CSC 379:Week 1, Group 5: Difference between revisions
No edit summary |
No edit summary |
||
(11 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
===Block Domains=== | ===Block Domains=== | ||
Blocking domains is an anti-spam technique that creates a blacklist of known spammers that can be used by email providers or by the user. When it is used, this method can cause suspected spam originated from blocked domains to be sent to a spam folder, or it can result in an automatic rejection of the emails. This is a powerful technique for blocking spam because once listed, spammers have no recourse except to find a new domain, which requires money and effort. But there is the possibility of blocking legitimate domains, either through error, the hijacking of computers on that domain for a spammer's use, or even a personal vendetta on the part of the person running the list. When relying heavily on this method one must consider the source of the list of known spamming domains, and realize the potential problems in its creation. | |||
[http://www.joewein.de/sw/blacklist.htm Spam domain blacklist (filtered by jwSpamSpy)] contains a list of known spamming domains that can be downloaded in a text file for anti spam software. | |||
[http://techdirt.com/articles/20060403/134222.shtml Techdirt: Verizon Discovers The Cost Of Being Too Aggressive In Blocking Spam] | |||
[http://www.fadden.com/techmisc/asian-spam.htm Blocking Asian Spam] | |||
===Require users to request permission to send your email=== | ===Require users to request permission to send your email=== | ||
This is a technique to block spam that requires senders to request permission to send an email. Senders not on the approved list or on a white list will be rejected or redirected to a different folder. One example of this is the [http://www.earthlink.net/software/free/spamblocker/ Earthlink Spam Blocker]. This method ensures that the user never receives spam, but at a heavy cost to both the sender and the receiver of any legitimate messages. If a legitimate message from a sender not on the pre-approved list is blocked or redirected to a spam folder it could present a major problem. Furthermore, it requires more effort on the part of both the sender and receiver to ensure legitimate messages go through correctly. | |||
===Charge for e-mail sent=== | ===Charge for e-mail sent=== | ||
If there is a cost associated with email spammers sending out millions of spam then would not be able to spam at such a high rate. Therefore, some have proposed the idea of a charge per email sent, like a stamp. Spam would be cut down due to the cost, as the technique of spamming potential email address would no longer be profitable. However, home users and other legitimate senders would also have to pay a cost per email, and many would resist this because of the popular idea that email should be free. Furthermore, the creation of a corporation, agency or department to manage revenue from email messages would be contentious and difficult. | |||
[http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/ CNN.com Gates: Buy stamps to send e-mail] | |||
===Opt in / opt out=== | |||
'''Opt-in''' is a type of permission-based mailing where recipients must first give consent before becoming part of a mass mailing list. This guarantees that the sender of the advertisement, newsletter, or other mass mailing is targeting only those who want the mail. Through this process the sender can be sure that those on the mass-mailing list actually want the messages they are receiving, and it is therefore the most ethical means of mass-mailing. However, any opt-in form should have the default setting of not opting in; forms with the opt-in choice as the default often do so in an attempt to catch people who fill out the form quickly or carelessly. | |||
'''Opt-out''' is a less stringent form of acquiring permission because recipients are not asked for consent before receiving the mailing, but are permitted to opt out of further mailings by indicating they wish to receive no further messages from the sender. The process of opting out usually takes the form of a web link embedded in an email or a specially formatted reply to the sender. While this method does not provide as much protection from unwanted messages as the opt-in approach, it eliminates future unwanted messages from the sender. However, many spammers include a fake opt-out link in their mailings. Instead of removing a person from the mailing list, the link instead puts them on a list of known good email addresses. This misuse of the opt-out method is highly unethical and may cause many people to become wary of the opt-out approach. | |||
The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message. | |||
[http://www.out-law.com/page-2214 European Council votes for spam opt-in and new cookie plan | OUT-LAW.COM] | |||
[http://www.spambutcher.com/art1/486278/ Opt-in Spam and the "Gotcha" Box] | |||
http://www.spambutcher.com/art1/486278/ | |||
Line 64: | Line 49: | ||
'''Domain Authentication''' is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages. | '''Domain Authentication''' is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages. | ||
http://antispam.yahoo.com/domainkeys | |||
http://multichannelmerchant.com/webchannel/email/marketing_beyond_canspam_email/ | [http://antispam.yahoo.com/domainkeys Yahoo! Anti-Spam Resource Center - DomainKeys] | ||
[http://multichannelmerchant.com/webchannel/email/marketing_beyond_canspam_email/ Beyond Can-Spam: E-mail Authentication] | |||
Line 73: | Line 60: | ||
[http://www.msnbc.msn.com/id/5326107/%20 | [http://www.msnbc.msn.com/id/5326107/%20 FTC Mulls Bounty System to Fight Spam - Security - MSNBC.com] | ||
===The "Goodmail" approach=== | ===The "Goodmail" approach=== | ||
Line 79: | Line 67: | ||
The '''Goodmail''' approach to spam was an idea to have spammers pay isps to ensure that their mail was delivered past spam filters. In theory this would reduce spam because only legitimate companies could pay the fee and not individual con artists. Many nonprofit groups were concerned that they would not be able to send Email because they did not have the finances to pay for goodmail services. There was also concern among customers that all mail which was not Goodmail certified would be blocked, including personal Email. There is also the risk that if isps rely on goodmail to stop spam, they will defer development on their spam blockers until they are completely ineffective. | The '''Goodmail''' approach to spam was an idea to have spammers pay isps to ensure that their mail was delivered past spam filters. In theory this would reduce spam because only legitimate companies could pay the fee and not individual con artists. Many nonprofit groups were concerned that they would not be able to send Email because they did not have the finances to pay for goodmail services. There was also concern among customers that all mail which was not Goodmail certified would be blocked, including personal Email. There is also the risk that if isps rely on goodmail to stop spam, they will defer development on their spam blockers until they are completely ineffective. | ||
[http://www.goodmailsystems.com Goodmail | |||
[http://www.goodmailsystems.com Goodmail Systems] | |||
===Bonds with escrow agencies=== | ===Bonds with escrow agencies=== | ||
Line 85: | Line 75: | ||
This system requires mail senders who are not whitelisted by recipients to pay a small fee to a bond agency. If the recipient feels the mail is spam and unwanted, they can then retrieve the bond money from the agency. In effect, this means that they charge the sender for wasting their time.<ref>[http://www.itu.int/osg/spu/spam/contributions/Spam%20economics-faq.pdf] For non-spam email, no money would change hands at all, the original bond amount would simply be returned to the sender. | This system requires mail senders who are not whitelisted by recipients to pay a small fee to a bond agency. If the recipient feels the mail is spam and unwanted, they can then retrieve the bond money from the agency. In effect, this means that they charge the sender for wasting their time.<ref>[http://www.itu.int/osg/spu/spam/contributions/Spam%20economics-faq.pdf] For non-spam email, no money would change hands at all, the original bond amount would simply be returned to the sender. | ||
[http://www.itu.int/osg/spu/spam/contributions/Spam%20economics-faq.pdf | |||
[http://www.itu.int/osg/spu/spam/contributions/Spam%20economics-faq.pdf The Spam and Attention Bond Mechanism FAQ pdf] |
Latest revision as of 23:12, 14 July 2007
Techniques Against Spam
Block Domains
Blocking domains is an anti-spam technique that creates a blacklist of known spammers that can be used by email providers or by the user. When it is used, this method can cause suspected spam originated from blocked domains to be sent to a spam folder, or it can result in an automatic rejection of the emails. This is a powerful technique for blocking spam because once listed, spammers have no recourse except to find a new domain, which requires money and effort. But there is the possibility of blocking legitimate domains, either through error, the hijacking of computers on that domain for a spammer's use, or even a personal vendetta on the part of the person running the list. When relying heavily on this method one must consider the source of the list of known spamming domains, and realize the potential problems in its creation.
Spam domain blacklist (filtered by jwSpamSpy) contains a list of known spamming domains that can be downloaded in a text file for anti spam software.
Techdirt: Verizon Discovers The Cost Of Being Too Aggressive In Blocking Spam
Require users to request permission to send your email
This is a technique to block spam that requires senders to request permission to send an email. Senders not on the approved list or on a white list will be rejected or redirected to a different folder. One example of this is the Earthlink Spam Blocker. This method ensures that the user never receives spam, but at a heavy cost to both the sender and the receiver of any legitimate messages. If a legitimate message from a sender not on the pre-approved list is blocked or redirected to a spam folder it could present a major problem. Furthermore, it requires more effort on the part of both the sender and receiver to ensure legitimate messages go through correctly.
Charge for e-mail sent
If there is a cost associated with email spammers sending out millions of spam then would not be able to spam at such a high rate. Therefore, some have proposed the idea of a charge per email sent, like a stamp. Spam would be cut down due to the cost, as the technique of spamming potential email address would no longer be profitable. However, home users and other legitimate senders would also have to pay a cost per email, and many would resist this because of the popular idea that email should be free. Furthermore, the creation of a corporation, agency or department to manage revenue from email messages would be contentious and difficult.
CNN.com Gates: Buy stamps to send e-mail
Opt in / opt out
Opt-in is a type of permission-based mailing where recipients must first give consent before becoming part of a mass mailing list. This guarantees that the sender of the advertisement, newsletter, or other mass mailing is targeting only those who want the mail. Through this process the sender can be sure that those on the mass-mailing list actually want the messages they are receiving, and it is therefore the most ethical means of mass-mailing. However, any opt-in form should have the default setting of not opting in; forms with the opt-in choice as the default often do so in an attempt to catch people who fill out the form quickly or carelessly.
Opt-out is a less stringent form of acquiring permission because recipients are not asked for consent before receiving the mailing, but are permitted to opt out of further mailings by indicating they wish to receive no further messages from the sender. The process of opting out usually takes the form of a web link embedded in an email or a specially formatted reply to the sender. While this method does not provide as much protection from unwanted messages as the opt-in approach, it eliminates future unwanted messages from the sender. However, many spammers include a fake opt-out link in their mailings. Instead of removing a person from the mailing list, the link instead puts them on a list of known good email addresses. This misuse of the opt-out method is highly unethical and may cause many people to become wary of the opt-out approach.
The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message.
European Council votes for spam opt-in and new cookie plan | OUT-LAW.COM
Opt-in Spam and the "Gotcha" Box
Domain authentication
Domain Authentication is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages.
Yahoo! Anti-Spam Resource Center - DomainKeys
Beyond Can-Spam: E-mail Authentication
Bounties
Bounties in a general sense are monetary rewards for either information leading to the arrest of criminals or for delivering the criminal in question to the authorities. In the case of bounties on spammers, some proposed plans would award money equal to a percentage of the penalty for the spammer. For example, information provided on a spammer who was not convicted or fined would yield no bounty, while a twenty percent (20%) bounty on a large spamming operation that was fined two million dollars would yield forty thousand(40,000) dollars.
FTC Mulls Bounty System to Fight Spam - Security - MSNBC.com
The "Goodmail" approach
The Goodmail approach to spam was an idea to have spammers pay isps to ensure that their mail was delivered past spam filters. In theory this would reduce spam because only legitimate companies could pay the fee and not individual con artists. Many nonprofit groups were concerned that they would not be able to send Email because they did not have the finances to pay for goodmail services. There was also concern among customers that all mail which was not Goodmail certified would be blocked, including personal Email. There is also the risk that if isps rely on goodmail to stop spam, they will defer development on their spam blockers until they are completely ineffective.
Bonds with escrow agencies
This system requires mail senders who are not whitelisted by recipients to pay a small fee to a bond agency. If the recipient feels the mail is spam and unwanted, they can then retrieve the bond money from the agency. In effect, this means that they charge the sender for wasting their time.<ref>[1] For non-spam email, no money would change hands at all, the original bond amount would simply be returned to the sender.