CSC 379:Week 1, Group 3: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 44: Line 44:
<BR>
<BR>
<I>Is it Ethical?</I><BR>
<I>Is it Ethical?</I><BR>
Certainly, it would be difficult to defend the ethical nature of forcing users of an email service to employ a whitelist of approved addresses.  Whether for business or personal use, the importance of receiving mail from unknown addresses - friends with new or changed email addresses, business associates, new contacts, new clients, individuals who discovered a business via the web - is undeniable in daily life.  This approach may eliminate nearly all spam messages, with the exception of spam from individuals the recipient knows, but in the process it impacts the usability of email overall in a very severe, very negative fashion.  For many purposes, if an email address cannot receive mail from unknown addresses, it is entirely useless.  This approach essentially elevates the errors of the domain blocking approach to an entirely new level of severity.  While it may be valuable for applications such as parental controls and monitoring of children on the Internet, this approach is essentially useless for the purpose of blocking spam alone.  To force it on a user is to offer a substandard email service, which may be unethical and is certainly undesirable.  That said, however, there seems to be nothing wrong with <I>allowing</I> users to choose a whitelist option for controlling email, should they so desire.  For a particular email address with specific uses and only a few potential senders, or for an individual who does not wish to be bothered by any unsolicited email whatsoever and who doesn't mind the hassle of learning of new individuals' email addresses by another means, this is an entirely viable option.  It is hardly unethical, of course, for a user to choose to seclude themselves from all but a handful of email addresses.<BR><BR>
Certainly, it would be difficult to defend the ethical nature of forcing users of an email service to employ a whitelist of approved addresses.  Whether for business or personal use, the importance of receiving mail from unknown addresses - friends with new or changed email addresses, business associates, new contacts, new clients, individuals who discovered a business via the web - is undeniable in daily life.  This approach may eliminate nearly all spam messages, with the exception of spam from individuals the recipient knows, but in the process it impacts the usability of email overall in a very severe, very negative fashion.  For many purposes, if an email address cannot receive mail from unknown addresses, it is entirely useless.  This approach essentially elevates the errors of the domain blocking approach to an entirely new level of severity.  While it may be valuable for applications such as parental controls and monitoring of children on the Internet, this approach is essentially useless for the purpose of blocking spam alone.  To force it on a user is to offer a substandard email service, which may be unethical and is certainly undesirable.  That said, however, there seems to be nothing wrong with <I>allowing</I> users to choose a whitelist option for controlling email, should they so desire.  For a particular email address with specific uses and only a few potential senders, or for an individual who does not wish to be bothered by any unsolicited email whatsoever and who doesn't mind the hassle of learning of new individuals' email addresses by another means, this is an entirely viable option.  It is hardly unethical, of course, for a user to choose to seclude themselves from all but a handful of email addresses voluntarily.<BR><BR>
<I>Note that a combination of the above two approaches eliminates many of the problems posed by each.  The use of a CAPTCHA authentication system, along with a whitelist of addresses for which the CAPTCHA is bypassed, is a particularly good solution relative to the others discussed here.  In such a scenario, unknown email may be received, but spam is effectively blocked or made time-prohibitive.  Many of the problems with the CAPTCHA scheme are addressed, as a CAPTCHA only needs to be completed once, after which an address can be added to a user's whitelist, and unrestricted communication may continue.</I><BR><BR>
<B>Charge for Sent E-Mail</B>
<B>Charge for Sent E-Mail</B>
<I>A method which consists of levying a fee against the sender of an email for each message sent, akin to the electronic equivalent </I>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<B>Opt-In for Commercial E-Mail</B>
<B>Opt-In for Commercial E-Mail</B>

Revision as of 18:33, 6 July 2007

Spam-Blocking Techniques

Domain Blocking
A spam-blocking technique which consists of redirecting to "junk" email boxes or filtering entirely all emails from specific web domains which have been blacklisted for spamming in the past.

  • Advantages:
    • Domain-level blocking is an easy and cost-effective way to curtail large numbers of email addresses from which spam is sent. The blocking of a single domain can block an infinite number of possible addresses in that domain.
    • Blacklists used for domain-level blocking may be shared among numerous email providers, thus protecting subscribers to one service from spam sent to subscribers of any collaborating service.
    • As there is typically a fee associated with acquiring a domain, spammers using blocked domains must pay to purchase a new domain if they are blacklisted.
  • Disadvantages
    • Though purchasing domains is associated with a cost, it is typically a marginal expense and well within the budget of major spammers worldwide. Thus, blocking a domain does little to prevent a spammer from spamming from a different domain.
    • Though spam may originate from one address in a domain, blocking the entire domain may result in the blacklisting of multiple addresses of individuals or corporations which have not engaged in spam, and therefore should not have the receipt of their mail blocked.
    • When a web domain previously blacklisted changes ownership, the new owners may remain blacklisted due to the actions of the previous owners, and at no fault of their own.
    • Much spam is sent through "spoofed" email addresses in which the sending domain is misrepresented. Blocking such a domain may prevent the receipt of email from a domain which is not associated with spam.
    • Spam can be sent from "zombie" machines infected by malware which sends spam, but owned by individuals unaware that their machines are engaging in spamming. Blocking the domains of these machines would block the receipt of mail from innocent users.
    • Spam, especially spam from "zombie" machines, can come from typically reputable domains with thousands or millions of users. Blocking such domains may degrade the quality of email service provided to a service's users to an unacceptable level.

Is it Ethical?
With so many ways to accidentally block non-spamming email addresses, the ethics of domain-level blocking are questionable at best. The goal of blocking spam is to make email more productive by eliminating messages which would clearly be considered "junk" by the vast majority of users. Taking a serious chance on intercepting email from well-intentioned addresses, therefore, runs counter to the goal of making the communications more productive. Perhaps with a feature to unblock specific addresses from a domain and to receive all messages from a "junk" mailbox, this strategy would be more acceptable. In its most basic form, however, the high probability of blocking non-spamming users challenges this method's claim to validity.

Prior Approval
A spam-blocking technique in which a sender must request the permission of either a user or an email provider before mail can be received by that user or a client of that provider. This generally takes one of two forms, either the use of a CAPTCHA which a sender must pass in order for an email to be delivered, or a whitelist, controlled by a recipient, which explicitly states the only addresses from which email is received.
CAPTCHA Approach

  • Advantages:
    • Completely eliminates the ability of computer controlled spamming "bots" to send mail to an address.
    • Allows all mail from human users who can and will evaluate the CAPTCHA, thereby avoiding forcefully blocking well-intentioned human-sent mail.
    • Discourages spam sent from human sources to many addresses, as such sending would involved the evaluation of numerous CAPTCHAs
  • Disadvantages:
    • For the same reason that this method discourages spam sent from humans to many addresses, it also discourages worthwhile messages sent to many addresses.
    • Eliminates or severely hampers the user's ability to receive solicited automated emails.
    • Does not strictly eliminate spam from human sources.
    • Prevents the receipt of mail from the young, the old, the disabled, or others who may be incapable of evaluating the CAPTCHA
    • Depending on the implementation of the system, a sender may not expect to be required to complete a CAPTCHA confirmation, and may assume that his or her message has been sent when it has not.
    • Rather than eliminating the burden of wasted time and stress imposed by spam, this approach merely shifts it from the receiver to the sender, and imposes it for all emails rather than just spam.
    • Advancing technology makes designing CAPTCHAs which are one step ahead of computer readability increasingly difficult with time.

Is it Ethical?
At face value, the CAPTCHA Prior Approval method for controlling spam seems inherently more ethical than the domain blocking approach. However, this approach, too, has the potential to block solicited emails, both from automated services and from those without the ability, knowledge, expectation, or patience to fill out CAPTCHA forms. It could therefore be argued that this approach unfairly targets and limits the ability of various demographic groups, mentioned above, to send email. However, the biggest ethical challenge to the CAPTCHA approach is to ask what, exactly, it does to eliminate the burdens of spam. After all, the act of eliminating spam is hardly an end in and of itself. The point of all spam-controlling technologies is to save time, stress, and annoyance for the users of email. It could be legitimately argued that this approach, while it does cut down on the number of spam messages received by an address, itself creates the same sort of burdens which spam imposes, and thereby does little or nothing to improve the usability of email. The burden of one spam message is merely the time and effort required to read a subject line, identify a message as spam, and click the "delete" button. The CAPTCHA approach eliminates automated spam, and should be lauded for that fact. However, it isn't too far-fetched to say that more time and effort is required to evaluate and answer a CAPTCHA, sometimes multiple times, depending on a user's skill or experience with the tests, than would be required to delete, en-masse, the spam which would be received if this technique were not used at all. In essence, then, this approach merely shifts the burden of wasted time from sender to recipient, and to force such a waste of time on someone who may be busy, who may be sending an important email, is arguably just as unethical as forcing a recipient to delete messages at a time of his or her own choosing.

The Whitelist Approach

  • Advantages:
    • Allows a user complete and total control over from whom the user wishes to receive email.
    • Completely blocks all unwanted mail from addresses which are not pre-approved.
  • Disadvantages:
    • Fails to block any unsolicited or unwanted messages from pre-approved addresses.
    • Blocks all email from addresses not pre-approved, regardless of content, sender, situation, or potential benefit to the recipient.
    • Eliminates the user's ability to receive desired or solicited email from unknown addresses.


Is it Ethical?
Certainly, it would be difficult to defend the ethical nature of forcing users of an email service to employ a whitelist of approved addresses. Whether for business or personal use, the importance of receiving mail from unknown addresses - friends with new or changed email addresses, business associates, new contacts, new clients, individuals who discovered a business via the web - is undeniable in daily life. This approach may eliminate nearly all spam messages, with the exception of spam from individuals the recipient knows, but in the process it impacts the usability of email overall in a very severe, very negative fashion. For many purposes, if an email address cannot receive mail from unknown addresses, it is entirely useless. This approach essentially elevates the errors of the domain blocking approach to an entirely new level of severity. While it may be valuable for applications such as parental controls and monitoring of children on the Internet, this approach is essentially useless for the purpose of blocking spam alone. To force it on a user is to offer a substandard email service, which may be unethical and is certainly undesirable. That said, however, there seems to be nothing wrong with allowing users to choose a whitelist option for controlling email, should they so desire. For a particular email address with specific uses and only a few potential senders, or for an individual who does not wish to be bothered by any unsolicited email whatsoever and who doesn't mind the hassle of learning of new individuals' email addresses by another means, this is an entirely viable option. It is hardly unethical, of course, for a user to choose to seclude themselves from all but a handful of email addresses voluntarily.

Note that a combination of the above two approaches eliminates many of the problems posed by each. The use of a CAPTCHA authentication system, along with a whitelist of addresses for which the CAPTCHA is bypassed, is a particularly good solution relative to the others discussed here. In such a scenario, unknown email may be received, but spam is effectively blocked or made time-prohibitive. Many of the problems with the CAPTCHA scheme are addressed, as a CAPTCHA only needs to be completed once, after which an address can be added to a user's whitelist, and unrestricted communication may continue.

Charge for Sent E-Mail A method which consists of levying a fee against the sender of an email for each message sent, akin to the electronic equivalent


Opt-In for Commercial E-Mail