Australia forces ISPs to attack spam

The Australian Communications and Media Authority is building on the relative success of the country's 2003 Spam Act to ensure that businesses and consumers are protected from a deluge of unwanted e-mail.

"The phenomenon of spam...continues to materially impact on e-mail as a communications medium," states the conduct code document, released on Wednesday.

Although many countries have recognized spam as an issue, few have been able to react to it effectively. However, it's long been suggested that Internet service providers, which carry much of the e-mail, could solve the problem of spam overnight.

"Since senders of spam require the services of service providers in order to send their spam, enlisting the support of those service providers has the potential of being an efficient and also a more proactive way of addressing the spam problem," according to the code document.

As such, ISPs serving the Australian public must proactively scan traffic for open relays and botnets, networks of compromised PCs used for sending spam. In addition, spam filters must be offered and clearly advertised by each Australian ISP.

ISPs must include clauses in all contracts that allow them to disconnect a user if they are knowingly or unwittingly relaying spam, once the ISP has taken "reasonable steps to notify the subscriber of the breach and (provided) reasonable assistance," the code says. They must also restrict inbound connections to any service that allows forwarding of e-mail on behalf of third parties.

There is a threat of penalties or sanctions if ISPs do not follow any part of the code.

Simon Perry, vice president of security strategy at CA, said that while Australian citizens will now be better protected online, global cooperation along similar lines could make a real difference to total worldwide levels of spam.

"Only a joined-up exercise internationally will close all the doors," Perry said.

Will Sturgeon of Silicon.com reported from London.