View
219
Download
0
Category
Tags:
Preview:
Citation preview
The Future of Anti-Spam: A Blueprint for New Internet
Abuse Tools
Garth Bruen
CEO, KnujOn.com LLC
Gbruen@knujon.com
http://www.knujon.com
MIT Spam Conference 2009
Our Predicament
• Spam is still here• Spam has increased• Illicit profits have
increased• Criminals are
organized and well-funded
• Anti-spammers are not
New Framework
• Rethink our objectives and strategy
• Develop a philosophy or set of principles for anti-spam
• Extend current tools in new directions
Anti-Spam Principles
1. Spam is not an impossible problem to solve2. It is possible to collect and process every piece of
unwanted email for examination and enforcement 3. Spam is about who benefits from it, not who sent it4. Spammers send mass email because someone pays
them to 5. The motivation is money, the goal is a transaction 6. Focus efforts on the transaction target or platform not
on the advertisement7. Eliminating transaction access removes money from
the illicit cycle
View of Internet transaction to a consumer
• The “Pie” on the Internet is often fake, never delivered, or substituted
• Internet transactions are a leap of faith
• That faith is being eroded
View of abuse reporting to a consumer
• End users do not know where to start when abused
• “Headers”, “IP,” “ASN”, etc. are foreign words ordinary users
• Expecting untrained, non-technical users to address the problem is a failed model from the start
• Adopt simple methods for handling unwanted traffic
Help Consumers Navigate Bureaucracy
• Build avenues to express grievances that generate trust
• Collect user abuse data on a massive scale
Data not Junk
Splitting Between URL Spam and Non-URL Spam
• URL Spam – spam advertising domain names - has a clearly defined policy structure behind it: ICANN
• Non-URL spam may be criminal and problematic but does not fall under ICANN’s purview
Redefining the Scope
• 480 BC: Greeks faced a Persian army that was one thousand times their size
• They forced the Persians to engage at a narrow pass: Thermopylae
• Changing the size of the battlefield put the odds in the Greek’s favor
• In essence they used math change a situation
Redefining the Scope
Redefining the Scope
• The Spam Balloon: Like a balloon the spam universe is full of hot air
• The knot is tied at the provider level
• Fix or remove the bad providers to let the air out
Addressing The Current Policy Structure
• Don’t write-off ICANN, industry, or government
• Work within existing structure to solve problems
• Test the current system to find bottlenecks
• Push system to limit and then enhance
Fixing Policy as well as Technology
• ICANN’s main compliance engine was six years old, out of date and overloaded by KnujOn’s process
• Registrars contracted by ICANN had no obligation to disclose ownership or location
• Two factors converged to create a permissive environment
Fixing Policy as well as Technology
• WDPRS has been upgraded to handle bulk reports
• RAA now states: “Registrar shall provide on its website its accurate contact details including valid email and mailing address.”
• Success here not just about technical tools
Focusing on criminal targets and using the law when called for
• Not all spam leads to illegal activity, but much of it does
• Behavior illegal regardless of Internet usage
• Not all e-crooks in U.S., but their resources are
Aggressive Brand Protection
• Brand violations constitute huge portion of the spam problem
• Brand owners either do not want to engage the situation or do not know how
• Direct involvement from the brands can change the game
Daily Tally
Total collected unique domain names
Minus Dead DomainsMinus Policy ViolatorsMinus Clear Criminal CasesMinus Brand Violations------------------------------------Remainder is examined,
process is enhanced, remainder is placed back into process
Success Model for Non-URL Spam
• What happened to stock spam?
• SEC:* Accepted reports from the public* Analyzed the emails and featured stocks* Suspended trading of featured stocks* Froze assets of those who profited* Indicted perpetrators
• Problem has been minimized and managed
Conclusion
• Existing tools can address the problem
• A variety of efforts must be employed in concert
• Previously failed • We can win• Don’t believe me?
Recommended