Home / Blogs

Actions Required by Developing Economies Against Spam

Suresh Ramasubramanian

My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers.

Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere. This OECD paper outlines what developing economies can do to combat spam on their own, as well as various possible ways in which developed economies can contribute their expertise and resources to help developing economies fight spam. Here is an overview of these recommendations for developing economies against spam:

Putting in place technical solutions - The best possible solution that can be hoped for is that large amounts of spam that are sent to the ISP's users are rejected at the ISP's mail gateways and prevented from entering the ISP's network. ISPs that do even basic filtering of spam on their MXs (Mail Exchangers, servers that handle inbound e-mail traffic for a domain) will see a tremendous drop in spam that reaches their customers' mailboxes about 50% of the incoming spam can be filtered out using a very basic and easy to deploy set of filters.

Open Source software solutions - In developing economies there are several local and international initiatives that encourage the use of Free/Libre and Open Source Software (FLOSS) alternatives to expensive legal versions of non-free software.

Formation of CSIRTs and CERTs - Computer Security and Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs), at the organisational, national and regional levels help organise an effective and efficient response to individual computer security incidents, widespread security vulnerabilities (such as the spread of a worm or virus) and incident co-ordination throughout the region.

Training of ISP personnel in security and spam handling - ISP personnel in developing countries are, quite often, comparatively less skilled, not because of an actual lack of knowledge, but because they may not be as well trained in issues specific to practical systems and network administration, and tend not to remain abreast of current trends in their field of work, such as by participation in mailing lists, newsgroups and online discussion forums on these subjects.

Anti-spam policy setting and enforcement for ISPs - ISPs must strive to discourage spammers from abusing their services to send out spam. Unfortunately, there is a strong perception among at least some ISPs that anti-spam policy enforcement teams are cost centres rather than profit centres, and that customers, even spammers, are valuable sources of revenue.

International co-operation, and the role of regional organizations - In the fight against spam as for other Internet issues, it is essential that we combine the relevant skills of various bodies to best effect, to maximize success.

International co-operation on an ISP to ISP level - ISPs in developing economies must integrate themselves further with their peers in other economies.

International co-operation at an industry and end-user level - Businesses must reach out to ISPs and ISP associations, associations of computer users, such as local PC user groups, as well as international organisations such as ISOC that have a worldwide presence and a focus on several ICT issues that are substantially congruent with other stakeholders in this issue.

Legislative and regulatory framework to deal with spam - Several countries have already called for the development of an international framework to fight spam. Some have even suggested the signature of a 'Global MoU' on spam, and possibly, in the future, something structured on the lines of the Berne Convention or the Geneva Convention. However, such instruments will take a very long time to put in place, and moreover would be rendered meaningless if not backed by a strong legislative and regulatory set of anti-spam measures at the national level, which would then allow international co-operation to be effective. Therefore, countries that have not done so yet must expedite the implementation of a comprehensive legislative and regulatory framework to deal with spam, as well as associated computer crime issues, such as hacking, forgery of e-mail headers or other information, etc.

User education - Massive and widespread public education and awareness campaigns, using simple and easy to understand material such as cartoon strips, posters and ads will be needed, preferably in the local language, as not many Internet users in developing economies are likely to be comfortable with English.

By Suresh Ramasubramanian, Architect, Antispam and Compliance

Related topics: Security, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: Actions Required by Developing Economies Against Spam Suresh Ramasubramanian  –  May 29, 2005 8:49 PM PDT

Here's a direct link to the paper, in pdf format - http://www.oecd.org/dataoecd/5/47/34935342.pdf

Re: Actions Required by Developing Economies Against Spam Mathew Varghese  –  Nov 11, 2005 7:05 PM PDT

Stopping spam / virus / brute force hack attempts originating from specific IP blocks is very simple, if IP allocation agencies like ARIN, APNIC take the responsibility!

All that is needed is, when IP allocation agencies like ARIN / APNIC allocate IP blocks to ISP's they should collect a security deposit. Then provide a simple web form interface to report IP misuse - the form should contain a field for IP and to another to paste the header of spam e-mail originating from the IP or log of brute force attacks originating from the IP etc.

Abuse reports can be processed automatically with simple parse algorithms and the ISP is sent an automated e-mail to check the IP address being misused. This will enable the ISP to contact the offending IP user and ask them to secure the system and stop the spam / virus issue. If the ISP does not respond and the number of spam reports cross a set threshold then the ISP is fined $10 this is a fairly low amount and the ISP can possibly collect this amount from the offending IP user.

A small fine of even $10 will have a cascading effect, nobody like paying fines! Users will start demanding more secure software from vendors and will hire experienced system admins to secure computers connecting to the internet.

Within 18 months of implementation spam and virus spreading through the internet will become very rare occurrence, anyone listening?

Re: Actions Required by Developing Economies Against Spam Suresh Ramasubramanian  –  Nov 12, 2005 8:28 PM PDT

Damn. I wish it were that simple.

Start with finding an abuse reporting format that is machine parseable (http://www.mipassoc.org/arf/ is a start but its still useful only for provider to provider aggregation of reports and not for general use)

Then try to introduce RIR policy in this kind of situation.  The most that RIRs can (and generally will) do is to educate people and bring them together

But they dont have nearly as big a stick as you think they do.

Re: Actions Required by Developing Economies Against Spam Mathew Varghese  –  Nov 12, 2005 11:26 PM PDT

http://www.mipassoc.org/about.htm

Registries
Registry services, like APNIC, ARIN and RIPE, assign entries into tables. They typically specify good practice for organizations assisting in the assignment process. However their scope is limited to the operation of the registries.

------8<----------------------------------------------

The above paragraph defines the problem.....

Origin of all IP address abuse (spam / virus / dos attacks) is because the IP allocation registries do not take the responsibility to ensure that IP address are not abused by the ISP's (and their customers) to whom the IP blocks are allocated.

The only possible solution to fix IP address abuse is for the IP registries to take the responsibility.

It is *simple* for the IP registries like APNIC, ARIN and RIPE to implement a abuse reporting system and enforce compliance from ISP's. All that is required is few servers to run the abuse reporting system and few staff < 10 per registry, to co-ordinate the effort with ISP's. The cost of implementing the system can be easily added to the cost of allocating IP address blocks. The total cost will work out to be < $1 per IP address per year.

Re: Actions Required by Developing Economies Against Spam Suresh Ramasubramanian  –  Nov 13, 2005 12:07 AM PDT

It is not as simple as you think it is.  However it is an interesting idea that you might want to take before arin / apnic at one of their meetings .. the best place to start with if you're in India, would be the apnic open policy meeting which will be held at the next apnic (perth, feb 2006).

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Smokescreening: Data Theft Makes DDoS More Dangerous

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Sponsored Topics