Re: [anti-spam-wg] ENISA Study: Industry Measures on Security and Spam


On Wed, May 03, 2006 at 04:01:05PM +0200, Jaap Akkerhuis wrote:
> [...]
> I'm tempted to quote the report summary of the executive summary,
> but you better read it youtself. A link to it can be found at
> http://www.enisa.eu.int/deliverables/index_en.htm or more directly,
> http://www.enisa.eu.int/doc/pdf/deliverables/enisa_security_spam.pdf.

Thanks for the links.  I have a question.

On page 14 (of the PDF report), section 3.3.1 ("Antispam measures
taken by providers - Outgoing emails") it appears that 45% of the
ISPs that answered the survey indicated

"We blacklist (MAPS, Spamhouse, NJABL) them if they repeatedly send spam"

as an action they take to prevent their customers from _sending_ spam.

I am not familiar with current MAPS policy, but I am quite familiar
with the operation of the other two lists, and as fas as I know they do 
not allow other entities to turn on listings or even send submissions, 
even when the other entities are ISPs asking to list one of their own 
customers.

Also, even if feasible, such an action would probably be more expensive,
in terms of human resources, than acting directly to block the offender 
at the source level with technical or policy countermeasures.
And, above all, I can not see the meaning of it: in this scenario
the ISP - the only entity that could stop the abuse at the source - takes 
notice of the existence of the spam source, yet, rather than blocking it, 
would choose to inform the rest of the world that one of their customer 
behaves badly so that abusive traffic can be blocked at the destination?
It does not make sense to me.  Also, this practice does not seem
to be a common one, as the 45% figure would suggest.
So I am very surprised by this percentage.

I have the impression that the 45% of the ISPs that answered in this
way did not understood the question in the same way as I have understood
it.  So perhaps I am the one that did not understand the report, or
perhaps there is a mistake in the way the original data have been
summarized in the report?

Thanks for any clarification

furio ercolessi