Do a search for the phrase "I need a proxy" and you'll see what I'm talking about. Requests for the latest proxies are normally encountered on Q&A communities like Yahoo! Answers, WikiAnswers and Answerbag, but you will also find people on forums, constantly asking for the latest proxy to bypass Internet filters at school or at work. Unfortunately, these people fail to realise that firewalls and Internet filters are there for a reason.
I guess I'm not going to be very popular after publishing this article, but this is really a big problem and one that needs to be addressed very quickly before it grows into another digital snowball like spam and malware. IT departments spend a lot of time and money on network security. Restrictions are put into place, not only to protect corporate data, but also for the safety of everyone working on the corporate network. However, network restrictions are not only for the corporate world, these restrictions are also present at schools and even in our homes. But what is the use of protecting your data and privacy if you constantly have to deal with cyber rats eating their way through your defences from the inside?
A proxy is often blocked as soon as the network administrator becomes aware of the fact that it is used to gain unauthorised access to websites and other networks. That's the reason why people are constantly in search of brand new proxies and what scares me the most, is the rate at which these new proxies become available, it is so bad you can even regard it as another form of spam. The sad reality however, is that the people who use these proxies, either do not know a thing about PC security, or they don't give a damn about it. Browsing restricted sites via an illegal proxy exposes your computer to malware and hackers, putting the whole network at risk. Confidential and sensitive corporate information can easily be leaked and the privacy of every employee using the corporate network could be compromised due to the selfish acts of employees who can't walk between the lines. So you are not only putting your colleagues in a tight spot, your compromising your own security as well.
The most popular reason for a proxy is to gain access to social networking sites like MySpace, Facebook, Orkut or Twitter. Social networking sites are time and money wasters in terms of productivity, bandwidth and company resources. Instead of doing their jobs, people waste hours and hours of productivity during the day, by hanging out on social community sites. To add insult to injury, they don't use their own bandwidth to chill on these sites, they use company bandwidth, company computers and company printers to do what they should be doing after work. Kids browse these social communities instead of attending to their schoolwork, wasting their parents's money, or the money of the taxpayer if the government funds the school. Speaking of the government, what about government workers? Instead of delivering the services we pay for, they browse MySpace, Facebook, Orkut or Twitter with our tax money. (Some governments do not even have any network security to speak of, so they can access any site without the use of a proxy).
Don't get me wrong, I'm not against the use of social networking sites, but there is a time and place for everything and social networking sites do not have a place at the office or at school (unless you are the PR manager of the company maintaining the company profile on MySpace). Before everyone starts to call me a party pooper, accusing me of taking the fun out of the office, think about this: If everyone spent more time on their job and less time on social networking sites during working hours, we will get a lot more work done and will therefore have plenty of time to hang out with friends and family on our favourite social networking sites. Don't be mad at your boss for limiting your Internet access, the fact that you are using a proxy to bypass Internet filters and other limitations imposed by your employer, already tells me that you can't use the Internet responsibly. If you really need to use these sites, visit them after work or after school and if you don't have a computer at home, use a friend's computer or visit an Internet café. It has to be mentioned though, that 3rd party proxies are not only used to access social networking sites, but they are also popular for porn surfing and the downloading of pirated software, music and movies. These sites are far worse than social networking sites, because they do not only waste valuable man-hours, they are often loaded with nasty malware, a direct threat to the safety of everyone working on the network.
The bottom line is, companies invest a lot in computer security, computer labs at schools do their best to keep their networks safe and clean and parents invest in parental control software to keep their young ones from accessing harmful content on the Web. Still you get people who want to break down all these barriers, ignoring the damage they cause and the risks they create during this process. Bypassing the parental control software on the family computer can easily lead to a prohibited site where a sneaky rootkit finds its way into your system. It may log a credit card number here and a password there and before your folks know what's going on, they could be staring bankruptcy in the face. The same can happen at work or at school, your infected PC can cause a lot of problems for other people using the same network. Do you want something like this on your conscience? Proxies may have their uses, but they should not be used to cross digital borders illegally. If you are not allowed to visit a specific site at work or at school, then there's most likely a pretty good reason why you shouldn't visit it. If you choose to visit prohibited sites without proper authorisation, you risk loosing your job, getting suspended or even harsher network restrictions may be implemented. Think about it, is it really worth all that?
People are so touchy about this subject that when they ask for new proxies in forums or Q&A communities, they often warn you in advance not to bitch about why they shouldn't be using one. So next time when you run across someone asking for a proxy to bypass firewalls and Internet filters, don't waste your time explaining why they shouldn't be using one, don't expose yourself to insults and swearing, just refer them to this article.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.
Tuesday, April 15, 2008
Saturday, April 05, 2008
Anti-Spammers Suffer From "Spam Exceptionalism"
In response to the conviction of Robert Soloway, the "Spam King", Eric Goldman, assistant professor with Santa Clara University School of Law, who blogs about technology and marketing, stated that many Internet users may be happy to hear about Soloway's criminal prosecution, but law enforcement shouldn't necessarily rush into these criminal cases. Why? Well according to Goldman, spam is principally about speech and we should be very reluctant to criminalize speech-based behaviour. Goldman added that there's such an antipathy towards spam that there's almost a sense that anyone who ever engages in spam is so evil that they should be punished, an attitude that Goldman likes to call "spam exceptionalism". He believes that if people really thought about the issues, they wouldn't necessarily find spam any more invasive than other forms of advertising, like television commercials or junk postal mail.
So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?
So what are the basic characteristics of spam?
TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.
Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.
Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.
Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".
Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.
E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.
Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.
So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.
Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.
Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?
Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.
Flyers
Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.
Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.
Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.
Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.
Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.
Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.
I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.
One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.
So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?
So what are the basic characteristics of spam?
- It is unsolicited;
- It is obtrusive and a hindrance;
- It needs to be managed and is therefore counterproductive;
- The recipient of the message pays for it, not the sender.
TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.
Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.
Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.
Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".
Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.
E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.
Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.
So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.
Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.
Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?
Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.
Flyers
Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.
Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.
Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.
Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.
Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.
Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.
I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.
One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.
Thursday, March 06, 2008
The Future of Anti-virus Software?
Larry Dignan of ZDNet made a very interesting post on the ZDNet Zero Day blog about the future of anti-virus software. One thing that caught my attention was the comments of Websence CEO Gene Hodges, "Modern attackware is much better crafted and stealthy than viruses so developing an antivirus signature out of sample doesn't work".
Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.
I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.
Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?
It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.
Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.
Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way the only thing that's keeping the Internet from collapsing.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and assisting the Internet Community in choosing effective security software solutions.
Look, if you told me that people should stop wasting their money on stand-alone anti-virus applications then I could have agreed with you to some point. The only thing that's outdated is the term "anti-virus". Strictly speaking, the main online threat is no longer called a virus, a more appropriate term should be "malware" and it is time we started to adapt to this new term. Online threats consist of viruses, spyware, key-loggers and trojans, all residing under the common term of malware.
I understand that the term "anti-virus" is a heavily marketed term and when you mention the term "anti-virus" to computer illiterate and inexperienced users they know exactly what you are talking about, but when you talk about malware they often give you that glossy stare, you know, the kind of stare that screams: "What the hell are you talking about!" Most anti-virus applications now offer protection against spyware and other malware related threats as well, so it is really silly to keep calling them anti-virus applications, they are in essence anti-malware applications.
Scraping your anti-virus solution is reckless and plain stupid. It's just as good as saying we should stop patching the security flaws in software, leave them un-patched because the threats, exploiting these flaws, are evolving way too fast. Should we stop installing security systems in our homes because new, more advanced burglars are born each day? If you can protect your system against known threats why not do it?
It is true, malware evolves much faster than the anti-malware solutions, but known malware gets recycled on the web over and over again. Protecting yourself against a known variant means you can't be attacked by it again and believe me it is not uncommon to be attacked by the same variant more than once. This means anti-virus software still plays a vital role in your protection against malware, it also means that anti-virus software developers are still detecting new threats at a very high rate. New variants may infect quite a lot of computers before they get detected, but once the anti-virus vendors release an updated signature file to all their users, they are at least constraining the spread of the malware and preventing uninfected users from getting infected.
Scraping anti-virus solutions means systems are left unprotected, meaning that they are left infected, thus making a contribution to the processing power of bot networks like Storm. At least an infected system can be cleaned once a new variant has been detected, therefore you are pro-actively taking a bot network down bit by bit and making it harder for the malware to spread any further. Remember, an infected machine becomes a distributor for new variants of the malware. Killing a known variant means you are preventing it from mutating and spreading any further.
Improve the technology, don't scrap it. Yes, definition based protection is nearing its end, but anti-malware solutions are moving towards behaviour based detection. It is suicidal to scrap anti-malware solutions completely just because of the fast evolution of new threats. The argument that the value of anti-virus software is declining is a bunch of hogwash. Big corporations should stop putting reckless ideas into the minds of ordinary users, they should stop the throw-away-your-anti-virus-program-and-buy-our-software kind of marketing. The Internet is dangerous enough as it is, so don't go encouraging people to throw a way the only thing that's keeping the Internet from collapsing.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and assisting the Internet Community in choosing effective security software solutions.
Thursday, February 07, 2008
How Did They Get My E-Mail Address?
Unsolicited commercial e-mail, more commonly known as spam, can be seen as another form of e-mail fraud. Spammers use clever and misleading techniques to collect and verify e-mail addresses, yes, that 'innocent' spam e-mail, advertising the next technological breakthrough, uses misleading marketing techniques to entice the reader to click on a link, buy a bunch of junk or some dangerous substance or even infect your PC with malware. No matter what the spam e-mail is trying to market, the only goal of the spammer, aside from making money, is to take the recipient for a ride.
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
The most frequently asked question from spam victims is: "How did they get my e-mail address?" This clearly shows that most victims of spam don't have a clue about preventing it. Knowledge about the techniques used by spammers to collect e-mail addresses is crucial, because this gives the e-mail user an edge in the war against spam. In this article we will look at the e-mail harvesting methods used by spammers and the precautions you can take to prevent your e-mail address from falling into the wrong hands.
Using a Secondary E-mail Address to Limit Exposure to Spam
Before we get to the nitty-gritty details of this article, lets look at a very useful method of preventing spam. Using a secondary e-mail address is a very effective method of keeping your primary e-mail address private. I recommend a free e-mail service like Gmail, Hotmail or Yahoo! Many websites demand an e-mail address in exchange for something else, or you often need to supply your e-mail address to activate an account or membership. This is where a secondary e-mail address comes in very handy. Just remember, the idea behind a secondary e-mail address is not to expose it to spam unnecessarily, but to use it in circumstances where you have concerns about your privacy or possible exposure to spam.
Chain Letters, Petition Lists and Hoaxes
Oh yes, those very popular chain letters and petition-lists being forwarded so vigorously by friends and family. That 'innocent' e-mail about some missing or sick child no one ever heard of, the warning of a syndicate, drugging people and removing their kidneys, yet it is never mentioned in the news media and you can't help to think that you have seen this e-mail before. What about the Osama Bin Laden virus destroying your hard disk, Mars coming to large view every 60,000 years, yet an e-mail about this event is distributed each and every year, or the one from Microsoft or AOL donating money to an non-existent fund of a non-existent cancer patient, each time the e-mail gets forwarded to 3 different people. These e-mails may seem innocent, some may contain a lovely message, some may even be true, but whatever the case, it should NOT be simply forwarded to everyone you know and neither should you encourage the recipients to forward it to all their friends and family as well.
The main problem with chain letters is the exposure of e-mail addresses along the line. E-mail clients often place the Subject, Date, From and To entries from the e-mail header in the body of the e-mail when you forward it inline. Forwarding the e-mail as an attachment, forwards the full header and not just the entries mentioned above. This procedure is repeated each time someone forwards the e-mail to someone else, resulting in pile of e-mail addresses building up in the body of the e-mail. Very few people remove this information before forwarding the e-mail, so you will be able to see the e-mail addresses of many other people who received the stupid e-mail as well. A chain letter, forwarded as an attachment each time, delivers more or less the same result as explained above, the only difference is that the recipient has to open attachment after attachment several times before getting to the original e-mail (which can be quite annoying).
A chain letter will be passed along the line and will definitely land in the mailbox of someone you never met and probably never will meet. Even if you send the chain letter to trustworthy people alone, you can never be sure where their friends and family will send the e-mail, so your e-mail address may land in the hands of a spammer or someone who sells e-mail addresses to the spammers.
Online Forums, Discussion Groups and Community Sites
419 scammers love to browse social networking sites in search of possible victims. Making your e-mail address public on the Internet will expose you to all kinds of Internet criminals. Spam bots crawl the web in search of e-mail addresses posted by unwary Internet users on forums and other community sites. Whenever you register on one of these sites, use your secondary e-mail address to sign up. Your e-mail address is normally required to activate your account, to receive notifications when people send you private messages or when someone replies to a post you made. However you won't really need these e-mail notifications if you visit the site regularly, so a secondary e-mail address will do fine when this is the case, because you will basically use it only to activate your account.
Contact Pages and Web Forms
There will always be scenarios where you need to publish your contact details online if you wish to stay in touch with your visitors or customers. Contact pages of websites will often contain an e-mail address. A Webmaster will always try to make the contact page as accessible as possible to his visitors, so a spam bot will not have any difficulty finding this page. This means the e-mail addresses on these pages are always sitting ducks for spam harvesting software. There are a couple of ways to protect your e-mail address if you need to make it available to the public.
One way is to embed the e-mail address in an image. A simple program like Microsoft Paint can be used to create the image. You can even make the image blend into the text of the page by saving it as a GIF or PNG and making the background transparent by using Microsoft Photo Editor. It is advisable to use a font that's easy to read to the human eye but hard to read for OCR (optical character recognition) software. OCR software will have problems reading an image when the characters appear faded, if they contain indistinct edges, if they are aligned at different angles, if the lines of text are wavering up and down across the image or if they appear to be dipping at the side of the image.
Another method of protecting your e-mail address from spam bots is to 'encode' it with a random format that's clear to humans but not to computers. You can 'encode' it by breaking the e-mail address up with spaces and spelling the special characters out with words, for example johndoe at example dot com. You can also use random substitutes for special characters and provide instructions in brackets, for example johndoe$example?com (replace the dollar sign with an at and the question mark with a dot). Another technique is to spell your e-mail address backwards, most people will realise that they will need to reverse the e-mail address before using it, for instance moc.elpmaxe@eodnhoj. You can even swap the special characters, for example johndoe.example@com (swap the at and dot characters). The possibilities are endless, so use your own creative 'encoding' methods, as long as it makes sense to humans. You may argue that there is no need to provide decoding instructions, because people with a bit of technical savvy will be able to decode it anyway. This will automatically exclude those dumb scammers who can't tell the difference between Western Union and Western Onion.
Webmasters can use a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to protect their web forms from being bombarded with spam. Many webmasters avoid CAPTCHA to make their websites more user-friendly, but a small loss in user-friendliness is nothing compared to the burden of filtering through all those spam submissions. However CAPTCHA is a must when the information submitted through a form is published on a site without any moderation.
Online Recruitment Sites
Yet another example of where it is critical to publish proper contact details, because a job seeker will always want a prospective employer to reach him or her without any troubles. The only problem is you need to disclose quite a lot of information in your CV in order to clear up any suspicions an employer might have. If you choose to omit critical information from your CV, you might just miss out on a great job opportunity.
Luckily online recruitment is quite expensive for the employer, something the online scammer often avoids. The online scammer will most of the times be on the lookout for cheap and free services. Some online recruitment agencies have specific criteria for employers before allowing them to browse CV's or post ads. For instance certain agencies demand a landline number from the employer, mobile numbers are not accepted. We all know that it is much easier to obtain a disposable cell phone than a landline and confirming the personal details of a disposable cell phone owner is much harder than tracking down the owner of a registered landline. Still these precautions are very limited and can easily be circumvented by more advanced scammers.
The bottom line is, your e-mail address and most probably other contact details will be exposed to various prospective employers. Spam bots won't be able to crawl the databases because they are password protected. It is very unlikely, but not totally impossible, to find a spammer going manually through each CV, recording the e-mail address of each job seeker in order to build a mailing list for spamming purposes.
Your best defence against online scams, while using an online recruitment agency, is a vigilant eye. You need to spot the scam before it catches you. Your contact details are exposed, so be ready for a dodgy proposition or two.
Replying to 419 Scammers
Many people get so sick of advance fee fraud e-mails that they reply to a scammer out of anger, to insult him, to insult his mother or just to tell him where he can shove his phoney e-mail. This is the last thing you should do when you receive a fraudulent e-mail. If the 419 scammers can't steal your money, they will sell your e-mail address to the spammers to make at least a buck or two out of the deal. So no matter how you look at it, you will always loose something if you reply to a 419 scammer, unless you are a scambaiter off course.
Responding to Commercial Spam
This is perhaps one of the most overlooked ways of loosing your e-mail address. Clicking on that strange link in a spammy e-mail, filling out that mortgage application form or un-subscribing to something you never signed up for, will most certainly get you on a spammer's list. Why am I saying this? Ever saw one of those spam e-mails sent to several recipients, but each e-mail address starts with more or less the same characters and it is only the last couple of characters or digits of each e-mail address that's different? It is a primitive technique similar to the one we used to made prank calls when we were kids. You dial a random number, do the prank and hang up. Then you only increment the last digit of the previous number until you find another number that's working and do the prank again. When the last digit reaches zero, you start incrementing the second last digit and when the second last digit reaches zero, you move on the third last digit, repeating the process until you're tired of making prank calls.
It's really a shot in the dark and your e-mail address is not really on a spammer's list, it is merely on a sample list generated by a computer program. Each e-mail address on the sample list needs to be confirmed before adding it to a priority spam list. Clicking on a link in a spam e-mail will give an indication to the spammer that your e-mail address is active and that you are responding to his or her e-mails. This makes you a much more promising target in the eyes of a spammer. So whatever you do, don't click on any links or follow any instructions given to you in a spam e-mail, unless you enjoy receiving spam.
Conclusion
This is not an exhaustive list, there may be many other causes of spam, but these are the most common reasons why you are getting all those junk e-mails in your inbox. Be my guest, open a new e-mail account and avoid all the pitfalls discussed in this article and you will discover that it is possible to live in a spam free world.
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.
Thursday, January 03, 2008
Spam - Report it or Prevent it?
It has been quite a while since my last article and I apologise for the long delay. I devoted most of my time during November and the first couple of weeks in December to research and the blog unfortunately got neglected. I then took a break for a week to spend time with friends and family during the festive season. (I'm not a cyborg and even cyber cops need to take a break so once in a while). The only thing I regret is that I did not download any e-mails during this time, so you can expect I had quite a lot of e-mails in my inbox (the majority was spam anyway). 2007 has come to an end and 2008 lays ahead of us. Looking at all the security related articles since the start of 2008, I get the idea that the cyber security industry is preparing for one rough ride in terms of computer security in 2008. But enough about that, let's get to this week's article and the first one of 2008.
One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.
Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.
Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.
Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.
I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.
Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.
Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.
I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.
Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.
So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.
In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.
One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.
Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.
Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.
Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.
I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.
Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.
Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.
I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.
Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.
So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.
In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.
About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.
Subscribe to:
Posts (Atom)
