Presentation on theme: "Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc."— Presentation transcript:
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Overview of the Spam problem Spammers take advantage of the anonymity of the email system to send Unsolicited Commercial Email Spammers can avoid and ignore US laws by moving their operations overseas Consumers don’t have a mechanism to universally identify spam and opt out of it
Problems with Proposed Solutions Blacklisting/Whitelisting –List monitoring and maintenance –Messages can be lost –Consumers have to worry about being on or off lists –Decisions are made that affect consumers without their knowledge
Problems with Proposed Solutions Digital Signatures –Very difficult to implement globally –Could lead to identity theft –Process of obtaining a certificate can be cumbersome
Problems with Proposed Solutions Domain Name Authentication/Verification –Spam could still be routed through legitimate, overseas domains –Spam could be passed through an exploited mail server if the domain name of the spam matches the domain name of the victim’s server –Individual email activity is not tracked –Some small business consumers may be hindered
Problems with Proposed Solutions None of the solutions help enforce a Do Not Email Registry
Certified Electronic Mail System Similar to the US Post Office’s Certified Mail system Adds a code to email messages before the message leaves the network of the sender’s ISP Code is read by the receiver’s ISP Logging takes place by both ISPs
Certified Electronic Mail System Code is encrypted to prevent tampering or misuse Method minimizes code tampering by mail senders or recipients ISPs can mark messages without codes as “[UNTRACKABLE]” and filtered accordingly
Certified Electronic Mail System Using ISP’s mail server
Certified Electronic Mail System Using individual mail server
Enforcement Verification that the complainant has registered in the Do Not Email Registry The code in the spam email is used to quickly identify the sender’s source ISP The source ISP is contacted and asked to determine who sent the email in question The source ISP reviews their mail tracking and connection logs to identify the sender
Enforcement The sender’s identity information is reported to the government enforcement division Action is taken against the sender –Actions against the sender could include fines if the sender sent the spam in violation of the Do Not Email Registry and if the sender cannot prove the recipient opted-in to receive their messages after their date of registration on the list. –Or, if the user’s computer sent the spam without their knowledge as the result of a virus or malicious program infestation that could have been protected against, the government may opt only to issue a warning for non-habitual offenders. –The government may also want to consider levying fines against ISPs for failing to recognize unusual mail volume from non-commercial subscribers.
Enforcement Foreign governments, or the UN or US may may regulate foreign ISPs and handle complaints Habitual spammers can be blacklisted from being able to signup for any Internet or Email service
Accountability Internet Service Providers –Must maintain proper connection and mail tracking logs –Must monitor their users for heavy mail traffic (based on the type of user) and block traffic from non-business subscribers if they are suspected of either being spammers or relays for spammers –Must mitigate IP spoofing wherever possible –Must verify the identities of customers and not allow email to generate from blacklisted customers –Must comply with standards or have email marked as untraceable
Accountability Consumers –Must ensure the software on their systems is patched, and that they have loaded and are using current anti-virus software –Must ensure their machines do not become habitually compromised or face restricted Internet access from ISPs or warnings and possible fines from the government
Accountability Spammers –Entities designated as habitual spammers are blacklisted from sending email from any ISP Foreign ISPs –Foreign ISPs whose countries do not setup a similar system will have their mail also labeled as untraceable
Accountability Webmail providers –Webmail providers must now authenticate their users so they can identify subscribers Open Access Network Providers –Networks that allow open access (e.g. coffee shops, free hot spots, libraries, etc…) must now either verify the identity of users or block the ability of their users to send email
Benefits Consumers –They may opt to ignore untraceable email – without even signing up for the Do Not Email Registry Or they may whitelist specific email addresses for friends, family and associates who are on noncompliant systems –If they opt to enter the Do Not Email Registry, they now can file complaints with the authorities Government –The government will now have faster, easier and better tools for identifying spammers
Your consent to our cookies if you continue to use this website.