Tuesday, July 12, 2005

The War on Spam

Tom Keating - VoIP Blog


The war on spam is a battle that no doubt will be fought for years to come. As the spammers continue to send viruses packed with email zombie programs and terrorize unsuspecting victims who open their attachments, we have to wonder when the spamming wars will ever end. Make no mistake, it is a form of terrorism.

There are countless victims of identity fraud that are a result of keystroke loggers and other forms of viruses that send your personal information to the virus writer (aka terrorist). Even if their identity isn't stolen, just think of the panic and terror that victims feel when they open the attachment and their PC starts acting strange. The users may wonder "Did I just infect myself with spyware?" or "Did I just infect my PC with a virus?" or worse, they may wonder "Did I just give the 'keys' to all my confidential information, including all my passwords to the virus writer? Will they steal my identity and will I find strange activity on my credit report?"

The thought of identity theft is scary, indeed 'terrifying' if you think about it. It could be months of worrying if a simple double-click on an attachment resulted in the destruction of your bank account and good name/credit. Even if the virus is relatively harmless, you still may worry for months to come, especially if you aren't technically included to figure out exactly what the virus did to your PC. And if the unthinkable happens - not only will you have to spend time and money fixing your credit, but the stress itself is no picnic. Yes, spammers are terrorists - plain and simple.

I say whenever these spammer terrorists are caught, we skip the whole "due process" thing and ship them to Guantanamo (aka Gitmo) where all terrorists belong.

I bring this topic up because I just received an email (pasted below) discussing how terrorists are now using zombie PCs more often (62%) due to the "stricter" spam border patrols that for example Microsoft has put on its Hotmail servers to block illegal immigrants... err I mean 'spam' from entering Hotmail's servers. Instead, zombie PCs use legal netizen's PCs to send out the illegal terrorists spam since this bypasses Sender ID and Sender Policy Framework (SPF) email authentication spam-blocking techniques.

Where's the Minutemen Civil Defense Corp when you need them? We need Minutemen to patrol the Internet and block spam (especially foreign spam which for me is 90% of my spam) from entering our borders!

Anyway, here's the email I wanted to share...

MX LOGIC REPORTS SPAMMERS CONTINUE TO LEVERAGE SPF AND SENDER ID EMAIL AUTHENTICATION PROTOCOLS

--Zombie PCs Account for 62 Percent of Spam in June; 4 Percent of Unsolicited Commercial Email in 2005 Complies with Federal Anti-Spam Law--

DENVER July 11, 2005 MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, today released its latest data on corporate email security. Among the key findings, the company reported that spammers continue to adopt Sender ID and Sender Policy Framework (SPF) email authentication protocols intended to help stop fraudulent email.

In a sample of more than 17.7 million unique email messages that passed through the MX Logic® Threat Center from June 19 through June 25, 2005, MX Logic found that:
9 percent were from domains that had published an SPF record, 84 percent of which were spam sending domains; and,
0.14 percent were from domains that had published a Sender ID record, 83 percent of which were spam sending domains.

Email authentication protocols including SPF, Sender ID, Domain Keys Internet Mail (DKIM) and others are intended to help verify the origins of email at the domain level, making it more difficult for spammers and phishers to stay in business.

"Spammers continue to leverage SPF and Sender ID with the intention of making their messages appear more legitimate and to possibly avoid having their messages delivered with an onscreen notification that a Sender ID record was not found, a method Microsoft recently announced it will use on Hotmail," said Scott Chasin, chief technology officer, MX Logic. "The strength of these protocols is further compromised by the fact that many legitimate senders have yet to adopt either Sender ID or SPF."

Chasin also noted that industry trials of both SPF and Sender ID have raised concerns about the protocols' effectiveness when email messages are forwarded or resent and in their ability to stop forgery of the most common user-visible mail headers. He pointed to a technical paper published by the Messaging Anti-Abuse Working Group, of which MX Logic is a member, which contains the results of more than six months of evaluation of SPF and Sender ID email authentication protocols.

"While we applaud industry efforts to develop email authentication protocols, no domain authentication protocol can guarantee that a message you receive really does come from who you think it comes from," said Chasin. "Additionally, for any domain-based email authentication protocol to be effective, it would have to be embraced by a critical mass of domain name holders. Imposing one protocol without mass adoption could result in the unfair treatment of a large number of senders of legitimate email."

In addition to data related to email authentication, MX Logic also issued the following findings:

Zombie Networks Account for Majority of Spam in June During June, spam sent through zombie PCs accounted for an average of 62 percent of all spam filtered by the MX Logic Threat Center. This compares with 55 percent in May and 44 percent in April.

"The continued proliferation of zombie PCs has levied a heavy cost on ISPs and email end users," Chasin said. "Compromised PCs have resulted in millions of email users being unknowingly blacklisted, often through no fault of their own."

Zombie PCs are neglected, "always-connected" broadband PCs that spammers hijack by installing a spam Trojan. Once infected, these zombie PCs provide worm authors with remote command-and-control spam-distribution capabilities, allowing them to create a legion of zombie computers that can pump out unwanted email and initiate Denial of Service (DoS) attacks.

"To make a real dent in the amount of spam sent globally, efforts must focus on helping service providers reduce outbound messaging abuse by identifying compromised PCs," Chasin said.

One such effort began in May, when the Federal Trade Commission (FTC), along with 35 government partners from over 20 countries, unveiled "Operation Spam Zombies." This international campaign is designed to educate Internet Service Providers (ISPs) and other Internet connectivity providers about hijacked, or zombie, computers that spammers use to flood inboxes.

Only 4 Percent of 2005 Unsolicited Commercial Email Complies with Federal Anti-Spam Law MX Logic also reported that monthly compliance with The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act averaged 4 percent during the first six months of 2005. The findings are based on a survey conducted by the MX Logic Threat Center of more than 250,000 email messages since January.

MX Logic has tracked compliance with the CAN-SPAM Act since the law went into force on Jan. 1, 2004, by examining a random sample of 10,000 unsolicited commercial emails each week. On average, only 3 percent of unsolicited email has complied with CAN-SPAM since the law went into effect. Compliance hit a peak of 7 percent in December 2004 and reached an all-time low of 0.54 percent in July 2004.

"In terms of stopping spam, legislation is a blunt instrument," Chasin said. "Its real value is that it provides enforcement power to ISPs, the FTC, state attorneys general and other government agencies. Consistently low CAN-SPAM compliance underscores the need for further progress in industry cooperation and consensus on email authentication protocols, as well as end-user education."

Media and analysts interested in the latest CAN-SPAM compliance number can find it at http://www.mxlogic.com/news_events/.

Monitoring billions of messages per month for over 4,300 organizations worldwide, the MX Logic Threat Center combines advanced, accurate and up-to-the-minute email defense technology and human-messaging expertise to protect MX Logic customers from spam, viruses, worms, phishing attacks and other email threats.

19 Comments:

Blogger Online Incomes said...

You have a nice blog here. Did you know
there Is A 90% Chance That Your Computer Has AdWare Or Spyware On It Right NOW!

Spyware and Adware viruses have rapidly become the number one threat to your computer with over 90% of computers already infected. These include trojans, bugs, ad serving software, monitoring software and more.
I also have a adware bargainbuddy site-blog. It can help you find and get rid of spyware, adware plus other stuff pn your computer for good. Free downloads.
You should check it out if you get the time!

2:03 PM  
Blogger Joe Muka said...

Hi, Saw your site late night. Some of your ideas I may use for my site about voip services It's kind of a boring topic...I liked some of your info.

8:44 AM  
Blogger Search Engine Optimization Tips said...

Would you like to swap links? Just post a comment somewhere on my blog,
I won't delete it. Thanks and take care,

John

11:29 AM  
Blogger H. Nakajima said...

I have a based business food home starting
site. It pretty much covers based business food home starting
related stuff. Check it out if you get time :-)

9:21 AM  
Blogger JT said...

Great Blog! A real pleasure to read! Do you know that Traffic Portals will really boost your conversion rates and generate exclusively yours leads? We offer VOIP webinars - Marketing Courses Using Web Conferences about Traffic Portals I also have a website that talks about various high profile topics such as Retirement and includes an eBusiness Directory. I also would like to tell all of you reading this terrific blog about Retirement that should you be in need of a terrific host for a serious eCommerce Website that www.Kiosk.ws is Awesome Hosting value! They have the best online support team for all of your technical questions and a 3 minute emergency pager too. Looking to start your own affiliate program? They have an excellent script for you! They give you $70,000 dollars worth of software to build just about any type of e-commerce website you need! Go check it out if you get a chance. You can make more money than you spend and Create Free Will for Yourself! Again, Great Blog! Thanks. The info on Retirement Sooner was very informative!

5:12 AM  
Blogger startonline said...

great blog on reporting identity theft I have abolg on the subject here reporting identity theft

2:33 AM  
Blogger My VoIp Solutions said...

Hey, you have a great blog here! I'm definitely going to bookmark you!

I have a verizon voip site/blog. It pretty much covers verizon voip related stuff.

Come and check it out if you get time :-)

1:58 AM  
Blogger brian said...

good resource here. I would also link to grand theft auto

10:15 PM  
Blogger telekom said...

Hi,

We may share some interest part of telecommunications story or update, so visit my website **Telecom** site/blog. It pretty much covers Telecommunications Updates related stuff.

Have a nice day.
Otai

8:30 PM  
Blogger Swingin80 said...

Cool blog you have. I have a two way pager related site. Check it out if you get a chance. The URL is two way pager

10:37 PM  
Blogger Wi Wisconsin House Cleaning said...

Sensational blog. I took pleasure in the site and I
will go back! Surfing online for blogs like this one
is worth my time.
Everyday of the month you need to peep my home based computer business opportunity blog.

10:35 AM  
Blogger 10 Best Home Based Business said...

Hype blog. And I admire your site and plan on
returning to it! When I web surf it always helps me to
find great blogs.
I want you to look for my home based business marketing blog.

2:07 AM  
Blogger Scott A. Edwards said...

NOW, check this out for FREE...

There is a new, fully automated traffic-generation system that can send 1000's of targeted prospects to your website, for FREE! It only takes 5 minutes to set up to set your FREE account!

To find out more visit: making easy money online site. It successfully exposes FREE information covering Traffic and making easy money online related stuff.

11:08 PM  
Blogger Joe Berenguer said...

I was searching blogs,and I found your site.Please,
accept my congratulations for your excellent work!
If you have a moment, please visit my site:
domain names center
It pretty much covers domain names center related issues.
Have a good day!

3:02 AM  
Blogger Scott A. Edwards said...

Hello I am the traffic man, zip, zip, zip. make a new resolution to get a flood of traffic to your website this year. Let me show you how to get FREE traffic to your site. Yes I said FREE, FREE, FREE!!! Don't delay.

To find out more, visit my how to start making money online site. It successfully covers FREE information exposing FREE traffic and how to start making money online related stuff. Don't forget - FREE, FREE, FREE. You have nothing to lose!

2:57 PM  
Blogger PLLTGFVQ said...

Hello Friend! I just came across your blog and wanted to
drop you a note telling you how impressed I was with
the information you have posted here.
I also have a web site & blog about games center so I know I'm talking
about when I say yours is top-notch! Keep up the
great work, you are providing a great resource on the Internet here!
If you have a moment, please visit my site fix computer error free

10:40 AM  
Blogger p said...

http://www.idesirefreedom.com/home based mlm business opportunity
***Hi, this is Paul. I found this great way of getting phone verified leads FREE.
Discover how you can use the same Million Dollar Recruiting System that I use at NO-CHARGE ,
for the first 30 days! Plus, get a FREE 23-Page Report Called:
�My Million Dollar MLM Recruiting System!�***

http://www.idesirefreedom.com/

10:25 PM  
Blogger Anesha said...

Hi Nice Blog .Data processing services are helpful in streamlining a wide range of corporate activities and operations. Data processing and related other services are not only good to present the full and processed data that is to be used for the overall benefit rather their primary function is to present an insightful explanation of the data.data conversion services india

4:31 AM  
Blogger Henry Fernandes said...

I just want to inform everyone to a new web site called VoIP Spear (www.voipspear.com) to measure your QoS. It's the Internet's best and most accessible QoS testing service. It utilizes packet loss, latency, and jitter to calculate a MOS score between 1 (very poor quality) and 5 (excellent quality) for your Internet connection. VoIP Spear runs 24x7x365 so you can always have an idea of what your VoIP QoS is.

VoIP Spear shows your QoS in easy-to-read charts. You can also have it send you email alerts when your quality drops too low.

VoIP Spear is free for personal use.


I just want to inform everyone to a new web site called VoIP Spear (www.voipspear.com) to measure your QoS. VoIP Spear is free for personal use.

11:27 PM  

Post a Comment

<< Home