Spam and spam prevention tutorial

5 September 2006


Unsolicited commercial email (UCE), also known as 'spam', is currently the most frequent Internet user complaint, and is a potential threat to the effectiveness of email as a form of communication.

This tutorial will discuss the concept of spam and present a number of technologies and measures to defend against spam. Participants will also look at ways to cut down on spam using filters, blacklists, and other anti-spam techniques, and discuss how to set up email policies to combat spam.

The tutorial will also look at a comparative study of spam laws in the Asia Pacific region.

Intended audience

This course is aimed at email administrators, ISPs, end users, and anyone with an interest in combating spam.

Morning: Sessions 1 & 2 (180min)

Speaker: Champika Wijayatunga

Presentation [ppt]

This session will examine the nature and characteristics of spam and discuss current best practice for spam prevention. The problems created by spam and their solutions will be presented. Concepts such email address harvesting, address validation and spam identification will be covered, in addition to various anti-spam measures such as mailbox filtering, DNS black and white lists, bulk counting, and spam assassination. The session will also refer to anti-spam programs, appliances and services. The legal aspects of spam as well as multi-party collaborative approaches to spam prevention will be examined, and processes for handling, investigating and responding to spam will be covered.

A case study using the APNIC model for spam prevention will be presented.

Afternoon: Session 3 (90min)

Speaker: Kazu Yamamoto

Presentation [pdf]

This session covers anti-spam technologies to be deployed in the near future. The following issues will be discussed in detail:

To prevent spam messages from bots, outbound port 25 blocking (OP25) is necessary. It is important for legitimate users to migrate from SMTP port 25 port to Message Submission port 587. Or as an alternative port, SMTP over SSL can also be used in submission.

To verify validity of e-mail addresses, we need to deploy user authentication (SMTP AUTH) and domain authentication technologies including SPF and DKIM.

Afternoon: Session 4 (90min)

Speakers: Kazu Yamamoto and James Lick

Presentation [pdf]

After the Japan Email Anti-abuse Group (JEAG) published three recommendations on anti-spam technologies, Japan has made progress in combating spam.

This session describes the current deployment status of the new technologies in Japan and also discusses the related legal issues.

A report on current spam prevention activities in Taiwan will be presented.