CSC 379:Week 1, Group 4

From Expertiza_Wiki
Jump to navigation Jump to search

Internal Use Only

Group members: Nick Principe / naprinci@gmail.com / AIM: mahoubaka
Ken Ganong / kjganong@ncsu.edu / AIM: C4P0droid

huge paper on this subject

Example rating system
         

Spam Prevention Techniques

Comparison of Techniques

Technique Pros Cons Authors' Rating
Block domains of "known" spammers
  • Gets rid of a large amount of spam
  • Low chance of blocking legitimate email (sbl-faq)
    • Mechanism to allow legitimate sources to know they were blocked (sbl-faq)
  • Some spam still gets through, especially from new sources (put in percent from sbl/sbl-faq)
         
Require users to request permission to send you e-mail (e.g. Earthlink spam blocker)
  • Robots cannot easily send spam
  • False identity doesn't work
  • Emergency emails don't send quickly
  • Time consuming to send short notes
  • Impossible to implement correctly
         
Charge for e-mail sent
  • Forces targeted selection
  • Defeats the purpose of email
  • Where does the money go?
         
Opt-in for commercial email
  • Companies can send advertisements without sending spam
  • Users can freely restrict the influx of mail from their many online affiliations
  • Fraudulent emails have an opt-out link that sends you to an unwanted web page.
  • Only stops unwanted spam from companies that abide by this rule.
         
Domain authentication
  • Very little spam gets through
  • Lots of false positives
  • Could be very difficult for mail servers to initiate contact (certificate negotation crap (see SSH/SSL))
  • Lots of infrastructure and therefore money involved for something as simple as a mail server
  • Hard for independents/individuals to set up their own mail server
         
Bounties
  • Gets rid of big spammers with incentive
  • Possible deterrent
  • Costs government (tax-payers) money
         
The "Goodmail" approach
  • Mass emails cost money so mass spammers don't work
  • Companies can bypass the spam filter by paying money
         
Bonds with escrow agencies
  • Whitelisted email accounts don't take out a bond
  • Only spammers have to pay.
  • Lots of infrastructure and processing behind 'micro-payments'
  • Somebody has to pay for the escrow agency.
  • Users can subvert the system by collecting even when not spam.
         
Client-side filtering pro
  • Only as good as user or algorithms/heuristics at identifying spam
  • Spam emails are stopped, they are simply not read.
         

Technique Details

Block domains of "known" spammers

  • Summary point 1
  • Summary point 2
  • Link 1

Require users to request permission to send mail

Charge for email sent

Opt-in for commercial email

Bonds with escrow

This spam fighting technique works based on whitelists, blacklists, graylists, and a third party (escrow agency) separate from the email sender or receiver. A whitelisted sender simply sends email and it goes through without the escrow agency intercepting. A blacklisted sender cannot send email to the would-be receiver. The contents of the graylist is essentially everyone on neither of the other lists.

A graylisted sender opens a bond for a small amount of money (one cent) with the escrow agency in order to send email. If the receiver blacklists the sender as a result of the email, the bond is collected and the sender is charged. Thus, only spammers have to pay for their email unlike the charge-for-email approach.

The escrow agency, however, must be paid. One way of doing this is having the collected spammer money go to the escrow agency. There is a lot of processing for any type of internet payment, so the penny (or so) that is charged to the spammer may not be enough to cover the escrow agency's cost regarding. Also, non-profit groups would possibly often be blacklisted and therefore be forced to pay more than they can afford similar to the Goodmail approach. Since the email cost is mean to deter spammers, Users can subvert the system by blacklisting emails that aren't spam. For example, I could charge my professors for sending me email that they must send for class or users could charge ebay for requested notifications.