The War on Spam

Tom Keating : VoIP & Gadgets Blog
Tom Keating
CTO
| VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinions

The War on Spam

The war on spam is a battle that no doubt will be fought for years to come. As the spammers continue to send viruses packed with email zombie programs and terrorize unsuspecting victims who open their attachments, we have to wonder when the spamming wars will ever end. Make no mistake, it is a form of terrorism.

There are countless victims of identity fraud that are a result of keystroke loggers and other forms of viruses that send your personal information to the virus writer (aka terrorist). Even if their identity isn't stolen, just think of the panic and terror that victims feel when they open the attachment and their PC starts acting strange. The users may wonder "Did I just infect myself with spyware?" or "Did I just infect my PC with a virus?" or worse, they may wonder "Did I just give the 'keys' to all my confidential information, including all my passwords to the virus writer? Will they steal my identity and will I find strange activity on my credit report?"

The thought of identity theft is scary, indeed 'terrifying' if you think about it. It could be months of worrying if a simple double-click on an attachment resulted in the destruction of your bank account and good name/credit. Even if the virus is relatively harmless, you still may worry for months to come, especially if you aren't technically included to figure out exactly what the virus did to your PC. And if the unthinkable happens - not only will you have to spend time and money fixing your credit, but the stress itself is no picnic. Yes, spammers are terrorists - plain and simple.

I say whenever these spammer terrorists are caught, we skip the whole "due process" thing and ship them to Guantanamo (aka Gitmo) where all terrorists belong.

I bring this topic up because I just received an email (pasted below) discussing how terrorists are now using zombie PCs more often (62%) due to the "stricter" spam border patrols that for example Microsoft has put on its Hotmail servers to block illegal immigrants... err I mean 'spam' from entering Hotmail's servers. Instead, zombie PCs use legal netizen's PCs to send out the illegal terrorists spam since this bypasses Sender ID and Sender Policy Framework (SPF) email authentication spam-blocking techniques.

Where's the Minutemen Civil Defense Corp when you need them? We need Minutemen to patrol the Internet and block spam (especially foreign spam which for me is 90% of my spam) from entering our borders!

Anyway, here's the email I wanted to share...

MX LOGIC REPORTS SPAMMERS CONTINUE TO LEVERAGE SPF AND SENDER ID EMAIL AUTHENTICATION PROTOCOLS

--Zombie PCs Account for 62 Percent of Spam in June; 4 Percent of Unsolicited Commercial Email in 2005 Complies with Federal Anti-Spam Law--

DENVER July 11, 2005 MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, today released its latest data on corporate email security. Among the key findings, the company reported that spammers continue to adopt Sender ID and Sender Policy Framework (SPF) email authentication protocols intended to help stop fraudulent email.

In a sample of more than 17.7 million unique email messages that passed through the MX LogicĀ® Threat Center from June 19 through June 25, 2005, MX Logic found that:
9 percent were from domains that had published an SPF record, 84 percent of which were spam sending domains; and,
0.14 percent were from domains that had published a Sender ID record, 83 percent of which were spam sending domains.

Email authentication protocols including SPF, Sender ID, Domain Keys Internet Mail (DKIM) and others are intended to help verify the origins of email at the domain level, making it more difficult for spammers and phishers to stay in business.

"Spammers continue to leverage SPF and Sender ID with the intention of making their messages appear more legitimate and to possibly avoid having their messages delivered with an onscreen notification that a Sender ID record was not found, a method Microsoft recently announced it will use on Hotmail," said Scott Chasin, chief technology officer, MX Logic. "The strength of these protocols is further compromised by the fact that many legitimate senders have yet to adopt either Sender ID or SPF."

Chasin also noted that industry trials of both SPF and Sender ID have raised concerns about the protocols' effectiveness when email messages are forwarded or resent and in their ability to stop forgery of the most common user-visible mail headers. He pointed to a technical paper published by the Messaging Anti-Abuse Working Group, of which MX Logic is a member, which contains the results of more than six months of evaluation of SPF and Sender ID email authentication protocols.

"While we applaud industry efforts to develop email authentication protocols, no domain authentication protocol can guarantee that a message you receive really does come from who you think it comes from," said Chasin. "Additionally, for any domain-based email authentication protocol to be effective, it would have to be embraced by a critical mass of domain name holders. Imposing one protocol without mass adoption could result in the unfair treatment of a large number of senders of legitimate email."

In addition to data related to email authentication, MX Logic also issued the following findings:

Zombie Networks Account for Majority of Spam in June During June, spam sent through zombie PCs accounted for an average of 62 percent of all spam filtered by the MX Logic Threat Center. This compares with 55 percent in May and 44 percent in April.

"The continued proliferation of zombie PCs has levied a heavy cost on ISPs and email end users," Chasin said. "Compromised PCs have resulted in millions of email users being unknowingly blacklisted, often through no fault of their own."

Zombie PCs are neglected, "always-connected" broadband PCs that spammers hijack by installing a spam Trojan. Once infected, these zombie PCs provide worm authors with remote command-and-control spam-distribution capabilities, allowing them to create a legion of zombie computers that can pump out unwanted email and initiate Denial of Service (DoS) attacks.

"To make a real dent in the amount of spam sent globally, efforts must focus on helping service providers reduce outbound messaging abuse by identifying compromised PCs," Chasin said.

One such effort began in May, when the Federal Trade Commission (FTC), along with 35 government partners from over 20 countries, unveiled "Operation Spam Zombies." This international campaign is designed to educate Internet Service Providers (ISPs) and other Internet connectivity providers about hijacked, or zombie, computers that spammers use to flood inboxes.

Only 4 Percent of 2005 Unsolicited Commercial Email Complies with Federal Anti-Spam Law MX Logic also reported that monthly compliance with The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act averaged 4 percent during the first six months of 2005. The findings are based on a survey conducted by the MX Logic Threat Center of more than 250,000 email messages since January.

MX Logic has tracked compliance with the CAN-SPAM Act since the law went into force on Jan. 1, 2004, by examining a random sample of 10,000 unsolicited commercial emails each week. On average, only 3 percent of unsolicited email has complied with CAN-SPAM since the law went into effect. Compliance hit a peak of 7 percent in December 2004 and reached an all-time low of 0.54 percent in July 2004.

"In terms of stopping spam, legislation is a blunt instrument," Chasin said. "Its real value is that it provides enforcement power to ISPs, the FTC, state attorneys general and other government agencies. Consistently low CAN-SPAM compliance underscores the need for further progress in industry cooperation and consensus on email authentication protocols, as well as end-user education."

Media and analysts interested in the latest CAN-SPAM compliance number can find it at http://www.mxlogic.com/news_events/.

Monitoring billions of messages per month for over 4,300 organizations worldwide, the MX Logic Threat Center combines advanced, accurate and up-to-the-minute email defense technology and human-messaging expertise to protect MX Logic customers from spam, viruses, worms, phishing attacks and other email threats.



Featured Events