Taking Common Action Against Spam Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking

Taking Common Action Taking Common Action Against SpamAgainst Spam

Taking Common Action Taking Common Action Against SpamAgainst Spam

Internet Society of ChinaInternet Society of ChinaBeijing – 2004Beijing – 2004

Dave CrockerDave CrockerBrandenburg InternetWorkingBrandenburg InternetWorking

<http://brandenburg.com/current.html><http://brandenburg.com/current.html>

Internet Society of ChinaInternet Society of ChinaBeijing – 2004Beijing – 2004

Dave CrockerDave CrockerBrandenburg InternetWorkingBrandenburg InternetWorking

<http://brandenburg.com/current.html><http://brandenburg.com/current.html>

D. Crocker, Brandenburg InternetWorking ISOC China – Beijing,200422

Setting the ContextSetting the ContextSetting the ContextSetting the Context

© 1975(!)Datamation

© 1975(!)Datamation

This? Oh, this is the display This? Oh, this is the display for my electronic junk mail.for my electronic junk mail.


A Personal PerspectiveA Personal PerspectiveA Personal PerspectiveA Personal Perspective

Spam is a complex socialsocial problem Technical solutions must followfollow the social decisions

The situation is getting much worse, very quickly

It is like moving from a safe, small town to a big (U.S.) city Spam is created in one country, and sent out from another And no technique has yet reduced global spam!

Spam is a global problem On the Internet, every place is a close neighbor We can only control it by taking commoncommon action

Spam is a complex socialsocial problem Technical solutions must followfollow the social decisions

The situation is getting much worse, very quickly

It is like moving from a safe, small town to a big (U.S.) city Spam is created in one country, and sent out from another And no technique has yet reduced global spam!

Spam is a global problem On the Internet, every place is a close neighbor We can only control it by taking commoncommon action


Wheel of Spam (Mis)FortuneWheel of Spam (Mis)FortuneWheel of Spam (Mis)FortuneWheel of Spam (Mis)Fortune

Control of spam Techniques are not precise We must balance the facets Need many partial solutions

Heuristics to consider Long lists Complicated Complicated Be careful!

Control of spam Techniques are not precise We must balance the facets Need many partial solutions

Heuristics to consider Long lists Complicated Complicated Be careful!

PoliticalPolitical

LegalLegal

SocialSocial

HumanHuman

AdministrationAdministration

TechnicalTechnical

ManagementManagement DeploymentDeployment

Many Facets of Many Facets of EmailEmail


Formulating ProposalsFormulating ProposalsFormulating ProposalsFormulating Proposals

SpammersSpammers “Accountable”

Legitimate businesses with aggressive marketing

Need rules to constrain Need rules to constrain

“Rogue” Avoid accountability Same as criminal virus Same as criminal virus

and worm attackersand worm attackers

SpammersSpammers “Accountable”

Legitimate businesses with aggressive marketing

Need rules to constrain Need rules to constrain

“Rogue” Avoid accountability Same as criminal virus Same as criminal virus

and worm attackersand worm attackers

Pragmatic Pragmatic ApproachApproach

Specify: Type of targeted spam How it is occurring How the mechanism

will fix the problem Explore how

mechanism can fail

Pragmatic Pragmatic ApproachApproach

Specify: Type of targeted spam How it is occurring How the mechanism

will fix the problem Explore how

mechanism can fail


A List of Common A List of Common SuggestionsSuggestionsA List of Common A List of Common SuggestionsSuggestions

Initial suggestions from the anti-spam community

Most are useful for providers and countries everywhere We need a venue for forming on-going agreements

CategoriesLegal:Legal: Formal boundaries and consequences

Accountability:Accountability: For whitelisting(!)

Administrative:Administrative: Organization commitment and efficiency

Collaboration:Collaboration: Adapt and respond to changes

Operations:Operations: Tools for responding

Initial suggestions from the anti-spam community

Most are useful for providers and countries everywhere We need a venue for forming on-going agreements

CategoriesLegal:Legal: Formal boundaries and consequences

Accountability:Accountability: For whitelisting(!)

Administrative:Administrative: Organization commitment and efficiency

Collaboration:Collaboration: Adapt and respond to changes

Operations:Operations: Tools for responding


Legal and PoliticalLegal and PoliticalLegal and PoliticalLegal and Political

Provide government assistance and oversight

Treat spam as a common international and national emergency

This requires a commitment by both government and operators

Formulate Acceptable Use Policies (AUP) Create legal procedures to disconnect spammers Specify serious consequences for violating AUP

Provide government assistance and oversight

Treat spam as a common international and national emergency

This requires a commitment by both government and operators

Formulate Acceptable Use Policies (AUP) Create legal procedures to disconnect spammers Specify serious consequences for violating AUP


AccountabilityAccountabilityAccountabilityAccountability

rDNS (in-addr.arpa) Maintain IP address-to-name mappings for all

visible addresses Map to “useful” domain names

WHOIS information Maintain accurate entries

Indirect spam referencing via ‘landing hosts’

Lines of accountability to owner of the host

rDNS (in-addr.arpa) Maintain IP address-to-name mappings for all

visible addresses Map to “useful” domain names

WHOIS information Maintain accurate entries

Indirect spam referencing via ‘landing hosts’

Lines of accountability to owner of the host


Organizational and Organizational and AdministrativeAdministrativeOrganizational and Organizational and AdministrativeAdministrative

Organization Structure Use a unique ASN for each provincial "branch" Create central authority to assist province

administrators who provide direct policy enforcement

Network Structure Separate dynamic and static IP's

Staff Support Province/Network administrators must have authority

to terminate quickly Give them tools and training for disconnecting

spammers

Organization Structure Use a unique ASN for each provincial "branch" Create central authority to assist province

administrators who provide direct policy enforcement

Network Structure Separate dynamic and static IP's

Staff Support Province/Network administrators must have authority

to terminate quickly Give them tools and training for disconnecting

spammers


Collaboration Among Collaboration Among ProvidersProvidersCollaboration Among Collaboration Among ProvidersProviders

Global Create RFC-2142 addresses; register with abuse.net Act on complaints made to abuse addresses Forum for international sharing of methods and

information Government and operator participation in APCauce,

SPAM-L, NANAE, etc.

National Forum for Province administrators Create a Chinese anti-spam site to help non-Chinese

users report spam involving China

Global Create RFC-2142 addresses; register with abuse.net Act on complaints made to abuse addresses Forum for international sharing of methods and

information Government and operator participation in APCauce,

SPAM-L, NANAE, etc.

National Forum for Province administrators Create a Chinese anti-spam site to help non-Chinese

users report spam involving China


OperationsOperationsOperationsOperations

Prevention Create a list of IP Address blocks that are run by anti-

spam ISPs, to permit whitelisting(!) Certify, block or rate-limit outbound SMTP for all hosts

Detection Monitor traffic flows for “spikes” Check outbound mail for viruses

Response Create response-time targets (< 24 hours) Responses in English would be nice

Prevention Create a list of IP Address blocks that are run by anti-

spam ISPs, to permit whitelisting(!) Certify, block or rate-limit outbound SMTP for all hosts

Detection Monitor traffic flows for “spikes” Check outbound mail for viruses

Response Create response-time targets (< 24 hours) Responses in English would be nice


Safe Internet service is achieved through collaboration among providers.

Safe Internet service is achieved through collaboration among providers.

A Direction for A Direction for Collaboration?Collaboration?A Direction for A Direction for Collaboration?Collaboration?

Safe Internet service requires collaboration among providers.

We need a venue for collaborative development, assistance, monitoring and reporting of safe operational practices.

Safe Internet service requires collaboration among providers.

We need a venue for collaborative development, assistance, monitoring and reporting of safe operational practices.

ASPASP

EnterpriseEnterprise

ISPISP

TechnologyTechnology

StandardStandard

GuidelineGuideline

Mutual Internet Practices

Association


SummarySummarySummarySummary

Spam is a complicated probem It needs to be treated with all due respect

Spam is a universal problem Fighting it requires global common action

Spam is an urgent problem We must attack it together… now!

Xie XieXie Xie

Spam is a complicated probem It needs to be treated with all due respect

Spam is a universal problem Fighting it requires global common action

Spam is an urgent problem We must attack it together… now!

Xie XieXie Xie

Documents

Taking Common Action Against Spam Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking