Upload
erica-waters
View
214
Download
0
Embed Size (px)
Citation preview
Africa, on the Road to Athens, Cairo 18-21 september 2006
SPAM in Africa: Problems and Solutions?
Adel GAALOUL, Président Directeur Général Agence Tunisienne d’Internet [email protected]
Summary
1. What is SPAM ?
2. The Spam’s problem
3. The Tunis Agenda and Spam
4. An Approach to Fight Spam
3
1. What is SPAM?
- Definition: The sending, often massive, of electronic
messages not solicited
- Communications : E-mail, Mobile SMS, MMS, Video…
- Carried content: Commercial - Offensive and harmful
content - Security (Mail Bombing, Viruses, Phishing,
Scams , ID Theft…)
- A new ecosystem: Low cost entry, high profit, anonymity,
not well organised
4
2. The SPAM problem
The spam is reaching worrying proportions of traffic
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
2001 2002 2003 2004 2005
5
2. The Spam problem
North America
Asia
Europe
South America
Australia
Africa
SPAM source
SPAM source (2004)
6
2. The Spam problem
Less protected and more vulnerable
Narrow bandwidth available
Productivity reduction
Loss of messages (use of inefficient filtering tools)
Reception of fraudulent contents and security risks
E-marketing and e-news companies are blacklisted
Innovation is killed
Impact: African costumer suffers more from Spam
7
2. The Spam problem
Operation cost inflation:
- filtering software
- bandwidth waste
- more server / storage capacity
Security problems: servers attacks, organization
Adequate resources: Need more specialized technicians
Quality of service degradation: Blacklisting of gateways
Unsatisfied costumers
Challenges for African ISPs
8
3. The Tunis Agenda and Spam
We call upon all stakeholders, to adopt a multi-
pronged approach to counter spam that includes,
inter alia, consumer and business education;
appropriate legislation, law enforcement authorities
and tools; the continued development of technical
and self regulatory measures; best practices; and
international cooperation.
Paragraph 41, Tunis Agenda
9
Anti-SPAM Action Plan
Glo
bal
co
op
erat
ion
Aw
aren
ess
cap
acit
y b
uil
din
g
Trust / confidence
Reg
ula
tio
n
Tec
hn
ical
ac
tio
ns
4. Fighting spam, a multi-dimensional approach
D C AB
10
A. Regulation system
ITU study on anti-spam law covering 58 countries (2005)
11
A. An efficient regulation framework
- Anti-spam law
Coordination, regulation and arbitration authority
Implementation mechanisms
Simple mechanisms for complaint deposit and
reporting, Online reporting forms
Enacting a law that balance between regulation and
promotion of electronic messaging, and fights spam
- Complementary actions
12
A. An efficient regulation framework
- Explicit agreement (opt-in): Messages cannot be sent
without the preliminary agreement of the recipients (Australia, Belgium, Germany, UK, Italy, France, Switzerland…)
- Assumption of acceptance until refusal (opt-out):Sending of messages to people who do not oppose to it (Switzerland, Japan, Korea, USA…)
Two approaches of the legislation
13
A. An efficient regulation framework
Explicit un-subscription must be included
Prohibition to falsify or hides origin and heading informations
Use of special labels to add in the subject for commercial, adult
messages (for example ADV…)
Define legitimate mass mailing conditions (newsletter…)
Content of legislation
Messages constraints:
14
A. An efficient regulation framework
Sending, ordering, authorizing or gaining through spam activity
Sale, purchase and use of software for electronic addresses
collection
Dictionary attacks and personal data automatically generated lists
Illegal access in order to send messages
Sending spam containing malware, misleading or fraudulent
contents, scams, fishing, and other frauds…
Content of legislation
Prohibition and sanction :
15
B. Technical actions
Optimise messaging gateways configuration
Checking of compliance with SMTP protocol RFC 2821…
Restrictions on e-mail address, host name and IP address
Protection against email-bombing and limitation of e-mails flow
(email per unit of time, recipients per unit of time, errors…)
Protection against dictionary attacks
Protection of customers infrastructure against e-mail attacks and
relaying
Infrastructure optimisation and Security
16
B. Technical actions
Implementation of International Blacklists (RBL, RHBL) and
Setting up National Blacklists
Setting up white lists for mass mailing users and an authentication
SMTP gateways
Installation of anti-spam and antivirus filters at ISP level
Distribution of anti-spam tools for end user (possibly open source)
Setting up tools and methods for spam reporting and collaboration
Staff for managing spam incidents
Spam management system
17
C. Awareness and capacity building
Inform and develop understanding of spam, fishing problem, Open relays …
Integrating security modules in children education curriculum for positive use of ICT
Capacity building programs (specialist, business, teacher education …)
Disseminate information via Website: Anti-spam toolkits, training materials…
Reinforce awareness and capacity building
18
D. Global cooperation
Define charters: messaging services use, commercial mailing
services and direct marketers
Set up cooperation between ISPs and other stakeholders: anti-
spam platforms, experience sharing (blacklisting, white listing,
tools…), best practices…
Develop join capacity building program
Set up reaction and emergency plans
Procedure of data and statistic collection
Establishing Anti-spam Taskforce:
19
D. Global cooperation
Many existing frameworks:
•APEC Anti-Spam Strategy, London Action Plan•OECD tool kit, ITU activities
Coordinate international cooperation nationally
Need of anti-spam African cooperation (Anti-spam Network)
Reinforce International cooperation
20
THANK YOU MERCI شكرا