Anti-spam measures

2 Jan 1998

      The below is a belated summary of the the discussion of spamming
on the lir-wg list soon after RIPE 28.  I'm copying it to John 
Martin of TERENA as input to the BoF he is kindly organising
during RIPE 29 later this month.

Regards and happy new year.

Mike Norris

There was broad consensus that:

	- spammers can be clever and operate professionally

	- they can forge e-mail, IP addresses, even routes

	- they constitute at least a nuisance to users

	- they use inordinate levels of network and CPU
	  resource without any charge

	- in some cases, the volume of traffic they generate
	  impacts seriously on the performance of a network

There were many calls for concerted action, for ISPs to back each
other up, even for RIPE to take legal action against spammers.
When it came to specifics, there were some points of good practice 
which were generally accepted and from which all could
benefit.  These included:

	- filter inbound routes on AS
 	  (lest spammers inject false routes and mail from the
 	  corresponding IP addresses)

	- configure sendmail to do relay only for specified hosts
	  (to prevent spammers from using your mail server as a
 	  relay for spamming)
		- no-relay patches on http://www.sendmail.org/

	- use sendmail patches to check From and To addresses

	- tighten up rules (and enforce them) for domain 
	  registration/de-registration

	- implement and enforce AUP and peering agreements

	- make address harvesting difficult e.g. www.e-scrub.com/wpoison

Other anti-spamming defences, from the point of view of the recipient, 
included:

	- a daemon that checks the incoming mail queue for certain 
	  patterns of use, domains, volume of messages, etc. If a
 	  spam is detected, the daemon blocks reception of packets 
	  from the address/domain originating the spam for about 
	  15 minutes.  After that the reception is restored.

	- blocking SMTP access to bogus domains and addresses
	  (not just CyberPromo)

	- accept the spam mail and don't deliver it

On the supply side, too, ISPs suggested a range of measures to
thwart spammers in their efforts to send bulk e-mail.

	- charge per item for delivery of e-mail with advertising
	  material in it

	- regulate the number of RCPTs from a given MAIL FROM value
	  (but how to authenticate the MAIL FROM value used?)

	- force dialup customers to use their ISPs SMTP relay,
	  validate MAIL FROM value, check for forged headers,
	  check sender identity

There were those too who said that selective filtering, route
denial and other practices by ISPs were not the way to go.  Just
because these were technically possible did not mean they had to
be used; to do so could set a dangerous precedent which could be 
invoked in the future by outside agencies set on "controlling"
the Internet.  Rather, the users should be enabled to do their own
filtering and many providers are equipping them with the means
to do so.

It is difficult, having seen the range of opinions expressed, 
to see a consensus about concerted action involving intervention 
in the mail transport mechanism, even in the European region.
of spammers and dynamically blocking their routes, both of which 
are technically possible and already implemented in places.
On balance however, it seems that the considered view is on the side
of "freedom of speech".  

Whatever, people felt that European ISPs should act in concert
and should adopt a common set of technical and administrative
anti-spam measures.  These would start with those listed above
and might also include:

	- Set up a mailing list for LIR postmasters

	- Use digital signatures, with trusted SMTP servers

	- For dialup access, use TACACS+

Legal action, too, had its proponents and opponents.  Instances
of courts in Europe and USA finding against spammers were given,
and used to suggest that RIPE might even take up legal cudgels
against spammers and on behalf of its clients.  As against this,
there is the argument that the industry should be self-regulated,
and that it should protect itself against itself.  RIPE and the 
NCC have successfully adopted this approach to deal with IP
address registration and other activities in Europe.

Contributors to the discussion were:

James Aldridge		Sebastian Andersson 	Peppino Anselmi 
Alex Bligh 		Adrian Bool 		Pedro Ramalho Carlos
Mickey Coggins 	Edgar Danielyan		Jorgen Ericsson
Ina Faye-Lund 		Clive D.W. Feather	Kevin Ferguson 
Michael Ferioli		gert@Space.Net	Geert Jan de Groot
Stephan Hermann 	Nick Hilliard 		Keith C. Howell
Miroslaw Jaworski	Poul-Henning Kamp 	Daniel Karrenberg
Mihkel Kraav 		Andres Kroonmaa	Simon Leinen 
Maarten E. Linthorst	Javier Llopis		Neil J. McRae
Andre Oppermann	Chris Panayis 		Morten Reistad
Matt Ryan 		Luis Miguel Sequeira 	Paul Thornton 
Mario Valente 		Espen Vestre 		Francois Weil
Toby Williams