Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Published byNicole Hickcox Modified over 9 years ago

Similar presentations

Presentation on theme: "Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc."— Presentation transcript:

1 Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

2 Overview of the Spam problem Spammers take advantage of the anonymity of the email system to send Unsolicited Commercial Email Spammers can avoid and ignore US laws by moving their operations overseas Consumers don’t have a mechanism to universally identify spam and opt out of it

3 Problems with Proposed Solutions Blacklisting/Whitelisting –List monitoring and maintenance –Messages can be lost –Consumers have to worry about being on or off lists –Decisions are made that affect consumers without their knowledge

4 Problems with Proposed Solutions Digital Signatures –Very difficult to implement globally –Could lead to identity theft –Process of obtaining a certificate can be cumbersome

5 Problems with Proposed Solutions Domain Name Authentication/Verification –Spam could still be routed through legitimate, overseas domains –Spam could be passed through an exploited mail server if the domain name of the spam matches the domain name of the victim’s server –Individual email activity is not tracked –Some small business consumers may be hindered

6 Problems with Proposed Solutions None of the solutions help enforce a Do Not Email Registry

7 Certified Electronic Mail System Similar to the US Post Office’s Certified Mail system Adds a code to email messages before the message leaves the network of the sender’s ISP Code is read by the receiver’s ISP Logging takes place by both ISPs

8 Certified Electronic Mail System Code is encrypted to prevent tampering or misuse Method minimizes code tampering by mail senders or recipients ISPs can mark messages without codes as “[UNTRACKABLE]” and filtered accordingly

9 Certified Electronic Mail System Using ISP’s mail server

10 Certified Electronic Mail System Using individual mail server

11 Enforcement Verification that the complainant has registered in the Do Not Email Registry The code in the spam email is used to quickly identify the sender’s source ISP The source ISP is contacted and asked to determine who sent the email in question The source ISP reviews their mail tracking and connection logs to identify the sender

12 Enforcement The sender’s identity information is reported to the government enforcement division Action is taken against the sender –Actions against the sender could include fines if the sender sent the spam in violation of the Do Not Email Registry and if the sender cannot prove the recipient opted-in to receive their messages after their date of registration on the list. –Or, if the user’s computer sent the spam without their knowledge as the result of a virus or malicious program infestation that could have been protected against, the government may opt only to issue a warning for non-habitual offenders. –The government may also want to consider levying fines against ISPs for failing to recognize unusual mail volume from non-commercial subscribers.

13 Enforcement Foreign governments, or the UN or US may may regulate foreign ISPs and handle complaints Habitual spammers can be blacklisted from being able to signup for any Internet or Email service

14 Accountability Internet Service Providers –Must maintain proper connection and mail tracking logs –Must monitor their users for heavy mail traffic (based on the type of user) and block traffic from non-business subscribers if they are suspected of either being spammers or relays for spammers –Must mitigate IP spoofing wherever possible –Must verify the identities of customers and not allow email to generate from blacklisted customers –Must comply with standards or have email marked as untraceable

15 Accountability Consumers –Must ensure the software on their systems is patched, and that they have loaded and are using current anti-virus software –Must ensure their machines do not become habitually compromised or face restricted Internet access from ISPs or warnings and possible fines from the government

16 Accountability Spammers –Entities designated as habitual spammers are blacklisted from sending email from any ISP Foreign ISPs –Foreign ISPs whose countries do not setup a similar system will have their mail also labeled as untraceable

17 Accountability Webmail providers –Webmail providers must now authenticate their users so they can identify subscribers Open Access Network Providers –Networks that allow open access (e.g. coffee shops, free hot spots, libraries, etc…) must now either verify the identity of users or block the ability of their users to send email

18 Benefits Consumers –They may opt to ignore untraceable email – without even signing up for the Do Not Email Registry Or they may whitelist specific email addresses for friends, family and associates who are on noncompliant systems –If they opt to enter the Do Not Email Registry, they now can file complaints with the authorities Government –The government will now have faster, easier and better tools for identifying spammers

Download ppt "Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc."

Similar presentations

Virtual Conference on Anti-spam Regulation and Policy Development Sharing The Singapore Experience By Low Boon Kiat Policy & Competition Development Group.

Virtual Conference on Anti-spam Regulation and Policy Development Sharing The Singapore Experience By Low Boon Kiat Policy & Competition Development Group.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Basic Communication on the Internet:

Basic Communication on the Internet:
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
563.8.2 Spam Sonia Jahid University of Illinois Fall 2007.

Spam Sonia Jahid University of Illinois Fall 2007.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Taiwan Network Information Center Spam Status & Anti-Spam Schemes in Taiwan Taiwan Network Information Center David Chen Sep 5, 2002.

Taiwan Network Information Center Spam Status & Anti-Spam Schemes in Taiwan Taiwan Network Information Center David Chen Sep 5, 2002.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
MKTG 476 SECURITY Lars Perner, Instructor 1 Internet Security  Servers  Hacking  Publicly available information  Information storage  Intrusion methods.

MKTG 476 SECURITY Lars Perner, Instructor 1 Internet Security  Servers  Hacking  Publicly available information  Information storage  Intrusion methods.

Similar presentations

Ads by Google