[ ] 2011.03.08 Internet Ini(a(ve Japan Inc. (IIJ) Shuji SAKURABA ( ) 1
Agenda JEAG 2
- I IIJ 2008.06.02 2011.01.02 (135 ) See Also: Internet Infrastructure Review McColo 3
- II 2010.09.27 2011.01.02 (14 ) See Also: Internet Infrastructure Review 4
- III 2008.08.11 2010.06.06 (95 ) See Also: Internet Infrastructure Review 5
- IV ( ) (OP25B : ) Botnet (malware: malicious software) PC Bot Bot (Botnet) Botnet CAPTCHA ISP ( spyware ) Reputation Hijacking (socks, http, proxy, etc) DDoS ( ) IRC CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart 6
- V Web (phishing) URL (scareware) ( ) ( ) malware botnet (bot ), etc ( ) (?) 7
- VI 2007 1 : 128 PC 9,000 / 1 2,000 / 2011 1 UNIVERSAL FREAKS : 5 ( ) 500 5 /1 Less Risk Less Violence Less Jail Time More Profit (msn ) 8
- I ( ) ( ) (false positive) (false negative) ( ) 9
- II DNS IP Black List (DNSBL) ( ) ( ) ( ) IP IPv6 IPv4: 2 32 = 42 IPv6: 2 128 (= 340 ) (cf. ( 秭 ) ) DNS ( ) ( )? 10
- III IP (IPv6?) (greylisting) ( ) (Fallback MTA) ( ) (OP25B, ) : h@p://www.soumu.go.jp/main_sosiki/joho_tsusin/d_syohi/jigyosha.html 11
- IV 12
( ) ( ) DNS SPF (Sender Policy Framework) / SIDF (Sender ID Framework) DKIM (DomainKeys Identified Mail) 13
I (jp) WIDE JPRS 2011 1 jp SPF 40.98% co.jp 48.04% : " http://member.wide.ad.jp/wg/antispam/stats/index.html.ja" 14
II Lars Eggert @ Nokia (https://fit.nokia.com/lars/) alexa.com web site 15
III : 2010.09.27 2011.01.02 49.8% SPF See Also: Internet Infrastructure Review 16
IV 7 : 2009.08 2010.12 85.1% SPF (2010.12) See Also: h6p://www.soumu.go.jp/main_sosiki/joho_tsusin/d_syohi/m_mail.html#toukei 17
I ( ) ( ) ( ) (RFC5451) MUA (Mail User Agent) ISP ( ) ARF (RFC5965) FBL (Feedback Loop) 18
II MUA (RFC5451, Message Header Field for IndicaJng Message AuthenJcaJon Status)!! MUA (Mail User Agent) Apple Mail 19
III FBL (Feedback Loop) FBL Webmail (opt-out), etc DKIM (DKIM- Singnature) ARF (Abuse Reporting Format) An Extensible Format for Email Feedback Reports (draft-ietf-marf-base-06) 20
IV Backscatter Black List ( fail or sopfail ) DHA (Dictionary Harvesting Attack) 21
SPF ( ) DKIM (reputation) ( ) ( ) (SMTP-AUTH) (SPF/Sender ID) DNS RR (Resource Record) (TTL ) DKIM ADSP (Author Domain Signing Practices) PRA (Resent-* ) ( ) DNS SPF/Sender ID: include SPF DKIM: _domainkey 22
JEAG JEAG (Japan Email Anti-Abuse Group) MAAWG (2004.1.19) 2004 6 (2005.3.15) ISPs, 30 : ( ) MAAWG (Messaging Anti-Abuse Working Group) APCAUCE (Asia Pacific Coalition Against Unsolicited Commercial Email) Email Security Expo & Conference ( ( ) ) ( ( ) ) : JEAG Recommendation (2006.02.23 ) OP25B (Outbound Port 25 Blocking) 23
JEAG (cont.) OP25B (Outbound Port 25 Blocking) IP ( port 25 ) ISP ( ) (port 587) (SMTP-AUTH) IP ACL (Access Control List) 24
JEAG (cont.) OP25B ISP ex. C A B D ISP OP25B source: monitoring by JADAC 25
JEAG (cont.) ISP (2005 2009) source: JADAC survey JEAG RecommendaJon OP25B OP25B JEAG RecommendaJon 26
JEAG (cont.) spam source: news release by Sophos Plc. 2005 2006 2007 2008 27
MAAWG 190 IT Working Group 3 General Meeting mailing list 2010.06.08-10: 19 th MAAWG General Meeting @ Barcelona, Spain 2010.10.04-06: 20 th MAAWG General Meeting @ Washington DC, USA Technical Committee Public Policy Committee Anti-Phishing SIG Botnet/Zombie Subcommittee ISPCC (Closed Coloquium), etc LAP (London Action Plan) 2009.10.07-09: 5 th Joint-LAP/CNSA Workshop @ Lisbon, Portugal Seoul-Melbourne MoU Meeting ASEAN ITU, OECD, etc (, ISC: Internet Society of China) (KISA) (CGI.br / cert.br) 2010.05.07: Brazil-Japan Anti-Spam Workshop 28
( ) ( ) WG JEAG (Japan Email Anti-Abuse Group) Recommendation MAAWG (Messaging Anti-Abuse Working Group) IETF 29
IIJ TEL 03-5205-4466 9 30 17 30 / / info@iij.ad.jp http://www.iij.ad.jp/ 30