Spam By Dan Sterrett
Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible solutions
What is Spam? ► Unsolicited commercial ► Sent in bulk ► Advertisements (weight loss, prescription drugs, etc)
Problem with spam ► Annoying ► Time consuming You could have a hundred spam messages for each legitimate message ► Spam filters aren’t perfect ► More internet traffic ► Cheap for the spammer
Example Subject: Adobe Suppose we tell you that you could really lose up to 82% of your unwanted body fat and keep it off in just a few months, would you be interested? We certainly hope so! Please visit our web site - Click here!
Spam Stats ► In a single day in May 2003: AOL blocked 2 billion spam messages MSN blocked 2.4 billion spam messages
Where do they get my address? ► Spambots Search engines that spider the web looking for the sign. ► Newsgroups and chat rooms Especially in big companies like AOL, people often use their screen names in chat rooms In newsgroups people leave their actual addresses Spammers have pieces of software that automatically extract these screen names and addresses
Where do they get my address? ► Websites created specifically to attract addresses Win $1 million!!! Just type your address here!"
Where do they get my address? ► Websites sell your address Created "opt-in" lists by asking, "Would you like to receive newsletters from our partners?"
Where do they get my address? ► "dictionary" search of the servers of large hosting companies like MSN, AOL or Hotmail Software opens a connection with the server and sends millions of random addresses and records which ones are “live” ► Spammers sell your address to other spammers
Where do they get my address? ► Spammers buy addresses Google add
Preventing Spam ► Spam filtering software Simplest filters use keywords in the subject line to identify spam Looks for words such as sex, viagra, etc. Spammers change the spelling ► s-e-x ► Via9ra Hard for filtering software to keep up Sometimes blocks legitimate
Spam Filters ► Heuristic filters Scan message statistically looking at word patterns and word frequency. Spammers use shorter messages
Prevention ► Large ISPs tried blocking multiple s with the same subject line or message body ► Unwanted side-effect blocked newsletters ISPs made "white lists" to identify legitimate newsletter senders. Then spammers sidestepped the issue by inserting different random characters into each subject line and message body.
Prevention ► You could get an with a subject line Women Wanted puklq The letters “puklq” are random and are attached at the end of the subject line for each sent out. ► Organizations that list IP addresses used by spammers (Spamhaus.org is an example) ► Companies that host accounts can check the source IP address
Prevention ► Spammers can get around this by changing IP addresses often The next person to receive one of these IP addresses won’t be able to send . ► Zombie machines Viruses can be sent out to recruit “zombie machines” Usually personal computers of unsuspecting people. Spammers route spam through these machines. Have been used for DoS attacks on places like Spamhaus.org
Prevention ► Hide addresses on websites Use javascript, etc. Simple spambots won’t recognize it
Possible Solutions ► “Do Not Spam List” Not a good idea ► Online forms Use instead of Drawbacks ► Need your own website ► Time consuming to send a message
Sources ► tm ► html html html ► 63.php