Welcome!

Linux Containers Authors: Elizabeth White, Pat Romanski, XebiaLabs Blog, Liz McMillan, ManageEngine IT Matters

Related Topics: Linux Containers

Linux Containers: Article

Empowering Linux Users to Reclaim Their E-mail Experience

An active, community-based approach to fighting and eliminating spam

The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues to infiltrate our in-boxes every day. Not only does it cost consumers and businesses precious time, money, and resources, but it also represents a huge security risk since many spam sites infect individual computers and corporate networks with viruses or spyware.

Unfortunately, existing anti-spam solutions don't solve this grave problem, but try to hide it. These solutions are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence does absolutely nothing to stop spam from coming in the first place. As a result, Internet users are losing faith in e-mail and are turning to other methods of communication for trusted sources of information - IM for personal communication and RSS for subscription-based content.

The only way to help users and enterprises to reclaim their e-mail experience is to identify and address the root cause of spam - the spam economy. Fighting spam and winning the war involves a proactive community-based approach that focuses on spammers' financial incentives, which makes removing illegitimately gathered e-mail addresses not only a concern, but a priority.

This article will address how Linux professionals and corporate IT managers, who are seriously evaluating and deploying Linux-based systems, can take a more aggressive approach to fighting spam and, ultimately, reclaim their e-mail experience.

What Motivates Spammers in the First Place?
To understand the impact and potential consequences of spam for Linux users, it's important to identify what motivates spammers to send unsolicited, bulk e-mails in the first place. We can do this by examining a typical "spam cycle."

A typical spam cycle includes the following steps:

  1. E-mail address collection: also known as harvesting - is a process in which the spammer retrieves millions of e-mail addresses that can be sent spam. The one-time cost of a mailing list with millions of addresses is typically less than $60.
  2. Spam-site creation: the spammer creates an online store in which prospective customers can place orders, following the spam-driven campaign. A specific "spamvertised" site remains online for the duration of the campaign. Designing a simple Web site can cost a few hundred dollars, and the monthly hosting fee from a spam-friendly ISP amounts to another few hundred dollars a month.
  3. The "spam run": the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers ("zombies"), a very common practice, incurs no costs at all.
  4. Revenue generation: with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e-mails, a spammer's gross profit can range from $3,000 (say, a porn Web site subscription), to $10,000 (sex-related products) or even $150,000 (home refinancing) per campaign.
A Lucrative Business (For Spammers, That Is!)
Industry surveys reveal that at least 10% of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher. Thus, the business case for a spam operation is clear - send out millions of messages (or ads) at a very low cost, and expect a high conversion rate of paying customers.

Although spam is certainly an appealing business (at least from the spammer's perspective), it's a great annoyance to e-mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to upwards of 75% of all e-mail traffic. Another 10% is composed of phishing expeditions (scams imitating known brands to fool users into giving their account details) and viruses aimed at creating networks of zombie computers to facilitate spam sending.

Are Filters the Answer?
Unfortunately, most anti-spam solutions that currently exist today are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence may keep users from seeing that spam, but does absolutely nothing to stop it from coming.

In fact, filters have actually been known to introduce their own set of problems. Being an automatic sorting technology, filters can confuse spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user wastes time seeing and deleting the message. If a legitimate e-mail is tagged as spam and doesn't reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce the reliability of e-mail as an effective business communication tool.

Unfortunately, filtering doesn't impact the spam economy. It just encourages spammers to innovate and invent new ways to bypass filtering schemes. Spammers are also inclined to send even more spam since they know that filters are blocking a large percentage of their insidious traffic.

Taking Action in Court
In January 2003, the U.S. government stepped forward and enacted the CAN-SPAM Act. The law defined the guidelines for sending unsolicited commercial e-mails such as including a valid return address and a working opt-out link in each message. The CAN-SPAM Act also outlawed certain practices such as address harvesting and the use of "zombies" for sending mail.

Almost three years after CAN-SPAM was passed, it has done little to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers charged. However, the number of spammers brought to court has been very small. In general anti-spam laws are extremely hard to enforce because of the global nature of the Internet and spam operations.

A Proactive Community-Based Approach to Fighting Spam
Before spam, there were telemarketing calls. In response to this growing problem (and annoyance), the U.S. government created the "Do Not Call" registry, offering people a choice and some freedom - they could join the registry and stop getting telemarketing calls altogether, or they could opt-in and continue to get them. Similarly, the CAN-SPAM Act called for the creation of a national do-not-spam registry that would stop spammers from sending unsolicited e-mails to registered e-mail addresses. It was later decided that the government couldn't enforce such a registry and so it wouldn't serve the purpose.

Taking the lead on this initiative, however, Blue Security decided to create a commercial "Do Not Intrude" registry-based solution to fight spam at its source. The Do Not Intrude Registry is an active community-based approach to fighting spam offered free to consumers and small organizations. In December 2005, Blue Security even announced a Linux version of its Open Source spam-fighting software, the Blue Frog. The new offering lets Linux users participate in the Blue Community and register in the company's Do Not Intrude Registry to fight spam actively and safeguard personal and business e-mail accounts through a hands-on community approach.

The Linux version of Blue Frog was created through the contributions of Blue Community members and Linux developers and enthusiasts at large. Blue Frog's visible source program lets users and developers contribute to the development of the Blue Frog client by providing feedback and comments to the company on how to enhance the Blue Frog software and assist in adapting it to other platforms.

The introduction of the Linux version and the cooperation of the developer community are important milestones and significant steps forward for the Do Not Intrude Registry. Most vendors in the anti-spam space (especially the bigger players) don't endorse Open Source and don't supply their solutions for free, so Blue Security's solution is particularly unique and valuable to the Linux community.

Conclusion
Linux professionals and corporate IT managers have long been bombarded by spam, and the threat continues to grow despite relentless efforts and large sums of money (estimated in the billions) to stop it. Compounding the problem, spammers have become craftier, further compromising the rights of e-mail users. Even with federal legislation, the elusive nature of spammers makes enforcement nearly impossible. To combat spam head on, it is absolutely imperative that we change the spam equation. Taking a community-based approach to this perennial problem, and creating an incentive for spammers to stop sending unsolicited e-mails, is truly the only way to take in fighting spam and hopefully one day stop it dead in its tracks.

More Stories By Eran Aloni

Eran Aloni brings over 16 years of experience in security and software application technology to Blue Security. As director of marketing, he is responsible for its worldwide marketing efforts as well as its member-based community Web site. Before joining Blue, Eran was senior program manager for Microsoft's Internet Security and Acceleration (ISA) Server Group, working closely with the company's R&D and marketing groups to develop roadmaps and strategic plans for product rollouts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
From wearable activity trackers to fantasy e-sports, data and technology are transforming the way athletes train for the game and fans engage with their teams. In his session at @ThingsExpo, will present key data findings from leading sports organizations San Francisco 49ers, Orlando Magic NBA team. By utilizing data analytics these sports orgs have recognized new revenue streams, doubled its fan base and streamlined costs at its stadiums. John Paul is the CEO and Founder of VenueNext. Prior ...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.