ITU "spam" summit concludes in Geneva

[David Farber <dave () farber net>]

From: Suresh Ramasubramanian <suresh () hserus net>
Date: July 11, 2004 3:30:06 AM PDT
To: David Farber <dave () farber net>
Cc: dewayne () warpspeed com, fmaia () texas net
Subject: Re: [IP] ITU "spam" summit concludes in Geneva

Hi

I was a speaker at the ITU/WSIS thematic meeting on spam, and chaired 
the
session on technical solutions to spam, where one of the speakers on my
panel was Dr.John Levine, chair of the IRTF's ASRG (anti spam research
group - http://asrg.sp.am).

What I and several others have been pointing out in various articles, 
and at
various antispam conferences, is that there is no silver bullet for 
spam -
and certainly, technical solutions are not the one true solution. All 
you
get is the classic situation of a better mousetrap being followed by the
evolution of smarter mice.  I am glad that the ITU meeting reached a 
very
similar conclusion, followed by concrete steps that were proposed to 
deal
with this menace.

There was a near universal consensus among the speakers at this meeting 
that
you needed a combination of solutions, including

* Better antispam laws.  Sensible antispam laws like the Australian law 
for
choice, not the loophole ridden CAN-SPAM and similar laws.

* Stronger antispam policies at ISPs, and their enforcement.  This is 
going
to be the key to eradicating spammers.  Getting telecom regulators and
governments involved in this means that we just might be able to apply a
really effective lever on recalcitrant ISPs to develop and enforce 
antispam
policies.

Both laws and policies are no good till they are enforced. In the case 
of
laws, you need an enforcement authority (say the police, or the FTC or 
its
equivalent in different countries) who -

* Understands the issue, and the tools / techniques used by spammers

* Has sufficient money and human resources to assign officers to 
investigate
and follow up on issues brought to their attention.

* Technical solutions that try to stop spam as best as they can without 
the
"collateral damage" of blocking legitimate email at the same time.  
This, on
the whole, tends to be an idealized golden mean in spam filtering. Spam
filters, for various reasons, tend to get a bit broader than is ideal - 
no
surprise there, as a spammer on a network can send out far more spam in 
a
day than all the legit users on that network can send out in a whole 
month.

* Education.

Awareness among the legitimate email marketers about what is and what 
isn't
acceptable in marketing by email where the recipient pays for 
everything, so
email marketing, if unsolicited, is the equivalent of sending postal 
junk
mail postage due, recipient pays.

Awareness among regular users on how to react to spam in their inboxes, 
how
not to fall for email scams (nigerian letters, bank password theft scams
etc)

The deadline of 2006 set by the ITU sounds a trifle optimistic but we do
need to have a deadline, in order to implement a whole set of steps that
will lay the foundation for a global effort to mitigate the spam 
problem.
[note: not eradicate - spam is about as likely to be eradicated as, say,
cockroaches are]

I have organized antispam conferences in the asia pacific region 
(please see
http://www.apcauce.org) every six months for the past two years, and 
these
have been quite productive wrt getting some policies in place, and in
getting ministries, internet regulators etc from the asiapac region
(particularly places like China and Korea, as well as Australia, NZ 
etc) to
exchange ideas and coordinate efforts. The education angle is also 
covered
as the speakers include several people who have been involved with email
systems for years if not decades, such as Dave Crocker, author of RFC 
822
among other things.

The most important takeaway from the ITU conference is that the ITU is, 
as
an umbrella organization that maintains links and working relationships 
with
a whole lot of other organizations in the telecom and internet sector,
suitably placed to help spread this common approach to dealing with 
spam,
and to formally or informally coordinate worldwide efforts to deal with
spam.

Otherwise, antispam efforts have tended to resemble the story of the 
blind
men and the elephant, where each effort grabs hold of some body part of 
the
elephant (the trunk, the leg, the tail ...) and only feels / looks at 
that
part of the system rather than taking a world view.  That, and these
uncoordinated efforts tend to pull in several different directions so 
that
various contradictory and mutually self canceling efforts get deployed 
in
various places.

Personally, I wish the ITU luck, and plan to contribute to their 
efforts to
the best of my ability.

regards
--srs

Coordinator, CAUCE Asia Pacific--
Suresh Ramasubramanian | suresh () hserus net | gpg EDEDEFB9
email sturmbahnfuehrer | lower middle class unix sysadmin


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/