International Journal of Engineering, Management & Sciences (IJEMS) ISSN-2348 –3733, Volume-2, Issue-4, April 2015
The Effects of Spam Regulations Marwan Ali Albahar Abstract— The revaluation of Internet in current century has brought many advances to the humanity. It has changed their life to better and it has also altered their way to communicate with each other. The most frequent mean not only people but also organization prefer to communicate is e-mail. People utilize email for their social purposes such as keeping touch with their friends or family. Moreover, most organizations currently choose e-mail as formal way to communicate with their employees or customers. In addition, since the e-mail has become attractive tool to communicate, companies and individuals has benefited from this advantage to promote their products or services (Magee, 2003). Index Terms— Spam, e-mail, Spam filtering.
I. INTRODUCTION Nowadays e-mail has become nightmare to both Internet Service Provider and e-mail users because of well know issue called spam. Spam defines as “ the practice of sending unsolicited e-mails, most frequently of a commercial nature, in large numbers and repeatedly to individuals with whom the sender has no precious contact, and whose e-mail address may be found in a public place on the Internet, such as newsgroups, mailing lists, directory or website” (Magee, 2003). Spam has become serious issue for both individuals and ISPs. Scientist researchers have responded to this issue by conducting some research to invent sophisticated technical methods. Furthermore, Lawmakers have participated in remedying the problem by issuing regulations in order to stop flooding of spam email. Meanwhile, spammers have reacted to these movements by figuring out new approaches that overcome these solutions. Thus, neither technical solutions, nor legislative solutions have resolved the spam problem yet. II. SPAM GROWTH In 1995, the US government permitted for both people and business to use Internet for commerce purpose. This decision led the volume of e-mail including unsolicited bulk email “spam” to increase dramatically. But the email users in that time saw the spam as minor annoyance that basically solved by deleting the unwanted messages. According to American Online (AOL), the estimated number of spam messages they received in 1997 was 3 million per day (HOANCA, 2006). As the bandwidth of network has expanded and the number of Internet’s user has increased dramatically, the volume of spam has been growing that increases the level of Manuscript received April 24, 2015. Marwan Ali Albahar, Department of Computer Science, Frost Burg State University, Maryland, USA.
32
annoyance and constitutes harmful effects to both users and ISPs. In July 2010, the estimated number of spam sent around the world was reached 250 billion per day. So, each person around the world received approximately 40 spam messages per day (“Spam, a Lot,” 2011). According to Andrew Jaquith, senior analyst at the Yankee Group, he compared the percentage of spam e-mail the financial services corporation and manufacture industrials received. His analysis shows that the financial corporation experience spam in low 90% range, while the manufacture industries’ email consist of 40% to 50% spam. Moreover, he also shows that spam email makes up 90% of his personnel email (Paulson, 2005). Some research has been conducted to find the major factor that contributes to the huge number of spam. It turned out the low price of bulk email is major factor of spam (Cranor&LaMacchia, 1998). The sender of spam email is known as “spammer”. They use sophisticated software such as botnet that allows them to send tens of millions ofspam email every day. In 2008, according to some researcher, the estimated cost of sending million-spam email was approximately 80$, which is cheap compared to regular mail (“Spam, a Lot,” 2011). III. ISSUES ASSOCIATED WITH SPAM A. Contradiction and spam content Since merchants have right to promote their products, merchants send commercial emails to any potential consumers in order to increase the sale. On the other hand, email users want to be free from exaggerative commercial. Attempting to make balance between business interest and private individual will create obvious contradiction. Moreover, the spam email might contain explicitly sexual material. Since spammers send these emails randomly, minors and children could expose to these material that will increase worries in parents (Magee, 2003). B. Cost Shifting One of the main reasons that have grown volume of spam rapidly is cost shifting. Spam recently has been considered heavy burden on both ISPs and individuals. Marketers have evolved the advertising methods from passive form such as TV commercial into more attractive and cheaper form like spam email. The cost of spam email does not increase if the number of spam rises. That encourages marketers to prefer this technique of advertising and send as many spam e-mail as possible. On other side, email users need to spend time to identify and delete these messages that represent the cost of spam on individual (Magee, 2003).
www.alliedjournals.com
The Effects of Spam Regulations
Besides time consuming, Internet Service Provider (ISP) is other victims of spam. When ISPs are swamped with massive amount of email including spam, huge bandwidth of network and memory is consumed that will create further cost on ISP. This additional expense eventually passes to Internet users. Also some website that offers free email service discontinues the services due to cost of spam. In addition, spam might hit reputation of ISP badly that cause ISP to loss of business when the level of annoyance increase that lead Internet users disconnect the service and switch to other ISP (Magee, 2003). For instance, when the user email is flooded with spam email, they complain about annoyance to ISP. As the number of complaint from clients has increased, the ISP needs more staff to handle these complaints and also maintain spam filter software up to date that will rises the ISPs’ expenses (Pfleeger& Bloom, 2005). AOL has filed lawsuit against spammer recently. ALO claims they were flooded with more than 1 billion spam messages. That result in AOL to receive 8 million complaints. Moreover, the estimated whole cost of spam in 2003 exceeds $20.5 billion over the world According to Radicati Group. This shows the influence of spam on economy. Also Osterman Research has conducted research to figure out economic cost of spam per individual around the world. The economic cost of spam for enterprise email user is $1400 per year. For companies consisting of 10 employees, this represents an additional cost of $1400 per year due to spam (Vircom, 2004). IV. CYBER ATTACKS Beside the additional cost caused by spam, spam can be classified as securitybreach. Spam might be used to launch cyber attack such as denial of service attack. Spamemail sometime is used as effective tool to achieve denial of service attack to some website or ISP. That is accomplished by flooding target server with huge amount of spam email. For instance, in 2003 cable provider Telewest encountered denial of service attack. Such attack resulted in loss of service for 200,000 subscribers. Moreover, potential attack for psychological warfare can be existed by radical group. This group sends huge amount of spam email to intended audience. The aim of spam message is to spread fear among the audience. Furthermore, Spammer attempts to hide his real identity by using fake email header and third parties used as intermarries. Without precaution the recipient often purchases poor products with no way of contacting the sender in order to fix the situation. Moreover, false identity enables spammer to gain money from unexpected recipient. They encourage recipients to invest some money. In return, the recipients are promised to earn more. In 2003 Fraud and harassment were the basis for 15 lawsuits filed by Microsoft (Pfleeger& Bloom, 2005). A. First Amendment First Amendment in US constitution states that any law that restricts freedom of speech is prohibited. Spammers call the first Amendment in attempt to defend their activities. It is significant to determine to what extent constitution protects commercial speech. The earliest case that call first
33
Amendment protection was filed by cyber promotion against AOL. In that case, Cyber promotion claimed AOL classified cyber promotion’s emails as spam and then blocked its emails. According to cyber promotion, that violated its rights to practice freedom of speech. U.S. District Court for the Eastern District of Pennsylvania rejected the case. The court said AOL’s actions were not subject to first Amendment review (Magee, 2003). V. TECHNICAL SOLUTIONS A. Spam filtering To control the flood of spam, the scientist researchers have invented innovation called spam filter. Spam filtering is program-composing set of instructions. These instructions verify the status of receiving messages. Spam filtering aims to prevent unwanted messages (spam) from reaching the recipients (Hassan & Fung, 2006). Recently, Spam filter have become more intelligent to detect spam emails quickly and block them. The main advantage of using spam filter is to lower the loss of time of email users. Also, if spam filter detect spam emails, it will automatically discard them that will considerably avoid of storing cost (Khong, 2004). The spam filtering designs using various methods. The most three commonly methods used are black list filtering, white list filtering, and Bayesian Filter (Content Focus). Black list filter is basically approach that depends on list of emails that are not allowed to pass through. This approach assumes incoming emails contains common names or phrase in header, IP address, or domain (Hassan & Fung, 2006). However, there are some limitations that reduce the efficiency of this approach. The black list should be updated manually to obtain desirable result. The other limitation with black list filtering is that it might consider legitimate messages spam that is known as positive false. That reduces the recipient’s confidence of usage email. For example, in 2002 100 emails from Harvard did not delivered to legitimate recipients because AOL filter blocked them (HOANCA, 2006). White list method considers all receiving messages spam. It only allows the messages containing in database to pass through recipients. The white list is built collaborating with recipients. In order to enter new entry into list, it needs recipients’ confirmation. But, the disadvantage of this approach is the time consuming that put burden to the recipient (Hassan & Fung, 2006). Bayesian Filter approach extends to text classification technology. This approach checks textual content of message and use specific algorithm to identify the spam messages. This algorithm classifies the occurrence of certain words or phrases based on how and where they show up in email. However, the challenge with this approach is that the algorithm used faces some difficulty to interpret the images spam contains (Hassan & Fung, 2006).
www.alliedjournals.com
International Journal of Engineering, Management & Sciences (IJEMS) ISSN-2348 –3733, Volume-2, Issue-4, April 2015 VI. LEGISLATIVE SOLUTION A. Can- Spam Act According to The United Nations Conference on Trade and Development, more than half of all spam email has come originally from United State. Therefore, the United State should be the first country that takes step to regulate spam. In response to demands, the United State enacted legislation designed specifically to restrain the flood of spam in 2003. The act aims to regulate commerce between states by imposing limitations and penalties on transmission unsolicited commercial messages. According to Act, email marketers must be comply with these following rules: Can-Spam Act prohibits address harvesting and dictionary attack. Spammers usually utilize automated software to gather email addresses by searching websites or other Internet resources that contain e-mail addresses. CanSpam Act also outlaws either unauthorized used of or hijack of protected computer system. Spammer often hijack third party server to send their messages. This avoids them from putting in black list or remove from Internet by ISP. Can- Spam Act prevent sender from sending messages with header containing false e-mail address, domain name, or IP address that might mislead the recipient. CanSpam Act requests the senders to introduce themselves in the header with certain format. Can-Spam Act prohibits the senders that present false identity when creating e-mail account from sending commercial messages using these accounts. Using automated technique such as programing script to sign up for e-mail accounts that used to send commercial messages is illegal under Can- Spam Act. If the message contains sexual content, it is mandatory based on Can- Spam Act that the sender put warning label in subject header or make the warning label visible when opening the message. Can- Spam Act require the sender that send commercial message electronically to provide opt – out option for recipient in every message. Recipient use this option to notify the sender to stop sending the messages. The sender must remove the recipient’s e- mail address from his email list within 10 days and then the sender must send confirmation email to recipients to show they are no longer in the list (Vircom, 2004, p.5). The table below illustrates the expected benefits that return to email user by enforcement of Can- Spam Act. The table shows the expected increase cost in creating and delivering spam messages for spammer as well. According to benefits mentioned in table, Internet users are promised to obtain fast network speed when removing the spam messages from network, since the spam messages utilize more than half of network bandwidth. Based on the table the economy of spam will be affected negatively by enforcement of CanSpam Act as the number of recipient respond to spam messages get lower (Lee, 2005).
34
VII. HITTING THE ECONOMY OF SPAM APPROACH Some scientist researchers propose solution to spam by hitting the economy of spam. They look at spam as business that consists of complex technical and business component. Instead of focusing on issue of delivering spam that is visible part of the business, they concentrate on payment process and banks that spammers deal with to collect their money. These elements consider necessary factors for infrastructure of spam. They classify the spam’ activities into three stages: Adversity, on click, realization. In advertising stage, spammers focus on how to reach potential consumer and let consumers click on particular URL by using some techniques. The second stage is on click that redirects the consumer’s browser to website of interest. The last stage the scientist researchers focus on this proposed technique is realization. The consumer in this stage is convinced to buy the product and complete the payment process using traditional payment network. Thus, the money of transaction is transferred from issuing bank “consumer’s bank” to acquiring bank “spammer’s bank” through card association network “ Visa”. Scientist researchers observed critical bottleneck in payment process. Only 13 banks process Spam transactions. Among these small set of banks, there is obvious concentration on few of them. For example, two banks handled all software’s purchases scientist researchers performed. Also, scientist researchers found 95% of spam transaction served by only 3 banks. From theses observation, scientist researchers claim that there are few alternative banks willing to deal with spammer. Also, switching to new bank would create additional cost for spammer such as set up fees. The process of activating spammer’ s account and link it to payment process requires arrangement with more than parties that take great deal of time. That would cause considerable damage to spammer’s profit. Scientist researchers suggest that spam issue can be addressed by enforcing policy on issuing bank “consumer’s bank”. This policy bans banks from settling certain transaction for banks that support spammers’ activities (Levchenko, et al. 2010).
www.alliedjournals.com
The Effects of Spam Regulations
Do these solutions stop the spam? There are critical causes that restrict the effectiveness of technical and legislative solutions on controlling spam. First, since the Spam laws around the world vary from jurisdiction to others, technical solution become global measure to defend against spam. However, the cost of adopting this solution is substantial in term of money and email users’ confidence. Since the spammer become more familiar with spam filter, spam filter should be updated constantly that creates tremendous cost. Also, the issues of positive and negative errors which, spam filter prevent legitimate email or pass spam email as legitimate would give the email user impression that spam filter is not reliable technology to rely on (Magee, 2003). Second, spammers have capabilities to adapt their approaches quickly to trick conditions caused by enforcing CAN-SPAM Act. For example, the Internet security expert has added new security feature called captchas when signing up for new email account. It shows the web user picture has strings and ask web user to type it. This feature aims to verify that the web user is human not spam software. In response, spammers hire people in developing countries to solve this puzzle. Spammers pay only 2$ for each 1000 solved text. So, spammers tackle this feature and continue sending more spam (Bajaj, 2010). Also, spammer figure out methods to spoof legitimate e-mail addresses to send spam messages. Spammers exploit the well-known organizations’ domain to spoof addresses. Spammers share these addresses with other spammers that enable them to create more spam. That causes some organization to be on black list filter that block any messages come from that domain. For example, the IEEE computer society has appeared in spam filter for some commercial companies because of spoofed messages. Moreover, spammers are able to pass their messages through spam filter without detecting by employing several tricky techniques. For instance, spammers use some German interspersed in English-language messages (Paulson, 2005).
bandwidth to send spam. Therefore, the spam law has not affected the spammers. According to Spamhaus, the origination of 80% spam speared in Europe and North America comes from fewer than 200 spammers operating illegally. Sixth, although Can- Spam Act punishes the spammers with strict penalties reaching to jail and million dollars as fine, this has not discouraged the spammer from continuing send more spam. Most spammers believe that investigating their activities need several years and these investigations will not prevent spammers from continuing to send more spam. According to spam filter company on its monthly report on fab 2004, the 80% of messages reaching its customer’s email was spam that was contrary to expected benefits mentioned early in table (Lee, 2005). According to two spams filtering vendors, 1% of spam email was compatible with Can- Spam Act requirements (Gross, 2004).
Third, critical factor that lower the efficiency of law is Jurisdiction. If global law intended to fight spam were created using law of jurisdiction of world, differences would outweigh similarities that would create conflict when enforcing the law. Since spam involve in many aspect of law such as freedom of speech, intellectual property, libel, and criminal law, it arises conflict with domestic law (Magee, 2003). Fourth, the technology has evolved quickly and the law is slow to keep up with evolving of technology. Thus, law might face difficulty to represent some new technology such as cookies in law. Spam has capabilities to transform into different forms such as Spim, which is type of spam sent over instant messaging services. Each various type of spam needs different law to deal with that require years to pass while technology needs months to change. Fifth, The spam law has great impact on servers by regulating Internet Service Provider (ISP) and other entities that manage the Internet. But the spammers are not associated with them because they often steal the resources and network
35
The table above illustrates the effects of Can-Spam Act on the volume of spam email as percentage before and after Can-Spam Act was enforced. It is clear that the percentage of spam email remained stable at first month of enforcement of the Act. Then, the percentage of spam email
www.alliedjournals.com
International Journal of Engineering, Management & Sciences (IJEMS) ISSN-2348 –3733, Volume-2, Issue-4, April 2015 began decreasing because spammers did not adapt themselves to new conditions created by enforcing the Act. However, the percent of spam email returned to increase because of limitations in enforcement of Act (Pfleeger& Bloom, 2005). Seventh, Information technology should adapt new technologies to successfully defend against spam. However, that does not happen because IT departments typically have annual budget that restrict them to deploy new technology to solve. This administrative obstacle keeps IT departments behind. In its monthly report from May 2005,software vendor Symantec found that the percentage of Internet email that was spam remained stable for the last month (Paulson, 2005).
[4] [5] [6] [7] [8] [9] [10] [11] [12]
VIII. CONCLUSION
[13]
In this paper, I discuss the most damaging and costly problem to email users and ISPs, which is known as spam. Spam issue has proved it is a continuous problem that has resisted all existing solutions. As publicity of email has increased, several issues have been shown up. Marketers have overstated to promote their services or products that have led email users to complain. Despite that fact marketers hold legal right to send commercial emails, email users have rights to not be bothered by unsolicited commercial emails. That creates clear contradiction. Also, practice of sending commercial emails by tens of millions has disrupted the network traffic that creates additional cost. Email users eventually has incurred the cost in two forms by spending time to delete unwanted messages and being charged more. Other identifiable issue is security breach that might lead to harmful cyber attack such as denial of service attack. In addition, some constitutional concerns raises on surface when spammers invoke First Amendment to justify their actions. That raises wonder to which degree constitution protects commercial free speech.
BAJAJ, V. (2010, April 26). Spammers Pay Others to Answer Security Tests. New York Times. p. 6. Vircom. (2006). Can laws block spam. Retrieved from http://www.spamhelp.org/articles/Can_Laws_Block_Spam.pdf(2011, January 14). Spam, a Lot. New York Times. p. 26. Pfleeger, S., & Bloom, G. (n.d). Canning spam: Proposed solutions to unwanted email. Ieee Security & Privacy, 3(2), 40-47. Paulson, L. (2005). No Quick Fix for Spam. IT Professional, 7(3), 11. Cranor, L., &LaMacchia, B. A. (1998). Spam!.Communications Of The ACM, 41(8), 74- 83. Šolić, K., Šebo, D., Jović, F., &Ilakovac, V. (2011). Possible Decrease of Spam in the Email Communication. Hassan, T., &Fung,C. (2006). An Intelligent SPAM filter – GetEmail5. Gross, V. (2004, January 13). Is the CAN-SPAM Law Working?. PC World. Magee, J. (2003). The Law Regulating Unsolicited Commercial E-mail: An International Perspective. Computer & High Technology Law Journal. Lee, Y. (2005). The CAN-SPAM Act: A Silver Bullet Solution. Communication of ACM.
The need of effective solutions to the problem has become apparent. The first solution that invented to deal with escalating problem was spam filter. Spam filter was designed to detect spam email and delete them automatically. However, the limitation of spam filter such as positive false has proved it is insufficient to only depend on spam filter to control spam. This increased the demands of legislative solution to stop the flood of spam. US congress in 2003 enacted new law called Can-Spam Act in order to regulate unsolicited commercial emails. Unfortunately, the Can-Spam Act has not affected the volume of spam considerably due to limitation in enforcement of act. Some researchers propose solution that focuses on banks willing to deal with spammer by not processing transaction to these banks. REFERENCES [1] [2] [3]
Bhuleskar, Sherlekar, Pandit. (2009). Hybrid Spam E-mail Filtering. Hoanca, B. (n.d). How good are our weapons in the spam wars?.Ieee Technology And Society Magazine, 25(1), 22-30. Khong, D. (2004). An Economic Analysis of Spam Law. Erasmus Law and Economics Review 1.
36
www.alliedjournals.com