CSC 379:Week 1, Group 5: Difference between revisions
No edit summary |
No edit summary |
||
Line 54: | Line 54: | ||
The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message. | The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message. | ||
http://www.out-law.com/page-2214 | |||
http://www.spambutcher.com/art1/486278/ | [http://www.out-law.com/page-2214 European Council votes for spam opt-in and new cookie plan | OUT-LAW.COM] | ||
[http://www.spambutcher.com/art1/486278/ Opt-in Spam and the "Gotcha" Box] | |||
Line 64: | Line 66: | ||
'''Domain Authentication''' is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages. | '''Domain Authentication''' is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages. | ||
http://antispam.yahoo.com/domainkeys | |||
http://multichannelmerchant.com/webchannel/email/marketing_beyond_canspam_email/ | [http://antispam.yahoo.com/domainkeys Yahoo! Anti-Spam Resource Center - DomainKeys] | ||
[http://multichannelmerchant.com/webchannel/email/marketing_beyond_canspam_email/ Beyond Can-Spam: E-mail Authentication] | |||
Revision as of 20:21, 12 July 2007
Techniques Against Spam
Block Domains
Background A Technique to black spam that creates a blacklist of known spammers that can be used by email providers by the user. This will cause suspect spam to be sent to a spam folder or the automatic rejection of emails from blocked domains
This site contains a list of known spamming domains that can be downloaded in a text file for anti spam software
Positive
It will effectively block spam from known spamming addresses.
Negative
Legitimate domains could be blocked as a result of a computer being hijacked
Require users to request permission to send your email
Background A Technique to black spam that requires senders to request permision to send you an email. Senders not on your approved list , or white list email will be rejected or sent to a differnt folder. One example of this is the Earthlink Spam Blocker
Positive
The user should never receive spam.
Negative
Could have emails that a user might want to see that is not spam, but also not on your approved list.
Charge for e-mail sent
Background If there is a cost per email sent spammers sending out millions of spam then would not be able spam at such a high rate http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/
Positive
Spam would be cut down due to the cost
Negative
users will have to pay a cost per email sent as well
Opt in / opt out
Opt-in is a type of permission-based mailing where recipients must first give consent before becoming part of a mass mailing list. This guarantees that the sender of the advertisement, newsletter, or other mass mailing is targeting only those who want the mail. Through this process the sender can be sure that those on the mass-mailing list actually want the messages they are receiving.
Opt-out is a less stringent form of acquiring permission because recipients are not asked for consent before receiving the mailing, but are permitted to opt out of further mailings by indicating they wish to receive no further messages from the sender. The process of opting out usually takes the form of a web link embedded in an email or a specially formatted reply to the sender. While this method does not provide as much protection from unwanted messages as the opt-in approach, it eliminates future unwanted messages from the sender.
The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message.
European Council votes for spam opt-in and new cookie plan | OUT-LAW.COM
Opt-in Spam and the "Gotcha" Box
Domain authentication
Domain Authentication is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages.
Yahoo! Anti-Spam Resource Center - DomainKeys
Beyond Can-Spam: E-mail Authentication
Bounties
Bounties in a general sense are monetary rewards for either information leading to the arrest of criminals or for delivering the criminal in question to the authorities. In the case of bounties on spammers, some proposed plans would award money equal to a percentage of the penalty for the spammer. For example, information provided on a spammer who was not convicted or fined would yield no bounty, while a twenty percent (20%) bounty on a large spamming operation that was fined two million dollars would yield forty thousand(40,000) dollars.
news report of possible bonds law
The "Goodmail" approach
The Goodmail approach to spam was an idea to have spammers pay isps to ensure that their mail was delivered past spam filters. In theory this would reduce spam because only legitimate companies could pay the fee and not individual con artists. Many nonprofit groups were concerned that they would not be able to send Email because they did not have the finances to pay for goodmail services. There was also concern among customers that all mail which was not Goodmail certified would be blocked, including personal Email. There is also the risk that if isps rely on goodmail to stop spam, they will defer development on their spam blockers until they are completely ineffective.
Bonds with escrow agencies
This system requires mail senders who are not whitelisted by recipients to pay a small fee to a bond agency. If the recipient feels the mail is spam and unwanted, they can then retrieve the bond money from the agency. In effect, this means that they charge the sender for wasting their time.<ref>[1] For non-spam email, no money would change hands at all, the original bond amount would simply be returned to the sender.