Monday, November 16, 2009

SPAM: Economics and Prevention

SPAM is unsolicited mail delivered to you, wasting your time and consuming resources. This applies to both physical mail and electronic ones (email).

While you're typically protected by laws against physical SPAM to a certain extent, email is uncontrollable and has been on the rise ever since it started some time in the 1990's.

Many preventative measures have been taken throughout time to fight email SPAM, but it has only worked on marginally classifying and separating your email from SPAM.

One should ask: Why do we keep receiving SPAM? How come it never stops?
A simple answer is that it's being funded!

The rise of malicious software known as worms has given the option for mischievous companies or groups to take control of thousands of user machines and use them to send SPAM to millions of users around the world.

Those shady companies or groups are charging money to promote products of other companies. Mostly drugs but may include promotions to other products.

A simple conclusion is that if you penalize companies that pay for shady groups to use such abusive methods, SPAM would almost disappear.

If governments that house such companies refuse too cooperate, ISPs worldwide can contribute to major SPAM reduction by making it a national law to ensure that your computers at home and company are clean.

ISPs can monitor traffic patterns and identify malicious traffic, after that, it should be obliged to notify users that are suspected to be infected and as such, those users must clean their machines or be fined, and if they don't comply, inflate the fine and so on.

When taking such measures, governments allowing shady companies to operate and pay for SPAM groups to run can be blacklisted, by blocking all IP addresses from that country.

This has another powerful side effect: When blocking IP addresses of a whole country, businesses in that country will be severely affected and will demand law enforcement of criminalizing the offenders responsible for SPAM and those funding it.


BloggyLife said...

1st thing that came to mind, you want them to hike up the Internet subscriptions!

You reminded me when we installed a SPAM filter.

User: "I'm not receiving emails today"
Me: "Everything seems to be fine, I can see you just received from external and internal"
User:"I used to receive over 1000 emails a day"
Me:"!!! Aha, what do you do with all of them, they are unwanted emails, we just installed a new filter to prevent such emails"
User:"Gives me something to do, I read and delete some, can you exclude me so I can receive them"

Also, with our measures today, people should NOT expect to receive NO spam at all.

MBH said...

I don't see why the subscription rates would be increased.

In fact, these laws should allow for more bandwidth to be available to the ISPs!

I rarely *see* SPAM with my GMail account. It has awesome filtering capabilities!

As for the users, maybe you should've used that user to classify SPAM rather buying equipment? :p

BloggyLife said...

I'm sure the monitoring level you are asking the ISPs to do will end up hiking prices, it's just like asking for a service from the ISP to carry out, who will pay for equipment/man power needed to do so, end user.

collecting data is not the issue, storing it, accessing it and what to do with it is :P

I think some ISPs in some countries block sending emails, unless through their own email server, so your email server has to relay to theirs. This way it's some kind of verification and easy to monitor.

*rarely* != 0, I mean people used to make a big deal when their client spam filter caught a spam, I'd be glad that it's doing the job, so what it passed our main filter, the client one caught it right! Something getting away is expected, many things getting away is not :)

MBH said...

Behavioral data shouldn't be stored for more than a week anyway. Any decent network admin/engineer can tell abnormal network traffic like sudden spikes on uploads on certain ports or to certain websites and relate them to incidents from other users. This can all be automated to not torture the admin/engineer.

Remember, I said it should be a national law, so ISPs are mandated to do it and maintain it throughout the years. It will pay for itself since it will save the ISP bandwidth.

That's my point of view. "I could be wrong, but I don't think so."

BloggyLife said...

even if it saves bandwidth, they'll just sell it :P

Define behavioural data, I know most of the data analysis are automated, but since you are detecting malicious behaviour won't you need to keep this data say for evidence.

As for keeping activity data it's very tricky when you would need it or is it important, for example, say you lock down activities on a file server, actions on folders, sometimes deleting actions are legitimate sometimes people will come after a month's period, asking who did what! what you should you or shouldn't you audit. The point is, what data you need to keep and for how long.

I agree it should be a law, but I think ISPs will frown upon.

MBH said...

There are appliances that are deployed when the network is "sane" to train the appliance of what is a good behavior of a network. Later on they're deployed & become fully functional, so that they could report or react to any odd traffic, that wasn't sense in the training period. Cisco has one of these. I'm sure there are other vendors that provide it as well.

You don't need the data for proof for more than a week, because once you get infected and a worm is active, the traffic changes quickly.
This is nothing like a fileserver or important personal files. It's just data on your bandwidth usage.

ISPs won't like it, but they'll get used to it eventually, for the benefit of all ;)