|
| ||||||
China Anti-Spam InitiativeMeeting in U.S. |
|||||||
Summary |
On August 2nd following the CEAS conference in California, epresentatives of the Internet Society of China (ISC) met with an ad hoc collection of anti-spam workers, to discuss issues in reducing the significant volume of spam that involves China. ISC held preliminary discussions in Beijing, last Spring, so this meeting was intended as a continuation, but it significantly expanded the set of non-Chinese participation from the anti-spam community. The meeting began with a sequence of open discussions in four major areas:
This was followed by agreeing to specific actions to be taken, including:
| ||||||
Introduction |
The Internet Society of China (ISC) is a private organization based in Beijing whose charter is to "promote healthy development of the Internet in China and make it an active part of World Internet Community." The Society currently has about 150 members, including carriers, ISPs, manufacturers, research institutes, academic associations, universities, and some individuals. This meeting was for the purpose of initiating discussions between ISC and anti-spamming organizations. Attendees from ISC were:
Additional attendees in the conference room:
Remote Attendees via AIM or speakerphone:
The problem from the US side is that a substantial fraction of the spam received in US mailboxes is transmitted from China -- more than 10% according to AOL's statistics. Even worse are the large number of spamvertised web sites that are hosted in China. The problem from the Chinese side is that large swaths of the Chinese IP space are being black listed or black holed in the US, without warning or recourse, impacting ordinary users and innocent businesses. | ||||||
Open
|
Spam Coming From ChinaHost identificationA major problem is that whois and reverse-DNS information about Chinese IP Addresses is almost nonexistent, making almost the entire Chinese address space opaque. Most of the netblocks allocated to China are only identified by APNIC as being assigned to "China-Net". There is almost no information about delegation of IP space to individual ISPs. In addition, almost none of the addresses have reverse DNS records. Thus there is no way to identify dynamically assigned addresses and no way to determine the domain for a particular address. The lack of whois data also means there is no contact information, no one to report the problems to. And when a contact can be identified or guessed at, complaints about open relays or spamvertised web sites get no action. As a result, blacklisting is the only meaningful action that is available and it tends to get applied with a very broad brush. Everyone doing blacklisting dislikes this choice and would much rather find ways to resolve problems at its source. Some groups within China Telecom have been very helpful, but that has been the exception. A high priority should be to provide reverse DNS for dynamically assigned addresses, and to use specific domain naming techniques. It would also help for legitimate servers to have reverse DNS records that are accurate. There are only two telecom providers in China, but thousands of ISPs, most of them small. It is taking a long time to educate ISPs on best practices, and there has been a greater interest in connectivity than in operations education. Also, China does not yet have anti-spam laws. This can make it difficult to convince some operators that this is a problem worth spending resources to fix. There was discussion about containing zombies such as by port 25 blocking or even disabling port 25 entirely, and forcing clients to use port 465 (smtps). Of course, this creates the issue of changing many millions of email clients. Spam web sitesISC said that they understand the issue of spamvertised web sites. What they need is a channel to get information from users who have received spam. Acceptable Use Policies (AUPs) and Service StandardsMost Chinese ISPs have adequate service standards, but there is a user education problem: users change ISPs very frequently, and most don't read the standards. They just click on the "accept" button. However spammers do not read service standards, so the main purpose of Service Standards is to educate the Chinese ISPs and to give them a basis for enforcement.
| ||||||
Actions |
What We Can Do Now1. Communication Going ForwardThree mailing lists were suggested:
Concerning legislative efforts, IS noted that over 90 organizations met in Beijing, in April, to push for legislation to control spam. Another meeting is scheduled for September. At present, nothing exists except proposals, and there is a lot of legislation in the government's queue that is ahead of spamming.
|
||||||
|
|||||||
Comments concerning this site should be sent to: webmaster@mipassoc.org |