ISPA’s Antispam Activities

Bretton Vine, Future Foundationbretton@ff.co.za / bretton@ispa.org.za

Background

• ISPA launches SpamJam meetups in 2009– BoF session for spam, abuse desks, IP reputation etc– And free beer!

• First Hall of Shame spammer report also released in 2009– 1. Database Development– 2. Dynamic Seminars– 3. James Munro– 4. The Peer Group– With a 5th party having signed an undertaking for removal just after

public release of the report

How it works

• ISPA members and trusted 3rd parties submit samples of South African spam to a reporting address

• Then at timed intervals, a set of listing criteria applied– Must have received from X different sources– Must all be within 30 days of each other– Clear indication of spam

• Producing a list of spammers with email addresses, domain names, IP addresses for the period under examination

• ISPA’s Antispam WG signs off on the report after checking it• Hall of Shame report published on ISPA website with email

addresses and domain names• Note: ISPA does not advise using the information to block

senders but this is the common practice, including use in a commercial product

Removals

• Listed spammers can be removed by signing an undertaking to observe best practice in the sending of commercial email– Opt-in only– No purchased addresses lists– Commitment to remove complainants– Failure to adhere to undertaking (repeat submissions as evidence) lead

to a listing for 3 years

• Roughly 1 in 15 listed spammers sign undertaking and get removed

• With at least half of those becoming repeat offenders– One party signed undertaking and resumed their mail shots 20mins

later!!

Objections

• One party (an ISP and bulk email provider, but not an ISPA member) turned to the Competition Commission– “ISPA was being anticompetitive as ISPA members also send bulk email”– Case dismissed

• Another party, Ketler, took ISPA to the high court citing defamation– Ketler failed to pitch up in court, continued spamming till March 2014– Case dismissed with costs, marked reportable as well– But Judge rapped ISPA over knuckles for process

(lack of notifying spammers of listing)– Ketler Paid a settlement of ~R65,000 earlier in 2014 against costs order

of ~R75,000– Signed a 2nd undertaking to become a model bulk mail sender– But will not be removed from report till 2017

Consequences

• Spam reporting system is mostly automated but still requires human review of every submitted spam sample

• As a result of the court case changes are underway to automatically notify– The parties accused of spamming– The abuse addresses for the sending host– ISPs, in particular ISPA members, even if submissions don’t meet listing

criteria– But this is fraught with problems as spammers often change their

details and many spam-friendly providers ignore abuse notices– Will rely heavily on providers wanting to protect their network

reputation

• Public submissions are also in the works provided ‘antispam activists’ register with ISPA beforehand

Questions

• Any questions?