CSC 379:Week 1, Group 3

From Expertiza_Wiki
Jump to navigation Jump to search

Spam-Blocking Techniques

Domain Blocking
A spam-blocking technique which consists of redirecting to "junk" email boxes or filtering entirely all emails from specific web domains which have been blacklisted for spamming in the past.

  • Advantages:
    • Domain-level blocking is an easy and cost-effective way to curtail large numbers of email addresses from which spam is sent. The blocking of a single domain can block an infinite number of possible addresses in that domain.
    • Blacklists used for domain-level blocking may be shared among numerous email providers, thus protecting subscribers to one service from spam sent to subscribers of any collaborating service.
    • As there is typically a fee associated with acquiring a domain, spammers using blocked domains must pay to purchase a new domain if they are blacklisted.
  • Disadvantages
    • Though purchasing domains is associated with a cost, it is typically a marginal expense and well within the budget of major spammers worldwide. Thus, blocking a domain does little to prevent a spammer from spamming from a different domain.
    • Though spam may originate from one address in a domain, blocking the entire domain may result in the blacklisting of multiple addresses of individuals or corporations which have not engaged in spam, and therefore should not have the receipt of their mail blocked.
    • When a web domain previously blacklisted changes ownership, the new owners may remain blacklisted due to the actions of the previous owners, and at no fault of their own.
    • Much spam is sent through "spoofed" email addresses in which the sending domain is misrepresented. Blocking such a domain may prevent the receipt of email from a domain which is not associated with spam.
    • Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users.
    • Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.

Is it Ethical?
With so many ways to accidentally block non-spamming email addresses, the ethics of domain-level blocking are questionable at best. The goal of blocking spam is to make email more productive by eliminating messages which would clearly be considered "junk" by the vast majority of users. Taking a serious chance on intercepting email from well-intentioned addresses, therefore, runs counter to the goal of making the communications more productive. Perhaps with a feature to unblock specific addresses from a domain and to receive all messages from a "junk" mailbox, this strategy would be more acceptable. In its most basic form, however, the high probability of blocking non-spamming users challenges this method's claim to validity.
See Also:


Prior Approval
A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider. This generally takes one of two forms, either the use of a CAPTCHA ( (C)ompletely (A)utomated (P)ublic (T)uring Test to tell (C)omputers and (H)umans (A)part) which a sender must pass in order for an email to be delivered, or a whitelist, controlled by a recipient, which explicitly states the only addresses from which email is received.
CAPTCHA Approach

  • Advantages:
    • Completely eliminates the ability of computer controlled spamming "bots" to send mail to an address.
    • Allows all mail from human users who can and will evaluate the CAPTCHA, thereby avoiding forcefully blocking well-intentioned human-sent mail.
    • Discourages spam sent from human sources to many addresses, as such sending would involved the evaluation of numerous CAPTCHAs
  • Disadvantages:
    • For the same reason that this method discourages spam sent from humans to many addresses, it also discourages worthwhile messages sent to many addresses.
    • Eliminates or severely hampers the user's ability to receive solicited automated emails.
    • Does not strictly eliminate spam from human sources.
    • Prevents the receipt of mail from the young, the old, the disabled, or others who may be incapable of evaluating the CAPTCHA
    • Depending on the implementation of the system, a sender may not expect to be required to complete a CAPTCHA confirmation, and may assume that his or her message has been sent when it has not.
    • Rather than eliminating the burden of wasted time and stress imposed by spam, this approach merely shifts it from the receiver to the sender, and imposes it for all emails rather than just spam.
    • Advancing technology makes designing CAPTCHAs which are one step ahead of computer readability increasingly difficult with time.

Is it Ethical?
At face value, the CAPTCHA Prior Approval method for controlling spam seems inherently more ethical than the domain blocking approach. However, this approach, too, has the potential to block solicited emails, both from automated services and from those without the ability, knowledge, expectation, or patience to fill out CAPTCHA forms. It could therefore be argued that this approach unfairly targets and limits the ability of various demographic groups, mentioned above, to send email. However, the biggest ethical challenge to the CAPTCHA approach is to ask what, exactly, it does to eliminate the burdens of spam. After all, the act of eliminating spam is hardly an end in and of itself. The point of all spam-controlling technologies is to save time, stress, and annoyance for the users of email. It could be legitimately argued that this approach, while it does cut down on the number of spam messages received by an address, itself creates the same sort of burdens which spam imposes, and thereby does little or nothing to improve the usability of email. The burden of one spam message is merely the time and effort required to read a subject line, identify a message as spam, and click the "delete" button. The CAPTCHA approach eliminates automated spam, and should be lauded for that fact. However, it isn't too far-fetched to say that more time and effort is required to evaluate and answer a CAPTCHA, sometimes multiple times, depending on a user's skill or experience with the tests, than would be required to delete, en-masse, the spam which would be received if this technique were not used at all. In essence, then, this approach merely shifts the burden of wasted time from recipient to sender, and to force such a waste of time on someone who may be busy, who may be sending an important email, is arguably just as unethical as forcing a recipient to delete messages at a time of his or her own choosing.
The Whitelist Approach

  • Advantages:
    • Allows a user complete and total control over from whom the user wishes to receive email.
    • Completely blocks all unwanted mail from addresses which are not pre-approved.
  • Disadvantages:
    • Fails to block any unsolicited or unwanted messages from pre-approved addresses.
    • Blocks all email from addresses not pre-approved, regardless of content, sender, situation, or potential benefit to the recipient.
    • Eliminates the user's ability to receive desired or solicited email from unknown addresses.

Is it Ethical?
Certainly, it would be difficult to defend the ethical nature of forcing users of an email service to employ a whitelist of approved addresses. Whether for business or personal use, the importance of receiving mail from unknown addresses - friends with new or changed email addresses, business associates, new contacts, new clients, individuals who discovered a business via the web - is undeniable in daily life. This approach may eliminate nearly all spam messages, with the exception of spam from individuals the recipient knows, but in the process it impacts the usability of email overall in a very severe, very negative fashion. For many purposes, if an email address cannot receive mail from unknown addresses, it is entirely useless. This approach essentially elevates the errors of the domain blocking approach to an entirely new level of severity. While it may be valuable for applications such as parental controls and monitoring of children on the Internet, this approach is essentially useless for the purpose of blocking spam alone. To force it on a user is to offer a substandard email service, which may be unethical and is certainly undesirable. That said, however, there seems to be nothing wrong with allowing users to choose a whitelist option for controlling email, should they so desire. For a particular email address with specific uses and only a few potential senders, or for an individual who does not wish to be bothered by any unsolicited email whatsoever and who doesn't mind the hassle of learning of new individuals' email addresses by another means, this is an entirely viable option. It is hardly unethical, of course, for a user to choose to seclude themselves from all but a handful of email addresses voluntarily.

Note that a combination of the above two approaches eliminates many of the problems posed by each. The use of a CAPTCHA authentication system, along with a whitelist of addresses for which the CAPTCHA is bypassed, is a particularly good solution relative to the others discussed here. In such a scenario, unknown email may be received, but spam is effectively blocked or made time-prohibitive. Many of the problems with the CAPTCHA scheme are addressed, as a CAPTCHA only needs to be completed once, after which an address can be added to a user's whitelist, and unrestricted communication may continue.
See Also:
The CAPTCHA Project
Earthlink SpamBlocker FAQ - CAPTCHA/Whitelist Approach
Article Explaining and Instructing in the Use of Whitelists

Charge for Sent E-Mail
A method which consists of levying a fee against the sender of an email for each message sent, akin to the electronic equivalent of a postage stamp

  • Advantages:
    • Eliminates the positive revenue of sending spam messages, making their sending an undesirable business practice.
    • Provides revenue ostensibly for the upkeep and improvement of email networks
  • Disadvantages:
    • Could make mass emails cost-prohibitive for individuals who need to send out large numbers of messages, or for non-profit organizations.
    • Users who already pay between ten and fifty dollars each month for internet service are likely to react poorly to being told that they have to pay more for emails.
    • Raises the cost of internet access in general, making it less affordable to lower-income individuals.
    • Logistically, imposing a fee on such a global medium as email would prove difficult if not impossible.
    • Distribution, use, and escalation of the fee would probably become an issue in time.
    • When spam is sent from zombie machines, not only is the problem of spam not solved by charging for email, but the burden of the "postage" fee for sent spam messages is borne by the unwitting owner of a controlled computer.

Is it Ethical?
The ethical nature of imposing a fee for emails is hardly a cut-and-dry question. There does not seem to be anything unethical about charging a reasonable price for a service rendered, and using the revenue from that fee in a responsible manner. However, many would say that it is unethical to charge an exorbitant or excessive fee, or to use the revenue generated by such a fee for irresponsible purposes. Some would argue that current Internet Service Provider charges are already excessive, and that adding a fee for email would only exacerbate an already prevalent problem. One essential question comes down to whether the fee for sent emails is to be used specifically to discourage spam, or whether internet providers might come to rely upon it as another stream of revenue, and as such, seek to maximize the profits they could gain from the fee by consistently raising the price of sending an email. Clearly, the ethics of one use of the fee are an entirely different matter than the ethics of the other. Also, with email being such a pervasive and worldwide phenomenon as it is, the logistics of ethically levying the fee across national boundaries, in various currencies, and in areas where corruption of public office runs rife, becomes a serious issue. It goes without being said that no first-world organization would like to propose a global fee structure which, in another part of the world, might help to finance corrupt leaders, oppressive and inhumane public policies, or terrorism. Thus, the question to whom, ultimately, the revenue of the fee is to be distributed must also be addressed. Also, it would be undesirable for respectable nonprofit organizations to be effectively banned from using mass emails through an inability to afford the necessary postage cost. Additionally, the ethics of this approach are most seriously challenged when the issue of zombied computers is considered. With computers that are hijacked, the approach of charging for email imposes a completely unjust fee on the unwitting owners of controlled machines. However, provided that all of these issues could be settled satisfactorily, that there could be exceptions, as with United States postage, for nonprofit organizations, that the revenues were used ethically and fairly, and that the fee was nominal at most, charging a fee for emails sent does seem to be, when properly handled and without the issue of zombies, an ethical proposal.
See Also:
AOL to Consider Charging for Emails
Article on a Possible Email Tax
An Email Tax Hoax Exposed

Opt-In for Commercial E-Mail
A technique in which all commercial senders of email would require for a user to take action to choose to have commercial email sent to their address before they would receive any such mailings.

  • Advantages:
    • Eliminates all unsolicited commercial emails.
    • Allows the user to receive any commercial emails which he or she may choose.
    • Does not limit messages sent for personal or nonprofit use.
  • Disadvantages
    • Disallows any potentially desirable commercial emails of which the user is not aware.
    • Requires that companies use other, typically more expensive media to initially contact potential customers.

Is it Ethical?
Opt-in commercial mailings eliminate all commercial emails not specifically solicited, and, contrary to all above approaches, do nothing to limit or discourage personal or nonprofit use of email in the process. Perhaps it could be argued that requiring all commercial emails to be opt-in would impose somewhat of a burden on companies, but with the availability of other forms of advertising, especially Internet advertising, this would be a marginal burden at worst, and a small price to pay for the near-total elimination of spam. While there are still some minor issues with this solution, such as the possibility that users might occasionally get a spam message that they end up putting to good use, these such concerns are not exactly ethical in nature, and, all in all, the solution of requiring opt-in lists for commercial emails seems like an ethical way to address the problem of spam. However, in practicality, so-called opt in selections are by set to send emails by default, making them, in fact, the much less-desirable form of an opt-out program.
See Also
Building an Opt-In Email List
Comparison of Various Opt-In / Opt-Out Programs as Related to Spam
Commentary on the Ambiguity of "Opt-In" Programs

Domain Authentication
Domain-authentication technologies are used to ensure that a sender's domain is not forged or "spoofed." (1)

  • Advantages:
    • Prevents spammers from hiding their location.
    • Allows ISPs and others to hold spammers responsible for their spam.
    • Discourages spam and other unethical e-mail.
  • Disadvantages
    • A standard way of doing domain authentication must be decided on.
    • There are several companies that have say in how to do domain authentication, making it harder to reach a concensus.

Is it Ethical?
Domain authentication would go a long way to helping ISPs and the government to hold the spammers responsible. Right now a spammer can mask their location so in essence they are sending you anonymous emails. After a standard for domain authentication is in place people will be able to see the actual person that sent the email. No more spoofing. This solution takes a little power away from the average emailer, but the ability to spoof is not an ability with any practical and ethical use.
See Also
Electronic Commerce in Canada
Domain Keys for email sender authentication
Yahoo Proposes Anti-Spam Standard For Internet

Bounties There is "a new proposal gaining momentum at the Federal Trade Commission that would award hard-cash bounties to ordinary citizens who help arrest the bane of email marketing today: spam"[1]

  • Advantages
    • The average Joe could help find the offending spammers and stop them from filling our mailboxes
    • Spammers would be more warry of sending out spam when they know that the person they are sending it to could get a nice reward for turning them in
  • Disadvantages
    • Greedy vigilanties would begin turning companies that had some technical violation.
    • Well meaning companies that fail to meat some small specification my be eaten alive by the piranas that are the general public trying to make some quick cash

Is it Ethical? I don't think allowing the general public to collect bounties on companies that have made some small technical violation is a good idea. This would greatly hinder business because every small company would have to be experts on the law just to send out a well meaning email to their customers. It might be ok hold the really big businesses to a standard like this but small businesses can't afford to have a lawyer proof-read all of their email that they send out. With the definition of spam being somewhat gray, offering a bounty for anyone who catches spammers is at best going to waste a lot of time looking into these claims.
See Also
Spam Bounties: Legitimate Email Marketers at Risk
Bounties Are Not the Answer to Spam
Laws, Bounties, International Cooperation Fighting Spam

The "Goodmail" Approach The Goodmail approach is where a company can pay a certain amount to have their emails bypass the spam filters of their customers. The idea is that if a company is willing to pay to send you an email they aren't a scam or some phishing attempt.

  • Advantages
    • If each message you send costs a fraction of a cent then the recipient is more likely to get just legitimate email.
    • If companies have to pay to send advertising email, then they might worker harder to specifically target their email.
    • Companies will also send you mail less frequently if they have to pay for it.
  • Disadvantages
    • If a company can't afford to pay the fee then they lose a formerly free mode of advertising.
    • Nonprofit Organizations would not be able to afford to pay the fee

Is it Ethical?
The Goodmail approach has very strict guidelines about which applicants they accept based on spam-complaint records. "Goodmail has rejected more than 75% of the companies that have applied for its Certified Email program, according to the company's chief executive, Richard Gingras." [2] This means that there is a company out there deciding who should and who should not be allowed to send email. This is very unethical in my opinion. They should allow the fee itself to do the talking, if a company wishes to pay the fee then they can bypass the spam filters. This will go a long way to helping ensure the email one gets is legitimate. By allowing the goodmail people to decide who is and isn't allowed to use their service is just asking for corruption.
See Also
Goodmail rejecting three quarters of applicants
Goodmail: CertifiedEmail will not reduce spam
Leading ISPs sign up for Goodmail antispam service

Escrow Bonds A concept which involves email senders to pay an amount to an escrow service, the sum of which is released back to the sender if a message is not marked by the recipient as spam, but is lost if the message is identified as spam. Variations include adding whitelists for which the escrow is bypassed, and blacklists for which the deposit is automatically lost.

  • Advantages:
    • Imposes a fee for emails which is only charged in the case of messages identified as spam.
    • Makes spam cost-prohibitive while all other emails, commercial or otherwise, remain free.
  • Disadvantages:
    • Requires the financing of third-party escrow agencies, allowing a new avenue of exploitation of the fee.
    • Necessitates an effective online micro-payment system.
    • Allows for the charging as spam of any messages marked as spam, perhaps accidentally, falsely, or maliciously, by the recipient.
    • Requires that the logistics of independent escrow agencies for all emails sent in any countries be satisfactorily addressed.

Is it Ethical?
The concept of an independent escrow system for emails does not inherently seem to pose any sort of ethical dilemma. Such a scenario appears to address many of the concerns with the email postage solution, as, in this scheme, all non-spam emails are free. However, while the concept does not pose any ethical concerns in principle, in practice, several problems arise. Mainly, financing of the escrow services could possibly lead to concerns. Multiple tiers of service, high costs, or "preferred" senders who could bypass escrow blacklists with spam could lead to corruption which would be, in all practicality, unethical.
See Also
A Spam Escrow Proposal
University of Michigan Proposal for A Spam Escrow Service
PDF Presentation on an Economic Bond Solution to Spam

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC_379:Week_1,_Group_3&oldid=1617"