Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPAM Turning the tide Gregory Massel iWeek 2004.

Published byLily Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "SPAM Turning the tide Gregory Massel iWeek 2004."— Presentation transcript:

1 SPAM Turning the tide Gregory Massel gregm@datapro.co.za iWeek 2004

2 The threat to the Information Society One of the greatest plagues affecting the digital world One of the greatest plagues affecting the digital world More prevalent then legitimate e-mail More prevalent then legitimate e-mail Causes significant financial costs and productivity losses for ISP’s, business and end-users Causes significant financial costs and productivity losses for ISP’s, business and end-users Undermines user confidence in e-mail and online activities Undermines user confidence in e-mail and online activities Can seriously hamper the development of the digital economy and society Can seriously hamper the development of the digital economy and society

3 State of the Problem Spam is increasing Spam is increasing July 2003 - 50% of emailJuly 2003 - 50% of email July 2004 – 65% of emailJuly 2004 – 65% of email Growing criminal element Growing criminal element >95% have falsified senders>95% have falsified senders 17% inappropriate for minors17% inappropriate for minors 9% scams (eg. 419)9% scams (eg. 419) 6% fraud (phishing)6% fraud (phishing) ~50% via hacks (open relay, open proxy, exploited pc’s)~50% via hacks (open relay, open proxy, exploited pc’s) Spreading beyond e-mail Spreading beyond e-mail SMS, IM (SPIM), IRC, VoIP, etc.SMS, IM (SPIM), IRC, VoIP, etc. GSM Association lists spam in top four threats to the future of the mobile phone industryGSM Association lists spam in top four threats to the future of the mobile phone industry Source: www.brightmail.com

4 Spam and Fraudsters " It is a well-known fact that no other section of the population avail themselves more readily and speedily of the latest triumphs of science than the criminal class.“ (Inspector John Bonfield, Chicago Police Department, 1888) Source: www.antiphising.org

5 Lessons to be learned Spammers are technologically adept Spammers are technologically adept As quickly as we develop anti-spam solutions, they improve their techniquesAs quickly as we develop anti-spam solutions, they improve their techniques Legislation alone does not stop spam Legislation alone does not stop spam Heavy penalties are a deterrenceHeavy penalties are a deterrence Empowers people to trace and take action against spammersEmpowers people to trace and take action against spammers International co-operation is required to to fight a threat that knows no borders International co-operation is required to to fight a threat that knows no borders

6 Turning the tide Legislate against spam (world-wide) Legislate against spam (world-wide) Colaborate globally to fight the threat Colaborate globally to fight the threat Through industry bodies (eg. ISPAs, ITU, IETF)Through industry bodies (eg. ISPAs, ITU, IETF) Through LEAs (eg. Interpol)Through LEAs (eg. Interpol) Develop technical solutions Develop technical solutions Preferrably IETF-endorsedPreferrably IETF-endorsed Must be widely implementedMust be widely implemented Educate end-users, marketers, businesses and ISPs about anti-spam measures and good Internet security practices Educate end-users, marketers, businesses and ISPs about anti-spam measures and good Internet security practices

7 Legislation - Overseas Most countries have introduced anti-spam legislation Most countries have introduced anti-spam legislation EU region governed by directive 2002/58/ECEU region governed by directive 2002/58/EC Governs all bulk communications (including e-mail, sms, fax, automated calling machines). Governs all bulk communications (including e-mail, sms, fax, automated calling machines). Explicit consent of recipient required PRIOR to contact Explicit consent of recipient required PRIOR to contact Exception: within the context of an existing customer relationship by the same company that obtained the customer’s details Exception: within the context of an existing customer relationship by the same company that obtained the customer’s details Prohibits the use of false identities or return addresses Prohibits the use of false identities or return addresses AustraliaAustralia Covers e-mail, sms/mms and IM but not fax Covers e-mail, sms/mms and IM but not fax Explicit consent of recipient required PRIOR to contact Explicit consent of recipient required PRIOR to contact Exception: within the context of an existing relationship Exception: within the context of an existing relationship Requires accurate identification of the sender Requires accurate identification of the sender Requires a functional unsubscribe facility Requires a functional unsubscribe facility Penalties up to $1.1 million per day for professional spammers Penalties up to $1.1 million per day for professional spammers Covers spam originated in Australia, or commission in Australia (but originated elsewhere), or sent to an address accessed in Australia Covers spam originated in Australia, or commission in Australia (but originated elsewhere), or sent to an address accessed in Australia Exemptions: Government, political parties, charities, religious organisations, educational institutions (sent to attending and former students) Exemptions: Government, political parties, charities, religious organisations, educational institutions (sent to attending and former students) USA governed by the CAN-SPAM ActUSA governed by the CAN-SPAM Act Implements an opt-out approach Implements an opt-out approach Prohibits the use of an invalid sender address Prohibits the use of an invalid sender address Prohibits bulk e-mail inappropriate for minors Prohibits bulk e-mail inappropriate for minors

8 Legislation – South Africa Bulk e-mail is legal provided you Bulk e-mail is legal provided you Provide an ‘unsubscribe’ facilityProvide an ‘unsubscribe’ facility Inform the recipient where you obtained their address (on their request)Inform the recipient where you obtained their address (on their request) Loopholes Loopholes No requirement for a valid sender addressNo requirement for a valid sender address Who does one contact to request where your address was obtained if there is no valid sender? Who does one contact to request where your address was obtained if there is no valid sender? It is almost impossible to prove that two mail shots came from the same sender, therefore difficult to prosecute on the basis of a dishonored unsubscription It is almost impossible to prove that two mail shots came from the same sender, therefore difficult to prosecute on the basis of a dishonored unsubscription Effectively legitimises spam Effectively legitimises spam Similar approach to the USA Similar approach to the USA USA is the biggest source of spam world-wide!USA is the biggest source of spam world-wide! Dire need for stricter legislation Dire need for stricter legislation

9 Collaboration & Education Global forums Global forums ITU / WSIS meetings on countering spamITU / WSIS meetings on countering spam AntiSpam-Forum 2004 (CABASE)AntiSpam-Forum 2004 (CABASE) South Africa South Africa ISPAISPA Anti-spam list Anti-spam list Technical committee Technical committee iWeek sessions iWeek sessions Participation in international forums Participation in international forums Spam SummitSpam Summit MFSA spam guidelinesMFSA spam guidelines Department of CommunicationsDepartment of Communications

10 Final thought "The spam wars are about rendering email useless for unsolicited advertising before unsolicited advertising renders email useless for communication." - Walter Dnes & Jeff Wynn (in news.admin.net-abuse.email)

11 References & Links ITU activities on countering spam ITU activities on countering spam http://www.itu.int/osg/spu/spamhttp://www.itu.int/osg/spu/spamhttp://www.itu.int/osg/spu/spam Euro Coalition Against Unsolicited Commerial E-mail Euro Coalition Against Unsolicited Commerial E-mail http://www.euro.cauce.org/http://www.euro.cauce.org/www.euro.cauce.org SpamLaws.Com SpamLaws.Com http://www.spamlaws.com/http://www.spamlaws.com/ Australian Communication Authority - Information on SPAM Australian Communication Authority - Information on SPAM http://www.aca.gov.au/consumer_info/spam/consumerinformation.ht mhttp://www.aca.gov.au/consumer_info/spam/consumerinformation.ht mhttp://www.aca.gov.au/consumer_info/spam/consumerinformation.ht mhttp://www.aca.gov.au/consumer_info/spam/consumerinformation.ht m Anti-Phising Working Group Anti-Phising Working Group http://www.antiphishing.org/http://www.antiphishing.org/ AntiSpam-Forum 2004 (Spanish) AntiSpam-Forum 2004 (Spanish) http://www.antispamforum2004.org.ar/http://www.antispamforum2004.org.ar/ SpamHaus SpamHaus http://www.spamhaus.org/http://www.spamhaus.org/

Download ppt "SPAM Turning the tide Gregory Massel iWeek 2004."

Similar presentations

How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group

How Lawsuits Against Spammers Can Aid Spam-Filtering Technology: A Spam Litigators View From the Front Lines Jon Praed Internet Law Group
Virtual Conference on Anti-spam Regulation and Policy Development Sharing The Singapore Experience By Low Boon Kiat Policy & Competition Development Group.

Virtual Conference on Anti-spam Regulation and Policy Development Sharing The Singapore Experience By Low Boon Kiat Policy & Competition Development Group.
An Anti Spam Action Strategy John Haydon, Australian Communications Authority.

An Anti Spam Action Strategy John Haydon, Australian Communications Authority.
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Anti Money Laundering (AML) An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group

An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group
E-Business Technologies BCM SPAM Rafael Quiroz Vázquez Professor Eduard Heindl.

E-Business Technologies BCM SPAM Rafael Quiroz Vázquez Professor Eduard Heindl.
Www.nb2bc.co.uk Email Marketing: Comply with the Law 28 th February 2007 Liz Rowe.

Marketing: Comply with the Law 28 th February 2007 Liz Rowe.
Fraud and Identity Theft: The United Nations Crime Commission Intergovernmental Expert Group on Fraud and the Criminal Misuse and Falsification of Identity.

Fraud and Identity Theft: The United Nations Crime Commission Intergovernmental Expert Group on Fraud and the Criminal Misuse and Falsification of Identity.
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
By The Blank Mind Group Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang Darrell Fraser Kuo-Luen Chang.

By The Blank Mind Group Dana Fellows Jason Kohut Rick Barton Darrell Fraser Kuo-Luen Chang Darrell Fraser Kuo-Luen Chang.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Www.internetsociety.org From Spam to Cyber Security Roles and Challenges for Operators CANTO 13 August 2014 Karen Mulberry.

From Spam to Cyber Security Roles and Challenges for Operators CANTO 13 August 2014 Karen Mulberry.
How To Make Email Marketing Work for Your Small Business or Non-Profit Presented by Milton Zlotnick SCORE Counselors to America’s Small Business Chapter.

How To Make Marketing Work for Your Small Business or Non-Profit Presented by Milton Zlotnick SCORE Counselors to America’s Small Business Chapter.
1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.

1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.
Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.

Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.
563.8.2 Spam Sonia Jahid University of Illinois Fall 2007.

Spam Sonia Jahid University of Illinois Fall 2007.

Similar presentations

Ads by Google