Mutual Internet
Practices Asssoc.

Home
 About Scope
Current
Contact
 

 

China Anti-Spam Initiative

Meeting in U.S.
Aug, 2004

Summary

On August 2nd following the CEAS conference in California, epresentatives of the Internet Society of China (ISC) met with an ad hoc collection of anti-spam workers, to discuss issues in reducing the significant volume of spam that involves China. ISC held preliminary discussions in Beijing, last Spring, so this meeting was intended as a continuation, but it significantly expanded the set of non-Chinese participation from the anti-spam community.

The meeting began with a sequence of open discussions in four major areas:

  • Spam from China to the US
  • Spam to or within China
  • Complaint Processing in China
  • Anti-spamming standards

This was followed by agreeing to specific actions to be taken, including:

  • Communications going forward
  • Abuse reporting standards and practice
  • Escalation and emergency contacts
  • Language translators
  • Creation of a team to monitor progress
  • Any obvious "can fix now" problems

Introduction

The Internet Society of China (ISC) is a private organization based in Beijing whose charter is to "promote healthy development of the Internet in China and make it an active part of World Internet Community." The Society currently has about 150 members, including carriers, ISPs, manufacturers, research institutes, academic associations, universities, and some individuals.

This meeting was for the purpose of initiating discussions between ISC and anti-spamming organizations.

Attendees from ISC were:

  • Chen Shi Feng
  • Liu Liang
  • Li Zenghai

Additional attendees in the conference room:

  • Steve Atkins, Word to the Wise (meeting chair)
  • Miles Libbey, Yahoo
  • Mark Delany, Yahoo (supplied meeting room)
  • Karl Swartz, MAPS
  • Yifun Liang, MAPS
  • Carl S. Gutekunst, Habeas (wrote meeting notes)
  • Kingston Hui, Microsoft Hotmail
  • Aaron E. Kornblum, Microsoft
  • Laura Atkins, Word to the Wise (scribed to AIM)

Remote Attendees via AIM or speakerphone:

  • Carl Hutzler, AOL (supplied conference phone)
  • Jon Lewis
  • Ambika Gadre, Ironport
  • Dave Crocker, Brandenburg InternetWorking (meeting organizer)
  • Matthew Sullivan, SORBS

The problem from the US side is that a substantial fraction of the spam received in US mailboxes is transmitted from China -- more than 10% according to AOL's statistics. Even worse are the large number of spamvertised web sites that are hosted in China.

The problem from the Chinese side is that large swaths of the Chinese IP space are being black listed or black holed in the US, without warning or recourse, impacting ordinary users and innocent businesses.

Open
Topics

Spam Coming From China

Host identification

A major problem is that whois and reverse-DNS information about Chinese IP Addresses is almost nonexistent, making almost the entire Chinese address space opaque. Most of the netblocks allocated to China are only identified by APNIC as being assigned to "China-Net". There is almost no information about delegation of IP space to individual ISPs. In addition, almost none of the addresses have reverse DNS records. Thus there is no way to identify dynamically assigned addresses and no way to determine the domain for a particular address. The lack of whois data also means there is no contact information, no one to report the problems to. And when a contact can be identified or guessed at, complaints about open relays or spamvertised web sites get no action.

As a result, blacklisting is the only meaningful action that is available and it tends to get applied with a very broad brush. Everyone doing blacklisting dislikes this choice and would much rather find ways to resolve problems at its source. Some groups within China Telecom have been very helpful, but that has been the exception.

A high priority should be to provide reverse DNS for dynamically assigned addresses, and to use specific domain naming techniques. It would also help for legitimate servers to have reverse DNS records that are accurate.

There are only two telecom providers in China, but thousands of ISPs, most of them small. It is taking a long time to educate ISPs on best practices, and there has been a greater interest in connectivity than in operations education. Also, China does not yet have anti-spam laws. This can make it difficult to convince some operators that this is a problem worth spending resources to fix.

There was discussion about containing zombies such as by port 25 blocking or even disabling port 25 entirely, and forcing clients to use port 465 (smtps). Of course, this creates the issue of changing many millions of email clients.

Spam web sites

ISC said that they understand the issue of spamvertised web sites. What they need is a channel to get information from users who have received spam.

Acceptable Use Policies (AUPs) and Service Standards

Most Chinese ISPs have adequate service standards, but there is a user education problem: users change ISPs very frequently, and most don't read the standards. They just click on the "accept" button.

However spammers do not read service standards, so the main purpose of Service Standards is to educate the Chinese ISPs and to give them a basis for enforcement.


Spam To and Within China

Spam within China is a significant problem. It comprises approximately 50% of all home email is spam, and about 70% of all enterprise email. Most of it is in Chinese, originating from within China. There seems to be very little spam directed to China originating in the US


Complaint and Abuse Desk Processing

It is very difficult to report spam problems to Chinese ISPs and to get them resolved.

Similarly, when a Chinese ISP is blacklisted, they have trouble finding someone in charge of that list, and even more trouble getting the IP Address (range) removed from it. There are some 250 - 500 blacklists in the US, each with its own removal procedures. Sites that support multiple RBL searches were named.

AOL gets a lot of spam and can provide "trouble" lists that identify problem IP address in China. ISC could work directly with AOL to find out which addresses are sources of spam.

For spam reporting, ISC has a web page (in Chinese) for making complaints. ISC analyzes each complaint, forwarding it to ISC's anti-spam group for further action. The complaint is sent to the Service Provider, who then reports back to ISC.

ISC creates a blacklist based on how the Service Provider responds. Apparently the blacklist is a Microsoft Word document that gets updated only annually. The most recent list was published in December 2003 and lists 62 addresses within mainland China.

It might be possible for ISC to use tools like spamcop, to report spam. However spamcop relies on the whois data for reporting, and so it would not currently be very helpful.


Standards Efforts

MAPS' lists include: Open Relays (RSS), Open Proxies (OPS), Dynamic Addresses (DUL), Realtime Blackhole List (RBL), and non-conforming mailing list list (NML).

MAPS described the different kinds of lists they maintain: Open Relays (RSS), Open Proxies (OPS), Dynamic Addresses (DUL), Realtime Blackhole List (RBL), and non-conforming mailing list list (NML). These are described in detail on their Services page.

One possibility is to create a standard format for spam reporting. Also, ISC could work to get all China Service Providers to support the abuse@{provider}.cn role mailbox.

Due to language barriers, it could be useful to design a language independent template for reporting spam, and seek IETF standardization.

It would be helpful for Chinese Internet experts to get more involved in the IETF. Language might be a problem, so that informal "sub" working groups, could hold discussions in the local language and then have a moderator report back to the main working group list in English.

ISC pointed out that Chinese users respond to spam differently. They do not complain about it and don't get upset about it the way Americans do. Most just delete it, but some reply, and some respond to the ads.

Actions

What We Can Do Now

1. Communication Going Forward

Three mailing lists were suggested:

  • An "I have a problem" help request list. System administrators for different large providers could broadcast requests for stubborn connectivity problems.
  • A standards engagement list. This would help get ISC members integrated into the IETF. This list might be designed to go away if it's successful. (One of the MAPS people referred to it as a "temporary list for solving long term problems.")
  • An oversight team. This would be a small coordinating group, comprising Chinese and non-Chinese participants to facilitate the various initiatives.

Concerning legislative efforts, IS noted that over 90 organizations met in Beijing, in April, to push for legislation to control spam. Another meeting is scheduled for September. At present, nothing exists except proposals, and there is a lot of legislation in the government's queue that is ahead of spamming.


2. Abuse Reporting Standards and Practice

It was suggested that ISC get involved in the IRTF ASRG groups that are work on reporting standards. The ASRG url is:

<http://irtf.org/charters/asrg.html>.

For calling serious problems to ISC's attention, ISC will set up a role alias named:

<spamhelp@isc.org.cn>.

(Post-meeting update: the alias has been established.)


3. Escalation and Urgent Contacts

It would be very helpful to establish some contacts for resolving emergencies, such as attacks in progress, outages, and other problems that required immediate attention and where role aliases are unlikely to work. Several people related their own experiences of having individuals within other organizations that they knew they could contact directly when everything else failed.

ISC promised to discuss this offline and to respond.

4. Language Translations

Several people asked about having language translators available. ISC responded that this would take money, and money wasn't going to be available until the anti-spam legislation passed.

5. Oversight Team

We agreed that, for now, the "oversight list" would consist of the people attending the meeting.

6. Obvious "Can Fix Now" problems

Nothing was added here to the list of things we already need to work on, such as getting reverse DNS and whois working.

Next

Dave Crocker is going to schedule another meeting at the Beijing Internet workshop in September

 

 

  
 
Comments concerning this site should be sent to: webmaster@mipassoc.org