CPSC 457: - PowerPoint PPT Presentation

About This Presentation
Title:

CPSC 457:

Description:

... merchandise and various money-making scams, but also to disseminate computer viruses. ... Preempts state laws that prohibit unsolicited commercial email outright ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 23
Provided by: jeanniele
Learn more at: https://zoo.cs.yale.edu
Category:
Tags: cpsc | scams

less

Transcript and Presenter's Notes

Title: CPSC 457:


1
CPSC 457
  • Sensitive Information in a Wired World
  • Anti Spam
  • Legislation and Technology
  • Jeannie Wong

2
Costs of Spam
  • In the U.S. and the E.U., half of all email are
    unsolicited commercial emails.
  • The Federal Trade Commission maintains and
    monitors a spam database, and has set up a
    special mailbox that receives 40 thousand junk
    emails a day.
  • Spam is used not only to peddle merchandise and
    various money-making scams, but also to
    disseminate computer viruses.
  • FTC spam costs between 10 billion and 87
    billion annually.
  • 7 billion pieces of spam are sent daily, which
    drains bandwidth and productivity.
  • ISPs pass the increased cost along to their
    customers.
  • Schumer NYC residents receive 8.25 million
    pieces of spam daily and spend 4.2 million hours
    annually deleting them.
  • Jupiter Research
  • in 2002, 1.4 billion spent on email marketing
    campaigns
  • in 2007, 8.3 billion will be spent
  • Anti-spam technology is an 88 million industry.

3
Spam originates mainly from
  • United States - 33
  • China - 18
  • Korea - 9
  • Brazil - 4
  • Canada - 3
  • United Kingdom - 2
  • Italy - 2
  • Mexico - 2
  • Germany - 2
  • Taiwan - 1

4
Anti-spam Legislation
  • 107th Congress 8 bills
  • 106th Congress 11 bills
  • 108th Congress 9 bills
  • Anti-Spam Act of 2003
  • Ban on Deceptive Unsolicited Bulk Electronic Mail
    Act 0f 2003
  • CAN-SPAM Act of 2003
  • Computer Owners Bill of Rights
  • Criminal Spam Act of 2003
  • REDUCE Spam Act of 2003
  • Reduction in Distribution of Spam Act of 2003
  • Stop Pornography and Abusive Marketing Act
  • Wireless Telephone Spam Protection Act

5
CAN-SPAM Act of 2003
  • Controlling the Assault of Non-Solicited
    Pornography and Marketing Act
  • Reintroduced for the third time in April 2003 by
    Sen. Conrad R. Burns (R-MT) and Sen. Ron Wyden
    (D-OR)
  • Requires unsolicited commercial email messages to
    be labeled, to include opt-out instructions,
    workable return email addresses, and the senders
    physical address
  • Preempts state laws that prohibit unsolicited
    commercial email outright
  • Imposes fines of up to 10 per email on spammers
    if the receiver has opted out, up to 500,000,
    and a fine of up to 1.5 million for spammers who
    willingly and knowingly violated the law

6
CAN-SPAM Act of 2003
  • Imposes fines of up to 1 million for delibrately
    deceptive email
  • A criminal penalty of up to a year in jail for
    spammers who include deceptive subject lines and
    misleading header information.

7
Criminal Spam Act of 2003
  • Introduced June 19, 2003 by Sen. Orrin Hatch
    (R-UT)
  • Cosponsors Senators Leahy, Schumer, Grassley,
    Feinstein, DeWine, Edwards, Wyden, Burns, Pryor,
    Miller, and Nelson. Prohibits unauthorized or
    deceptive use of a third partys computer for
    relaying bulk commercial email messages
  • Prohibits the use of false header information in
    bulk commercial messages
  • Regulates the use of multiple email accounts or
    domain names for the purposes of sending such
    messages.
  • Applies only to quantities or more than 100
    messages within 24 hours, or 1000 within 30 days,
    or 10000 within one year.
  • Senders of email with misleading headers may
    fined up to 25,000 each day or receive up to
    five years in federal prison

8
SPAM Act
  • Stop Pornography and Abusive Marketing Act
  • Introduced in June 2003, Sen. Charles Schumer
    (D-NY)
  • Establishes a national no-spam registry,
    administered by the FTC, using fees paid for
    marketers for access to the list
  • FTC would be empowered to prohibit explicit
    commercial messages to minors even if they are
    not on the list
  • Requires full disclosure in email headers and
    addresses, require working unsubscribe
    mechanisms, ban the use of false sender names,
    and automated harvesting of email addresses

9
SPAM Act
  • All messages that contain commercial content must
    have the letters ADV in the subject line, except
    those sent in compliance with an FTC-approved
    self-regulatory program, and must include
    the senders physical address.
  • Jail time of up to 2 years for severe repeat
    offenders.
  • 75 million needed to create the system,
    including the FTC registry and for enforcement.
  • Supports domain-wide opt-out

10
REDUCE Spam Act of 2003
  • Restrict and Eliminate the Delivery of
    Unsolicited Commercial Electronic Mail or Spam
    Act of 2003
  • Introduced in May 2003 by Rep. Zoe Lofgren (D-CA)
  • Unsolicited bulk commercial email messages would
    be required to include a valid reply address and
    opt-out instructions, and a label (ADV or
    ADVADLT or some other form of recognized
    standard identification)
  • Applies to messages send in the same or similar
    form to 1000 or more email addresses within a
    two-day period
  • False or misleading headers and deceptive subject
    lines would be prohibited in all unsolicited
    commercial email messages, whether or not sent in
    bulk

11
REDUCE Spam Act 0f 2003
  • Similar to the Burns-Wyden bill with the addition
    of a reward of 20 percent of the civil fine
    levied by the U.S. Federal Trade Commission
    against the spammer to the first person to report
    a spam offender.
  • Gives Internet service providers the right to
    bring civil actions against marketers who violate
    those requirements and disrupt their networks,
    and it allows for criminal fines and up to a year
    in prison for fraudulent spam.

12
Anti-Spam Act of 2003
  • Introduced June 18, 2003 by Rep. Heather Wilson
    (R-NM)
  • Cosponsors Rep. Rick Boucher (D-VA) Rep. Ed
    Markey (D-MA)
  • Commercial email messages must be identified as
    such, must include the senders physical street
    address, and an opt-out mechanism.
  • Messages relating to a specific transaction and
    consented to by the recipient would be exempt
    from the requirements
  • Sexually explicit messages must be identified
    with a standard label
  • Commercial email messages with false or
    misleading message headers or misleading subject
    lines are prohibited.



13
Anti-Spam Act of 2003
  • Sending commercial email messages to addresses
    generated by an automated dictionary attack would
    be illegal.
  • Preempts state laws that restrict the sending
    commercial email, regulate opt-out procedures, or
    require subject-line labels.
  • Laws that regulate falsification of message
    headers would remain in place

14
Reduction in Distribution of Spam Act of 2003
  • RID-Spam Act
  • Introduced in May 2003 by Rep. Richard Burr
    (R-NC)
  • Cosponsors Rep. Billy Tauzin (R-LA) and Rep.
    James Sensenberger (R-WI)
  • Requires all commercial email messages to be
    identified as such, include the senders physical
    address, and an opt-out mechanism.
  • Unsolicited sexually explicit messages must be
    identified with a standard label.
  • Prohibits the use of false or misleading headers
    in commercial messages.
  • Preempts state laws that prohibit unsolicited
    commercial email, regulate opt-out procedures, or
    require subject-line labels.
  • Lets ISPs (but not individuals) sue spammers for
    damages

15
Problems with proposed legislation
  • Definition of spam as fraudulent email
  • Andrew Barrett, executive director of SpamCon
  • RID-SPAM Act The Spammers Bill of Rights
  • No distinction between content and consent
  • Implementation barriers
  • FTC Chairman Tim Muris
  • "A do-not-spam list is an intriguing idea, but
    it is unclear how we can make it work."

16
Problems with proposed legislation
  • High cost of enforcement
  • Makes it more difficult to prosecute spammers
  • RID-Spam Act makes suing spammers more
    complicated than it is under the FTC Act
  • Criminal Spam Act of 2003 requires that federal
    prosecutors prove a spammer falsified his
    identity in 10 thousand different emails to
    bring a felony charge
  • Opt-out puts the burden on consumers
  • Better to have legislation favoring
    permission-based email

17
Anti-spam legislation in the EU and UK
  • In May 2002, the European Parliament passed
    anti-spam legislation requiring companies to
    receive consumer opt-in permission before sending
    them commercial email
  • In the U.K., starting December 11, under a new
    directive which starts on December 11, companies
    and individuals can be fined up to 8200 for
    sending unsolicited commercial e-mail and SMS
    text messages to mobile phones without prior
    agreement.

18
Worlds Fourth Largest Spammer
  • Details Magazine - October, 2003 Issue9th Most
    Powerful Men in America under Age 37

19
Worlds Premier Spammer
  • Alan Ralsky
  • Settled a lawsuit brought against him by Verizon
    Internet Services in 2002
  • Now sends most of his spam mails from overseas
  • Control 190 e-mail servers 110 in Southfield, 50
    in Dallas and 30 more in Canada, China, Russia
    and India
  • Charges a commission on sales or a flat fee of up
    to 22,000
  • Has a master list of 250 million valid addresses
  • Response rate of 0.25 percent

20
Spam blocking technology
  • Bill Conner of Entrust digital credentials
  • Brightmail Solution Suite
  • Internet Engineering Task Force
  • implementing a single architecture that will
    allow receivers to express consent or non-consent
  • Destroy the spammers business model
  • Bayesian filters
  • Other client-side filters

21
Spam Tricks
  • The online Field Guide to Spam
  • Lost-in-space
  • Slice-and-dice
  • Message encoding

22
Steps individuals can take
  • Choose an email address name that is hard to
    guess
  • Dont post your email online
  • Get a spam filter
  • Dont reply to spam
  • spam-baiting is inadvisable
  • Be careful when installing free software
  • Dont sign up for free web services
  • Report spam to your ISP or to the FTC at
    UCE_at_FTC.gov
Write a Comment
User Comments (0)
About PowerShow.com