|
Finding
a Common Ground
With
spam making up roughly half of all e-mails sent,
the need to deal with it has taken on a new
sense of urgency. Of particular concern is cross-border
activity, which necessitates a coordinated global
action and harmonized legislation to effectively
address it. Unfortunately, the progress towards
an agreement between the U.S. and the European
Union stand at a critical juncture due to a
major disagreement on the route to take.
European
Union anti-spam laws require all e-mail senders,
whether legitimate advertisers or spammers,
to get permission from the recipient before
sending them commercial e-mail. This so-called
"opt-in" mechanism is, for European
politicians and business officials, an effective
way to restrain spammers. But current U.S. bills
propose a more marketer-friendly "opt-out"
approach, which has prompted a contingent of
British politicians to travel to the US to try
and persuade their counterparts to agree to
the “opt-in” specification. (Read
more about this in the “British MPs head
to US on anti-spam mission” article in
this month’s issue.)
The
spam problem is so great that countries have
to work together to solve it. Let’s
hope that the US and EU will soon come to an
agreement or at least find a common ground.
VeriSign Slammed for
New Policy that Aids Spammers
Network operators,
anti-spam campaigners, security experts and
engineers have hit out at VeriSign over the
changes it made to the top-level domain system.
VeriSign is a California-based company who enjoys
a government-granted monopoly as the master
database administrator for .com and .net.
VeriSign's new
online search service called Site Finder, redirects
domain lookups for misspelled or nonexistent
domain names to its own site, a process that
has confused Internet e-mail utilities. Anti-spam
operators protested that the process disabled
their software’s ability to check on the
validity of a domain name. As a result, the
software allowed all forged e-mail addresses
of spammers to get through. In an unusual kind
of grassroots movement, some frustrated network
administrators have begun to launch technical
countermeasures against VeriSign.
VeriSign only agreed
to suspend the Site Finder service after the
Internet Corporation for Assigned Names and
Numbers or ICANN threatened to take legal action
if it doesn't shut down the service.
Source:
ZDNet Australia, www.wired.com
Back to top
British
MPs Head to US on Anti-spam Mission
MPs from the UK will appear before
a Congressional hearing this month to urge the
US to take strong action against the proliferation
of spam. In particular, they are seeking to
persuade their political colleagues to consider
an “opt-in” approach to spam as
opposed to the current “opt-out”.
According
to MP Derek Wyatt, the US’ opt-out system
is "philosophically different" to
the EU's and a "recipe for disaster".
In the US, the consumer opt-outs from receiving
a direct e-mail by indicating at the bottom
of the said e-mail that he wants to be taken
out of the list. Experts claim this would be
disastrous for the future of the Internet, as
it would effectively legitimize the practice
of spamming. In contrast, the EU advocates the
“opt-in” method which means that
consumers should no longer get unsolicited commercial
e-mails unless they have opted-in to receive
them. The UK government claims this move should
help to combat spam.
Meanwhile,
the UK government has introduced legislation
that aims to protect Internet and mobile phone
users from spam. The new law, which is Britain’s
implementation of the EU Privacy and Electronics
Communications Directive, makes it an offense
for a UK company to send junk e-mail or text
messages unless the recipient has given his
permission to receive such material. Firms who
violate the law face a £5,000 fine for
each breach. The law takes effect on December
11.
Source: The
Register, www.silicon.com
California
Set to Enforce Toughest Anti-spam Bill in the
US
California Governor Gray Davis
recently signed into law the toughest anti-spam
bill in the US. The law bans unsolicited commercial
email unless the sender has a pre-existing business
relationship with the recipient. It gives the
individuals the right to sue and has possible
ramifications for advertisers for whom spam
is sent, rather than just the spammers themselves.
Senders of unsolicited messages
could be held liable for damages up to US$1,000
for each message to an individual and up to
US$1 million for each e-mail advertisement sent
out. The law, which passed the state Senate
on Sept. 11 as Senate Bill 186, is set to take
effect Jan. 1.
Source:
IDG News Service, San Francisco Bureau
Texas
State Law Won't Prevent Spam
Under the new Texas state law
which took effect recently, spam will have to
be identified by including “ADV”
in the subject line of the e-mail. If the mail
contains adult or sexual content, the subject
line must read "ADV: adult advertisement”.
According to an industry expert,
the law is weak as it just basically legitimizes
spam and only targets spammers in Texas.
Source:
www.kauz.com
Back to top
Spammers
to Face Jail in Italy
Senders of unsolicited junk
e-mails in Italy are now going to face jail
sentences of up to three years. The country's
privacy watchdog issued a ruling in an attempt
to limit the huge amount of advertising and
promotional material sent online. Offenders
now risk fines of up to 90,000 euros and between
six months and three years in prison, if it
is proved that they did it to make a profit.
The ruling follows estimates
by the European Commission that spam e-mails
cost EU companies approximately 2.25bn euros
in lost productivity last year and that between
one-third and 50% of all e-mails sent or received
are now junk or spam.
Source:
BBC News
Dail Bill Tabled to
Control Spam
Fine
Gael recently tabled an anti-spam bill in the
Dail, which will require Internet service providers
to filter and reduce spam e-mails. The bill
also makes it an offense to send unsolicited
commercial e-mails.
According to Hugh Coveney, the
Fine Gael spokesman on communications, spam
is the main factor assisting the spread of computer
viruses. This forces Irish businesses to spend
a fortune constantly upgrading their anti-virus
software. It is estimated that the cost to business
of spam across the economy comes to a total
of E188m per year.
Source:
BizWorld
Back to top
AU Net Users
Caught in Spam War Crossfire
Australian broadband users have
unknowingly been caught in the war between spammers
and spam blacklist operators.
Several Telstra broadband users
have been identified by the operators of the
spam and Open Relay Blocking System (SORBS)
blacklist, as the source of some of the distributed
denial of service (DdoS) attacks aimed at knocking
down the service. SORBS operator Matthew Sullivan
said that some of the traffic was traced to
Telstra through SORBS' bandwidth provider. He
acknowledged that most of the time it’s
a spoofed attack and that it’s likely
that the broadband users’ machines have
been hijacked by spammers. Sullivan
is currently working with security clearing-house
AusCERT to try and crack down on the Australian
component of the attack. For its part, Telstra
announced that any user's machine found to be
involved in a DDoS will be immediately disconnected
from its BigPond broadband network.
Source:
ZDNet Australia
Anti-spam
Legislation Gains Starting to be Felt in South
Korea
Thanks
to new anti-spam legislation, South Korean Internet
users are now receiving less spam.
According
to the Korean Information Security Agency, the
spam e-mails received in July were 20 percent
fewer, down from an all-time high of 43 per
day in March, after laws prescribing huge fines
on companies that send unsolicited e-mail were
enacted.
The new laws required online marketers to label
their e-mails as advertisements and set up a
free telephone hotline for people who wish to
opt out of future e-mails. The laws also forbid
marketers from scanning Web sites for e-mail
addresses. Just recently, the South Korean government
slapped fines on six Web sites for flooding
Internet users with spam e-mails. The fines
were between $3,400 and $4,300.
Source: Washington Times
Back to top
Hotel Internet
Connections Now Used in Spamming
The
use of hotel Internet connections to send unsolicited
e-mail is becoming popular among spammers, reports
a firm that operates an e-mail protection service
based in Canada.
The
idea is to shift the liability to the hotel.
Spammers book a room overnight, setup a laptop
to mail-out millions of unsolicited e-mails,
and then leave. Hotels could be blamed for the
unsolicited e-mail activities, and end up in
a number of mail server blacklists, which could
damage the hotels' reputation within the Internet
community. By the time the source of the unsolicited
mail is traced, the spammer has already checked
out and left for the next one, leaving the hotel
to clean up its reputation.
Source:
PRWEB, emediawire.com
Spammers
Turn to Chain Letters to Collect Addresses
Spammers have found yet another
way to continue their spamming activities. Computer
experts warn that some spammers are already
using chain letters to collect e-mail addresses.
According
to Bill Orvis, who maintains the U.S. Department
of Energy's hoax advisory Web site, chain letters
are the ideal place to collect addresses. People
have been known to willingly post their names
and e-mail addresses there, making a list that
could go on for pages.
Although no spammers have been caught gathering
e-mail addresses from chain letters so far,
Orvis thinks that it's just a matter of time.
Some organizations that help users and companies
fight spam have already posted Web warnings
for the public, apparently taking notice of
its dangers. Other spam experts, however, are
skeptical about the idea that spammers are using
chain letters in this way.
Source: CNN
Back to top
 |
Opinions From Inspector Mails
| Inspector Mails is the AI entity for Bigfoot's
Anti-spam
Solution. He will be
giving regular updates on his
opinions on current anti-spam
trends. |
|
Spam Blends
with Viruses
Network
security specialists are convinced that the
creator of SoBig, the latest worm to hit cyberspace,
has used spamming techniques to quickly spread
it. This link between worms like SoBig.F and
spammers greatly amplifies the impact for end
users, who are already having a hard time coping
with spam's exponential growth.
Some
theories spreading around suggest that the virus
writer may have collaborated with a spammer
to distribute the virus-carrying e-mail or may
have taken advantage of an open proxy to distribute
the e-mail. Another scenario is that the virus
writer is more likely also an active spammer.
The
Sobig.F carrying spam mails are spoofed and
arrive with subject lines like "Re: That
Movie" or "Re: Wicked Screensaver,"
with attached, zipped .pif files. The worm is
activated only when the users click on these
files. The fact that Sobig.F is spreading indicates
that most users are not as security-aware as
they need to be.
IT
departments have the responsibility to improve
security education for all users to prevent
the inadvertent spread of worms. Technical support
people are fond of saying that end users are
part of the problem. Well, that’s true
for the most part, but they're also part of
the solution.
Back to top
SPAMMERS’
LIST
Why
not publicly list the major spammers?
This will go a long way to eliminate
them.
|
| Ralph |
There are many Internet sites that
list known spammers. One of the most
popular and widely used is ROKSO (Register
of Known Spam Operations) maintained
by Spamhaus, a UK-based, non-profit
organization. ROKSO
is a free-access public register that
contains information and evidence
on known hard-line spam operations
that have been thrown off a minimum
of 3 consecutive ISPs for serious
spam offenses.
|
| EMAIL
PROVIDERS AND SPAM What
can you do to prevent or take action
against someone who has seemingly hijacked
your mail address on an online server
such as Yahoo or Hotmail? I received
tons of bulk mail over a period of time
that were either replies to mail I never
sent or "cannot deliver mail"
reports also for mail I never sent in
the first place. What can I do? |
E.B. |
Is it just hopeless to expect AOL to do
anything about spam? Of the forty e-mail
messages received in my AOL account daily,
approximately 35 are pure spam. Does AOL
not have some obligation to install spam
filters? Or at least to provide a way
to filter mail before it downloads? |
Tog
|
We’d
like to refer you to the article that
came out in our March 2003 issue entitled
“The Big Boys Step Out”. In
this article, you will read about what
AOL and MSN are doing as they try to win
the war against spam. |
EMAIL
POSTAGE AS SOLUTION FOR SPAM?
I
am surprised that no one (almost)
has suggested that the solution to
spam is implementation of e-mail postage
- say, $0.01/e-mail. I would gladly
pay this postage as I think most people
and legit organizations will.
|
LW |
You might be interested to know that your
suggestion is currently being worked out
by no less than the prominent Anti-spam
Research Group (ASRG). In the article
entitled “Anti-spam Research Group
Plans To Set New Internet Standards”
which came out in our June 2003 issue,
we featured the ASRG's plans to standardize
anti-spam technologies which include the
imposition of mandatory microfines for
unsolicited e-mails. The timeframe set
for this project is two years. |
We appreciate all of the comments and overwhelming
response we have received to the Anti-spam newsletter
and we will be addressing your concerns in the
next issue. You may send any comments regarding
the newsletter to antispam.review@bigfoot.com.
As we do reprint some of the comments of subscribers,
if you prefer that your email address be withheld,
simply advise Bigfoot and provide us a first name,
city and state as an alternative.
Back to top
 |
The following message was sent to you as
a subscriber of Bigfoot.com. We will continue
to bring you valuable offers on the products
and services that interest you most. If
you wish to unsubscribe, click
here. |
|
