DRAFT Minutes of the Anti-Spam BoF held at RIPE 29
- Date: Thu, 23 Apr 1998 19:55:00 +0200
Apologies for the delay.
Please find attached the DRAFT minutes of the BoF held at RIPE 29.They are
only slightly embelished from Roderik's excellent summary for the plenary.
[Thanks Roderik]. I will shortly send to the task force members the draft
charter I have been working on.
Comments / changes on the minutes to the list, please.
Rgds,
John
--
DRAFT Minutes of the Anti-Spam BoF held at RIPE 29
Agenda
------
1. Welcome and Introductions
2. Brief Overview of anti-spam (email-only) mechanisms
- particular emphasis on maximum effect for least pain
3. Determination of possible wide-scale deployment mechanisms
- measures most likely to succeed
- how to deploy?
4. What next?
- Formation of more permanent working group?
- Longer-term plans
5. A.O.B
6. Close.
1. Welcome and Introductions
------------------------------
John Martin opened the meeting and presented the agenda. He
explained the purpose in calling the meeting and suggested that
the meeting should not waste time discussing spam per se - since
this was already a well-defined problem - but rather the purpose
of the meeting was to determine if anything should be be organised
in the context of RIPE in order to reduce the impact of spamming
on the European ISPs (and their customers). It was further
proposed to have the meeting concentrate only on email spam.
2. Brief Overview of anti-spam (email-only) mechanisms
--------------------------------------------------------
There was lots of discussion about anti-spam measures, and longer-
term issues. For details about anti-spam tools, see
http://spam.abuse.net/
Specific proposals for defeating spam within Europe included:
- Blocking of mail relaying by ISPs (most popular weapon of
choice)
- Education. Most spammers don't intentionally do bad
things, and won't spam if you educate them
- Registering modem-pools in the RIPE database to allow for
identification
- DNSlookup, RBL, adding md5 checksums on message content
- SMTP authentication
- Blocking US-based address blocks (!)
- Blacklists
- Affirmation lists (don't send me spam, ref. 'ja/nee
stickers' in Holland), there were some people who said
this would work for most people (the clueless persons)
and you'd only keep a handful of 'really bad persons'.
Many people found this a bad idea however.
- ISPs should make contracts with their users that they
don't spam or will get kicked out! (A bit difficult if
most notorious spammers use "free trial" disks.)
- (Probe everyone, make list of people that do relaying: NO!)
3. Determination of possible wide-scale deployment mechanisms
---------------------------------------------------------------
The technical solutions which might be deployed widely were
discussed in turn. They included:
- Blocking mailservers for third-party relaying is a good
thing, people should implement this. It was proposed that
ISPs who did not block third-party relaying would become
isolated. Some said this was the only technical solution
that would work; if many people are doing this, then we
can insulate the 'gaps' which still don't and block them
until they do.
- Since currently most spam appears to originate at US
sites, it was suggested that wholesale blocking of mail
from US ISPs - with an "allow" list rather than a "deny"
list - might prove more fruitful. However, it was pointed
out that many spams now originate in Europe also and even
if not, it was merely a matter of time. Conclusion: this
is not a US-only problem.
The consensus of the meeting was that wide-scale deployment of
anti-relaying was necessary but there was no concrete proposal on
how a RIPE group might help this.
Question to ISPs: What are your policies w.r.t. customer
complaints about spamming / spam originated by customers? Very few
ISPs were willing to discuss this; some people explained, but
discussion still went on largely about technical issues. However,
it became clear that a concerted RIPE action should be a non-
technical one.
4. What next?
--------------
Since there were no technical solutions with which a widespread
RIPE activity might help, the chair asked other possible
activities which might be carried out in the RIPE forum.
Two concrete proposals were made for RIPE-based activities:
1. Drafting a 'code of conduct' which ISPs can sign.
- There was a clear indication that many people were willing to
sign such a thing. If this is done and the list of signees is
published, then there would be more pressure on others to 'do the
right thing'.
- First target audience would be RIPE
- (Question: Should EIXs maybe only sign up ISPs that have
signed this? outside of this scope, let EIXs determine that.)
- Antonio-Blasco Bonito: Everyone receiving a domain name from
the .it TLD is required to sign a statement saying they will
'adhere to the netiquette'. This keeps problems with spamming in
Italy at a low level.
2. European central place for reports about abuse.
There was much discussion about this, the important points being:
- there seemed to be consensus that this would be a good thing.
It would give the EC a message that we are doing Industry self-
regulation and there's not much need for laws.
- this centre should not handle individual abuse complaints,
but try to get something done if ISPs can't settle things
regarding abuse complaints themselves (for instane an ISP does not
cooperate in abuse-complaints matters).
- It could also help coordination of tech issues?
- Rob B said at the end of the meeting that a 'code of conduct'
would not be of much use without such a European Coordination
Centre - there was no reaction, it was not clear whether the
audience thought the same.
There was some discussion about whether a working group would be
formed, or 'only' a task force was necessary.
Decision: Task Force will be formed to prepare:
- WG charter
- Workplan for WG
- Chairperson
(actual 'code of conduct' will take some work, more than TF would do)
There is already a discussion list, called anti-spam@localhost
Task Force:
Daniele Bovio, AOL Bovio@localhost
Yiorgos Adamopoulos, GRNET/NTUA NMC adamo@localhost
Jasper Koolhaas, bART jasper@localhost
Waltraud Erber, ECRC wer@localhost
Rodney Tillotson, Ukerna <R.Tillotson@localhost
Matti Aarnio, Telecom Finland <Matti.Aarnio@localhost
Thomas Trede, Nacamar trede@localhost
--end
John Martin
TERENA, Singel 466-468, NL - 1017 AW Amsterdam
phone: +31 20 530 4488 **
fax: +31 20 530 4499 **
http://www.terena.nl/
** Please note new telephone and fax numbers