290 likes | 405 Views
Freeing the Internet from Spam: Opt-In, Filtering and Other Approaches. IP-dagarna 19 November 2003, Stockholm. Eric Thomas, CEO L-Soft Sweden AB www.lsoft.se. Overview. History in short Today How do we clean spam from the Internet? Q&A. The world’s first spam?.
E N D
Freeing the Internet from Spam: Opt-In, Filtering and Other Approaches IP-dagarna 19 November 2003, Stockholm Eric Thomas, CEO L-Soft Sweden AB www.lsoft.se ã2003 L-Soft Sweden AB
Overview • History in short • Today • How do we clean spam from the Internet? • Q&A ã2003 L-Soft Sweden AB
The world’s first spam? Date: Tue, 28 Jun 88 12:08:00 SETFrom: xxxxxxTo: Eric Thomas - LISTSERV - <ERIC@CEARN>, (...) This mail is sent you by a group of researchers of the Italian National Council (C.N.R.), working at the CNUCE Institute, in order to wake up the sensitivity of people working in the scientific institutions about the extremely serious problem of the pollution in the world. As you certainly know, the hole in the ozone, the "hot-house effect", the acid rains and the toxic waste are disasters provoked by man by using the Nature as a "never-ending" resource. Everybody can verify other effects of the pollution, in the cities, in the seas, in the rivers, etc. We think that the scientific community must create an opinion movement able to force some decisions at political level. We think we are still in time to do something to save Nature with the help of everybody. (...) ã2003 L-Soft Sweden AB
The world’s first spam? • Date: 28 of June 1988 • Sent to 138 network engineers + an email list with 50 more recipients • The purpose was to “save the world” • No relevancy for the recipients • The sender was a female scientist in Italy Is spam an European invention? ã2003 L-Soft Sweden AB
History in short • 1988: The world’s first spam in Italy? • 1994: “Green Card Lawyers” and “Make Money Fast” • 1995: 2 million email addresses for sale; first spam filter for email • 1997: 80 million email addresses for sale • 2000: Nigerian scam • 2001: 210 million email addresses for sale • Old problem; the spammers get better and more sophisticated every year ã2003 L-Soft Sweden AB
Today – hard facts • Enormous amounts: 50 percent of email traffic is spam • Enormous costs: € 2.5 billion in Europe, $ 9 billion in the US (2002) • Increasing like an avalanche • The trust for email and the Internet is being hollowed out Enough is enough! ã2003 L-Soft Sweden AB
Trends Source: eMarketer Daily, Issue 206, 2003 ã2003 L-Soft Sweden AB
The challenge • Without filtering we are drowning in spam • With filtering we risk missing important messages • Opt-in rules are new and only apply within the EU (so far) • The spammers move “off-shore” ã2003 L-Soft Sweden AB
What to do? The recipe for a cure has 4 ingredients: • Legislation • Education • Technical solutions • International cooperation ã2003 L-Soft Sweden AB
DN, Right or Wrong? Källa: DN.se, 04.11 2003 ã2003 L-Soft Sweden AB
IDG, Web Question: “What is Your Opinion?” Källa: IDG.se, 29.10 2003 ã2003 L-Soft Sweden AB
Legislation • EU: the world’s first opt-in zone since 31 October 2003 • US: “Can Spam Bill” & opt-out • Japan: opt-in has given effect • Australia: opt-in next step • Will US be alone with opt-out? ã2003 L-Soft Sweden AB
"Combating spam has become a matter for us all and has become one of the most significant issues facing the Internet today. It is a fight over many fronts. The EU, Member States, industry and consumers all have a role to play in the fight against spam both at the national and international level. We must act before users of e-mails or SMS stop using the Internet or mobile services, or refrain from using it to the extent that they otherwise would.” Erkki LiikanenEuropean Commissioner for Enterprise and the Information Society
Directive 2002/58/EG (12 of July 2002) Article 13: Non-requested communication ”The use of [...] electronical mail for direct marketing may only be allowed if the subscriber in advance has given his or her consent.” ã2003 L-Soft Sweden AB
The EU directive, article 13 – three demands • Opt-in i.e. consent. Exceptions: • Legal persons (B2B) • Existing customers when companies market equivalent products • Legible sender and sender address • It should be easy and free of charge to unsubscribe from future mailings • Applicable since last day in October, 2003 in all states within the EU. Sweden is delayed! ã2003 L-Soft Sweden AB
“Can Spam” • Allows opt-out • Forming a “Do-Not-E-mail registry” – dangerous! The spammers will: • Follow the law and respect the “Do-Not-Email registry” • Campaign for governor of California • Spam the “Do-Not-Email registry” and thank you for the free email addresses ã2003 L-Soft Sweden AB
A good root password? gbush ã2003 L-Soft Sweden AB
An uncrackable email address? gbush@aol.com ã2003 L-Soft Sweden AB
Scale of penalty for spamming • Japan: • Up to two years in prison • Up to $25,000 for private persons, up to$3,500,000 for companies • US: varies heavily but often very tough ã2003 L-Soft Sweden AB
Scale of penalty for spamming • Italy: • Six months to three years in prison • Up to € 90,000 • Sweden: not decided • Probably no prison penalty • Lost time has to be compensated • Is the penalty cheaper than buying a stamp? 1 000 affected employees × 2 sec =33 minutes in total = 250 SEK ã2003 L-Soft Sweden AB
Education • A very important part of the work where everyone can help/contribute: • Consumer: never buy anything if you don’t recognize the sender • Company: opt-in is the only praxis that will not hurt your reputation and trademark • Unexpected need for education in Sweden This is our common responsibility! ã2003 L-Soft Sweden AB
Technical solutions • The challenge: Almost no “false positives” can be tolerated (1 in 10,000?) • Today: approx. 90 percent of the spam can be filtered without risk • If we succeed filtering too much the spammers will fine tune their routines ã2003 L-Soft Sweden AB
Bad technical solutions • Simple filters searching for 18, weight, FREE etc. • “ADV:” • Block port 25 for all clients • “Challenge-Response” • Black lists (too much chaos today) • “Make mail cost” proposals ã2003 L-Soft Sweden AB
Two interesting techniques • Signature identification • Reliable techniques – like antivirus • Extremely low “false positive” • Bayesian filters • Very effective • Self-learning • Very complex – totally unintelligible to “regular” users ã2003 L-Soft Sweden AB
Bayesian filters • Works best on individual level • Subtle and hard to understand: • Kalle knows Spanish but normally he just uses Swedish and English at work • All Spanish emails are in reality spam • When a client writes in Spanish the filter has learned that “everything written in Spanish is spam” and therefore it deletes the message! ã2003 L-Soft Sweden AB
Future vision • It will get worse before it gets better: • The laws congregate towards opt-in, with the exception of US and their strong lobbies • US stands for >90 percent of the spam; they talk a lot about spam but in reality they have other priorities • Almost everyone gets protection against spam, both in central mail servers and in the email client (Bayesian filter?) • Engineers waste more time on spam, without success ã2003 L-Soft Sweden AB
Future vision • At some point US will go from words to action • In the long run they will have to go with opt-in; the EU may play an important role • Spam remains but is being limited, as chain letters were in the 1980’s ã2003 L-Soft Sweden AB
For more information • About opt-in within the EU: http://www.lsoft.se/news/optin2003-eu.asp Click on “L-Soft’s comments” to download the white paper • About“Can-Spam Act”: • http://www.lsoft.se/news/optin2003-us.asp ã2003 L-Soft Sweden AB