<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Minutes from RIPE31 WG meeting


I forget whether I have aready sent this to the list.  If not, please accept
my apologies for the lateness of this.

James

----- ___                       - James Aldridge, Senior Network Engineer,
---- /    /   /  ___  ____ _/_ -- EUnet Communications Services BV
--- /--- /   / /   / /___/ /  --- Singel 540, 1017 AZ Amsterdam, NL
-- /___ /___/ /   / /___  /_ ---- Tel: +31 20 530 5327; Fax: +31 20 622 4657
-                           ----- 24hr emergency number: +31 20 421 0865

RIPE31
Anti-Spam Working Group

DRAFT MINUTES

1. ADMIN STUFF

	Chair: James Aldridge, EUnet
	Scribe: Petra Zeidler, Xlink

2. GENERAL WG INPUT

2.1 Current problems,major incident reports, etc

	"Reverse Spam" - Forged mail headers implicate innocent third party;
	the innocent party gets all complaints, delivery reports, etc.

	"Spam Relaying" - main problem in Germany as spam sending is
	considered fraudulant.

	Problems with unresponsive spam originating provider.

2.2 Means of dealing with spam

	ISP Relaying
	Customer Relaying
	SMTP port blocking for incoming/outgoing
	Blocking known spammers (blacklists)

2.3 Roaming Customers

	- setting e.g. local mail smarthost transferred in PPP negotiation

	- tunnelling back to home ISP

	- authenticated SMTP

	- limited amount relaying (when connecting to home server from remote
	  address)

2.4 Implications of blocking/restricting SMTP to force use of ISP's relay

	Some people want to be able to send end-to-end

3. CODE OF CONDUCT FOR ISPs
===========================

	- Ask customers not to spam

	- responsive to spam reports

	- coordination of open relay removal (taking advantage of
	  provider/customer relationship)

	- have an abuse@ email address (reference RFCXXXXX standard email
	  addresses)

	- educate people to see where to look

	- get complaints fast to block ongoing abuse

	- abuse.net to make abuse reporting easy

	- blacklist known spam users:
		= wouldn't work with online registation ISPs
		= may be illegal

	- IP address use limits (assignment of IP addresses to customers has
	  additional limitations above existing Regional Registry rules)

	Discussion:
	
		- US: "good" spam (has correct "From" field)

		- Belgium: "database entry" spam (not really a legally
		  required act)

		- gathering addresses from public databases (RIPE, InterNIC,
		  etc).  All databases copyright; proof of abuse leads to
		  legal action.

		- NSI CD-ROM seems to have been withdrawn

		- White pages

		- "tar pit" - abuse triggers delay in all SMTP actions
		  limiting rate at which spam can be transmitted.

		- restrict number of recipients in a single SMTP
		  transaction/message

		- Get "typical" spammer's profile so new ISPs can avoid taking
		  them on.

		- get together a common set of terms and conditions -
		different laws across Europe - how does this affect us?

		- what existing laws relate to spam?

		- what about non-EU countries?

		- terminate contract if abuse

		- bill for abuse cleanup

		- have marketing people write "netiquette" document

		- EU-wide, every ISP netiquette and maybe even have country
		spec netiquette

		- put pressure on software vendors to not deliver SMTP servers
		which are open to third-party relaying in default
		configuration.

		- technical measures won't last for ever: legal standards are
		necessary

		- have an RFC say "thou shalt not relay 3rd party mail"

		- "Good netkeeping" /"RIPE approved" sticker for software with
		good defaults


4. CENAR

	abuse.net exists
	last resort will become first
	duplication of efforts to be avoided

5. AOB

	LINX is hosting a "spam conference" in London in October

	Check maps.vix.com for relaying checker and hints to fix is open and a
	lot of other useful information.
	




<<< Chronological >>> Author    Subject <<< Threads >>>