Educational Videos
See also
the Antispam.br
Educational Videos available in English.
The four stories -- Navigating is necessary, The
Invaders, Spam and Defense -- explain in a fun way what
you can do in the Internet, what are the risks associated
with malware, what is spam, and how to improve security
online.
Summary
Internet Governance Context
Fighting spam has been a topic debated on Internet Governance related
forums in the past 15 years. The reasons for this topic being present
on discussions for so long are as diverse as the ways we can research
the topic. The efforts to stop spam can be approached from
technological, legal, political and social aspects.
In Brazil the strategies to fight spam are the result of a
coordination effort by the Brazilian Internet
Steering Committee (CGI.br) Anti-Spam Task Force (CT-Spam). This
effort involved bringing into the discussion of possible solutions
dozens of Telecommunications Companies, thousands of Internet Service
Providers, Consumer Protection organizations, representatives from the
Civil Society and the Academia, as well as the technical staff of
NIC.br/CGI.br.
The success of this initiative points to the fact that a
multi-stakeholder collaboration is the best strategy to effectively
implement security policies, deal with cybersecurity related issues
and establish trust on the Internet.
A Brief History
The CT-Spam was created in 2005, as one of the CGI.br initiatives,
with the objective to deal with the obvious problems that spam was
causing to the Internet in Brazil and abroad. This effort was
proposed and Coordinated by the CGI.br Board Member Henrique
Faulhaber.
Since its inception the CT-Spam is working with actors from different
sectors to raise awareness about their roles and the importance of
implementing anti-spam policies and technologies. At the same time it
was working to provide awareness and education to end users about
safety and security on the Internet.
Different Approaches to Different Problems
After several studies
conducted by CERT.br it was clear
that the major spam problem in Brazil was the abuse of the country's
broadband infrastructure by international spammers, usually abusing
open proxies or through botnets, both in end user infected computers.
The impacts of inaction were already being noticed by consumers and
access providers, specially:
- the inclusion of whole broadband providers' IP ranges in
blacklists -- and in some cases the blacklisting of the whole
country;
- raise in operational costs, invariably transfered to consumers;
- instability of the broadband connectivity, as the spammers were
using all the available upload bandwidth;
- international effects, as the spams were both originated and
destined to other countries.
Nevertheless, there were also other issues to be dealt with, specially:
- educating the end users on how to identify spams, specially those
related to malware and phishing;
- raising awareness of the e-mail marketing sector about the
importance of best practices, data protection and privacy issues
related to e-mail marketing;
- studying a legal framework for Brazil.
As the result of the multi-stakeholder discussions the CT-Spam worked
to implement different policies and technologies for the different
aspects of the spam problem. Among these activities the main areas of
work were:
Antispam.br Website
A Web Portal was created with information for end users, e-mail and
connectivity providers. For end users the information is focused on
explaining what is spam, the risks of malware and fraud and how to
avoid these risks. This information is presented also in four videos.
For the e-mail and connectivity providers the focus is on several
anti-spam techniques, including DKIM, SPF, Greylisting and Port 25
Management.
Port 25 Management
To prevent broadband infected computers to perform direct delivery of
spam our studies showed that the most effective countermeasure would
be to implement Port 25 Management. This is the term used to refer to
the policies and technologies implemented in residential or dynamic IP
address spaces to enforce the separation between message submission
and message transport.
This measure was formally recommended by CGI.br in its Resolution
"CGI.br/RES/2009/02/P".
This recommendation led to two other important documents:
a formal
statement from the Consumer Protection Department of the Ministry
of Justice, analyzing the consequences do consumers and recommending
its adoption; and
the Cooperation
Agreement, signed by CGI.br, Anatel, the Telecommunication
Companies Union and the ISPs Associations, with the details of the
implementation process.
The implementation of this technique alone was responsible for taking
Brazil out of almost all existing lists of "Top Countries" originating
spam.
Anti-Spam Legislation
Anti-Spam Legislation - CT-Spam promoted a legal study of all
international anti-spam laws, as well as all the laws being proposed
in the Brazilian Congress. At the end of this study a new text for a
legislation was proposed, based on the opt-in principle. This text is
the base of the current anti-spam bill being currently considered in
the Congress.
E-mail Marketing Self-Regulation Code
This initiative arose from the perception that more than working on
new legislation, there was a need to establish standards and best
practices to guide e-mail marketing companies. This Code details how
to send e-mail marketing respecting opt-in principles, e-mail
reputation best practices and data privacy and protection related to
e-mail address lists
Resources in English
A Multistakeholder Effort to Reduce Spam --
The Case of Brazil
Slides presented at the Combating Spam Workshop, WSIS+10 High Level
Event, Geneva, CH, June 2014
http://www.cert.br/docs/palestras/certbr-wsis10-2014.pdf
Port 25 Management in Brazil: A
Multistakeholder Effort to Reduce Direct Delivery from End User
Networks
Slides presented at the 8th Internet Governance Forum Meeting, Bali,
ID, October 2013
http://www.cert.br/docs/palestras/certbr-cgibr-igf2013.pdf
Port 25 Management in Brazil: A
Multistakeholder Effort to Reduce Direct Delivery from End User
Networks
Slides presented at the Joint CITEL, ITU and the Internet Society
Workshop on Combating Spam, Mendoza, AR, October 2013
http://www.cert.br/docs/palestras/certbr-citel-itu-isoc2013.pdf
Port 25 Management in Brazil or how Brazil left
the CBL Top 10
Slides presented at the 2013 Annual Meeting of CSIRTs with National
Responsibility, Bangkok, TH, June 2013
http://www.cert.br/docs/palestras/certbr-nationalcsirts2013.pdf
Port 25 Management in Brazil: Overview and
Results
Slides presented at the 4th Latin American and Caribbean Meeting of
CSIRTs, Medelln, CO, May 2013
http://www.cert.br/docs/palestras/certbr-lac-csirts-medellin2013-1.pdf
CGI.BR: Brazil no longer in the list of top
10 countries that send the most spam in the world
PR Newswire, April 2013
http://www.nic.br/imprensa/clipping/2013/midia182.htm
|