[Afrispam-wg] paperwork

[Graham Beneke]

Hi All

I have been struggling to set time aside to put my ideas down in writing 
following the discussions we had at AfriNIC-7.

Here in South Africa we are struggling as much (perhaps more) as 
everyone else in the AfriNIC region with the issues of spam. Despite 
that the ISPA (South Africa) Antispam working group only managed to get 
some of the stakeholders together in a room for a meeting for the first 
time last month.

I do not think that we should underestimate the problem of spam but I 
think that spreading our efforts out on many strategies is not going to 
be productive. We need to identify 5 or so key aspects that we want to 
look at first.

I will share some of my thoughts as well as some points raised at ISPA's 
Antispam meeting.

Jean Robert HOUNTOMEY wrote:
> I.1 what is spam
> -----------------
> 
> Our goal here is not to give a standard definition of spams.
> 

To the contrary. While the exact definition of what is spam is difficult 
and has been the source of major debate on many forums - there is no way 
that we can be dealing with a problem that we have not in fact defined.

The basic definition that I use is as follows:
If the recipient of the mail feels offended by an email or does not wish 
to receive an email and makes a complaint about receiving it then it is 
spam.

It is important to note that one mail may be spam to one person and 
legitimate mail to another. This makes filtering spam more complicated 
but broadly covers the needs in terms of disciplining spammers that 
exist on our networks.

> I.2. Challenges for African Network operators
> -----------------------------------------------
> 
> African networks operators are facing several challenges due to spam.
> - Security problems: spams are carrying several securities issues as we 
> said previously. This increased servers' attacks for untrained network 
> operators' staffs.
> - Operation cost inflation: more investment where people need to deal 
> with lack of financial resources to invest in filtering software, 
> hardware, waste of bandwidth; people are using a huge amount of their 
> high cost bandwidth to carry spam, need o more server and storage capacity.
> - Some filtering tools on the net are not usable because they don't take 
> in consideration the size of AfriNic network blocks. The recent issue 
> with UCEPROTECT summarizes the problems a lot of African Network 
> operators are facing using tools from outside.
> - Unsatisfied customers
> - Educational resources in trained staff
> - Service degradation while having their gateways, networks blacklisted.
> - While there is a lack of registration, service providers in Africa 
> don't have any support from any entity where to send complaints or to 
> find help in a collaborative environment.
> - Are most of the times alone facing these common issues to all 
> operators in the continent.

I don't think that we can claim that any of these problems are uniquely 
African.

I think that the most pertinent point is education and knowledge - of 
everyone from the end users through to the sysadmins. We are not going 
to be able to educate the entire continent so this needs to be occurring 
at a country or city level. Local workshops where mail admins from 
different organizations can get together and discuss experiences and 
ideas would go a long way in distributing knowledge. Perhaps some guest 
speakers could be brought in to discuss some advanced topics.

It is however up to the regional bodies in each country or city to drive 
this. We are not going to be able to reach enough of the people that 
need the knowledge through AfriNIC regional meetings.

> I.3. Challenges for users in Africa
> ----------------------------------

Once again - I don't feel that these are uniquely African issues and I 
feel that we need to be making an effort to share our knowledge to 
reduce the effect on our users.

> III- Recommendations.
> ------------------------
> 
> 1- an action needs to be made to RBL operators and operators of spams 
> fighting tools in the world to make them aware of the size of the 
> AfriNic Block in they want to reach and provide service to a lt of 
> users. Africa is becoming a big place of business and is full of a lot 
> of resources.

You keep mentioning this issue of the RBL's. I highly doubt that we will 
get any policy changes out of the RBL's or antispam vendors.

The harsh reality is that if IP's are being blacklisted then there is 
spam originating from those IP's that is not being effectively 
controlled and someone has to be taking responsibility for that. It 
ultimately rests in the network operators hands to manage their network 
and disconnect any users or systems that are abusing their resources.

> 2- ISP and Network operators need to document correctly their network 
> and to publish, document correctly their information in the AfriNic 
> Database

This I can agree with. Far too many operators have invalid and/or 
outdated details listed in the whois and if they are not contactable 
then they will often not receive any sympathy when they become blacklisted.

> III.2. Putting in place technical solutions - We are talking here about 
> operational and technical issues. Several things need to be done:
> -----------------------------------------
> - Defining BCP for network operators, ISP and users

Yes

> - Distribution of anti-spam tools for end user

No - that is up to the individual operators to package with their 
products. I don't think this wg has any place trying to do that.

> - Reinforce awareness and capacity building by
> - Training of ISP personnel in security and spam handling

Once again the training thing - I would prefer to call it knowledge 
sharing. There is no university degree that you can take in spam 
prevention. People need to be coming together in their own regions and 
discussing their experiences and sharing their solutions.

> - Formation of CSIRTs and CERTs - Computer Security and Incident 

I think this would follow naturally out of the knowledge sharing 
workshops and is something that was discussed at the ISPA Antispam meeting.

Once the 'spam fighters' of the different organizations get together and 
meet face-to-face it become much easier for them to work together when 
responding to incidents.

> - Establishing Anti-spam Taskforce

To do what?

> ----------------------------------------------------
> About Law
> --------------
> 
> The purpose of law is to provide deterrence, retribution and education, 
> and to use as weapons injunctions, money judgment and imprisonment

The law should be deterring spammers and its not. The developments on 
the internet unfortunately seem to continuously outrun that processes 
for developing laws.

Every country (South Africa included) needs to have effective laws in 
place to deal with spammers within its borders before we can ever 
consider trying prosecute across borders.

> Simple mechanisms for complaint deposit and reporting, Online reporting 
> forms

This is far from trivial. I would suggest that local industry bodies (eg 
ISPA's) consider providing platforms for members to share information 
about complaints in their local areas.

ISPA South Africa has been exploring this internally but it is still far 
from ready for general public use.

> User education - Massive and widespread public education and awareness 
> campaigns, using simple and easy to understand material preferably in 
> the local language.

I have not been able to effectively educate even 10% of my own client 
base about the issues around spam. In many cases they just don't care. 
They want spam gone and they feel that this responsibility rests 
entirely on the operators. This will be a long walk.



I hope that you can make use of my comments.

regards

-- 
Graham Beneke
Apolix Internet Services
E-Mail/MSN/Jabber: graham at apolix.co.za   Skype: grbeneke
VoIP: 087-750-5696                       Cell: 082-432-1873
http://www.apolix.co.za/