[NEW] Next meeting
The BPF's next meeting will take place on Tuesday 2 July 2015 at 21:00 UTC.
IGF 2015 Session
Spam continues to be a significant problem for Internet users, creating a burden for developing countries, networks, operators and all end users. High volumes of unsolicited email can cause significant impacts to regions with limited Internet access as well as raise concerns for all regions with the increasing malware infections that come from unwanted email. Unsolicited email may be magnified in developing countries, where high volumes of incoming and outgoing spam can cause a severe drain on the limited and costly bandwidth that is available in those regions.
Cooperation and partnerships among all stakeholders is needed to develop strategies and approaches to mitigating spam. For that reason, addressing the problem of spam requires a multistakeholder discussion and a framework of suggested approaches, including the need to engage governments in the discussion of how to reduce the threat and impact of spam globally.
This discussion with a panel of experts will focus on the “Regulation and mitigation of unwanted communications (e.g. "spam") draft outcome document and will include examples of best practices they use to address the proliferation of spam in their regions/country’s that might be useful to include in the draft as possible recommendations.
Output expected from the session would be review and consensus regarding the draft outcomes document, feedback on the text and indication of support for the for the recommendations and next steps that the report outlines
Videos and Transcripts
Regulation and Mitigation of Unwanted Communications (e.g. spam)
Session Panel Experts
Yiannis Theodorou – GSMA
Neil Schwartzman – Director of Cauce
Julia Cornwell McKean - Australian Communications and Media Authority
Betsy Broder – US Federal Trade Commission
Myla V. Pilao – Trend Micro
Ms. Cristine Hoeper – General Manager of CERT.br/NIC.br
Moderator and Remote Participant
Tobias Knecht - CEO | abusix GmbH and Co-Chair RIPE Anti-Abuse Working Group
Moderator
Karen Mulberry, Internet Society
Community
Join the Regulation and mitigation of unwanted communications in our Community Section
Lead Experts
- Lead-expert, Julia Cornwell McKean, Manager at Office of the Children's esafety Commissioner
- Cristine Hoepers, Manager CERT Brazil
- Neil Schwartzman, Director of Cauce
Resources
Documents referenced
Legislation
European Union Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML
United States
http://www.gpo.gov/fdsys/pkg/PLAW-108publ187/pdf/PLAW-108publ187.pdf
The Netherlands
http://wetten.overheid.nl/BWBR0009950/Hoofdstuk11/111/Artikel117/geldigheidsdatum_15-08-2014
Australia
http://www.comlaw.gov.au/Series/C2004A01214
http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00211.html
New Zealand
http://www.dia.govt.nz/services-anti-spam-index#three
Spam cases
OPTA - Dollarrevenue
http://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:CBB:2013:CA3716
Example of Microsoft takedown
http://www.microsoft.com/en-us/news/press/2013/jun13/06-05dcupr
HerbalKing
http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Results-and-Statistics?OpenDocument
Publications by international organisations
ITU (www.itu.int)
WCIT 12 press release
http://www.itu.int/net/pressoffice/press_releases/2012/92.aspx#.U-CQLWM2pDI
Draft of the future ITRs. ITU, WCIT 2012
http://www.itu.int/en/wcit-12/Documents/draft-future-itrs-public.pdf
ITU-D, STUDY GROUP 2 on "ICT applications, cybersecurity, emergency telecommunications and climate-change adaptation"
http://www.itu.int/net4/ITU-D/CDS/sg/index.asp?lg=1&sp=2014&stg=2
Countering spam: How to craft an effective anti-spam law. ITU Background paper by Matthew B. Prince
ITU Study on the Financial Aspects of Network Security: Malware and Spam. Johannes M. Bauer, Michel J. G. van Eeten, Tithi Chattopadhyay, Yuehua Wu (2008)
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects-of-malware-and-spam.pdf
Spam in the information society: building frameworks for international cooperation. Claudia Sarrocco
OECD (www.oecd.org)
Anti-Spam toolkit of recommended policies and measures (2006)
http://www.oecd.org/internet/consumer/36494147.pdf
2012 Anti-spam toolkit Review
‘Spam issues in developing countries’, Suresh Ramasubramanian (2005):
http://www.oecd.org/internet/ieconomy/34935342.pdf
‘The role of ISPs in botnet mitigation: an empirical analyses based on spam data’, Michel van Eeten, Johannes Bauer, Hadi Asghari, Shirin Tabatabaie (2010)
Internet Society (www.internetsociety.org)
What is spam?
http://www.internetsociety.org/doc/what-spam
Combating Spam: Policy, Technical and Industry Approaches (2012)
http://www.internetsociety.org/doc/combating-spam-policy-technical-and-industry-approaches
Internet Society: Combatting spam project
http://internetsociety.org/what-we-do/policy/combating-spam-project
Global Internet Report 2014. Open and Sustainable Access for All
http://www.internetsociety.org/sites/default/files/Global_Internet_Report_2014.pdf
APEC-TEL (http://www.apectelwg.org/)
APEC Principles for Action against Spam (2005)
African Union
African Union convention on cyber security and personal data protection (2014)
European Network and Information Security Agency (ENISA)
ENISA 2009 spam survey. Measures used by providers to reduce spam
http://www.internetsociety.org/sites/default/files/EU%202009%20spam%20survey.pdf
Botnets: Measurement, Detection, Disinfection and Defence (2011)
Costs of DNSSEC Deployment
Internet Engineering Task Force (http://www.ietf.org)
In the following several IETF Requests of Comments (RFC) and other publications related to spam mitigation are presented.
Anti-Spam Research Group
http://datatracker.ietf.org/rg/asrg/charter/
56th IETF Meeting - Anti-Spam Research Group (ASRG) Meeting Minutes
https://www.ietf.org/proceedings/56/asrg.htm
BCP 30 / RFC 2505: Anti-Spam Recommendations for SMTP MTAs
G. Lindberg. February 1999
http://tools.ietf.org/html/rfc2505
BCP 38 / RFC 2827: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson, D. Senie, May 2000
http://tools.ietf.org/html/rfc2827
RFC 2635: DON'T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*)
S. Hambridge, A. Lunde. June 1999 (INFORMATIONAL)
https://www.ietf.org/rfc/rfc2635.txt
RFC 3098: How to Advertise Responsibly Using E-Mail and Newsgroups or - how NOT to $$$$$ MAKE ENEMIES FAST! $$$$$
T. Gavin, D. Eastlake 3rd, S.Hambridge. April 2001
http://tools.ietf.org/html/rfc3098
RFC 4406: Sender ID: Authenticating E-Mail
J. Lyon, M. Wong, April 2006
http://tools.ietf.org/html/rfc4406
RFC 4407: Purported Responsible Address in E-Mail Messages
J. Lyon. April 2006. (EXPERIMENTAL)
http://www.ietf.org/rfc/rfc4407.txt
RFC 4408 Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1
M. Wong, W. Schlitt. April 2006. (Obsoleted by RFC7208) (Updated by RFC6652) (EXPERIMENTAL)
http://www.ietf.org/rfc/rfc4408.txt
RFC 4870 Domain-Based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys). M. Delany. May 2007. (Obsoleted by RFC4871) (HISTORIC)
http://www.ietf.org/rfc/rfc4870.txt
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures
E. Allman, J. Callas, M. Delany, M. Libbey, J. Fenton, M. Thomas. May 2007. (Obsoletes RFC4870) (Obsoleted by RFC6376) (Updated by RFC5672) (PROPOSED STANDARD)
http://www.ietf.org/rfc/rfc4871.txt
RFC 4686: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
J. Fenton, September 2006
http://tools.ietf.org/html/rfc4686
RFC 5016 Requirements for a DomainKeys Identified Mail (DKIM) Signing Practices Protocol
M. Thomas. October 2007. (INFORMATIONAL)
http://www.ietf.org/rfc/rfc5016.txt
BCP 134 / RFC 5068: Email Submission Operations: Access and Accountability Requirements
C. Hutzler, D. Crocker, P. Resnick, E. Allman, T. Finch. November 2007
http://tools.ietf.org/html/rfc5068
RFC 5451 Message Header Field for Indicating Message Authentication Status
M. Kucherawy. April 2009. (Obsoleted by RFC7001) (Updated by RFC6577) (PROPOSED STANDARD)
http://tools.ietf.org/html/rfc5451
RFC 5518 Vouch By Reference
P. Hoffman, J. Levine, A. Hathcock. April 2009. (PROPOSED STANDARD)
http://tools.ietf.org/html/rfc5518
RFC 5617: DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)
E. Allman, J. Fenton, M. Delany, J. Levine. August 2009
http://tools.ietf.org/html/rfc5617
RFC 5672 RFC 4871 DomainKeys Identified Mail (DKIM) Signatures – Update
D. Crocker, Ed.. August 2009. (Obsoleted by RFC6376) (Updates RFC4871) (PROPOSED STANDARD)
http://tools.ietf.org/html/rfc5672
RFC 5782 DNS Blacklists and Whitelists.
J. Levine. February 2010. (INFORMATIONAL)
http://tools.ietf.org/html/rfc5782
RFC 5863: DomainKeys Identified Mail (DKIM) Development, Deployment and Operations
T. Hansen, E. Siegel, P. Hallam-Baker, D. Crocker. May 2010
http://tools.ietf.org/html/rfc5863
RFC 6108: Comcast's Web Notification System Design
C. Chung, A. Kasyanov, J. Livingood, N. Mody, B. Van Lieu, February 2011
http://tools.ietf.org/html/rfc6108
RFC 6376: DomainKeys Identified Mail (DKIM) Signatures
D. Crocker, Ed., T. Hansen, Ed., M. Kucherawy, Ed. September 2011
http://tools.ietf.org/html/rfc6376
RFC 6377 DomainKeys Identified Mail (DKIM) and Mailing Lists
M. Kucherawy. September 2011. (Also BCP0167) (BEST CURRENT PRACTICE)
http://tools.ietf.org/html/rfc6377
STD 72 / RFC 6409: Message Submission for Mail
R. Gellens, J. Klensin. November 2011
http://tools.ietf.org/html/rfc6409
RFC 6471 Overview of Best Email DNS-Based List (DNSBL) Operational Practices
C. Lewis, M. Sergeant. January 2012. (INFORMATIONAL)
http://tools.ietf.org/html/rfc6471
RFC 6541 DomainKeys Identified Mail (DKIM) Authorized Third-Party Signatures
M. Kucherawy. February 2012. (EXPERIMENTAL)
http://tools.ietf.org/html/rfc6541
RFC 6651 Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting
M. Kucherawy. June 2012. (PROPOSED STANDARD)
http://tools.ietf.org/html/rfc6651
RFC 6652 Sender Policy Framework (SPF) Authentication Failure Reporting (Updates RFC4408) (PROPOSED STANDARD)
Using the Abuse Reporting Format. S. Kitterman. June 2012.
http://tools.ietf.org/html/rfc6652
RFC 6561: Recommendations for the Remediation of Bots in ISP Networks
J. Livingood, N. Mody, M. O'Reirdan, March 2012
http://tools.ietf.org/html/rfc6561
RFC 7001 Message Header Field for Indicating Message Authentication Status.
M. Kucherawy. September 2013. (Obsoletes RFC5451, RFC6577) (PROPOSED STANDARD)
http://tools.ietf.org/html/rfc7001
Anti-Phishing Working Group (www.antiphishing.org)
1st quarter 2014 report
http://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf
Accredited Reporter Data Submission Program
http://docs.apwg.org/reports/Accredited_Reporter_Intro_and_Application.pdf
Examples of spam metrics (reports)
http://blog.trendmicro.com/trendlabs-security-intelligence/1h-2014-spam-attacks-and-trends/
http://www.m3aawg.org/system/files/M3AAWG%20Animesh%20bansriyar_0.pdf
http://www.spamcop.net/spamgraph.shtml?spamyear
http://www.senderbase.org/static/spam/#tab=1
Overview of anti-spam techniques
http://en.wikipedia.org/wiki/Anti-spam_techniques
http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf
http://en.wikipedia.org/wiki/Email_filtering
DomainKeys Identified Mail (DKIM)
Domain-based Message Authentication, Reporting & Conformance - DMARC
Overviews of countries with anti-spam legislation
http://en.wikipedia.org/wiki/Email_spam_legislation_by_country
Example of direct marketing code of conduct
http://www.dma.org.uk/the-dma-code
Examples of national anti-botnet support and/or reporting centres
https://www.abuseinformationexchange.nl/
https://portal.aisi.acma.gov.au
Spam reporting (websites)
This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.ftccomplaintassistant.gov/#crnt&panel1-1
http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Anti-Spam-Complain-About-Spam
http://www.acma.gov.au/Citizen/Take-action/Complaints/Spam-complaints
Relevant websites
http://www.londonactionplan.org
http://www.dia.govt.nz/services-anti-spam-index
Background research
‘A Two-Tiered Registry System to Regulate Spam’, Shelley Cobos (2003):
http://www.lawtechjournal.com/articles/2003/05_031005_cobos.php
‘The Cost Impact of Spam Filters: Measuring the Effect of Information System Technologies in Organizations’: Marco Caliendo, Michel Clement, Dominik Papies, Sabine Scheel-Kopeinig (2008)
‘National Cyber Crime and Online Threat Analyses Centres. A study into national and international cooperation’: Wout de Natris (2012)
https://woutdenatris.files.wordpress.com/2012/09/online-threats-report-17-09-2012.pdf
‘Best Practices to Address Online and Mobile Threats’: Members of London Action Plan and MAAWG (2012)
Spamhaus spam definition
http://www.spamhaus.org/consumer/definition/
DDOS attack on Spamhaus
https://en.wikipedia.org/wiki/The_Spamhaus_Project#CyberBunker_dispute_and_DDoS_attack
‘Preparing the ground for the West-Africa Internet Governance Forum: A review of Internet public policy interests and processes in selected countries in the region’, Ben Akoh, Bjørnar Egede-Nissen, Don MacLean and Heather Creech (2011):
http://www.iisd.org/pdf/2011/preparing_the_ground_west_africa_internet_gov.pdf
‘Spam and Internet Abuse in India. A brief history’, Suresh Ramasubramanian, Pranesh Prakash (
http://cybersummit.info/sites/cybersummit.info/files/srs-ewi-paper-final.pdf
Interview with Julia Cornwell McKean, ACMA
http://www.computerworld.com.au/article/552398/acma_wants_dump_outdated_spam_code/
‘Community attitudes to unsolicited communications’, ACMA (2012)
http://www.acma.gov.au/theACMA/newspoll-report-community-attitudes-to-unsolicited-communications
ACMA blog on direct marketing
www.acma.gov.au/emarketingblog
‘Spam: How it is hurting email and degrading life on the Internet’, Deborah Fallows (2003)
‘From Telegraph (1914) to Twitter (2014) - Are There Lessons to Be Learned?’, Jovan Kurbalija
Brasil’s anti-spam efforts are gathered here:
Books on spam
‘Spam Wars: Our Last Best Chance to Defeat Spammers, Scammers & Hackers’ – January 1, 2010
by Danny Goodman
‘Spam Kings: The Real Story behind the High-Rolling Hucksters Pushing Porn, Pills, and %*@)# Enlargements’– September 1, 2004, by Brian S. McWilliams (Author)
‘Inside the SPAM Cartel: By Spammer-X’ November 13, 2004
‘Spam: A Shadow History of the Internet (Infrastructures)’– March 29, 2013 by Finn Brunton (Author)
‘419’ – August 27, 2013 by Will Ferguson (Author)