Docstoc

SPAM

Document Sample
SPAM Powered By Docstoc
					                Spam
 What is spam?
 CAN-SPAM Act
 Costs of spam
 Innovative ways to combat spam
 Preview of spamsux.com
                    What is spam?
   Spam is flooding the Internet with many copies of the
    same message, in an attempt to force the message on
    people who would not otherwise choose to receive it.
   Spam contents
       offensive or illegal content
       pornography
       pyramid trading schemes
       misleading or deceptive advertising
       jokes
       or even bona fide commercial marketing material
   It is sometimes referred to as unsolicited bulk email or
    unsolicited commercial email (UCE).
   And we are ALL affected by it!!
                 More on spam
   The first recorded incidence of spam occurred
    in 1994 when a US law firm, Canter and
    Siegel, put out a mass advertisement for an
    immigration advocacy service they offered.
   Two types of spam:
       Usenet spam is a single message sent to 20 or
        more Usenet newsgroups.
       Email spam targets individual users with direct mail
        messages.
   Since then, spam has become a major issue—
    which eventually led to federal legislation on
    the matter.
                CAN-SPAM
   Controlling the
   Assault of
   Non-
   Solicited
   Pornography
   And
   Marketing Act
                  CAN-SPAM
   Can-Spam was signed by President Bush on
    December 17, 2003.
   As of Jan. 1, 2004, the first federal legislation
    specifically directed at commercial email is
    supposed to curb the amount of unwanted email
    flooding our inboxes.
   Penalties of up to $250 per message to a
    maximum of $6 million per scammer imposed
    on parties who violate this law.
        CAN-SPAM ineffective?
   Under the new law, commercial email is
    perfectly fine to send if it complies with
    only three stipulations.
     It must be labeled as an advertisement or
      solicitation.
     It must give the recipient an opt-out option.
     And it must include a postal address.
        Shortfalls of CAN-SPAM
   Many in the technical and legal professions have
    questioned the government's ability to enforce
    those restrictions and have criticized the way the
    act supercedes stricter state laws.
   In many states, preexisting antispam legislation
    included the rights for citizens to sue spammers
    directly or through class action lawsuits. Under
    the new federal law, U.S. citizens no longer have
    those rights.
         What critics are saying
   "(Can-Spam) is an abomination at the federal
    level," said Stanford law professor Lawrence
    Lessig. "It's ineffective and it's affirmatively
    harmful because it preempts state legislation.“
   "It authorizes every offshore casino, every
    Viagra peddler, every pornographer, to send you
    as many messages as they want unless and
    until you tell them, one-by-one, to stop,“ says an
    attorney with Silicon Valley’s powerful Wilson,
    Sonsini, Goodrich and Rosati.
I agree…INEFFECTIVE!!
         Congressional findings?
   Paragraph 12 of the Congressional
    findings on CAN-SPAM act:
       (12) The problems associated with the rapid
        growth and abuse of unsolicited commercial
        electronic mail cannot be solved by Federal
        legislation alone. The development and
        adoption of technological approaches and the
        pursuit of cooperative efforts with other
        countries will be necessary as well.
                  Costs of spam
   According to Congress:
       The receipt of unsolicited commercial e-mail
        may result in costs to the recipients who
        cannot refuse to accept such mail and who
        incur costs for the storage of such mail, or for
        the time spent accessing, reviewing, and
        discarding such mail, or for both.
   E-mail spam (contrasted to traditional junk
    mail) is unique in that the receiver pays so
    much more for it than the sender does.
                               Comparing costs
                                   Cost Comparison of Unsolicited Marketing Methods*


                                                Cost to Sender   Cost to               Cost Borne by
Form                                               ($)              Recipient ($)         Sender(%)

Legal

Telemarketing                                   1.00             0.10                  91.00
Postal mail                                     0.75             0.10                  88.00

Illegal

Fax                                             0.03             0.10                  23.00
Automated phone                                 0.07             0.10                  41.00

Uncertain legality

Spam                                            0.00001          0.10                  0.01
* All cost figures per contact are estimated.

Source: "SpamCon Foundation News," Issue #0008, 7 August 2001.
           Volume of spam
 Roughly 40 percent of all e-mail traffic in
  the United States in the first half of 2003
  was spam, up from 8 percent in late 2001,
  according to Brightmail Inc., a major
  vendor of anti-spam software.
 By the end 2003, industry experts
  predicted, fully half of all e-mail will be
  unsolicited.
    Spam costs corporations big time
   According to Ferris Research Inc., a San
    Francisco consulting group, spam will cost
    U.S. organizations more than $10 billion
    this year.
       This figure includes:
           lost productivity
          consumption of IT resources
          and end-user support to deal with the problem.
Costs per corporate user
                     Fight spam!
   Traditional:
       Filters (server level, and user level)
       Blacklists (usually must pay for anti-spam tools which
        utilize and regularly update their blacklists)
   Innovative:
       Challenge-response technology
       “No Spam at Any (CPU) Speed” (MSFT origin)
       “Payment at risk” (MSFT origin)
       “Trusted E-mail Open Standard”
       DNS System Modification (MSFT origin)
    Challenge-response Technology
   If your mailbox is protected by a challenge-
    response system, people who try to contact you
    will be greeted with a response saying
    something like "click on this link to deliver this
    message" or "type in the word you see in the
    box above.“
   In theory, well-designed challenge-response
    utilities won't challenge mail from known
    correspondents or mail that you've actually
    asked to receive.
    “No Spam at Any (CPU) Speed”
              (MSFT)
 The theory behind this method is that a
  sender's computer must solve a
  cryptographic puzzle with its own
  processor to get its message into a
  recipient's in-box.
 The key is that the puzzle takes about 10
  seconds to solve. There are only 80,000
  seconds in a day, so a computer can only
  send 8,000 messages in a single day.
       “Payment at risk” (MSFT)
   The "payment at risk" system would involve e-
    mail recipients setting a level of payment that
    would tax the sender, if its e-mail were rejected,
    low or high, depending on how greatly recipients
    were bothered by the unwanted e-mail.
   The idea goes like this: If you receive an e-mail
    from an old school friend, and you're happy to
    receive it, the sender doesn't pay. If it's another
    offer for that annoying little blue pill, you reject it,
    and the spammer is forced to cough up.
    “Trusted E-mail Open Standard”
                (TEOS)
   TEOS is a new e-mail protocol that essentially
    builds on the SMTP.
   TEOS allows for more reliable identification of
    the sender and includes machine-readable
    descriptions or "assertions" about their e-mail's
    content. It also establishes an encrypted, spoof-
    proof "trust stamp" that appears in the body of
    the message.
   If implemented, experts recommend the
    formation of an international, cross-industry
    body to maintain this new standard.
    DNS System Modification (MSFT)
   The Domain Naming System is a distributed database,
    maintained by a number of different companies that
    provide domain names for Web site and e-mail
    addresses.
   Microsoft would like to modify this system so that
    individuals, companies and other organizations can
    publish the identification numbers of their mail servers in
    the DNS database.
       In effect, this would let an e-mail recipient compare the
        message's actual originating address with the address indicated
        in its header. A difference there could help a spam filter
        determine that a header is “spoofed,” increasing the likelihood
        that the message is spam. Such messages could easily be
        filtered or rejected.
               Spamsux.com…
 Finally, I’ll be creating a webpage for my
  project. There, users can find links to
  articles, tools, and news about spam
  (hopefully).
 Here is the preliminary layout:
       https://netfiles.uiuc.edu/harrylum/www/LIS391
        /Project/spamsux2.html

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:1/5/2012
language:
pages:22