1、 International Telecommunication Union ITU-T X.1231TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security Technical strategies for countering spam Recommendation ITU-T X.1231 ITU-T X-SERIES RECOMMENDATIONS
2、 DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION Model
3、and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conformance tes
4、ting X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service X.640X
5、.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.720X.729 Management functions and
6、 ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELECOMMUNICATION SECURITY X.1000 For further
7、 details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1231 (04/2008) i Recommendation ITU-T X.1231 Technical strategies for countering spam Summary Recommendation ITU-T X.1231 emphasizes technical strategies for countering spam and also includes general characteristics of spam an
8、d main objectives for countering spam. Furthermore, recognizing that there is no single solution to resolve the spam problem, this Recommendation also provides a checklist to evaluate promising tools for countering spam. Source Recommendation ITU-T X.1231 was approved on 18 April 2008 by ITU-T Study
9、 Group 17 (2005-2008) under the WTSA Resolution 1 procedure. Keywords Countering spam, spam, technical strategies. ii Rec. ITU-T X.1231 (04/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and comm
10、unication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. T
11、he World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution
12、 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a
13、 recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. T
14、he words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibilit
15、y that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recomm
16、endation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information
17、and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1231 (04/2008) iii CONTENTS Page 1 Scop
18、e 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation. 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 General aspects . 3 7 Generic objectives 5 8 Technical strategies 5 8.1 Equipment strategies 6 8.2 Network strategies 7 8.3 Service strategie
19、s 8 8.4 Filtering strategies 9 8.5 Feedback strategies. 10 9 System evaluation. 11 Bibliography. 12 iv Rec. ITU-T X.1231 (04/2008) Introduction Along with the development of the information industry, spam is becoming a widespread problem causing benefit loss to telecommunication operators, service p
20、roviders and business users, as well as bad influences on common users in general. Spam has grown from a mere nuisance into a global plague. Therefore, it is necessary to find effective and efficient ways to counter spam. There are a lot of aspects for countering spam: legislation, training, interna
21、tional cooperation and so on. This Recommendation mainly focuses on technical means. Rec. ITU-T X.1231 (04/2008) 1 Recommendation ITU-T X.1231 Technical strategies for countering spam 1 Scope This Recommendation emphasizes technical strategies for countering spam and also includes general characteri
22、stics of spam and main objectives for countering spam. Furthermore, recognizing that there is no single solution to resolve the spam problem, this Recommendation also provides a checklist to evaluate promising tools for countering spam. This Recommendation describes technical strategies in general a
23、nd does not identify technical strategies for any specific types of spam. In addition, this Recommendation gives a hierarchical model of general categories that can be targeted to establish an efficient and effective infrastructure for countering spam. The model includes the following parts: equipme
24、nt strategies; network strategies; service strategies; filtering strategies; feedback strategies. In practice, this Recommendation provides technical strategies for countering various types of spam that an administration considers to be inappropriate, in alignment with national laws and policies. 2
25、References None. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 authentication b-ITU-T X.811: The provision of assurance of the claimed identity of an entity. 3.1.2 IP phone b-ITU-T Q-Sup.49: IP phone refers to a terminal (e.g., dedica
26、ted voice terminal or multipurpose personal computer) that is connected directly (e.g., through an Ethernet interface or an xDSL line) to an IP network. 3.1.3 short message entity (SME) b-ITU-T Q.1742.3: Entity that composes and decomposes short messages. A SME may or may not be located within, and
27、be indistinguishable from, an HLR, MC, VLR, MS, or MSC. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 instant messaging (IM): Instant messaging refers to the transfer of messages between users in near real-time. These messages are usually, but not re
28、quired to be, short. IM is often used in a conversational mode, that is, the transfer of messages back and forth is fast enough for participants to maintain an interactive conversation. 2 Rec. ITU-T X.1231 (04/2008) 3.2.2 IP multimedia spam: IP multimedia spam refers to unsolicited messages or calls
29、 over real-time IP multimedia applications. Different from traditional e-mail spam, IP multimedia spam denotes spam on newly emerging communication methods over IP, such as instant messaging, presence service, voice over IP (VoIP) and so on. Spam over internet telephony (SPIT), voice spam or VoIP sp
30、am (VAM) and spam over instant messaging (SPIM) are current names for specific IP multimedia spam. 3.2.3 modality: Modality refers to information encoding, containing information perceptible for human beings. Examples: modality information includes text, graphics, audio, video or haptical data used
31、in a human-computer interface. The multimodal information can originate from or be targeted to multimodal devices such as a microphone for voice/sound input, pen for haptical input, keyboard for textual input, mouse for motion input, speaker for synthesized voice output, screen for graphic/text outp
32、ut, vibrating device for haptical feedback, or a Braille-writing device for people with visual disabilities. 3.2.4 multimodal message: Multimodal message refers to a kind of multimedia message containing different encoded information for interaction via multiple modalities. 3.2.5 multimedia messagin
33、g service (MMS): Multimedia messaging service refers to a kind of messaging service after short message service which can transfer various multimedia messages including text, graphics, audio, video and so on through mobile network, wireless network or fixed network. 3.2.6 short message service (SMS)
34、: Short message service refers to a kind of message service, which allows mobile phones, telephones and other short message entities to transfer and receive text messages through a device-named service centre implementing functions such as saving and delivering. 3.2.7 spammer: Spammer refers to the
35、entity or the person creating and sending spam. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: DDoS Distributed Denial of Service DoS Denial of Service E-mail Electronic Mail HLR Home Location Register IM Instant Messaging IP Internet Protocol MC Mess
36、age Centre MMS Multimedia Messaging Service MS Mobile Station MSC Mobile Switching Centre PSTN Public Switched Telephone Network SME Short Message Entity SMS Short Message Service SMTP Simple Mail Transfer Protocol SPIM Spam over Instant Messaging Rec. ITU-T X.1231 (04/2008) 3 SPIT Spam over Interne
37、t Telephony VAM Voice Spam or VoIP Spam VLR Visitor Location Register VoIP Voice over IP 5 Conventions None. 6 General aspects Spam is electronic information delivered from senders to receivers by terminals such as computers, mobile phones, telephones, etc., which is usually unsolicited, unwanted an
38、d harmful for receivers. Spam may be carried in e-mail, mobile messaging service, IP multimedia and other electronic forms. As a matter of fact, the meaning of “spam“ depends on certain perceptions of nations, organizations or individuals. In particular, its meaning is evolving and broadening with t
39、he development of information communication technologies which provide novel opportunities to make spam. Generally, spam has the following common characteristics: Electronic: Spam is electronic information that is usually transmitted in an open telecommunication network, especially the Internet, whi
40、ch is very different from traditional methods of postal mail, paper advertisements or direct marketing. Spam is cheap, convenient and easy to disguise. Unsolicited: Spam usually contains advertisements, fraudulent information, or viruses, etc. Furthermore, spam typically has the following characteri
41、stics entirely or partly: Bulk and repetitive: Message spam and e-mail spam are typically sent in bulk indiscriminately, while real-time communication spam is always initiated repetitively. However, spammers usually do not know anything except the receivers communication address (e.g., e-mail addres
42、ses, receivers phone number). Utilization of addresses without the owners consent: Spammers often utilize communication addresses collected without the owners explicit consent to send spam. Actually, some software programs can gather communication addresses from the web or create communication addre
43、sses automatically. Hidden or false message origins: Spam is often sent in a manner that disguises the originator by using a false message header or simply hides the originator. Spammers typically use unauthorized servers of third parties which do not validate the originator information. Difficulty
44、to block: It is very difficult to detect spam because of the large volume of messages. Attempts to block spam may be difficult and, at times, will result in false positives or false negatives. The strategies should be technology-neutral, yet worthwhile to evaluate a number of factors: which particul
45、ar communication media is misused or causes problems within the jurisdiction, which communication media has a strong potential to be misused in the future, and which is unlikely to be misused. The common options are: E-mail Currently, e-mail spam is the most significant threat among various types of
46、 spam due to vulnerabilities of e-mail protocol and insecurities of basic infrastructure, i.e., Internet, by which e-mails are transmitted. Simple mail transfer protocol (SMTP) is the most popular protocol to relay e-mails. SMTP defines an envelope and a header for an e-mail. The envelope contains t
47、he address of the receiver and cannot be seen by the receiver. It is used as the destination address to transfer 4 Rec. ITU-T X.1231 (04/2008) messages from the sender to the receiver. Normally, during transmission, the destination address in the envelope is copied to the e-mail header that the rece
48、iver can see. Spammers exploit two types of vulnerability in the SMTP authentication process: No authentication required, therefore users can hide or forge their addresses. Most records can be forged in the envelope and the header of e-mails. In addition, the cost to send e-mail spam is very small w
49、hile its negative influences are always very large. Mobile messaging service The remarkable advantages of mobile communications are convenience, efficiency, low price and easy usage. But nowadays, users are facing mobile messaging spam while enjoying the benefits of mobile communication. Mobile messaging spam is a term typically used for unsolicited messages sent via SMS or MMS. Currently, the main types of short message spam are as follows: service-subscription deceit; advertisement information; illegal cheat; pornographi
