Canadian Anti-Spam Task Force report

Yesterday Industry Canada’s Anti-Spam Task Force delivered its report. Included therein was a group of industry best practices assembled by the Working Group on Network Technology sub-group which I was priviledged to take part in.

This analysis is posted on CircleId while Michael Giest, who was on the Task Force and chaired the Legal Issues Working Group, discusses next steps at his webpage.

In a nutshell, the ISP Best Practices are as follows:

1. All Canadian registrants and hosts of domain names should publish Sender Policy Framework (SPF) information in their respective domain name server zone files as soon as possible.
[Follow this link if you are interested in implementing SPF on your domains at easyDNS]

2. ISPs and other network operators should limit, by default, the use of port 25 by end-users. If necessary, the ability to send or receive mail over port 25 should be restricted to hosts on the provider’s network. Use of port 25 by end-users should be permitted on an as-needed basis, or as set out in the provider’s end-user agreement / terms of service.

3. ISPs and other network operators should block email file attachments with specific extensions known to carry infections, or should filter email file attachments based on content properties.

4. ISPs and other network operators should actively monitor the volume of inbound and outbound email traffic to determine unusual network activity and the source of such activity, and should respond appropriately.

5. ISPs and other network operators should establish and consistently maintain effective and timely processes to allow compromised network elements to be managed and eliminated as sources of spam.

6. ISPs and other network operators should establish appropriate intercompany processes for reacting to other network operators’ incident reports.

7. ISPs, other network operators and enterprise email providers should communicate their security policies and procedures to their subscribers.

8. ISPs and other network operators should implement email validation on all their Simple Mail Transfer Protocol (SMTP) servers (inbound, outbound and relay).

9. Non-delivery notices (NDNs) should only be sent for legitimate emails.

10. ISPs and other network operators should ensure that all domain names, Domain Name System (DNS) records and applicable Internet protocol
(IP) address registration records (e.g. WHOIS, Shared WHOIS Project [SWIP] or referral WHOIS [RWHOIS]) are responsibly maintained with correct, complete and current information. This information should include points of contact for roles responsible for resolving abuse issues including, but not limited to, postal address, phone number and email address.

11. ISPs and other network operators should ensure that all their publicly routable and Internet-visible IP addresses have appropriate and up-to-date forward and reverse DNS records and WHOIS and SWIP entries. All local area network (LAN) operators should be compliant with Request for Comments (RFCs) 1918 ?”Address Allocation for Private Internets.” In particular, LANs should not use IP space globally registered to someone else, or IP space not registered to anyone, as private IP space.

12. ISPs and other network operators should prohibit the sending of email that contains deceptive or forged headers. Header-tracing information should be correct and compliant with relevant RFCs, including RFC 822 and RFC 2822, and reference domains and IP addresses should have up-to-date, accurate registration information.

I’ll follow up in a later post on my personal thoughts on these recommendations but I will mention here that I’m very happy to see #9. The amount of backscatter clogging up the net from broken spam and virus blockers is just compounding the problem and helping absolutely nobody.