CSC 379 SUM2008:Week 1, Group 4

From Expertiza_Wiki
Jump to navigation Jump to search

DUE FRIDAY 11:30PM

The Effects of Spam-Countermeasures

Fighting against spam is difficult when its countermeasures come at a cost as well. E-mail is not just storage; resources must be devoted to its processing, and the cost of efforts from virus scans of content to filtering all can be significant. Aggressive countermeasures have a negative impact on productivity, when the number of “false positives” is too great (legitimate emails incorrectly filed as spam). Examine the breadth of countermeasures available to combat spam, providing a brief review of the ethical considerations each raise, and links to online resources that cite specific instances or effects of each.

Spam Countermeasures

Server-Side Spam Filters

As part of the ongoing battle to combat Spam, modern mail servers employ some form of Spam filtration systems, like the open source project SpamAssassin, within their routine mail-processing methods. The options available to mail-server managers are diverse and plentiful, with hundreds of commercially available products as well as a comparable number of public-license projects. As of July 2008, SourceForge lists 470+ projects related to Spam filtration and management.

Server-side filters are a first line of defense against large volumes of junk e-mails, and work very well to help reduce the amount of Spam that reaches end-users. Since junk messages are often similar and follow clearly identifiable patterns, it's relatively easy to eliminate those messages before passing them to a user's mailbox. If the filter is too restrictive (i.e. the matching is too general) then there is a risk that a legitimate message will be removed before it has a chance to reach the intended user. Server-side filters are most effective when they are more permissive, and work in conjunction with user-defined or client-side filters.

Pay-per-email

Yahoo and AOL announced their decision to allow certain organizations the options to certify their email and bypass incoming spam filters by paying up to one cent per email. The service is based on technology created by Goodmail Systems. The system allows email users to be certain that emails from banks and nonprofit organizations are background checked and legitimate. The announcement caused quite a stir as organizations claimed it was a violation of the right to free speech.

Aggressive Legal Prosecution

The CAN-SPAM Act of 2003.

Do-Not-Spam Lists

Like the federal "Do Not Call List" that became law in 2003, a Do-Not-Spam list is the idea of a list of email addresses that would be protected from spam by law. However, there is no Do-Not-Spam list because the FTC has declared that the idea would act as a list for illegal spammers to take advantage of. The FTC believes this could actually lead to an increase in spam. Some websites and organizations offer Do-Not-Spam lists that are scams to collect email addresses to spam. One legitimate Do-Not-Spam list provided by Blue Security Inc. was cracked in 2006, exposing the flaws in such a method of reducing spam.

User-Defined Spam Filters

Many popular email systems (such as gmail and ncsu's webmail) now provide "client"-side filtering of emails that are determined to be spam. These filters work by scanning emails for spam-related phrases such as "offer" or "male enhancement!!11!11!1" and quarantine emails that meet these pre-determined conditions. The obvious negative of this system is the possibility of legitimate emails being missed/trashed because they accidentally met the conditions to be considered spam. The major benefit of client-side filtering is the ability of the user to set the conditions rather than a corporate entity where censorship might come into play.

Captchas (Image Recognition Logins)

Captchas, aka the cryptic text filled images you must decode before you make an account/post on many webpages, offer an additional layer of security where spam or bots might pose a threat. The thought here is that bots will not be able to read the text where a human would have no problem, therefore eliminating the bots ability to create fake accounts or posts on servers.

Recently captcha-reading-capable bots have been created that threaten the future of captchas as a security technique.