|
Background
The Internet Corporation for
Assigned Names and Numbers (ICANN) would like to applaud the Council Working
Group on International Internet-Related Public Policy (CWG-Internet) for
allowing all stakeholders this opportunity to provide input in response to
Issue 1, effectively countering and combatting spam (also known as unsolicited
electronic messaging).[1]
By examining inputs from individuals
and organizations in the ecosystem actively engaged in countering and
combatting unsolicited electronic messaging, CWG-Internet will have a better
understanding of the current status of the debate between and within the multistakeholder
organizations.
ICANN recognizes that unsolicited
electronic messaging continues to be a problem for many in the Internet
ecosystem, be they governments, enterprises, non-commercial entities, or
individual Internet users. Yet the fight against unsolicited electronic
messaging has produced some notable successes. Overall, many in the ICANN
community have recognized significant gains against unsolicited electronic
messaging. Although this is not an issue within ICANN's technical mission, it
is an important one for many stakeholders who participate at ICANN. ICANN
recognizes the need to focus resources on the issue, especially to protect more
vulnerable users. A variety of initiatives and resources stand ready to assist
in this regard.
The June 2013 Quarterly Threat
Report from McAfee found the first increase in global spam volume in more than
three years (driven largely by popular fake stock market scams, a surge in
growth hormone offers, and an escalation of unsolicited electronic messaging
campaigns in emerging markets).[2] However, overall trends show a marked
decrease in unsolicited electronic messaging over the past several years.
According to ITU's own report published following the ITU Workshop on
Countering and Combating Spam:
"Takedowns of major botnets
have proven to be effective in reducing spam; those actions were made possible
thanks to cooperation between industry and government law enforcement agencies.
In particular, the tide was turned in 2010 and the volume of spam has been
dramatically reduced since then."
Further reinforcing such
perspective, to a 2013 report by Trustwave that spam levels shrank in 2012 to a
level lower than it was in 2007.[3] The report's findings are based on an index
called Spam Volume Index (SVI), which tracks changes in the weekly volume of
spam received by a representative bundle of domains.
ICANN Role and Perspective
ICANN facilitates the security,
stability and resiliency of the Internet's unique identifier systems through
coordination and collaboration. Anti-spam and messaging abuse involving the
content of an email message, ftp file, or web page generally fall outside of
ICANN's policy-making scope and technical remit in the Internet's naming,
numbering and addressing system.
ICANN does, however, recognize the
importance of this issue and thus the significant role of a variety of other
stakeholders, initiatives, and resources that stand at the ready. We encourage
members of CWG-Internet to consider these existing initiatives and resources
when identifying tools to effectively counter and combat spam.
Two agreements adopted this year
provide new tools for the community to reduce abusive behavior leveraging
Internet naming and addressing. Section 3.18 of the 2013 Registrar
Accreditation Agreement obligates ICANN accredited registrars to maintain
accurate information and publish an abuse contact "to receive reports of
illegal activity by law enforcement, consumer protection, quasi-governmental or
similar authorities designated from time to time by the national or territorial
government of the jurisdiction in which the registrar is established or
maintains a physical office. Well-founded reports of illegal activity submitted
to these contacts must be reviewed within 24 hours by an individual who is
empowered by the registrar to take necessary and appropriate actions in
response to the report."
The 2013 generic Registry Agreement
also requires new generic top-level domain (TLD) registry operators to maintain
an abuse contact for handling inquires related to malicious conduct in a TLD.
As new registry operators begin offering services to Internet users in the near
future, ICANN believes these tools will provide an effective means to report
and mitigate abusive behavior, including unsolicited electronic messages that may
be sent utilizing Internet names and addresses.
Available Initiatives and Resources
to Counter Unsolicited Electronic Messaging
The following offers a
non-exhaustive but demonstrative list of the types of activities, initiative,
and resources available to policymakers.
1. Inter-governmental initiatives
and resources:
- London Action Plan [4]
- European Contact Network of Spam Enforcement
Authorities [5]
- OECD Anti-Spam Toolkit [6]
2. National government initiatives
and resources:
- Government of Australia Anti-Spam [7]
- Government of Mauritius Anti-Spam [8]
- Government of Saudi Arabia Anti-Spam [9]
- Internet Society China Anti Spam Center [10]
- ITU Survey of Anti Spam Legislation Worldwide [11]
- Hong Kong Unsolicited Electronic Messages Ordinance
(2007, http://www.ofca.gov.hk/en/consumer_focus/uemo/index.html)
- New Zealand Unsolicited Electronic Messages Act of
2007, http://www.legislation.govt.nz/act/public/2007/0007/latest/DLM405134.html)
3. Numbering Authority initiatives
and resources:
- NIC.br Anti-spam [12]
- RIPE Anti-abuse Working Group [13]
4. Industry initiatives and
resources:
- M3AAWG [14]
- ETIS Anti-Spam Task Force [15]
- Project Honeypot [16]
- Spamhaus [17]
- SpamCop [18]
5. Volunteer/Civil Society
initiatives and resources:
- Internet Society Combating Spam Project[19]
- Coalition Against Unsolicited Commercial Email (CAUCE)
[20]
- IRTF Anti-spam Research Group [21]
- SpamAssassin [22]
6. Media resources
- AllSpammedUp [23]
******
ICANN (www.icann.org) is an
international, non-profit entity, responsible for managing the technical coordination
of the Internet's unique identifiers: the domain name system and IP addresses.
ICANN operates in a bottom-up, consensus-based, multi-stakeholder approach
towards its mission.
Footnotes
[1] We recommend use of
"unsolicited electronic messaging" in place of the term 'spam' (see http://www.rfc-editor.org/rfc/rfc2635.txt,
http://www.ripe.net/ripe/docs/ripe-409, ICC Policy Statement on Spam and
Unsolicited Commercial Electronic Messages, http://intgovforum.org/Substantive_1st_IGF/spam.pdf)
Future references to spam may more accurately capture the nature of the problem
utilizing this terminology.
[2] http://www.mcafee.com/us/about/news/2013/q2/20130603-01.aspx
[3] Trustwave Global Security Report
2013
[4] http://londonactionplan.org/
[5] http://europa.eu/rapid/press-release_IP-05-146_en.htm?locale=en
[6] http://www.oecd.org/sti/ieconomy/36494147.pdf
[7] http://www.acma.gov.au/Industry/Marketers/Anti-Spam
[8] http://www.gov.mu/portal/sites/spamweb/try/index.htm
[9] http://www.spam.gov.sa/eng_docs2.htm
[10] http://www.12321.org.cn/
[11] http://www.itu.int/osg/spu/spam/legislation/Background_Paper_ITU_Bueti_Survey.pdf
[12] http://www.antispam.br/
[13] http://www.ripe.net/ripe/groups/wg/anti-abuse
[14] http://www.maawg.org/
[15] http://www.etis.org/groups/anti-spam-task-force
[16] https://www.projecthoneypot.org/index.php
[17] http://www.spamhaus.org/
[18] http://www.spamcop.net/
[19] http://www.internetsociety.org/what-we-do/policy/combating-spam-project
[20] http://www.cauce.org/
[21] http://asrg.sp.am/
[22]
http://spamassassin.apache.org/index.html
[23] http://www.allspammedup.com/
|
