Telecom Spam Mathan Session2 08 Dec 06

356 views
329 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
356
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Telecom Spam Mathan Session2 08 Dec 06

  1. 1. Messaging Anti-Abuse Working Group ITU Telecom World 2006 Anti-Spam workshop Hong-Kong, December 8, 2006 Luc Mathan Co-chair Public Policy MAAWG Board of Directors www.maawg.org ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 1
  2. 2. =? • Private sector consortium • Not for profit • Network operators (ISPs, enterprises), senders, vendors • International coverage • Focuses on anti-abuse, currently anti-spam • Engages with standards, legislation, law enforcement • 3-pronged approach – Collaboration, technology, public policy ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 2
  3. 3. = + 70 more Objective: Preserve electronic messaging from online exploits and abuse – Stop abusive email, deliver legitimate email – Eliminate a great source of cost to • Society – Consumers – Employees – Businesses • Network operators – Experts – Infrastructure – Customer care ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 3
  4. 4. Role of private sector • Help forge and adhere to Best Practices – For ISPs – For senders • Cooperate with all stakeholders – Reach common understanding of the spam situation • Do our part on user education – Rule #1: Protect yourself (don't click, don't reply, don't buy from spam, etc) – Rule #2: Protect your computer (up-to-date anti-virus, firewall, patched OS, etc) – Rule #3: Report spam if possible ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 4
  5. 5. Best common practices for ISPs • Manage port 25 – Remember ~80% of spam is from botnets • Monitor inbound and outbound traffic – Anti-virus both ways • Block specific attachments – Known to contain malware • Rate limit outbound traffic • Implement available sender authentication protocols – SenderID, DKIM • Listen to complaints – From ISPs, RBLs, your customers • Quarantine infected customers – Direct to free scan&repair ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 5
  6. 6. Best common practices for ISPs (…) • Cut the botnet control link – Prevent PC-botnet communication by blocking appropriate ports • Avoid creating unnecessary email traffic – NDNs to forged addresses constitute a large part of spam • Close open proxies/relays – Exclusive usage of your SMTP servers to your customers • Use your IP space responsibly – Keep accurate Whois contact information • Ensure your IP reputation is good – Keep accurate DNS and reverse DNS records • Communicate your security policy • Etc. ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 6
  7. 7. Role of MAAWG Most preceding BP are known and referenced by national orgs, but … • Some BP need particular emphasis – MAAWG Recommendation on port 25 mgnt – MAAWG Code of Conduct for ISPs • Global references are also needed – MAAWG-BIAC BP for ISPs, for OECD Toolkit – MAAWG-APWG BP on Anti-Phishing • Non-local guidelines on technology are needed – Implementation guidelines for SPF/SenderID, DKIM • Need spam metrics coming from ISPs • Interlocutor for international governmental orgs ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 7
  8. 8. Email metrics programme • OECD request for data from ISPs • Program covers ~400 million mailboxes • Spam not defined, only quot;abusivequot; email • Number of quot;abusivequot; vs quot;okquot; email per mailbox 4Q2005 1Q2006 2Q2006 1009 1041 937 246 263 327 • Ratio abusive email / total received email 4Q2005 1Q2006 2Q2006 81% 80% 74% • BUT: warning of a spam increase since last report ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 8
  9. 9. Latest output • MAAWG Best Practices for senders – Underlying principles • Recipient prior consent • Protection of receiving infrastructure – Public review: deadline for comments 22 December 2006 • http://www.maawg.org/about/MAAWG_Senders_BCP • MAAWG Contact Database for members – Real time communication between ISPs • React to complaints from your neighbour – Tailored to each ISP's internal organisation • Data sharing on spam/virus attacks, compromised IPs, company legal contacts, etc – MAAWG gateway acting as trusted third party • No visible personal identification information ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 9
  10. 10. Legislation problems, one example • Nov. 06: German ct rules ISP must delete IP logs – Piracy vs privacy battle – Nothing to do with spam, but… – Cost/benefit ratio overlooked – Side-effects clearly neglected: attributability of spam or cybercrime (worse) impossible ! Focus on anti-spam legislation is not enough Also need to worry about whole Internet legislation ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 10
  11. 11. Other concerns • Whois database, ICANN – Do not sacrifice Whois purpose to commercial interests ! • More troublesome court cases – Spammer vs Spamhaus (US federal ct) • Etc. ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 11
  12. 12. Cooperation (ITU-D) • Experience in anti-spam is valuable (and we must share it), but it reflects a fundamentally flawed environment: Don't repeat mistakes of the past ! • Worry about security when defining broadband policy, not after – Beware of ultra-wide bb: could mean ultra-wide abuse ! • Mechanisms for cooperation on cyber-security and combating spam could include: – Scholarships for postmasters and abuse managers – Experts sent to localised training seminars ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 12
  13. 13. In conclusion… • Too early to conclude ! • Spam unfortunately far from being extinct • On vectors other than email, it is still to come www . maawg . org • Thank you ! info @ maawg . org luc . mathan @ orange-ftgroup . fr • MAAWG 9th general meeting Jan 29-31, San Francisco, USA ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 13
  14. 14. MAAWG member roster as of Nov. 2006 • SPONSOR MEMBERS • America Online • Bell Canada • FULL MEMBERS • BellSouth • 1&1 Internet AG • SUPPORTING MEMBERS • AcquireWeb, Inc.; Adknowledge, Inc. • AT&T • Charter Communications Aladdin Knowledge Systems ; Alt-N • Bizanga LTD • Cloudmark, Inc. Technologies, Ltd ; BigHip ; CheetahMail, An Experian Company ; Cincinnati Bell ; • Cablevision • Cingular Wireless Commtouch Software LTD ; Constant • Internet Initiative Japan Contact ; Critical Path, Inc. ; Datran Media • Comcast (IIJ) ; e-Dialog ; EastLink ; eleven GmbH ; • Cox Communications EmailLabs ; ECO ; Epsilon Interactive ; • Ironport Systems ExactTarget, Inc ; F-Secure Corporation ; • MX Logic • Earthlink Habeas Inc. ; Insender Technologies Inc. ; • O2 Lashback, LLC ; Mansell Group, Inc. ; • France Telecom Message Level, LLC ; Message Systems ; • Outblaze LTD • Goodmail Systems Messagelabs ; Messaging Architects ; • Return Path, Inc. Mirapoint Inc. ; MTS Allstream Inc. ; • Microsoft Corporation Netsuite, Inc. ; Nextel Communications ; • Rogers Cable NTL Group Ltd ; Perftech, Inc. ; Pivotal • Openwave Systems • Sprint Veracity ; Premiere Global Services ; • Time Warner Cable Responsys, Inc. ; RPost ; Salesforce.com • Sun Microsystems, Inc. ; Sendmail, Inc. ; Singlefin ; SMobile • Verizon Communications • Symantec Systems ; Sophos Plc ; StrongMail Systems, Inc. ; Swisscom Fixnet LTD ; • Telus • Yahoo! Inc. TDC ; TDS Telecom ; ThinData ; Trend Micro, Inc. ; Tucows Inc. ; Verisign Inc. ; VistaPrint : Word To The Wise ; Yesmail ; ZDirect, Inc. ITU Telecom World 06 – HK, 8 Dec. 2006 MAAWG slide 14

×