Presentation on theme: "Ã 2003 L-Soft Sweden AB Freeing the Internet from Spam: Opt-In, Filtering and Other Approaches Eric Thomas, CEO L-Soft Sweden AB www.lsoft.se IP-dagarna."— Presentation transcript:
ã 2003 L-Soft Sweden AB Freeing the Internet from Spam: Opt-In, Filtering and Other Approaches Eric Thomas, CEO L-Soft Sweden AB www.lsoft.se IP-dagarna 19 November 2003, Stockholm
ã 2003 L-Soft Sweden AB Overview History in short Today How do we clean spam from the Internet? Q&A
ã 2003 L-Soft Sweden AB The world’s first spam? Date: Tue, 28 Jun 88 12:08:00 SET From: xxxxxx To: Eric Thomas - LISTSERV -, (...) This mail is sent you by a group of researchers of the Italian National Council (C.N.R.), working at the CNUCE Institute, in order to wake up the sensitivity of people working in the scientific institutions about the extremely serious problem of the pollution in the world. As you certainly know, the hole in the ozone, the "hot-house effect", the acid rains and the toxic waste are disasters provoked by man by using the Nature as a "never-ending" resource. Everybody can verify other effects of the pollution, in the cities, in the seas, in the rivers, etc. We think that the scientific community must create an opinion movement able to force some decisions at political level. We think we are still in time to do something to save Nature with the help of everybody. (...)
ã 2003 L-Soft Sweden AB The world’s first spam? Date: 28 of June 1988 Sent to 138 network engineers + an email list with 50 more recipients The purpose was to “save the world” No relevancy for the recipients The sender was a female scientist in Italy Is spam an European invention?
ã 2003 L-Soft Sweden AB History in short 1988: The world’s first spam in Italy? 1994: “Green Card Lawyers” and “Make Money Fast” 1995: 2 million email addresses for sale; first spam filter for email 1997: 80 million email addresses for sale 2000: Nigerian scam 2001: 210 million email addresses for sale Old problem; the spammers get better and more sophisticated every year
ã 2003 L-Soft Sweden AB Today – hard facts Enormous amounts: 50 percent of email traffic is spam Enormous costs: € 2.5 billion in Europe, $ 9 billion in the US (2002) Increasing like an avalanche The trust for email and the Internet is being hollowed out Enough is enough!
ã 2003 L-Soft Sweden AB Trends Source: eMarketer Daily, Issue 206, 2003
ã 2003 L-Soft Sweden AB The challenge Without filtering we are drowning in spam With filtering we risk missing important messages Opt-in rules are new and only apply within the EU (so far) The spammers move “off-shore”
ã 2003 L-Soft Sweden AB What to do? The recipe for a cure has 4 ingredients: 1.Legislation 2.Education 3.Technical solutions 4.International cooperation
ã 2003 L-Soft Sweden AB DN, Right or Wrong? Källa: DN.se, 04.11 2003
ã 2003 L-Soft Sweden AB IDG, Web Question: Källa: IDG.se, 29.10 2003 “What is Your Opinion?”
ã 2003 L-Soft Sweden AB Legislation EU: the world’s first opt-in zone since 31 October 2003 US: “Can Spam Bill” & opt-out Japan: opt-in has given effect Australia: opt-in next step Will US be alone with opt-out?
"Combating spam has become a matter for us all and has become one of the most significant issues facing the Internet today. It is a fight over many fronts. The EU, Member States, industry and consumers all have a role to play in the fight against spam both at the national and international level. We must act before users of e-mails or SMS stop using the Internet or mobile services, or refrain from using it to the extent that they otherwise would.” Erkki Liikanen European Commissioner for Enterprise and the Information Society
ã 2003 L-Soft Sweden AB Directive 2002/58/EG (12 of July 2002) Article 13: Non-requested communication ”The use of [...] electronical mail for direct marketing may only be allowed if the subscriber in advance has given his or her consent.”
ã 2003 L-Soft Sweden AB The EU directive, article 13 – three demands 1.Opt-in i.e. consent. Exceptions: •Legal persons (B2B) •Existing customers when companies market equivalent products 2.Legible sender and sender address 3.It should be easy and free of charge to unsubscribe from future mailings Applicable since last day in October, 2003 in all states within the EU. Sweden is delayed!
ã 2003 L-Soft Sweden AB “Can Spam” Allows opt-out Forming a “Do-Not-E-mail registry” – dangerous! The spammers will: 1.Follow the law and respect the “Do-Not- Email registry” 2.Campaign for governor of California 3.Spam the “Do-Not-Email registry” and thank you for the free email addresses
ã 2003 L-Soft Sweden AB A good root password? gbush
ã 2003 L-Soft Sweden AB An uncrackable email address? firstname.lastname@example.org
ã 2003 L-Soft Sweden AB Scale of penalty for spamming Japan: •Up to two years in prison •Up to $25,000 for private persons, up to $3,500,000 for companies US: varies heavily but often very tough
ã 2003 L-Soft Sweden AB Scale of penalty for spamming Italy: •Six months to three years in prison •Up to € 90,000 Sweden: not decided •Probably no prison penalty •Lost time has to be compensated •Is the penalty cheaper than buying a stamp? 1 000 affected employees × 2 sec = 33 minutes in total = 250 SEK
ã 2003 L-Soft Sweden AB Education A very important part of the work where everyone can help/contribute: •Consumer: never buy anything if you don’t recognize the sender •Company: opt-in is the only praxis that will not hurt your reputation and trademark Unexpected need for education in Sweden This is our common responsibility!
ã 2003 L-Soft Sweden AB Technical solutions The challenge: Almost no “false positives” can be tolerated (1 in 10,000?) Today: approx. 90 percent of the spam can be filtered without risk If we succeed filtering too much the spammers will fine tune their routines
ã 2003 L-Soft Sweden AB Bad technical solutions Simple filters searching for 18, weight, FREE etc. “ADV:” Block port 25 for all clients “Challenge-Response” Black lists (too much chaos today) “Make mail cost” proposals
ã 2003 L-Soft Sweden AB Two interesting techniques Signature identification •Reliable techniques – like antivirus •Extremely low “false positive” Bayesian filters •Very effective •Self-learning •Very complex – totally unintelligible to “regular” users
ã 2003 L-Soft Sweden AB Bayesian filters Works best on individual level Subtle and hard to understand: •Kalle knows Spanish but normally he just uses Swedish and English at work •All Spanish emails are in reality spam •When a client writes in Spanish the filter has learned that “ everything written in Spanish is spam” and therefore it deletes the message!
ã 2003 L-Soft Sweden AB Future vision It will get worse before it gets better: •The laws congregate towards opt-in, with the exception of US and their strong lobbies •US stands for >90 percent of the spam; they talk a lot about spam but in reality they have other priorities •Almost everyone gets protection against spam, both in central mail servers and in the email client (Bayesian filter?) •Engineers waste more time on spam, without success
ã 2003 L-Soft Sweden AB Future vision At some point US will go from words to action In the long run they will have to go with opt-in; the EU may play an important role Spam remains but is being limited, as chain letters were in the 1980’s
ã 2003 L-Soft Sweden AB For more information About opt-in within the EU: http://www.lsoft.se/news/optin2003-eu.asp Click on “L-Soft’s comments” to download the white paper About “Can-Spam Act”: http://www.lsoft.se/news/optin2003-us.asp