The Session Initiation Protocol (SIP) and Spam
RFC 5039

 
Document Type RFC - Informational (January 2008; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 5039 (Informational)
Telechat date
Responsible AD Jon Peterson
Send notices to sipping-chairs@ietf.org, jdrosen@cisco.com, fluffy@cisco.com
Network Working Group                                       J. Rosenberg
Request for Comments: 5039                                   C. Jennings
Category: Informational                                            Cisco
                                                            January 2008

             The Session Initiation Protocol (SIP) and Spam

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   Spam, defined as the transmission of bulk unsolicited messages, has
   plagued Internet email.  Unfortunately, spam is not limited to email.
   It can affect any system that enables user-to-user communications.
   The Session Initiation Protocol (SIP) defines a system for user-to-
   user multimedia communications.  Therefore, it is susceptible to
   spam, just as email is.  In this document, we analyze the problem of
   spam in SIP.  We first identify the ways in which the problem is the
   same and the ways in which it is different from email.  We then
   examine the various possible solutions that have been discussed for
   email and consider their applicability to SIP.

Rosenberg & Jennings         Informational                      [Page 1]
RFC 5039                        SIP Spam                    January 2008

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Problem Definition . . . . . . . . . . . . . . . . . . . . . .  3
     2.1.  Call Spam  . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.2.  IM Spam  . . . . . . . . . . . . . . . . . . . . . . . . .  7
     2.3.  Presence Spam  . . . . . . . . . . . . . . . . . . . . . .  7
   3.  Solution Space . . . . . . . . . . . . . . . . . . . . . . . .  8
     3.1.  Content Filtering  . . . . . . . . . . . . . . . . . . . .  8
     3.2.  Black Lists  . . . . . . . . . . . . . . . . . . . . . . .  9
     3.3.  White Lists  . . . . . . . . . . . . . . . . . . . . . . .  9
     3.4.  Consent-Based Communications . . . . . . . . . . . . . . . 10
     3.5.  Reputation Systems . . . . . . . . . . . . . . . . . . . . 12
     3.6.  Address Obfuscation  . . . . . . . . . . . . . . . . . . . 14
     3.7.  Limited-Use Addresses  . . . . . . . . . . . . . . . . . . 14
     3.8.  Turing Tests . . . . . . . . . . . . . . . . . . . . . . . 15
     3.9.  Computational Puzzles  . . . . . . . . . . . . . . . . . . 17
     3.10. Payments at Risk . . . . . . . . . . . . . . . . . . . . . 17
     3.11. Legal Action . . . . . . . . . . . . . . . . . . . . . . . 18
     3.12. Circles of Trust . . . . . . . . . . . . . . . . . . . . . 19
     3.13. Centralized SIP Providers  . . . . . . . . . . . . . . . . 19
   4.  Authenticated Identity in Email  . . . . . . . . . . . . . . . 20
     4.1.  Sender Checks  . . . . . . . . . . . . . . . . . . . . . . 21
     4.2.  Signature-Based Techniques . . . . . . . . . . . . . . . . 21
   5.  Authenticated Identity in SIP  . . . . . . . . . . . . . . . . 22
   6.  Framework for Anti-Spam in SIP . . . . . . . . . . . . . . . . 23
   7.  Additional Work  . . . . . . . . . . . . . . . . . . . . . . . 24
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 24
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
   10. Informative References . . . . . . . . . . . . . . . . . . . . 25

Rosenberg & Jennings         Informational                      [Page 2]
RFC 5039                        SIP Spam                    January 2008

1.  Introduction

   Spam, defined as the transmission of bulk unsolicited email, has been
   a plague on the Internet email system.  Many solutions have been
   documented and deployed to counter the problem.  None of these
   solutions is ideal.  However, one thing is clear: the spam problem
   would be much less significant had solutions been deployed
   ubiquitously before the problem became widespread.

   The Session Initiation Protocol (SIP) [2] is used for multimedia
   communications between users, including voice, video, instant
   messaging, and presence.  Consequently, it can be just as much of a
   target for spam as email.  To deal with this, solutions need to be
   defined and recommendations put into place for dealing with spam as
   soon as possible.

   This document serves to meet those goals by defining the problem
   space more concretely, analyzing the applicability of solutions used
   in the email space, identifying protocol mechanisms that have been
   defined for SIP that can help the problem, and making recommendations
   for implementors.

2.  Problem Definition

   The spam problem in email is well understood, and we make no attempt
Show full document text