1 / 10

Best Practices for End Users

Best Practices for End Users. Anti-Spam Research Group IETF 56 - San Francisco March 20, 2003 John Morris ftp://67.cdt.org/pub/ietf56-asrg-spamreport.ppt or MAYBE at http://www.ietf.org/proceedings/03mar/. 1. New Report on Spam issued Yesterday by CDT. “Why Am I Getting All This Spam?”

trevet
Download Presentation

Best Practices for End Users

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Best Practices for End Users Anti-Spam Research Group IETF 56 - San Francisco March 20, 2003 John Morris ftp://67.cdt.org/pub/ietf56-asrg-spamreport.ppt or MAYBE at http://www.ietf.org/proceedings/03mar/ 1

  2. New Report on Spam issued Yesterday by CDT • “Why Am I Getting All This Spam?” • Reports on six months of research • Generally aimed at end users • Focused on different aspect of problem • How do spammers get my e-mail address? • Available in HTML or PDF: • http:\\www.cdt.org\speech\spam\030319spamreport.shtml • http:\\www.cdt.org\speech\spam\030319spamreport.pdf

  3. Methodology • Created hundreds of single purpose e-mail addresses • Placed on Web sites, USENET, Web discussion boards, e-commerce transactions, domain registrations • Disguised some addresses: • using words: “example at domain dot com” • using HTML characters: "example@domain.com" • Removed or opted-out some addresses after two weeks • Tracked spam for 6 months • Ignored spam stemming from dictionary attacks

  4. Key Finding: Vast Majority of Spam Scraped from Web Sites

  5. Key Finding: Disguising Addresses is VERY Effective • Spam received at addresses only displayed using words: ZERO • “example at domain dot com” • Spam received at addresses only displayed using HTML characters: ZERO • "example@domain.com"

  6. Key Finding: Removing Plain Text Addresses from Web Helps

  7. Key Finding: USENET was Second Biggest Source of Spam • Vast majority of addresses scraped from USENET headers • 99+% of USENET spam from headers • Very little spam from body of message • Which newsgroup makes a difference • Postings to alt.sex.erotica > lots of spam • Postings to misc.industry.insurance > no spam

  8. Key Finding: Where Offered, Web Site Opt-Out Requests Work • All tested sites (31 diverse sites) honored opt-out requests if made at e-mail address was first provided • Most (but not all) sites promptlyhonored opt-out requests when made two weeks after e-mail address was first provided

  9. Key Finding: Web Discussion Forums are Fairly Spam Free • Almost no spam to addresses posted in Web based discussion boards, job listing sites, or auction sites. • Also, very little spam from WHOIS listing • But, none of the domains were approaching time for renewal

  10. Best Practices to Avoid Spam • Disguise any e-mail addresses that are listed on web sites • Don’t post to USENET using a live address in the header (but okay in body if disguised) • Opt out at the time you give your address to a web business (and don’t do business with sites that don’t offer opt-out options) • Use multiple or disposable e-mail addresses

More Related