Welcome!

Linux Containers Authors: Elizabeth White, Liz McMillan, Sematext Blog, Lori MacVittie, Kalyan Ramanathan

Related Topics: Linux Containers

Linux Containers: Article

Empowering Linux Users to Reclaim Their E-mail Experience

An active, community-based approach to fighting and eliminating spam

The Linux community - nearly 29 million platform users - has been plagued for years by spam which, according to industry statistics, is dramatically on the rise. Despite relentless efforts to stop it (including billions of dollars spent to develop anti-spam solutions), spam continues to infiltrate our in-boxes every day. Not only does it cost consumers and businesses precious time, money, and resources, but it also represents a huge security risk since many spam sites infect individual computers and corporate networks with viruses or spyware.

Unfortunately, existing anti-spam solutions don't solve this grave problem, but try to hide it. These solutions are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence does absolutely nothing to stop spam from coming in the first place. As a result, Internet users are losing faith in e-mail and are turning to other methods of communication for trusted sources of information - IM for personal communication and RSS for subscription-based content.

The only way to help users and enterprises to reclaim their e-mail experience is to identify and address the root cause of spam - the spam economy. Fighting spam and winning the war involves a proactive community-based approach that focuses on spammers' financial incentives, which makes removing illegitimately gathered e-mail addresses not only a concern, but a priority.

This article will address how Linux professionals and corporate IT managers, who are seriously evaluating and deploying Linux-based systems, can take a more aggressive approach to fighting spam and, ultimately, reclaim their e-mail experience.

What Motivates Spammers in the First Place?
To understand the impact and potential consequences of spam for Linux users, it's important to identify what motivates spammers to send unsolicited, bulk e-mails in the first place. We can do this by examining a typical "spam cycle."

A typical spam cycle includes the following steps:

  1. E-mail address collection: also known as harvesting - is a process in which the spammer retrieves millions of e-mail addresses that can be sent spam. The one-time cost of a mailing list with millions of addresses is typically less than $60.
  2. Spam-site creation: the spammer creates an online store in which prospective customers can place orders, following the spam-driven campaign. A specific "spamvertised" site remains online for the duration of the campaign. Designing a simple Web site can cost a few hundred dollars, and the monthly hosting fee from a spam-friendly ISP amounts to another few hundred dollars a month.
  3. The "spam run": the process in which the spammer sends out millions of e-mail messages as part of a specific campaign. Sending spam from compromised computers ("zombies"), a very common practice, incurs no costs at all.
  4. Revenue generation: with the campaign on its way, and the online store live, the spammer sits back and counts the money coming in. Assuming a 0.01% sales conversion rate on one million e-mails, a spammer's gross profit can range from $3,000 (say, a porn Web site subscription), to $10,000 (sex-related products) or even $150,000 (home refinancing) per campaign.
A Lucrative Business (For Spammers, That Is!)
Industry surveys reveal that at least 10% of the population actually buys products and services advertised via spam. In specific product categories, the percentage of people buying spamvertised products is even higher. Thus, the business case for a spam operation is clear - send out millions of messages (or ads) at a very low cost, and expect a high conversion rate of paying customers.

Although spam is certainly an appealing business (at least from the spammer's perspective), it's a great annoyance to e-mail users in general, creating immense losses in productivity costs. In the last few years, despite significant efforts to fight spam, spam volume actually increased to upwards of 75% of all e-mail traffic. Another 10% is composed of phishing expeditions (scams imitating known brands to fool users into giving their account details) and viruses aimed at creating networks of zombie computers to facilitate spam sending.

Are Filters the Answer?
Unfortunately, most anti-spam solutions that currently exist today are reactive and merely try to filter spam after it arrives in the user's mailbox. This passive method of defence may keep users from seeing that spam, but does absolutely nothing to stop it from coming.

In fact, filters have actually been known to introduce their own set of problems. Being an automatic sorting technology, filters can confuse spam and legitimate e-mails. If a spam e-mail passes through the filter (known as a false negative), the user wastes time seeing and deleting the message. If a legitimate e-mail is tagged as spam and doesn't reach the intended recipient (known as a false positive), the result is a lost business or communication opportunity. In general, filters reduce the reliability of e-mail as an effective business communication tool.

Unfortunately, filtering doesn't impact the spam economy. It just encourages spammers to innovate and invent new ways to bypass filtering schemes. Spammers are also inclined to send even more spam since they know that filters are blocking a large percentage of their insidious traffic.

Taking Action in Court
In January 2003, the U.S. government stepped forward and enacted the CAN-SPAM Act. The law defined the guidelines for sending unsolicited commercial e-mails such as including a valid return address and a working opt-out link in each message. The CAN-SPAM Act also outlawed certain practices such as address harvesting and the use of "zombies" for sending mail.

Almost three years after CAN-SPAM was passed, it has done little to stop spam, although several industry giants, such as AOL and Microsoft, have been aggressively bringing spammers to court for CAN-SPAM infringements. Legal efforts to bring spammers to court do impact the spam economy, at least for those spammers charged. However, the number of spammers brought to court has been very small. In general anti-spam laws are extremely hard to enforce because of the global nature of the Internet and spam operations.

A Proactive Community-Based Approach to Fighting Spam
Before spam, there were telemarketing calls. In response to this growing problem (and annoyance), the U.S. government created the "Do Not Call" registry, offering people a choice and some freedom - they could join the registry and stop getting telemarketing calls altogether, or they could opt-in and continue to get them. Similarly, the CAN-SPAM Act called for the creation of a national do-not-spam registry that would stop spammers from sending unsolicited e-mails to registered e-mail addresses. It was later decided that the government couldn't enforce such a registry and so it wouldn't serve the purpose.

Taking the lead on this initiative, however, Blue Security decided to create a commercial "Do Not Intrude" registry-based solution to fight spam at its source. The Do Not Intrude Registry is an active community-based approach to fighting spam offered free to consumers and small organizations. In December 2005, Blue Security even announced a Linux version of its Open Source spam-fighting software, the Blue Frog. The new offering lets Linux users participate in the Blue Community and register in the company's Do Not Intrude Registry to fight spam actively and safeguard personal and business e-mail accounts through a hands-on community approach.

The Linux version of Blue Frog was created through the contributions of Blue Community members and Linux developers and enthusiasts at large. Blue Frog's visible source program lets users and developers contribute to the development of the Blue Frog client by providing feedback and comments to the company on how to enhance the Blue Frog software and assist in adapting it to other platforms.

The introduction of the Linux version and the cooperation of the developer community are important milestones and significant steps forward for the Do Not Intrude Registry. Most vendors in the anti-spam space (especially the bigger players) don't endorse Open Source and don't supply their solutions for free, so Blue Security's solution is particularly unique and valuable to the Linux community.

Conclusion
Linux professionals and corporate IT managers have long been bombarded by spam, and the threat continues to grow despite relentless efforts and large sums of money (estimated in the billions) to stop it. Compounding the problem, spammers have become craftier, further compromising the rights of e-mail users. Even with federal legislation, the elusive nature of spammers makes enforcement nearly impossible. To combat spam head on, it is absolutely imperative that we change the spam equation. Taking a community-based approach to this perennial problem, and creating an incentive for spammers to stop sending unsolicited e-mails, is truly the only way to take in fighting spam and hopefully one day stop it dead in its tracks.

More Stories By Eran Aloni

Eran Aloni brings over 16 years of experience in security and software application technology to Blue Security. As director of marketing, he is responsible for its worldwide marketing efforts as well as its member-based community Web site. Before joining Blue, Eran was senior program manager for Microsoft's Internet Security and Acceleration (ISA) Server Group, working closely with the company's R&D and marketing groups to develop roadmaps and strategic plans for product rollouts.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Amazon has gradually rolled out parts of its IoT offerings in the last year, but these are just the tip of the iceberg. In addition to optimizing their back-end AWS offerings, Amazon is laying the ground work to be a major force in IoT – especially in the connected home and office. Amazon is extending its reach by building on its dominant Cloud IoT platform, its Dash Button strategy, recently announced Replenishment Services, the Echo/Alexa voice recognition control platform, the 6-7 strategic...
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Unsecured IoT devices were used to launch crippling DDOS attacks in October 2016, targeting services such as Twitter, Spotify, and GitHub. Subsequent testimony to Congress about potential attacks on office buildings, schools, and hospitals raised the possibility for the IoT to harm and even kill people. What should be done? Does the government need to intervene? This panel at @ThingExpo New York brings together leading IoT and security experts to discuss this very serious topic.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.