeting agendas. Suggestions and offers for presentations invited.