Anti-SPAM - Code of Practice

Version 2.0, 8 Jun 2005

Introduction

  1. This Code of Practice is issued by the Hong Kong Internet Service Providers Association (HKISPA), an industry body representing the majority of Internet service providers and related businesses in the Hong Kong Special Administrative Region of the People's Republic of China (HKSAR). The Code of Practice forms part of the HKISPA Anti-SPAM initiative, which was started in response to the growing problem of SPAM on the Internet.
  2. Coverage

  3. All members of the HKISPA are subject to this Code of Practice. However other organizations providing Internet access to the general public or their own members are also encouraged to adopt this Code of Practice. It consists of, essentially, a series of statements that prescribe minimum standards of practice required by HKISPA to be observed by all members. The Code of Practice is concerned with corporate responsibility in controlling the problem of SPAM affecting clients, users, and society at large.
  4. Definition

  5. "SPAM" refers generally to the sending of unsolicited mass/bulk/junk e-mail/message/postings. A SPAM message may request the recipient to perform some kind of action e.g. go to some web site or buy some service. The message may be an e-mail but could equally be another form of electronic message such as a Usenet article.
  6. Terms and Conditions

  7. Members of the HKISPA and those who have adopted this Code of Practice shall endeavor to require users or customers who have the ability to produce SPAM to be bound by appropriate anti-SPAM contractual conditions. Such conditions, together with a definition of SPAM, may be stated in the Terms of Conditions, Acceptable Use Policy or other similar documents, for example:
    1. The subscriber shall not engage in sending SPAM messages.
    2. Any breach of condition (1) above shall result in the suspension and/or closure of the subscriber's account at the sole discretion of the provider.
    3. "SPAM" refers generally to the sending of unsolicited mass/bulk/junk e-mail/message/postings. A SPAM message may request the recipient to perform some kind of action e.g. go to some web site or buy some service. The message may be an e-mail but could equally be another form of electronic message such as a Usenet article.

    Technical Measures

  8. The following anti-SPAM measures are required:
    1. Mail servers shall not be allowed to relay mail from third parties.
    2. There shall be a restriction on the amount of outgoing mail provided for web e-mail and pre-paid accounts.
    3. All clients using switched access shall not have outgoing TCP access to the Internet on port 25 (SMTP). An SMTP server shall be provided by such accounts; if possible the users outgoing SMTP connection will automatically be redirected to such server.

  9. As technical measures change fast, you are recommended to check the Anti-SPAM - Implementation Guideline updated by the HKISPA from time to time at
    http://www.hkispa.org.hk/antispam/guidelines.html
  10. SPAM Filtering Service Offered by ISPs

  11. Privacy of communication of Hong Kong residents are protected by law. SPAM filtering should only be performed by ISPs under the following conditions.
    1. The customer using e-mail service explicitly requests it, or
    2. If individual ISP performs SPAM filtering by default, all of its affected customers must be explicitly informed of the service feature, and convenient means must be provided to those customers who wish to disable the filtering feature.

    For avoidance of doubt, the use of Black-Lists, or any similar DNS-based Common Black-Lists, is not regarded by HKISPA as "Spam Filtering" by convention of this Code of Practice. The use of such blacklists refuses connections solely on the source IP address instead of basing the refusal on the recipient or sender e-mail addresses, and also it refuses connections before the content is received. Therefore HKISPA does not consider the use of Black-Lists, or any similar DNS-based Common Black-Lists "Spam Filtering". However, HKISPA strongly recommends that ISPs which use such mechanism should alert users and clients by revising its term of use or similar documents to include a term which states that users or clients acknowledge and agree that services provided are subject to the use of Black-Lists, or any similar DNS-based Common Black-Lists.

    Administrative Measures

  12. All members and those who choose to adopt this Code of Practice shall have a written procedure for handling incidents of SPAM. This procedure should be publicly available either in print and/or on a web site. This procedure shall include the following:
    1. There shall be an 'abuse' account. Mail sent to this account shall be routed to a responsible person or team who has the ability to investigate and take action on such complaints.
    2. All complaints sent to 'abuse' shall be replied to. This may be via auto-responder.
    3. Complaints shall be promptly investigated and action must be taken against users flouting the terms and conditions referring to SPAM. Even if investigation reveals no faults from ISP or user, the ISP is encouraged to help the complainant resolve their complaint.

    Industry Cooperation

  13. All members and those that choose to conform to this Code of Practice is advised, but not mandated, to participate in cooperation with the Internet community of Hong Kong in fighting SPAM. The area of cooperation shall include the following:
    1. Participate in initiatives of HKISPA and the Government of HKSAR in fighting SPAM, for instance to use a Common Black List of ISPs or HKISPA, and/or
    2. Share information with participants of those initiatives for the purpose of fighting SPAM. The information shall be limited to those solely for the purpose of identifying SPAM sources and SPAM messages, for example IP Addresses of SPAM sources, SPAM message signatures, and shall not include contents of e-mail messages.

    Publicity

  14. The HKISPA will provide a branding scheme that will alert the public to which parties are complying with this Code of Practice. The scheme may consist of the following:
    1. An icon that can be shown on web sites of organizations complying with this Code of Practice.
    2. A web site run by the HKISPA showing this Code of Practice and the parties that are in compliance.

    Compliance

  15. The HKISPA will run a branding scheme whereby all those conforming to this Code of Practice will be allowed to advertise that they are conforming to the HKISPA Anti-SPAM Initiative. Such permission will be granted by the Executive Council of the HKISPA once suitable evidence of conformance has been shown.
  16. Non-Compliance

  17. The Executive Council of the HKISPA reserves the right to remove any party's rights granted in relation to its compliance with this Code of Practice at any time, including the right to advertise compliance under the HKISPA Anti-SPAM Initiative, if it has come to the Executive Council's attention that such party has breached this Code of Practice without reasonable excuse. Further action may be taken at the discretion of the Executive Council of the HKISPA and such party will be solely responsible for the consequences.

Contact
Anti-Spam Committee, HKISPA
[email protected]