My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers.
Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere. This OECD paper outlines what developing economies can do to combat spam on their own, as well as various possible ways in which developed economies can contribute their expertise and resources to help developing economies fight spam. Here is an overview of these recommendations for developing economies against spam:
Putting in place technical solutions - The best possible solution that can be hoped for is that large amounts of spam that are sent to the ISP's users are rejected at the ISP's mail gateways and prevented from entering the ISP's network. ISPs that do even basic filtering of spam on their MXs (Mail Exchangers, servers that handle inbound e-mail traffic for a domain) will see a tremendous drop in spam that reaches their customers' mailboxes – about 50% of the incoming spam can be filtered out using a very basic and easy to deploy set of filters.
Open Source software solutions - In developing economies there are several local and international initiatives that encourage the use of Free/Libre and Open Source Software (FLOSS) alternatives to expensive legal versions of non-free software.
Formation of CSIRTs and CERTs - Computer Security and Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs), at the organisational, national and regional levels help organise an effective and efficient response to individual computer security incidents, widespread security vulnerabilities (such as the spread of a worm or virus) and incident co-ordination throughout the region.
Training of ISP personnel in security and spam handling - ISP personnel in developing countries are, quite often, comparatively less skilled, not because of an actual lack of knowledge, but because they may not be as well trained in issues specific to practical systems and network administration, and tend not to remain abreast of current trends in their field of work, such as by participation in mailing lists, newsgroups and online discussion forums on these subjects.
Anti-spam policy setting and enforcement for ISPs - ISPs must strive to discourage spammers from abusing their services to send out spam. Unfortunately, there is a strong perception among at least some ISPs that anti-spam policy enforcement teams are cost centres rather than profit centres, and that customers, even spammers, are valuable sources of revenue.
International co-operation, and the role of regional organizations - In the fight against spam as for other Internet issues, it is essential that we combine the relevant skills of various bodies to best effect, to maximize success.
International co-operation on an ISP to ISP level - ISPs in developing economies must integrate themselves further with their peers in other economies.
International co-operation at an industry and end-user level - Businesses must reach out to ISPs and ISP associations, associations of computer users, such as local PC user groups, as well as international organisations such as ISOC that have a worldwide presence and a focus on several ICT issues that are substantially congruent with other stakeholders in this issue.
Legislative and regulatory framework to deal with spam - Several countries have already called for the development of an international framework to fight spam. Some have even suggested the signature of a 'Global MoU' on spam, and possibly, in the future, something structured on the lines of the Berne Convention or the Geneva Convention. However, such instruments will take a very long time to put in place, and moreover would be rendered meaningless if not backed by a strong legislative and regulatory set of anti-spam measures at the national level, which would then allow international co-operation to be effective. Therefore, countries that have not done so yet must expedite the implementation of a comprehensive legislative and regulatory framework to deal with spam, as well as associated computer crime issues, such as hacking, forgery of e-mail headers or other information, etc.
User education - Massive and widespread public education and awareness campaigns, using simple and easy to understand material such as cartoon strips, posters and ads will be needed, preferably in the local language, as not many Internet users in developing economies are likely to be comfortable with English.
By Suresh Ramasubramanian, Architect, Antispam and Compliance
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection