Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Similar presentations


Presentation on theme: "Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc."— Presentation transcript:

1 Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

2 Overview of the Spam problem Spammers take advantage of the anonymity of the system to send Unsolicited Commercial Spammers can avoid and ignore US laws by moving their operations overseas Consumers don’t have a mechanism to universally identify spam and opt out of it

3 Problems with Proposed Solutions Blacklisting/Whitelisting –List monitoring and maintenance –Messages can be lost –Consumers have to worry about being on or off lists –Decisions are made that affect consumers without their knowledge

4 Problems with Proposed Solutions Digital Signatures –Very difficult to implement globally –Could lead to identity theft –Process of obtaining a certificate can be cumbersome

5 Problems with Proposed Solutions Domain Name Authentication/Verification –Spam could still be routed through legitimate, overseas domains –Spam could be passed through an exploited mail server if the domain name of the spam matches the domain name of the victim’s server –Individual activity is not tracked –Some small business consumers may be hindered

6 Problems with Proposed Solutions None of the solutions help enforce a Do Not Registry

7 Certified Electronic Mail System Similar to the US Post Office’s Certified Mail system Adds a code to messages before the message leaves the network of the sender’s ISP Code is read by the receiver’s ISP Logging takes place by both ISPs

8 Certified Electronic Mail System Code is encrypted to prevent tampering or misuse Method minimizes code tampering by mail senders or recipients ISPs can mark messages without codes as “[UNTRACKABLE]” and filtered accordingly

9 Certified Electronic Mail System Using ISP’s mail server

10 Certified Electronic Mail System Using individual mail server

11 Enforcement Verification that the complainant has registered in the Do Not Registry The code in the spam is used to quickly identify the sender’s source ISP The source ISP is contacted and asked to determine who sent the in question The source ISP reviews their mail tracking and connection logs to identify the sender

12 Enforcement The sender’s identity information is reported to the government enforcement division Action is taken against the sender –Actions against the sender could include fines if the sender sent the spam in violation of the Do Not Registry and if the sender cannot prove the recipient opted-in to receive their messages after their date of registration on the list. –Or, if the user’s computer sent the spam without their knowledge as the result of a virus or malicious program infestation that could have been protected against, the government may opt only to issue a warning for non-habitual offenders. –The government may also want to consider levying fines against ISPs for failing to recognize unusual mail volume from non-commercial subscribers.

13 Enforcement Foreign governments, or the UN or US may may regulate foreign ISPs and handle complaints Habitual spammers can be blacklisted from being able to signup for any Internet or service

14 Accountability Internet Service Providers –Must maintain proper connection and mail tracking logs –Must monitor their users for heavy mail traffic (based on the type of user) and block traffic from non-business subscribers if they are suspected of either being spammers or relays for spammers –Must mitigate IP spoofing wherever possible –Must verify the identities of customers and not allow to generate from blacklisted customers –Must comply with standards or have marked as untraceable

15 Accountability Consumers –Must ensure the software on their systems is patched, and that they have loaded and are using current anti-virus software –Must ensure their machines do not become habitually compromised or face restricted Internet access from ISPs or warnings and possible fines from the government

16 Accountability Spammers –Entities designated as habitual spammers are blacklisted from sending from any ISP Foreign ISPs –Foreign ISPs whose countries do not setup a similar system will have their mail also labeled as untraceable

17 Accountability Webmail providers –Webmail providers must now authenticate their users so they can identify subscribers Open Access Network Providers –Networks that allow open access (e.g. coffee shops, free hot spots, libraries, etc…) must now either verify the identity of users or block the ability of their users to send

18 Benefits Consumers –They may opt to ignore untraceable – without even signing up for the Do Not Registry Or they may whitelist specific addresses for friends, family and associates who are on noncompliant systems –If they opt to enter the Do Not Registry, they now can file complaints with the authorities Government –The government will now have faster, easier and better tools for identifying spammers


Download ppt "Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc."

Similar presentations


Ads by Google