RIPE 55

RIPE Meeting: 55
Working Group: Anti-Spam
Status: Final
Revision Number: 1


Thursday, 25 October 2007 - 14:00 Grand Hotel Krasnapolsky, Amsterdam, The Netherlands
Chair - Brian Nisbet
Scribe - Chris Buckridge

A. Administrative Matters

The Chair introduced the session, and introduced himself and his Co-Chair. The minutes from the RIPE 54 session were approved with no comments.

B. Main Presentations

B1: Results from ENISA 2007 Survey on Providers' Security and Anti-spam Measures - P. Manzano

http://www.ripe.net/ripe/meetings/ripe-55/presentations/manzano-enisa-survey.pdf

Pascal Manzano reported on the survey conducted by ENISA between June and July on a range of European providers (ISPs, ESPs, telcos).

Roland Perry noted that the surveyed number of users deploying greylisting seemed quite low, and asked whether this was because it was new. He also noted that he had found it to be very successful. Pascal expressed his personal feeling was that it was efficient, but still new, and as it ages, spammers will adapt to it. Brian, noting that he was speaking purely on his own behalf, added that he does not like greylisting, and feels that it is too much like "challenge-response" he noted that there are many people who will not deal with greylisting, even though it undeniably reduces the amount of spam.

B2: Improving Our Good Old Blacklisting - C. Rossow

http://www.ripe.net/ripe/meetings/ripe-55/presentations/rossow-improving.pdf

Christian Rossow presented a recent study that the Institute for Internet Security has done on blacklisting.

Peter Koch asked about whether they had looked at the content of the blacklists with respect to time-outs (particularly in regard to botnets etc.). Christian noted that they had tried, but the huge amount of data had made it difficult to compute their work was based on samples.

Peter also asked about some recent court rulings in Germany to do with applying blacklists, and asked whether this was incorporated into their work. Christian noted that he had not had the chance to look at all countries. Peter clarified that he was talking about the side of the user of the blacklist, rather than the blacklist provider.

B3: eXpurgate Presentation - R. Gannon

http://www.ripe.net/ripe/meetings/ripe-55/presentations/gannon-spam-trends.pdf

Raymond Gannon presented on some of the research done by Eleven on spam trends over recent years.

Peter Koch commented on the lifespan of spam addresses, and asked what time intervals the researchers had used. With regard to the apparently short-lived "zombie" addresses, Raymond noted that the measurements would have been taken over 3-4 months.

Christian Dietrich of the Institute for Internet Security noted that his organisation had experienced a similar thing with short lifespans, but feels it may be a statistical problem (a forced re-connection after 24 hours might be to blame).

C. Interactions with Other Working Groups

C1: Implications of Data Protection TF Work

Richard Cox discussed the DP-TF, which met Monday, and discussed issues of privacy under Dutch law as they relate to the RIPE Database. He noted that this is closely tied to issues of spam and spam prevention, and that in some areas the database is currently non-compliant. Wilfried Woeber noted that within the next few years we will need to review the operating procedures of the database, which will impact on spam prevention, and the Anti-spam WG's input will be vital. He noted that the focus of the TF has been on bringing the database up to speed, but it has now started to investigate related issues, including how a piece of information can be removed from the database. This raises issues if the piece of address space is still in use, whether legally or not.

Richard noted that the data in the database is provided by whoever sends it in, but the law requires that the data be accurate, so if the person who put the data in there no longer has authority over that information, RIPE NCC is in breach, even though it often has no contractual standing to enforce anything.

C2: Database WG Updates

No report.

D. Advice

D1: Update to LINX BCP and ripe-206

Now published as ripe-409. Brian noted that this document is already essentially out of date, and there is a strong need to update it. Both of the Chairs will be looking at this, and would appreciate any assistance that anyone can offer.

E. Recent Spam Related Events

Richard discussed a recent German court decision, which stated that a provider could not reject mail from a competing network based on a blacklist. This raises significant issues for the industry, particularly about where competition ends. There will be a statement issued by the Association of the German Internet Economy (ECO) that may clarify things in this area.

Peter Koch noted that this was based on competition law, and was probably based on newsletter from the sender being rejected, so it may not have as wide-reaching effects as feared. Richard noted that Spamhaus has always recommended blacklists be used only on a voluntary basis. Wilfried noted that it will be interesting to see what exact service the ISP was providing to the server. He also noted that a provider implementing blanket blocking is a very dangerous thing, and a slippery slope.

F. Working Group Charter

The current charter states that the WG should advise on best practice and look at instigating a European Response Center. The Chairs suggested that this would be a good time to look at the various options for updating the charter, though a final decision would be left till after discussion on the mailing list.

Options at this point include:

  • Do nothing, maintain the status quo and stick with mainly giving advice to ISPs around the region
  • Rewrite the charter, still with a focus on anti-spam, and look at how the WG can better serve the RIPE community
  • Change and widen the focus of the WG. When the WG was originally set up, spam was an obvious target, as the main problem for many ISPs. It is now just one of many issues, and the WG might better serve the community as an anti-abuse WG looking at a broader range of topics. Adopting this third option would involve liaison with the rest of the RIPE community.

The Chairs emphasised that the WG will still have a focus on spam.

Sander Steffann made a comment in favour of more broad abuse issues. Keith Mitchell noted that the underground community related to spam and other abuse issues is very closely related, and therefore the WG should look at the whole. Ralf Weber agreed, and noted that viruses are usually transported over spam.

There was a request that the WG restrict itself to e-mail services.

Malcolm Hutty pointed out that the current focus has been very narrow, and that the output has been similarly narrow he suggested that some sort of work product be defined to help ensure that the charter not become too broad. Wilfried noted that the narrow mandate arose from historical circumstances, and that it could be dangerous for the WG to limit itself to spam. He noted that it might be worth looking at what a slightly broader charter could mean in terms of the support this WG could offer to other WGs, particularly in terms of picking up security issues that are not strictly relevant to other WGs.

Keith agreed that there is a danger of losing focus, but noted that it is important to focus on the right issues. Peter Koch agreed with readjusting focus, and feels the WG could act as an education channel and liaise with other groups that are less Internet-related, such as government, regulators etc. Roland noted that it is important to focus on what the deliverables are, particularly given that the "audience" has changed spam is now an operation of organised crime.

Brian suggested that at the Plenary on Friday, he would let the wider community know that there is a discussion on change of focus, and elicit their opinion. He will also send a fuller mail to the list next week. There was general agreement on this.

X. AOB

None.

Z. Agenda for RIPE 56; Plenary Presentations

Meeting closed 15:33.