8/8/2019 Spam, Technological Solutions and Its Current Regulations
1/16
TERM PAPER
ON
SPAM, TECHNOLOGICAL SOLUTIONS
AND ITS CURRENT REGULATIONS
By,
Mahathi chintapalli (09224)
Pratyusha borancha (09233)
Khaja rasool (09244)
Shalini (09245)Sushobitha (09250)
Sushrutha (09251)
8/8/2019 Spam, Technological Solutions and Its Current Regulations
2/16
2
Table of Contents
Introduction ............................................................................................................................................ 3
Spam ................................................................................................................................................... 3
Reason for Spamming ............................... ........................................................................................... 3
The Volume of Spam ................................................................................... ......................................... 4
The Effects of Spam ............................................................................................................................. 4
How Spam Works ................................................................................................................................ 5
Different types of Spam .............................................................................. ......................................... 6
Spam- social networking sites .............................................................................................................. 6
Facebook: ........................................................................................................................................ 6
Twitter ............................................................................................................................................. 6
Preventing Spam ...................................................................................... ............................................ 8
The Spam Solutions ................................................................................................................................. 8
NON-GOVERNMENTAL......................................................................................................................... 8
GOVERNMENTAL ............................................................................................................................... 11
CASES : .................................................................................................................................................. 14
Current Anti-Spam Legislation ............................................................................................................... 15
Conclusion ............................................................................................................................................. 16
8/8/2019 Spam, Technological Solutions and Its Current Regulations
3/16
3
Introduction:
Every day, when people open their e-mail inboxes, they find numerous messages from unknown
parties offering a range of services and products. These unwanted messages have come to be
referred to as spam. Just a few years ago, spam was considered a minor nuisance. The increasein spam over the last few years, however, has led many to focus on this problem. The scale and
the effects of the spam epidemic suggest that spam is no longer simply a nuisance but is a large
scale network problem.
Spam:
The definition of spam is neither clear nor consistent across different individuals or
organizations. We can describe spam as unwanted e-mail messages. These types of messages are
often referred to as unsolicited commercial e-mail. However, over the years there has been an
increase in unsolicited mail that is not necessarily commercial in nature. Therefore, some have
begun to refer to these types of messages as unsolicited bulk e-mail. This column will focus on
commercial spam, which makes up the majority of all unsolicited e-mail.
The problem of defining spam becomes more complex across different types of organizations.
For example, organizations with more liberal network access policies allow users to receive
personal e-mail and mailing lists; other organizations restrict users to receiving only business-
related messages and therefore describe all other messages as spam. A good approach to this
problem is to define the different categories of messages that may be deemed spam and allow
organizations or individuals to create an appropriate definition for their environment.
Reason for Spamming:
Many wonder why spam activity has increased over the last couple of years. Is it because more
people want to be nuisances to society? Spamming is not a pastime but is an actual businessprocess. Spammers are in business, and like most others in business, they have a goal of making
a profit. This fact is useful in understanding the swift growth in the use of spam. As in any other
business, spammers must perform a few essential activities in order to create a profit:
8/8/2019 Spam, Technological Solutions and Its Current Regulations
4/16
4
1. Find potential customers. For spammers, this involves obtaining a list of e-mail addresses.
There are two main methods that can be used to obtain these lists: address harvesting and list
purchasing.
2.Offer a product or service to the potential customers. This involves sending information or an
offer to the list of e-mail addresses.
3.Sell and deliver the product or service to some percentage of the potential customers.
The success of spam as a business is based on the low cost of #1 and #2, allowing a low response
rate to still lead to a profit. Sending spam can cost $0.0005 per recipient; direct mail can cost
$1.21 per recipient, or about 2,400 times more. Direct mailers usually require a response rate of
about 2 percent; spammers, on the other hand, can break even with response rates as low as
0.001 percentabout 2,000 times lower. For example, a spammer can send 500,000 messages
and still be pleased and profitable with five responses.
The Volume ofSpam
Just one year ago, spam accounted for only 10 percent of inbound e-mail traffic; today, spam
accounts for over 60 percent of inbound e-mail traffic on average.2 consequently, an average
user now has more unwanted messages than wanted ones in his or her inbox. This influx of
messages has introduced a burden not only on end-users but also on administrators and the
infrastructure.The cost of the spam problem includes lost productivity from the users who must deal with spam
messages and from the computing resources that must be used to handle these messages.
The Effects ofSpam
Individuals, or a group of users, are easily targeted by email spam.
Spam usually arises as a result of giving out your email address on an unauthorized or
unscrupulous website.
Some of the effects of Spam:
y Fills your Inbox with number of ridiculous emails.y Degrades your Internet speed to a great extent.y Steals useful information like your details on you Contact list.y Alters your search results on any search engine.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
5/16
5
How Spam Works
Spam is usually not targeted to specific email addresses. Instead, the email addresses are
collected at random for the purpose of emailing promotions and other junk. Since the email
addresses are not targeted, the idea of mailing the promotions is a numbers game in the eyes of
the spammer.
Sending out spam is a really easy and inexpensive process, which is why a lot of marketers who
are lazy and want to find a get-rich-quick way to make money resort to spamming. The reality is,
it is not a quick way to make money and you face a lot of headaches in the aftermath of a spam
promotion.
Spammers use software that is specifically designed for spamming. The software has the
capability to weave its way down through the layers in the Internet to collect hundreds of
thousands of email addresses from websites, social networking groups, and any other sources
where people reveal their email addresses. The addresses are collected in a very short amount of
time. Once the addresses are collected, the spammer simply enters the sales message into the
software, creates a title, and then presses "Send." It is that easy.
Any website you have visited where you have entered your email address to receive more
information or for some other reason is fair game to spammers. This is how they get your email
address. Additionally, they can set up the software to address you by name among a host of other
sophisticated practices.Deceptive Practices of Spammers:
y Spam Blocker Escape: Spammers are masters of getting around the spam blockingsoftware. Although this software is effective in blocking spam, spammers are
learning more and more how the software works and then wording their messages
to get around the spam blocker.
y Evading the Law: In recent years spam has become against the law in some areas ofthe world. Spammers get around this by intruding on remote computers which sendout the spam for them without the knowledge of the PC owner. This way there is no
trace of the spammer's real Internet protocol address. The problem with this is the
IP address of the computer they hacked will show up on the spam message which
results in the innocent person losing their Internet service account due to spam.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
6/16
6
y Cloaking: Some versions of spam software include what is called cloaking. Thesoftware will automatically cloak the spammer's Internet protocol address so the
message cannot be traced. Additionally, it will insert a bogus return email address
which is the reason it is nearly impossible to track down.
Different types ofSpam
y Phishing spam a popular and heinous type of scamy foreign bank spamy Get rich easily and quickly spamy Illicitly pirated softwarey News group and forum spam
Spam- social networking sites
Facebook:
Facebook is a fantastic tool which can be used to stay in touch with friends or even to promote
your business. If you're promoting your products on Facebook then there are a number of things
that you need to be careful of because if you're not cautious then you could end up getting
banned or having your account deleted. There are many things which can cause your account to
be blocked on Facebook. Many of these relate to spam. It's very important that you do not spam
contacts on Facebook because this would be grounds for the cancelation of your account.
If you send out too many friend requests then this will be considered a form of spam and this
could get your account deactivated. If you post on lots of peoples walls with the same messages
then this will almost certainly get you banned. If when you request friends you always copy and
paste the same message then this will also be seen as a type of spam. You should avoid poking
people for no reason because if you poke too many people then you could end up getting banned.
Spam on Twitter has become a growing problem and with more and more individuals and
businesses using the social networking service, it is expected that spam will continue to be on the
rise. In addition, Twitter is an open application programming interface (API) and it does not
8/8/2019 Spam, Technological Solutions and Its Current Regulations
7/16
7
require a valid email address when you are creating an account which further increases the risk
of spam.
There are many different ways that spammers operate on Twitter with more methods on the
horizon as Twitter continues to grow.
Short URLs:Although businesses promote their products through a subtle approach, spammers blatantly
promote their business opportunities or scams on Twitter through the use of short URLs. Short
URLs are used frequently due to the 140 character limit on tweets so; it is impossible to tell if the
link is a scam or contains a virus, Trojan, or other type of malware.
Hijacking:Hackers can hijack Twitter accounts by breaking into the account and using it to send out spam.
Hackers usually target accounts that have an extensive list of followers so they can send out
spam. This usually includes the accounts of famous people but it can happen to any Twitter user.
One way around this is to avoid using passwords that hackers can easily guess but like
everything else, there is no guarantee.
Hash Tags on Trend TopicsTrending topics on Twitter are topics that are currently popular on Twitter. Spammers exploit the
trending topic by adding a hash tag to a popular keyword in their tweet that is related to the
trending topic. As a result, spammers increase the visibility of their tweets because they show up
more often in popular searches.
Tweet jackingTweet jacking occurs when spammers reply to tweets by replying to your @username. When
they reply or retweet the messages appear in your timeline. Often the messages contain a short
URL that replaces your URL and leads clickers to a porn site or, worse yet, a site laced with
malware.
Follower FraudThe success of your Twitter account is partially dependent upon the number of people that are
following you. As mentioned earlier, creating an account is very easy which encourages
spammers to automate the process and collect a massive amount of counterfeit followers. The
8/8/2019 Spam, Technological Solutions and Its Current Regulations
8/16
8
spammer then turns around and attempts to sell the account for a good amount of money and
repeat the process to cultivate their spam group.
Twitter provides instructions on their site on how to report spam and abuse. There are also a
number of Twitter spam applications such as TwitBlock and TwerpScan that will help you block
spam and they are free for the asking.
Preventing Spam
There are some effective measures that you can employ to stop spam entering your inbox:
y Always use an updated and trustworthy antivirus program.y Never share your email address and personal information like credit card details with an
unreliable source.
y Avoid responding to any emails that you never asked for. If you receive such email thendelete it immediately.
y Try to avoid emails with the subject need assistance or some funds , or any othercatchy titles. And never, ever forward such emails since they could be targeted to obtain
as many number of mails email addresses as possible.
y Whenever you need to forward an email to a group of people make use of the BCC fieldwhich enables you to hide the email addresses from each of the other recipients.
yNever mention your email address in newsletters or instant messenger chats.
y Switch off the reading pane in email clients such as Outlook. It can be done by View >Reading Pane Off.
The Spam Solutions
Below are some proposed solutions to the problem of unwanted junk E-mail. In many cases there
are levels of complexity.
NON-GOVERNMENTALRecipient Revolt:
At first Spam was related to with unwanted mail by recipients, in E-mail and in the physical
world. This has helped significantly to scare more legitimate companies away from using junk E-
mail, and this is good.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
9/16
9
Customer Revolt:
A very small minority of Spams come from places the recipient has had contact with, such as
web sites they gave their E-mail address to or companies they have done business with.
Customers fortunately have power over companies, and revolt and anger by customers is farmore effective than anger at strangers.
Vigilante Attack:
Some have taken to more serious efforts; including methods that are illegal or which break net
"rules." Mail-bombs and denial of service attacks, sometimes against the innocent, in particular
are a bad idea.
Pattern and Bayesian Filters
Many mail tools now can filter out mail or redirect based on analysis. Some search for known
patterns or the names of known junk mailers. Such systems are not a likely long-term solution.
They can always be gotten around. It's just a war of escalation. As long as the patterns can be
found out, as they can in any product, the mailers will learn not to use them.
Domain filters :
Many mailers now refuse mail from domains that don't exist.
Blacklisting :
Blacklist filters use databases of known abusers, and also filter unknown addresses. A real-time
blacklist system is in place at some sites to block even the initial mail connection from known
abusers.
White list Filters :
Mailer programs learn all contacts of a user and let mail from those contacts through directly.
Mail from strangers is redirected to other folders or challenged. It may be discarded if it matches
certain patterns. If users respond to challenge, their mail is delivered and they are white listed.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
10/16
10
Hide your address:
Many are reacting to Spam by refusing to reveal their E-mail addresses in public and sometimes
even in private, for fear of a privacy-invading deluge of Spam.
Stop relay abuse:
Blacklisting open relays is just one technique to stop this abuse. Regular social campaigns have
also helped, and all new mail software does not relay by default.
Voluntary Opt-Out lists:
Opting out means requesting to receive, no Spam. Either in a global "opt me out of everything"
list (such as the DMA maintains for paper junk mail) or by requesting those who mail you to
remove you from their list. Neither of these tends to work. Abusers are ignoring them or worse,
pretending to take requests and adding names to more lists. Opt-out is best implemented where
possible at the mail protocol (ESMTP) level, so that undesired mail is never even sent if possible.
This is most efficient.
Voluntary Tags :
Standards can be developed to tag bulk mail, providing headers or other information listing the
number of recipients of the mailing, whether the recipient requested the mail, or whether the
sender is personally known to the recipient.
Insisting on tags:
They become valuable if recipients start insisting mail they receive be tagged, and diverting
untagged mail to a low-priority folder. And of course diverting mail tagged in ways they don't
wish to receive. Such a scheme requires that Spammers be honest. There is evidence that many
would not be. However, it is possible that some laws may force them to be.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
11/16
11
Digital Signature
For non-anonymous mail, a digital signature that verifies the sender has many uses. Many want
this for other purposes. Such a signature can be used for reliable white listing and black listing.
In addition, the signature can come with a digital certificate stating the sender has agreed to acertain code of E-mail ethics. Recipients might insist on such a certificate. Or the simple fact that
the sender and their ISP can be reliably identified may be enough to make people willing to give
E-mail access, with non-signed mail diverted.
E-stamps
Once a digital signature and digital-money infrastructure comes into play it is possible to
implement an E-stamp scheme. Such a system works regardless of borders, and allowsanonymous mail without abuse. However, it requires the build-up of lots of technical
infrastructure and the redesign of mail systems.
GOVERNMENTAL
The following methods involve the government, but only as an enforcer of existing contract law
or intellectual property law.
Enforce anti-fraud, theft of service, impersonation laws :
A good portion of Spams are illegal for other reasons. They make fraudulent claims. They claim
to have "remove" lists but don't. They claim to be referrals from friends but they are not. They
bombard systems, acting like a denial-of-service attack. They provide forged return addresses
that are actually the addresses of innocent third parties. Already some lawsuits in this area have
been successful. However, a significant number of Spams do not violate any laws directly, or
they could remove their illegal portion without major loss.
Trade-mark/Fraud Enforced Tags :
A tagging scheme could be enforced by placing a valid trademark on the name of the tag, and
allowing the mark to be used only by those who follow proper standards of E-mail ethics. Those
who use it against the guidelines -- by lying in their tags -- could be sued and stopped. This can
work, with difficulty, in many countries but not all. In general, mail must be authenticated as to
8/8/2019 Spam, Technological Solutions and Its Current Regulations
12/16
12
where it comes from in order to be able to sue. Truly anonymous mailers can't be sued, though
rarely can they provide a means to buy their product. It's also possible that lying on tags in order
to get mail through to people for commercial purposes may be fraudulent in some fashion, and
thus stoppable.
ISP User Contracts:
Already many ISP "terms of service" (TOS) call for E-mail codes of conduct. As this becomes
more and more common, it may provide sufficient recourse.
Today a problem exists since most ISPs, to market their services, use free trial accounts. They
can't do anything with such accounts but shut them off. Users of free trials are not easily held
accountable for violations of their TOS contract.
ISP peering contracts :
The internet works because ISPs "peer" (exchange data) with one another. ISPs may eventually
refuse to peer with ISPs that don't have anti-Spam E-mail conduct codes in their TOS. It is
unknown if this would be restraint of trade.
Open access only for agreement-bound users:
Perhaps the most suitable non-governmental scheme would involve ISPs only granting "open"
access to E-mail ports on the internet to parties who have agreed to a code of E-mail ethics. All
others, as well as anonymous mailers, would be allowed to only send mail to special relaying
servers. The relaying servers would be programmed to mail for any (except perhaps unrepentant
abusers) but would "throttle" the volume of E-mail to enough to handle the needs of non-bulk
mailers. Ie. the server would allow users on any given network or computer the ability to only
send a few messages per minute, per hour or per day.
U.S. State Regulations
Some states are drafting and passing laws to regulate junk E-mail and other E-mail, ostensibly
within the state. However, the laws are bound to (and supporters hope they will) have effects
outside the state. While similar to the issue of multiple national jurisdictions, what's different
8/8/2019 Spam, Technological Solutions and Its Current Regulations
13/16
13
here is that the U.S. Federal government may be given jurisdiction, removing it from individual
U.S. States.
Required tags
Tagging as described above could be made mandatory by law on bulk mail from strangers. To
send such bulk mail without correct tags could be a tort. Users would be responsible for filtering
their own mail based on tags, and prosecuting violators. Tagging must not relate to content, lest
it be compelled speech. Government enforced tags must be limited to entirely factual matters
about the nature of the mailing itself, not the message. Some proposed tagging laws have been
put forward. One suggests that the Subject line contain the word "advertisement." This is bad
because it talks about the content of the message, and it's technically poor. Governments might
simply provide penalties for lying with such tags.
Mandatory compliance with opt-out:
The law could compel senders of bulk E-mail to comply with an opting-out system. They could
require that "remove" lists be faithfully maintained, or that a national opt-out list be supported.
Better would be an ESMTP protocol to allow the expression of opt-out wishes, and a law
compelling senders of certain types of mail to obey. In effect an electronic "no bulk solicitors"
sign, with teeth, on the mail server. For technical reasons, because mail is often sent to a relaying
server that will not know the wishes of the final recipient, a tagging system must also be in place
so that the decision can be made further down the chain. One law proposed in California allows
sites to opt-out with a web page policy. This does not easily allow individual user choice, or a
formal way of obtaining opt-out/opt-in status.
Required identification:
Several recently proposed laws are asking for mandatory identification of the senders of
commercial E-mail. Such laws would create greater accountability for abuse, but violate the right
to communicate anonymously when parties desire it. Less restrictive are rules stating that if
identification is false, it be marked as false.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
14/16
14
Banning unsolicited bulk E-mail:
Banning single E-mails based on content is probably unconstitutional in the USA. Since it is bulk
mail that is the source of the Spam problem (without computer automation of mailing to multiple
parties, the volume of junk mail is naturally limited to a tolerable level) regulation should focuson that. It is possible that restrictions on bulk mailing, as so-called "time and manner"
restrictions, might not violate the 1st amendment in the USA.
CASES :
yIn the present world political themes play a prominent role in todays online attacksbecause political leaders pay a strong appeal to wide range of audience and attackers take
advantage of situations like these. Best example that could be described here is US
president Obama. As the world counted down to the inauguration of 44th president of the
United States in November 2008, certain online spam senders used obamania as a new
way to attack. They introduced spam messages with a presidential theme. The message
delivers subject such as You must look at this, our new president has gone , Breaking
news, Obama refused to be the president of the United States of America ,Breaking
news there is no president in the USA any more. These spam emails contain a hyper
link, when these link is clicked- on it directs the user to a web page which looks similar
to the official obama Biden campaign site. The files available for download from the site
included names such as usa.exe, obamanew.exe, pdf.exe, statement.exe, barackblog.exe
and barackspeech.exe. This piece of malware was identified under the name
W32.Waledac and was capable, among other things, of harvesting sensitive information,
turning machines into a spam zombie and establishing a back door into computers that
would allow it to be remotely accessed. These threats are still continued in practice
among threat hackers today and these tricks user in to infecting them selves by displaying
messages based on current events.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
15/16
15
y A convenience sample of three hundred participant volunteers was selected from a widevariety of organizations and the general public. The age group ranged from 15 to 60.Of
the participants in this survey, 71% were male and 29% were female. The ages of the
participants were as follows: 38% between 15 and 21, 32% between 21 and 31, 12%
between 31 and 39, 15% between 39 and 49 and 3% older than 49. A questioner was
distributed and 300 responses were received. And the results obtained indicated that the
large portion of spams was regarding marketing products and services. Very less people
get benefited by the spam. Most of them just read the e mail header n delete spam. Most
of the public dont know any software to combat email spam. Most of them preferred to
delete spam automatically. Most of the productivity is lacked by spam. Spam is largely
related to pornography. Parents are very much worried regarding it. More than half of the
surveyors said there should be a law to stop the email spammers.
Current Anti-Spam Legislation
USA: In December 2003, President Bush signed legislation to help fight spam email. The bill,
known as the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography
and Marketing Act of 2003), preempts many provisions of existing state anti-spam laws, except
where those laws cover fraud, deception, or other computer crimes. The Act took effect on
January 1, 2004.
India:No Anti-Spam Laws in India. CAUCE, The Coalition against Unsolicited Commercial
Email is an ad hoc, all volunteer organization, created by Netizens to advocate for a legislative
solution to the problem of SPAM. The Indian chapter of CAUCE - dedicated to nipping the spam
problem in the bud in India, before it snowballs into a crisis.
8/8/2019 Spam, Technological Solutions and Its Current Regulations
16/16
16
Conclusion;
In January 2009 when region of origin of spam was interpreted among united states
,Columbia,brazil,argentina,china,india,turkey,Russia,south korea,Taiwan. United States
consistently has been one of the largest sources of spam. 23 % of spam messages originate from
USA .Colombia and Argentina have joined the top ten region of origin for spam, while Brazil isin the second place behind the United States. Ten percent of spam originated from Brazil in the
last month. For the past few months, India and China have both retained their positions among
the top regions of origin for spam.There are several reasons behind the shift in regional spamorigin, but it is notable that investment in Internet and IT infrastructure for many countries
spawns a massive growth in Internet users. Countries such as Brazil, India and China have a
burgeoning middle class where Internet penetration is high and access to broadband is
increasing. As IT security laws and regulations also vary widely around the world, an emphasis
on security may not always be a primary concern.