anti-spam-wg
Note: Please be advised that this an edited version of the real-time captioning that was used during the RIPE 56 Meeting. In some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but it should not be treated as an authoritative record.
RIPE 56 Anti-spam Working Group 2:00pm, Thursday, 8 May 2008
CHAIR: We can start. If someone would be so kind to close the doors in the back that would be useful. Thank you very much. So hello, welcome to the Anti-spam Working Group for RIPE 56. I am all on my own today, unlike various of the speakers in the DNS working group, I think I have a command of the English language. Richard is sadly unable to join us this week but hopefully at 57 he will be rejoining us and we can resume our double act. For those of you who don't know me I'm Brian Nesbit. I've been chair of the group for the last year; I took over in RIPE 54 from Rodney who had been chair for sometime quite previous to that. As you will see, we have potentially quite a short agenda with a very large item at the end so we'll see how long that takes and how the meeting timing goes. We have our wonderful scribe from the RIPE NCC, we have our wonderful stenographer and all the technical people. Thank you very much for helping out.
So the agenda is as you'll see. Nobody is suggesting any updates or changes. If anyone wants to say anything, now would be a good time to do so. Fair enough, so.
And the last point in the administrative matters is to approve the minutes from RIPE 55. These were posted to the mailing list sometime ago. There has been no suggestions or amendments put forth. Unless anyone wants to shout about it now I'll consider it finalized and approved.
Yeah.
Those of you who are regular attendees will have seen bits of this agenda before. In the absence of presentations or particular points that people wish to raise, I went back to what had proved useful previous to this and stole a lot of Rodney's agenda. There are a number of points to work through. It's very much an audience participation sort of thing. We have a number of points which are almost place holders which if anyone wishes to say anything about them, if you have any information to share, that's what they're there for. We have a range of portable mikes and we'll attempt to get them to you should you wish to speak. If at any point you do wish to speak, can you please state your name and whom so ever you represent, be that private internet, organization or private citizen.
So we'll wander our way down through this list. The first one is developments in email abuse. Is there anything that is new? Is there anything that since we last spoke in Amsterdam people have been noticing on their mail servers, inboxes, people have had large amounts of data exploited or stolen because of things that their users were not familiar with, or otherwise? I think the things that were that I was recently reading in /SE man text on email abuse, was a number of particular upsurge in Google add words fishing and also in calendar spam and subpoena, U S subpoena spam, not so much spam as keylogger vector where the email would come telling you you've's been subpoenaed by some court probably in a country you're not a citizen of, and attaching a file which you're asked to download to view and this downloads a key logger and pops it on to your machine, which we would have thought in this day and age would have been a blinding obvious vendor of attack, but sadly not so much.
Is there anything that anyone wishes to comment on? Anything in any of the inboxes that you're currently looking at? Right so.
On the flip side of that particular arms race, from an antiabuse point of view, from the side of the good guys, is there anything new and shiny that people have seen that has been stopping said attacks or has been removing the possibility of users clicking in the wrong thing or doing the wrong thing? Any new and shiny installations or have you just built yourself a new web server which has a 0% false positive? He said hopefully in the hope they'll's hear some other voice and not just get board of me. I realise my accent is nice but probably not that nice.
The only thing that I was recently looking at was a bunch called brand mail solutions who aren't so much of an antispam set up as a sender verification set up to give trust to users by presumably taking reasonably large amounts of money from brands, say you're a national airline of whatever country you wish to inhabit and alsoly /AEUZing with email providers, so users of a lot the aim would be that users of a lot of the free solutions would receive a mail, the airline confirmation mail being a typical one of these, and that email would, assuming it was sent by the right people, so it's a sender verification tool as much as anything else, that would check back with a central server and if it was correct and all the boxes were ticked in the G mail or hot mail, up would come an icon, so for Aer Lingus it would be a little shamrock or whatever else proving to the user that this was indeed a mail from the people they thought it was a mail from. Now, of course if large spam operations also wish to give these people money and they would have icons saying, yes, indeed these were from a marketing company of your choice, I wouldn't possibly mention somebody like E 360 in a public forum, then that could happen too. It's not fighting spam but fighting the unwanted spam but giving people the authentication that the mail is from where it's supposed to be. I haven't seen any of this in live production as yet, but the conversation was there.
Yes, please.
AUDIENCE: So I've seen one of� I have seen some of these systems, obviously they have to use some techniques for something like sender verification, but what I saw is that some folks create an identity key, associations that actually vouch for these folks that they actually have some reputation, sort of more like a reputationbased system. You become a member of that organization and they give you reputation depending on how you behaved in the past, and obviously you have to pay them some money as well, so that no arbitrary user can show up. And then they basically for all the members in this group, they provide that reputation data along with the email message. I was just wondering on how successful that has been. I've just seen that those things popped up. I wasn't quite sure whether it was a worthwhile idea. Do you know anything about that?
CHAIR: I have my own opinions. I would not attempt to give an authoritative answer. Reputation services there have been a variety of them, some of them none of them seem to have worked amazingly well. It depends what problem they're trying to solve. And if it goes back to persuading the users that, yes, this mail comes from who they that comes from the people they think it should have come from, then fine. The problem arises when the people who start using the reputation services possibly aren't as reputable as the receiver would want them to be. So it's one of the problems in a lot of sender verification things. Again, in my opinion, and others, please, if they have them, do say so, that the reputation is weakened and you end up with people who are definitely sending it, it just isn't something that the receiver wants.
AUDIENCE: Fergal, UCD, do we really want to train people that sometimes it's okay to put in your personal details and send them to whoever you think is your national carrier?
CHAIR: Well, my impression certainly of what's been talked about is not a mail which might otherwise look like a fish. It is a piece of information. It's a problem that a lot of users have been made paranoid by people like us sitting there going you can't necessarily trust what you're receiving in your inbox. I would very much hope and this is what I was saying to the people when I was talking to them, the content of the mails would not change. They would not suddenly think yes, we can now ask for users pass words. And I absolutely agree we should not be deviating from what I think is the best policy, which is no, don't ever, regardless of who you think it is, don't do business with people who think it's okay to send your pass words or click on random links. I don't know if there's a level of verification that I would trust for that.
AUDIENCE: Do you think that mail users in general are too paranoid?
CHAIR: Differently paranoid, which I realise is a dubious comment to make, but it's strange. Lots of users of the internet seem to be paranoid in a particular direction and not paranoid in the direction I would want them to be in. But that's, again, my personal opinion. They're not willing to enter their details in places where we as technical group people can see, yes, this is secure and this is right and this is proper because they've heard hear stories and five minutes later they'll's click on mail or link and we sit there and go, my dear god, are you insane? I don't know what the balance point is but trusted and verifiable sender systems seem, if they work, and that's the big question, then they're not necessarily a bad idea if we can put the correct amount of trust if place in the email systems.
AUDIENCE: I think one of the problems is that the technology isn't such that most people can trust or verify what they're seeing. I mean, this goes for padlocks on web pages. The vast majority of people using those do not know what it means. They get some sense of security from the padlock, perhaps, but is it secure? Maybe. Is it trustworthy?
CHAIR: What's the URL?
AUDIENCE: This is Roland Perry speaking here in a personal capacity. Talking about being paranoid, I won't name the guilty party here other than read out the URL. I got an email a couple of days ago which I'm pretty sure isn't a fishing email, I'm not a hundred percent sure but there's lots of signs and it says protect yourself against online fraud and it gives me lots of places to go to to get advice. The first one, it's not a hidden URL because mine shows me what's really there, paypal.co.UK and you go to that and it redirects invisibly to paypal marketing, so there's an interesting thing and down at the bottom it's got a link that says forgotten pass word and that link goes to something at mediaplex.com though if you click on it you end up back to the paypal. There's a whole circular here and doing what they've I've been told not to do which is go to a website I thought not. Changing I'm alarmed about credit card companies saying you know this email is from us because we're about to quote you the last four digits of your credit card number. All it means is it doesn't mean they are's my credit card company, they either know the last four digits and is trying to find the first 12 or somebody who is making a lucky guess. You're teaching the public here to put some trust in that fourdigit number. It doesn't take much for people to start sending an email I'm who I say I am because I know the first four digits of your credit card number, all that is is the name of a bank.
CHAIR: Sadly there are many many companies out there and obviously we have no idea who you were talking about, but many many companies out there who do dumb things with their marketing, no question about that. What we would like to do is educate said companies so they treat with their users better. But all too often you have someone who comes up with a fantastic idea and goes we should send this mail out, send this information out and it never gets checked by the clueful people in the global corporation and by the time it goes out, the users have read it and then there's a further reduction in the trust or mixed signals or whatever else. But it's one of the many things that people need to be better educated about so they are correctly paranoid rather than the situation at the moment. Other than education, education of the users and the people sending out the mail, I don't know if there's any technical solution which one can approach which will fix that terribly. They seem to like that idea.
Any further comments on any of that? Shall we go south a bit further?
Legislation. I'm not aware, certainly not in the EU, of any new legislation which would affect the sending of or punishment of the senders of spam or related content. We're still, certainly in the EU, working off the statutory instrument of 2002. There may be other areas in the RIPE region which have laws of which I'm not aware, any of the countries in the middle east or of Russia, which someone may wish to comment on, any new legislation or new attempts to crack down on senders? No, so we still have the same broken set of laws we had previously. I have an entire rant about the Irish's government implementation but I've given it in this working group before so I won't repeat and bore you all.
So yes, products which does key into developments in antiabuse, any new shiny boxes which are supposed to solve all spam or anything else which anyone has experience of? No, fair enough so.
A recent list discussion is pretty much all part E, bar the odd one or two. We had a couple of people on the list between here and the last RIPE, RIPE 55, discussing correct abuse contact details, discussing RIPE doing something about how to properly get in contact with RIRs or ISPs. Sadly none of these have turned into policies. So as with all such list discussion it kind of petered off, well, I think this is a really good thing and you should just do it. Sadly the RIPE community and the RIPE NCC can't do things based on that and I would just remind you all of the wonderful development policy which we have which can be looked into for creation of policies for this kind of thing. And perhaps there is a need for the RIPE community to create a policy on the area of correct contacts or perhaps some other area which is involved in this working group, but we can't the working group chairs are not willing to take a mail to the mailing list and then sit down and start working on a policy. It is incumbent on those who have the ideas as in any bottomup situation to then go and run with them to some degree. But all of the discussion on the new charter and all the rest we will leave to part E.
So technical measures which we've touched on already, sender verification, filtering. Again, bar what I was discussing with the brand mail I'm not aware of any huge changes in this but I equally won't claim to have an ominous knowledge of every single piece of antiabuse antispam in the world, so anything anyone wishes to raise or talk about? Now is the time to do so.
Fair enough so.
So, yes, I'll tell you do you want to take sadly you have to take one of these.
AUDIENCE: My name is James and this is my first time in the working group. Please be easy on me. I have a specific question really for this forum which is looking at technical measures to prevent outbound director MX spam and also to detect viruses that are sending trafficking into the wider internet. And the reason I ask this question is we've managed to get rid of the question of inbound spam by outsourcing our platform to Google but I'm interested to see if anyone's done anything to detect outbound spam other than what you get through spam reports, et cetera.
CHAIR: Speaking purely personally, there is no reason that one cannot run various mail filtering applications, be they spam assassin or otherwise, in an outbound direction as well as inbound direction. RBLs aren't going to be a huge advantage, but that's certainly one option of running the filters on your outbound. But
AUDIENCE: Is this something that this crowd is actually doing? Do you try and detect spam leaving your network?
CHAIR: Anyone? I don't. I'm probably not the best person to answer this question. Everyone here has a bunch of users they trust entirely to not ever send spam.
AUDIENCE: Interesting. We have about a hundred requests a day to prevent customers from sending spam so it's quite a significant problem. The only way we pick it up is by other ISPs sending us reports
CHAIR: That's a large part of it. Is this just to try and get a better idea of the problem. Is this people knowingly sending spam or is it machines which have been compromised which are then being used to send spam?
AUDIENCE: The latter.
CHAIR: That can be a far more common problem. Are all of these machines going through your MX or do they have the ability to go to port 25 /TWEPL selves?
AUDIENCE: Director MX
CHAIR: Right. Okay.
AUDIENCE: Michael Dillon, BT. Might I suggest you might want to investigate an organization MAAWG because they're doing all types of work on the various email abuse issues. One thing we do in BT is we try to detect botnets or detect bots and shut them down before we do much damage. We have software and processes in place to do that.
AUDIENCE: How does it work? Do you know?
AUDIENCE: I don't know the technical details. We had somebody from BT, they presented a year years ago to MAAWG and explained how it was done, set up in conjunction with somebody from UK university so it was all explained in the paper. It's a commercial software tool that's doing the detection, so if you do some web searching you should be able to pick it up. But MAAWG is a good resource, best practices documents, plus they're they're specifically focused on email operations on the internet and dealing with all the abuse issues surrounding that and all the other best practices as well.
AUDIENCE: One last thing, almost the more challenging question can outbound viruses but that's not something for this meeting?
CHAIR: Not just yet. As Michael said, there are software tools which one can do. I think a quick search and even look at the mailabuse group or Google for such things will probably reveal to you quite a lot of the some of the basic tools that people use. If you are a large outbound mail provider, then, you know, you should be aware of the other large mail outbound providers. There's no need to try to reinvent the wheel. Groups like MAAWG will be able to point you in the right direction and give you the more technical aspect of how to solve that. Blocking board 25 outbound from your users
AUDIENCE: We considered that.
CHAIR: Why did you only consider it as a matter of interest?
AUDIENCE: We still have customers who want to send mail outbound to another ISP. We still let our customers do that.
CHAIR: I'm not going to advocate or not but it's going to cut it down hugely if you do.
AUDIENCE: As an employee or exemployee of a big Dutch ISP very securely focused this is a soft problem for many of us, they do provide expertise for other people and am happy to talk to you after to give you a few pointers.
AUDIENCE: Great
CHAIR: So moving on downwards. The interactions which we don't have a particular list of, not that I'm aware of many going on at the moment. There are no joint proposals or otherwise with the working groups, any other working groups. There is something there are things that we are suggesting and things that we should be doing from the point of view of an advisory capacity which interact with two of the RIPE task forces which are currently in place to a greater or lesser degree, data protection task force and task force on enhanced cooperation. Nothing is actually particularly happened there other than a few informal conversations, but the space in which they are working is not wholly dissimilar to some of the areas we're looking at. We should be providing information and advice too. That's a potential interaction.
The rest of us, the marketeers, the other ISPs, bulk mailers, RIRs and IETF, there is nothing currently going on. If you are a member of one of these groups and you think we should be interacting with you in some way, now is an excellent time to say it. But there's nothing currently active at the moment.
AUDIENCE: I was wondering, so you focus mostly on email spam but I'm sure someone might have suggested you also look at other forms of spam.
CHAIR: Item E
AUDIENCE: Okay.
CHAIR: Absolutely. And this was a matter for a lot of discussion in Amsterdam at RIPE 55 and indeed on the mailing list and what I'm about to start talking about now.
So what I'm about to start talking about now. At RIPE 55 and well there was kind of a bubbling conversation since RIPE 54, there was a discussion that focusing on anti-spam, or indeed the slightly large area of anti-spam, was a little narrow and that the internet has moved on a bit from when this working group was set up: There are a lot of other things and in many ways spam, be it fishing or whatever else, is a symptom rather than a core problem. The gentleman from BskyB, the spam they see is not bulk marketers, not people going I have a mailing list and I want to abuse it, it's compromised machines, it's botnets that are sending this out. People are now using IM to send their spam and viruses. There are issues with abuse of websites which all ties in, DNS issues and a whole bunch of different things which I don't have a particularly preferred term for. The term network abuse has been used, the term internet abuse, a variety of different things has been used and has left us with a problem. But the awareness that the problem is larger than simply SMTP. So the proposal was made that we would expand the work of the working group to cover a larger anti-abuse remit. And to increase that scope, because there is no other working group in the RIPE community that is looking at the wider area, various bits of it have crept into the Anti-Spam Working Group and we should acknowledge that increase, acknowledge the change in the way the internet is being abused and we should widen our focus.
At RIPE 55 there was a general near consensus that this was a good idea. There was one voice against raised at the meeting. We took this on to the mailing list, and there was some further discussion which in general has been I think it's fair of me to say and please call me on it if you think I'm reading the mailing list wrong but the consensus on the mailing list has also been in agreement with this. Over the last two weeks there have been a couple of different drafts of a proposed new charter put forward and here's one I prepared earlier.
Someone's going to have to remind me how to get a slide show on PDF but this might do it. This is going to be really really difficult to read. I'm going to go through this now and I'm not going to suggest that this meeting, this particular physical meeting here, will say yea or nay and we'll make the decision in 20 minutes time. This is a physical meeting, chance for discussion and we'll take it back to the mailing list with the results and assuming the mood stays the same or whatever way the mood goes we'll make a decision based on some further mailing list discussion. To briefly read through this, for those of you who have bad i sight like me,: As the internet has evolved, the scope and scale of network abuse have evolved in step. (However, initial areas of interest will be messages protocols, et cetera. (It's important to note that areas such as cyber squatting are not mart of the remit of this working group. The working group would aim to tackle the issue from technical and non-technical areas.
So that's what I've been editing and throwing different versions of in the mailing list over the last couple of weeks. That version was posted at 1430 yesterday afternoon, give or take an hour, I'm not quite sure what the mail stamp is saying at the moment. There have been no further responses to that version of the proposed charter since that point. I quite like it but then again I wrote it so that's kind of a given. This is the direction that myself and Richard think is a sensible direction for us to go in. Exclusively focusing on the problem of spam well, A, I think almost the fact that we have no presentations or comments at this meeting is indicative there's a wider area. Give me one second and I'll open the floor up a little more or open it up totally to all of you. But so we think there's a lot out there to discuss and this working group is perfectly positioned to discuss it. We are aware of people's concern about losing focus or trying to bite off more than we can chew. And all I can say is myself and Richard have very healthy appetites and it's visible. But in seriousness we think that it's possible for us to investigate what other areas to expand the scope and to see how we go to a certain extent. We believe that the theories we have and the way we'd like to take it will enable us to deal with these issues and to not forget about spam in any way whatsoever because it is still whether it's a symptom or not it's one of the most visible problems people have with the internet today. So that's my pitch. It's the repetition of RIPE 55 and the charter and emails I've been sending. Is there any commentary? Anything you want to say?
AUDIENCE: I'm from LINX. Thank you for going through the redrafting. Just because I haven't been replying doesn't mean I haven't been looking at it. I have been making some notes of this. I think that the redrafts are moving in the right direction.
CHAIR: But?
AUDIENCE: I think it's important to be careful about line drawing here when it comes to the term network abuse. Is running Skype network abuse? My no bile network thinks so. Quite a lot of ISPs think so and on and on and on. There are many things people think are legitimate and others consider network abuse. There's a strong case to say it's an acceptable use policy which draws it very broadly indeed.
So I'm not quite sure how your you've picked out certain two things you wish to exclude from it, I'm not sure how they are drawn from an understanding that's made clear as to what network abuse is, rather than two things that have been identified that you wish to explicitly exclude. Do you really have a well formed coherent theory that would constitute what network abuse is that would answer those questions I posed right now?
CHAIR: I think I've got the answer is no because my answer is both yes and no. I think that we're in a situation and the problem is that, as you say, vast numbers of people have different views of what is considered network abuse or not network abuse. Now, that said we've been running a working group for sometime discussing a problem that I'll find you a decent crosssection of what I'll refer to as society and will tell you isn't a problem and tell you we don't need to legislate against because it's perfectly understandable marketing and didn't you ask for that in the first place.
So I do understand what you're saying and this is obviously my efforts have been towards trying to narrow this down and frying to get a more acceptable definition and description of this. I don't think we're ever going to reach a point where everyone's going to be happy. I mean, this is this is the problem I've got from the point of view of redrafting. I'm absolutely more than open to work on this further if the working group feels we do need to work on this further and to try and come to a clearer and more precise understanding of what the working group and what the RIPE community considers to be abuse. But I'm also going to stand here and say I don't think we're ever going to reach a point where we're going to get complete acceptance of what of what that abuse is.
AUDIENCE: But I'm afraid I'm still no clearer. Are you actually wanting to development a better practices document in line with previous best practices document to advise on how to prevent Skype running on their network
CHAIR: No is the short answer. And to be fair what we probably need to do is just kind of saying now is insertion of something along the lines of malicious or the word malicious, is what we are looking at here. I am not looking to suggest that people stop people using what has been described as disruptive technologies or some people might interpret that way those are part of the evolution of the network. However, I think there's probably a somewhat clearer view of what is considered generally rather than by the specific network operators as malicious network abuse. Would that be a fairer comment to make?
AUDIENCE: We're moving towards it but more should be done maybe you'll right that we'll never get perfect clarity but I think we need to go further towards more clarity than we have now.
AUDIENCE: Hi. This is actually my first meeting so I don't really know most of the folks in the room and don't know where their expertise is but you listed a couple of things like VoIP or spit or whatever you call it but I wouldn't go to precisely defining some term of what abuse would be but rather would focus on what the folks here have from operational experience. For example, I don't know how many folks run /AS 56 service, there are some spam, spit, botnet type of issues but there's the S S P guise having a separate group that presumably they have more expertise than folks in this room, better to do something there than here. In other areas it might be different. Do you have a good understanding of what the area of expertise is in the VoiP of who has actually done or seen some form of spit and who has actually an idea on what to do about it?
CHAIR: From the point of view of what the area of expertise is or otherwise, the people in this room and indeed the people who currently inhabit the AntiSpam Working Group mailing list, are not the only constituency from which one can draw for a working group with a wider scope. And certainly it would be my opinion and hope that should the scope widen, that other people would then be drawn in and get involved. There is no other working group no, that's not true. Let me start again. There are working groups which deal with some areas of abuse, but not really, and certainly the ENUM working group, for instance, being the working group which is closest in theory to a VoIP set up or otherwise, is not and does not have any intention of starting to look at the abuse of VoIP systems or otherwise. They're worried about email that's what they're doing that's the situation. There isn't a situation where I can say we don't need to worry about it, because they are, if that...
AUDIENCE: The idea that a couple of folks have started some work on spam prevention and spam handling or anti-spam techniques and I've organized a BoF at the last IETF meeting on this subject and there was a lot of interest but finding people who really operate networks and really have encountered problems today, for example, in the VoiP case is difficult to find. In the case of instant messaging that's not so difficult to find. If it's voice or instant messaging, it's probably more difficult but there is actually something. So I was wondering do the folks in the room, have you actually seen anything of those things? Otherwise it's just written there, if nobody has encountered any problems why should they provide guide lines on how to prevent it? Have you done a sort of ask the folks in prior feet meetings of who is running these systems and who has encountered problems on picking specifically the VoiP stuff? It might be an issue in a couple of years but otherwise it's like a theoretical investigation.
CHAIR: Absolutely. This is the thing, this is still a draft and will continue so until the working group are happy. If I put up technologies which I felt were in that situation that we're aware that there are both very obvious problems, the potential for problems in certain areas, so they are examples and this is the thing. It was other and if that list of examples goes too far then it can be changed; if we feel there's something vital which should be on it which can't be covered by the additional areas that's also the case. There's a certain amount of almost future proofing that I'm trying to do. We're aware there are some emerging problems and one of the things I'm trying to do is reflect the evolution of abuse of malicious activity over time so not to reach a point where we're tying ourselves down to a particular set of things when we can see there are areas that may involve malicious activities in the future. Your point is taken.
AUDIENCE: So your strategies so you want to be proper active, give some guide lines out in the anticipation there would be an issue in VoiP, which is quite easy to understand rather than waiting to see and
CHAIR: I'm not looking this will be absolutely you next Peter, I'm not looking at producing a single document or statement now which will cover anything until the end of the world, looking at going producing the information we can produce and adding to that and evolving that over time. But leaving ourselves open to the potential of doing that rather than saying we're looking at this one specific thing.
AUDIENCE: Peter Koch and I'm happy to act as a microphone stand so no problem.
I think this drafted charter is going in the right direction and I think I share some if not most of the concerns that were voiced and given the history and the recent history of the document where it was very broad at the beginning and then some areas not to look at were added, it was an obvious choice to make a similar change on the positive side. That now contains things that scare me a bit and I have to approach you because my eyes are as bad as everybody else's.
SMTP, find, HTTP, what is that? I have a hard time to find specific cases for these, same for DNS. Lots of DNS abuse perceived by people but the obvious problem that people see there is like cyber squatting, you name it, things we specifically exclude and we do have a DNS working group in the RIPE community. I'm one of the coChairs with this and I'm happy to liaise but we haven't had too many occasions where people felt in this particular area something should be done in this arena here. And VoIP was already taken care of. So I'm not so sure where the desire originates from to broaden the scope that far. I mean, if this working group is more or less an information exchange, so people come here to inform each other and learn about the newest trends in network abuse and not talking about Skype but botnet and Fast Flux and you name it, then that's fine, I guess. If you try to develop documents, then actually, you would have to have strong and firm valued commitment against each of these examples so that actually mile stones is kind of right that you can say looking at VoIP we are willing to engage in a document making recommendations about spit and probably not about the technology because that's IETF venue or other arenas. I have a difficulty finding the split, whether this is an information exchange, the charter could be narrowed down quite a bit I guess, or developing guide lines. And then again it should be narrowed down in another dimension having explicit topics, mile stones and you better get names besides those milestones as soon as possible. And that's the first decision the working group needs to make. And one idea would be to ask the people in the room what their expectations are, right? What they're going to learn here instead of listening to me talk about your charter and stuff.
CHAIR: Absolutely and thank you. I mean this is the point just there is a certain amount of how to phrase this properly and not sound whineny
AUDIENCE: Be blunt.
CHAIR: I'll be blunt but don't want to sound whineny. Absolutely. What do the working group want? Most of the time so far when we have said we're moving away from a narrow focus on SMTP, the vast majority of people have gone, yes, that's a good idea. Very few people have yourself have and a few people on the mailing list, there has been some discussion, have worked with the two chairs to work on that. We need more help, you know. If people are looking at the charter and are making suggestions, then please make those suggestions. And this is the pale, that we can sit there and come up with charters and all the rest, but this kind of discussion, yeah, we need more of it and preferably on paper as well. It would be really, really useful. Any of the comments that are made are certainly taken into account and working towards a better description and a more useful description because I have no wish to be part of, be it as chair or otherwise of a working group, which doesn't feel it has a purpose or otherwise, that's a bad situation to be in.
So we'll definitely take all that into account and look at it and see if we can work towards something better.
I, again, I'm kind of torn at wanting to have my cake and eat it from the point of information exchange and also the ability to be in a situation one can advise whether the documentation or being an information source that people can come to and ask questions of.
So there is an overlap there that I see between the two rather than picking one road or the other. But it's certainly the more input we get, the better.
AUDIENCE: I'm speaking for myself. I was one at RIPE 55 who was decenting and arguing for keeping focus. Actually I'm fine with the current proposal for the new policy. The working group has been we all know this pretty new around the entire last year and if this wide scope helps anybody to go forward then I'm all for it at the end of the day.
The only caveat I would like to voice, if you have the general flak of addressing network abuse, you should be aware that people coming to us and saying, well that's kind of network abuse, do something about it, in particular the RIPE context. RIPE is giving out unique resources to somebody, in the end now, this is not a case of spam here but a case of hard knocking or whatever. Since you now promise to cover all kinds of abuse, we are responsible people to set up policy proposals, also to address this. That's a bit of a danger that I see. But otherwise go ahead.
CHAIR: Okay. Thank you. I will say that the creation of policy proposals certainly, to my mind, is not exclusively the job, by any stretch of the imagination, of the working group chairs. In fact in the vast majority of cases it's not the working group chairs creating policies. One of the ongoing things I have this idea, RIPE should be doing this, the only answer we have in that situation and I'm more than willing for people to come along and propose policies of a wider scope but people have to step up and propose the policies and the Chairs will work, do whatever we can to work with them to help them and work through that policy development process but I am not standing here saying I want to widen the scope and oh, by the way, I'm now going to start...
AUDIENCE: I fully agree. I handed down the paragraph in the RIR... now, that's work we would have to do then, of course. It's not you.
AUDIENCE: Okay, I'm raising the concerns that I raised mainly because I don't think that an overly broad charter is helpful to the working group, in fact I think it's heavily detrimental to the working group. A narrow charter allows difficult controversial and unhelpful proposals to be dismissed on the base of whatever the merits or demerits it's not what we do. If you don't have that then we can easily end up in a place where we don't we are unable to form any kind of consensus because there are fundamentally different opinions that ought to have been excluded by the charter so that we could have said that but instead we can't, we spend the whole time arguing about that.
But you asked us for constructive proposals so now I'm going to have a go at that. I think you're overreaching by being too futureproof here more than you need to be. Instead how about taking the things that you actually can envisage doing and say let's do that, spam SMTP, sure, you want to do spit as well, great, let's do that. You want to do spam over intant messaging, great, no problem. You want to include spam on web logs and all the rest of it, let's add all these things, they're identifiable instances of bold messaging that we can achieve a definition for. And then there are the systems used to create it. We can add in all the systems and mechanisms, technical and nontechnical that are used to facilitate in this and make money off it as well and we can add all that in and you have a huge amount and you don't have all the worries that I raised in my first comments, none of the stuff in the potential arguments that I opened up come up. Does that help you?
CHAIR: Yes. In short there's almost a danger and I've been turning myself blind looking at revision revision after revision and there's a huge danger that one gets focused on a particular thing. Absolutely, that helps immensely, whether we'll look at that and I think it is probably a very good way of approaching it. So thank you very much. Peter do you still want to say something?
AUDIENCE: More or less what he said.
AUDIENCE: Pretty much what he said. I like it when people say that.
CHAIR: Excellent. No, really, thank you very much. That's exactly what I mean about constructive criticism or constructive ideas.
So yes, okay, I can certainly based on what's been said here well, once I see what wonderful things the stenographer has written up and the minutes that Fergal has taken, we'll happily and gladly put together another draft based on the comments that were made and there's still more time for more comments so if anyone wants to say anything whether in support or defiance simply or lots of detail and constructive criticism, we still have time to do so. But if not, then I will take what's been said here and I will I keep on saying I we, we will put together another draft of the charter and send it to the mailing list for further consideration. I mean ultimately this is down to us as to what we do with the working group and by us I mean all of the members of the working group, anyone who wishes to participate. There isn't really a higher power to which we need to appeal or otherwise. There's a lot of ability to change things around charterwise. So I will send out the mailing list for further discussion. We can have further discussion there. I would very much like I realise that a lot of my the ability to reach this desire is centered around the Chairs but I would very much like for RIPE 57 in Dubai to not be the AntiSpam Working Group. I would like to very much have this done and dusted in whatever way we end up doing it and dusting it on the mailing list before that point. In fact, really the sooner the better, assuming that everyone is happy and I have no intention of rushing anything, that we can reconvene as whatever the group will end up being called and as I had in the mail with this draft, naming suggestions are welcomed. I have a couple of thoughts but obviously the more input the better. And we can go from there. As I said hopefully we'll be able to reach consensus on the mailing list, which is where consensus should be reached on them and then inform the rest of the RIPE community that this is the decision we have made.
Does that sound okay to everyone? I'm going to take silence as consent unless it doesn't sound okay to someone.
Fair enough so.
So we will work on that basis and obviously Malcolm and Peter and anyone but I'm going to specifically mention you two, if you have any particular other suggestions or any details, comments you want to make on the mailing list, please do so and continue. The contributions have been most useful.
That's kind of that bit of it. Do I have much left? I still can't remember the shortcut to full screen.
So that's kind of the end of the listed agenda I had there. We're at X. I never want to see an agenda which actually has something between the upper letters and X. Anyway, AOB, is there any? No. Okay. It looks like we're all going to have a very long coffee break. However, obviously we will be needing to prepare an agenda for RIPE 57. Your contributions are I find it difficult to emphasize enough how much your contributions are needed and welcomed for the agenda of RIPE 57. It will get very very boring if we have to go through working group with just me talking. We had three presentations at RIPE 55 and then we had no presentations or suggestions at this meeting. I'm hoping those presentations will be taken from a wider scope and indeed if there are any present [unclear] that any of you may think of for EOF and the plenary sessions, you should think of those. You have six-odd months to work on that and there will be a reminder sent out on the mailing lists.
While thinking of it RIPE 57, rob asked us to remember that RIPE 57, taking place as it does in Dubai will not be running Monday to Friday. The week starts on Sunday so you should remember this when looking at booking hotels and flights and all the rest that you should just not assume as per usual that the opening session will be on Monday and we will all go home on Friday. The meeting will be running Sunday through to Thursday. So still days one to five, just not on Monday.
And yes, unless there's anything else, thank you all very much for your contributions, that's pretty much it for the working group meeting for RIPE 56 and I look forward to seeing you all in one guise or another in Dubai later this year. Thank you very much.
(Applause)