CSC 379:Week 1, Group 5

From Expertiza_Wiki
Revision as of 20:24, 12 July 2007 by Lawhitlo (talk | contribs)
Jump to navigation Jump to search

Techniques Against Spam

Block Domains

Background A Technique to black spam that creates a blacklist of known spammers that can be used by email providers by the user. This will cause suspect spam to be sent to a spam folder or the automatic rejection of emails from blocked domains

This site contains a list of known spamming domains that can be downloaded in a text file for anti spam software

Positive

It will effectively block spam from known spamming addresses.

Negative

Legitimate domains could be blocked as a result of a computer being hijacked

Require users to request permission to send your email

Background A Technique to black spam that requires senders to request permision to send you an email. Senders not on your approved list , or white list email will be rejected or sent to a differnt folder. One example of this is the Earthlink Spam Blocker

Positive

The user should never receive spam.

Negative

Could have emails that a user might want to see that is not spam, but also not on your approved list.


Charge for e-mail sent

Background If there is a cost per email sent spammers sending out millions of spam then would not be able spam at such a high rate http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/

Positive

Spam would be cut down due to the cost

Negative

users will have to pay a cost per email sent as well



Opt in / opt out

Opt-in is a type of permission-based mailing where recipients must first give consent before becoming part of a mass mailing list. This guarantees that the sender of the advertisement, newsletter, or other mass mailing is targeting only those who want the mail. Through this process the sender can be sure that those on the mass-mailing list actually want the messages they are receiving.

Opt-out is a less stringent form of acquiring permission because recipients are not asked for consent before receiving the mailing, but are permitted to opt out of further mailings by indicating they wish to receive no further messages from the sender. The process of opting out usually takes the form of a web link embedded in an email or a specially formatted reply to the sender. While this method does not provide as much protection from unwanted messages as the opt-in approach, it eliminates future unwanted messages from the sender.

The European Union Privacy and Electronics Communication Directive mandates that entities wishing to contact existing customers through email or text/SMS must provide an opt-out option in their message.


European Council votes for spam opt-in and new cookie plan | OUT-LAW.COM

Opt-in Spam and the "Gotcha" Box


Domain authentication

Domain Authentication is a means of ensuring a valid sender identity in email to help prevent spam, email forgery, and fraud. There are different methods of domain authentication, such as Sender Policy Framework, Certified Server Validation, SenderID and DomainKeys, and different methods have different advantages. DomainKeys, for example, can authenticate the entire content of a message as well as the domain from which it originated, while SPF and CSV can reject a forged email before any data transfer occurs. They are all effective for authenticating a sender's domain, but it is yet to be determined which method or methods will become most popular. One problem with the domain authentication approach is the possibility of a misidentification of a legitimate message as fraud or spam. All methods of domain authentication should be designed with this possibility in mind to prevent the accidental blocking of legitimate messages.


Yahoo! Anti-Spam Resource Center - DomainKeys

Beyond Can-Spam: E-mail Authentication


Bounties

Bounties in a general sense are monetary rewards for either information leading to the arrest of criminals or for delivering the criminal in question to the authorities. In the case of bounties on spammers, some proposed plans would award money equal to a percentage of the penalty for the spammer. For example, information provided on a spammer who was not convicted or fined would yield no bounty, while a twenty percent (20%) bounty on a large spamming operation that was fined two million dollars would yield forty thousand(40,000) dollars.


FTC Mulls Bounty System to Fight Spam - Security - MSNBC.com

The "Goodmail" approach

The Goodmail approach to spam was an idea to have spammers pay isps to ensure that their mail was delivered past spam filters. In theory this would reduce spam because only legitimate companies could pay the fee and not individual con artists. Many nonprofit groups were concerned that they would not be able to send Email because they did not have the finances to pay for goodmail services. There was also concern among customers that all mail which was not Goodmail certified would be blocked, including personal Email. There is also the risk that if isps rely on goodmail to stop spam, they will defer development on their spam blockers until they are completely ineffective.

Goodmail Systems

Bonds with escrow agencies

This system requires mail senders who are not whitelisted by recipients to pay a small fee to a bond agency. If the recipient feels the mail is spam and unwanted, they can then retrieve the bond money from the agency. In effect, this means that they charge the sender for wasting their time.<ref>[1] For non-spam email, no money would change hands at all, the original bond amount would simply be returned to the sender.

The Spam and Attention Bond Mechanism FAQ pdf