22
Spam Spam What is spam? What is spam? CAN-SPAM Act CAN-SPAM Act Costs of spam Costs of spam Innovative ways to combat spam Innovative ways to combat spam Preview of spamsux.com Preview of spamsux.com

Spam

  • Upload
    ghita

  • View
    97

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

Spam. What is spam? CAN-SPAM Act Costs of spam Innovative ways to combat spam Preview of spamsux.com. What is spam?. Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Spam contents - PowerPoint PPT Presentation

Citation preview

Page 1: Spam

SpamSpam

What is spam?What is spam?CAN-SPAM ActCAN-SPAM ActCosts of spamCosts of spam Innovative ways to combat spamInnovative ways to combat spamPreview of spamsux.comPreview of spamsux.com

Page 2: Spam

What is spam?What is spam? Spam is flooding the Internet with many copies of the Spam is flooding the Internet with many copies of the

same message, in an attempt to force the message on same message, in an attempt to force the message on people who would not otherwise choose to receive it.people who would not otherwise choose to receive it.

Spam contentsSpam contents offensive or illegal content offensive or illegal content pornographypornography pyramid trading schemespyramid trading schemes misleading or deceptive advertisingmisleading or deceptive advertising jokesjokes or even bona fide commercial marketing materialor even bona fide commercial marketing material

It is sometimes referred to as unsolicited bulk email or It is sometimes referred to as unsolicited bulk email or unsolicited commercial email (UCE).unsolicited commercial email (UCE).

And we are ALL affected by it!!And we are ALL affected by it!!

Page 3: Spam

More on spamMore on spam The first recorded incidence of spam occurred The first recorded incidence of spam occurred

in 1994 when a US law firm, Canter and in 1994 when a US law firm, Canter and Siegel, put out a mass advertisement for an Siegel, put out a mass advertisement for an immigration advocacy service they offered.immigration advocacy service they offered.

Two types of spam: Two types of spam: Usenet spam is a single message sent to 20 or Usenet spam is a single message sent to 20 or

more Usenet newsgroups. more Usenet newsgroups. Email spam targets individual users with direct mail Email spam targets individual users with direct mail

messages. messages. Since then, spam has become a major issue—Since then, spam has become a major issue—

which eventually led to federal legislation on which eventually led to federal legislation on the matter.the matter.

Page 4: Spam

CAN-SPAMCAN-SPAM

CControlling the ontrolling the AAssault of ssault of NNon-on- SSolicited olicited PPornography ornography AAnd nd MMarketing Actarketing Act

Page 5: Spam

CAN-SPAMCAN-SPAM

Can-Spam was signed by President Bush on Can-Spam was signed by President Bush on December 17, 2003. December 17, 2003.

As of Jan. 1, 2004, the first federal legislation As of Jan. 1, 2004, the first federal legislation specifically directed at commercial email is specifically directed at commercial email is supposed to curb the amount of unwanted email supposed to curb the amount of unwanted email flooding our inboxes.flooding our inboxes.

Penalties of up to $250 per message to a Penalties of up to $250 per message to a maximum of $6 millionmaximum of $6 million per scammer imposed per scammer imposed on parties who violate this law.on parties who violate this law.

Page 6: Spam

CAN-SPAM ineffective?CAN-SPAM ineffective?

Under the new law, commercial email is Under the new law, commercial email is perfectly fine to send if it complies with perfectly fine to send if it complies with only three stipulations. only three stipulations. It must be labeled as an advertisement or It must be labeled as an advertisement or

solicitation. solicitation. It must give the recipient an opt-out option. It must give the recipient an opt-out option. And it must include a postal address.And it must include a postal address.

Page 7: Spam

Shortfalls of CAN-SPAMShortfalls of CAN-SPAM

Many in the technical and legal professions have Many in the technical and legal professions have questioned the government's ability to enforce questioned the government's ability to enforce those restrictions and have criticized the way the those restrictions and have criticized the way the act supercedes stricter state laws.act supercedes stricter state laws.

In many states, preexisting antispam legislation In many states, preexisting antispam legislation included the rights for citizens to sue spammers included the rights for citizens to sue spammers directly or through class action lawsuits. Under directly or through class action lawsuits. Under the new federal law, U.S. citizens no longer have the new federal law, U.S. citizens no longer have those rights.those rights.

Page 8: Spam

What critics are sayingWhat critics are saying

"(Can-Spam) is an abomination at the federal "(Can-Spam) is an abomination at the federal level," said Stanford law professor Lawrence level," said Stanford law professor Lawrence Lessig. "It's ineffective and it's affirmatively Lessig. "It's ineffective and it's affirmatively harmful because it preempts state legislation.“harmful because it preempts state legislation.“

"It authorizes every offshore casino, every "It authorizes every offshore casino, every Viagra peddler, every pornographer, to send you Viagra peddler, every pornographer, to send you as many messages as they want unless and as many messages as they want unless and until you tell them, one-by-one, to stop,“ says an until you tell them, one-by-one, to stop,“ says an attorney with Silicon Valley’s powerful Wilson, attorney with Silicon Valley’s powerful Wilson, Sonsini, Goodrich and Rosati. Sonsini, Goodrich and Rosati.

Page 9: Spam

I agree…INEFFECTIVE!!I agree…INEFFECTIVE!!

Page 10: Spam

Congressional findings?Congressional findings?

Paragraph 12 of the Congressional Paragraph 12 of the Congressional findings on CAN-SPAM act:findings on CAN-SPAM act: (12) The problems associated with the rapid (12) The problems associated with the rapid

growth and abuse of unsolicited commercial growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal electronic mail cannot be solved by Federal legislation alone. The development and legislation alone. The development and adoption of technological approaches and the adoption of technological approaches and the pursuit of cooperative efforts with other pursuit of cooperative efforts with other countries will be necessary as well.countries will be necessary as well.

Page 11: Spam

Costs of spamCosts of spam

According to Congress:According to Congress:The receipt of unsolicited commercial e-mail The receipt of unsolicited commercial e-mail

may result in costs to the recipients who may result in costs to the recipients who cannot refuse to accept such mail and who cannot refuse to accept such mail and who incur costs for the storage of such mail, or for incur costs for the storage of such mail, or for the time spent accessing, reviewing, and the time spent accessing, reviewing, and discarding such mail, or for both.discarding such mail, or for both.

E-mail spam (contrasted to traditional junk E-mail spam (contrasted to traditional junk mail) is unique in that the mail) is unique in that the receiver pays so so much more for it than the sender does. much more for it than the sender does.

Page 12: Spam

Comparing costsComparing costsCost Comparison of Unsolicited Marketing Methods*

FormCost to Sender

($)Cost to

Recipient ($)Cost Borne by

Sender(%)

Legal

Telemarketing 1.00 0.10 91.00

Postal mail 0.75 0.10 88.00

Illegal

Fax 0.03 0.10 23.00

Automated phone 0.07 0.10 41.00

Uncertain legality

Spam 0.00001 0.10 0.01

* All cost figures per contact are estimated.

Source: "SpamCon Foundation News," Issue #0008, 7 August 2001.

Page 13: Spam

Volume of spamVolume of spam

Roughly 40 percent of all e-mail traffic in Roughly 40 percent of all e-mail traffic in the United States in the first half of 2003 the United States in the first half of 2003 was spam, up from 8 percent in late 2001, was spam, up from 8 percent in late 2001, according to Brightmail Inc., a major according to Brightmail Inc., a major vendor of anti-spam software. vendor of anti-spam software.

By the end 2003, industry experts By the end 2003, industry experts predicted, fully half of all e-mail will be predicted, fully half of all e-mail will be unsolicited. unsolicited.

Page 14: Spam

Spam costs corporations big timeSpam costs corporations big time

According to Ferris Research Inc., a San According to Ferris Research Inc., a San Francisco consulting group, spam will cost Francisco consulting group, spam will cost U.S. organizations more than $10 billion U.S. organizations more than $10 billion this year. this year. This figure includes:This figure includes:

lost productivity lost productivity consumption of IT resourcesconsumption of IT resourcesand end-user support to deal with the problem. and end-user support to deal with the problem.

Page 15: Spam

Costs per corporate user Costs per corporate user

Page 16: Spam

Fight spam!Fight spam!

Traditional:Traditional: Filters (server level, and user level)Filters (server level, and user level) Blacklists (usually must pay for anti-spam tools which Blacklists (usually must pay for anti-spam tools which

utilize and regularly update their blacklists)utilize and regularly update their blacklists)

Innovative:Innovative: Challenge-response technologyChallenge-response technology ““No Spam at Any (CPU) Speed” (MSFT origin)No Spam at Any (CPU) Speed” (MSFT origin) ““Payment at risk” (MSFT origin)Payment at risk” (MSFT origin) ““Trusted E-mail Open Standard”Trusted E-mail Open Standard” DNS System Modification (MSFT origin)DNS System Modification (MSFT origin)

Page 17: Spam

Challenge-response TechnologyChallenge-response Technology

If your mailbox is protected by a challenge-If your mailbox is protected by a challenge-response system, people who try to contact you response system, people who try to contact you will be greeted with a response saying will be greeted with a response saying something like "click on this link to deliver this something like "click on this link to deliver this message" or "type in the word you see in the message" or "type in the word you see in the box above.“box above.“

In theory, well-designed challenge-response In theory, well-designed challenge-response utilities won't challenge mail from known utilities won't challenge mail from known correspondents or mail that you've actually correspondents or mail that you've actually asked to receive.asked to receive.

Page 18: Spam

““No Spam at Any (CPU) Speed” No Spam at Any (CPU) Speed” (MSFT)(MSFT)

The theory behind this method is that a The theory behind this method is that a sender's computer must solve a sender's computer must solve a cryptographic puzzle with its own cryptographic puzzle with its own processor to get its message into a processor to get its message into a recipient's in-box. recipient's in-box.

The key is that the puzzle takes about 10 The key is that the puzzle takes about 10 seconds to solve. There are only 80,000 seconds to solve. There are only 80,000 seconds in a day, so a computer can only seconds in a day, so a computer can only send 8,000 messages in a single day. send 8,000 messages in a single day.

Page 19: Spam

““Payment at risk” (MSFT)Payment at risk” (MSFT)

The "payment at risk" system would involve e-The "payment at risk" system would involve e-mail recipients setting a level of payment that mail recipients setting a level of payment that would tax the sender, if its e-mail were rejected, would tax the sender, if its e-mail were rejected, low or high, depending on how greatly recipients low or high, depending on how greatly recipients were bothered by the unwanted e-mail. were bothered by the unwanted e-mail.

The idea goes like this: If you receive an e-mail The idea goes like this: If you receive an e-mail from an old school friend, and you're happy to from an old school friend, and you're happy to receive it, the sender doesn't pay. If it's another receive it, the sender doesn't pay. If it's another offer for that annoying little blue pill, you reject it, offer for that annoying little blue pill, you reject it, and the spammer is forced to cough up.and the spammer is forced to cough up.

Page 20: Spam

““Trusted E-mail Open Standard” Trusted E-mail Open Standard” (TEOS)(TEOS)

TEOS is a new e-mail protocol that essentially TEOS is a new e-mail protocol that essentially builds on the SMTP. builds on the SMTP.

TEOS allows for more reliable identification of TEOS allows for more reliable identification of the sender and includes machine-readable the sender and includes machine-readable descriptions or "assertions" about their e-mail's descriptions or "assertions" about their e-mail's content. It also establishes an encrypted, spoof-content. It also establishes an encrypted, spoof-proof "trust stamp" that appears in the body of proof "trust stamp" that appears in the body of the message. the message.

If implemented, experts recommend the If implemented, experts recommend the formation of an international, cross-industry body formation of an international, cross-industry body to maintain this new standard.to maintain this new standard.

Page 21: Spam

DNS System Modification (MSFT)DNS System Modification (MSFT)

The Domain Naming System is a distributed database, The Domain Naming System is a distributed database, maintained by a number of different companies that maintained by a number of different companies that provide domain names for Web site and e-mail provide domain names for Web site and e-mail addresses. addresses.

Microsoft would like to modify this system so that Microsoft would like to modify this system so that individuals, companies and other organizations can individuals, companies and other organizations can publish the identification numbers of their mail servers in publish the identification numbers of their mail servers in the DNS database. the DNS database. In effect, this would let an e-mail recipient compare the In effect, this would let an e-mail recipient compare the

message's actual originating address with the address indicated message's actual originating address with the address indicated in its header. A difference there could help a spam filter in its header. A difference there could help a spam filter determine that a header is “spoofed,” increasing the likelihood determine that a header is “spoofed,” increasing the likelihood that the message is spam. Such messages could easily be that the message is spam. Such messages could easily be filtered or rejected.filtered or rejected.

Page 22: Spam

Spamsux.com…Spamsux.com…

Finally, I’ll be creating a webpage for my Finally, I’ll be creating a webpage for my project. There, users can find links to project. There, users can find links to articles, tools, and news about spam articles, tools, and news about spam (hopefully).(hopefully).

Here is the preliminary layout:Here is the preliminary layout:https://netfiles.uiuc.edu/harrylum/www/LIS391https://netfiles.uiuc.edu/harrylum/www/LIS391

/Project/spamsux2.html/Project/spamsux2.html


Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Spam Overview. What is Spam? Spam is unsolicited email in the form of: Commercial advertising Phishing Virus-generated Spam Scams E.g. Nigerian

Documents
HOW MUCH SPAM CAN CAN-SPAM CAN?: EVALUATING THE

HOW MUCH SPAM CAN CAN-SPAM CAN?: EVALUATING THE

Documents
Spam Clustering

Spam Clustering

Technology
Spam attacks

Spam attacks

Internet
Spam Detection

Spam Detection

Documents
EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

EK Ch 17: Power laws and rich-get-richer phenomena (with an application of Web Spam detection Spam, Damn Spam and Statistics ) Spam, Damn Spam and Statistics

Documents
[Potential spam]

[Potential spam]

Art & Photos
Introduction Spam in Society Email Spam IM Spam Text Spam Blog Spamming Spam Blogs

Introduction Spam in Society Email Spam IM Spam Text Spam Blog Spamming Spam Blogs

Documents
Detecting Spam and Spam Responses

Detecting Spam and Spam Responses

Documents
SPAM =5627694446211716271

SPAM =5627694446211716271

Documents
International Telecommunication Union...International Telecommunication Union 4 Spam spam spam zWireless spam: SMS, MMS, email over mobile devices…(and SMS scams) z“Spim”: spam

International Telecommunication Union...International Telecommunication Union 4 Spam spam spam zWireless spam: SMS, MMS, email over mobile devices…(and SMS scams) z“Spim”: spam

Documents
Fighting Spam

Fighting Spam

Documents
Spam filters

Spam filters

Documents
Spam – Solving it Economically?klarson/teaching/F04-886/... · Spam, tomato & Spam, egg & Spam, Egg, bacon & Spam...") that was current when spam first began arriving on the Internet

Spam – Solving it Economically?klarson/teaching/F04-886/... · Spam, tomato & Spam, egg & Spam, Egg, bacon & Spam...") that was current when spam first began arriving on the Internet

Documents
NEW ABUSE REPORT - AFNIC · Google Safe Browsing Domain name Abuse spam phishing spam phishing spam Unwanted s spam spam malware GURID Registrar name Potential abuses Creation date

NEW ABUSE REPORT - AFNIC · Google Safe Browsing Domain name Abuse spam phishing spam phishing spam Unwanted s spam spam malware GURID Registrar name Potential abuses Creation date

Documents
Clustering Spam MIT Spam Conference 2008 Phil Tom

Clustering Spam MIT Spam Conference 2008 Phil Tom

Documents
Spam Filter

Spam Filter

Documents
SPAM And SpamAssassin - haifux.orghaifux.org/hebrew/lectures/155/spam.pdf · The SPAM arms race SPAM filtering is a unique problem in AI. Moving target – SPAM keeps changing. –

SPAM And SpamAssassin - haifux.orghaifux.org/hebrew/lectures/155/spam.pdf · The SPAM arms race SPAM filtering is a unique problem in AI. Moving target – SPAM keeps changing. –

Documents
Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam Spam UBE – Unsolicited Bulk Email UCE – Unsolicited Commercial Email Spam There

Handling Spam in Postfix. Computer Center, CS, NCTU 2 Nature of Spam Spam UBE – Unsolicited Bulk Email UCE – Unsolicited Commercial Email Spam There

Documents
Spam Spam Spam Spam

Spam Spam Spam Spam

Documents
Doctor Spam

Doctor Spam

Documents
SPAM FILTERING

SPAM FILTERING

Documents
Spam Hammer 3 - WP Plugin To End Spam

Spam Hammer 3 - WP Plugin To End Spam

Self Improvement
Wham, Bam, no more Spam?! Lösungsszenarien für das Spam-Problem

Wham, Bam, no more Spam?! Lösungsszenarien für das Spam-Problem

Documents
Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Spam, Spam and More Spamcs5480/notes/spam-lecture-11-Sep-07.pdf · Spam, Spam and More Spam cs5480/cs6480 Matthew J. Probst ... • Recipient MTA Filter • TXT dns record on a domain

Documents
Spam 2011: Protecting Against Evolving Threatshosteddocs.ittoolbox.com/wpproofpointspam2011protectionagainst… · Spam 2011: Protection Against Evolving Threats. The very best anti-spam

Spam 2011: Protecting Against Evolving Threatshosteddocs.ittoolbox.com/wpproofpointspam2011protectionagainst… · Spam 2011: Protection Against Evolving Threats. The very best anti-spam

Documents
Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa ... Verdel.pdf · Als er iets is dat ik geleerd heb in de afgelopen 23 jaar waarin ik onderwijs heb mogen genieten, dan

Documents
Spam and Anti Spam Techniques

Spam and Anti Spam Techniques

Technology
SPAM over Internet Telephony - andreas.schmidt.novalyst.deandreas.schmidt.novalyst.de/docs/SPAM over Internet Telephony_edi… · Title: SPAM over Internet Telephony Author: RashAdmin

SPAM over Internet Telephony - andreas.schmidt.novalyst.deandreas.schmidt.novalyst.de/docs/SPAM over Internet Telephony_edi… · Title: SPAM over Internet Telephony Author: RashAdmin

Documents
Spam Marshall UsersGuide-Final · SpamWall software (if installing on a dedicated server) and your current Email server. About Spam Marshall Spam Masrhall offers a comprehensive Spam

Spam Marshall UsersGuide-Final · SpamWall software (if installing on a dedicated server) and your current Email server. About Spam Marshall Spam Masrhall offers a comprehensive Spam

Documents