1、 International Telecommunication Union ITU-T X.1241TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2008) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security Technical framework for countering email spam Recommendation ITU-T X.1241 ITU-T X-SERIES RECOMMENDA
2、TIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION M
3、odel and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conformanc
4、e testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service X
5、.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.720X.729 Management function
6、s and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELECOMMUNICATION SECURITY X.1000 For fu
7、rther details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1241 (04/2008) i Recommendation ITU-T X.1241 Technical framework for countering email spam Summary Recommendation ITU-T X.1241 provides a technical framework for countering email spam. The framework describes one recommen
8、ded structure of an anti-spam processing domain and defined function of major modules in it. The key point of the framework is that it establishes a mechanism to share information about email spam between different email servers. Systems following the framework would improve efficiency through inter
9、connection. Source Recommendation ITU-T X.1241 was approved on 18 April 2008 by ITU-T Study Group 17 (2005-2008) under the WTSA Resolution 1 procedure. Keywords Anti-spam, email, interconnection, spam, technical framework. ii Rec. ITU-T X.1241 (04/2008) FOREWORD The International Telecommunication U
10、nion (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions
11、 and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on
12、these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the e
13、xpression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applica
14、bility) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the
15、 Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicabil
16、ity of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement
17、this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means w
18、hatsoever, without the prior written permission of ITU. Rec. ITU-T X.1241 (04/2008) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation. 1 4 Abbreviations and acronyms 2 5 Conventions 2 6 General structure of anti-spam pr
19、ocessing domain 2 6.1 General structure 2 6.2 Reference model. 4 7 Functions of the anti-spam processing domain 5 7.1 Functions of the email client 5 7.2 Functions of the email server . 5 7.3 Functions of the anti-spam processing entity . 6 7.4 Functions of the anti-spam processing sub-entity 6 8 Id
20、entification of email spam . 6 8.1 Familiar characteristics of email spam . 6 8.2 Common rules to fight email spam 7 9 Methods of countering email spam 8 9.1 Turning off the open-relay function . 8 9.2 Mastering email-delivery authorization . 8 9.3 Filtering technique 9 9.4 Examination of traceabili
21、ty 9 10 Interconnection between anti-spam processing domains . 10 10.1 Interconnection between top processing entities 10 10.2 Interconnection between processing entity and sub-entity. 11 10.3 Interconnection between processing sub-entity and email server 11 Bibliography. 12 iv Rec. ITU-T X.1241 (04
22、/2008) Introduction With the development of the IP-based telecommunication network, a great number of emails are exchanged between users. At the same time, more and more spam messages are sent to users through the IP-based telecommunication network and cause serious problems. Email spam has become a
23、 plague that degrades the capability of service on the IP-based telecommunication network. Service providers have to spend a lot of money to counteract problems caused by spam. Users have to take a lot of time to delete email spam. Some detection techniques have been proposed to detect and delete em
24、ail spam. However, spammers are highly creative in avoiding detection. For example, spammers can falsify normal email and randomize the content to avoid the detection of spam filters. Therefore, it is urgent to develop an effective technical framework to deal with the global problem of email spam. D
25、ifferent anti-spam solutions may use different techniques for countering email spam; these anti-spam technologies are evolving continuously. It is very difficult to find a changeless description that can cover all details of anti-spam technologies in the long term. Therefore, it is necessary to esta
26、blish an open framework containing these various solutions. The framework should be compatible with all anti-spam technologies, and not be limited to a particular technical detail. Requirements of the framework are as follows: Can systematically estimate whether or not an email is a spam. Can enable
27、 various email service systems to share anti-spam information with each other. Can improve veracity of email service systems anti-spam tools. Ensure that entities within different administrative domains share counter-spam information. Rec. ITU-T X.1241 (04/2008) 1 Recommendation ITU-T X.1241 Technic
28、al framework for countering email spam 1 Scope This Recommendation provides a technical framework for countering email spam. The framework describes one recommended structure of an anti-spam processing domain and defined function of major modules in it. The key point of the framework is that it esta
29、blishes a mechanism to share information about email spam between different email servers. Systems following the framework would improve efficiency through interconnection. 2 References None. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.
30、1.1 header fields b-IETF RFC 2822: Header fields have the same general syntactic structure: A field name, followed by a colon, followed by the field body. 3.1.2 mail objects b-IETF RFC 2821: SMTP transports a mail object. A mail object contains an envelope and content. 3.2 Terms defined in this Reco
31、mmendation This Recommendation defines the following terms: 3.2.1 anti-spam processing domain: It is an independent system, which contains an anti-spam processing entity, anti-spam processing sub-entities, email servers and email clients. 3.2.2 anti-spam processing entity: Anti-spam processing entit
32、y is the core in the anti-spam processing domain. It collects information of email spam from entities at lower levels, and then builds a uniform and integrated rule system. Finally, the rule system should be submitted to all of the entities at lower levels. 3.2.3 anti-spam processing sub-entity: Ant
33、i-spam processing sub-entity is connected to one or more email service providers. It receives email spam information from email servers or anti-spam equipment, and reports information to the high-level entities after analysing it periodically. It also receives updating rules from high-level entities
34、 periodically and distributes these to sub-entities. 3.2.4 compound rule: A compound rule is composed of two or more simple rules. 3.2.5 email: This term is mainly used to indicate the electronic mail transmitted over a telecommunication network. 3.2.6 email spam: This term is used to describe unsol
35、icited electronic communications over email, which is usually sent for specific purposes. 3.2.7 rule: The rule is a set of conditions and basic actions. Rules include many forms, such as behaviours, filters, and so on. 3.2.8 sample email: This term is used to describe an email that is received from
36、email servers according to certain rules. 2 Rec. ITU-T X.1241 (04/2008) 3.2.9 spammer: This term is used to describe the entity or the person creating and sending email spam. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: DNS Domain Name System Email
37、Electronic Mail ESMTP Extended Simple Mail Transfer Protocol FTP File Transfer Protocol HTTP HyperText Transfer Protocol IMAP4 Internet Message Access Protocol version 4 IP Internet Protocol POP3 Post Office Protocol version 3 RBL Real-time Blacklist SASL Simple Authentication and Security Layer SMT
38、P Simple Mail Transfer Protocol URL Uniform Resource Locator 5 Conventions None. 6 General structure of anti-spam processing domain 6.1 General structure This Recommendation describes components of the framework. It includes the anti-spam processing entity, anti-spam processing sub-entities, email s
39、ervers and email clients. These components can communicate with each other by popular message protocols. The characteristics of these components are described in this clause. Rec. ITU-T X.1241 (04/2008) 3 Anti-spamprocessing entityAnti-spamprocessing sub-entityAnti-spamprocessing sub-entityEmail Ser
40、ver Email ServerEmail Client Email ClientNOTE The solid lines represent the path of information that is exchanged between components of the anti-spam processing domain. Figure 1 General structure In Figure 1, the anti-spam processing entity receives reports from anti-spam processing sub-entities and
41、 delivers new rules to them. Anti-spam processing sub-entities must check the validity of the rules that come from the anti-spam processing entity, and refine them. The email client is the entity that customers deal with directly. The email server performs the delivery of emails in the IP-based tele
42、communication network. The email client sends complaints to the anti-spam processing sub-entity. In specific situations, an email client can send complaints directly by the top anti-spam processing entity. 4 Rec. ITU-T X.1241 (04/2008) 6.2 Reference model Figure 2 Reference Model Interface A is betw
43、een the anti-spam processing entity and the sub-entity. Complaint reports and rules on countering spam are transmitted through interface A. The rules can be compound rules such as “the source IP + URL“. Interface A should support FTP and HTTP. Interface B is between the anti-spam processing sub-enti
44、ty and email server. It is used to transmit the complaint reports and the rules. Similarly, the rules can be compound rules such as “the source IP + URL“. Interface B should support FTP and HTTP. In specific situations, the email server can communicate directly with the top anti-spam processing enti
45、ty. Interface C is between the email servers, through which messages are transmitted with SMTP. Interface D is between the email server and the email client. Various protocols can be used to transmit emails, such as POP3, IMAP4. Interface E is between the email client and the anti-spam processing su
46、b-entity. The email client can send complaints to the anti-spam processing sub-entity. In specific situations, the email client can send complaints directly to the top anti-spam processing entity. Web online, phone, email and client software can be used at this interface. Anti-spam processing entity
47、 Anti-spam processing sub-entity Email client Email server E-mail server Countering spam A B C D E Rec. ITU-T X.1241 (04/2008) 5 7 Functions of the anti-spam processing domain 7.1 Functions of the email client The functions of the email client include: In addition to performing the general functions
48、 of email transmission, the email client provides a mechanism to help users send a spam complaint information to the anti-spam processing entity. Email recipients only need judge whether an email is spam according to contents, title or address. For example, if recipients do not want advertisements,
49、electronic publications or propaganda materials they can send the complaint of such emails to the anti-spam processing entity by the mechanism of the email client. The email client can download spam filtering rules automatically from the anti-spam processing entity. The filtering rules are established according to the complaint reports from email clients. They include the size limit of a single email, the number of emails that are sent out in a period of time, keywords in main body of emails, etc. The filtering rules are periodical
