graham-ml at apolix.co.za
Wed May 21 00:38:26 SAST 2008
I have been struggling to set time aside to put my ideas down in writing
following the discussions we had at AfriNIC-7.
Here in South Africa we are struggling as much (perhaps more) as
everyone else in the AfriNIC region with the issues of spam. Despite
that the ISPA (South Africa) Antispam working group only managed to get
some of the stakeholders together in a room for a meeting for the first
time last month.
I do not think that we should underestimate the problem of spam but I
think that spreading our efforts out on many strategies is not going to
be productive. We need to identify 5 or so key aspects that we want to
look at first.
I will share some of my thoughts as well as some points raised at ISPA's
Jean Robert HOUNTOMEY wrote:
> I.1 what is spam
> Our goal here is not to give a standard definition of spams.
To the contrary. While the exact definition of what is spam is difficult
and has been the source of major debate on many forums - there is no way
that we can be dealing with a problem that we have not in fact defined.
The basic definition that I use is as follows:
If the recipient of the mail feels offended by an email or does not wish
to receive an email and makes a complaint about receiving it then it is
It is important to note that one mail may be spam to one person and
legitimate mail to another. This makes filtering spam more complicated
but broadly covers the needs in terms of disciplining spammers that
exist on our networks.
> I.2. Challenges for African Network operators
> African networks operators are facing several challenges due to spam.
> - Security problems: spams are carrying several securities issues as we
> said previously. This increased servers' attacks for untrained network
> operators' staffs.
> - Operation cost inflation: more investment where people need to deal
> with lack of financial resources to invest in filtering software,
> hardware, waste of bandwidth; people are using a huge amount of their
> high cost bandwidth to carry spam, need o more server and storage capacity.
> - Some filtering tools on the net are not usable because they don't take
> in consideration the size of AfriNic network blocks. The recent issue
> with UCEPROTECT summarizes the problems a lot of African Network
> operators are facing using tools from outside.
> - Unsatisfied customers
> - Educational resources in trained staff
> - Service degradation while having their gateways, networks blacklisted.
> - While there is a lack of registration, service providers in Africa
> don't have any support from any entity where to send complaints or to
> find help in a collaborative environment.
> - Are most of the times alone facing these common issues to all
> operators in the continent.
I don't think that we can claim that any of these problems are uniquely
I think that the most pertinent point is education and knowledge - of
everyone from the end users through to the sysadmins. We are not going
to be able to educate the entire continent so this needs to be occurring
at a country or city level. Local workshops where mail admins from
different organizations can get together and discuss experiences and
ideas would go a long way in distributing knowledge. Perhaps some guest
speakers could be brought in to discuss some advanced topics.
It is however up to the regional bodies in each country or city to drive
this. We are not going to be able to reach enough of the people that
need the knowledge through AfriNIC regional meetings.
> I.3. Challenges for users in Africa
Once again - I don't feel that these are uniquely African issues and I
feel that we need to be making an effort to share our knowledge to
reduce the effect on our users.
> III- Recommendations.
> 1- an action needs to be made to RBL operators and operators of spams
> fighting tools in the world to make them aware of the size of the
> AfriNic Block in they want to reach and provide service to a lt of
> users. Africa is becoming a big place of business and is full of a lot
> of resources.
You keep mentioning this issue of the RBL's. I highly doubt that we will
get any policy changes out of the RBL's or antispam vendors.
The harsh reality is that if IP's are being blacklisted then there is
spam originating from those IP's that is not being effectively
controlled and someone has to be taking responsibility for that. It
ultimately rests in the network operators hands to manage their network
and disconnect any users or systems that are abusing their resources.
> 2- ISP and Network operators need to document correctly their network
> and to publish, document correctly their information in the AfriNic
This I can agree with. Far too many operators have invalid and/or
outdated details listed in the whois and if they are not contactable
then they will often not receive any sympathy when they become blacklisted.
> III.2. Putting in place technical solutions - We are talking here about
> operational and technical issues. Several things need to be done:
> - Defining BCP for network operators, ISP and users
> - Distribution of anti-spam tools for end user
No - that is up to the individual operators to package with their
products. I don't think this wg has any place trying to do that.
> - Reinforce awareness and capacity building by
> - Training of ISP personnel in security and spam handling
Once again the training thing - I would prefer to call it knowledge
sharing. There is no university degree that you can take in spam
prevention. People need to be coming together in their own regions and
discussing their experiences and sharing their solutions.
> - Formation of CSIRTs and CERTs - Computer Security and Incident
I think this would follow naturally out of the knowledge sharing
workshops and is something that was discussed at the ISPA Antispam meeting.
Once the 'spam fighters' of the different organizations get together and
meet face-to-face it become much easier for them to work together when
responding to incidents.
> - Establishing Anti-spam Taskforce
To do what?
> About Law
> The purpose of law is to provide deterrence, retribution and education,
> and to use as weapons injunctions, money judgment and imprisonment
The law should be deterring spammers and its not. The developments on
the internet unfortunately seem to continuously outrun that processes
for developing laws.
Every country (South Africa included) needs to have effective laws in
place to deal with spammers within its borders before we can ever
consider trying prosecute across borders.
> Simple mechanisms for complaint deposit and reporting, Online reporting
This is far from trivial. I would suggest that local industry bodies (eg
ISPA's) consider providing platforms for members to share information
about complaints in their local areas.
ISPA South Africa has been exploring this internally but it is still far
from ready for general public use.
> User education - Massive and widespread public education and awareness
> campaigns, using simple and easy to understand material preferably in
> the local language.
I have not been able to effectively educate even 10% of my own client
base about the issues around spam. In many cases they just don't care.
They want spam gone and they feel that this responsibility rests
entirely on the operators. This will be a long walk.
I hope that you can make use of my comments.
Apolix Internet Services
E-Mail/MSN/Jabber: graham at apolix.co.za Skype: grbeneke
VoIP: 087-750-5696 Cell: 082-432-1873
More information about the Afrispam-wg