From brian.nisbet at heanet.ie Mon May 4 15:00:37 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 4 May 2009 14:00:37 +0100 (IST) Subject: [anti-abuse-wg] Minutes of RIPE57 WG Meeting Message-ID: <52679.193.0.25.10.1241442037.squirrel@webmail.heanet.ie> Colleagues, Apologies for the long delay in sending out these minutes, but hopefully you'll have the opportunity to read them before the WG Session at 14:00 on Thursday 7th May. Thanks, Brian. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: Anti-Spam Working Group Minutes RIPE57 - Draft.txt URL: From brian.nisbet at heanet.ie Mon May 4 17:05:49 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Mon, 4 May 2009 16:05:49 +0100 (IST) Subject: [anti-abuse-wg] Minutes of RIPE57 WG Meeting In-Reply-To: <52679.193.0.25.10.1241442037.squirrel@webmail.heanet.ie> References: <52679.193.0.25.10.1241442037.squirrel@webmail.heanet.ie> Message-ID: <49956.193.0.25.10.1241449549.squirrel@webmail.heanet.ie> > Colleagues, > > Apologies for the long delay in sending out these minutes, but hopefully > you'll have the opportunity to read them before the WG Session at 14:00 > on Thursday 7th May. And apologies again, these are, of course, the minutes from the RIPE 56 meeting. I will send out the RIPE 57 meeting minutes soon. Brian. From brian.nisbet at heanet.ie Tue May 5 15:01:25 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Tue, 5 May 2009 14:01:25 +0100 (IST) Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes Message-ID: <52431.193.0.25.10.1241528485.squirrel@webmail.heanet.ie> Colleagues, Here are the *actual* mintues for RIPE 57. Apologies for the delay and earlier confusion. Regards, Brian. ------------------------------- RIPE 57 Meeting Dubai Anti-Abuse Working Group Wednesday, 28 October 2008, 13:30 Chair: Brian Nisbet Scribe: Fergal Cunningham, RIPE NCC Jabber: Jos Boumans A. Administrative Matters The working group (WG) Chair, Brian Nisbet, welcomed the attendees and explained that the WG Co-Chair, Richard Cox, was unable to attend. He mentioned that Richard hopes to attend the WG session at RIPE 58. He pointed out that this was the first session of the Anti-Abuse WG since its change from the Anti-Spam WG. The minutes from RIPE 56 were approved with no comments and there were no updates to the current agenda. Brian extended his thanks to the RIPE NCC for its help with setting up the Anti-Abuse WG. Brian went through the charter for the new Anti-Abuse WG and explained the differences between it and the previous Anti-Spam WG charter. The new charter can be viewed on the Anti-Abuse WG pages at: http://www.ripe.net/ripe/wg/anti-abuse/index.html Brian said that spam is a symptom of bigger problems so the charter allows the formation of the Anti-Abuse WG. He noted that there is a list in the charter of some obvious abuse types, with point five being the most obvious - all systems and mechanisms, technical and non-technical used to create, control and make money from such abuse. He explained that there is no set process to add new items to the list but this should be easy to do so through the WG mailing list. He added the important caveat that the WG does not view areas such as cyber-squatting or hosting illegal content as being part of its remit. Brian added that all subscribers to the Anti-Spam WG mailing list had been added to the Anti-Abuse WG mailing list so that the WG has not lost anybody. He emphasised that this mailing list is not the email address to use to report abuse or spam. It is not the Anti-Abuse WG?s job to contact Internet Service Providers (ISPs) about these issues. He concluded this section by noting that presentations are planned for RIPE 58. B. Updates B1. Developments in Anti-Abuse Brian noted that HEANET supplies broadband to schools in Ireland. Content filtering is almost line rate on the gigabit interfaces that are being plugged into it. It can handle the 500 or 600 MB going through it. B2. Legislation There were no updates. B3. Products There were no updates. B4. Recent List Discussion Most discussion on the mailing list has been about the new charter for the Anti-Abuse WG formation. C. Technical Measures C1. Sender Verification There were no updates. C2. Filtering There were no updates. C3 Source Identification There were no updates. C4 Others There were no updates. D. Interactions D1. Working Groups The Chair noted that there had been discussion on contact details in the RIPE Database. There is currently no policy stating that people have to have correct details and because of this people have suffered abuse. People have asked about change. The Anti-Abuse WG is not planning this change process, which might be something for the Database WG, but the Anti-Abuse WG will have input. A representative from the Serious Organised Crime Agency (SOCA) in the UK pointed out that there was a bill in the US on anti-phishing that would make it illegal to register incorrect WHOIS data. Brian said it would be very interesting to see what effect this will have on the Regional Internet Registry (RIR) Databases. He noted that there would be discussion with the Cooperation WG on this and that the chairs of the Anti-Abuse and Database WGs are not going to write a policy proposal. This is something that might require community support and will come up again. There is currently not a lot of interaction so far because the Anti-Abuse WG is new, but the chairs hope to talk very soon with other groups to see what people are doing with regard to points D2-D5, below. D2. Other ISPs There was a comment that there was currently a spam initiative from Microsoft and some ISPs to bring those who are spamming to court. They are also making a database of spammers. There is also a German initiative to create a ?white list? because people sometimes want advertising and this allows companies to send advertising and not have it considered as spam. Brian said that he had seen initiatives like this and hopefully it will reduce instances of phishing. He added that the challenge is that people are quick to report spam and this affects genuine advertisers. He noted that the WG would be interested in more information because this is the type of thing the WG wants to hear about. It is also the sort of subject matter the WG would like for presentations at future RIPE Meetings. D3. Anti-Abuse Groups No update. D4. RIRs There were no updates. D5. IETF There were no updates. E. Documents E1. Updates to ripe-409 Brian asked people to look at the RIPE Document ripe-409, ?Good Practice in Minimising E-mail Abuse? [http://rosie.ripe.net/ripe/docs/ripe-409.html] and asked for any updates. He noted that there might be things missing that need to be added. He will send the request to the mailing list. The WG will then look at creating new draft documents. E2. Creation of New Documentation The Chair noted that the ripe-409 document could be a core document for the WG on protecting networks through technical and non-technical measures. He asked if people had suggestions for white papers for law enforcement or any priorities that people would like to mention. There were no comments. Z. A.O.B. Brian asked if there were any further comments. There were none. He said that the new WG would require guidance and assistance on what people want the WG to do. He will look at targeting people to speak at RIPE 58. Brian concluded the session by thanking the attendees and reiterating that people should look at the Anti-Abuse WG Charter and contribute to discussions on the mailing list in the build-up to RIPE 58. From thor at anta.net Wed May 6 12:35:08 2009 From: thor at anta.net (Thor Kottelin) Date: Wed, 6 May 2009 13:35:08 +0300 Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes In-Reply-To: <20090506100004.21464.85618.Mailman@postboy.ripe.net> References: <20090506100004.21464.85618.Mailman@postboy.ripe.net> Message-ID: > Date: Tue, 5 May 2009 14:01:25 +0100 (IST) > From: "Brian Nisbet" > To: anti-abuse-wg at ripe.net > Reply-To: brian.nisbet at heanet.ie > RIPE 57 Meeting Dubai > Anti-Abuse Working Group > Wednesday, 28 October 2008, 13:30 > There was a comment that there was currently a spam initiative from > Microsoft and some ISPs to bring those who are spamming to court. > They are > also making a database of spammers. There is also a German > initiative to create a ?white list? because people sometimes want > advertising and this allows companies to send advertising and not > have it > considered as spam. > > Brian said that he had seen initiatives like this and hopefully it > will > reduce instances of phishing. He added that the challenge is that > people > are quick to report spam and this affects genuine advertisers. Thank you for posting the minutes. There is one thing I have difficulty understanding: for which definition of "genuine advertisers" are such advertisers affected by having (their?) spam reported? -- Thor Kottelin http://www.anta.net/ From brian.nisbet at heanet.ie Wed May 6 14:04:50 2009 From: brian.nisbet at heanet.ie (Brian Nisbet) Date: Wed, 6 May 2009 13:04:50 +0100 (IST) Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes Message-ID: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> Thor Kottelin wrote: >> Date: Tue, 5 May 2009 14:01:25 +0100 (IST) >> From: "Brian Nisbet" >> To: anti-abuse-wg at ripe.net >> Reply-To: brian.nisbet at heanet.ie > >> RIPE 57 Meeting Dubai >> Anti-Abuse Working Group >> Wednesday, 28 October 2008, 13:30 > >> There was a comment that there was currently a spam initiative from Microsoft and some ISPs to bring those who are spamming to court. They are >> also making a database of spammers. There is also a German >> initiative to create a ???white list??? because people sometimes want advertising and this allows companies to send advertising and not have it >> considered as spam. >> Brian said that he had seen initiatives like this and hopefully it will >> reduce instances of phishing. He added that the challenge is that people >> are quick to report spam and this affects genuine advertisers. > > Thank you for posting the minutes. > > There is one thing I have difficulty understanding: for which definition of "genuine advertisers" are such advertisers affected by having (their?) spam reported? Certainly my meaning here refers to advertising that people have requested, rather than UBE. One issue that companies see is that users sign-up to newsletters or the like, then forget they have done so and hit the "report spam" button when something drops into their inbox. If such spam reports are made, then the sender's emails will be blocked by the service provider and legitimately requested email will not reach its destination, thereby affecting the relevant sender's business. Does that clairfy it at all? Thanks, Brian. From thor at anta.net Wed May 6 14:38:54 2009 From: thor at anta.net (Thor Kottelin) Date: Wed, 6 May 2009 15:38:54 +0300 Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes In-Reply-To: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> References: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> Message-ID: > -----Original Message----- > From: Brian Nisbet [mailto:brian.nisbet at heanet.ie] > Sent: Wednesday, May 06, 2009 3:05 PM > To: anti-abuse-wg at ripe.net > Cc: Thor Kottelin > > There is one thing I have difficulty understanding: for which > definition > of "genuine advertisers" are such advertisers affected by having > (their?) spam reported? > > Certainly my meaning here refers to advertising that people have > requested, rather than UBE. One issue that companies see is that > users > sign-up to newsletters or the like, then forget they have done so > and hit > the "report spam" button when something drops into their inbox. > > If such spam reports are made, then the sender's emails will be > blocked > by the service provider and legitimately requested email will not > reach > its destination, thereby affecting the relevant sender's business. Thank you for the clarification. I now understand better what you mean. Of course, there will always be some volume of false reports due to human negligence. On the other hand, the vast majority of users are probably not likely to report as spam something they have intentionally requested to receive. (Consider, for example, the odds of a working-group member reporting this list message as spam.) It must be almost infinitely more common for UBE senders to spuriously invoke excuses of the "TINS because you joined a list we bought" kind. Thus, the issue of false positive reports should not be given excessive weight. -- Thor Kottelin http://www.anta.net/ From thor at anta.net Wed May 6 14:52:19 2009 From: thor at anta.net (Thor Kottelin) Date: Wed, 6 May 2009 15:52:19 +0300 Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes References: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> Message-ID: > > One issue that companies see is that > > users > > sign-up to newsletters or the like, then forget they have done so > > and hit > > the "report spam" button when something drops into their inbox. > > > > If such spam reports are made, then the sender's emails will be > > blocked > > by the service provider and legitimately requested email will not > > reach > > its destination, thereby affecting the relevant sender's > business. Apologies for this addition, but I would also like to note that this specific scenario is a non-issue. If a service provider blocks mail because of user requests or any other reason, it is within its right to do so. Mail server farms are private property; no sender can have a subjective right to reach anyone's inbox, whether or not said sender's profits would be affected by its bulk mail not being read. I guess the bottom line is that bulk mailing is such a tainted industry that anyone who sets up shop therein must assume that their mail will be blocked to heaven and back. -- Thor Kottelin http://www.anta.net/ From iane at sussex.ac.uk Wed May 6 15:13:30 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 06 May 2009 14:13:30 +0100 Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes In-Reply-To: References: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> Message-ID: <98712BC1FC88B8FA58E9112E@lewes.staff.uscs.susx.ac.uk> --On 6 May 2009 15:38:54 +0300 Thor Kottelin wrote: > > On the other hand, the vast majority of users are probably not likely to > report as spam something they have intentionally requested to receive. > (Consider, for example, the odds of a working-group member reporting this > list message as spam.) It must be almost infinitely more common for UBE > senders to spuriously invoke excuses of the "TINS because you joined a > list we bought" kind. Thus, the issue of false positive reports should > not be given excessive weight. Hmm... I manage a Mailman list server for a University. We see plenty of spam report feedback, which occurs because some web mail providers make it very easy to report unwanted email as spam. In one interface I've seen, there are two buttons "delete" and "report" with no separation between them. It would be nice if they'd devote some resource to exposing the URLs in the List-unsubscribe headers on the emails that are being reported. I really do believe that at least 20% of reports on emails sent from our servers are actually due to people changing their mind about the quality of content on lists that they signed up to. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From yves at pop.com.br Wed May 6 16:10:06 2009 From: yves at pop.com.br (Yves) Date: Wed, 6 May 2009 11:10:06 -0300 Subject: RES: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes In-Reply-To: <98712BC1FC88B8FA58E9112E@lewes.staff.uscs.susx.ac.uk> References: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> <98712BC1FC88B8FA58E9112E@lewes.staff.uscs.susx.ac.uk> Message-ID: <004a01c9ce54$5b64fed0$122efc70$@com.br> Please remove me from this list. Tks., Yves -----Mensagem original----- De: anti-abuse-wg-admin at ripe.net [mailto:anti-abuse-wg-admin at ripe.net] Em nome de Ian Eiloart Enviada em: quarta-feira, 6 de maio de 2009 10:14 Para: Thor Kottelin; anti-abuse-wg at ripe.net Assunto: RE: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes --On 6 May 2009 15:38:54 +0300 Thor Kottelin wrote: > > On the other hand, the vast majority of users are probably not likely > to report as spam something they have intentionally requested to receive. > (Consider, for example, the odds of a working-group member reporting > this list message as spam.) It must be almost infinitely more common > for UBE senders to spuriously invoke excuses of the "TINS because you > joined a list we bought" kind. Thus, the issue of false positive > reports should not be given excessive weight. Hmm... I manage a Mailman list server for a University. We see plenty of spam report feedback, which occurs because some web mail providers make it very easy to report unwanted email as spam. In one interface I've seen, there are two buttons "delete" and "report" with no separation between them. It would be nice if they'd devote some resource to exposing the URLs in the List-unsubscribe headers on the emails that are being reported. I really do believe that at least 20% of reports on emails sent from our servers are actually due to people changing their mind about the quality of content on lists that they signed up to. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From peter at hk.ipsec.se Wed May 6 16:16:42 2009 From: peter at hk.ipsec.se (peter h) Date: Wed, 6 May 2009 16:16:42 +0200 Subject: [anti-abuse-wg] RIPE 57: Anti Abuse WG Minutes In-Reply-To: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> References: <58530.193.0.25.10.1241611490.squirrel@webmail.heanet.ie> Message-ID: <200905061616.42974.peter@hk.ipsec.se> On Wednesday 06 May 2009 14.04, Brian Nisbet wrote: > Thor Kottelin wrote: > >> Date: Tue, 5 May 2009 14:01:25 +0100 (IST) > >> From: "Brian Nisbet" > >> To: anti-abuse-wg at ripe.net > >> Reply-To: brian.nisbet at heanet.ie > > > >> RIPE 57 Meeting Dubai > >> Anti-Abuse Working Group > >> Wednesday, 28 October 2008, 13:30 > > > >> There was a comment that there was currently a spam initiative from > Microsoft and some ISPs to bring those who are spamming to court. They > are > >> also making a database of spammers. There is also a German > >> initiative to create a ???white list??? because people sometimes want > advertising and this allows companies to send advertising and not have > it > >> considered as spam. > >> Brian said that he had seen initiatives like this and hopefully it will > >> reduce instances of phishing. He added that the challenge is that people > >> are quick to report spam and this affects genuine advertisers. > > > > Thank you for posting the minutes. > > > > There is one thing I have difficulty understanding: for which definition > of "genuine advertisers" are such advertisers affected by having > (their?) spam reported? > > Certainly my meaning here refers to advertising that people have > requested, rather than UBE. One issue that companies see is that users > sign-up to newsletters or the like, then forget they have done so and hit > the "report spam" button when something drops into their inbox. > > If such spam reports are made, then the sender's emails will be blocked > by the service provider and legitimately requested email will not reach > its destination, thereby affecting the relevant sender's business. A lot of "so called" registered requests occur automatically and with very convoluted informatioon on many "commercial" outfits. One must read very carefully and check for all more or less hidden checkboxes to make shure one does not subscribes to spam. Anyone sending out spam ( or "information letters" ) has to be very shure that the user actually wants this spap ( or "information letters"). So in my opinion, "genuine advertisers" has a responsibility to inform and must be aware that any user that ( mistakenly) reports as sopam will harm their sending of "information". > > Does that clairfy it at all? > > Thanks, > > Brian. > > > > > > > > > -- Peter H?kanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det ?r billigare att g?ra r?tt. Det ?r dyrt att laga fel. ) From badguyskiller at gmail.com Wed May 27 15:22:20 2009 From: badguyskiller at gmail.com (Badguys Killer) Date: Wed, 27 May 2009 15:22:20 +0200 Subject: [anti-abuse-wg] What to do when both RIR and ISP don't care? In-Reply-To: <49F40BA9.3060601@hovland.cx> References: <943126771.53861240304469228.JavaMail.root@zimbra.nfsi.pt> <49F1E696.40205@rediris.es> <49F20226.4070207@hovland.cx> <49F40BA9.3060601@hovland.cx> Message-ID: 2009/4/26 J?rgen Hovland > You have spent more time telling us about the invalid email address than > it would if you picked up the phone and called them :-) > Oh yeah? You think so? Have you checked the time when I replied? They are off office hours. I don't think anyone would answer my call at 6pm or later ... > So it is can't be an issue about time/money. There will always be some > invalid contact info anyway. It's the percentage of it you want to reduce I > guess. > And if I call, is it sure my call would be taken into account? -------------- next part -------------- An HTML attachment was scrubbed... URL: