FTC SPAM Forum
April 30 through May 2, 2003 in Washington DC Agenda Included
E-mail Address Harvesting, Economics of SPAM,False Claims Analysis Open Relays, Open Proxies, FormMail Scripts Blacklists,Best Practices, Wireless SPAM, Potential Solutions
Overview of SPAM — Timeline from the Beginning to the Present
History of SPAM
SPAM name came from a 1970 Monty Python Show about a restaurant with a limited menu that only included Pam Name adopted by small online communities to described improperly posted or cross-posted messages First large scale SPAM was April 1994 by Canter and Seigel advertising Green Card Lottery
Volume of SPAM
According to Brightmail 8% of traffic in 2001 36% of traffic in 2002 Estimated to be over 50% to 60% in 2003 Last week AOL filtered 2.6 billion e-mails in one day! (67 for each account)
Harvesting e-mail addresses
Discussions groups without opt-in Websites without opt-in Chat groups without opt-in Contests with opt-in Mask or hide your e-mail address to protect against harvesting
Masking examples (johndoe@aol dot com or johndoe@donotspam.cox.net) Hiding involves not giving out e-mail address and never using it as a screen name or listing on a discussion/chat group.
Economics of SPAM
$99 to send 1 million e-mails No printing costs
Economic Solutions
Charge for each e-mail (1 penny per e-mail) which would be used to offset ISP charges Insignificant for normal user for small business Deal breaker for spammers
SPAM Legislation Technical solutions — A Whistle Stop Tour
Identification of mail servers and IP addresses
Real Time Blacklists (RTB)
Spammers are suing blacklists for restraint of trade
Identification of actual Pam e-mail
Size of mailing using checksum for ID Honeypots Collective action or reporting
Use filtering software that use blacklists
Use filtering software that combines content and blacklist filters
Next Generation IP will make return address forging more difficult Microsoft, AOL, and Yahoo have joined forces. This is a good sign!
Coalition Against Unsolicited Commercial E-mail (CAUCE)
All volunteer organization Created by Netizens to advocate for a legislative solution to the problem Pam Leading anti-Pam organization
Home Networking ABC?s of Sharing an Internet Connection
Network your computers by connecting them to a gateway The gateway will function as proxy server, firewall, and DHCP server Assign internal addresses dynamically Filter incoming packets from the Internet that were not requested Have one external IP address seen by the outside world Gateway will connect to
Cable Modem DSL Modem Dialup Modem
Gateway can be wired or wireless
Importance of a Firewall
Addresses blocks are scanned for vulnerable systems Trojans can be placed on unpatched OS quite easily
Log keystrokes Engage is DDOS Attacks Mask the presence of foreign files on the system (root kits)
On my cable connection, I typically get 10 hack attacks per hour
SmartCast Sonar Fish Finder
Information sent by Robert Lotier, Tech Talk listener Cast and find fish with this $170 wireless device Buy Online from
Stratford
Remote broadcast of Tech Talk Ric Edelman Financial Aid Seminars for students and parents Technology seminars (wireless networking, hacking and cracking, computer clinic) Culinary seminars Career seminars Starts at 9:30 continues to 3 PM