Economic incentives for more cooperation in fighting spam (new article on RIPE Labs)
Dear colleagues, John S. Quarterman and his team at the University of Texas is advocating more cooperation in fighting spam. They are building models for economic incentives for Internet mail providers. Read more on RIPE Labs: http://labs.ripe.net/content/cooperation-to-fight-spam The team is very interested to receive feedback from the RIPE community. Please note at the end of the article a list of specific questions and a forum we set up for further discussion. Kind Regards, Mirjam Kühne RIPE NCC
On Tuesday 06 July 2010 11.51, Mirjam Kuehne wrote:
Dear colleagues,
John S. Quarterman and his team at the University of Texas is advocating more cooperation in fighting spam. They are building models for economic incentives for Internet mail providers. Read more on RIPE Labs:
http://labs.ripe.net/content/cooperation-to-fight-spam
The team is very interested to receive feedback from the RIPE community. Please note at the end of the article a list of specific questions and a forum we set up for further discussion.
Kind Regards, Mirjam Kühne RIPE NCC
Nice initiative! RIPE could start with reorganizing it's lame anti-abuse group to a more specific anti-spam working group and start propagating already known facts to it's "customers". Such as "best practices for running broadband networks" or "securing mobile networks against spam" An active campain directed to all ripe "users" would be a good starting point, educating and spreading recepies of successful ways to prevent customers windows-computers of becoming spam-senders. This could be followed-up with statistics that pinpoints "sleazy ISP's" and lobbying with politicans to sharpen the lame legal tools that is available. In sweden as an example, it has been illegal since several years to send spam, but the only person that is assigned this task has ( to my knowledge ) not convicted a single spammer. I even have examples of so called it-security companies that has been sending spam for 3 yeárs ( using stolen or harvested addresses) We need to take the spam-problem seriously. It hurts out ability to use email, it steals our time and ressources. And it's a channel to even more serious crime. Ant now! -- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
Peter On 06/07/2010 22:17, peter h wrote:
RIPE could start with reorganizing it's lame anti-abuse group to a more specific anti-spam working group and start propagating already known facts to it's "customers".
It looks like you are confusing the RIPE NCC with the RIPE Community. If you want to reorganise the WG then you should put proposals to the community, not rant at a post fron an NCC staffer about work being done in the NCC labs. If you have formal proposals about the way forward for the Anti-Abuse WG then the community and the WG Chairs would like to hear them so that they can be developed and progressed. Remember the RIPE NCC !== The RIPE Community f
Peter, "peter h" wrote the following on 06/07/2010 22:17:
RIPE could start with reorganizing it's lame anti-abuse group to a more specific anti-spam working group and start propagating already known facts to it's "customers".
I'm very sorry that you feel that way about the working group but hopefully I can address some of your points. First off, as Fearghas has already pointed out, RIPE doesn't have any customers. The RIPE NCC has members, but the RIPE community, of which the AA-WG is a part has none. I suspect "participants" is the best word to use. At RIPE 55 it was agreed by the community that to focus on spam at this point was the wrong way to tackle the problem and so the group changed, both in name and charter, to become what it is now. I do not believe there is any strong feeling in the community to reverse that decision, nor do I think there is any organisational or technical reason to do so.
Such as "best practices for running broadband networks" or "securing mobile networks against spam"
The RIPE 409 document, while in need of updating, exists and more documentation is planned. Of course all of this will be produced by the community and we would welcome your input, especially if all of these facts are known.
An active campain directed to all ripe "users" would be a good starting point, educating and spreading recepies of successful ways to prevent customers windows-computers of becoming spam-senders.
This could be followed-up with statistics that pinpoints "sleazy ISP's" and lobbying with politicans to sharpen the lame legal tools that is available.
This is a lot of work, disregarding the ambiguity over the idea of a RIPE "user". It's also substantially more complicated than it may at first seem. The RIPE NCC, assisted by various members of the community, are already engaging with governments and LEAs around the world to educate, advise and to improve the experience for all Internet citizens. However if there are further activities that the members of the RIPE NCC feel they should pursue, these matters should be raised to the NCC and ultimately agreed by the membership.
We need to take the spam-problem seriously. It hurts out ability to use email, it steals our time and ressources. And it's a channel to even more serious crime.
Trust me, Richard and I as co-chairs of the WG and the good folks in the NCC, along with the community participants, take the problem of spam and all network abuse extremely seriously. We are always happy to talk about any initiatives that anyone may have to ease this issue, but such discussions are always easier once as much disambiguation and clarification as possible has taken place. Regards, Brian Co-chair, RIPE Anti-Abuse WG
Brian Nisbet <brian.nisbet@heanet.ie> wrote:
At RIPE 55 it was agreed by the community that to focus on spam at this point was the wrong way to tackle the problem and so the group changed, both in name and charter, to become what it is now. I do not believe there is any strong feeling in the community to reverse that decision, nor do I think there is any organisational or technical reason to do so.
I fully endorse that view, and everything else Brian wrote.
The RIPE NCC has members, but the RIPE community, of which the AA-WG is a part has none. I suspect "participants" is the best word to use.
I think what Peter meant there, was Internet users in the RIPE service region. Of which "participants" are, sadly, no more than a small subset. The point of the name-change was that we can no longer separate "pure" spam from the many other abusive activities that are needed to enable it, while spam itself is the conduit for other abusive and criminal activity. In other words, e-crime and abuse has become a self-sustaining eco-system. Since the AAWG membership elected Brian and myself as co-chairs, we have been working hard to identify what changes will need to take place for the RIPE community to become more pro-active in the fight against spam. Initially we found that there was a need for more (and more complete) information about the problem. So we have worked to bring to the AAWG workshops at the RIPE meetings, reports on the present threat level, and presentations from specialists in the community dealing with particular aspects of abuse. This will lay the foundations for what we need to do next - which I see as falling into two categories: (a) major rework on published documents such as RIPE 409 (and possibly the creation of new documents) to establish what actions are needed within the community to mitigate the threat from spam and malware. (b) introducing proposals (within the RIPE Policy Development Process) to make such adjustments as are needed in terms of how the community should manage its resources and information. I introduced some of those ideas during the meeting in Prague, hoping for some feedback from that audience on the relevance and deliverability of the ideas. Now we need to get started on the formal part of the processes. This will be the tricky bit. Almost everyone (except abusers) agrees that abuse needs to stop - but when it is pointed out that achieving that would involve changes in how each of them currently operates (and that in many cases requires resources and expenditure) their enthusiasm for "stopping spam" tends to rapidly diminish. We will have to see just how willing the RIPE community would be, to make the changes that are essential in order to reduce the prevalence of abuse. But in terms of resource abuse it's become clear that the RIPE community is seen as having rather more issues than any of the other regional communities. Let me be clear on one point: there are only two ways to stop spam and abuse: one is to make the cost and (perceived) risk to anyone sending spam or committing abuse, exceed the profits/benefits from so doing, and the other is to switch off the internet. -- Richard Cox The Other Co-chair, RIPE Anti-Abuse WG
On 8 Jul 2010, at 09:16, Richard Cox wrote:
Brian Nisbet <brian.nisbet@heanet.ie> wrote:
At RIPE 55 it was agreed by the community that to focus on spam at this point was the wrong way to tackle the problem and so the group changed, both in name and charter, to become what it is now. I do not believe there is any strong feeling in the community to reverse that decision, nor do I think there is any organisational or technical reason to do so.
I fully endorse that view, and everything else Brian wrote.
The RIPE NCC has members, but the RIPE community, of which the AA-WG is a part has none. I suspect "participants" is the best word to use.
I think what Peter meant there, was Internet users in the RIPE service region. Of which "participants" are, sadly, no more than a small subset.
The point of the name-change was that we can no longer separate "pure" spam from the many other abusive activities that are needed to enable it, while spam itself is the conduit for other abusive and criminal activity. In other words, e-crime and abuse has become a self-sustaining eco-system.
Very true Abuse of all types is interconnected. Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Thursday 08 July 2010 11:16:56 Richard Cox wrote:
Since the AAWG membership elected Brian and myself as co-chairs, we have been working hard to identify what changes will need to take place for the RIPE community to become more pro-active in the fight against spam. Initially we found that there was a need for more (and more complete) information about the problem. So we have worked to bring to the AAWG workshops at the RIPE meetings, reports on the present threat level, and presentations from specialists in the community dealing with particular aspects of abuse.
This alone can be a very good reason to attend RIPE meetings. It is an effort that should be sustained and extended. If worked properly the 2-hour timeslot in the meeting schedule will not be enough I guess :)
This will lay the foundations for what we need to do next - which I see as falling into two categories:
(a) major rework on published documents such as RIPE 409 (and possibly the creation of new documents) to establish what actions are needed within the community to mitigate the threat from spam and malware.
This is an area the WG can do much better I think. For example in my case, information about best current practices in minimizing spam originating from a provider's network was found elsewhere such as the MAAWG [1], ETIS [2] or ENISA [3] and of course various contacts with antispam vendors.
(b) introducing proposals (within the RIPE Policy Development Process) to make such adjustments as are needed in terms of how the community should manage its resources and information. I introduced some of those ideas during the meeting in Prague, hoping for some feedback from that audience on the relevance and deliverability of the ideas. Now we need to get started on the formal part of the processes.
This will be the tricky bit. Almost everyone (except abusers) agrees that abuse needs to stop - but when it is pointed out that achieving that would involve changes in how each of them currently operates (and that in many cases requires resources and expenditure) their enthusiasm for "stopping spam" tends to rapidly diminish.
Yes, this is a problem. However it can be also viewed as a chicken-and-egg problem. If the community produces specific results, corporate managements can be convinced to focus and address the issues with a higher priority. And speaking of managements, education plus having supportive documentation and "pressure" from a respected public community in an area can be of help.
We will have to see just how willing the RIPE community would be, to make the changes that are essential in order to reduce the prevalence of abuse. But in terms of resource abuse it's become clear that the RIPE community is seen as having rather more issues than any of the other regional communities.
Let me be clear on one point: there are only two ways to stop spam and abuse: one is to make the cost and (perceived) risk to anyone sending spam or committing abuse, exceed the profits/benefits from so doing, and the other is to switch off the internet.
Of course you are right. Kostas
-- Richard Cox The Other Co-chair, RIPE Anti-Abuse WG
[1] http://www.maawg.org/ [2] http://www.etis.org/ [3] http://www.enisa.europa.eu/
We will have to see just how willing the RIPE community would be, to make the changes that are essential in order to reduce the prevalence of abuse. Â But in terms of resource abuse it's become clear that the RIPE community is seen as having rather more issues than any of the other regional communities.
Let me be clear on one point: there are only two ways to stop spam and abuse: one is to make the cost and (perceived) risk to anyone sending spam or committing abuse, exceed the profits/benefits from so doing, and the other is to switch off the internet.
Of course you are right.
Partly yes, but there are more ways ... One is the make it easier to seperate good from the eval, standards like SPF or signed emails help a lot there and there are enough other methods in development out there ... Another way is to make providers more aware of there network leaks and abused customers PCs and to have them to take more responsibility. A general abuse address was addressed by my proposal only two month ago but it kind of failed, simply because nobody supported it and RIPE NCC will never invest in the their infrastructure and people resources, when there is no will in the community. (we even dont really know, if the community WANTs to solve the spam problem.) Its easy, when its cheaper for RIPEs members to stuff their holes, restrict their users, automate monitoring of abuse in their networks aso than reacting to all those abuse reports they currently CAN ignore, they will close their systems and this will make it much more complicated and surely more expensive to spammers, so it will reduce the problem, if we can force RIPEs members to take responsibility. And: a general abuse email address that HAS to be read and WORKED with IS a good first step. I dont think that the SPOF problem really exists, email is really robust, can be delivered via a lot of servers that are fail tolerant and can handle peeks. Bill Gates still receives eMails, and I dont want to know, how much Microsofts servers are attacked every day :o) Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
Kostas
-- Richard Cox The Other Co-chair, RIPE Anti-Abuse WG
[1] http://www.maawg.org/ [2] http://www.etis.org/ [3] http://www.enisa.europa.eu/
participants (8)
-
Brian Nisbet -
Fearghas McKay -
Frank Gadegast -
Kostas Zorbadelos -
Michele Neylon :: Blacknight -
Mirjam Kuehne -
peter h -
Richard Cox