Africa, on the Road to Athens, Cairo 18-21 september 2006

SPAM in Africa: Problems and Solutions?

Adel GAALOUL, Président Directeur Général Agence Tunisienne d’Internet adel.gaaloul@ati.tn

Summary

1. What is SPAM ?

2. The Spam’s problem

3. The Tunis Agenda and Spam

4. An Approach to Fight Spam

3

1. What is SPAM?

- Definition: The sending, often massive, of electronic

messages not solicited

- Communications : E-mail, Mobile SMS, MMS, Video…

- Carried content: Commercial - Offensive and harmful

content - Security (Mail Bombing, Viruses, Phishing,

Scams , ID Theft…)

- A new ecosystem: Low cost entry, high profit, anonymity,

not well organised

4

2. The SPAM problem

The spam is reaching worrying proportions of traffic

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

2001 2002 2003 2004 2005

5

2. The Spam problem

North America

Asia

Europe

South America

Australia

Africa

SPAM source

SPAM source (2004)

6

2. The Spam problem

Less protected and more vulnerable

Narrow bandwidth available

Productivity reduction

Loss of messages (use of inefficient filtering tools)

Reception of fraudulent contents and security risks

E-marketing and e-news companies are blacklisted

Innovation is killed

Impact: African costumer suffers more from Spam

7

2. The Spam problem

Operation cost inflation:

- filtering software

- bandwidth waste

- more server / storage capacity

Security problems: servers attacks, organization

Adequate resources: Need more specialized technicians

Quality of service degradation: Blacklisting of gateways

Unsatisfied costumers

Challenges for African ISPs

8

3. The Tunis Agenda and Spam

We call upon all stakeholders, to adopt a multi-

pronged approach to counter spam that includes,

inter alia, consumer and business education;

appropriate legislation, law enforcement authorities

and tools; the continued development of technical

and self regulatory measures; best practices; and

international cooperation.

Paragraph 41, Tunis Agenda

9

Anti-SPAM Action Plan

Glo

bal

co

op

erat

ion

Aw

aren

ess

cap

acit

y b

uil

din

g

Trust / confidence

Reg

ula

tio

n

Tec

hn

ical

ac

tio

ns

4. Fighting spam, a multi-dimensional approach

D C AB

10

A. Regulation system

ITU study on anti-spam law covering 58 countries (2005)

11

A. An efficient regulation framework

- Anti-spam law

Coordination, regulation and arbitration authority

Implementation mechanisms

Simple mechanisms for complaint deposit and

reporting, Online reporting forms

Enacting a law that balance between regulation and

promotion of electronic messaging, and fights spam

- Complementary actions

12

A. An efficient regulation framework

- Explicit agreement (opt-in): Messages cannot be sent

without the preliminary agreement of the recipients (Australia, Belgium, Germany, UK, Italy, France, Switzerland…)

- Assumption of acceptance until refusal (opt-out):Sending of messages to people who do not oppose to it (Switzerland, Japan, Korea, USA…)

Two approaches of the legislation

13

A. An efficient regulation framework

Explicit un-subscription must be included

Prohibition to falsify or hides origin and heading informations

Use of special labels to add in the subject for commercial, adult

messages (for example ADV…)

Define legitimate mass mailing conditions (newsletter…)

Content of legislation

Messages constraints:

14

A. An efficient regulation framework

Sending, ordering, authorizing or gaining through spam activity

Sale, purchase and use of software for electronic addresses

collection

Dictionary attacks and personal data automatically generated lists

Illegal access in order to send messages

Sending spam containing malware, misleading or fraudulent

contents, scams, fishing, and other frauds…

Content of legislation

Prohibition and sanction :

15

B. Technical actions

Optimise messaging gateways configuration

Checking of compliance with SMTP protocol RFC 2821…

Restrictions on e-mail address, host name and IP address

Protection against email-bombing and limitation of e-mails flow

(email per unit of time, recipients per unit of time, errors…)

Protection against dictionary attacks

Protection of customers infrastructure against e-mail attacks and

relaying

Infrastructure optimisation and Security

16

B. Technical actions

Implementation of International Blacklists (RBL, RHBL) and

Setting up National Blacklists

Setting up white lists for mass mailing users and an authentication

SMTP gateways

Installation of anti-spam and antivirus filters at ISP level

Distribution of anti-spam tools for end user (possibly open source)

Setting up tools and methods for spam reporting and collaboration

Staff for managing spam incidents

Spam management system

17

C. Awareness and capacity building

Inform and develop understanding of spam, fishing problem, Open relays …

Integrating security modules in children education curriculum for positive use of ICT

Capacity building programs (specialist, business, teacher education …)

Disseminate information via Website: Anti-spam toolkits, training materials…

Reinforce awareness and capacity building

18

D. Global cooperation

Define charters: messaging services use, commercial mailing

services and direct marketers

Set up cooperation between ISPs and other stakeholders: anti-

spam platforms, experience sharing (blacklisting, white listing,

tools…), best practices…

Develop join capacity building program

Set up reaction and emergency plans

Procedure of data and statistic collection

Establishing Anti-spam Taskforce:

19

D. Global cooperation

Many existing frameworks:

•APEC Anti-Spam Strategy, London Action Plan•OECD tool kit, ITU activities

Coordinate international cooperation nationally

Need of anti-spam African cooperation (Anti-spam Network)

Reinforce International cooperation

20

THANK YOU MERCI شكرا