1. Messaging Anti-Abuse Working Group
ITU Telecom World 2006
Anti-Spam workshop
Hong-Kong, December 8, 2006
Luc Mathan
Co-chair Public Policy
MAAWG Board of Directors
www.maawg.org
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 1
2. =?
• Private sector consortium
• Not for profit
• Network operators (ISPs, enterprises), senders,
vendors
• International coverage
• Focuses on anti-abuse, currently anti-spam
• Engages with standards, legislation,
law enforcement
• 3-pronged approach
– Collaboration, technology, public policy
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 2
3. = + 70 more
Objective:
Preserve electronic messaging from online exploits
and abuse
– Stop abusive email, deliver legitimate email
– Eliminate a great source of cost to
• Society
– Consumers
– Employees
– Businesses
• Network operators
– Experts
– Infrastructure
– Customer care
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 3
4. Role of private sector
• Help forge and adhere to Best Practices
– For ISPs
– For senders
• Cooperate with all stakeholders
– Reach common understanding of the spam situation
• Do our part on user education
– Rule #1: Protect yourself
(don't click, don't reply, don't buy from spam, etc)
– Rule #2: Protect your computer
(up-to-date anti-virus, firewall, patched OS, etc)
– Rule #3: Report spam if possible
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 4
5. Best common practices for ISPs
• Manage port 25
– Remember ~80% of spam is from botnets
• Monitor inbound and outbound traffic
– Anti-virus both ways
• Block specific attachments
– Known to contain malware
• Rate limit outbound traffic
• Implement available sender authentication protocols
– SenderID, DKIM
• Listen to complaints
– From ISPs, RBLs, your customers
• Quarantine infected customers
– Direct to free scan&repair
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 5
6. Best common practices for ISPs (…)
• Cut the botnet control link
– Prevent PC-botnet communication by blocking appropriate ports
• Avoid creating unnecessary email traffic
– NDNs to forged addresses constitute a large part of spam
• Close open proxies/relays
– Exclusive usage of your SMTP servers to your customers
• Use your IP space responsibly
– Keep accurate Whois contact information
• Ensure your IP reputation is good
– Keep accurate DNS and reverse DNS records
• Communicate your security policy
• Etc.
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 6
7. Role of MAAWG
Most preceding BP are known and referenced by national
orgs, but …
• Some BP need particular emphasis
– MAAWG Recommendation on port 25 mgnt
– MAAWG Code of Conduct for ISPs
• Global references are also needed
– MAAWG-BIAC BP for ISPs, for OECD Toolkit
– MAAWG-APWG BP on Anti-Phishing
• Non-local guidelines on technology are needed
– Implementation guidelines for SPF/SenderID, DKIM
• Need spam metrics coming from ISPs
• Interlocutor for international governmental orgs
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 7
8. Email metrics programme
• OECD request for data from ISPs
• Program covers ~400 million mailboxes
• Spam not defined, only quot;abusivequot; email
• Number of quot;abusivequot; vs quot;okquot; email per mailbox
4Q2005 1Q2006 2Q2006
1009 1041 937
246 263 327
• Ratio abusive email / total received email
4Q2005 1Q2006 2Q2006
81% 80% 74%
• BUT: warning of a spam increase since last report
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 8
9. Latest output
• MAAWG Best Practices for senders
– Underlying principles
• Recipient prior consent
• Protection of receiving infrastructure
– Public review: deadline for comments 22 December 2006
• http://www.maawg.org/about/MAAWG_Senders_BCP
• MAAWG Contact Database for members
– Real time communication between ISPs
• React to complaints from your neighbour
– Tailored to each ISP's internal organisation
• Data sharing on spam/virus attacks, compromised IPs,
company legal contacts, etc
– MAAWG gateway acting as trusted third party
• No visible personal identification information
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 9
10. Legislation problems, one example
• Nov. 06: German ct rules ISP must delete IP logs
– Piracy vs privacy battle
– Nothing to do with spam, but…
– Cost/benefit ratio overlooked
– Side-effects clearly neglected:
attributability of spam or cybercrime (worse) impossible !
Focus on anti-spam legislation is not enough
Also need to worry about whole Internet legislation
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 10
11. Other concerns
• Whois database, ICANN
– Do not sacrifice Whois purpose to commercial interests !
• More troublesome court cases
– Spammer vs Spamhaus (US federal ct)
• Etc.
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 11
12. Cooperation (ITU-D)
• Experience in anti-spam is valuable (and we must
share it), but it reflects a fundamentally flawed
environment:
Don't repeat mistakes of the past !
• Worry about security when defining broadband
policy, not after
– Beware of ultra-wide bb: could mean ultra-wide abuse !
• Mechanisms for cooperation on cyber-security and
combating spam could include:
– Scholarships for postmasters and abuse managers
– Experts sent to localised training seminars
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 12
13. In conclusion…
• Too early to conclude !
• Spam unfortunately far from being extinct
• On vectors other than email, it is still to come
www . maawg . org
• Thank you ! info @ maawg . org
luc . mathan @ orange-ftgroup . fr
• MAAWG 9th general meeting
Jan 29-31, San Francisco, USA
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 13
14. MAAWG member roster as of Nov. 2006
• SPONSOR MEMBERS
• America Online
• Bell Canada • FULL MEMBERS
• BellSouth • 1&1 Internet AG • SUPPORTING MEMBERS
• AcquireWeb, Inc.; Adknowledge, Inc.
• AT&T
• Charter Communications Aladdin Knowledge Systems ; Alt-N
• Bizanga LTD
• Cloudmark, Inc. Technologies, Ltd ; BigHip ; CheetahMail,
An Experian Company ; Cincinnati Bell ;
• Cablevision
• Cingular Wireless Commtouch Software LTD ; Constant
• Internet Initiative Japan Contact ; Critical Path, Inc. ; Datran Media
• Comcast (IIJ) ; e-Dialog ; EastLink ; eleven GmbH ;
• Cox Communications EmailLabs ; ECO ; Epsilon Interactive ;
• Ironport Systems
ExactTarget, Inc ; F-Secure Corporation ;
• MX Logic
• Earthlink Habeas Inc. ; Insender Technologies Inc. ;
• O2 Lashback, LLC ; Mansell Group, Inc. ;
• France Telecom Message Level, LLC ; Message Systems ;
• Outblaze LTD
• Goodmail Systems Messagelabs ; Messaging Architects ;
• Return Path, Inc. Mirapoint Inc. ; MTS Allstream Inc. ;
• Microsoft Corporation Netsuite, Inc. ; Nextel Communications ;
• Rogers Cable NTL Group Ltd ; Perftech, Inc. ; Pivotal
• Openwave Systems • Sprint Veracity ; Premiere Global Services ;
• Time Warner Cable Responsys, Inc. ; RPost ; Salesforce.com
• Sun Microsystems, Inc. ; Sendmail, Inc. ; Singlefin ; SMobile
• Verizon Communications • Symantec Systems ; Sophos Plc ; StrongMail
Systems, Inc. ; Swisscom Fixnet LTD ;
• Telus
• Yahoo! Inc. TDC ; TDS Telecom ; ThinData ; Trend
Micro, Inc. ; Tucows Inc. ; Verisign Inc. ;
VistaPrint : Word To The Wise ; Yesmail ;
ZDirect, Inc.
ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 14