|
1
|
- Richard M. Smith
- Internet Security and Privacy Consultant
- rms@ComputerBytesMan.com
|
|
2
|
- How do spammers get my email address?
- Answers:
- From Web pages
- From newsgroup postings
- From email directories (Yahoo)
- By guessing; dictionary attacks (e.g. smith@aol.com)
- Theft of customer lists
- By doing business with Web sites
|
|
3
|
- Go to the Google search engine and type in your email address
- If Google finds your email address, so will the spammers
- My email address appears on 500+ Web pages
- I get a lot of spam
- One solution: Change your email address and keep the new address secret
|
|
4
|
- My spam collection
- May 2001: 68 messages
- December 2001: 123 messages
- May 2002: 371 messages
- November 2002: 462 messages
- Brightmail: 40% of all email is now spam
|
|
5
|
- “Tragedy of the commons is a metaphor that illustrates the destruction
of public resources by private interests when the best strategy for
individuals conflicts with the common good.” [Wikipedia]
- “The Tragedy of the Electronic Commons” By Howard Rheingold
|
|
6
|
- Bulk email services (soup to nuts) [1]
- Self service [2] (You too can be a spammer right from your own home!)
- Bulk email software
- List management software
- Email address scanner bots
- Email list brokers [3]
|
|
7
|
- Signed up for SpamAssassin at his ISP
- “Works great”
- The false positive problem: ACLU newsletter was labeled as spam J
- The arms race problem: Some spammers are now using a
single image that cannot be content filtered by SpamAssassin
|
|
8
|
- Works in the PR business
- Spammers got her email from Web sites
- Porn spam seemed like an “assault”
- Solution
- Spam blocking service ($5 per month)
- Turned off preview pane
- Switched email address
- No longer puts her email address online
|
|
9
|
- Runs an email service house for newspapers (e.g. Boston Herald)
- Mails out daily news summaries
- People forget they sign up and Ron gets “nastygrams” about being a
spammer
- Anti-spam services blocked his IP address because he uses Rackspace;
“Guilt by association”
|
|
10
|
- Used the Washington state anti-spam law
- Right of private action
- Can’t send unsolicited messages
- No fake information
- Won 8 lawsuits in small claims court
- Collected $2,000 to $3,000
- Good learning experience but not really worth the money
|
|
11
|
- One of top 5 spammers
- Overloaded Verizon email servers in November 2000
- Email was flakey for 2 weeks at Verizon
- My family dropped Verizon DSL service and switched to RCN cablemodem
service
|
|
12
|
- Verizon sued Ralsky in March 2001
- Lawsuit based on Virginia anti-spam law
- Settled out of court in Oct. 2002
- Verizon got money
- Ralsky agreed to stop spamming Verizon customers
|
|
13
|
- Alan Ralsky was “slash-dotted”
- Home address was published on Slashdot
- Bombarded with junk mail
- Not a happy camper
|
|
14
|
- AOL just won $7 million against CN Productions, an alleged porn spammer
- Washington State vs. Eduardo Haberli lawsuit was just filed. Deceptive subject lines.
- FTC sting operation against chain letters.
|
|
15
|
- Consumer protection issues are handled by the FTC and state AG offices
- Based on existing law
- Deceptive trade practices
- Fraud (“Get rich quick”)
- Fake return addresses and forged email headers
- Removal schemes that don’t work
|
|
16
|
- Spam will never go away completely
- The spam problem will get worse before it gets better
- ISPs have financial incentives to help fix the problem
- Expect more lawsuits against spammers
- “Legit” direct marketers worry that spam will ruin email as a marketing
tool
|
Notes