[Afrispam-wg] paperwork

Jean Robert HOUNTOMEY hrobert at iservices.tg
Sat May 3 14:08:15 SAST 2008


Dear All,

to enable discussion on the list please find below a paper I draft to help 
us move in our wg.

Please fill free to make additions.

RH

-----------------------------------------------------------------------------------------------------------------------------

Context
---------

On 2nd May 2007 at the AfriNIC-6 meeting in Abuja Nigeria, anti-spam BOF 
(birds of a feather) meetings aimed at addressing specific issues related to 
spam that are faced by African networks.

Around July 2007 while blocking a customer network source of spam, the whole 
network 196.207.0.0/16 was blacklisted at UCEPROTECT Level 3 and this 
consists of different entities on different geographical locations managing 
& administering smaller subnets on this range.

The urgent need of an action in the developing countries against spam was 
pointed out during the Internet governance and WSIS discussions. Several 
areas are taking bigs steps leaving Africa far behind.

ITU is leading several meeting and discussions around the item" Countering 
spam"

Taking in consideration that African users and Network operators are already 
facing several problems and issues like bandwidth and access, education; 
while there seems to be a lack of initiatives in the AfriNic Service Region.

The AFRISPAM Working Group decided in AfriNic 07 meeting in Durban has been 
charted:

1 - to identify the problems related to spam and fighting spams in the 
AfriNIC
service Region

2 - to produce a report to AfriNic community at the AfriNic08 meeting

I. Background
---------------

The problem of 'spam' on the Internet is well known to every internet
user.

Spams cause many problems like severe technical and operational problems to
network operators and users, nuisances, phising, money etc .

The issues of spam are discussed worldwide and many organizations are trying
to tackle the problems.

The fight against spam is a worldwide multi-faces and multi-criteria issue

- bandwidth and connectivity issues
- lack of servers resources to deploy some conventional anti-spam solutions
-  difficulties to access precise information in fighting spasm
-  Some RBLs denying you exchanges with African Colleagues
-lack of financial incentives (Clients not willing to pay for anti-spam
solutions)
etc...
Some research made by industry solutions providers against Spam, come with 
the conclusion that much as 80% of e-mails circulating on the internet are 
estimated to be spam, and the threat is spreading to other technologies such 
as mobile phones and instant messaging services. A mere nuisance, spam has 
become a serious problem for individuals and businesses alike." As Besides 
clogging networks and facilitating the spread of fraudulent schemes, spam is 
a major factor in undermining trust in the Internet, thus slowing the growth 
of the digital economy.

I.1 what is spam
-----------------

Our goal here is not to give a standard definition of spams.

We are just pointing out some characteristics of what we identified as 
spams:
-  Sending of bulk, junk, often massive, of electronic messages most of the 
case not solicited and annoyance to users and administrators
-  Usage of E-mail, Mobile SMS, MMS,
- Causing security issues ((Mail Bombing, Viruses, Phishing, Scams, ID 
Theft.)
- causing lost of service, degradation in the performance o network 
resources and email gateways
- Most of time carring commercial, offensive and harmful content
- Developping a new low cost entry ecosystem, with hight profit, anonymity.

I.2. Challenges for African Network operators
-----------------------------------------------

African networks operators are facing several challenges due to spam.
- Security problems: spams are carrying several securities issues as we said 
previously. This increased servers' attacks for untrained network operators' 
staffs.
- Operation cost inflation: more investment where people need to deal with 
lack of financial resources to invest in filtering software, hardware, waste 
of bandwidth; people are using a huge amount of their high cost bandwidth to 
carry spam, need o more server and storage capacity.
- Some filtering tools on the net are not usable because they don't take in 
consideration the size of AfriNic network blocks. The recent issue with 
UCEPROTECT summarizes the problems a lot of African Network operators are 
facing using tools from outside.
- Unsatisfied customers
- Educational resources in trained staff
- Service degradation while having their gateways, networks blacklisted.
- While there is a lack of registration, service providers in Africa don't 
have any support from any entity where to send complaints or to find help in 
a collaborative environment.
- Are most of the times alone facing these common issues to all operators in 
the continent.

I.3. Challenges for users in Africa
----------------------------------

African network and internet are facing several issues:

- they are less protected and more vulnerable, most of the time alone in 
front of  problems caused to them
- they already have in optimized usage conditions small bandwidth and then 
have then bandwidth reduced
- their productivity is reduced, due to the annoyance of spams but also due 
to the fact that the have to spend times to clean spams in their mail before 
having the possibility to work. Added to that most of the time their systems 
performance are reduced.
- When their provider is blacklisted their work is blocked in countries 
where sometimes you have only one or few ISP
- Suffering from loss of message
Recognising that spam undermines confidence, which is a prerequisite for the 
information society and for the success of e-commerce; some areas required 
urgent attention.

III- Recommendations.
------------------------

While we agree that Spam is a much more serious issue in AfriNic service 
region as it is a heavy drain on resources that are scarcer and costlier 
than elsewhere, we submit the following overview of recommendations to face 
the spam issue in our region:

III.1. AfriNic as registry issue - AfriNic is the Internet Number registry 
or the region in charge of providing IP numbers and resources. AfriNic 
allocations policies are diferents from the policies in other
-----------------------------
regions of the world due to the small sizs of the networks in the regions.

For that:

1- an action needs to be made to RBL operators and operators of spams 
fighting tools in the world to make them aware of the size of the AfriNic 
Block in they want to reach and provide service to a lt of users. Africa is 
becoming a big place of business and is full of a lot of resources.
2- ISP and Network operators need to document correctly their network and to 
publish, document correctly their information in the AfriNic Database

III.2. Putting in place technical solutions - We are talking here about 
operational and technical issues. Several things need to be done:
-----------------------------------------
- Defining BCP for network operators, ISP and users
- Distribution of anti-spam tools for end user
- Reinforce awareness and capacity building by
- Training of ISP personnel in security and spam handling - ISP personnel in 
developing countries are, quite often, comparatively less skilled, not 
because of an actual lack of knowledge, but because they may not be as well 
trained in issues specific to practical systems and network administration, 
and tend not to remain abreast of current trends in their field of work, 
such as by participation in mailing lists, newsgroups and online discussion 
forums on these subjects.
- Formation of CSIRTs and CERTs - Computer Security and Incident Response 
Teams (CSIRTs) or Computer Emergency Response Teams (CERTs), at the 
organisational, national and regional levels help organize an effective and 
efficient response to individual computer security incidents, widespread 
security vulnerabilities (such as the spread of a worm or virus) and 
incident co-ordination throughout the region.
- Establishing Anti-spam Taskforce

III.3. Legal and collaboration issues, user education - The purpose is to 
discourage spammers from abusing networks to send out spam but also putting 
in place different mechanisms to educate users.
----------------------------------------------------
About Law
--------------

The purpose of law is to provide deterrence, retribution and education, and 
to use as weapons injunctions, money judgment and imprisonment

It will need

Coordination, regulation and arbitration authority
Implementation and enforcement mechanisms
Simple mechanisms for complaint deposit and reporting, Online reporting 
forms

Co-operation at all level - Government, Public sectors, private sectors, 
Businesses must reach out to ISPs and ISP associations, associations of 
computer users, such as local PC user groups, as well as
-------------------------
local ISOC Chapters that have a national presence and a focus on several ICT 
issues that are substantially congruent with other stakeholders in this 
issue.
User education - Massive and widespread public education and awareness 
campaigns, using simple and easy to understand material preferably in the 
local language.






More information about the Afrispam-wg mailing list