Thursday, January 03, 2008

Spam - Report it or Prevent it?

It has been quite a while since my last article and I apologise for the long delay. I devoted most of my time during November and the first couple of weeks in December to research and the blog unfortunately got neglected. I then took a break for a week to spend time with friends and family during the festive season. (I'm not a cyborg and even cyber cops need to take a break so once in a while). The only thing I regret is that I did not download any e-mails during this time, so you can expect I had quite a lot of e-mails in my inbox (the majority was spam anyway). 2007 has come to an end and 2008 lays ahead of us. Looking at all the security related articles since the start of 2008, I get the idea that the cyber security industry is preparing for one rough ride in terms of computer security in 2008. But enough about that, let's get to this week's article and the first one of 2008.



One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.

Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.

Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.

Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.

I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.

Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.

Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.

I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.

Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.

So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.

In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.