1、 International Telecommunication Union ITU-T X.1243TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (12/2010) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security Countering spam Interactive gateway system for countering spamRecommendation ITU-T X.1243 ITU-T X-SERIES R
2、ECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.
3、700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast
4、 security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering
5、spam X.1230X.1249Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/
6、heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1243 (12/2010) i Recommendat
7、ion ITU-T X.1243 Interactive gateway system for countering spam Summary Recommendation ITU-T X.1243 specifies the interactive gateway system for countering spam as a technical means for countering inter-domain spam. The gateway system enables spam notification among different domains, and it prevent
8、s spam traffic from passing from one domain to another. In addition, this Recommendation specifies the architecture for the gateway system, describes basic entities, protocols and functions of the gateway system, and provides mechanisms for spam detection, information sharing and specific actions in
9、 the gateway system for countering spam. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1243 2010-12-17 17 ii Rec. ITU-T X.1243 (12/2010) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information
10、 and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide
11、 basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA R
12、esolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administrat
13、ion and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions
14、 are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the
15、 possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of
16、 the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest i
17、nformation and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1243 (12/2010) iii Table of
18、Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 Conventions 3 6 Architecture 3 6.1 Spam-countering entities and functions . 3 6.2 Spam identification . 4 6.3 Spam-countering action 4 6
19、.4 Spam discovery 4 6.5 Spam notification through spam-countering peering protocol . 4 7 Spam-countering filtering techniques . 5 7.2 Supported spam-countering techniques 5 8 Process of spam-countering peering protocol . 9 8.1 Peer discovery 9 8.2 Peer set-up 9 8.3 Spam-countering message exchange 9
20、 8.4 Peer release . 9 9 Implementation model of gateway systems for countering spam 10 9.1 Integrated model . 10 9.2 Domain-based model 10 9.3 Bypass deployment model 11 Appendix I Example of SCPP message definition 12 Bibliography. 14 Rec. ITU-T X.1243 (12/2010) 1 Recommendation ITU-T X.1243 Intera
21、ctive gateway system for countering spam 1 Scope The interactive gateway system for countering spam is a general interactive mechanism for countering various inter-domain spam messages, including e-mail spam, SMS spam, etc., to enable information sharing for countering spam among different domains,
22、and to prevent spam from being sent as well as from being received. This Recommendation supports the diversity of spam-countering filtering techniques, and offers flexibility for upcoming techniques. Compliance with all relevant national laws and regulations should be considered before adopting this
23、 Recommendation. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are s
24、ubject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a docume
25、nt within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.509 Recommendation ITU-T X.509 (2000) | ISO/IEC 9594-8:2001, Information technology Open Systems Interconnection The Directory: Public-key and attribute certificate frameworks. 3 Defini
26、tions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 spam b-ITU-T X.1240: The meaning of the word “spam“ depends on each national perception of privacy and what constitutes spam from the national technological, economic, social and practical perspec
27、tives. In particular, its meaning evolves and broadens as technologies develop, providing novel opportunities for misuse of electronic communications. Although there is no globally agreed definition for spam, this term is commonly used to describe unsolicited electronic bulk communications over e-ma
28、il or mobile messaging for the purpose of marketing commercial products or services. 3.1.2 spammer b-ITU-T X.1240: An entity or a person creating and sending spam. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 interactive gateway system for counterin
29、g spam (IGCS): The interactive gateway system for countering spam is an entity which is responsible for detecting and blocking spam. It has a pair of functions: sender gateway function (SGF) and receiver gateway function (RGF). An IGCS should work with other peers to implement full functions for cou
30、ntering spam. 3.2.2 local spam-countering database: This term specifies a database which is used for storing spam information, blacklist, spam-countering rules for local receiver gateway functions and sender gateway functions. 2 Rec. ITU-T X.1243 (12/2010) 3.2.3 modality: Modality refers to informat
31、ion encoding(s) containing information perceptible for a human being. 3.2.4 multimodal message: A multimodal message refers to the multimedia message containing differently encoded information for interaction via multiple modalities. 3.2.5 receiver agent: A receiver agent is a server which receives
32、messages for message receivers. In e-mail applications, a POP server acts as a receiver agent. 3.2.6 receiver gateway function: The receiver gateway function is a function of receiver party for countering spam, which detects and blocks spam during the receiving process. 3.2.7 sender agent: A sender
33、agent is a server which sends messages for message senders. In e-mail applications, a SMTP server acts as a sender agent. 3.2.8 sender gateway function: A sender gateway function is a function of sender party for countering spam, which detects and blocks spam during the message sending process. 3.2.
34、9 spam-countering peer: During the process for countering spam, two IGCSs work together to identify and block spam, thus, one IGCS is a spam-countering peer to another. 3.2.10 spam-countering peering protocol: The protocol is defined to exchange spam alert messages and blacklists between spam-counte
35、ring gateways. 3.2.11 user spam report protocol: The protocol is defined for message receivers to report the spam to the gateway. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: E-mail Electronic Mail FE Functional Entity IGCS Interactive Gateway syste
36、m for Countering Spam IM Instant Message IRC Internet Relay Chat LscDB Local Spam-Countering Database POP Post Office Protocol RA Receiver Agent RBL Real-time Blackhole List RGF Receiver Gateway Function SA Sender Agent SCPP Spam-Countering Peering Protocol SGF Sender Gateway Function SMTP Simple Ma
37、il Transfer Protocol WPF Weighted Parameter Filter Rec. ITU-T X.1243 (12/2010) 3 5 Conventions Functional block: In the context of interactive gateway system for countering spam, “functional block“ is defined as a collection of functionalities. It is represented by the following symbol: 6 Architectu
38、re 6.1 Spam-countering entities and functions Sender gatewayfunctionReceiver gatewayfunctionLocalspam-counteringdatabaseSpam-counteringgateway 1User message SignallingMessagesenderMessagereceiverSpam-counteringgateway 2Receiver gatewayfunctionSender gatewayfunctionLocalspam-counteringdatabaseMessage
39、senderMessagereceiverSpam-counteringpeerFigure 1 Architecture of interactive gateway system for spam-countering Interactive gateway system for spam-countering (IGCS) An IGCS system is composed of a spam-countering gateway and a local spam-countering database. The spam-countering gateway has two sub-
40、function entities: SGF and RGF. These two function entities act both as policy decision points and policy enforcement points. SGF is used to process outgoing spam and RGF is used to process incoming spam. The local spam-countering database (lscDB) provides spam-countering rules for spam identificati
41、on and spam-countering actions. The local spam-countering gateway is also responsible for updating spam-countering rules to lscDB. The responsibilities of RGF and SGF are defined as follows: A RGF basically has three responsibilities: to take spam-countering actions (blocking, isolating or warning,
42、etc.) on known incoming spam; to detect new spam through receivers spam reports and update local spam-countering rules to lscDB; to notify spam senders SGF by sending a notification when a spam is detected. An SGF has two responsibilities: to take spam-countering actions (blocking, isolating or warn
43、ing, etc.) on known outgoing spam; to process spam notifications issued by receivers RGF and update local spam-countering rules to lscDB. 4 Rec. ITU-T X.1243 (12/2010) Local spam-countering database (lscDB) An lscDB is used for storing spam-countering information. This information can be further cat
44、egorized into the following three types: Spam identification information: such as source address of spam and key words in spam subject field. Spam-countering rules: such as blacklist and whitelist. Suspect spam record: suspicious spam samples that are reported by RGF and SGF. 6.2 Spam identification
45、 The RGF or SGF identifies known spam, based on spam identification information stored in lscDB. Spam will be classified into several levels and treated as corresponding actions. 6.3 Spam-countering action Once spam is identified, the corresponding RGF or SGF will take actions based on the level of
46、the identified spam. The spam-countering actions may include but are not limited to: spam warning: RGF/SGF sends a warning to the message receiver/sender; spam isolation: RGF/SGF isolates the spam message and periodically sends an isolation summary to the message receiver/sender; spam blocking: RGF/
47、SGF blocks the spam message. 6.4 Spam discovery 6.4.1 RGF spam discovery The receiver may report the anti-spam rules to its on-duty RGF. Anti-spam rules include, but are not limited to, the source/destination address blacklist, and key words in the e-mail subject field. The RGF updates spam identifi
48、cation and the rules in the lscDB. When a suspicious message comes in, the RGF starts an evaluation process to judge whether the message is a spam, according to the spam-countering rules stored in lscDB. If the message is judged as spam, the RGF will take the corresponding action. 6.4.2 SGF spam dis
49、covery The spam discovery process for the SGF is similar to that for the RGF. The SGF also receives spam notifications from the receivers RGF. The SGF evaluates the RGF notifications and updates the verified spam rules in the lscDB. 6.5 Spam notification through spam-countering peering protocol 6.5.1 Peer discovery When an SA is trying to send a message to an RA, the peer discovery procedure is initiated to discover an active peer IGCS in the message delivery path. The discovery procedure can be init