Taking Common Action Against Spam Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking < Internet Society of China Beijing – 2004 Dave Crocker Brandenburg InternetWorking <
2 2 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Setting the Context © 1975(!) Datamation © 1975(!) Datamation This? Oh, this is the display for my electronic junk mail.
3 3 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 A Personal Perspective social Spam is a complex social problem follow Technical solutions must follow the social decisions The situation is getting much worse, very quickly It is like moving from a safe, small town to a big (U.S.) city Spam is created in one country, and sent out from another And no technique has yet reduced global spam! Spam is a global problem On the Internet, every place is a close neighbor common We can only control it by taking common action social Spam is a complex social problem follow Technical solutions must follow the social decisions The situation is getting much worse, very quickly It is like moving from a safe, small town to a big (U.S.) city Spam is created in one country, and sent out from another And no technique has yet reduced global spam! Spam is a global problem On the Internet, every place is a close neighbor common We can only control it by taking common action
4 4 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Wheel of Spam (Mis)Fortune Control of spam Techniques are not precise We must balance the facets Need many partial solutions Heuristics to consider Long lists Complicated Complicated Be careful! Political Legal Social Human Administration Technical Management Deployment Many Facets of
5 5 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Formulating Proposals Spammers “Accountable” Legitimate businesses with aggressive marketing Need rules to constrain “Rogue” Avoid accountability Same as criminal virus and worm attackers Spammers “Accountable” Legitimate businesses with aggressive marketing Need rules to constrain “Rogue” Avoid accountability Same as criminal virus and worm attackers Pragmatic Approach Specify: Type of targeted spam How it is occurring How the mechanism will fix the problem Explore how mechanism can fail
6 6 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 A List of Common Suggestions Initial suggestions from the anti-spam community Most are useful for providers and countries everywhere We need a venue for forming on-going agreements Categories Legal: Legal: Formal boundaries and consequences Accountability: Accountability: For whitelisting(!) Administrative: Administrative: Organization commitment and efficiency Collaboration: Collaboration: Adapt and respond to changes Operations: Operations: Tools for responding Initial suggestions from the anti-spam community Most are useful for providers and countries everywhere We need a venue for forming on-going agreements Categories Legal: Legal: Formal boundaries and consequences Accountability: Accountability: For whitelisting(!) Administrative: Administrative: Organization commitment and efficiency Collaboration: Collaboration: Adapt and respond to changes Operations: Operations: Tools for responding
7 7 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Legal and Political Provide government assistance and oversight Treat spam as a common international and national emergency This requires a commitment by both government and operators Formulate Acceptable Use Policies (AUP) Create legal procedures to disconnect spammers Specify serious consequences for violating AUP Provide government assistance and oversight Treat spam as a common international and national emergency This requires a commitment by both government and operators Formulate Acceptable Use Policies (AUP) Create legal procedures to disconnect spammers Specify serious consequences for violating AUP
8 8 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 AccountabilityAccountability rDNS (in-addr.arpa) Maintain IP address-to-name mappings for all visible addresses Map to “useful” domain names WHOIS information Maintain accurate entries Indirect spam referencing via ‘landing hosts’ Lines of accountability to owner of the host rDNS (in-addr.arpa) Maintain IP address-to-name mappings for all visible addresses Map to “useful” domain names WHOIS information Maintain accurate entries Indirect spam referencing via ‘landing hosts’ Lines of accountability to owner of the host
9 9 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Organizational and Administrative Organization Structure Use a unique ASN for each provincial "branch" Create central authority to assist province administrators who provide direct policy enforcement Network Structure Separate dynamic and static IP's Staff Support Province/Network administrators must have authority to terminate quickly Give them tools and training for disconnecting spammers Organization Structure Use a unique ASN for each provincial "branch" Create central authority to assist province administrators who provide direct policy enforcement Network Structure Separate dynamic and static IP's Staff Support Province/Network administrators must have authority to terminate quickly Give them tools and training for disconnecting spammers
10 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Collaboration Among Providers Global Create RFC-2142 addresses; register with abuse.net Act on complaints made to abuse addresses Forum for international sharing of methods and information Government and operator participation in APCauce, SPAM-L, NANAE, etc. National Forum for Province administrators Create a Chinese anti-spam site to help non-Chinese users report spam involving China Global Create RFC-2142 addresses; register with abuse.net Act on complaints made to abuse addresses Forum for international sharing of methods and information Government and operator participation in APCauce, SPAM-L, NANAE, etc. National Forum for Province administrators Create a Chinese anti-spam site to help non-Chinese users report spam involving China
11 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 OperationsOperations Prevention Create a list of IP Address blocks that are run by anti-spam ISPs, to permit whitelisting(!) Certify, block or rate-limit outbound SMTP for all hosts Detection Monitor traffic flows for “spikes” Check outbound mail for viruses Response Create response-time targets (< 24 hours) Responses in English would be nice Prevention Create a list of IP Address blocks that are run by anti-spam ISPs, to permit whitelisting(!) Certify, block or rate-limit outbound SMTP for all hosts Detection Monitor traffic flows for “spikes” Check outbound mail for viruses Response Create response-time targets (< 24 hours) Responses in English would be nice
12 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 Safe Internet service is achieved through collaboration among providers. A Direction for Collaboration? Safe Internet service requires collaboration among providers. We need a venue for collaborative development, assistance, monitoring and reporting of safe operational practices. Safe Internet service requires collaboration among providers. We need a venue for collaborative development, assistance, monitoring and reporting of safe operational practices. ASP Enterprise ISP Technology Standard Guideline Mutual Internet Practices Association
13 D. Crocker, Brandenburg InternetWorkingISOC China – Beijing,2004 SummarySummary Spam is a complicated probem It needs to be treated with all due respect Spam is a universal problem Fighting it requires global common action Spam is an urgent problem We must attack it together… now! Xie Xie Spam is a complicated probem It needs to be treated with all due respect Spam is a universal problem Fighting it requires global common action Spam is an urgent problem We must attack it together… now! Xie Xie