Spam, Technological Solutions and Its Current Regulations

8/8/2019 Spam, Technological Solutions and Its Current Regulations

1/16

TERM PAPER

ON

SPAM, TECHNOLOGICAL SOLUTIONS

AND ITS CURRENT REGULATIONS

By,

Mahathi chintapalli (09224)

Pratyusha borancha (09233)

Khaja rasool (09244)

Shalini (09245)Sushobitha (09250)

Sushrutha (09251)


2/16

2

Table of Contents

Introduction ............................................................................................................................................ 3

Spam ................................................................................................................................................... 3

Reason for Spamming ............................... ........................................................................................... 3

The Volume of Spam ................................................................................... ......................................... 4

The Effects of Spam ............................................................................................................................. 4

How Spam Works ................................................................................................................................ 5

Different types of Spam .............................................................................. ......................................... 6

Spam- social networking sites .............................................................................................................. 6

Facebook: ........................................................................................................................................ 6

Twitter ............................................................................................................................................. 6

Preventing Spam ...................................................................................... ............................................ 8

The Spam Solutions ................................................................................................................................. 8

NON-GOVERNMENTAL......................................................................................................................... 8

GOVERNMENTAL ............................................................................................................................... 11

CASES : .................................................................................................................................................. 14

Current Anti-Spam Legislation ............................................................................................................... 15

Conclusion ............................................................................................................................................. 16


3/16

3

Introduction:

Every day, when people open their e-mail inboxes, they find numerous messages from unknown

parties offering a range of services and products. These unwanted messages have come to be

referred to as spam. Just a few years ago, spam was considered a minor nuisance. The increasein spam over the last few years, however, has led many to focus on this problem. The scale and

the effects of the spam epidemic suggest that spam is no longer simply a nuisance but is a large

scale network problem.

Spam:

The definition of spam is neither clear nor consistent across different individuals or

organizations. We can describe spam as unwanted e-mail messages. These types of messages are

often referred to as unsolicited commercial e-mail. However, over the years there has been an

increase in unsolicited mail that is not necessarily commercial in nature. Therefore, some have

begun to refer to these types of messages as unsolicited bulk e-mail. This column will focus on

commercial spam, which makes up the majority of all unsolicited e-mail.

The problem of defining spam becomes more complex across different types of organizations.

For example, organizations with more liberal network access policies allow users to receive

personal e-mail and mailing lists; other organizations restrict users to receiving only business-

related messages and therefore describe all other messages as spam. A good approach to this

problem is to define the different categories of messages that may be deemed spam and allow

organizations or individuals to create an appropriate definition for their environment.

Reason for Spamming:

Many wonder why spam activity has increased over the last couple of years. Is it because more

people want to be nuisances to society? Spamming is not a pastime but is an actual businessprocess. Spammers are in business, and like most others in business, they have a goal of making

a profit. This fact is useful in understanding the swift growth in the use of spam. As in any other

business, spammers must perform a few essential activities in order to create a profit:


4/16

4

1. Find potential customers. For spammers, this involves obtaining a list of e-mail addresses.

There are two main methods that can be used to obtain these lists: address harvesting and list

purchasing.

2.Offer a product or service to the potential customers. This involves sending information or an

offer to the list of e-mail addresses.

3.Sell and deliver the product or service to some percentage of the potential customers.

The success of spam as a business is based on the low cost of #1 and #2, allowing a low response

rate to still lead to a profit. Sending spam can cost $0.0005 per recipient; direct mail can cost

$1.21 per recipient, or about 2,400 times more. Direct mailers usually require a response rate of

about 2 percent; spammers, on the other hand, can break even with response rates as low as

0.001 percentabout 2,000 times lower. For example, a spammer can send 500,000 messages

and still be pleased and profitable with five responses.

The Volume ofSpam

Just one year ago, spam accounted for only 10 percent of inbound e-mail traffic; today, spam

accounts for over 60 percent of inbound e-mail traffic on average.2 consequently, an average

user now has more unwanted messages than wanted ones in his or her inbox. This influx of

messages has introduced a burden not only on end-users but also on administrators and the

infrastructure.The cost of the spam problem includes lost productivity from the users who must deal with spam

messages and from the computing resources that must be used to handle these messages.

The Effects ofSpam

Individuals, or a group of users, are easily targeted by email spam.

Spam usually arises as a result of giving out your email address on an unauthorized or

unscrupulous website.

Some of the effects of Spam:

y Fills your Inbox with number of ridiculous emails.y Degrades your Internet speed to a great extent.y Steals useful information like your details on you Contact list.y Alters your search results on any search engine.


5/16

5

How Spam Works

Spam is usually not targeted to specific email addresses. Instead, the email addresses are

collected at random for the purpose of emailing promotions and other junk. Since the email

addresses are not targeted, the idea of mailing the promotions is a numbers game in the eyes of

the spammer.

Sending out spam is a really easy and inexpensive process, which is why a lot of marketers who

are lazy and want to find a get-rich-quick way to make money resort to spamming. The reality is,

it is not a quick way to make money and you face a lot of headaches in the aftermath of a spam

promotion.

Spammers use software that is specifically designed for spamming. The software has the

capability to weave its way down through the layers in the Internet to collect hundreds of

thousands of email addresses from websites, social networking groups, and any other sources

where people reveal their email addresses. The addresses are collected in a very short amount of

time. Once the addresses are collected, the spammer simply enters the sales message into the

software, creates a title, and then presses "Send." It is that easy.

Any website you have visited where you have entered your email address to receive more

information or for some other reason is fair game to spammers. This is how they get your email

address. Additionally, they can set up the software to address you by name among a host of other

sophisticated practices.Deceptive Practices of Spammers:

y Spam Blocker Escape: Spammers are masters of getting around the spam blockingsoftware. Although this software is effective in blocking spam, spammers are

learning more and more how the software works and then wording their messages

to get around the spam blocker.

y Evading the Law: In recent years spam has become against the law in some areas ofthe world. Spammers get around this by intruding on remote computers which sendout the spam for them without the knowledge of the PC owner. This way there is no

trace of the spammer's real Internet protocol address. The problem with this is the

IP address of the computer they hacked will show up on the spam message which

results in the innocent person losing their Internet service account due to spam.


6/16

6

y Cloaking: Some versions of spam software include what is called cloaking. Thesoftware will automatically cloak the spammer's Internet protocol address so the

message cannot be traced. Additionally, it will insert a bogus return email address

which is the reason it is nearly impossible to track down.

Different types ofSpam

y Phishing spam a popular and heinous type of scamy foreign bank spamy Get rich easily and quickly spamy Illicitly pirated softwarey News group and forum spam

Spam- social networking sites

Facebook:

Facebook is a fantastic tool which can be used to stay in touch with friends or even to promote

your business. If you're promoting your products on Facebook then there are a number of things

that you need to be careful of because if you're not cautious then you could end up getting

banned or having your account deleted. There are many things which can cause your account to

be blocked on Facebook. Many of these relate to spam. It's very important that you do not spam

contacts on Facebook because this would be grounds for the cancelation of your account.

If you send out too many friend requests then this will be considered a form of spam and this

could get your account deactivated. If you post on lots of peoples walls with the same messages

then this will almost certainly get you banned. If when you request friends you always copy and

paste the same message then this will also be seen as a type of spam. You should avoid poking

people for no reason because if you poke too many people then you could end up getting banned.

Twitter

Spam on Twitter has become a growing problem and with more and more individuals and

businesses using the social networking service, it is expected that spam will continue to be on the

rise. In addition, Twitter is an open application programming interface (API) and it does not


7/16

7

require a valid email address when you are creating an account which further increases the risk

of spam.

There are many different ways that spammers operate on Twitter with more methods on the

horizon as Twitter continues to grow.

Short URLs:Although businesses promote their products through a subtle approach, spammers blatantly

promote their business opportunities or scams on Twitter through the use of short URLs. Short

URLs are used frequently due to the 140 character limit on tweets so; it is impossible to tell if the

link is a scam or contains a virus, Trojan, or other type of malware.

Hijacking:Hackers can hijack Twitter accounts by breaking into the account and using it to send out spam.

Hackers usually target accounts that have an extensive list of followers so they can send out

spam. This usually includes the accounts of famous people but it can happen to any Twitter user.

One way around this is to avoid using passwords that hackers can easily guess but like

everything else, there is no guarantee.

Hash Tags on Trend TopicsTrending topics on Twitter are topics that are currently popular on Twitter. Spammers exploit the

trending topic by adding a hash tag to a popular keyword in their tweet that is related to the

trending topic. As a result, spammers increase the visibility of their tweets because they show up

more often in popular searches.

Tweet jackingTweet jacking occurs when spammers reply to tweets by replying to your @username. When

they reply or retweet the messages appear in your timeline. Often the messages contain a short

URL that replaces your URL and leads clickers to a porn site or, worse yet, a site laced with

malware.

Follower FraudThe success of your Twitter account is partially dependent upon the number of people that are

following you. As mentioned earlier, creating an account is very easy which encourages

spammers to automate the process and collect a massive amount of counterfeit followers. The


8/16

8

spammer then turns around and attempts to sell the account for a good amount of money and

repeat the process to cultivate their spam group.

Twitter provides instructions on their site on how to report spam and abuse. There are also a

number of Twitter spam applications such as TwitBlock and TwerpScan that will help you block

spam and they are free for the asking.

Preventing Spam

There are some effective measures that you can employ to stop spam entering your inbox:

y Always use an updated and trustworthy antivirus program.y Never share your email address and personal information like credit card details with an

unreliable source.

y Avoid responding to any emails that you never asked for. If you receive such email thendelete it immediately.

y Try to avoid emails with the subject need assistance or some funds , or any othercatchy titles. And never, ever forward such emails since they could be targeted to obtain

as many number of mails email addresses as possible.

y Whenever you need to forward an email to a group of people make use of the BCC fieldwhich enables you to hide the email addresses from each of the other recipients.

yNever mention your email address in newsletters or instant messenger chats.

y Switch off the reading pane in email clients such as Outlook. It can be done by View >Reading Pane Off.

The Spam Solutions

Below are some proposed solutions to the problem of unwanted junk E-mail. In many cases there

are levels of complexity.

NON-GOVERNMENTALRecipient Revolt:

At first Spam was related to with unwanted mail by recipients, in E-mail and in the physical

world. This has helped significantly to scare more legitimate companies away from using junk E-

mail, and this is good.


9/16

9

Customer Revolt:

A very small minority of Spams come from places the recipient has had contact with, such as

web sites they gave their E-mail address to or companies they have done business with.

Customers fortunately have power over companies, and revolt and anger by customers is farmore effective than anger at strangers.

Vigilante Attack:

Some have taken to more serious efforts; including methods that are illegal or which break net

"rules." Mail-bombs and denial of service attacks, sometimes against the innocent, in particular

are a bad idea.

Pattern and Bayesian Filters

Many mail tools now can filter out mail or redirect based on analysis. Some search for known

patterns or the names of known junk mailers. Such systems are not a likely long-term solution.

They can always be gotten around. It's just a war of escalation. As long as the patterns can be

found out, as they can in any product, the mailers will learn not to use them.

Domain filters :

Many mailers now refuse mail from domains that don't exist.

Blacklisting :

Blacklist filters use databases of known abusers, and also filter unknown addresses. A real-time

blacklist system is in place at some sites to block even the initial mail connection from known

abusers.

White list Filters :

Mailer programs learn all contacts of a user and let mail from those contacts through directly.

Mail from strangers is redirected to other folders or challenged. It may be discarded if it matches

certain patterns. If users respond to challenge, their mail is delivered and they are white listed.


10/16

10

Hide your address:

Many are reacting to Spam by refusing to reveal their E-mail addresses in public and sometimes

even in private, for fear of a privacy-invading deluge of Spam.

Stop relay abuse:

Blacklisting open relays is just one technique to stop this abuse. Regular social campaigns have

also helped, and all new mail software does not relay by default.

Voluntary Opt-Out lists:

Opting out means requesting to receive, no Spam. Either in a global "opt me out of everything"

list (such as the DMA maintains for paper junk mail) or by requesting those who mail you to

remove you from their list. Neither of these tends to work. Abusers are ignoring them or worse,

pretending to take requests and adding names to more lists. Opt-out is best implemented where

possible at the mail protocol (ESMTP) level, so that undesired mail is never even sent if possible.

This is most efficient.

Voluntary Tags :

Standards can be developed to tag bulk mail, providing headers or other information listing the

number of recipients of the mailing, whether the recipient requested the mail, or whether the

sender is personally known to the recipient.

Insisting on tags:

They become valuable if recipients start insisting mail they receive be tagged, and diverting

untagged mail to a low-priority folder. And of course diverting mail tagged in ways they don't

wish to receive. Such a scheme requires that Spammers be honest. There is evidence that many

would not be. However, it is possible that some laws may force them to be.


11/16

11

Digital Signature

For non-anonymous mail, a digital signature that verifies the sender has many uses. Many want

this for other purposes. Such a signature can be used for reliable white listing and black listing.

In addition, the signature can come with a digital certificate stating the sender has agreed to acertain code of E-mail ethics. Recipients might insist on such a certificate. Or the simple fact that

the sender and their ISP can be reliably identified may be enough to make people willing to give

E-mail access, with non-signed mail diverted.

E-stamps

Once a digital signature and digital-money infrastructure comes into play it is possible to

implement an E-stamp scheme. Such a system works regardless of borders, and allowsanonymous mail without abuse. However, it requires the build-up of lots of technical

infrastructure and the redesign of mail systems.

GOVERNMENTAL

The following methods involve the government, but only as an enforcer of existing contract law

or intellectual property law.

Enforce anti-fraud, theft of service, impersonation laws :

A good portion of Spams are illegal for other reasons. They make fraudulent claims. They claim

to have "remove" lists but don't. They claim to be referrals from friends but they are not. They

bombard systems, acting like a denial-of-service attack. They provide forged return addresses

that are actually the addresses of innocent third parties. Already some lawsuits in this area have

been successful. However, a significant number of Spams do not violate any laws directly, or

they could remove their illegal portion without major loss.

Trade-mark/Fraud Enforced Tags :

A tagging scheme could be enforced by placing a valid trademark on the name of the tag, and

allowing the mark to be used only by those who follow proper standards of E-mail ethics. Those

who use it against the guidelines -- by lying in their tags -- could be sued and stopped. This can

work, with difficulty, in many countries but not all. In general, mail must be authenticated as to


12/16

12

where it comes from in order to be able to sue. Truly anonymous mailers can't be sued, though

rarely can they provide a means to buy their product. It's also possible that lying on tags in order

to get mail through to people for commercial purposes may be fraudulent in some fashion, and

thus stoppable.

ISP User Contracts:

Already many ISP "terms of service" (TOS) call for E-mail codes of conduct. As this becomes

more and more common, it may provide sufficient recourse.

Today a problem exists since most ISPs, to market their services, use free trial accounts. They

can't do anything with such accounts but shut them off. Users of free trials are not easily held

accountable for violations of their TOS contract.

ISP peering contracts :

The internet works because ISPs "peer" (exchange data) with one another. ISPs may eventually

refuse to peer with ISPs that don't have anti-Spam E-mail conduct codes in their TOS. It is

unknown if this would be restraint of trade.

Open access only for agreement-bound users:

Perhaps the most suitable non-governmental scheme would involve ISPs only granting "open"

access to E-mail ports on the internet to parties who have agreed to a code of E-mail ethics. All

others, as well as anonymous mailers, would be allowed to only send mail to special relaying

servers. The relaying servers would be programmed to mail for any (except perhaps unrepentant

abusers) but would "throttle" the volume of E-mail to enough to handle the needs of non-bulk

mailers. Ie. the server would allow users on any given network or computer the ability to only

send a few messages per minute, per hour or per day.

U.S. State Regulations

Some states are drafting and passing laws to regulate junk E-mail and other E-mail, ostensibly

within the state. However, the laws are bound to (and supporters hope they will) have effects

outside the state. While similar to the issue of multiple national jurisdictions, what's different


13/16

13

here is that the U.S. Federal government may be given jurisdiction, removing it from individual

U.S. States.

Required tags

Tagging as described above could be made mandatory by law on bulk mail from strangers. To

send such bulk mail without correct tags could be a tort. Users would be responsible for filtering

their own mail based on tags, and prosecuting violators. Tagging must not relate to content, lest

it be compelled speech. Government enforced tags must be limited to entirely factual matters

about the nature of the mailing itself, not the message. Some proposed tagging laws have been

put forward. One suggests that the Subject line contain the word "advertisement." This is bad

because it talks about the content of the message, and it's technically poor. Governments might

simply provide penalties for lying with such tags.

Mandatory compliance with opt-out:

The law could compel senders of bulk E-mail to comply with an opting-out system. They could

require that "remove" lists be faithfully maintained, or that a national opt-out list be supported.

Better would be an ESMTP protocol to allow the expression of opt-out wishes, and a law

compelling senders of certain types of mail to obey. In effect an electronic "no bulk solicitors"

sign, with teeth, on the mail server. For technical reasons, because mail is often sent to a relaying

server that will not know the wishes of the final recipient, a tagging system must also be in place

so that the decision can be made further down the chain. One law proposed in California allows

sites to opt-out with a web page policy. This does not easily allow individual user choice, or a

formal way of obtaining opt-out/opt-in status.

Required identification:

Several recently proposed laws are asking for mandatory identification of the senders of

commercial E-mail. Such laws would create greater accountability for abuse, but violate the right

to communicate anonymously when parties desire it. Less restrictive are rules stating that if

identification is false, it be marked as false.


14/16

14

Banning unsolicited bulk E-mail:

Banning single E-mails based on content is probably unconstitutional in the USA. Since it is bulk

mail that is the source of the Spam problem (without computer automation of mailing to multiple

parties, the volume of junk mail is naturally limited to a tolerable level) regulation should focuson that. It is possible that restrictions on bulk mailing, as so-called "time and manner"

restrictions, might not violate the 1st amendment in the USA.

CASES :

yIn the present world political themes play a prominent role in todays online attacksbecause political leaders pay a strong appeal to wide range of audience and attackers take

advantage of situations like these. Best example that could be described here is US

president Obama. As the world counted down to the inauguration of 44th president of the

United States in November 2008, certain online spam senders used obamania as a new

way to attack. They introduced spam messages with a presidential theme. The message

delivers subject such as You must look at this, our new president has gone , Breaking

news, Obama refused to be the president of the United States of America ,Breaking

news there is no president in the USA any more. These spam emails contain a hyper

link, when these link is clicked- on it directs the user to a web page which looks similar

to the official obama Biden campaign site. The files available for download from the site

included names such as usa.exe, obamanew.exe, pdf.exe, statement.exe, barackblog.exe

and barackspeech.exe. This piece of malware was identified under the name

W32.Waledac and was capable, among other things, of harvesting sensitive information,

turning machines into a spam zombie and establishing a back door into computers that

would allow it to be remotely accessed. These threats are still continued in practice

among threat hackers today and these tricks user in to infecting them selves by displaying

messages based on current events.


15/16

15

y A convenience sample of three hundred participant volunteers was selected from a widevariety of organizations and the general public. The age group ranged from 15 to 60.Of

the participants in this survey, 71% were male and 29% were female. The ages of the

participants were as follows: 38% between 15 and 21, 32% between 21 and 31, 12%

between 31 and 39, 15% between 39 and 49 and 3% older than 49. A questioner was

distributed and 300 responses were received. And the results obtained indicated that the

large portion of spams was regarding marketing products and services. Very less people

get benefited by the spam. Most of them just read the e mail header n delete spam. Most

of the public dont know any software to combat email spam. Most of them preferred to

delete spam automatically. Most of the productivity is lacked by spam. Spam is largely

related to pornography. Parents are very much worried regarding it. More than half of the

surveyors said there should be a law to stop the email spammers.

Current Anti-Spam Legislation

USA: In December 2003, President Bush signed legislation to help fight spam email. The bill,

known as the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography

and Marketing Act of 2003), preempts many provisions of existing state anti-spam laws, except

where those laws cover fraud, deception, or other computer crimes. The Act took effect on

January 1, 2004.

India:No Anti-Spam Laws in India. CAUCE, The Coalition against Unsolicited Commercial

Email is an ad hoc, all volunteer organization, created by Netizens to advocate for a legislative

solution to the problem of SPAM. The Indian chapter of CAUCE - dedicated to nipping the spam

problem in the bud in India, before it snowballs into a crisis.


16/16

16

Conclusion;

In January 2009 when region of origin of spam was interpreted among united states

,Columbia,brazil,argentina,china,india,turkey,Russia,south korea,Taiwan. United States

consistently has been one of the largest sources of spam. 23 % of spam messages originate from

USA .Colombia and Argentina have joined the top ten region of origin for spam, while Brazil isin the second place behind the United States. Ten percent of spam originated from Brazil in the

last month. For the past few months, India and China have both retained their positions among

the top regions of origin for spam.There are several reasons behind the shift in regional spamorigin, but it is notable that investment in Internet and IT infrastructure for many countries

spawns a massive growth in Internet users. Countries such as Brazil, India and China have a

burgeoning middle class where Internet penetration is high and access to broadband is

increasing. As IT security laws and regulations also vary widely around the world, an emphasis

on security may not always be a primary concern.

Documents

Spam, Technological Solutions and Its Current Regulations