URGENT ASSISTANCE!!The truth about spam

Beth Kraemer

University of Kentucky

Outline

• Spam basics• Why do you get spam • Practical tips

__________________________

• Not comparing specific filters or products• Goal – To encourage you all to become

rabid anti-spammers!

What is Spam• Spam = Common term for unsolicited commercial or bulk email.

• What’s that got to do with bulk email?

• First “super spam”: April 13, 1994, two immigration lawyers (Laurence Canter and Martha Siegel) post a “green card lottery” ad to Usenet groups.

What is Spam

• Spam is flooding the Internet with many copies of the same message.

• UCE or UBE - Unsolicited Commercial (Bulk) Email, alternate “technical” terms for spam

• Commercial advertising, often for dubious products, get-rich-quick schemes, quasi-legal or illegal services.

• Content is irrelevant!• Spam costs the sender very little to send. Cost is paid by

the recipient or the carriers (ISPs) rather than by the sender. No other kind of advertising costs the advertiser so little, and the recipient so much.

Scope of the problem

Approximately 70% of email is spam

*Hotmail, and other similar email systems

Is spam bad?

• Cost to the user

• Cost to employers

• Cost to internet service providers (ISPs)

• Philosophical issues

Spam vs telemarketing and “junk mail”

• Cost results in self-regulation

• Effective laws

Preventing spam:Can laws prevent spam?

• Spam is not protected “Free Speech”.

• The “CAN SPAM” law went into effect on Jan 1, 2004– Must include a working return e-mail address– A valid postal address for the sending company– A working opt-out mechanism– A relevant subject line, which includes the designation “ADV”– The law also directs the U.S. Federal Trade Commission to study setting up a

national do-not-spam list, similar to the national do-not-call telemarketing list now in effect. [ http://www.pcworld.com/news/article/0,aid,114287,00.asp ]

• International nature of the internet - If one country passes laws against spam, professional spammers will just move abroad.

• Many people want as little government interference in the Internet as possible.

Preventing spam:Can technology prevent spam?

• Can email be saved?, InfoWorld, April 19, 2004

• Other technologies (IM, RSS): shift at least some portion of e communication

• Requiring authentication/identification to send

• “Computational schemes” e.g., The Penny Black Project (Microsoft) http://research.microsoft.com/research/sv/PennyBlack/

Preventing spam:Can we (users) prevent spam?

User strategies – Most effective current defense against spam is user-based (you have to do something)

Spam recipient strategies

• Ignore

• Boycott

• Filter

• Report

• Preventative measures

How do they find my email address??

• Harvesting email addresses from web pages (e.g., your library’s staff directory)

• Harvesting from newsgroups

• “Social Engineering”

• Guessing

• Stealing

• Buying

Practical TipsPreventative Measures

• Read before you click – Look for opt-in default checks (licenses, registrations)

• Use a disposable email address, esp. for newsgroups, registrations, etc.

• Never respond to spam or purchase “spamvertized” products

• Never give out personal info in response to email requests

Practical TipsPreventative Measures

• Don’t click on links in emails, unless you know the sender (consider formatting mail in “plain text” only)

• Don’t use “unsubscribe” links in spam email!

• Choose an email address that is difficult to guess

• Get a new email address – start over

• If your email address is listed on websites, hide the true address (see http://www.u.arizona.edu/~trw/spam/)

__________________________________________

Other options:

• kraemer “at” uky “dot” edu• kraemerXXX@uky.edu, with a note saying “remove XXX

to send mail”• Display the email address as an image file:

Practical TipsAfter the spam arrives

• Spam blocking/filtering• Many software options

• Spam reporting • Requires accurate tracing

Filtering

• Many ISPs provide this option, you must turn it on.

• Options include:– Filter based on probability, content criteria (e.g., subject includes

“viagra”)– Filter based on email address (e.g., everything from @pornking)– Accepting email ONLY from approved addresses (“Whitelist”),

with email challenge sent to non-whitelist addresses– Spam-marking only (suspected spams are labled but still come

in to your mail box)

• Filtering is not 100% effective.

Practical TipsAfter the spam arrives

• Spam blocking/filtering• Many software options

• Spam reporting • Requires accurate tracing

Spam Reporting

• Report to– spammer’s ISP– your ISP– independent tracking organizations– US government (spam@uce.gov)

• Reporting might raise the cost of spamming so that it is no longer a practical marketing technique for one individual spammer (email/web account closed, possible legal action, and other minor headaches)

• Reporting is information-gathering, a first step in creating a real solution

• Requires that you identify the party REALLY responsible for the spam

Tracing the source of spam

• “From” addresses are regularly and easily faked

• Email “headers” contain true delivery path of the message

• Deciphering the header and then finding a contact email address for the system administrator can be difficult and time consuming

Email HeadersMicrosoft Mail Internet Headers Version 2.0Received: from e2kcn1.ad.uky.edu ([128.163.2.89]) by e2kbe1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329);

Tue, 3 Aug 2004 13:56:24 -0400Received: from mr3.uky.edu ([128.163.2.152]) by e2kcn1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329);

Tue, 3 Aug 2004 13:56:23 -0400Received: from e165000n0.fayette.k12.ky.us (fayette.k12.ky.us [170.180.6.135])

by mr3.uky.edu (8.11.6/8.11.6) with ESMTP id i73Hu2320840for <kraemer@email.uky.edu>; Tue, 3 Aug 2004 13:56:02 -0400

Received: by e165000n0.fayette.k12.ky.uswith XWall v3.29g ;Tue, 3 Aug 2004 13:56:32 -0400

From: "Gordon, Liz" <LGORDON@Fayette.k12.ky.us>To: "kraemer@email.uky.edu" <kraemer@email.uky.edu>Subject: doin'?Date: Tue, 3 Aug 2004 13:55:25 -0400X-Assembled-By: XWall v3.29gX-Mailer: Internet Mail Service (5.5.2657.72)Message-ID: <313786356982D4118B4600508BC22FC40427E0A2@e165000n8.fayette.k12.ky.us>Mime-Version: 1.0Content-Type: text/plain; charset="us-ascii"Content-Transfer-Encoding: quoted-printableX-Mail-Router: No infection foundReturn-Path: LGORDON@Fayette.k12.ky.usX-OriginalArrivalTime: 03 Aug 2004 17:56:23.0858 (UTC) FILETIME=[30BCE920:01C47983]

http://www.spamcop.net/

Services:• Mail service• Block list• Email parsing,

with or without reporting

Not spam, near spam and spam relatives

• Virus emails• Bounces as a *result* of spam• Website pop-ups• Windows pop-up messages• “Spyware”• Blog spam - http://www.blogspam.org/• Spam in instant messaging services (“spim”)

– Spam over cell phones (via messaging services)

Spam scams

• FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk Email - http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm

• Nigerian 419 spam

Spam scams

• “Phishing” scams• Proper response:

ignore or contact customer service (do not reply or click on any links)

Spam scams

• Underlying link is different

• See http://www.millersmiles.co.uk for screenshots

Spam scams

• Another phishing scam

• <html><p><font face="Arial"><A HREF="http://www.usbank.com/cgi_w/cfm/confirmation/account_access/account_confirm.cfm"><map name="FPMap0"><area coords="0, 0, 633, 303" shape="rect" href="http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid:part1.06080609.03090004@users-billing21@usbank.com" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFFD">Cars I'm with you in 1994 Skateboarding in 1911 Penthouse in 1884 I'm not so well in 1951 Sure in 1834 Shania Twain Sites pass me </font></p></html>

• http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D

• 211.232.143.227:4901/cfm/index.htm

• Server in Korea, definitely not US Bank

Why should librarians care?

• We receive spam

• Our libraries have servers on the internet

• Information literacy

• Email is an electronic information resource. Anything that bogs down the internet impedes the flow of information.

Why should librarians care?• “UBE behaviour is destructive to the net. It reduces the ability of people to

communicate. It has a chilling effect on free speech, as people simply refuse to involve themselves in the free exchange of ideas rather than get it.” -Peter da Silva

• [One user]…“reports having blocked all e-mail from a site after having gotten just one spam that was apparently from that site. That's the biggest RISK of spam in my opinion. It cuts us off from each other.” -Keith Lynch

• [These spammers] “…conveyed the message that their personal commercial ambitions were more important than the value of the commons. And that is the message they have been preaching -- get yours while you can, and ignore the protests of those who value the online culture of information-sharing. If these carpetbaggers prove successful, will others follow? How far can a network of cooperative agreements be pushed by the self-interest of individuals before it loses its value? When a flood of irrelevant announcements swamps newsgroups and mailing lists, what will happen to the support networks for cancer patients and Alzheimers' caregivers?” - Howard Rheingold

GlossarySpammer methods

• Phish • EBay • Murk • Click-Through • Page-Jacking • Opt-In /Opt-out• Hijacking• Listwashing • Throw-Away

Account

• Dictionary attack• Directory Harvest

Attack (DHA)• Spoofing• Open Relay• Robot, Spider,

Webcrawler• Spyware• Crosspost

GlossaryTracing/Reporting issues

• Dev null• Blackhole • Munge • Headers • ISP• Domain Name

System blackhole list (DNSBL)

• False negative• False positive• Blacklist (whitelist,

greylist)• Bayesian Filtering • Tarpitting• Acceptable Use

Policy (AUP)• Mail Bomb

GlossaryMiscellaneous colorful terminology

• Spamvertise • Spew• Spamhaus• Pink• Nigerian 419 Scam • LART• Troll• Ham

Additional Useful Resources

• http://spam.abuse.net/ - Excellent overview site • http://www.u.arizona.edu/~trw/spam/ - Email obfuscation

tools • http://www.rahul.net/falk/glossary.html - Spam glossary• http://spam.surferbeware.com/ - Extensive anti-spam site• http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm• spam@uce.gov - US gov’t address for reporting• http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm -

Scam alerts from the US gov’t• http://www.spamconference.org/ - 2004 Spam Conference

(includes Webcasts of all presentations)• http://banspam.javawoman.com – Includes addresses for

reporting specific types of spam

Nigerian 419 scam• http://www.spamscamscam.co

m/index.php “Actor Dean Cameron did not delete the email, but instead, began corresponding with one of the scammers. Writing as a lonely millionaire from Florida whose only companions were a Philippine houseboy, Kwan, and two cats, Mr. Snickers and JoJo the Dancing Clown, Cameron lured the unsuspecting scammer into a nine month correspondence full of intrigue, broken hearts, confusion, frustration and colon trouble.”