KLA 2004 talk


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Spam basics Is spam “bad”? Why do you get spam How spammers find your email address Practical tips __________________________ Not comparing specific filters or products Goal – To encourage you all to become rabid anti-spammers!
  • The word comes from an old Monty Python skit where some folks in a diner are unable to have a conversation because a group of Vikings at a nearby table keep singing the "Spam" song. The term became connected with computers in 1985 when somebody posted SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM…. every few seconds to a MUSH site (online game). [ http://www.rahul.net/falk/glossary.html ] MUSH - Multi-User Shared Hallucination . Real-time virtual environment game. Related to MUD – Miulti-user dungeon (from Dungeons and Dragons) http://www.wired.com/news/politics/0,1283,19098,00.html – First spam, lawyers, appealing to immigrant communities http://news.com.com/2008-1082-868483.html - “It was with a fairly simple script, a Perl script, that just pulled the names of all the newsgroups off a particular server and, just one at a time, sent the message to them through the various Internet protocols that were in wide use at the time. “ http://www.encyclopedia4u.com/c/canter-siegel.html – “The spam involved a US government lottery to give "green cards" to certain non-citizens, allowing them to stay and work in the country. The two lawyers offered to do the necessary paperwork for a fee, although it could be done for free through government offices. … They sent the notice to at least 6,000 discussion groups in Usenet, a huge number at the time, leading to a great outcry and the first large-scale use of software "cancel-bots" to troll Usenet and kill their messages.”
  • Two types: Usenet (email distribution list) vs direct. Usenet defeats the purpose/utility of the list. Direct email *****
  • Despite the wide use of spam filters, 70 percent of the e-mail messages received by Microsoft Corp.'s Hotmail Web-based e-mail service are spam messages, according to Geoff Hulten, a spam researcher for Microsoft. http://www.wired.com/news/infostructure/0,1377,61971,00.html?tw=wn_polihead_2
  • One recent parody tallied cost of bathroom breaks (see Patullo, b/ITE, 2004) Mention my email correspondence with spammer artist in Nebraska Information Today, Oct. 2003 “ Fed Trade Com rept: 2/3 or all spam is deceptive in some way” MessageLabs – 70% of all spam is distrib. Via hacking 2002 Ferris Reseach study: spam costs businesses $8.9 bill/year Cost to the user: Connect time and long-distance charges (esp. dial-up users) Disk space charges Time (to review and delete, possibly report) – business productivity issue Cost for products to fight spam and spam relatives Cost to internet service providers (ISPs): Disk space Time (Tech support, legal fights, responding to complaints) Cost for products to reduce spam Philosophical issues Low cost to sender, high cost to receiver Illegal methods Theft of resources (an increasing number of spammers send most or all of their mail via innocent intermediate systems False advertising - Much of spam content is deceptive, fraudulent or illegal (e.g., pornography) Taking advantage of the cooperative nature of the Net For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it. Assuming that it takes the typical AOL user only 10 seconds to identify and discard a message, that's still 5,000 hours per day of connect time per day spent discarding their spam, just on AOL. By contrast, the spammer probably has a T1 line that costs him about $100/day. … , to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. (Due to a historical quirk, most mail systems on the Internet will deliver mail to anyone, not just their own users.)
  • Spam is the equivalent of third-class mail that arrives postage-due. Indeed, spam is most like junk FAXes, which are sent at the convenience of the sender and the expense of the recipient. Third-class mailers cost the sender money – postage, printing, etc. Telemarketing costs the sender money - human callers, phone lines, per-minute charges, etc. Traditional telemarketers are regulated by increasingly stringent laws. For example, in the US, they are prohibited from calling businesses, and they are required to stop calling anyone who asks to be put on their "do-not-call" list.
  • Free Speech guarantees you the right to say what you want, within reason; it does not guarantee you a platform to make yourself heard in. Reports two weeks later saw spam up 6.5%, with less than 1% of spam complying with the new law ( PC World ). First criminal charges filed in April, 2004 [ http://www.cnn.com/2004/LAW/04/28/internet.spam.ap/ ] Law contains loopholes and in some cases supersedes more stringent state laws Although the Internet has its roots in a U.S. Government network, it is currently a cooperative coalition of commercial carriers. It is far better for the carriers to agree on the rules than for the government to step in and set up inflexible laws. Definition problem: Spam is this -> easy to re-construct spam outside that definition What about just enforcing existing laws? Most spam is illegal (fraud, etc.). Use existing laws in those cases -> significantly reduce spam over all (see Brewster Kahle, InfoWorld, April 2004) CAN SPAM = Controlling the Assault of Non-Solicited Pornography and Marketing Act
  • Infoworld – 4.19.04, p. 48: “ ‘A person is allowed to go out in public wearing a mask. But no one’s going to give them a job, and no one’s going to buy anything from them in a store. You’re not going to let them through the front door of your business.’ Same with email. “You still have ways to be anonymous. But someone who wants to get in the door and do business with you will have to take the mask off.’ ” email registration, like DNS registration. “caller-ID systems” “ Computational schemes” – If you’re not on my OK list, my computer sends your computer a math problem. Verify the address is OK, uses your CPU time. Problem: Spammers already hijack others’ computers. The introduction of the Penny Black stamp played an important role in the reform of the British Postal System during the 1830's. Before this time, postage fees were based on weight and on distance involved. Postage had to be calculated for each letter, and was typically paid by the addressee. The introduction of the Penny Black shifted the cost of postage to the sender and eliminated the complexity of postage computation by requiring a uniform, low rate. In a nutshell, the idea is this: "If I don't know you, and you want to send me mail, then you must prove to me that you have expended a certain amount of effort, just for me and just for this message."  The approach is fundamentally an economic one.  Suppose we measure effort in CPU cycles.  Since there are about 80,000 seconds in a day, a computational "price" of just ten seconds per message would limit a spamming computer to at most 8,000 messages daily. So spammers would have to invest heavily in hardware in order to send high volumes of spam. (While this idea is simple, people often misunderstand its implications. We encourage potential critics to look here first.) The Penny Black project has investigated several techniques to reduce spam by making the sender pay. We've considered several currencies for payment: CPU cycles, memory cycles, and Turing tests (proof that a human was involved) are the leading candidates.  There are multiple system organizations that can support this: senders can pre-compute the appropriate function, tied to a particular message; senders can come up with the payment in response to a challenge after they've submitted their message; senders can acquire a ticket pre-authorizing the message. Recipients would aggressively safe-list good senders. The ticket scheme involves creating a ticket service that would issue tickets, which can then be submitted with an email message. The recipient would then call the ticket service to validate and cancel the ticket. There are some interesting ramifications to the ticket server idea. For example, 1000 pre-paid tickets might be bundled with each new PC. A detailed description of the Ticket Server design is available in [ABBDW-03]
  • Ignore Provides no motivation for spammer to stop Doesn’t cost the recipient additional time/effort/money Boycott Limited motivation for spammer to stop Doesn’t cost you much Filter Never see (some) spam Provides no real motivation for spammer to stop Not 100% reliable Report Creates a hassle for the spammer (must move accounts) Possible legal action could result Basis for spam research Reporting is a time-consuming hassle All of above are “after” resposes. But there are some preventative measures and we’ll talk about some of those first.
  • Harvesting email addresses from webpages (e.g., your library’s staff directory) Using simple programs that look for mailto: links or text in an email format: [email_address] Harvesting from newsgroups Similar to above, looking for text in the standard email structure “ Social Engineering” E.g., greeting cards sites that collect your name from a friend of yours and then keep it or sell it to spammers Guessing E.g., if kraemer@uky.edu is valid, let’s try smith@uky.edu or kraemer@yahoo.com. Doesn’t hurt to try, anyway Stealing Create a hidden ftp link in a webpage. Anonymous ftp servers traditionally use email address as the password, and browsers will send email address as password (see http://www.glenns.org/spam/ftpgrab.html) “ Worm”-type viruses (can be hidden in chain letters) can also scavenge email addresses, by having your system email your address book. Buying A list of viable email addresses is an asset that can be sold.
  • http://www.spammotel.com – service to provide “disposable” email addresses. If you ever really need to see something sent to that address, you can use reminders to get in.
  • http://www.spammotel.com – service to provide “disposable” email addresses. If you ever really need to see something sent to that address, you can use reminders to get in.
  • Benefits to this method: Email link still works. Easy to do
  • Options include: Blocking email based on probability, content criteria (e.g., subject includes “viagra” Blocking based on email address (e.g., everything from @pornking) Accepting email ONLY from approved addresses (“Whitelist”), often with email challenge sent to non-whitelist addresses Spam-marking only (suspected spams are labled but still come in to your mail box) Filtering is not 100% effective. Possibility of “false positive” – real mail being identified as spam Spammers find ways around content filters (e.g., V*iagra) New email that doesn’t match existing patterns always on the horizon (e.g., spammers can use limitless new faked “from” addresses)
  • http://www.wired.com/news/infostructure/0,1377,61886,00.html – spam techniques to defeat bayesian filters
  • If anti-spammer’s track down a spammer’s true identity, they can harass (phone calls, “spam” attacks -> shut down phone/email service) One story by Cindy Chick in “Searcher” 2003 described an antispammer hacking into a spammer’s computer, grabbing nude photos of her and posting them around the internet. Reports can be sent to the spammer’s ISP, your ISP, independent tracking organizations, and/or the US government (spam@uce.gov) Reporting is information-gathering, a first step in creating a real solution Reporting might result is having the spammer’s email/web account closed, possible legal action, and other minor headaches Reporting might raise the cost of spamming so that it is no longer a practical marketing technique for one individual spammer Requires that you identify the party REALLY responsible for the spam
  • Notice the line marked in red. This is the most important part of the header that SpamCop cares about. This is called a received line . Some email messages have only one received line, some have more than one. Every time the email makes a "hop" from one server on the internet to another, one more received line is added. They can be used to track the email back along its path to the origin. Without this information, SpamCop can do nothing. All the other information in the header is suspect (it can be faked). The received line portion of the header always contains SOME kernel of truth. SpamCop separates the kernel from the chaff in order to find the true source of the spam. All machines have a unique identifying number on the internet. Internet Protocol number or IP. That number can be matched with a more human-friendly code of letters
  • Whois is a protocol used to find information about networks, domains and hosts . The whois records normally include data on the organizations and the contacts associated with these networks and domains. Whois services operate through a whois server. Any one can connect to a whois server and send a query. The whois server will then respond to the query and close the connection. Any one can run a whois server. For example a company could run a whois server that provides information about its various departments and employees.
  • Spam cop provides a variety of services: Mail service – SpamCop maintains what they say is “the largest database of in-progress spam around”, so you can receive mail filtered against this collection Blocking list (black list) – SpamCop provides access to it’s “blacklist” to other email providers, to use in their own filtering Email parsing, with or without reporting – find headers, identify contact information for server administrator, create the report, send it if you want.. SpamCop removes your contact information from the header, in case you are worried about retaliation. ___________________ SpamCop reporting/parsing service is free, although you get some additional features if you pay for it. I paid $25 months ago, and still going strong. I estimate that for me, $25 will last about a year. SpamCop requires that you process spam within 3 days of receipt. Encourage prompt reporting to catch spammers in action, before they move to another machine. SpamCop automates the tracing/reporting process, but not too much. They want to place a verification burden on users, to make sure all reports are real.
  • This things also affect the utility of electronic communication (including also chain letters, useless/irresponsible cc).
  • Business opportunities Chain letters Work-at-home schemes Health and diet scams Effortless income Free goods Investment opportunities Guaranteed loans or credit, on easy terms Vacation prize promotions
  • We receive spam - Email is one of our tools of the trade (librarians and our patrons) We engage in practices that can increase or decrease our colleagues’ susceptibility to spam (how we post/distribute contact information via the web). We need to make sure our servers are secure to prevent hijacking by spammers Email is an electronic information resource. Anything that bogs down the internet impedes the flow of information.
  • All quotes from http://spam.abuse.net, the “Other voices” section Peter da Silva, 1997 - http://spam.abuse.net/others/experiment.htm – “ posted to a list from a new email account. half dozen real responses to my postings. You will notice that the second weekend after my experiment I received 20 unsolicited messages over those two days. If the account had been at an online service with a limited mailbox it would probably have been bouncing mail by then, without my new net user ever having a chance to send in a "remove" message.”
  • Phish - Refers to a false web page or other trojan horse intended to trick users into giving up their credit card, account password or other valuable information. EBay - (n.) On-line auction house. Alleged to periodically "lose" user preference settings -- in particular the "do not send me email" preference. (v.) The practice of "losing" a database of customer opt-out requests so that you can send your users spam even after they've requested that you not do so. Murk - (n.) A disclaimer at the end of an email spam assuring you that the spam complies with Bill S.1618 which makes the spam legal. Also known as a "Murkogram". (v.) The act of sending spam containing a Murkogram. The term comes from Frank Murkowski (R-AK), the senator who wrote S.1618 which would have made spam legal provided it followed certain rules. In particular, to be legal under S.1618, the spam must contain full contact info at the start and make no attempt at hiding its origin. There are three problems however: First, S.1618 was never passed. Second, S.1618 would not actually have made spam legal, it would have made certain kinds of spam illegal. Finally, most spam in fact, actually violates the provisions of S.1618. Thus, a Murk disclaimer serves as a sure sign that the message is spam, and that the sender knew they were doing something wrong. Click-Through - A web page which exists merely to redirect users to another site. Click-throughs are used so that a web site being spamvertised need not be mentioned in the actual advertisement. Spammers will typically create click-through pages on throw-away accounts and spamvertise the click-through page. Page-Jacking - Practice in which an innocent third party's web page is copied to the page-jacker's web site almost verbatim, but modified so that it links or redirects to the page-jacker's other web sites. The purpose is two-fold: The seemingly innocent content of the copied page lures readers into thinking that it's safe to click on the links, and secondly, web search engines will index the copied page under a variety of unrelated catagories. Thus, someone searching for "Oaklahoma Tornadoes" might find themselves at a porn site. Opt-In /Opt-out - Opt-In refers to email advertising lists which users must deliberately sign on to. Opt-Out- Opt-out refers to email advertising lists in which recipients are signed up without their knowledge or permission, but may request to be removed from the list. Opt-out lists do not work for the following reasons: Many opt-out lists are fradulent. These are used by spammers as a source of known good email addresses. Users who send their email addresses to an opt-out list are likely to receive more spam than before, not less. No user in their right mind would sign up for an opt-out list. Hijacking - The act of relaying spam through a third-party system without permission. Spammers will often relay spam through third-party systems in order to hide the point of origin (effectively laundering the headers.) This is done to trick users into reading messages they would otherwise delete, to evade automated spam-filtering software, and to make it difficult to complain about spam. Hijacking can be harmful to the third-party system in several ways. First, it is theft of service. Second, it is a drain on resources -- a large flood of spam can crash a small server, creating a denial of service attack. Third, it can cause bounces and complaints to be directed to the innocent third party. Fourth, it damages the third party's good name when spam recipients think that the spam came from them. Listwashing - The practice of removing complainers from an address list rather than deleting the list entirely. This allows spammers to continue to spam with a minimum of complaints. Listwashing often requires the complicity of the spammer's service provider, who will forward email addresses of complainers on to the spammer. Throw-Away Account - A cheap account acquired for the purpose of spamming, with the knowledge that the account will be quickly cancelled, but not in time to stop the spam. Dictionary attack - A program that bombards a mail server with millions of alphabetically generated email addresses in the hope that some addresses will be guessed correctly. This technique is also used to crack passwords. Directory Harvest Attack (DHA) - When a spammer bombards a domain with thousands of generated email addresses in an attempt to collect valid email addresses from an organization. Spoofing- When spammers forge an email address to hide the origin of a spam message. Email scammers and virus writers also use this trick. Scammers spoof address lines to fool people into thinking an email has arrived from a legitimate source, such as an online bank. Similarly, virus writers have passed off viruses as security patches by spoofing their origin as being, for example, from Microsoft technical support. Open Relay - An email server processing mail where sender and receiver are not local users. Such servers are often open to attack, and are sometimes seized by hackers who use them to send large amounts of spam. Robot, Spider, Webcrawler - A robot, also known as a spider, crawler, or webcrawler, is a program that traverses the World Wide Web, and gathers information. Robots were originally used to gather information for search engines. Indeed, most robots are still of this variety, however, a new brand of "evil robots" has arrived on the scene - known as spambots. Spambots have taken the traditional, harmless ideas of robots and warped into something else. Spyware- Software containing a trojan horse which monitors your system or your net browsing activity and sends the results to the author of the spyware. Once used only by crackers, spyware is now used by mainstream companies to collect marketing information. Crosspost - (v.) To cross-post is to send a single message to multiple newsgroups. This is preferable to sending single copies of a message to each newsgroup for three reasons: First, by only sending a single copy, you reduce network resource consumption. Second, most newsreaders allow users to view and discard a crossposted message with just one reading, even if they subsequently visit other newsgroups to which the message was posted. Third, a followup reponse to the original article will be seen in all the relavent newsgroups, instead of just the one. Articles should be crossposted to the newsgroups to which they are relevant and no more. Crossposting is not, in itself, considered net abuse unless done to excess (see ECP), or to many non-relavent newsgroups
  • Dev null - In Unix-like operating systems, /dev/null or the null device is a virtual device that discards all data written to it, and provides no data to any process that reads from it. In Unix jargon, it may also be called the bit bucket or black hole. Blackhole - (n) Either an e-mail account which silently and invisibly deletes all mail sent to it, or the act of doing so. (v) To automatically delete emails coming from a certain IP address. Munge - To modify your email address in such a way that address harvesters won't get a usable address, but humans can still figure it out. Headers - Headers are the block of information lines which appear at the top of a mail or news message. Headers identify the sender and recipient of a message, the route the message took from one site to another and so on. Headers are used to determine the source of a post. For more information, see Tracking Spam. ISP - ISP stands for Internet Service Provider. Domain Name System blackhole list (DNSBL) - Commercial lists of networks that either allow spammers to use their systems to send spam, or have not taken action to prevent spammers from abusing their systems. False negative - When anti-spam software fails to identify a spam message as spam. False positive - When anti-spam software wrongly identifies a legitimate message as spam. Blacklist – In spam filtering, list of senders who are excluded (no email accepted). Users can also be whitelisted (accepted) or [sometimes] greylisted. Some anti-spam software can send greylisted addresses an automated response, challenging the sender to confirm their legitimacy. Bayesian Filtering - Bayesian spam filters use a statistical theory developed by English philosopher Thomas Bayes. They calculate the probability of a message being spam, based both on its content and on past results, to separate genuine emails from spam. Tarpitting- The use of traffic monitoring to identify remote IP addresses sending too many emails. Access to the mail system from those IP addresses is then temporarily suspended Acceptable Use Policy (AUP) - An AUP is a policy statement, made by an ISP, or any company that has customers, in which the company sets out its "rules" for use of the account. A good AUP will clearly state that not only is spamming not allowed, but will spell out the punishment for doing so. CAUCE - The Coalition Against Unsolicited Commercial E-Mail. A volunteer organization that is trying to amend the United States junk fax law to apply to spam. Mail Bomb - The result of sending a spammer (or anyone for that matter) lots of email until his or her site or account crashes.
  • Spamvertise - to advertise via spam Pink - The actual meat product SPAM® is pink in color. Thus, the adjective "pink" is often used to refer to things associated with spam. Nigerian 419 Scam - So-called because it violates section 419 of the Nigerian criminal code. This scam usually, not always, originates in Nigeria. In the 419 scam, you receive a letter from an official in Nigeria or other African country, and are told that someone needs to move a great deal of money out of the country and that you've been selected to help them do it. In return for your help, you'll be given a cut of the action. All you need to do is pay some sort of "Advance Fee" or "Transfer Tax" or give them your bank account information so they can wire the money to you. LART - (n.) Luser Attitude Readjustment Tool, e.g. a 2x4. See lart(1M) man page. (v.) To adjust the attitude of a luser. Often by TOSsing that luser. Troll - A post (on a newsgroup, or other forum) thought to be intended to incite controversy or conflict or cause annoyance or offense. Ham - All email that a recipient does not consider to be spam. (See also spam.) Spew - Large quantities of garbage sent to the net by a malfunctioning news program or robot. Now refers also to spam that especially profuse. Spamhaus - A rogue site which exists for the purpose of sending out spam.
  • Also: http://www.ebolamonkeyman.com/ “ Pissing Off Nigerian Scammers One At a Time! “
  • KLA 2004 talk

    1. 1. URGENT ASSISTANCE!! The truth about spam Beth Kraemer University of Kentucky
    2. 2. Outline <ul><li>Spam basics </li></ul><ul><li>Why do you get spam </li></ul><ul><li>Practical tips </li></ul><ul><li>__________________________ </li></ul><ul><li>Not comparing specific filters or products </li></ul><ul><li>Goal – To encourage you all to become rabid anti-spammers! </li></ul>
    3. 3. What is Spam <ul><li>Spam = Common term for unsolicited commercial or bulk email. </li></ul><ul><li>What’s that got to do with bulk email? </li></ul><ul><li>First “super spam”: April 13, 1994, two immigration lawyers (Laurence Canter and Martha Siegel) post a “green card lottery” ad to Usenet groups. </li></ul>
    4. 4. What is Spam <ul><li>Spam is flooding the Internet with many copies of the same message . </li></ul><ul><li>UCE or UBE - Unsolicited Commercial (Bulk) Email, alternate “technical” terms for spam </li></ul><ul><li>Commercial advertising, often for dubious products, get-rich-quick schemes, quasi-legal or illegal services. </li></ul><ul><li>Content is irrelevant! </li></ul><ul><li>Spam costs the sender very little to send. Cost is paid by the recipient or the carriers (ISPs) rather than by the sender. No other kind of advertising costs the advertiser so little, and the recipient so much. </li></ul>
    5. 5. Scope of the problem <ul><li>Approximately 70% of email is spam </li></ul><ul><li>*Hotmail, and other similar email systems </li></ul>
    6. 6. Is spam bad? <ul><li>Cost to the user </li></ul><ul><li>Cost to employers </li></ul><ul><li>Cost to internet service providers (ISPs) </li></ul><ul><li>Philosophical issues </li></ul>
    7. 7. Spam vs telemarketing and “junk mail” <ul><li>Cost results in self-regulation </li></ul><ul><li>Effective laws </li></ul>
    8. 8. Preventing spam: Can laws prevent spam? <ul><li>Spam is not protected “Free Speech”. </li></ul><ul><li>The “CAN SPAM” law went into effect on Jan 1, 2004 </li></ul><ul><ul><li>Must include a working return e-mail address </li></ul></ul><ul><ul><li>A valid postal address for the sending company </li></ul></ul><ul><ul><li>A working opt-out mechanism </li></ul></ul><ul><ul><li>A relevant subject line , which includes the designation “ADV” </li></ul></ul><ul><ul><li>The law also directs the U.S. Federal Trade Commission to study setting up a national do-not-spam list, similar to the national do-not-call telemarketing list now in effect. [ http://www.pcworld.com/news/article/0,aid,114287,00.asp ] </li></ul></ul><ul><li>International nature of the internet - If one country passes laws against spam, professional spammers will just move abroad. </li></ul><ul><li>Many people want as little government interference in the Internet as possible. </li></ul>
    9. 9. Preventing spam: Can technology prevent spam? <ul><li>Can email be saved?, InfoWorld , April 19, 2004 </li></ul><ul><li>Other technologies (IM, RSS): shift at least some portion of e communication </li></ul><ul><li>Requiring authentication/identification to send </li></ul><ul><li>“Computational schemes” e.g., The Penny Black Project (Microsoft) http://research.microsoft.com/research/sv/PennyBlack/ </li></ul>
    10. 10. Preventing spam: Can we (users) prevent spam? <ul><li>User strategies – Most effective current defense against spam is user-based (you have to do something) </li></ul>
    11. 11. Spam recipient strategies <ul><li>Ignore </li></ul><ul><li>Boycott </li></ul><ul><li>Filter </li></ul><ul><li>Report </li></ul><ul><li>Preventative measures </li></ul>
    12. 12. How do they find my email address?? <ul><li>Harvesting email addresses from web pages (e.g., your library’s staff directory) </li></ul><ul><li>Harvesting from newsgroups </li></ul><ul><li>“ Social Engineering” </li></ul><ul><li>Guessing </li></ul><ul><li>Stealing </li></ul><ul><li>Buying </li></ul>
    13. 13. Practical Tips Preventative Measures <ul><li>Read before you click – Look for opt-in default checks (licenses, registrations) </li></ul><ul><li>Use a disposable email address, esp. for newsgroups, registrations, etc. </li></ul><ul><li>Never respond to spam or purchase “spamvertized” products </li></ul><ul><li>Never give out personal info in response to email requests </li></ul>
    14. 14. Practical Tips Preventative Measures <ul><li>Don’t click on links in emails, unless you know the sender (consider formatting mail in “plain text” only) </li></ul><ul><li>Don’t use “unsubscribe” links in spam email! </li></ul><ul><li>Choose an email address that is difficult to guess </li></ul><ul><li>Get a new email address – start over </li></ul><ul><li>If your email address is listed on websites, hide the true address ( see http:// www.u.arizona.edu/~trw/spam / ) </li></ul>
    15. 17. <ul><li>__________________________________________ </li></ul><ul><li>Other options: </li></ul><ul><li>kraemer “at” uky “dot” edu </li></ul><ul><li>[email_address] , with a note saying “remove XXX to send mail” </li></ul><ul><li>Display the email address as an image file: </li></ul>
    16. 18. Practical Tips After the spam arrives <ul><li>Spam blocking/filtering </li></ul><ul><ul><ul><li>Many software options </li></ul></ul></ul><ul><li>Spam reporting </li></ul><ul><ul><ul><li>Requires accurate tracing </li></ul></ul></ul>
    17. 19. Filtering <ul><li>Many ISPs provide this option, you must turn it on. </li></ul><ul><li>Options include: </li></ul><ul><ul><li>Filter based on probability, content criteria (e.g., subject includes “viagra”) </li></ul></ul><ul><ul><li>Filter based on email address (e.g., everything from @pornking) </li></ul></ul><ul><ul><li>Accepting email ONLY from approved addresses (“Whitelist”), with email challenge sent to non-whitelist addresses </li></ul></ul><ul><ul><li>Spam-marking only (suspected spams are labled but still come in to your mail box) </li></ul></ul><ul><li>Filtering is not 100% effective. </li></ul>
    18. 22. Practical Tips After the spam arrives <ul><li>Spam blocking/filtering </li></ul><ul><ul><ul><li>Many software options </li></ul></ul></ul><ul><li>Spam reporting </li></ul><ul><ul><ul><li>Requires accurate tracing </li></ul></ul></ul>
    19. 23. Spam Reporting <ul><li>Report to </li></ul><ul><ul><li>spammer’s ISP </li></ul></ul><ul><ul><li>your ISP </li></ul></ul><ul><ul><li>independent tracking organizations </li></ul></ul><ul><ul><li>US government ( [email_address] ) </li></ul></ul><ul><li>Reporting might raise the cost of spamming so that it is no longer a practical marketing technique for one individual spammer (email/web account closed, possible legal action, and other minor headaches) </li></ul><ul><li>Reporting is information-gathering , a first step in creating a real solution </li></ul><ul><li>Requires that you identify the party REALLY responsible for the spam </li></ul>
    20. 24. Tracing the source of spam <ul><li>“From” addresses are regularly and easily faked </li></ul><ul><li>Email “headers” contain true delivery path of the message </li></ul><ul><li>Deciphering the header and then finding a contact email address for the system administrator can be difficult and time consuming </li></ul>
    21. 25. Email Headers <ul><li>Microsoft Mail Internet Headers Version 2.0 </li></ul><ul><li>Received: from e2kcn1.ad.uky.edu ([]) by e2kbe1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329); </li></ul><ul><li> Tue, 3 Aug 2004 13:56:24 -0400 </li></ul><ul><li>Received: from mr3.uky.edu ([]) by e2kcn1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329); </li></ul><ul><li> Tue, 3 Aug 2004 13:56:23 -0400 </li></ul><ul><li>Received: from e165000n0.fayette.k12.ky.us (fayette.k12.ky.us []) </li></ul><ul><li>by mr3.uky.edu (8.11.6/8.11.6) with ESMTP id i73Hu2320840 </li></ul><ul><li>for <kraemer@email.uky.edu>; Tue, 3 Aug 2004 13:56:02 -0400 </li></ul><ul><li>Received: by e165000n0.fayette.k12.ky.us </li></ul><ul><li>with XWall v3.29g ; </li></ul><ul><li>Tue, 3 Aug 2004 13:56:32 -0400 </li></ul><ul><li>From: &quot;Gordon, Liz&quot; <LGORDON@Fayette.k12.ky.us> </li></ul><ul><li>To: &quot;kraemer@email.uky.edu&quot; <kraemer@email.uky.edu> </li></ul><ul><li>Subject: doin'? </li></ul><ul><li>Date: Tue, 3 Aug 2004 13:55:25 -0400 </li></ul><ul><li>X-Assembled-By: XWall v3.29g </li></ul><ul><li>X-Mailer: Internet Mail Service (5.5.2657.72) </li></ul><ul><li>Message-ID: <313786356982D4118B4600508BC22FC40427E0A2@e165000n8.fayette.k12.ky.us> </li></ul><ul><li>Mime-Version: 1.0 </li></ul><ul><li>Content-Type: text/plain; charset=&quot;us-ascii&quot; </li></ul><ul><li>Content-Transfer-Encoding: quoted-printable </li></ul><ul><li>X-Mail-Router: No infection found </li></ul><ul><li>Return-Path: LGORDON@Fayette.k12.ky.us </li></ul><ul><li>X-OriginalArrivalTime: 03 Aug 2004 17:56:23.0858 (UTC) FILETIME=[30BCE920:01C47983] </li></ul>
    22. 29. http://www.spamcop.net/ <ul><li>Services: </li></ul><ul><li>Mail service </li></ul><ul><li>Block list </li></ul><ul><li>Email parsing, with or without reporting </li></ul>
    23. 36. Not spam, near spam and spam relatives <ul><li>Virus emails </li></ul><ul><li>Bounces as a *result* of spam </li></ul><ul><li>Website pop-ups </li></ul><ul><li>Windows pop-up messages </li></ul><ul><li>“ Spyware” </li></ul><ul><li>Blog spam - http://www.blogspam.org/ </li></ul><ul><li>Spam in instant messaging services (“spim”) </li></ul><ul><ul><li>Spam over cell phones (via messaging services) </li></ul></ul>
    24. 37. Spam scams <ul><li>FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk Email - http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm </li></ul><ul><li>Nigerian 419 spam </li></ul>
    25. 38. Spam scams <ul><li>“ Phishing” scams </li></ul><ul><li>Proper response: ignore or contact customer service (do not reply or click on any links) </li></ul>
    26. 39. Spam scams <ul><li>Underlying link is different </li></ul><ul><li>See http://www.millersmiles.co.uk for screenshots </li></ul>
    27. 40. Spam scams <ul><li>Another phishing scam </li></ul>
    28. 41. <ul><li><html><p><font face=&quot;Arial&quot;><A HREF=&quot; http://www.usbank.com/cgi_w/cfm/confirmation/account_access/account_confirm.cfm &quot;><map name=&quot;FPMap0&quot;><area coords=&quot;0, 0, 633, 303&quot; shape=&quot;rect&quot; href=&quot; http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D &quot;></map><img SRC=&quot;cid:part1.06080609.03090004@users-billing21@usbank.com&quot; border=&quot;0&quot; usemap=&quot;#FPMap0&quot;></A></a></font></p><p><font color=&quot;#FFFFFD&quot;> Cars I'm with you in 1994 Skateboarding in 1911 Penthouse in 1884 I'm not so well in 1951 Sure in 1834 Shania Twain Sites pass me </font></p></html> </li></ul><ul><li>http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D </li></ul><ul><li> </li></ul><ul><li>Server in Korea, definitely not US Bank </li></ul>
    29. 42. Why should librarians care? <ul><li>We receive spam </li></ul><ul><li>Our libraries have servers on the internet </li></ul><ul><li>Information literacy </li></ul><ul><li>Email is an electronic information resource. Anything that bogs down the internet impedes the flow of information. </li></ul>
    30. 43. Why should librarians care? <ul><li>“ UBE behaviour is destructive to the net. It reduces the ability of people to communicate. It has a chilling effect on free speech , as people simply refuse to involve themselves in the free exchange of ideas rather than get it.” -Peter da Silva </li></ul><ul><li>[One user]…“reports having blocked all e-mail from a site after having gotten just one spam that was apparently from that site. That's the biggest RISK of spam in my opinion. It cuts us off from each other .” -Keith Lynch </li></ul><ul><li>[These spammers] “…conveyed the message that their personal commercial ambitions were more important than the value of the commons. And that is the message they have been preaching -- get yours while you can, and ignore the protests of those who value the online culture of information-sharing. If these carpetbaggers prove successful, will others follow? How far can a network of cooperative agreements be pushed by the self-interest of individuals before it loses its value? When a flood of irrelevant announcements swamps newsgroups and mailing lists, what will happen to the support networks for cancer patients and Alzheimers' caregivers?” - Howard Rheingold </li></ul>
    31. 45. Glossary Spammer methods <ul><li>Phish </li></ul><ul><li>EBay </li></ul><ul><li>Murk </li></ul><ul><li>Click-Through </li></ul><ul><li>Page-Jacking </li></ul><ul><li>Opt-In /Opt-out </li></ul><ul><li>Hijacking </li></ul><ul><li>Listwashing </li></ul><ul><li>Throw-Away Account </li></ul><ul><li>Dictionary attack </li></ul><ul><li>Directory Harvest Attack (DHA) </li></ul><ul><li>Spoofing </li></ul><ul><li>Open Relay </li></ul><ul><li>Robot, Spider, Webcrawler </li></ul><ul><li>Spyware </li></ul><ul><li>Crosspost </li></ul>
    32. 46. Glossary Tracing/Reporting issues <ul><li>Dev null </li></ul><ul><li>Blackhole </li></ul><ul><li>Munge </li></ul><ul><li>Headers </li></ul><ul><li>ISP </li></ul><ul><li>Domain Name System blackhole list (DNSBL) </li></ul><ul><li>False negative </li></ul><ul><li>False positive </li></ul><ul><li>Blacklist (whitelist, greylist) </li></ul><ul><li>Bayesian Filtering </li></ul><ul><li>Tarpitting </li></ul><ul><li>Acceptable Use Policy (AUP) </li></ul><ul><li>Mail Bomb </li></ul>
    33. 47. Glossary Miscellaneous colorful terminology <ul><li>Spamvertise </li></ul><ul><li>Spew </li></ul><ul><li>Spamhaus </li></ul><ul><li>Pink </li></ul><ul><li>Nigerian 419 Scam </li></ul><ul><li>LART </li></ul><ul><li>Troll </li></ul><ul><li>Ham </li></ul>
    34. 48. Additional Useful Resources <ul><li>http://spam.abuse.net/ - Excellent overview site </li></ul><ul><li>http://www.u.arizona.edu/~trw/spam/ - Email obfuscation tools </li></ul><ul><li>http:// www.rahul.net/falk/glossary.html - Spam glossary </li></ul><ul><li>http://spam.surferbeware.com/ - Extensive anti-spam site </li></ul><ul><li>http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm </li></ul><ul><li>[email_address] - US gov’t address for reporting </li></ul><ul><li>http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm - Scam alerts from the US gov’t </li></ul><ul><li>http:// www.spamconference.org / - 2004 Spam Conference (includes Webcasts of all presentations) </li></ul><ul><li>http://banspam.javawoman.com – Includes addresses for reporting specific types of spam </li></ul>
    35. 49. Nigerian 419 scam <ul><li>http://www.spamscamscam.com/index.php “Actor Dean Cameron did not delete the email, but instead, began corresponding with one of the scammers. Writing as a lonely millionaire from Florida whose only companions were a Philippine houseboy, Kwan, and two cats, Mr. Snickers and JoJo the Dancing Clown, Cameron lured the unsuspecting scammer into a nine month correspondence full of intrigue, broken hearts, confusion, frustration and colon trouble.” </li></ul>