CSC 379 SUM2008:Week 1, Group 4: Difference between revisions
(17 intermediate revisions by 2 users not shown) | |||
Line 5: | Line 5: | ||
==Spam Countermeasures== | ==Spam Countermeasures== | ||
===Server-Side Spam Filters=== | ===Server-Side Spam Filters=== | ||
As part of the ongoing battle to combat Spam, modern mail servers employ some form of Spam filtration systems, like the open source project [http://spamassassin.apache.org/index.html SpamAssassin], within their routine mail-processing methods. The options available to mail-server managers are diverse and plentiful, with hundreds of commercially available products as well as a comparable number of public-license projects. As of July 2008, [http://sourceforge.net SourceForge] lists 470+ projects related to Spam filtration and management. | As part of the ongoing battle to combat Spam, modern mail servers employ some form of Spam filtration systems, like the open source project [http://spamassassin.apache.org/index.html SpamAssassin], within their routine mail-processing methods. The options available to mail-server managers are diverse and plentiful, with hundreds of commercially available products as well as a comparable number of public-license projects. As of July 2008, [http://sourceforge.net SourceForge] lists 470+ projects related to Spam filtration and management. | ||
Server-side filters are a first line of defense against large volumes of junk e-mails, and work very well to help reduce the amount of Spam that reaches end-users. Since junk messages are often similar and follow clearly identifiable patterns, it's relatively easy to eliminate those messages before passing them to a user's mailbox. If the filter is too restrictive (i.e. the matching is too general, causing [http://wiki.apache.org/spamassassin/FalsePositives false positives]) then there is a risk that a legitimate message will be removed before it has a chance to reach the intended user. Server-side filters are most effective when they are more permissive, and work in conjunction with user-defined or client-side filters. | Server-side filters are a first line of defense against large volumes of junk e-mails, and work very well to help reduce the amount of Spam that reaches end-users. Since junk messages are often similar and follow clearly identifiable patterns, it's relatively easy to eliminate those messages before passing them to a user's mailbox. If the filter is too restrictive (i.e. the matching is too general, causing [http://wiki.apache.org/spamassassin/FalsePositives false positives]) then there is a risk that a legitimate message will be removed before it has a chance to reach the intended user. Server-side filters are most effective when they are more permissive, and work in conjunction with user-defined or client-side filters. Service Providers and mail-system administrators must make the difficult decision whether or not to employ such methods, and if so, how to configure the filters (Mullet, 286). | ||
===Client-Side Spam Filters=== | |||
Some commercial products, like [http://usa.kaspersky.com/products_services/internet-security.php Kaspersky Internet Security], can be installed on a user's local machine, where it actively scans incoming mail messages for virus-laden attachments and assesses the probability that a given message qualifies as Spam. This sort of Spam counter-measure is a cross-breed between user-defined filters and server-side filters because it resides locally on a user's machine, but the filters are chiefly controlled/configured by the software vendor. In this type of setup, the user has final authority over whether a message is indeed Spam because the messages are not prevented from reaching the user, but are instead sorted and collected whereupon they may be reviewed later, if the user chooses to do so. | |||
===User-Defined Spam Filters=== | |||
Many popular email systems (such as gmail and ncsu's webmail) now provide "client"-side filtering of emails that are determined to be spam. These filters work by scanning emails for spam-related phrases such as "offer" or "male enhancement!!11!11!1" and quarantine emails that meet these pre-determined conditions. The obvious negative of this system is the possibility of legitimate emails being missed/trashed because they accidentally met the conditions to be considered spam. The major benefit of client-side filtering is the ability of the user to set the conditions rather than a corporate entity where censorship might come into play. | |||
===Pay-per-email=== | ===Pay-per-email=== | ||
*[http://en.wikipedia.org/wiki/Captcha] Wikipedia | |||
Yahoo and AOL announced their decision to allow certain organizations the options to certify their email and bypass incoming spam filters by paying up to one cent per email. The service is based on technology created by [http://www.technewsworld.com/story/49803.html?welcome=1216228873 Goodmail Systems]. The system allows email users to be certain that emails from banks and nonprofit organizations are background checked and legitimate. The announcement caused quite a stir as organizations claimed it was a violation of the right to free speech. One argument against the implementation of this system is that it would create a "two-tier Internet" divided between large commercial mass-emailers that could afford to pay the fees and other users, with potentially more legitimate purpose that would struggle with the fees. [http://www.technewsworld.com/story/49803.html?welcome=1216228873] | |||
===Legal Intervention=== | |||
Although civil litigation and criminal prosecution has risen since the adoption of the [http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003 CAN-SPAM Act of 2003], the overall effects of the American anti-spam law on Spam message volume have been negligible [http://www.wired.com/techbiz/media/news/2004/01/62020]. | |||
Although civil litigation and criminal prosecution has risen since the adoption of the [http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003 CAN-SPAM Act of 2003], the overall effects of the American anti-spam law on Spam message volume have been negligible [http://www.wired.com/techbiz/media/news/2004/01/62020 | |||
===Do-Not-Spam Lists=== | ===Do-Not-Spam Lists=== | ||
Line 21: | Line 31: | ||
Like the federal "Do Not Call List" that became law in 2003, a Do-Not-Spam list is the idea of a list of email addresses that would be protected from spam by law. However, there is no Do-Not-Spam list because the FTC has declared that the idea would act as a list for illegal spammers to take advantage of. The FTC believes this could actually lead to an increase in spam. Some websites and organizations offer Do-Not-Spam lists that are scams to collect email addresses to spam. One legitimate Do-Not-Spam list provided by Blue Security Inc. was cracked in 2006, exposing the flaws in such a method of reducing spam. | Like the federal "Do Not Call List" that became law in 2003, a Do-Not-Spam list is the idea of a list of email addresses that would be protected from spam by law. However, there is no Do-Not-Spam list because the FTC has declared that the idea would act as a list for illegal spammers to take advantage of. The FTC believes this could actually lead to an increase in spam. Some websites and organizations offer Do-Not-Spam lists that are scams to collect email addresses to spam. One legitimate Do-Not-Spam list provided by Blue Security Inc. was cracked in 2006, exposing the flaws in such a method of reducing spam. | ||
===Captchas (Image Recognition Logins)=== | ===Captchas (Image Recognition Logins)=== | ||
Captchas, aka the cryptic text filled images you must decode before you make an account/post on many webpages, offer an additional layer of security where spam or bots might pose a threat. The thought here is that bots will not be able to read the text where a human would have no problem, therefore eliminating the bots ability to create fake accounts or posts on servers. | Captchas, aka the cryptic text filled images you must decode before you make an account/post on many webpages, offer an additional layer of security where spam or bots might pose a threat. The thought here is that bots will not be able to read the text where a human would have no problem, therefore eliminating the bots ability to create fake accounts or posts on servers. | ||
Recently captcha-reading-capable bots have been created that threaten the future of captchas as a security technique. | Recently captcha-reading-capable bots have been created that threaten the future of captchas as a security technique. | ||
For more information on captchas visit this wiki link: [http://en.wikipedia.org/wiki/Captcha] | |||
==Links & Sources== | |||
*[http://www.technewsworld.com/story/49803.html?welcome=1216228873 1] Spamalot Revisited: Goodmail Trapped in Bad Debate. TechNewsWorld. Apr 7, 2006. | |||
*[http://www.wired.com/techbiz/media/news/2004/01/62020 2] With This Law, You Can Spam. Wired. Jan 23, 2004. http://www.wired.com/techbiz/media/news/2004/01/62020 | |||
*[http://en.wikipedia.org/wiki/Captcha 3] Wikipedia | |||
*[http://www.google.com 4] Mullet, Diana & Kevin Mullet. Managing IMAP: Help for E-mail Administrators. O'Reilly, 2000. p286-287. |
Latest revision as of 19:41, 16 July 2008
DUE FRIDAY 11:30PM
The Effects of Spam-Countermeasures
Fighting against spam is difficult when its countermeasures come at a cost as well. E-mail is not just storage; resources must be devoted to its processing, and the cost of efforts from virus scans of content to filtering all can be significant. Aggressive countermeasures have a negative impact on productivity, when the number of “false positives” is too great (legitimate emails incorrectly filed as spam). Examine the breadth of countermeasures available to combat spam, providing a brief review of the ethical considerations each raise, and links to online resources that cite specific instances or effects of each.
Spam Countermeasures
Server-Side Spam Filters
As part of the ongoing battle to combat Spam, modern mail servers employ some form of Spam filtration systems, like the open source project SpamAssassin, within their routine mail-processing methods. The options available to mail-server managers are diverse and plentiful, with hundreds of commercially available products as well as a comparable number of public-license projects. As of July 2008, SourceForge lists 470+ projects related to Spam filtration and management.
Server-side filters are a first line of defense against large volumes of junk e-mails, and work very well to help reduce the amount of Spam that reaches end-users. Since junk messages are often similar and follow clearly identifiable patterns, it's relatively easy to eliminate those messages before passing them to a user's mailbox. If the filter is too restrictive (i.e. the matching is too general, causing false positives) then there is a risk that a legitimate message will be removed before it has a chance to reach the intended user. Server-side filters are most effective when they are more permissive, and work in conjunction with user-defined or client-side filters. Service Providers and mail-system administrators must make the difficult decision whether or not to employ such methods, and if so, how to configure the filters (Mullet, 286).
Client-Side Spam Filters
Some commercial products, like Kaspersky Internet Security, can be installed on a user's local machine, where it actively scans incoming mail messages for virus-laden attachments and assesses the probability that a given message qualifies as Spam. This sort of Spam counter-measure is a cross-breed between user-defined filters and server-side filters because it resides locally on a user's machine, but the filters are chiefly controlled/configured by the software vendor. In this type of setup, the user has final authority over whether a message is indeed Spam because the messages are not prevented from reaching the user, but are instead sorted and collected whereupon they may be reviewed later, if the user chooses to do so.
User-Defined Spam Filters
Many popular email systems (such as gmail and ncsu's webmail) now provide "client"-side filtering of emails that are determined to be spam. These filters work by scanning emails for spam-related phrases such as "offer" or "male enhancement!!11!11!1" and quarantine emails that meet these pre-determined conditions. The obvious negative of this system is the possibility of legitimate emails being missed/trashed because they accidentally met the conditions to be considered spam. The major benefit of client-side filtering is the ability of the user to set the conditions rather than a corporate entity where censorship might come into play.
Pay-per-email
- [1] Wikipedia
Yahoo and AOL announced their decision to allow certain organizations the options to certify their email and bypass incoming spam filters by paying up to one cent per email. The service is based on technology created by Goodmail Systems. The system allows email users to be certain that emails from banks and nonprofit organizations are background checked and legitimate. The announcement caused quite a stir as organizations claimed it was a violation of the right to free speech. One argument against the implementation of this system is that it would create a "two-tier Internet" divided between large commercial mass-emailers that could afford to pay the fees and other users, with potentially more legitimate purpose that would struggle with the fees. [2]
Legal Intervention
Although civil litigation and criminal prosecution has risen since the adoption of the CAN-SPAM Act of 2003, the overall effects of the American anti-spam law on Spam message volume have been negligible [3].
Do-Not-Spam Lists
Like the federal "Do Not Call List" that became law in 2003, a Do-Not-Spam list is the idea of a list of email addresses that would be protected from spam by law. However, there is no Do-Not-Spam list because the FTC has declared that the idea would act as a list for illegal spammers to take advantage of. The FTC believes this could actually lead to an increase in spam. Some websites and organizations offer Do-Not-Spam lists that are scams to collect email addresses to spam. One legitimate Do-Not-Spam list provided by Blue Security Inc. was cracked in 2006, exposing the flaws in such a method of reducing spam.
Captchas (Image Recognition Logins)
Captchas, aka the cryptic text filled images you must decode before you make an account/post on many webpages, offer an additional layer of security where spam or bots might pose a threat. The thought here is that bots will not be able to read the text where a human would have no problem, therefore eliminating the bots ability to create fake accounts or posts on servers.
Recently captcha-reading-capable bots have been created that threaten the future of captchas as a security technique.
For more information on captchas visit this wiki link: [4]
Links & Sources
- 1 Spamalot Revisited: Goodmail Trapped in Bad Debate. TechNewsWorld. Apr 7, 2006.
- 2 With This Law, You Can Spam. Wired. Jan 23, 2004. http://www.wired.com/techbiz/media/news/2004/01/62020
- 3 Wikipedia
- 4 Mullet, Diana & Kevin Mullet. Managing IMAP: Help for E-mail Administrators. O'Reilly, 2000. p286-287.