SAN FRANCISCO, June 25, 2008 – Network operators and ISPs from around the world have cooperated on two new best practice papers addressing technical issues that will help block botnet-induced spam and improve the deliverability of consumers’ personal emails. The recommendations for sharing IP address space and for email forwarding were approved at a Messaging Anti-Abuse Working Group (MAAWG) meeting in Heidelberg, Germany last week and are available today.
“MAAWG Methods for Sharing Dynamic IP Address Space Information with Others” resolves a concern heightened by the proliferation of botnets, which often use dynamic addresses to send spam. The paper describes four approaches to make these addresses more easily obtainable by mailbox providers and includes a discussion of the advantages and disadvantages of each.
The methods in the paper “MAAWG Recommendations: Email Forwarding Best Practices” will help ISPs distinguish legitimate consumers using a forwarding service from spammers. It outlines practices to improve cooperation between volume forwarders and network operators to avoid unintentionally blocking valid accounts because of abusive incoming mail.
Help Distinguish Legitimate from Potentially Criminal
The address sharing recommendations were developed to assist mailbox providers that do not accept email sent from dynamic IP addresses. While most consumers connect to the Web through modems using a dynamic address, their email is usually funneled through their ISP’s mail server, which has a static (non-changing) IP address. But when a bot invades a consumer’s computer, it often bypasses the ISP’s mail server so that the resulting spam comes directly from the user’s dynamic address. Identifying the ranges of network addresses that each ISP has assigned as dynamic addresses so that mailbox providers can identify and cut off botnet-induced spam, has been a complex and difficult process.
“There have been industry discussions about sharing dynamic IP addresses for years, and even some proposals, but this paper represents the first time a sizeable group of ISPs have come together to agree on how to do it. The recommendations are another necessary step toward helping mailbox providers eliminate spam originating from botnets before it hits users’ inboxes,” said J.D. Falk, MAAWG Board member and Return Path director of product management.
The forwarding best practices also provide technical recommendations to improve communications between sending and receiving entities. Many mailbox providers and institutions offer consumers either a permanent email address or a short-lived, temporary address set up so that messages are forwarded to consumers’ underlying ISP account. Over time, these addresses may receive and forward a significant volume of junk mail, causing the user’s ISP to conclude that the forwarding service is a spam source and block all incoming mail from that service. The MAAWG paper outlines steps forwarders can implement to improve deliverability and speed problem resolutions, such as separating sending and forwarding server functions. Practices for receivers include posting policies on the Web and recognizing IP space designated for forwarding.
Jordan Rosenwald, co-editor of the forwarding paper and Comcast manager of anti-abuse technologies, said, “Any address will attract some spam and incoming traffic from a forwarded account that has been in use for years can look like a deluge of spam, causing an ISP to block it. Spammers also are developing new ways to use forwarded email to their advantage, so the steps outlined in this paper will provide savings for both forwarders and receivers, but more importantly, can help protect consumers from being unnecessarily and unintentionally blocked.”
Both papers are available at no cost from the MAAWG Web site, www.MAAWG.org. They were finalized at the MAAWG 13th General Meeting, which was attended by over 230 abuse and privacy professionals from ISPs, email providers and vendors representing 18 countries. The trade association’s final meeting for 2008 will be Sept. 22-24 in Fort Lauderdale, Fl., and will include working sessions and expert speakers on a variety of topics including botnets and increasing worldwide anti-abuse cooperation.