Educational Videos

See also the Antispam.br Educational Videos available in English.
The four stories -- Navigating is necessary, The Invaders, Spam and Defense -- explain in a fun way what you can do in the Internet, what are the risks associated with malware, what is spam, and how to improve security online.

Summary

• Internet Governance Context
• A Brief History
• Different Approaches to Different Problems
  • Antispam.br website
  • Port 25 Management
  • Anti-Spam Legislation
  • E-mail Marketing Self-Regulation Code
• Resources in English

Internet Governance Context

Fighting spam has been a topic debated on Internet Governance related forums in the past 15 years. The reasons for this topic being present on discussions for so long are as diverse as the ways we can research the topic. The efforts to stop spam can be approached from technological, legal, political and social aspects.

In Brazil the strategies to fight spam are the result of a coordination effort by the Brazilian Internet Steering Committee (CGI.br) Anti-Spam Task Force (CT-Spam). This effort involved bringing into the discussion of possible solutions dozens of Telecommunications Companies, thousands of Internet Service Providers, Consumer Protection organizations, representatives from the Civil Society and the Academia, as well as the technical staff of NIC.br/CGI.br.

The success of this initiative points to the fact that a multi-stakeholder collaboration is the best strategy to effectively implement security policies, deal with cybersecurity related issues and establish trust on the Internet.

A Brief History

The CT-Spam was created in 2005, as one of the CGI.br initiatives, with the objective to deal with the obvious problems that spam was causing to the Internet in Brazil and abroad. This effort was proposed and Coordinated by the CGI.br Board Member Henrique Faulhaber.

Since its inception the CT-Spam is working with actors from different sectors to raise awareness about their roles and the importance of implementing anti-spam policies and technologies. At the same time it was working to provide awareness and education to end users about safety and security on the Internet.

Different Approaches to Different Problems

After several studies conducted by CERT.br it was clear that the major spam problem in Brazil was the abuse of the country's broadband infrastructure by international spammers, usually abusing open proxies or through botnets, both in end user infected computers.

The impacts of inaction were already being noticed by consumers and access providers, specially:

• the inclusion of whole broadband providers' IP ranges in blacklists -- and in some cases the blacklisting of the whole country;
• raise in operational costs, invariably transfered to consumers;
• instability of the broadband connectivity, as the spammers were using all the available upload bandwidth;
• international effects, as the spams were both originated and destined to other countries.

Nevertheless, there were also other issues to be dealt with, specially:

• educating the end users on how to identify spams, specially those related to malware and phishing;
• raising awareness of the e-mail marketing sector about the importance of best practices, data protection and privacy issues related to e-mail marketing;
• studying a legal framework for Brazil.

As the result of the multi-stakeholder discussions the CT-Spam worked to implement different policies and technologies for the different aspects of the spam problem. Among these activities the main areas of work were:

Antispam.br Website

A Web Portal was created with information for end users, e-mail and connectivity providers. For end users the information is focused on explaining what is spam, the risks of malware and fraud and how to avoid these risks. This information is presented also in four videos. For the e-mail and connectivity providers the focus is on several anti-spam techniques, including DKIM, SPF, Greylisting and Port 25 Management.

Port 25 Management

To prevent broadband infected computers to perform direct delivery of spam our studies showed that the most effective countermeasure would be to implement Port 25 Management. This is the term used to refer to the policies and technologies implemented in residential or dynamic IP address spaces to enforce the separation between message submission and message transport.

This measure was formally recommended by CGI.br in its Resolution "CGI.br/RES/2009/02/P". This recommendation led to two other important documents: a formal statement from the Consumer Protection Department of the Ministry of Justice, analyzing the consequences do consumers and recommending its adoption; and the Cooperation Agreement, signed by CGI.br, Anatel, the Telecommunication Companies Union and the ISPs Associations, with the details of the implementation process.

The implementation of this technique alone was responsible for taking Brazil out of almost all existing lists of "Top Countries" originating spam.

Anti-Spam Legislation

Anti-Spam Legislation - CT-Spam promoted a legal study of all international anti-spam laws, as well as all the laws being proposed in the Brazilian Congress. At the end of this study a new text for a legislation was proposed, based on the opt-in principle. This text is the base of the current anti-spam bill being currently considered in the Congress.

E-mail Marketing Self-Regulation Code

This initiative arose from the perception that more than working on new legislation, there was a need to establish standards and best practices to guide e-mail marketing companies. This Code details how to send e-mail marketing respecting opt-in principles, e-mail reputation best practices and data privacy and protection related to e-mail address lists

Resources in English

A Multistakeholder Effort to Reduce Spam -- The Case of Brazil
Slides presented at the Combating Spam Workshop, WSIS+10 High Level Event, Geneva, CH, June 2014
http://www.cert.br/docs/palestras/certbr-wsis10-2014.pdf

Port 25 Management in Brazil: A Multistakeholder Effort to Reduce Direct Delivery from End User Networks
Slides presented at the 8th Internet Governance Forum Meeting, Bali, ID, October 2013
http://www.cert.br/docs/palestras/certbr-cgibr-igf2013.pdf

Port 25 Management in Brazil: A Multistakeholder Effort to Reduce Direct Delivery from End User Networks
Slides presented at the Joint CITEL, ITU and the Internet Society Workshop on Combating Spam, Mendoza, AR, October 2013
http://www.cert.br/docs/palestras/certbr-citel-itu-isoc2013.pdf

Port 25 Management in Brazil or how Brazil left the CBL Top 10
Slides presented at the 2013 Annual Meeting of CSIRTs with National Responsibility, Bangkok, TH, June 2013
http://www.cert.br/docs/palestras/certbr-nationalcsirts2013.pdf

Port 25 Management in Brazil: Overview and Results
Slides presented at the 4th Latin American and Caribbean Meeting of CSIRTs, Medellín, CO, May 2013
http://www.cert.br/docs/palestras/certbr-lac-csirts-medellin2013-1.pdf

CGI.BR: Brazil no longer in the list of top 10 countries that send the most spam in the world
PR Newswire, April 2013
http://www.nic.br/imprensa/clipping/2013/midia182.htm