How can we put an end to spam?
Answer:
Everyone wants maximum protection of their on-line data which can be stored in a fully-encrypted manner. That would satisfy a whole bunch of cloud issues, including the Fourth Amendment as it applies to the Cloud , which is really not framed out.
The larger issue I see is that ALL EMAIL flows over the Internet in 'Clear Text' (readable) form.
We take the precaution as a matter of privacy to be sure to enclose our paper mail in an envelope do we not?
Why shouldn't the same convention and assumption of a right to Privacy apply to mail sent on the Internet? Not just its 'storage'.
That's where OpenPGP comes in. But you can't make it happen unless there is a Federal mandate in place and a Global set of Treaties could unify the supposed: 'Email Postal Encryption Act'.
Making a Mandate should be accompanied by Government Funding to facilitate defraying the cost of bringing Email software applications into compliance over a period of time to the extent that such applications would incorporate PGP and self-signed certificates for encrypted email and make the process of sending a PGP email from an application usability standpoint sufficiently easy for any person to use with a minimum computer literacy level being assumed.
So, why do we get upset about information stored on the Internet when we send clear text emails around the world each and every day?
One side-effect and added 'benefit' of such a change coming into effect is that because of how signed-certificates work, the sender's email address would effectively become 'protected' so no 'bot' could send your email (from your machine if compromised).
ISPs could then rely on making the assumption that if an email isn't enclosed with a signed-certificate and encrypted, then it is in non-compliance and Mandated handling procedures could be applied to handling of such mails and shunt them off line.
The result: few or NO SPAM emails.
Dietrich T. Schmitz
GNU/Linux Advocate
How many users access spam emails, click on the links found within, and open attachments intentionally? Why are they doing it, and who are they holding responsible for the spread of malware and spam in general, in between conveniently excluding themselves?
A newly released survey from the Messaging Anti-Abuse Working Group (MAAWG), summarizing the results of the group’s second year survey of email security practices, offers an interesting insight into the various interactions end users tend to have with spam emails.
Key findings of the survey:
- Nearly half of those who have accessed spam (46%) have done so intentionally – to unsubscribe, out of curiosity, or out of interest in the products or services being offered
- Four in ten (43%) say that they have opened an email that they suspected was spam
- Among those who have opened a suspicious email, over half (57%) say they have done so because they weren’t sure it was spam and one third (33%) say they have done so by accident
- Canadian users are those most likely to avoid posting their email address online (46%). Those in the U.S., Canada and Germany are most likely to set up separate email addresses in order to avoid receiving spam
- Many users do not typically flag or report spam or fraudulent email
- When it comes to stopping the spread of viruses, fraudulent email, spyware and spam, email users are most likely to hold ISPs and ESPs (65%) and anti-virus software companies (54%) responsible
- Less than half of users (48%) hold themselves personally responsible for stopping these threats
It’s interesting to see the paradox of end users blaming ISPs and antivirus vendors, whereas 43% of the surveyed users said that they have accessed spam emails, and that they do not typically flag or report these emails.
What the majority of the survey participants appear to be unaware of, is that, despite the fact that since early days of spam, spammers have been attempting to verify the validity of the emails using DIY tools, on their way to unsubscribe themselves, the users are actually confirming that their email is valid.
In short, it means even more spam.
- Go through related posts: From Russia with (objective) spam stats; Spamming vendor launches managed spamming service; Phishing experiment sneaks through all anti-spam filters; Inside an affiliate spam program for pharmaceuticals; Inside a DIY Image Spam Generating Traffic Management Kit
Moreover, the survey indicates that a common misunderstanding among end users, is still dominating their perspective of spam in general. Nowadays, spam is no longer a mass marketing channel for counterfeit goods/pharmaceuticals only.
Spam is both, an infection and propagation vector for malware campaigns in general, with an interesting twist - the most aggressive Zeus crimeware serving campaigns for Q1, 2010, were optimizing the traffic they were getting through the spam campaigns, by embedding client-side exploits on the pages, next to actual malware left for the end user to manually download and execute.
The most extensive study of end user’s interaction with spam emails, was conducted in 2008 (Spamalytics: An Empirical Analysis of Spam Marketing Conversion), showing that users not only click on spam links, but that they’re actually buying dangerous counterfeit pharmaceuticals:
- After 26 days, and almost 350 million email messages, only 28 sales resulted — a conversion rate of well under 0.00001%. Of these, all but one were male-enhancement products and the average purchase price was close to $100. Taken together, these conversions would have resulted in revenues of $2.731.88 — a bit over $100 a day for the measurement period or $140 per day periods when the campaign is active. Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year.
What do you think? Why are users still interacting with spam emails, which could easily lead them to drive-by exploits serving web site? Are ISPs or vendors to blame, or the end user’s lack of awareness on the risks involved when interacting with spam emails these days? Do you think that spam is fought in the wrong way, in the sense that before it reaches your Inbox, it has to go out from the network of a socially-irresponsible ISP first?
Talkback.
