Michaelndavis's Weblog

One approach to avoid spam is to use an imitation MTA that gives the appearance of an open mail relay or an imitation TCP/IP proxy server that gives the deceptive appearance of an open proxy.

In computer terminology, a honeypot is a trap set to discover, thwart, or in some manner counteract attempts at unauthorized use of information systems. Generally a honeypot consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un) protected, and monitored, and which seems to contain information or a resource of value to attackers.

Victim hosts act as active network counter-intrusion tools. These computers run special software that is designed to appear to an intruder as being important and worth looking into. In reality, these programs are dummies, and are constructed specifically to foster interest in attackers. The software installed on, and run by, victim hosts are for two purposes. First of all, these dummy programs keep a network intruder busy looking for valuable information where none exists because of their mystifying patterns, effectively convincing him or her to isolate themselves in what is truly an unimportant part of the network. This bait is designed to keep an intruder from getting bored and heading into truly security-critical systems. The other part of the victim host strategy is intelligence gathering. Once an intruder has broken into the victim host, the machine or a network administrator can examine the intrusion methods used by the intruder that can be used to build specific countermeasures to intrusion techniques, thus fortifying the security mechanisms in use

Spammers who probe systems for open relays/proxies will get lured to send mail through the honeypot wasting their time and potentially revealing information about themselves and the source of the spam to an alert entity who is monitoring the honeypot. Such a system may simply discard the spam attempts, store them for analysis, or submit them to DNSBLs.

The SMTP protocol requires that the connections be closed with a Quit command. Many spammers skip this step since closing the connection takes time and bandwidth. Some MTAs like Exim(Experimental Internet Mailer) are able to detect the use and no use of the Quit command they can track patterns of use for building DNSBLs

Nolisting is one of the methods of defending electronic mail users against e-mail spam. The idea is that by having a non-existent primary mail server and a working secondary mail server, attempts to contact the primary mail server will always fail thus, if the mail is sent by a correctly configured email server, the sending server will then try to contact the secondary mail server, and should succeed. Spammers frequently use custom software, which do not retry higher-priority MX records.
As the SMTP requires, email servers for any given domain must be provided in a prioritized list (namely,MX records). It also specifies further mandatory error handling behavior when servers in that list cannot be contacted. Nolisting involves purposely creating unreachable MX records, so that senders who have implemented this error handling code can deliver mail successfully.
This technique relies on spammers using custom software, which ignores the SMTP protocol. Hence, it is not a viable long-term solution. Spammers can cheat Nolisting by simply using standard email server software or by adding a little error-recovery to their custom software. Thankfully, Nolisting can be abandoned if it ceases to be useful.

HTML e-mail is the use of a subset of HTML to provide formatting and semantic markups capabilities in e-mail that are not available with plain text.

Most graphical e-mail clients support HTML e-mail, and many default to it incorporating both a GUI editor for composing HTML e-mails and a rendering engine for displaying received HTML e-mails.

HTML mail allows the sender to properly express quotations (as in inline replying), headings, bulleted lists, subscripts and superscripts, emphasized text, and other visual and typographic cues to improve the aesthetics and readability of the message, as well as semantic information encoded within the message, such as the original author and Message-ID of a quote. Long URLs can be linked to without being broken into multiple pieces, and text is wrapped to fit the width of the user agent’s viewport, instead of uniformly breaking each line at 78 characters as was necessary on older text terminals. It allows in-line inclusion of tables, as well as diagrams or mathematical formulae as images, which are otherwise difficult to convey.

Many mail programs these days incorporate Web browser functionality resulting in the display of HTML, URLs, and images. This easily exposes the user to offensive images in spam. Additionally, spam written in HTML contains web bugs that allow spammers to see that the email address is valid and their message has not been caught in spam filters. JavaScript programs make it difficult for the user to close the advertised page or direct the user to another web page. Spam messages take advantage of these security lapses, using these holes to install spyware. Mail clients, which do not enable HTML in their messages, are pretty much safe and have fewer risks when compared to those who have these functionalities enabled.

Cost Shifting: Sending bulk email is very very cheap. With a 28.8 dial up connection and a PC, a spammer can send about thousands of messages per hour. But since every person receiving the spam must bear the cost of dealing with spam the cost incurred by the recipient is greater than the cost incurred by the sender. Though some junk emailers may say, “Just hit the Delete key!” the problem surmounts to more than a person just deleting a couple of mails. In Internet, the word “time” has several meanings and is not just the hourly rate at which people are billed. It may include the load on the processor for the ISP’s servers. ”CPU Time” is very precious since processor performance is a critical issue for the ISPs. If the CPUs are tied up while processing spam, it creates a drag on all the mail in the queue whether they are wanted or not. Filtering cannot be adopted as a strategy for filtering spam by the ISPs since they consume a lot amount of time. Bandwidth costs are a major portion of small and mid size ISPs and is a major reason why ISPs have a low margin of profit. But when an external entity starts to use the ISP’s abndwidth, the ISP has a limited number of choices

• Allowing the customer cope with slower rates
• Bear the cost of increasing bandwidth or
• Raise rates

“Time” also coupled with volume, makes up for some interesting problems. Recent comments made public by AOL stand as a usual point of reference: of the estimated 30 million email messages per day, about 30% were unsolicited commercial email (UCE). With such huge amounts of data, it is a burden for the ISP to store and process that amount of data. Such huge volumes may contribute to the access, speed, and reliabilty problems experienced with a lot of ISPs. If large outfits like Netcom and AOL have trouble coping with the flood, its a pity that small IPS are dying under the crush of spam.

Fraud: Since many of the recipients of the junk email (around 95%) prefer not to receive it, the junk emailers have clever tricks up their sleeve to woo the recipients to open their messages. Tricks such as changing the header in the subject line, may look anything other than an advertisement. Another trick is to relay their mail messages off the mail server of an innocent third party. This tactic has a two-fold effect: both the relay system and the innocent mail victim are flooded with junk messages. Another trick the spammers use is to forge the headers of messages, making it look like as if the message originated elsewhere.

Waste of other’s resources: When a spammer sends out messages it is carried by numerous other systems in its way and there is no justification for the additional load these systems have to bear for the extra payload of the advertisement.

Spammers adopt very fraudulent and tortious techniques to avoid being held responsible in the court. Though large companies may afford to fight these cutting edge lawsuits, small “mom and pop “ ISPs are left to deal the flood of messages on their own.

Ronald Coase and his economic theory: He said that it would be particularly dangerous for a free market when an inefficient business (one that can’t bear the costs of its own activities) distributes its costs among a larger number of victims. It is because when millions of people suffer only a small amount of damage, it becomes more costly for the victims to go out and hire lawyers to recover their damages they suffered. Unless and until that population unites and fights back it will continue to bear those unnecessary and detrimental costs. This is what encourages the spammers to continue their dirty work.

In economic terms, this may be a prescription for disaster. Since when inefficiencies are allowed to continue, the free market would no longer continue at peak efficiency. As learnt in college Microeconomics, the “invisible hands” normally keep the market efficient and balance it, but inefficiencies tip everything out of balance. However, in the context of the Internet, these forces are no longer considered invisible but are actually visible. They can be seen when you have trouble accessing a web site, or when your email takes 3hrs to travel from AOL to Yahoo! Mail, or when a flood of spam crashes your ISP’s server.

CAUCE believes that stealing is stealing be it a penny or a dollar. Remember it is enough to only steal a penny from 4 million people to buy yourself a Mercedes Benz.

Displacement of Normal Email: In the late 1980s when fax machines were used to send messages, the concept of sending advertisements through these machines also came up and it became a difficult task to get the fax you were expecting since you had to go through a lot of junk before you got the right mail. Similarly now the spam that is received today is displacing the actual mail that is meant for us and has led to a tremendous amount of clutter in our inboxes.