Committed to connecting the world

ICTs for a Sustainable World #ICT4SDG

Contribution Feb 2013 Text Display Screen



Name : HICKSON, Nigel
Date : October 15, 2013
Organization : ICANN
Country : Brussels
Issues : Issue 1

Contribution :

Background

The Internet Corporation for Assigned Names and Numbers (ICANN) would like to applaud the Council Working Group on International Internet-Related Public Policy (CWG-Internet) for allowing all stakeholders this opportunity to provide input in response to Issue 1, effectively countering and combatting spam (also known as unsolicited electronic messaging).[1]

By examining inputs from individuals and organizations in the ecosystem actively engaged in countering and combatting unsolicited electronic messaging, CWG-Internet will have a better understanding of the current status of the debate between and within the multistakeholder organizations.

ICANN recognizes that unsolicited electronic messaging continues to be a problem for many in the Internet ecosystem, be they governments, enterprises, non-commercial entities, or individual Internet users. Yet the fight against unsolicited electronic messaging has produced some notable successes. Overall, many in the ICANN community have recognized significant gains against unsolicited electronic messaging. Although this is not an issue within ICANN's technical mission, it is an important one for many stakeholders who participate at ICANN. ICANN recognizes the need to focus resources on the issue, especially to protect more vulnerable users. A variety of initiatives and resources stand ready to assist in this regard.

The June 2013 Quarterly Threat Report from McAfee found the first increase in global spam volume in more than three years (driven largely by popular fake stock market scams, a surge in growth hormone offers, and an escalation of unsolicited electronic messaging campaigns in emerging markets).[2] However, overall trends show a marked decrease in unsolicited electronic messaging over the past several years. According to ITU's own report published following the ITU Workshop on Countering and Combating Spam:

"Takedowns of major botnets have proven to be effective in reducing spam; those actions were made possible thanks to cooperation between industry and government law enforcement agencies. In particular, the tide was turned in 2010 and the volume of spam has been dramatically reduced since then."

Further reinforcing such perspective, to a 2013 report by Trustwave that spam levels shrank in 2012 to a level lower than it was in 2007.[3] The report's findings are based on an index called Spam Volume Index (SVI), which tracks changes in the weekly volume of spam received by a representative bundle of domains.

ICANN Role and Perspective

ICANN facilitates the security, stability and resiliency of the Internet's unique identifier systems through coordination and collaboration. Anti-spam and messaging abuse involving the content of an email message, ftp file, or web page generally fall outside of ICANN's policy-making scope and technical remit in the Internet's naming, numbering and addressing system.

ICANN does, however, recognize the importance of this issue and thus the significant role of a variety of other stakeholders, initiatives, and resources that stand at the ready. We encourage members of CWG-Internet to consider these existing initiatives and resources when identifying tools to effectively counter and combat spam.

Two agreements adopted this year provide new tools for the community to reduce abusive behavior leveraging Internet naming and addressing. Section 3.18 of the 2013 Registrar Accreditation Agreement obligates ICANN accredited registrars to maintain accurate information and publish an abuse contact "to receive reports of illegal activity by law enforcement, consumer protection, quasi-governmental or similar authorities designated from time to time by the national or territorial government of the jurisdiction in which the registrar is established or maintains a physical office. Well-founded reports of illegal activity submitted to these contacts must be reviewed within 24 hours by an individual who is empowered by the registrar to take necessary and appropriate actions in response to the report."

The 2013 generic Registry Agreement also requires new generic top-level domain (TLD) registry operators to maintain an abuse contact for handling inquires related to malicious conduct in a TLD. As new registry operators begin offering services to Internet users in the near future, ICANN believes these tools will provide an effective means to report and mitigate abusive behavior, including unsolicited electronic messages that may be sent utilizing Internet names and addresses.

Available Initiatives and Resources to Counter Unsolicited Electronic Messaging

The following offers a non-exhaustive but demonstrative list of the types of activities, initiative, and resources available to policymakers.

1. Inter-governmental initiatives and resources:


- London Action Plan [4]
- European Contact Network of Spam Enforcement Authorities [5]
- OECD Anti-Spam Toolkit [6]

2. National government initiatives and resources:

- Government of Australia Anti-Spam [7]
- Government of Mauritius Anti-Spam [8]
- Government of Saudi Arabia Anti-Spam [9]
- Internet Society China Anti Spam Center [10]
- ITU Survey of Anti Spam Legislation Worldwide [11]
- Hong Kong Unsolicited Electronic Messages Ordinance (2007, http://www.ofca.gov.hk/en/consumer_focus/uemo/index.html)
- New Zealand Unsolicited Electronic Messages Act of 2007, http://www.legislation.govt.nz/act/public/2007/0007/latest/DLM405134.html)

3. Numbering Authority initiatives and resources:


- NIC.br Anti-spam [12]
- RIPE Anti-abuse Working Group [13]

4. Industry initiatives and resources:


- M3AAWG [14]
- ETIS Anti-Spam Task Force [15]
- Project Honeypot [16]
- Spamhaus [17]
- SpamCop [18]

5. Volunteer/Civil Society initiatives and resources:


- Internet Society Combating Spam Project[19]
- Coalition Against Unsolicited Commercial Email (CAUCE) [20]
- IRTF Anti-spam Research Group [21]
- SpamAssassin [22]

6. Media resources


- AllSpammedUp [23]


******

ICANN (www.icann.org) is an international, non-profit entity, responsible for managing the technical coordination of the Internet's unique identifiers: the domain name system and IP addresses. ICANN operates in a bottom-up, consensus-based, multi-stakeholder approach towards its mission.

Footnotes

[1] We recommend use of "unsolicited electronic messaging" in place of the term 'spam' (see http://www.rfc-editor.org/rfc/rfc2635.txt, http://www.ripe.net/ripe/docs/ripe-409, ICC Policy Statement on Spam and Unsolicited Commercial Electronic Messages, http://intgovforum.org/Substantive_1st_IGF/spam.pdf) Future references to spam may more accurately capture the nature of the problem utilizing this terminology.

[2] http://www.mcafee.com/us/about/news/2013/q2/20130603-01.aspx

[3] Trustwave Global Security Report 2013

[4] http://londonactionplan.org/

[5] http://europa.eu/rapid/press-release_IP-05-146_en.htm?locale=en

[6] http://www.oecd.org/sti/ieconomy/36494147.pdf

[7] http://www.acma.gov.au/Industry/Marketers/Anti-Spam

[8] http://www.gov.mu/portal/sites/spamweb/try/index.htm

[9] http://www.spam.gov.sa/eng_docs2.htm

[10] http://www.12321.org.cn/

[11] http://www.itu.int/osg/spu/spam/legislation/Background_Paper_ITU_Bueti_Survey.pdf

[12] http://www.antispam.br/

[13] http://www.ripe.net/ripe/groups/wg/anti-abuse

[14] http://www.maawg.org/

[15] http://www.etis.org/groups/anti-spam-task-force

[16] https://www.projecthoneypot.org/index.php

[17] http://www.spamhaus.org/

[18] http://www.spamcop.net/

[19] http://www.internetsociety.org/what-we-do/policy/combating-spam-project

[20] http://www.cauce.org/

[21] http://asrg.sp.am/

[22] http://spamassassin.apache.org/index.html

[23] http://www.allspammedup.com/