kla 2004 talk
TRANSCRIPT
URGENT ASSISTANCE!!The truth about spam
Beth Kraemer
University of Kentucky
Outline
• Spam basics• Why do you get spam • Practical tips
__________________________
• Not comparing specific filters or products• Goal – To encourage you all to become
rabid anti-spammers!
What is Spam• Spam = Common term for unsolicited commercial or bulk email.
• What’s that got to do with bulk email?
• First “super spam”: April 13, 1994, two immigration lawyers (Laurence Canter and Martha Siegel) post a “green card lottery” ad to Usenet groups.
What is Spam
• Spam is flooding the Internet with many copies of the same message.
• UCE or UBE - Unsolicited Commercial (Bulk) Email, alternate “technical” terms for spam
• Commercial advertising, often for dubious products, get-rich-quick schemes, quasi-legal or illegal services.
• Content is irrelevant!• Spam costs the sender very little to send. Cost is paid by
the recipient or the carriers (ISPs) rather than by the sender. No other kind of advertising costs the advertiser so little, and the recipient so much.
Scope of the problem
Approximately 70% of email is spam
*Hotmail, and other similar email systems
Is spam bad?
• Cost to the user
• Cost to employers
• Cost to internet service providers (ISPs)
• Philosophical issues
Spam vs telemarketing and “junk mail”
• Cost results in self-regulation
• Effective laws
Preventing spam:Can laws prevent spam?
• Spam is not protected “Free Speech”.
• The “CAN SPAM” law went into effect on Jan 1, 2004– Must include a working return e-mail address– A valid postal address for the sending company– A working opt-out mechanism– A relevant subject line, which includes the designation “ADV”– The law also directs the U.S. Federal Trade Commission to study setting up a
national do-not-spam list, similar to the national do-not-call telemarketing list now in effect. [ http://www.pcworld.com/news/article/0,aid,114287,00.asp ]
• International nature of the internet - If one country passes laws against spam, professional spammers will just move abroad.
• Many people want as little government interference in the Internet as possible.
Preventing spam:Can technology prevent spam?
• Can email be saved?, InfoWorld, April 19, 2004
• Other technologies (IM, RSS): shift at least some portion of e communication
• Requiring authentication/identification to send
• “Computational schemes” e.g., The Penny Black Project (Microsoft) http://research.microsoft.com/research/sv/PennyBlack/
Preventing spam:Can we (users) prevent spam?
User strategies – Most effective current defense against spam is user-based (you have to do something)
Spam recipient strategies
• Ignore
• Boycott
• Filter
• Report
• Preventative measures
How do they find my email address??
• Harvesting email addresses from web pages (e.g., your library’s staff directory)
• Harvesting from newsgroups
• “Social Engineering”
• Guessing
• Stealing
• Buying
Practical TipsPreventative Measures
• Read before you click – Look for opt-in default checks (licenses, registrations)
• Use a disposable email address, esp. for newsgroups, registrations, etc.
• Never respond to spam or purchase “spamvertized” products
• Never give out personal info in response to email requests
Practical TipsPreventative Measures
• Don’t click on links in emails, unless you know the sender (consider formatting mail in “plain text” only)
• Don’t use “unsubscribe” links in spam email!
• Choose an email address that is difficult to guess
• Get a new email address – start over
• If your email address is listed on websites, hide the true address (see http://www.u.arizona.edu/~trw/spam/)
__________________________________________
Other options:
• kraemer “at” uky “dot” edu• [email protected], with a note saying “remove XXX
to send mail”• Display the email address as an image file:
Practical TipsAfter the spam arrives
• Spam blocking/filtering• Many software options
• Spam reporting • Requires accurate tracing
Filtering
• Many ISPs provide this option, you must turn it on.
• Options include:– Filter based on probability, content criteria (e.g., subject includes
“viagra”)– Filter based on email address (e.g., everything from @pornking)– Accepting email ONLY from approved addresses (“Whitelist”),
with email challenge sent to non-whitelist addresses– Spam-marking only (suspected spams are labled but still come
in to your mail box)
• Filtering is not 100% effective.
Practical TipsAfter the spam arrives
• Spam blocking/filtering• Many software options
• Spam reporting • Requires accurate tracing
Spam Reporting
• Report to– spammer’s ISP– your ISP– independent tracking organizations– US government ([email protected])
• Reporting might raise the cost of spamming so that it is no longer a practical marketing technique for one individual spammer (email/web account closed, possible legal action, and other minor headaches)
• Reporting is information-gathering, a first step in creating a real solution
• Requires that you identify the party REALLY responsible for the spam
Tracing the source of spam
• “From” addresses are regularly and easily faked
• Email “headers” contain true delivery path of the message
• Deciphering the header and then finding a contact email address for the system administrator can be difficult and time consuming
Email HeadersMicrosoft Mail Internet Headers Version 2.0Received: from e2kcn1.ad.uky.edu ([128.163.2.89]) by e2kbe1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 3 Aug 2004 13:56:24 -0400Received: from mr3.uky.edu ([128.163.2.152]) by e2kcn1.ad.uky.edu with Microsoft SMTPSVC(5.0.2195.5329);
Tue, 3 Aug 2004 13:56:23 -0400Received: from e165000n0.fayette.k12.ky.us (fayette.k12.ky.us [170.180.6.135])
by mr3.uky.edu (8.11.6/8.11.6) with ESMTP id i73Hu2320840for <[email protected]>; Tue, 3 Aug 2004 13:56:02 -0400
Received: by e165000n0.fayette.k12.ky.uswith XWall v3.29g ;Tue, 3 Aug 2004 13:56:32 -0400
From: "Gordon, Liz" <[email protected]>To: "[email protected]" <[email protected]>Subject: doin'?Date: Tue, 3 Aug 2004 13:55:25 -0400X-Assembled-By: XWall v3.29gX-Mailer: Internet Mail Service (5.5.2657.72)Message-ID: <313786356982D4118B4600508BC22FC40427E0A2@e165000n8.fayette.k12.ky.us>Mime-Version: 1.0Content-Type: text/plain; charset="us-ascii"Content-Transfer-Encoding: quoted-printableX-Mail-Router: No infection foundReturn-Path: [email protected]: 03 Aug 2004 17:56:23.0858 (UTC) FILETIME=[30BCE920:01C47983]
http://www.spamcop.net/
Services:• Mail service• Block list• Email parsing,
with or without reporting
Not spam, near spam and spam relatives
• Virus emails• Bounces as a *result* of spam• Website pop-ups• Windows pop-up messages• “Spyware”• Blog spam - http://www.blogspam.org/• Spam in instant messaging services (“spim”)
– Spam over cell phones (via messaging services)
Spam scams
• FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk Email - http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
• Nigerian 419 spam
Spam scams
• “Phishing” scams• Proper response:
ignore or contact customer service (do not reply or click on any links)
Spam scams
• Underlying link is different
• See http://www.millersmiles.co.uk for screenshots
Spam scams
• Another phishing scam
• <html><p><font face="Arial"><A HREF="http://www.usbank.com/cgi_w/cfm/confirmation/account_access/account_confirm.cfm"><map name="FPMap0"><area coords="0, 0, 633, 303" shape="rect" href="http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid:part1.06080609.03090004@[email protected]" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFFD">Cars I'm with you in 1994 Skateboarding in 1911 Penthouse in 1884 I'm not so well in 1951 Sure in 1834 Shania Twain Sites pass me </font></p></html>
• http://%32%31%31%2E%32%33%32%2E%31%34%33%2E%32%32%37:%34%39%30%31/%63%66%6D/%69%6E%64%65%78%2E%68%74%6D
• 211.232.143.227:4901/cfm/index.htm
• Server in Korea, definitely not US Bank
Why should librarians care?
• We receive spam
• Our libraries have servers on the internet
• Information literacy
• Email is an electronic information resource. Anything that bogs down the internet impedes the flow of information.
Why should librarians care?• “UBE behaviour is destructive to the net. It reduces the ability of people to
communicate. It has a chilling effect on free speech, as people simply refuse to involve themselves in the free exchange of ideas rather than get it.” -Peter da Silva
• [One user]…“reports having blocked all e-mail from a site after having gotten just one spam that was apparently from that site. That's the biggest RISK of spam in my opinion. It cuts us off from each other.” -Keith Lynch
• [These spammers] “…conveyed the message that their personal commercial ambitions were more important than the value of the commons. And that is the message they have been preaching -- get yours while you can, and ignore the protests of those who value the online culture of information-sharing. If these carpetbaggers prove successful, will others follow? How far can a network of cooperative agreements be pushed by the self-interest of individuals before it loses its value? When a flood of irrelevant announcements swamps newsgroups and mailing lists, what will happen to the support networks for cancer patients and Alzheimers' caregivers?” - Howard Rheingold
GlossarySpammer methods
• Phish • EBay • Murk • Click-Through • Page-Jacking • Opt-In /Opt-out• Hijacking• Listwashing • Throw-Away
Account
• Dictionary attack• Directory Harvest
Attack (DHA)• Spoofing• Open Relay• Robot, Spider,
Webcrawler• Spyware• Crosspost
GlossaryTracing/Reporting issues
• Dev null• Blackhole • Munge • Headers • ISP• Domain Name
System blackhole list (DNSBL)
• False negative• False positive• Blacklist (whitelist,
greylist)• Bayesian Filtering • Tarpitting• Acceptable Use
Policy (AUP)• Mail Bomb
GlossaryMiscellaneous colorful terminology
• Spamvertise • Spew• Spamhaus• Pink• Nigerian 419 Scam • LART• Troll• Ham
Additional Useful Resources
• http://spam.abuse.net/ - Excellent overview site • http://www.u.arizona.edu/~trw/spam/ - Email obfuscation
tools • http://www.rahul.net/falk/glossary.html - Spam glossary• http://spam.surferbeware.com/ - Extensive anti-spam site• http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm• [email protected] - US gov’t address for reporting• http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm -
Scam alerts from the US gov’t• http://www.spamconference.org/ - 2004 Spam Conference
(includes Webcasts of all presentations)• http://banspam.javawoman.com – Includes addresses for
reporting specific types of spam
Nigerian 419 scam• http://www.spamscamscam.co
m/index.php “Actor Dean Cameron did not delete the email, but instead, began corresponding with one of the scammers. Writing as a lonely millionaire from Florida whose only companions were a Philippine houseboy, Kwan, and two cats, Mr. Snickers and JoJo the Dancing Clown, Cameron lured the unsuspecting scammer into a nine month correspondence full of intrigue, broken hearts, confusion, frustration and colon trouble.”