230 likes | 655 Views
Spam. What is spam? CAN-SPAM Act Costs of spam Innovative ways to combat spam Preview of spamsux.com. What is spam?. Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Spam contents
E N D
Spam • What is spam? • CAN-SPAM Act • Costs of spam • Innovative ways to combat spam • Preview of spamsux.com
What is spam? • Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. • Spam contents • offensive or illegal content • pornography • pyramid trading schemes • misleading or deceptive advertising • jokes • or even bona fide commercial marketing material • It is sometimes referred to as unsolicited bulk email or unsolicited commercial email (UCE). • And we are ALL affected by it!!
More on spam • The first recorded incidence of spam occurred in 1994 when a US law firm, Canter and Siegel, put out a mass advertisement for an immigration advocacy service they offered. • Two types of spam: • Usenet spam is a single message sent to 20 or more Usenet newsgroups. • Email spam targets individual users with direct mail messages. • Since then, spam has become a major issue—which eventually led to federal legislation on the matter.
Controlling the Assault of Non- Solicited Pornography And Marketing Act CAN-SPAM
CAN-SPAM • Can-Spam was signed by President Bush on December 17, 2003. • As of Jan. 1, 2004, the first federal legislation specifically directed at commercial email is supposed to curb the amount of unwanted email flooding our inboxes. • Penalties of up to $250 per message to a maximum of $6 million per scammer imposed on parties who violate this law.
CAN-SPAM ineffective? • Under the new law, commercial email is perfectly fine to send if it complies with only three stipulations. • It must be labeled as an advertisement or solicitation. • It must give the recipient an opt-out option. • And it must include a postal address.
Shortfalls of CAN-SPAM • Many in the technical and legal professions have questioned the government's ability to enforce those restrictions and have criticized the way the act supercedes stricter state laws. • In many states, preexisting antispam legislation included the rights for citizens to sue spammers directly or through class action lawsuits. Under the new federal law, U.S. citizens no longer have those rights.
What critics are saying • "(Can-Spam) is an abomination at the federal level," said Stanford law professor Lawrence Lessig. "It's ineffective and it's affirmatively harmful because it preempts state legislation.“ • "It authorizes every offshore casino, every Viagra peddler, every pornographer, to send you as many messages as they want unless and until you tell them, one-by-one, to stop,“ says an attorney with Silicon Valley’s powerful Wilson, Sonsini, Goodrich and Rosati.
Congressional findings? • Paragraph 12 of the Congressional findings on CAN-SPAM act: • (12) The problems associated with the rapid growth and abuse of unsolicited commercial electronic mail cannot be solved by Federal legislation alone. The development and adoption of technological approaches and the pursuit of cooperative efforts with other countries will be necessary as well.
Costs of spam • According to Congress: • The receipt of unsolicited commercial e-mail may result in costs to the recipients who cannot refuse to accept such mail and who incur costs for the storage of such mail, or for the time spent accessing, reviewing, and discarding such mail, or for both. • E-mail spam (contrasted to traditional junk mail) is unique in that the receiver paysso much more for it than the sender does.
Volume of spam • Roughly 40 percent of all e-mail traffic in the United States in the first half of 2003 was spam, up from 8 percent in late 2001, according to Brightmail Inc., a major vendor of anti-spam software. • By the end 2003, industry experts predicted, fully half of all e-mail will be unsolicited.
Spam costs corporations big time • According to Ferris Research Inc., a San Francisco consulting group, spam will cost U.S. organizations more than $10 billion this year. • This figure includes: • lost productivity • consumption of IT resources • and end-user support to deal with the problem.
Fight spam! • Traditional: • Filters (server level, and user level) • Blacklists (usually must pay for anti-spam tools which utilize and regularly update their blacklists) • Innovative: • Challenge-response technology • “No Spam at Any (CPU) Speed” (MSFT origin) • “Payment at risk” (MSFT origin) • “Trusted E-mail Open Standard” • DNS System Modification (MSFT origin)
Challenge-response Technology • If your mailbox is protected by a challenge-response system, people who try to contact you will be greeted with a response saying something like "click on this link to deliver this message" or "type in the word you see in the box above.“ • In theory, well-designed challenge-response utilities won't challenge mail from known correspondents or mail that you've actually asked to receive.
“No Spam at Any (CPU) Speed” (MSFT) • The theory behind this method is that a sender's computer must solve a cryptographic puzzle with its own processor to get its message into a recipient's in-box. • The key is that the puzzle takes about 10 seconds to solve. There are only 80,000 seconds in a day, so a computer can only send 8,000 messages in a single day.
“Payment at risk” (MSFT) • The "payment at risk" system would involve e-mail recipients setting a level of payment that would tax the sender, if its e-mail were rejected, low or high, depending on how greatly recipients were bothered by the unwanted e-mail. • The idea goes like this: If you receive an e-mail from an old school friend, and you're happy to receive it, the sender doesn't pay. If it's another offer for that annoying little blue pill, you reject it, and the spammer is forced to cough up.
“Trusted E-mail Open Standard” (TEOS) • TEOS is a new e-mail protocol that essentially builds on the SMTP. • TEOS allows for more reliable identification of the sender and includes machine-readable descriptions or "assertions" about their e-mail's content. It also establishes an encrypted, spoof-proof "trust stamp" that appears in the body of the message. • If implemented, experts recommend the formation of an international, cross-industry body to maintain this new standard.
DNS System Modification (MSFT) • The Domain Naming System is a distributed database, maintained by a number of different companies that provide domain names for Web site and e-mail addresses. • Microsoft would like to modify this system so that individuals, companies and other organizations can publish the identification numbers of their mail servers in the DNS database. • In effect, this would let an e-mail recipient compare the message's actual originating address with the address indicated in its header. A difference there could help a spam filter determine that a header is “spoofed,” increasing the likelihood that the message is spam. Such messages could easily be filtered or rejected.
Spamsux.com… • Finally, I’ll be creating a webpage for my project. There, users can find links to articles, tools, and news about spam (hopefully). • Here is the preliminary layout: • https://netfiles.uiuc.edu/harrylum/www/LIS391/Project/spamsux2.html