<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

DRAFT Minutes of the Anti-Spam BoF held at RIPE 29


Apologies for the delay.

Please find attached the DRAFT minutes of the BoF held at RIPE 29.They are
only slightly embelished from Roderik's excellent summary for the plenary.
[Thanks Roderik]. I will shortly send to the task force members the draft
charter I have been working on.

Comments / changes on the minutes to the list, please.

Rgds,

John

--

	DRAFT Minutes of the Anti-Spam BoF held at RIPE 29

Agenda
------

1.   Welcome and Introductions

2.   Brief Overview of anti-spam (email-only) mechanisms
          - particular emphasis on maximum effect for least pain

3.   Determination of possible wide-scale deployment mechanisms
          - measures most likely to succeed
          - how to deploy?

4.   What next?
          - Formation of more permanent working group?
          - Longer-term plans

5.   A.O.B

6.   Close.


1.   Welcome and Introductions
------------------------------

John Martin opened the meeting and presented the agenda. He
explained the purpose in calling the meeting and suggested that
the meeting should not waste time discussing spam per se - since
this was already a well-defined problem - but rather the purpose
of the meeting was to determine if anything should be be organised
in the context of RIPE in order to reduce the impact of spamming
on the European ISPs (and their customers). It was further
proposed to have the meeting concentrate only on email spam.

2.   Brief Overview of anti-spam (email-only) mechanisms
--------------------------------------------------------

There was lots of discussion about anti-spam measures, and longer-
term issues. For details about anti-spam tools, see
http://spam.abuse.net/

Specific proposals for defeating spam within Europe included:

      -  Blocking of mail relaying by ISPs (most popular weapon of
         choice)
      -  Education. Most spammers don't intentionally do bad
         things, and won't spam if you educate them
      -  Registering modem-pools in the RIPE database to allow for
         identification
      -  DNSlookup, RBL, adding md5 checksums on message content
      -  SMTP authentication
      -  Blocking US-based address blocks (!)
      -  Blacklists
      -  Affirmation lists (don't send me spam, ref. 'ja/nee
         stickers' in Holland), there were some people who said
         this would work for most people (the clueless persons)
         and you'd only keep a handful of 'really bad persons'.
         Many people found this a bad idea however.
      -  ISPs should make contracts with their users that they
         don't spam or will get kicked out! (A bit difficult if
         most notorious spammers use "free trial" disks.)
      -  (Probe everyone, make list of people that do relaying: NO!)

3.   Determination of possible wide-scale deployment mechanisms
---------------------------------------------------------------

The technical solutions which might be deployed widely were
discussed in turn. They included:

      - Blocking mailservers for third-party relaying is a good
         thing, people should implement this. It was proposed that
         ISPs who did not block third-party relaying would become
         isolated. Some said this was the only technical solution
         that would work; if many people are doing this, then we
         can insulate the 'gaps' which still don't and block them
         until they do.

      - Since currently most spam appears to originate at US
         sites, it was suggested that wholesale blocking of mail
         from US ISPs - with an "allow" list rather than a "deny"
         list - might prove more fruitful. However, it was pointed
         out that many spams now originate in Europe also and even
         if not, it was merely a matter of time. Conclusion: this
         is not a US-only problem.

The consensus of the meeting was that wide-scale deployment of
anti-relaying was necessary but there was no concrete proposal on
how a RIPE group might help this.

Question to ISPs: What are your policies w.r.t. customer
complaints about spamming / spam originated by customers? Very few
ISPs were willing to discuss this; some people explained, but
discussion still went on largely about technical issues. However,
it became clear that a concerted RIPE action should be a non-
technical one.

4.   What next?
--------------

Since there were no technical solutions with which a widespread
RIPE activity might help, the chair asked other possible
activities which might be carried out in the RIPE forum.
Two concrete proposals were made for RIPE-based activities:

     1.   Drafting a 'code of conduct' which ISPs can sign.

      -  There was a clear indication that many people were willing to
         sign such a thing. If this is done and the list of signees is
         published, then there would be more pressure on others to 'do the
         right thing'.

      -  First target audience would be RIPE

      -  (Question: Should EIXs maybe only sign up ISPs that have
         signed this? outside of this scope, let EIXs determine that.)

      -  Antonio-Blasco Bonito: Everyone receiving a domain name from
         the .it TLD is required to sign a statement saying they will
         'adhere to the netiquette'. This keeps problems with spamming in
         Italy at a low level.

     2. European central place for reports about abuse.

     There was much discussion about this, the important points being:

      -  there seemed to be consensus that this would be a good thing.
         It would give the EC a message that we are doing Industry self-
         regulation and there's not much need for laws.

      -  this centre should not handle individual abuse complaints,
         but try to get something done if ISPs can't settle things
         regarding abuse complaints themselves (for instane an ISP does not
         cooperate in abuse-complaints matters).

      -  It could also help coordination of tech issues?

      -  Rob B said at the end of the meeting that a 'code of conduct'
         would not be of much use without such a European Coordination
         Centre - there was no reaction, it was not clear whether the
         audience thought the same.

There was some discussion about whether a working group would be
formed, or 'only' a task force was necessary.

Decision: Task Force will be formed to prepare:

	-    WG charter
	-    Workplan for WG
	-    Chairperson

(actual 'code of conduct' will take some work, more than TF would do)

There is already a discussion list, called anti-spam@localhost

Task Force:
Daniele Bovio,       AOL              Bovio@localhost
Yiorgos Adamopoulos, GRNET/NTUA NMC   adamo@localhost
Jasper Koolhaas,     bART             jasper@localhost
Waltraud Erber,      ECRC             wer@localhost
Rodney Tillotson,    Ukerna           <R.Tillotson@localhost
Matti Aarnio,        Telecom Finland  <Matti.Aarnio@localhost
Thomas Trede,        Nacamar          trede@localhost

--end

John Martin
TERENA, Singel 466-468, NL - 1017 AW Amsterdam
phone:  +31 20 530 4488 **
fax:    +31 20 530 4499 **
http://www.terena.nl/

** Please note new telephone and fax numbers






<<< Chronological >>> Author    Subject <<< Threads >>>