Public document on handling spam
29th July 2004 (Computimes)

THE National Information and Communications Technology (ICT) Security and Emergency Response Centre (Niser) expects to make available a public document comprising guidelines and best practices for handling spam as a reference for all Internet users in three months.

Its director Lt Col Husin Jazri said in working towards this, Niser will be holding a technology forum among industry experts this week in an effort to gain opinions and insights on the issue as input for the document.

"Our aim is to produce an easy and readable manual which can be used by 'anyone', especially home users. This would be a step towards minimising spamming activities as it is almost impossible to completely eradicate spam," he said at the sidelines of the inaugural quarterly Malaysia Computer Emergency Response Team special interest group (MyCert-SIG) session in Bukit Jalil last Friday.

Spam is unsolicited electronic mail or junk e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals or newsgroups.

In terms of legislation, Husin said the Malaysian Communications and Multimedia Commission (MCMC) is carrying out ongoing discussions on whether to legislate spam in Malaysia.

"While some countries have legislation on spam, it will take some time before the legislation comes into effect because of cross-border issues. In addition, legislation alone cannot deter spam. There also needs to be technical measures in place. Internet service providers, Internet data centres, corporations (and even individuals) need to use spam filters like anti-spam software for the benefit of their customers," he said.

Spam incidents, according to MyCert's second quarter summary, still constitute the bulk of ICT security incidents reported during the period with a total of 3,928 incidents of 4, 095 incidents. This represents a 75 per cent increase compared to the first quarter of this year.

In the first quarter, spam incidents totalled to 2,246 of the overall 2,615 incidents reported, representing a nine per cent increase compared to the previous quarter.

MyCert's manager Solahuddin Shamsuddin urged all incident and response teams to link up with MyCert-SIG to share skills and knowledge for betterment of the incident and handling communities to help prevent future cyber threats.

He said MyCert-SIG was formed to build a trust relationship among Malaysian incident response and handling communities which is spearheaded by Niser.

It is aimed at providing a credible platform for incident and handling communities to identify, recover and mitigate continuous threats in cyberspace.

"To date, 200 members nationwide from the public, private, government and education sectors have registered with MyCert -SIG and the number is expected to increase progressively as of the public and professional ICT practitioners become more alert of security issues," Solahuddin said.