[Afrispam-wg] paperwork
Jean Robert HOUNTOMEY
hrobert at iservices.tg
Sat May 3 14:08:15 SAST 2008
Dear All,
to enable discussion on the list please find below a paper I draft to help
us move in our wg.
Please fill free to make additions.
RH
-----------------------------------------------------------------------------------------------------------------------------
Context
---------
On 2nd May 2007 at the AfriNIC-6 meeting in Abuja Nigeria, anti-spam BOF
(birds of a feather) meetings aimed at addressing specific issues related to
spam that are faced by African networks.
Around July 2007 while blocking a customer network source of spam, the whole
network 196.207.0.0/16 was blacklisted at UCEPROTECT Level 3 and this
consists of different entities on different geographical locations managing
& administering smaller subnets on this range.
The urgent need of an action in the developing countries against spam was
pointed out during the Internet governance and WSIS discussions. Several
areas are taking bigs steps leaving Africa far behind.
ITU is leading several meeting and discussions around the item" Countering
spam"
Taking in consideration that African users and Network operators are already
facing several problems and issues like bandwidth and access, education;
while there seems to be a lack of initiatives in the AfriNic Service Region.
The AFRISPAM Working Group decided in AfriNic 07 meeting in Durban has been
charted:
1 - to identify the problems related to spam and fighting spams in the
AfriNIC
service Region
2 - to produce a report to AfriNic community at the AfriNic08 meeting
I. Background
---------------
The problem of 'spam' on the Internet is well known to every internet
user.
Spams cause many problems like severe technical and operational problems to
network operators and users, nuisances, phising, money etc .
The issues of spam are discussed worldwide and many organizations are trying
to tackle the problems.
The fight against spam is a worldwide multi-faces and multi-criteria issue
- bandwidth and connectivity issues
- lack of servers resources to deploy some conventional anti-spam solutions
- difficulties to access precise information in fighting spasm
- Some RBLs denying you exchanges with African Colleagues
-lack of financial incentives (Clients not willing to pay for anti-spam
solutions)
etc...
Some research made by industry solutions providers against Spam, come with
the conclusion that much as 80% of e-mails circulating on the internet are
estimated to be spam, and the threat is spreading to other technologies such
as mobile phones and instant messaging services. A mere nuisance, spam has
become a serious problem for individuals and businesses alike." As Besides
clogging networks and facilitating the spread of fraudulent schemes, spam is
a major factor in undermining trust in the Internet, thus slowing the growth
of the digital economy.
I.1 what is spam
-----------------
Our goal here is not to give a standard definition of spams.
We are just pointing out some characteristics of what we identified as
spams:
- Sending of bulk, junk, often massive, of electronic messages most of the
case not solicited and annoyance to users and administrators
- Usage of E-mail, Mobile SMS, MMS,
- Causing security issues ((Mail Bombing, Viruses, Phishing, Scams, ID
Theft.)
- causing lost of service, degradation in the performance o network
resources and email gateways
- Most of time carring commercial, offensive and harmful content
- Developping a new low cost entry ecosystem, with hight profit, anonymity.
I.2. Challenges for African Network operators
-----------------------------------------------
African networks operators are facing several challenges due to spam.
- Security problems: spams are carrying several securities issues as we said
previously. This increased servers' attacks for untrained network operators'
staffs.
- Operation cost inflation: more investment where people need to deal with
lack of financial resources to invest in filtering software, hardware, waste
of bandwidth; people are using a huge amount of their high cost bandwidth to
carry spam, need o more server and storage capacity.
- Some filtering tools on the net are not usable because they don't take in
consideration the size of AfriNic network blocks. The recent issue with
UCEPROTECT summarizes the problems a lot of African Network operators are
facing using tools from outside.
- Unsatisfied customers
- Educational resources in trained staff
- Service degradation while having their gateways, networks blacklisted.
- While there is a lack of registration, service providers in Africa don't
have any support from any entity where to send complaints or to find help in
a collaborative environment.
- Are most of the times alone facing these common issues to all operators in
the continent.
I.3. Challenges for users in Africa
----------------------------------
African network and internet are facing several issues:
- they are less protected and more vulnerable, most of the time alone in
front of problems caused to them
- they already have in optimized usage conditions small bandwidth and then
have then bandwidth reduced
- their productivity is reduced, due to the annoyance of spams but also due
to the fact that the have to spend times to clean spams in their mail before
having the possibility to work. Added to that most of the time their systems
performance are reduced.
- When their provider is blacklisted their work is blocked in countries
where sometimes you have only one or few ISP
- Suffering from loss of message
Recognising that spam undermines confidence, which is a prerequisite for the
information society and for the success of e-commerce; some areas required
urgent attention.
III- Recommendations.
------------------------
While we agree that Spam is a much more serious issue in AfriNic service
region as it is a heavy drain on resources that are scarcer and costlier
than elsewhere, we submit the following overview of recommendations to face
the spam issue in our region:
III.1. AfriNic as registry issue - AfriNic is the Internet Number registry
or the region in charge of providing IP numbers and resources. AfriNic
allocations policies are diferents from the policies in other
-----------------------------
regions of the world due to the small sizs of the networks in the regions.
For that:
1- an action needs to be made to RBL operators and operators of spams
fighting tools in the world to make them aware of the size of the AfriNic
Block in they want to reach and provide service to a lt of users. Africa is
becoming a big place of business and is full of a lot of resources.
2- ISP and Network operators need to document correctly their network and to
publish, document correctly their information in the AfriNic Database
III.2. Putting in place technical solutions - We are talking here about
operational and technical issues. Several things need to be done:
-----------------------------------------
- Defining BCP for network operators, ISP and users
- Distribution of anti-spam tools for end user
- Reinforce awareness and capacity building by
- Training of ISP personnel in security and spam handling - ISP personnel in
developing countries are, quite often, comparatively less skilled, not
because of an actual lack of knowledge, but because they may not be as well
trained in issues specific to practical systems and network administration,
and tend not to remain abreast of current trends in their field of work,
such as by participation in mailing lists, newsgroups and online discussion
forums on these subjects.
- Formation of CSIRTs and CERTs - Computer Security and Incident Response
Teams (CSIRTs) or Computer Emergency Response Teams (CERTs), at the
organisational, national and regional levels help organize an effective and
efficient response to individual computer security incidents, widespread
security vulnerabilities (such as the spread of a worm or virus) and
incident co-ordination throughout the region.
- Establishing Anti-spam Taskforce
III.3. Legal and collaboration issues, user education - The purpose is to
discourage spammers from abusing networks to send out spam but also putting
in place different mechanisms to educate users.
----------------------------------------------------
About Law
--------------
The purpose of law is to provide deterrence, retribution and education, and
to use as weapons injunctions, money judgment and imprisonment
It will need
Coordination, regulation and arbitration authority
Implementation and enforcement mechanisms
Simple mechanisms for complaint deposit and reporting, Online reporting
forms
Co-operation at all level - Government, Public sectors, private sectors,
Businesses must reach out to ISPs and ISP associations, associations of
computer users, such as local PC user groups, as well as
-------------------------
local ISOC Chapters that have a national presence and a focus on several ICT
issues that are substantially congruent with other stakeholders in this
issue.
User education - Massive and widespread public education and awareness
campaigns, using simple and easy to understand material preferably in the
local language.
More information about the Afrispam-wg
mailing list