Spamonomi

s
Darren Hassan 20279718student.uwa.edu.au

16/03/2010

Abstra t
Spam is not only a major sour e of nuisan e for Internet users, it is very
often the onduit through whi h fraud and other forms of Internet rime
are perpetrated. Spam's use in many internet rimes has the potential
to ause great e onomi loss and perhaps, more importantly, degrade the
publi 's faith in the ele troni so iety. Spam is born out of an e onomi
failure that results in more ost being in urred by the transmitter and
re eiver than by the sender of spam. This paper will argue that the only
ee tive approa h to ombatting spam is to orre t the e onomi failure
that reated it.

1 Introdu tion
Internet rime manifests itself in many guises. Some Internet rime, su h as
fraud o urs in the real world and an be termed e-enabled, whereas others
forms of rime exist only in yber spa e, su h as omputer ha king. Spam or
'unsoli ited ommer ial ommuni ations' [Moustakes et al., 2005℄, to use one of
its many legal denitions, an be lassied as an e-enabled rime. Spam in
the real world is legal and of insigni ant onsequen e, spam in yber spa e
is illegal and has major onsequen es. Why is it that the junk mail, postal
servi es deliver, has not swelled to the enormous proportions of spam? The
diering impa t of spam in the real and virtual world is due to the fa t that
'the a t of sending a message osts the sender less than it osts all the other
parties impa ted by the sending of the message' [Cobb, 2003℄; an e onomi
failure Cobb [Cobb, 2003℄ terms 'the parasiti e onomi s of spam'. This paper
will fo us on spam, dis uss the dierent approa hes used to ombat spam and
propose new approa hes while analysing their e a y. Se tion 2 is devoted to
a dis ussion of the detrimental ee ts of spam. Se tion 3 will explore some
nonte hni al solutions to spam. Se tion 4 will deal with te hni al solutions to
spam. Finally, se tion 5 will dis uss what I beleive to be the only solution to
spam.

1
2 Spam and its ee ts
Spam an take on many forms, su h as SPIT (Spam over Internet Telephony)
[Quittek, 2008℄ and Spam 2.0 [Hayati et al, 2009℄, spam in the form of spurious
links on blogs, wikis and other so ial media. The most visible form of spam
and that whi h has the greatest detrimental ee t is transmitted via email and
whi h, hen eforth this dis ussion will be limited to.
The very heart of the problem with spam is its violation of the fundamental
right of an individual to priva y. Priva y in the very broadest sense of the
word, regarding an individual's right to be left alone, as well as the individual's
right to the prote tion of personal data. In this respe t, the appropriation of
email addresses and the illegal intrusion into omputers and servers deprives the
individual of their apa ity to ontrol what personal data is known by others
and their apa ity to ontrol the ow of information into their personal sphere
[Lugaresi, 2004℄.
The ee ts of spam are felt throughout so iety. In 2003 Erkki Liikanen, the
European Union's (EU) Enterprise Commissioner estimated that spam osts
European ompanies $2.8 billion (USD) in lost produ tivity alone, whi h in-
ludes the time it takes people to delete the messages and the ost of buying
larger mail servers and storage systems [Hinde, 2003℄.
Spam is responsible for more than the e onomi loss in urred transmitting
and storing it or the time lost sorting and disposing of it. Spam is often the
means through whi h frauds are arried out, with many arrying links to phish-
ing websites. Spam is also used to transmit viruses, pornographi messages and
hate spee h. In short, the integrity of the ele troni so iety impart relies on
ee tively ombating spam and its derivatives.

3 Nonte hni al solutions to spam

Nonte hni al approa hes to ombating spam have involved the use of legal in-
struments; The United States (US), Australia, Canada and the EU have all
implemented legislation to this end. In Europe, the EU passed the E-priva y
Dire tive (dire tive 2002/58/EC) [Moustakes et al., 2005℄. The EU dire tive
says that all bulk email should be opt-in, meaning that people who re eive the
email have stipulated that they want to re eive information about the produ t
being advertised. The US spam-related legislation, the 'Can Spam A t' of 2003
took the opposite approa h from that of the European dire tive as it allows
email marketers to send spam until the onsumer opts-out from re eiving future
messages [Moustakes et al., 2005℄.
Another nonte hni al approa h used to ombat spam has been through liti-
gious means. The anti-spam ompany Habeas owns the trademark and opyright
on a haiku poem. Habeas allows veried users to pla e the haiku in the header
of their mail. A lter then sear hes the header for the poem, ltering out those
that do not ontain it. Poems are prote ted by intelle tual property rights in
most ountries, leaving spammers few pla es to hide if they want to in lude the

2
poem in their own emails. Hebeas has said that it will pursue oenders who
brea h its opyright through the ourts [O'Brien, 2003℄.
GlobalRemoval. om has implemented a 'Do Not Email Servi e', whi h is
analogous to the 'Do Not Call Registery' used to prevent unsoli ited alls from
telemarketing rms. Individual pay GlobalRemoval. om a token fee to have
their email address in luded on the list, GlobalRemoval. om then pays mass
emails $1 for ea h address they remove from their mailing list [Hinde, 2003℄.
Nonte hni al approa hes to ombating spam rely on orre tly identifying the
spam's sour e so that riminal pro eedings an be sort where a law or agreement
has been broken, however urrently this is not possible. Every email ontains
information about where it omes from, but urrent email te hnology annot en-
sure the information in the header is orre t [Cobb, 2003℄. Legislative measures
have been seen to have an ee t on large organisations that rely on building a
reputation, but have been inee tive at urbing spam from less onspi uous en-
tities. It is doubtful that an entity who spams for illegal purposes is going to be
aware of legislation in their own let alone another jurisdi tion. The border-less,
anonymous nature of the Internet renders the above nonte hni al approa hes in-
ee tive at preventing the very worst spam, whi h is sent by anonymous sour es
and is illegal in nature.

4 Te hni al solutions to spam

Te hni al solutions to ombating spam have entred around ltering. Spam
lters are lassiers, whi h determine whether an email is junk or not. The
dierent approa hes to ltering an broadly be ategorised as either bla klisting
or whitelisting. A bla klist ontains the email addresses of known spammers,
whi h a lter will blo k emails from. A whitelist is the opposite of a bla klist,
as it ontains legitimate email addresses and impli itly deems all other email
addresses as belonging to spammers.
Spam ltering has been implemented on several levels. At the highest level
large organisations, su h as the Spamhaus Proje t (spamhaus.org), spews.org
and spam op.net have reated new te hnologies (DNS or border gateway pro-
to ol bla klists) to identify the sour e of spam. On e identied, these organisa-
tions work to shut down the spammers' Internet a ess, so as to lter spam at
its sour e [Levy, 2004℄. Spammers have demonstrated onsiderable ingenuity in
nding ever more sophisti ated ways of sending spam. One te hnique employed
by spammers is to use trojans to reate spam relays. After infe ting a system,
the trojan he ks to see whether the host's IP address is listed in the bla k-
lists maintained by spam op.net or abuse.net, if listed the program terminates
otherwise it ommen es spamming [Levy, 2004℄.
Individual lters operate at a lower level to prevent spam entering a user's
personal inbox. Filters that rely on stati lists are vulnerable to spammers
who use 'shell addresses', an address the spammer uses on e and then dis-
ards [O'Brien, 2003℄. O'Brien et al. [O'Brien, 2003℄ have proposed a statisti-
al method of identifying spam that over omes a stati list's short omings. The

3
Chi-squared method is based on the premise the vast majority of spam is sent by
only a few (≈ 150) spammers around the world. The Chi-squared method works
by identifying the textual nger print of those spammers and then ltering out
emails with a ertain likelihood of having been written by them. O'Brien et
al. rst trained the lter on a orpus ontaining spam and legitimate messages.
They then tested the lter on a dierent mix of spam and legitimate messages
with promising results.

5 Con lusion
I believe the problem of spam will not be solved until a solution an be found
to the e onomi failure that reated it. While it osts the sender of spam less
than all the other parties impa ted by the sending of the message, spammers
will nd ever more ingenious ways of avoiding attempts to stop them, whi h has
been shown in the nonte hni al and te hni al measures des ribed.
Te hni al ways of orre ting the e onomi failure have been onsidered. Cra-
nor et al. [Cranor, 1998℄ des ribes a system that requires unre ognised senders
of email pay the re ipient before the message is read. The payment might be in
the form of ele troni ash. The re ipient ould then refund the payment if the
sender is known. The payment might take other forms, su h as omputation.
Email senders ould be required to ompute a moderately hard fun tion before
the email is a epted, whi h would pla e a signi ant burden on the omputing
resour es of spammers, although this method would not work when the message
has been sent from a third party's omputer illegally. A payment system at the
individual level would be di ult to implement as it would require hanges to
the Internet mail standard and global adoption by every email lient.
It maybe more feasible to implement a payment system at a higher level. In-
ternet fee restru turing is another approa h proposed by Cranor et al. [Cranor, 1998℄
to orre t the e onomi failure. They suggest that ISPs who generate email pay
the ISPs who re eive those emails, whi h would have the ee t of motivating
ISPs to harge their ustomers for sending large volumes of email.
Whi h ever approa h is taken to redress the e onomi failure, it is important
that those attributes that make email an attra tive medium for ommuni ation
not be destroyed. A ne balan e must be stru k between harging spammers to
prohibit their illegal operations and not inhibiting the legitimate ommuni ation
of individuals, otherwise email as a medium for ommuni ation will ease to
exist.

Referen es
[Cobb, 2003℄ Cobb, Stephen. The E onomi s of Spam. ePriva y Group, 2003.

[Moustakes et al., 2005℄ Moustakes, Evangelos and Ranganathan, Prof C and

Duquenoy, Dr. Penny. Combating Spam Through Legislation: A
Comparative Analysis of US and European Approa hes. 2005.

4
[Hayati et al, 2009℄ Hayati, Pedram and Potdar, Vidyasagar. Towards Spam
2.0: An Evaluation of Web 2.0 Anti-Spam Methods. 2009.

[Lugaresi, 2004℄ Lugaresi, Ni ola. European Union vs. Spam: A Legal Re-
sponse. 2004.

[Hinde, 2003℄ Hinde, Stephen. Spam: the evolution of a nuisan e. Computers

& Se urity, 22:474-478. 2003.

[O'Brien, 2003℄ O'Brien, Corma and Vogel, Carl. Spam lters: Bays vs. Chi-
squared; Letters vs. Words. ISICT '03: Pro eedings of the 1st in-
ternational symposium on Information and ommuni ation te h-
nologies, 2003.

[Quittek, 2008℄ Quittek, J. and Ni olini, S. and Tartarelli, S. and S hlegel, R.

On Spam over Internet Telephony (SPIT) Prevention). Commu-
ni ations Magazine, IEEE, 46:80-86. 2008.

[Levy, 2004℄ Levy, Elias and Ar e, Ivan. Criminals Be ome Te h Savvy. Se-
urity Priva y, IEEE, 2:65-68.2004.

[Cranor, 1998℄ Cranor, Lorrie Faith and LaMa hia, Brian A. Spam!. Commun.
ACM, ACM, 41:74-83.1998.