CSC 379:Week 1, Group 3: Difference between revisions
No edit summary |
No edit summary |
||
Line 13: | Line 13: | ||
**Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users. | **Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users. | ||
**Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.<BR><BR> | **Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.<BR><BR> | ||
<I>Is it Ethical?</I> <BR> | |||
With so many ways to accidentally block non-spamming email addresses, the ethics of domain-level blocking are questionable at best. The goal of blocking spam is to make email more productive by eliminating messages which would clearly be considered "junk" by the vast majority of users. Taking a serious chance on intercepting email from well-intentioned addresses, therefore, runs counter to the goal of making the communications more productive. Perhaps with a feature to unblock specific addresses from a domain and to receive all messages from a "junk" mailbox, this strategy would be more acceptable. In its most basic form, however, the high probability of blocking non-spamming users challenges this method's claim to validity.<BR><BR> | |||
<B>Prior Permission</B><BR> | <B>Prior Permission</B><BR> | ||
<I>A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider.</I> | <I>A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider. This generally takes one of two forms, either the use of a CAPTCHA which a sender must pass in order for an email to be delivered, or a whitelist, controlled by a recipient, which explicitly states the only addresses from which email is received.</I><BR> | ||
<I>CAPTCHA Approach</I> | |||
*Advantages: | |||
**Completely eliminates the ability of computer controlled spamming "bots" to send mail to an address. | |||
**Allows all mail from human users who can evaluate the CAPTCHA, thereby avoiding forcefully blocking well-intentioned human-sent mail. | |||
**Discourages spam sent from human sources to many addresses, as such sending would involved the evaluation of numerous CAPTCHAs | |||
*Disadvantages: | |||
**For the same reason that this method discourages spam sent from humans to many addresses, it also discourages worthwhile messages sent to many addresses. | |||
**Eliminates or severely hampers the user's ability to receive solicited automated emails. | |||
**Does not strictly eliminate spam from human sources. | |||
**Prevents the receipt of mail from the young, the old, the disabled, or others who may be incapable of evaluating the CAPTCHA | |||
**Depending on the implementation of the system, a sender may not expect to be required to complete a CAPTCHA confirmation, and may assume that his or her message has been sent when it has not. | |||
**Rather than eliminating the burden of wasted time and stress imposed by spam, this approach merely shifts it from the receiver to the sender, and imposes it for all emails rather than just spam. | |||
<BR> | <BR> | ||
<BR> | <BR> |
Revision as of 17:50, 6 July 2007
Spam-Blocking Techniques
Domain Blocking
A spam-blocking technique which consists of redirecting to "junk" email boxes or filtering entirely all emails from specific web domains which have been blacklisted for spamming in the past.
- Advantages:
- Domain-level blocking is an easy and cost-effective way to curtail large numbers of email addresses from which spam is sent. The blocking of a single domain can block an infinite number of possible addresses in that domain.
- Blacklists used for domain-level blocking may be shared among numerous email providers, thus protecting subscribers to one service from spam sent to subscribers of any collaborating service.
- As there is typically a fee associated with acquiring a domain, spammers using blocked domains must pay to purchase a new domain if they are blacklisted.
- Disadvantages
- Though purchasing domains is associated with a cost, it is typically a marginal expense and well within the budget of major spammers worldwide. Thus, blocking a domain does little to prevent a spammer from spamming from a different domain.
- Though spam may originate from one address in a domain, blocking the entire domain may result in the blacklisting of multiple addresses of individuals or corporations which have not engaged in spam, and therefore should not have the receipt of their mail blocked.
- When a web domain previously blacklisted changes ownership, the new owners may remain blacklisted due to the actions of the previous owners, and at no fault of their own.
- Much spam is sent through "spoofed" email addresses in which the sending domain is misrepresented. Blocking such a domain may prevent the receipt of email from a domain which is not associated with spam.
- Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users.
- Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.
Is it Ethical?
With so many ways to accidentally block non-spamming email addresses, the ethics of domain-level blocking are questionable at best. The goal of blocking spam is to make email more productive by eliminating messages which would clearly be considered "junk" by the vast majority of users. Taking a serious chance on intercepting email from well-intentioned addresses, therefore, runs counter to the goal of making the communications more productive. Perhaps with a feature to unblock specific addresses from a domain and to receive all messages from a "junk" mailbox, this strategy would be more acceptable. In its most basic form, however, the high probability of blocking non-spamming users challenges this method's claim to validity.
Prior Permission
A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider. This generally takes one of two forms, either the use of a CAPTCHA which a sender must pass in order for an email to be delivered, or a whitelist, controlled by a recipient, which explicitly states the only addresses from which email is received.
CAPTCHA Approach
- Advantages:
- Completely eliminates the ability of computer controlled spamming "bots" to send mail to an address.
- Allows all mail from human users who can evaluate the CAPTCHA, thereby avoiding forcefully blocking well-intentioned human-sent mail.
- Discourages spam sent from human sources to many addresses, as such sending would involved the evaluation of numerous CAPTCHAs
- Disadvantages:
- For the same reason that this method discourages spam sent from humans to many addresses, it also discourages worthwhile messages sent to many addresses.
- Eliminates or severely hampers the user's ability to receive solicited automated emails.
- Does not strictly eliminate spam from human sources.
- Prevents the receipt of mail from the young, the old, the disabled, or others who may be incapable of evaluating the CAPTCHA
- Depending on the implementation of the system, a sender may not expect to be required to complete a CAPTCHA confirmation, and may assume that his or her message has been sent when it has not.
- Rather than eliminating the burden of wasted time and stress imposed by spam, this approach merely shifts it from the receiver to the sender, and imposes it for all emails rather than just spam.
Charge for Sent E-Mail
Opt-In for Commercial E-Mail