CSC 379:Week 1, Group 3: Difference between revisions

Spam-Blocking Techniques

Domain Blocking
A spam-blocking technique which consists of redirecting to "junk" email boxes or filtering entirely all emails from specific web domains which have been blacklisted for spamming in the past.

• Advantages:
  • Domain-level blocking is an easy and cost-effective way to curtail large numbers of email addresses from which spam is sent. The blocking of a single domain can block an infinite number of possible addresses in that domain.
  • Blacklists used for domain-level blocking may be shared among numerous email providers, thus protecting subscribers to one service from spam sent to subscribers of any collaborating service.
  • As there is typically a fee associated with acquiring a domain, spammers using blocked domains must pay to purchase a new domain if they are blacklisted.
• Disadvantages
  • Though purchasing domains is associated with a cost, it is typically a marginal expense and well within the budget of major spammers worldwide. Thus, blocking a domain does little to prevent a spammer from spamming from a different domain.
  • Though spam may originate from one address in a domain, blocking the entire domain may result in the blacklisting of multiple addresses of individuals or corporations which have not engaged in spam, and therefore should not have the receipt of their mail blocked.
  • When a web domain previously blacklisted changes ownership, the new owners may remain blacklisted due to the actions of the previous owners, and at no fault of their own.
  • Much spam is sent through "spoofed" email addresses in which the sending domain is misrepresented. Blocking such a domain may prevent the receipt of email from a domain which is not associated with spam.
  • Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users.
  • Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.
    

Is it Ethical?
With so many ways to accidentally block non-spamming email addresses, the ethics of domain-level blocking are questionable at best. The goal of blocking spam is to make email more productive by eliminating messages which would clearly be considered "junk" by the vast majority of users. Taking a serious chance on intercepting email from well-intentioned addresses, therefore, runs counter to the goal of making the communications more productive. Perhaps with a feature to unblock specific addresses from a domain and to receive all messages from a "junk" mailbox, this strategy would be more acceptable. In its most basic form, however, the high probability of blocking non-spamming users challenges this method's claim to validity.

Prior Approval
A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider. This generally takes one of two forms, either the use of a CAPTCHA which a sender must pass in order for an email to be delivered, or a whitelist, controlled by a recipient, which explicitly states the only addresses from which email is received.
CAPTCHA Approach

• Advantages:
  • Completely eliminates the ability of computer controlled spamming "bots" to send mail to an address.
  • Allows all mail from human users who can and will evaluate the CAPTCHA, thereby avoiding forcefully blocking well-intentioned human-sent mail.
  • Discourages spam sent from human sources to many addresses, as such sending would involved the evaluation of numerous CAPTCHAs
• Disadvantages:
  • For the same reason that this method discourages spam sent from humans to many addresses, it also discourages worthwhile messages sent to many addresses.
  • Eliminates or severely hampers the user's ability to receive solicited automated emails.
  • Does not strictly eliminate spam from human sources.
  • Prevents the receipt of mail from the young, the old, the disabled, or others who may be incapable of evaluating the CAPTCHA
  • Depending on the implementation of the system, a sender may not expect to be required to complete a CAPTCHA confirmation, and may assume that his or her message has been sent when it has not.
  • Rather than eliminating the burden of wasted time and stress imposed by spam, this approach merely shifts it from the receiver to the sender, and imposes it for all emails rather than just spam.
    
  • Advancing technology makes designing CAPTCHAs which are one step ahead of computer readability increasingly difficult with time.
    

Is it Ethical?
At face value, the CAPTCHA Prior Approval method for controlling spam seems inherently more ethical than the domain blocking approach. However, this approach, too, has the potential to block solicited emails, both from automated services and from those without the ability, knowledge, expectation, or patience to fill out CAPTCHA forms. It could therefore be argued that this approach unfairly targets and limits the ability of various demographic groups, mentioned above, to send email. However, the biggest ethical challenge to the CAPTCHA approach is to ask what, exactly, it does to eliminate the burdens of spam. After all, the act of eliminating spam is hardly an end in and of itself. The point of all spam-controlling technologies is to save time, stress, and annoyance for the users of email. It could be legitimately argued that this approach, while it does cut down on the number of spam messages received by an address, itself creates the same sort of burdens which spam imposes, and thereby does little or nothing to improve the usability of email. The burden of one spam message is merely the time and effort required to read a subject line, identify a message as spam, and click the "delete" button. The CAPTCHA approach eliminates automated spam, and should be lauded for that fact. However, it isn't too far-fetched to say that more time and effort is required to evaluate and answer a CAPTCHA, sometimes multiple times, depending on a user's skill or experience with the tests, than would be required to delete, en-masse, the spam which would be received if this technique were not used at all. In essence, then, this approach merely shifts the burden of wasted time from sender to recipient, and to force such a waste of time on someone who may be busy, who may be sending an important email, is arguably just as unethical as forcing a recipient to delete messages at a time of his or her own choosing.

The Whitelist Approach

• Advantages:
  • Allows a user complete and total control over from whom the user wishes to receive email.
  • Completely blocks all unwanted mail from addresses which are not pre-approved.
• Disadvantages:
  • Fails to block any unsolicited or unwanted messages from pre-approved addresses.
  • Blocks all email from addresses not pre-approved, regardless of content, sender, situation, or potential benefit to the recipient.
  • Eliminates the user's ability to receive desired or solicited email from unknown addresses.

Is it Ethical?
Certainly, it would be difficult to defend the ethical nature of forcing users of an email service to employ a whitelist of approved addresses. Whether for business or personal use, the importance of receiving mail from unknown addresses - friends with new or changed email addresses, business associates, new contacts, new clients, individuals who discovered a business via the web - is undeniable in daily life. This approach may eliminate nearly all spam messages, with the exception of spam from individuals the recipient knows, but in the process it impacts the usability of email overall in a very severe, very negative fashion. For many purposes, if an email address cannot receive mail from unknown addresses, it is entirely useless. This approach essentially elevates the errors of the domain blocking approach to an entirely new level of severity. While it may be valuable for applications such as parental controls and monitoring of children on the Internet, this approach is essentially useless for the purpose of blocking spam alone. To force it on a user is to offer a substandard email service, which may be unethical and is certainly undesirable. That said, however, there seems to be nothing wrong with allowing users to choose a whitelist option for controlling email, should they so desire. For a particular email address with specific uses and only a few potential senders, or for an individual who does not wish to be bothered by any unsolicited email whatsoever and who doesn't mind the hassle of learning of new individuals' email addresses by another means, this is an entirely viable option. It is hardly unethical, of course, for a user to choose to seclude themselves from all but a handful of email addresses voluntarily.

Note that a combination of the above two approaches eliminates many of the problems posed by each. The use of a CAPTCHA authentication system, along with a whitelist of addresses for which the CAPTCHA is bypassed, is a particularly good solution relative to the others discussed here. In such a scenario, unknown email may be received, but spam is effectively blocked or made time-prohibitive. Many of the problems with the CAPTCHA scheme are addressed, as a CAPTCHA only needs to be completed once, after which an address can be added to a user's whitelist, and unrestricted communication may continue.

Charge for Sent E-Mail
A method which consists of levying a fee against the sender of an email for each message sent, akin to the electronic equivalent of a postage stamp

• Advantages:
  • Eliminates the positive revenue of sending spam messages, making their sending an undesirable business practice.
  • Provides revenue ostensibly for the upkeep and improvement of email networks
• Disadvantages:
  • Could make mass emails cost-prohibitive for individuals who need to send out large numbers of messages, or for non-profit organizations.
  • Users who already pay between ten and fifty dollars each month for internet service are likely to react poorly to being told that they have to pay more for emails.
  • Raises the cost of internet access in general, making it less affordable to lower-income individuals.
  • Logistically, imposing a fee on such a global medium as email would prove difficult if not impossible.
  • Distribution, use, and escalation of the fee would probably become an issue in time.
    

Is it Ethical?
The ethical nature of imposing a fee for emails is hardly a cut-and-dry question. There does not seem to be anything unethical about charging a reasonable price for a service rendered, and using the revenue from that fee in a responsible manner. However, many would say that it is unethical to charge an exorbitant or excessive fee, or to use the revenue generated by such a fee for irresponsible purposes. Some would argue that current Internet Service Provider charges are already excessive, and that adding a fee for email would only exacerbate an already prevalent problem. One essential question comes down to whether the fee for sent emails is to be used specifically to discourage spam, or whether internet providers might come to rely upon it as another stream of revenue, and as such, seek to maximize the profits they could gain from the fee by consistently raising the price of sending an email. Clearly, the ethics of one use of the fee are an entirely different matter than the ethics of the other. Also, with email being such a pervasive and worldwide phenomenon as it is, the logistics of ethically levying the fee across national boundaries, in various currencies, and in areas where corruption of public office runs rife, becomes a serious issue. It goes without being said that no first-world organization would like to propose a global fee structure which, in another part of the world, might help to finance corrupt leaders, oppressive and inhumane public policies, or terrorism. Thus, the question to whom, ultimately, the revenue of the fee is to be distributed must also be addressed. Also, it would be undesirable for respectable nonprofit organizations to be effectively banned from using mass emails through an inability to afford the necessary postage cost. However, provided that all of these issues could be settled satisfactorily, that there could be exceptions, as with United States postage, for nonprofit organizations, that the revenues were used ethically and fairly, and that the fee was nominal at most, charging a fee for emails sent does seem to be, when properly handled, an ethical proposal.

Opt-In for Commercial E-Mail
A technique in which all commercial senders of email would require for a user to take action to choose to have commercial email sent to their address before they would receive any such mailings.

• Advantages:
  • Eliminates all unsolicited commercial emails.
  • Allows the user to receive any commercial emails which he or she may choose.
  • Does not limit messages sent for personal or nonprofit use.
• Disadvantages
  • Disallows any potentially desirable commercial emails of which the user is not aware.
  • Requires that companies use other, typically more expensive media to initially contact potential customers.

Is it Ethical?
Opt-in commercial mailings eliminate all commercial emails not specifically solicited, and, contrary to all above approaches, do nothing to limit or discourage personal or nonprofit use of email in the process. Perhaps it could be argued that requiring all commercial emails to be opt-in would impose somewhat of a burden on companies, but with the availability of other forms of advertising, especially Internet advertising, this would be a marginal burden at worst, and a small price to pay for the near-total elimination of spam. While there are still some minor issues with this solution, such as the possibility that users might occasionally get a spam message that they end up putting to good use, these such concerns are not exactly ethical in nature, and, all in all, the solution of requiring opt-in lists for commercial emails seems like an ethical way to address the problem of spam.