Security

Global And Chinese Industry Leaders Voice Different Concerns During China's International Anti-Spam Summit

Today, China's Internet Society held the China International Anti-Spam Summit in Beijing as a part of the China Internet Conference 2004. In what one visitor hailed as "the largest gathering of top ISPs and international anti-spam people I have ever seen in Beijing," China's top government agencies like the Ministry of Information Industry and the Public Security Bureau met with representatives from Spamhaus, the United States Federal Trade Commission, OECD, the Australian Internet Industry Association, Microsoft, AOL, International Telecommunications Unit, and Outblaze.

Speakers made presentations to an audience of over 200 during the Summit, which ran virtually non-stop throughout the day. Representatives from Yahoo, Microsoft, and eBay also signed a memorandum of understanding with the China Internet Society to work together to stop the spread of spammers in Asia.

"I think it's wonderful that the Internet Society of China has organized such a great event with key anti-spam professionals and policymakers from around the world," said a representative in China for Spamhaus, the largest non-profit organization in the world that works to combat unsolicited commercial and bulk email. "Communication is the key to working through global problems like spam and setting up conduits like today is a fantastic way for all of us to share resources."

Despite the presence of light-hearted animation and graphics on delegates' presentations, the issues raised over the course of the day were quite the opposite, as, one after another, speakers related their sobering experiences with spam, and recommendations for Chinese and international companies to stop the spread of unsolicited bulk email.

One of the first people to make an address was Hugh Stevenson from the Federal Trade Commission (FTC), who introduced the international audience to the FTC's approach to spam, and the lessons they had learned.

"One of the problems with spam is that it arises from those same aspects of email that are really good," said Stevenson, commenting that the global nature, and quick speed of email add to problems the FTC faces when tracking spammers. Nonetheless, the FTC is proud of the more than 60 lawsuits it has filed that relate to spam, covering: spoofing, phishing, fake 'remove me' links, deceptive 'subject' or 'from' lines, and false claims.

The main problem the FTC faces, however, is finding the wrongdoers, and Stevenson acknowledged that greater spam awareness and cooperation between companies and governments was vital. Currently the FTC is making an international effort called "Operation Secure Your Server" to educate overseas owners of open relays and open proxies on how to protect their servers from abuse, and their next potential project for international education concerns 'Zombie Drones,' but Stevenson admitted that there was much more that could be done. "The important factors to think about are building domestic enforcement, getting private sector assistance, looking for common ground between countries, and, of course, sharing information."

These were all points that OECD representative, Michael Donohue, voiced during his introduction to "Building International Cooperation Against Spam." Despite being an inter-governmental organization covering 30 countries, Donohue agreed that the OECD faces many of the same challenges as the FTC when dealing with spam. "Sending spam is cheap, and you can do it on the move. It's hard to tell where it originates, and it's hard to find where spammers themselves are located," Donohue warned.

"The problems caused by spam have reached such a pitch that international cooperation is a critical element of a response," he continued.

However the head of the Internet Society of China's Anti-Spam Task Force, Li Yuxiao, voiced very different concerns. He was primarily focused on getting China's many Internet Protocol (IP) addresses out of the blacklists that cause much of Chinese email to be blocked around the world. Li said, "In the future hopefully IP ranges will not be blocked. Instead hopefully organizations will only block specific IPs that cause problems and it's a pity that now the situation is such that many innocent servers are also blocked in China."

The Spamhaus organization controls the world's largest list of IP addresses of spam servers and the Spamhaus representative said that though Mr. Li voiced valid complaints, it would still be difficult to implement those changes in the current environment. The Spamhaus representative said, "We've found that spammers do not use the same IP address for long periods of time, but instead they jump to different IPs along the same range of IPs. In the past we have found the best deterrent was to stop email from an entire range instead of blocking specific IPs. However if China and other countries can find a way to stem the flow of spam and stop spammers from jumping within a range we can always look at different ways of blocking unsolicited bulk email."

Spamhaus statistics show that China is second to the United States in the amount of spam originating in the country. However the organization has said that though China is one of the world's highest generators of spam, the people sending the spam are usually not Chinese. Rather, the spammers utilizing Chinese servers and IPs are often people from other countries.

Li said, "Blocklists have no definite standards and their coverage is too wide. The update cycle is often too long and can be as long as one year. This is not a viable period of time because some Chinese server managers have changed their conduct and cleaned their IP addresses but the blocklist won't reflect this because it is not updated quickly enough. ISPs and ICPs should cooperate to stop spam instead. Government can also be a counterweight and provide a legal environment to protect consumers' rights."

The Internet Society of China has published its own list of blocked IP addresses at least four times in the last three years. Its recent blocklist issued in early 2004 was widely derided in the global anti-spam community because the list contained servers outside of China owned by anti-spam companies and individuals that had been critical of China's technology policies in the past.

Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to a friend