The Social and Economic The Social and Economic Consequences of SpamConsequences of Spam

Katrina A. “Kat” TempletonKatrina A. “Kat” Templeton

November 24, 2003November 24, 2003

URGENT ASSISTANCE - FROM USA IMMEDIATE ATTENTION URGENT ASSISTANCE - FROM USA IMMEDIATE ATTENTION NEEDED: HIGHLY CONFIDENTIAL FROM: GEORGE NEEDED: HIGHLY CONFIDENTIAL FROM: GEORGE WALKER BUSH 202.456.1414 / 202.456.1111 FAX: WALKER BUSH 202.456.1414 / 202.456.1111 FAX: 202.456.2461 202.456.2461

DEAR SIR / MADAM,DEAR SIR / MADAM,

I AM GEORGE WALKER BUSH, SON OF THE FORMER I AM GEORGE WALKER BUSH, SON OF THE FORMER PRESIDENT OF THE UNITED STATES OF AMERICA PRESIDENT OF THE UNITED STATES OF AMERICA GEORGE HERBERT WALKER BUSH, AND CURRENTLY GEORGE HERBERT WALKER BUSH, AND CURRENTLY SERVING AS PRESIDENT OF THE UNITED STATES OF SERVING AS PRESIDENT OF THE UNITED STATES OF AMERICA. THIS LETTER MIGHT SURPRISE YOU AMERICA. THIS LETTER MIGHT SURPRISE YOU BECAUSE WE HAVE NOT MET NEITHER IN PERSON NOR BECAUSE WE HAVE NOT MET NEITHER IN PERSON NOR BY CORRESPONDENCE. I CAME TO KNOW OF YOU IN BY CORRESPONDENCE. I CAME TO KNOW OF YOU IN MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON MY SEARCH FOR A RELIABLE AND REPUTABLE PERSON TO HANDLE A VERY CONFIDENTIAL BUSINESS TO HANDLE A VERY CONFIDENTIAL BUSINESS TRANSACTION, WHICH INVOLVES THE TRANSFER OF A TRANSACTION, WHICH INVOLVES THE TRANSFER OF A HUGE SUM OF MONEY TO AN ACCOUNT REQUIRING HUGE SUM OF MONEY TO AN ACCOUNT REQUIRING MAXIMUM CONFIDENCE…MAXIMUM CONFIDENCE…

(from: (from: http://philip.greenspun.com/humor/bush-nigerian-spamhttp://philip.greenspun.com/humor/bush-nigerian-spam))

OverviewOverview

History of SpamHistory of Spam

What is Spam?What is Spam?

Current State of SpamCurrent State of Spam– ProblemsProblems– SolutionsSolutions– PoliticsPolitics

The FutureThe Future

HistoryHistory

The first spam recorded was sent May 1The first spam recorded was sent May 1stst, , 1978, when somebody from DEC 1978, when somebody from DEC spammed the entire western contingent of spammed the entire western contingent of ARPAnetARPAnet– One of the first defenders of the spammer? A One of the first defenders of the spammer? A

guy named Richard Stallmanguy named Richard Stallman

Spam that made “spam” a term among net Spam that made “spam” a term among net users? Infamous Canter and Siegel users? Infamous Canter and Siegel Usenet spam.Usenet spam.

What is Spam?What is Spam?

Spam should probably be known by the term Spam should probably be known by the term Unsolicited Commercial/Bulk Email (UCE/UBE)Unsolicited Commercial/Bulk Email (UCE/UBE)

Hormel on spam: Hormel on spam: http://http://www.spam.com/ci/ci_in.htmwww.spam.com/ci/ci_in.htm

The name “spam” comes from a Monty Python The name “spam” comes from a Monty Python skit, by way of Multi-User Dungeons (MUDs)skit, by way of Multi-User Dungeons (MUDs)

There is a lot of softness about what exactly There is a lot of softness about what exactly compromises Spam.compromises Spam.

It is estimated that half of all email traffic on the It is estimated that half of all email traffic on the Internet is spam.Internet is spam.

What is Spam?What is Spam?

Basic definition is easyBasic definition is easy– 92% of emailers agree that spam is 92% of emailers agree that spam is

“unsolicited commericial email from a sender “unsolicited commericial email from a sender they do not know or cannot identify.”they do not know or cannot identify.”

Content mattersContent matters– 92% of users agree that UCE containing adult 92% of users agree that UCE containing adult

content to be spam.content to be spam.– Less able to agree on others.Less able to agree on others.

Statistics courtesy Pew Internet & American Life Project, October 2003

Spam ContentSpam ContentSender or Subject MatterSender or Subject Matter % who consider it % who consider it

spamspam

UCE from a sender you don’t knowUCE from a sender you don’t know 92%92%

UCE containing Adult ContentUCE containing Adult Content 92%92%

UCE with Investment, financial, or moneymaking offersUCE with Investment, financial, or moneymaking offers 89%89%

UCE with Product or Service offersUCE with Product or Service offers 81%81%

UCE with Software offersUCE with Software offers 78%78%

UCE with Health, Beauty, or Medical offersUCE with Health, Beauty, or Medical offers 78%78%

Unsolicited email with Political MessagesUnsolicited email with Political Messages 76%76%

Unsolicited email with Religious InformationUnsolicited email with Religious Information 76%76%

UCE from a Political or Advocacy groupUCE from a Political or Advocacy group 74%74%

A personal or professional message from someone you don’t knowA personal or professional message from someone you don’t know 74%74%

UCE from a Non-Profit or CharityUCE from a Non-Profit or Charity 65%65%

UCE from a sender with whom you’ve done businessUCE from a sender with whom you’ve done business 32%32%

UCE from a sender you have given permission to contact youUCE from a sender you have given permission to contact you 11%11%

Table courtesy Pew Internet Survey, June 2003. Error Margin of 4.2%

Why is spam profitable?Why is spam profitable?

Very low overhead costs.Very low overhead costs.

– Postal Service: cost of Postal Service: cost of sending bulk mail is sending bulk mail is pretty expensive.pretty expensive.

– Telemarketing: cost of Telemarketing: cost of long distance and cost long distance and cost to pay people to man to pay people to man the phonesthe phones

– Bulk Email: Little cost. Bulk Email: Little cost. All you need is an ISP All you need is an ISP and a list of addresses.and a list of addresses.

Spammers claim to only Spammers claim to only need an 0.001% positive need an 0.001% positive response to break-even.response to break-even.

33% of emailers have 33% of emailers have clicked on a link to find clicked on a link to find further information; 7% of further information; 7% of emailers have actually emailers have actually ordered a product or ordered a product or service from spamservice from spam

Statistics courtesy Pew Internet & American Life Project, October 2003

Identifying SpamIdentifying Spam

Simple headers:Simple headers:Date: Sun, 23 Nov 2003 21:55:38 -0600 (CST)Date: Sun, 23 Nov 2003 21:55:38 -0600 (CST)

From: Microsoft Corporation Security DepartmentFrom: Microsoft Corporation Security Department

<kuvncnp-uucfbu@qokhwfvl.ms.com><kuvncnp-uucfbu@qokhwfvl.ms.com>

To: Client <client-lolrducqp@qokhwfvl.ms.com>To: Client <client-lolrducqp@qokhwfvl.ms.com>

Subject: Last Internet Critical UpgradeSubject: Last Internet Critical Upgrade

Date: Sat, 08 Nov 2003 04:43:33 -0100Date: Sat, 08 Nov 2003 04:43:33 -0100

From: Celia Hamlin <djq34e@worldnet.att.net>From: Celia Hamlin <djq34e@worldnet.att.net>

To: katster@csua.berkeley.eduTo: katster@csua.berkeley.edu

Subject: heySubject: hey

Long HeadersLong HeadersReceived: from adsl-64-168-215-197.dsl.lsan03.pacbell.net (adsl-64-168-215-197.dsl.lsan03.pacbell.net [64.168.215.197]) by soda.csua.berkeley.edu (8.12.9/8.12.6) with SMTP id hA7NfGXs026341 for <katster@csua.berkeley.edu>; Fri, 7 Nov 2003 15:41:23 -0800 (PST) (envelope-from djq34e@worldnet.att.net)Received: from [72.58.224.216] by adsl-64-168-215-197.dsl.lsan03.pacbell.net with ESMTP id 10974427; Sat, 08 Nov 2003 04:43:33 -0100Message-ID: <j7xm39$$4xl74$3d@7kx.v4.tew>From: "Celia Hamlin" <djq34e@worldnet.att.net>Reply-To: "Celia Hamlin" <djq34e@worldnet.att.net>To: katster@csua.berkeley.eduSubject: heyDate: Sat, 08 Nov 2003 04:43:33 -0100X-Mailer: Microsoft Outlook Express 6.00.2600.0000

Confusion over HeadersConfusion over Headers

The FTC found that 66% of spam forwarded to it The FTC found that 66% of spam forwarded to it were found to be false in either the sender line, were found to be false in either the sender line, the subject line, or the message text.the subject line, or the message text.

Confusion reigns. 63% of emailers say “they Confusion reigns. 63% of emailers say “they know spam when they see it”, but 9% have to know spam when they see it”, but 9% have to open the email to see if it’s spamopen the email to see if it’s spam

MessageLabs, a company that produces spam MessageLabs, a company that produces spam filtering software, estimates that 70% of spam is filtering software, estimates that 70% of spam is sent via hijacked computers.sent via hijacked computers.

Statistics courtesy Pew Internet & American Life Project, October 2003

Current State of SpamCurrent State of Spam

Many people find spam annoying, but not Many people find spam annoying, but not a big problema big problemHowever, people feel that pornographic However, people feel that pornographic spam is a big problemspam is a big problemPossible solutions to the spam problem Possible solutions to the spam problem include technical methods, litigation, and include technical methods, litigation, and legislative matterslegislative mattersSome people have been driven to Some people have been driven to vigilantismvigilantism

Percentage of Email That is Spam Percentage of Email That is Spam Received on a Typical DayReceived on a Typical Day

34%

19%

35%

12%

25% or less

26%-59%

60% or more

n/a

Statistics courtesy Pew Internet & American Life Project, October 2003

Time Users Spent on Spam on a Time Users Spent on Spam on a Typical DayTypical Day

7%

28%

25%

13%

15%

13%

No Time

Up to Five Minutes

5-14 Minutes

15 to 29 minutes

30 or more minutes

n/a

Statistics courtesy Pew Internet & American Life Project, October 2003

Annoyance?Annoyance?

59% of emailers think spam is “annoying, but not 59% of emailers think spam is “annoying, but not a big problem”a big problem”27% think spam is a “big problem” for them; 14% 27% think spam is a “big problem” for them; 14% think it is “no problem at all”think it is “no problem at all”70% of emailers believe that spam has made 70% of emailers believe that spam has made being online “unpleasant or annoying”being online “unpleasant or annoying”Spam is viewed as much more intrusive than Spam is viewed as much more intrusive than public cell phone use, door-to-door solicitations, public cell phone use, door-to-door solicitations, and junk mail. It compares with telemarketing and junk mail. It compares with telemarketing and pop-up ads.and pop-up ads.

Statistics courtesy Pew Internet & American Life Project, October 2003

Why is spam annoying?Why is spam annoying?

When asked to prioritize the reasons spam When asked to prioritize the reasons spam bothers them, 23% of emailers said that it was bothers them, 23% of emailers said that it was the offensive or obscene content of spam that the offensive or obscene content of spam that bothered them the most.bothered them the most.

Other reasons spam was found annoying was Other reasons spam was found annoying was the unsolicited nature, the dishonest content, the the unsolicited nature, the dishonest content, the possibility of damage to the computer, the possibility of damage to the computer, the volume, the fact that they can’t stop it, the volume, the fact that they can’t stop it, the compromise to privacy, and the time it takes to compromise to privacy, and the time it takes to deal with it.deal with it.

Statistics courtesy Pew Internet & American Life Project, October 2003

Technical SolutionsTechnical Solutions

The BlacklistThe Blacklist– Has had some effect on getting ISPs to close down Has had some effect on getting ISPs to close down

open relaysopen relays– However, is sometimes difficult to comply with However, is sometimes difficult to comply with

blacklist standards, and blacklists are open to denial blacklist standards, and blacklists are open to denial of service attacks.of service attacks.

Challenge/ResponseChallenge/Response– Relies on the fact that spammers aren’t going to send Relies on the fact that spammers aren’t going to send

a response to a challenge.a response to a challenge.– Legitimate emails are sometimes lost in the protocol, Legitimate emails are sometimes lost in the protocol,

and mailing list owners find huge headaches with and mailing list owners find huge headaches with people using C/R systems.people using C/R systems.

Technical SolutionsTechnical Solutions

Most common is the filter (programs such Most common is the filter (programs such as SpamAssassin and MailWasher)as SpamAssassin and MailWasher)– Works on the principle that there are things Works on the principle that there are things

that are common to spam that are not that are common to spam that are not common to legit emails.common to legit emails.

– There are known problems with false-There are known problems with false-negatives (allowing spam to get through) and negatives (allowing spam to get through) and false-positives (filtering wanted emails)false-positives (filtering wanted emails)

Spam Assassin content analysisSpam Assassin content analysis

Content analysis details: (7.30 points, 5 required)ALL_NATURAL (1.2 points) BODY: Spam is 100% natural?!HTML_80_90 (0.5 points) BODY: Message is 80% to 90% HTMLHTML_MESSAGE (0.1 points) BODY: HTML included in messageHTML_FONT_BIG (0.3 points) BODY: FONT Size +2 and up or 3 and upUSERPASS (1.5 points) URI: URL contains username and (optional)passwordHTTP_USERNAME_USED (0.7 points) URI: Uses a username in a URLDATE_IN_FUTURE_12_24 (2.8 points) Date: is 12 to 24 hours after Received: dateCLICK_BELOW (0.1 points) Asks you to click belowMIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts

Full rules for Spam Assassin can be found at: http://eu.spamassassin.org/tests.html

Mutual Assured DestructionMutual Assured Destruction

““At the moment, the war on spam seems to be in a At the moment, the war on spam seems to be in a phase similar to mutual assured destruction, with phase similar to mutual assured destruction, with e-mail users and legitimate companies caught in e-mail users and legitimate companies caught in the cross-fire. Internet providers are creating the cross-fire. Internet providers are creating ever tougher spam filters. The hard-core ever tougher spam filters. The hard-core spammers are trying to break through the filters spammers are trying to break through the filters with an ever-expanding number of messages, with an ever-expanding number of messages, each with more unusual spelling and phrasing, each with more unusual spelling and phrasing, turning offers for V1@g.ra and Home Loan$ for turning offers for V1@g.ra and Home Loan$ for Le$$ into puzzles as much as sales pitches.”Le$$ into puzzles as much as sales pitches.”

“Marketers Adjust as Spam Clogs the Arteries of E-Commerce“ New York Times, December 1st, 2003

LitigationLitigation

Microsoft has currently sued spammers for Microsoft has currently sued spammers for spamming the emails of its MSN clients or spamming the emails of its MSN clients or using msn.com and hotmail.com as their using msn.com and hotmail.com as their domain namesdomain names

Many other ISPs have filed suit as well.Many other ISPs have filed suit as well.

Problem with litigation is that the laws are Problem with litigation is that the laws are uneven over juristictions, and it is often uneven over juristictions, and it is often hard to find the spammer.hard to find the spammer.

LegislationLegislation

California and Washington led the nation in California and Washington led the nation in passing spam statues back in 1998 (both of passing spam statues back in 1998 (both of these, however, rely on opt-out). these, however, rely on opt-out). 36 states now have some form of anti-spam 36 states now have some form of anti-spam laws on the books.laws on the books.More recently, California passed a spam statue More recently, California passed a spam statue with teeth on it, which includes criminal penalties with teeth on it, which includes criminal penalties for the most egregious spammers (September for the most egregious spammers (September 23, 2003). It also notes that spam must be opt-23, 2003). It also notes that spam must be opt-in as opposed to opt-out.in as opposed to opt-out.

LegislationLegislation

On November 21st, the House of On November 21st, the House of Representatives passed a spam bill. However…Representatives passed a spam bill. However…The House version is much like California’s first The House version is much like California’s first anti-spam bill, in that it is opt-out. Worse, the anti-spam bill, in that it is opt-out. Worse, the House version pre-empts the new California law.House version pre-empts the new California law.The Senate has passed a similar bill recently, The Senate has passed a similar bill recently, the big difference being a “do-not-spam” list, the big difference being a “do-not-spam” list, which the FTC does not want to implement.which the FTC does not want to implement.It is likely that this legislation will be signed by It is likely that this legislation will be signed by President Bush.President Bush.It is doubtful any of this will matter as spammers It is doubtful any of this will matter as spammers move offshore.move offshore.

VigilantismVigilantism

Spammer Alan Ralsky made the mistake Spammer Alan Ralsky made the mistake of admitting where he bought his new of admitting where he bought his new house to a newspaper reporter. Now he house to a newspaper reporter. Now he gets several tons of snail mail every day.gets several tons of snail mail every day.People are finding it fun to tweak the People are finding it fun to tweak the noses of Nigerian scammers.noses of Nigerian scammers.Several people are finding themselves in Several people are finding themselves in untenable positions after being victims of a untenable positions after being victims of a ‘joe job’.‘joe job’.

The FutureThe Future

““David W. Kenny, the chief executive of Digitas, a David W. Kenny, the chief executive of Digitas, a Boston-based direct marketing agency that Boston-based direct marketing agency that represents big marketers like American Express represents big marketers like American Express and AT&T, said most of his clients had stopped and AT&T, said most of his clients had stopped using e-mail to find new customers.using e-mail to find new customers.

“’“’A lot of e-mail gets lost in the spam,’ he said. A lot of e-mail gets lost in the spam,’ he said. What is not lost sits in an in-box among offers for What is not lost sits in an in-box among offers for illegal cable descramblers and Nigerian money illegal cable descramblers and Nigerian money transfer scams. ‘That's not good for a brand,’ he transfer scams. ‘That's not good for a brand,’ he said.”said.”

“Marketers Adjust as Spam Clogs the Arteries of E-Commerce“ New York Times, December 1st, 2003

The Future?The Future?

Spam is fast killing the ‘Internet’s first killer Spam is fast killing the ‘Internet’s first killer app’app’Legislation that many have pinned hopes Legislation that many have pinned hopes on looks as if it will be watered down.on looks as if it will be watered down.The Internet works on trust. If that trust is The Internet works on trust. If that trust is broken, then the system will not function.broken, then the system will not function.We will probably have to move to an We will probably have to move to an authenticated system, which denies authenticated system, which denies privacy and anonymous emails. privacy and anonymous emails.

QuestionsQuestions