Spam Edward W. Felten Dept. of Computer Science Princeton University.

Slides:

Advertisements

Similar presentations

Basic Communication on the Internet:

Advertisements

Fighting spam: the thin grey line Alun Jones,

What is Spam  Any unwanted messages that are sent to many users at once.  Spam can be sent via , text message, online chat, blogs or various other.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Microsoft ® Office Outlook ® 2003 Virtually Working for You presents:

An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

By: Brad Templeton Presented by: Kelly Canales “10 Big Myths about Copyright Explained?”

Anonymity and SPAM The Good, the Bad and the Ugly!

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.

Issue Project - SPAM - EDCI 564 Vaithinathan Vanitha & Sookeun Byun.

Preventing Spam: Today and Tomorrow Zane Bonny Vilaphong Phasiname The Spamsters!

Copyright Myths. "If it doesn't have a copyright notice, it's not copyrighted." This was true in the past, but today almost all major nations follow the.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Fighting Spam Randy Appleton Northern Michigan University

August 15 click! 1 Basics Kitsap Regional Library.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

Spam Sonia Jahid University of Illinois Fall 2007.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

MIT Info Group, January 19, 2005 Page 1 The CAN-SPAM Act and what it means for MIT communicators MIT Info Group, January 19, 2005 Marsha Sanders Senior.

AND SPAM BY OLUWATOBI BAKARE

ICASAS206A Detect and protect from spam and destructive software Identify and Stop Spam Warren Toomey North Coast TAFE Port Macquarie campus.

WE Can Stop the Spam! June 16, 2003 Author: Mr. Jack P. McHugh Presented by: Nidhi Dalwadi.

Untouchable?: A Canadian Perspective on the Anti- Spam Battle Michael Geist Canada Research Chair in Internet & E- commerce Law University of Ottawa, Faculty.

Should there be a law that forbids people from sending to thousands of people (spam)? By: Bennett Moss Daniel Hoyt Hizkias Neway Junyu Wang.

Suing Spammers for Fun and Profit Serge Egelman. Background Over 50% of all mail Less than 200 people responsible.

1 The Business Case for DomainKeys Identified Mail.

Combating Abuse Brian Nisbet NOC Manager HEAnet.

PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,

© 2007 Convio, Inc. HOW TO: Best Practices for Sending to Organizations Confidential for use by American Cancer Society and Convio – Copyright ©

XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 2 1 Evaluating an Program and a Web-Based Service Basic Communication.

1 MyMortgageHostMyMortgageHost CRM/Databasing Call October 4, 2007 “HOLIDAY CRM TIPS & STRATEGIES” Presented by Eric Risley, Wayne Hohler: Aclient Software.

Chapter 7 Part 2. Consumer Protection Laws A Consumer is someone who buys or leases goods, real estate, or services for personal, family, or household.

Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

“10 Big Myths about copyright” Presented By: Brenton Barnes Summer 06.

Spam Act 2003 Consumer Education and Awareness. About the ACA Independent government regulator Ensures industry compliance with legislation (Telecommunications.

Small Business Resource Power Point Series How to Avoid Your Marketing Messages Being Labelled as Spam.

A Technical Approach to Minimizing Spam Mallory J. Paine.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.

2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.

advantages The system is nearly universal because anyone who can access the Internet has an address. is fast because messages.

Policy Considerations RUCUS BOF IETF 71 - Philadelphia March 10, 2005 John Morris.

Technology Considerations for Spam Control 3 rd AP Net Abuse Workshop Busan Dave Crocker Brandenburg InternetWorking

+ netiquette. + Objectives Understand the meaning of the term “Digital Citizen” Demonstrate an understanding of the need to practice cyber safety, cyber.

CAN SPAM and Your Marketing Best Practices for Senders By Lars Helgeson Cooler .

Marketing Amanda Freeman. Design Guidelines Set your width to pixels Avoid too many tables Flash, JavaScript, ActiveX and movies will not.

C August 24, 2004 Page 1 SMS Spam Control Nobuyuki Uchida QUALCOMM Incorporated Notice ©2004 QUALCOMM Incorporated. All rights reserved.

Security Technology Clients and Mail Servers

Chapter 11.  Electronic commerce (e-commerce)  The sale of goods and services by computer over the Internet  Internet (Net)  A collection of millions.

Federal Trade Commission FTC & Spam. Federal Trade Commission CAN-SPAM Act of 2003 (“Controlling the Assault of Non-Solicited Pornography.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

11 Copyright Myths By: Michael Armstrong. What is a copyright? A copyright is the exclusive right to make copies, license, and otherwise exploit a literary,

Easy Read Summary Mental Capacity Act Mental Capacity Act A Summary The Mental Capacity Act 2005 will help people to make their own decisions.

Spam. Is spam a problem? Bandwidth hogging -> slower, costlier Discourages use of net ( , e-commerce) Productivity -> loss of time and money Receiver.

Understanding Business and Personal Law Consumer Protection Section 15.1 Consumer Protection and Product Liability Years ago, caveat emptor, which means.

Dr. Roger Ward.  It is a source of Congressional power to regulate interstate commerce is the Commerce Clause in Article I, Section 8.  According to.

I SPCon 2003 – Evaluating Spam Control SolutionsBrandendenburg.com / 1 Points of Control UA = User Agent MTA = Message Transfer Agent o =originator.

“We Can Stop the Spam” By: Jack P. McHugh Power Point Presented by: Ian Carey.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

Ethical, Safety and other issues when using the Internet Displays a knowledge of networking in terms of user- access Demonstrates responsible.

Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.

Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.

Don’t click on that! Kevin Hill.  Spam: Unwanted commercial ◦ Advertising ◦ Comes from people wanting to sell you stuff. ◦ Headers may be forged.

Online Safety! By: Michelle Deng.

Fix Yahoo Mail Box Error 550 Call for Help

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Presentation transcript:

Spam Edward W. Felten Dept. of Computer Science Princeton University

Scope of the Problem About 60% of all is spam –Much is fraudulent –Much is inappropriate for kids 5% of U.S. net users have bought something from a spammer –Billions of dollars of sales –Spamming pays Will talk about ; but affects other communication technologies also

An Message From: To: Subject: mail forgery Date: November 18, 2004 Actually, anybody can make a message like this. There’s no inherent authentication of the receiver’s address, and no guarantee that the message came from any particular place. Forgery is easy.

Transport sender Sender’s serverReceiver’s server SMTP receiver POP/IMAP Complications: forwarding, mailing lists, autoresponders, etc.

What is Spam? (1) that the recipient doesn’t want. Problems: - only defined after the fact - ban raises First Amendment issues (2) Unsolicited . Problem: lots of unsolicited is desired

What is Spam? (3) Unsolicited commercial . But what exactly does “unsolicited” mean?

Free Speech Issues Law sometimes allows speech, even when the listener doesn’t want to hear it. Commercial speech less protected than political speech. At the very least, let’s not block a message if both parties want it to get through.

Working Definition of Spam Any commercial, non-political is spam, unless (a) the recipient has consented to receive it, (b) the sender and receiver have an ongoing business relationship, or (c) the message relates to an ongoing commercial transaction between the sender and receiver. Note: just looking at a message won’t tell you whether or not it’s spam.

Anti-spam Measures Enforce laws against wire fraud, false medical claims, etc. Require accurate labeling of origin; allows filtering by origin –Big spammer just sentenced to nine years in VA state prison for mislabeling

Private Lawsuits by ISPs ISP sends spammer cease-and-desist letter Spammer keeps sending spam ISP files suit –Claiming cyber-trespass –Seeking money damages –Seeking injunction against further spamming Some success so far, but mostly useful as deterrent

Blacklists Make list of known addresses, or known IP addresses, of spammers Discard from those addresses Problems –Spammers try to mislead about message origin –Spammers move around a lot –Innocent users sometimes end up sharing addresses with spammers –False accusations

Whitelists Make list of people/places you want to get from Impractical to accept only from these people But still useful –Make other anti-spam measures more stringent –Exception for people on whitelist

Payment Try to raise cost of sending –Ideally, raise more for spammers than for normal senders Pay in the form of: –Money –Wasted computational resources –Human attention

Problems with payment If using real money, involves the banking system If paying in resources, waste of resources –Resources are cheap for spammers anyway Deters some legitimate – especially big (legitimate) mailing lists

Sender authentication Various schemes Make sure that mail comes from the right place, given the (claimed) sender –e.g. my mail comes from a Princeton IP address Works okay, but –Complicated in presence of forwarding etc. –Doesn’t address spambots on stolen machines

Content-Based Filtering Classify incoming messages based on contents –Apply fixed rules (e.g. SpamAssassin) –Machine learning, based on user labeling Word-based Bayesian learning

Filtering Issues Fairly accurate, but not foolproof –Trade off false positives vs. false negatives –Still need to look at suspected-spam messages Spammers using countermeasures –“word salad”

Case Study: Do-Not- List In CAN-SPAM Act, Congress asked FTC to study a National Do-Not- (DNE) list –Like Do-Not-Call list for telemarketing Congress asked: –Should we have a DNE list? –If we have one, how should it work? FTC hired experts (including me) to give technical advice.

DNE List: Law Users can put their addresses on the DNE list. Domain owner can put whole domain (e.g. washington.edu) on DNE list. Illegal to send spam to anybody on the list.

DNE List: Approaches Give spammers the list –Very bad idea: “whom-to-spam” list –Can seed each spammer’s list with “telltale” addresses? (Interesting CS theory problem.) Spammer submits their mailing list to DNE service; service returns “scrubbed” list –Spammer still learns about some valid addresses –Might be able to limit this by limiting access, charging for access, etc.

DNE List: Approaches Spam-forwarding service –Spammer must direct all spam through a DNE service –Service forwards to addresses not on DNE list –Silently drops if address is on list –Doesn’t leak information about list –Irony: as an anti-spam measure, the government is forwarding spam All approaches: risk that list will leak

Outlaw Spam Biggest problem for DNE List is outlaw spammers –Ignore the law –Send spam from stolen machines –Very hard to catch them

Spam: Bottom Line Spam will be with us, as long as people buy stuff from spammers. People will keep buying the kinds of products that spammers sell. At best, we’ll fight to a stalemate.