CSC 379:Week 1, Group 1
Techniques against spam
- Block domains or possibly top-level domans "known" to be large senders of spam.
- Slashdot discussion of top-level domain Although the link is a public forum, the readers and participants of slashdot tend to be those more familiar with computer systems. As such, many interesting perspectives are voiced, from email server administrators to the "power user." The discussion in this particular slashdot article does not resolve the issue at hand, it does however provide a better understanding of the current situation regarding spam.
- The Selective SMTP Rejection (S25R) System This study provides an overview of spam countermeasures currently used and their success rates. The author then presents his methodology of countermeasure using a system of filters based on regular expression and Postfix to a claimed "99% Block Rate" of spam. Under the S25R System, he claims one could filter something as specific as a single reverse lookup or IP address to something as broad as a top-level domain. It could be argued that this is not so much a "system" as it is more of a "HowTo" implementing regular expression (like Perl) with Postfix to filter out spam.
- HowTo: Block Incoming Mail Using MS Exchange 2000 This HowTo shows how to use the built-in filters of Microsoft Exchange 2000 to block unwanted senders. Senders can be blocked on a single basis or with the use of wild cards, block domains.
- Require users to request permission to send you e-mail (i.e. Earthlink spam blocker)
- Charge for e-mail sent
- It is believed that charging people for every e-mail sent would virtually eliminate spam all together. E-mail would become much like the postal service in which a fee is charge for every message sent, like a stamp. The idea being that bulk e-mails would be no more economical than direct mail and would eliminate e-mail as a free form of advertising. Charging to send messages makes the costs far too high for spammers to make any profit. Many people feel however that this goes against the libertarian ideas and freedom the internet was based on. Ultimately it could be a burden to ordinary citizens and companies who rely on e-mail in every day life.
- Opt-in commercial e-mail
- FTC's CAN-SPAM Act The Federal Trade Commission's page providing information on the CAN-SPAM Act for businesses. Provides an overview of the existing laws and penalties regarding spam and commercial emailers. Although the site is a federal site, the specifics are lacking. Specifically, under the "What the Law Requires," the statements are very open-ended that leaves many interpretations. For instance, "It prohibits deceptive subject lines," is very open-ended. How does one go about determining what is deceptive? What sort of metric is used? Additionally, the law specifies the use of Opt-out, but the specifics are again very open-ended. Under the "Penalties" section, it is again very vague. For example, "Relay emails through a computer or network without permission..," is somewhat too broad. How would one go about proving that someone intended to relay emails when he/she could easily say a multitude of excuses (such as "A virus used my computer as a relay," which has been known to happen before).
- Wikipedia on E-mail Marketing Provides an overview of E-mail marketing. What the advantages and disadvantages of email marketing. The CAN-SPAM Act of 2003 that authorizes a $11,000 penalty for each spam violation to each spam recipient. To help with compliance, several third-party companies are available to help with email marketing compliance. Wiki also provides an overview of Opt-in advertising. For those interested in knowing some of the spam jargon, the Wiki does provide a glossary of terms.
- The European Coalition Against Unsolicited Commercial Email The EuroCAUCE is a group of users (ranging from end-users to corporations) trying to find a solution to the spam problem. Their solution is for an Opt-in list. They provide the risks/benefit discussion of Opt-In vs Opt-Out. Additionally, their is link to resources that may be helpful to those who are tired of spam.
- Doman authentication
- Bounties
- The Federal Trade Commission has recently proposed offering a cash bounty to any citizen who helps to arrest spammers. Under the proposal the first citizen to come forward with information leading to the arrest of a spammer will receive no less than 20% of the civil penalty the FTC would eventually collect from spammers arrested due to that information. The idea is that it would be more effective if the average citizen spent the same amount of time searching for and reporting spammers as they did preventing and deleting the spam messages themselves. This would stop the problem at the root.
- The main problem with this idea is if the FTC, FBI, and ISPs can’t find and prosecute spammers how are ordinary citizens supposed to do any better. Ordinary citizens are very unlikely to catch spammers. Rather than prosecuting spammers who abuse the internet it is believed so called “bounty hunters” are more likely to attack legitimate companies guilty of some minor, unintentional breach of the complicated CAN-SPAM Act. Putting justice in the hands of the people like this could lead to an error of internet vigilantism.
- The "Goodmail" approach
- With the “Goodmail” approach ISPs would sell an electronic postage stamp to companies wishing to send out bulk e-mails to their customers. This stamp guarantees companies that their e-mail will bypass all of an e-mail’s spam filters and go straight to the main mailbox as a certified message that is legitimate and safe for the reader to open. This would help people distinguish between legitimate and fraudulent e-mail by guaranteeing who the e-mail is from and that it is not a scam or virus. Also it would reduce spam by forcing companies to only contact customers likely to respond to a message in order to keep the cost of mass e-mailing down. “Goodmail” makes it unprofitable for spammers to send out bulk e-mail to which few people respond.
- While “Goodmail” is intended to reduce bulk e-mail and provide security from phishing and scams many people feel it is just a new revenue source for ISPs and not a valid way of fighting spam. It is possible that too many marketers will be willing to pay to have their e-mails certified, resulting in large numbers of advertisements guaranteed to bypass your spam filters and go straight to your inbox. “Goodmail” is unfair to small business and non-profit organizations who can’t afford to pay for their bulk e-mails. Also “Goodmail” could cause users to view all e-mail that is not certified as unsafe. This could cause users to skip over requested e-mails because they are not certified.
- Bonds with escrow agencies